THE OFFICIAL BLOG OF THE SBS "DIVA"

http://msmvps.com/blogs/bradley/archive/2009/06/29/how-to-flip-your-sbs-2008-to-forwarders.aspx

Do-do brain me miskeyed a DNS entry.  As Michael Hoffman pointed out, I typed in the wrong entry.  Just goes to show you to double check such things.

OpenDNS's forwarders are 208.67.222.222 and 208.67.220.200  gawd I have a mental block  208.67.220.220

What it should look like.

And it does resolve

I've also seen folks recommend using 4.2.2.2 and 4.2.2.1 ... and the resulting arguments for and against using those forwarder values, but it does kinda annoy me that I'm having to recommend forwarders in the 2k8 era because of a base problem in Server 2008 that needs a manual registry hack and as we've seen the DNS in 2k8 appears to potentially have issues.  That may be acceptable for big server land, but for SBS and EBS for that matter, it just seems that needs to be a bit better and to have this solid from the get go instead of seeing if you are or are not impacted.

http://www.eggheadcafe.com/conversation.aspx?messageid=33742551&threadid=33734006 

Are you a fan of Essential Business Server?  Want to become one?  Want to know more about EBS?  Check out their Facebook fan page -- http://www.facebook.com/pages/Windows-Essential-Business-Server/107556414738

And then don't forget to follow the EBS blog -- the EBS newsgroups, the EBS forums in the Partner forums,  the EBS FAQ and the virtual EBS user group.

Microsoft gives TechEd delegates Windows 7 netbook - Software - Technology - News - iTnews.com.au:
http://www.itnews.com.au/News/148868,microsoft-gives-teched-delegates-windows-7-netbook.aspx


Not to sound like sour grapes, which of course I do sound like sour grapes, but for the USA version of TechEd, they lay off Steve Riley the week before, cancel the TechEd party, cancelled the certification exam testing site, the TechEd bonus "gift" is a subscription to TechEd Plus (which I gave to a partner in my SMB partner group because I already have one as a Software Assurance customer), and send out no DVD so that I have to download all of the sessions.

Meanwhile Microsoft Australia gives away Netbooks at their TechEd.

Well the one consolation is that Los Angeles had Matt Damon presenting on SBS 2008 -- http://www.msteched.com/online/view.aspx?tid=c6a2eb0f-5c0c-45f5-847f-8a0fa24b572f

Hmm....so exactly how much is a round trip ticket to Australia anyway?

http://msmvps.com/blogs/bradley/archive/2009/01/29/the-official-sbs-blog-cannot-resolve-names-in-certain-top-level-domains-like-co-uk.aspx

The Official SBS Blog : Cannot resolve names in certain top level domains like .co.uk.:
http://blogs.technet.com/sbs/archive/2009/01/29/cannot-resolve-names-in-certain-top-level-domains-like-co-uk.aspx

http://social.microsoft.com/Forums/en-US/partnerwinserversbs/thread/560b488b-d458-44e1-b2a8-3054ae97141d

DNS Service seems to hang in SBS2008:
http://social.microsoft.com/Forums/en-US/partnerwinserversbs/thread/2cfd3800-db39-44e0-b881-94d56a8ba0ac

When you set up SBS 2008 one of the defaults it takes is root hints, but as you can see by some of those threads, in some DNS locales, DNS via root hints on Win2k8 is not a robust as it should/could be.  So besides those suggested settings, some have recommended going back to forwarders.  Now the idea here is not just any ol' forwarders but consider "cleaner" ones.  If you have a client that is looking for a bit of management of their sites .... or ... in my case I also put my Dad behind this, OpenDNS.com as a dns fowarder will not only work for residential folks like my Dad but also server networks as well.  Some have said that some of their sites and urls don't work behind opendns.com.  I'd recommend you test first.

But the process is relatively straightforward...

Click on Start, Administrative Tools, DNS, click on the UAC prompt (and if you aren't clicking on it, it's because you've made it to silently elevate and not shut off completely right?)

Now right mouse click on the name of the server, and click on the forwarders tab.  Click on edit and enter in the following values:

208.67.222.222
208.67.220.220

The process looks like this in SBS 2008:

Click on edit

In that area click and enter in the OpenDNS values

After each entry hit enter for the values to "resolve"

Huh, interesting, one isn't resolving today....

When you are done, click OK.  The Server now is connecting via forwarders.

You aren't done yet.  Now set up an account on opendns.com and add your IP address (it's best if it's a static IP) to your settings area.  Click on Networks and add the static IP of the network.  Then click on Settings and choose those areas you want to block.  When you have a dyanamic IP you may need to install software to hook the dynamic IP to the OpenDNS network.  From this setting screen if I hear of a bad url or network that I want to proactively block, I just enter it into the "Always block" settings.

Some of you may do similar to this with your managed firewalls and control access from that.

But bottom line if you want to flip your server to DNS forwarders, that's how you do that (you just substitute the IP addresses of your ISP if that's what you prefer), if you want to forward to opendns, that's the exact info how to do it.

Personalize your PC:
http://windows.microsoft.com/en-us/windows7/downloads/personalize

My Dad will be pleased.  He will have more themes and backgrounds to rotate through and enjoy on is 24 inch widescreen monitor and his Windows 7 RC that I have loaded up for him. 

Sometimes it's the little things in life that make people happy.  Like a rotating display of really cool background images.

So Dave Sobel emailed and said that he set up a new listserve specfically for topics in virtualziation....

Friends:

So based on requests, Evolve and SMBVirtualization.net are launching a yahoo group for discussion of SMB related virtualization scenarios, etc.   The intention is to build a resource for technical and sales information, much like some of the other groups out there, but allowing a specific focus on using virtualization in the SMB.  We’ll be linking material off the website too and helping consultants get information they need.

I’m doing something of a “soft” launch, not hitting the lists, but instead inviting the smart folks I know out there to join in.   Please feel free to join us – lots of smart people here who can really help others. 

 http://tech.groups.yahoo.com/group/smbvirtualization/

Would love to have you join us!   Feel free to forward to anyone you think would benefit or be a great participant.

Dave
--
Dave Sobel
CEO
Evolve Technologies

So I asked him if it was okay to blog this and he said yes.  So how about we not make this a 'soft' launch, but make it a big one.  IMHO virtualization is a key wow-ness of SBS 2008.  And with XPMode in Windows 7, you'll be doing and supporting virtualization from servers to workstations.  If you aren't prepared you should be.

Russ' comment reminded me that we do have some apps out here that aren't 64bit ready....

Not supported on 64bit:
UPS: UPS WorldShip 2009 System Requirements:
http://www.ups.com/content/us/en/resources/techsupport/worldship/order/requirements.html

Is supported but indicates you may have issues...
Lacerte Professional Tax Software - 64-bit Platform FAQ:
http://lacerte.intuit.com/products/tax/faq64Bit.jsp

Flat out won't be supported on SBS 2008...
http://na.blackberry.com/eng/support/software/server_exchange_ver_april09.pdf

So what other apps have you found that aren't quite 64bit ready?

Coding Horror: The iPhone Software Revolution:
http://www.codinghorror.com/blog/archives/001280.html

So someone at my office wants a phone.  Not a iPhone.  Not a PalmPre.  Not a Windows mobile.  A phone.  One that will just take a cable and sync with her calendar on those occasions she wants that.  But she doesn't want a data plan.  She doesn't want activesync capabilitles.  She doesn't need to send text messages.  Nor tweet.  Nor blog.  Or take pictures.  Or video movies.  Oh and it has to be Verizon as it will get coverage on the coast.

And I cannot tell from the Verizon page which phones are JUST a phone with a little bit of software to support a calender information transfer.

She doesn't want a mobile computing platform that you can "get an app for that".  Or one that has a slide out keyboard.  She wants "a phone".  One that has a battery life of a week or two.  You know... just a phone.

Why is it that you cannot tell from the web sites what EXACTLY these phones do?  And when you do want a phone that supports activeSync, sometimes it's even hard to tell that.  You have to give Apple credit with their you get one size, one capability model.  You know exactly what it does.  And it will sync with Exchange as well as support pop-ing out to personal email.  But to all other phones offered up by all of the other cell plan providers... boy is it hard to figure out which one is just "a phone".

Jackson dies, almost takes Internet with him - CNN.com:
http://www.cnn.com/2009/TECH/06/26/michael.jackson.internet/index.html

As every TV station tonight has a Jackson tribute, as CNN states that the Internet was broken by the story, as even Google thought a virus had this the web and unsubstantiated rumors of deaths of other celebs, only to be quashed as untrue by other tweets, these are interesting times aren't they?  But that focus on top topics is not only being tracked by you, but also by criminal gangs.

They also track what 'new thing' is the latest thing on everyone's radar.  Did you see the story where a twitter account was hacked by someone and now his account was spewing out malware laden links?  Given the popularity of Guy, it should be a reminder of the potential for bad on any platform.  

We all need to be aware that businesses that thrive on Internet crime are looking to capitalize on the very same topics you might be searching on, the very same web sites you surf on, and borrowing the twitter accounts of the people you find interesting. 

Be also aware of the urls you click and where they go.  URL shortening services can be dangerous in many ways. But the biggest one is being a bad link you didn't plan on.

Let's say you have Vista 32bit... or XP 32bit for that matter... is there a direct path from x86 (32bit) to 64 bit? 

Not exactly.

Microsoft says... Cross-architecture in-place upgrades (for example, x86 to x64) are not supported.

But when you deploy XPMode on top of Windows 7 64bit you do end up with a 32bit operating system sitting on a 64bit workstation.  So there are ways with file and transfer wizard tools to put the data that was on that old XP on the new virtual XP that you will plop on top of the 64bit Windows 7.

(as an interesing aside a document that was linked to at this url said that RC to RTM would be supported but that's not what I've heard so it's no wonder that it looks like this doc has been pulled  - http://social.technet.microsoft.com/Forums/en-US/w7itprogeneral/thread/76b0e249-37e7-414e-b81b-cbdd48c29474/)

But plan for a 32 to 64bit migration because if you were thinking about jumping the 32 to 64 bit divide nows THE time to do it.

  Hi, Diva Susan,

I read 'The dreaded "Stuck on update 3 out of 3" issue' in your "The correct way to install Vista Service Pack 2" item today.   Unfortunately, the MS terror is not limited to Vista SP2 and IE8.

I got the daily dreaded popup from the June 2009 "Cumulative Update for Media Center for Windows Vista (KB967632)" since 11 days ago until I stopped the Automatic Updates about 5 days ago.  What is worse is that I have only one restore point dated today.  So those advices in your article about KB949358 and the Yahoo forum link are too late for me.  

I am thinking about following the advice of "If it ain't broke, why fix it? I have a hardwired router and great anti-virus and anti-spyware software so I just update those. I haven't had ANY problems in over a year." in
http://www.gamespot.com/pages/forums/show_msgs.php?topic_id=26270666

Sometimes I wonder if what I do is a disservice to people.  Let me explain why.  And I apologize in advance to every family member of the Air France disaster.

When I write articles at www.windowssecrets.com on patch management, I'm the Ambulance chaser.  I'm the live reporter on the scene.  I'm the CNN anchor telling you the horror of the Air France disaster.  The reality that every day people get in airplanes, cars, trains, busses, mules, horses and any number of transportation vehicles and get to their destinations just fine.  But I'm the one on the scene of the bloody accident telling you to be careful.  To buckle up.  To be afraid.  To fear..... to fear.... life.  And I don't want you to fear that.  Because honestly the patching issues I talk about are like the Air France disaster.  Indicators that issues may occur.  Indicators that we need to look at our equipment, but not a sign that EVERY plane is suddenly going to drop out of the sky in mid flight.

I do want you to feel like you are in control.  And before someone says that cloud computing takes all this patching headache away and transfers it to the cloud... okay you got me there... sort of...until their update screw up means that you are still dealing with cloud updating issues.  They too blow up.  They too roll back.  And maintenance is on their schedule not yours, so as long as you understand that they too update just at a larger scale than your computer and you may still have issues it's just at a much larger scale and lots more people are cussing at each other and dealing with the support issues of bad updating.

So if you aren't comfortable in leaving automatic updates turned on, I understand.  But please do not turn off updates completely.  And please make a plan that security patches you will install pretty quickly.  But it's okay if you want to wait on a patch that isn't a security one and isn't a priority to you.  Like I always say, Internet Explorer is not a patch with a high priority on my Servers but it is on my Workstations.  As to the potential for issues with Vista where it gets stuck in that loop of installing 3 out of 3, it can occur on Vista, it can even occur on Windows 2008.  But it's not occuring on all computers.  And the probability is that your particular Vista is not that Air France plane.

So how do you make sure that you aren't that Air France plane?

HAVE A BACKUP.  While we honestly don't know for sure what happened with that Plane, it appears that some horrible malfunction occurred.  In the computer world we have a much easier way to protect ourselves by having a backup.  It can be as low tech as the built in one with Vista, to a better one with Storage Craft or after seeing Kevin Royalty's presentation on Home Server last night and especially the HP models with the ability to do streaming media over the web, remote access, the backup technology it has is way cool, having one of those or a NAS unit to backup those workstations you REALLY CARE about is wise.  I confidently install patches because I either have machines that are backed up because I care about them, or that they are test machines that I don't care about. 

If you have a computer you care about and if you don't want that computer to blow up, you have a backup.  It's that simple.

Even if you didn't plan and prepare... there are still ways to dig out of the disaster --  The update is not installed successfully, you receive a message, and the computer restarts when you try to install an update in Windows Vista:
http://support.microsoft.com/default.aspx?scid=kb;en-us;949358  I've seen that pending.xml info work many a time. 

But the way you prepare for ANYTHING in life is have a plan.  For the risks I take getting in my Mini Cooper and driving around, I buckle up my seat belts, I follow the posted speed limits (really, I do).  For when I get on planes and the turbulence starts and my stomach starts to flutter with anxiety, I tell myself it's just a ride on Disneyland and relax and tell myself that the reality is that the bulk of the people using cars, planes, busses, trains, and yes.... even computers.... get to their destinations just fine.  We hear about the disasters.  We never write stories about when things "just work exactly the way they were intended to".

MarkSplittorff

June 26, 2009 5:34pm

If I don't want to install updates at shutdown, I don't. The option is on the start manu to shutdown without updates.
Seems like muchado about nothing to try to get people to turn off updating.

Is Windows Installing Updates without Permission? - News and Analysis by PC Magazine:
http://www.pcmag.com/article2/0,2817,2349385,00.asp
Is Windows Installing Updates Without Permission? - Security Watch:
http://blogs.pcmag.com/securitywatch/2009/06/is_windows_installing_updates.php#more
Windows may install updates without asking:
http://windowssecrets.com/2009/06/25/01-Windows-may-install-updates-without-asking

Do me a favor, go to your start menu, type in windowsupdate.log in the search box and open up that log file in notepad.  Click on edit, then on find and type in the word regulated and see if you see hits of that word in your update log.

If you are not behind WSUS and just straight out to Microsoft update you will will probably see patches being "regulated".

2009-06-21 20:59:39:434  996 7bc DnldMgr Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update 5DB4E73B-F330-46EA-8B71-364BA2D71954 is "PerUpdate" regulated and can NOT download. Sequence 6832 vs AcceptRate 4000.
2009-06-21 20:59:39:434  996 7bc DnldMgr   * Update is not allowed to download due to regulation.
2009-06-21 20:59:39:434  996 7bc DnldMgr Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update 5DB4E73B-F330-46EA-8B71-364BA2D71954 is "PerUpdate" regulated and can NOT download. Sequence 6832 vs AcceptRate 4000.
2009-06-21 20:59:39:434  996 7bc DnldMgr ***********  DnldMgr: New download job [UpdateId = {3EDE0711-B939-4B44-AAF8-06385BED3E40}.100]  ***********
2009-06-21 20:59:39:434  996 7bc DnldMgr   * Queueing update for download handler request generation.

When this occurs, there is a *bug* in the system.  If you turn on "download but let me choose to install them" or "notify me but don't download" or whatever the exact phrases are in XP and Vista, during a period of heavy patches, the yellow icon (or greenish thing in Vista) will not show up in the system tray telling you that patches are ready to be installed.  Then when the person goes to shut down the machine, because the patches are still being throttled and not all of the patches have gotten to the place where they are ALL ready to be installed, the yellow icon will not be in the system tray.  As a result they will not be on the lookout for the "Shut down and install patches" indicator on the shut down button. 

The problem is that without the visual yellow warning shield you are not aware that patches are ready to be installed.  So you click the shut down button as you normally do and don't/aren't aware enough that it's also going to install patches.  I've seen this personally occur on my Acer TravelMate C110, I've also seen it occur on Yoda the blog server.  But the problem is that this only occurs during months of heavy patch regulation.

Updates are not downloaded or the “Automatic Updates” icon does not display the status of downloads when you enable the Automatic Updates service:
http://support.microsoft.com/kb/910340/en-us

Microsoft admits this can happen when the automatic updates service is enabled but it also occurs to the other selected patching categories.  The problem lies in the perfect storm of patch regulation, and (I think) slower machines.  The bug is that the icon is not showing up when it should be showing up to let people be aware that patches are ready to be installed.  The problem lies in the fact that this issue cannot be repro'd at will, and only occurs during times of heavy patch regulation when there's a big patch month.

Changes are not being made to anyone's system but there is still a bug in the system.

The good news is that the offers to upgrade to Win7 are now being showcased.

Direct2Dell - Direct2Dell - DELL COMMUNITY:
http://en.community.dell.com/blogs/direct2dell/archive/2009/06/25/dell-and-the-windows-7-upgrade-program.aspx

The bad news is that the offers to upgrade to Win7 are now being showcased:
Are Some Vista Users Getting Screwed on Windows 7? - PC World:
http://www.pcworld.com/article/167407/are_some_vista_users_getting_screwed_on_windows_7.html

I'm a little concerned about the "while supplies last" comment as that could mean not that much of a supply.

I must admit that I too am counting up the Vista Home I have and when I get to the Vista Ultimates going "dang"
okay lost out on that one.  Also if I pay more for the Windows 7 Ultimates will you stop offering up the 57 languages I don't need
and must manually decline?

But bottom line count up your Vista Home Premiums and for any Macs, at least you can get that upgrade for $29.

Got back from the dentist today (yes, I do outsource that process) and had our local Fresno partner group and had a session with Tim (no geek left behind) Barrett and Kevin (yes you do put Home server in a business) Royalty.  I also brought up a blog post I spotted on the use of Google apps, POP account and SBS 2008.

If you want a copy of the slide deck, ping me at susan-at-msmvps.com

Google mail as a backup email server/mail queue using Small Business Server 2008 « warrenrapson – the blog:
http://warrenrapson.wordpress.com/2009/06/22/google-mail-as-a-backup-email-servermail-queue-using-small-business-server-2008/

The cloud married with the paranoia and need to control data locally.  Now can you do that with Windows Live?  Don't know, but something to think about, isn't it?

Download details: SBS 2008 Migration Checklist:
http://www.microsoft.com/downloads/details.aspx?FamilyID=f67148da-cba8-4222-8ae5-136a6597a340&displayLang=en

So looking for a good recap document that lists items you need to think about and consider for migration?

Check out the SBS 2008 Migration checklist newly released!

If you were holding off on buying a new computer, it looks like July 1st may be the date to start buying as that's when the free upgrade offers may start.

Free Upgrade to Windows 7 Program for Windows Vista PC from July 1 » My Digital Life:
http://www.mydigitallife.info/2009/01/20/free-upgrade-to-windows-7-program-for-windows-vista-pc-from-july-1/

The bad news is that if you are in the EU and get a "separate IE" bundle you may need to clean install.
Move to drop IE from Windows 7 threatens Microsoft's free upgrade program:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=knowledge_center&articleId=9134722&taxonomyId=1&intsrc=kc_top

And in the most important news... Check out the New Windows 7 Packaging - Windows 7 Team Blog - The Windows Blog:
http://windowsteamblog.com/blogs/windows7/archive/2009/06/23/check-out-the-new-windows-7-packaging.aspx

No more hassle with the packaging.

The Official SBS Blog : Update Services in SBS 2008:
http://blogs.technet.com/sbs/archive/2009/06/23/update-services-in-sbs-2008.aspx

That's right it's WSUS clean up time.  If you are not doing a regular schedule.. once a month.. once a quarter ...once a Solstice... to clean up your WSUS, now's the time to do so....

Go into the WSUS console on SBS 2003 or SBS 2008 and click on each of those categories one at a time and run those clean up routines.

So Harry sent out this blurb that said...

You know what I got asked today in the Win7 webcast I did?  If one had to install SBS 2008 in order to deploy Windows 7 and I honestly said no.

Win 7 http://msmvps.com/media/p/1696447.aspx

Vista - http://msmvps.com/media/p/1618969.aspx

In fact the two handouts I did for how to deploy Win7 and Vista are strictly about installing on a SBS 2003 not SBS 2008.  Another question I got was whether you could go from 32 bit to 64 bit (you can't -- you have to clean install).

Can a Windows 7 machine and a SBS 2003 cohabitate nicely?  Yes.  Will Windows 2008 make the smb file transfer goodness faster?  Honestly yes, but 7 will play nice with both server platforms.

More resources here -- http://cid-c756c44362cd94ad.skydrive.live.com/browse.aspx/Windows7?uc=1&isFromRichUpload=1