THE OFFICIAL BLOG OF THE SBS DIVA

Man was I in the dog house until I got this working again

Adobe Forums: Damaged AIR file:
http://forums.adobe.com/thread/34898

It's a mini cooper cuckoo clock that runs on Adobe Air and somehow got mangled and I couldn't uninstall it and couldn't reinstall it without this funky error message about a damaged air file.

Great,  Karen's gonna kill me as she wants that working.

I ended up going through the registry and finding all the places where cuckoo was and mini cooper related to it and ripping it out bit by bit and reinstalled it.  Whew... out of the doghouse on that one.  So fyi "damaged air file" means "you've already installed it and it didn't fully uninstall and now you need to rip it out via registry".

BTW if you are between SF, LA, Phoenix, and Denver on the west coast and see Mini Coopers running around next week there's a launch of a new Mini Cooper SUV that the Mini cooper folks are celebrating

More info on "Mini takes the states"

MINI TAKES THE STATES 2010:
http://www.eventjack.com/registration/minitakesthestates2010/announcement/index_west.html

Kurplop.

Oh #$%!.

Karrrrrreeeennnnn!!! I need your help!  Quickly!

Last week I dropped about a quart of high gloss white paint on the door, the steps, the cement, the ladder, the rose bush, the me.  All over the place.

And as it went kurplop on the pavement from the ladder that I was on, I was looking at the mess on the pavement and thinking I'd never clean up the mess.

It was all over the cement.  All over the bricks.  All over the rose trellis.  All over everything.  How in the world was I going to get it cleaned up?

I ran to get paper towels, my sister ran to get the hose and between the two of us we cleaned up the mess and got rid of the disaster. 

So why am I blogging about a painting disaster that got cleaned up?  Because the same is true in technology.  When you have a disaster you need someone else to help.  Someone else to be calm.  To help with the decisions.  Even if that "someone" is someone in the forums (see www.sbsforum.info or someone in your local smb partner group that you know you can lean on and call, or Jeff Middleton of www.sbsmigration.com to bounce migration messes off of,  have someone with a more calm head to deal with the mess you just made.

Because just like me on the ladder when you kurplop, you'll need someone to help you see that messes are fixable.

At Blackhat you can read between the lines that "fully patched" doesn't mean you are fully secure.  At any point in time there are any number of updates that vendors are working on.  Some of them are being worked on with a security researcher, some are being worked on because someone found a vuln and it's popping up in the wild.

These days the bad stuff isn't just IE.  Isn't just active X, isn't just adobe, isn't just quicktime, isn't just flash, isn't just rogue a/v coming in through bad links in google. 

These days I'm using stuff like opendns and blocking urls.  I'm making sure we're not running as admin. 

But if you say on any given day that "Hey I'm fully patched, I'm secure".... guess again...

SBS 2008 | Configure Server backup | The wizard cannot retrieve backup settings:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2001010

SBS2008: WSUS 3.0 Self-update is not working, getting Event ID 13042:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2000598

Slow Connectivity for Outlook Anywhere and Sites that use the SBS Web Applications App Pool:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2000859

System State backup using Windows Server Backup fails with error: System writer is not found in the backup:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2009272

Backups fails with VSS Event ID 12292 and 11 on Windows Server 2008 and Windows Server 2008 R2:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2009513

No VSS writers are listed when you run vssadmin list writers on Windows Server 2008:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2009533

SBS2008: No mail flow, Getting Event ID: 10003, Error: The type initializer for 'Microsoft.Mapi.ExRpcPerf' threw an exception:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2013890

RWW Returns Error "There is a problem in Remote Web Workplace. A logon error occurred: The data that the server returned is not valid..":
http://support.microsoft.com/default.aspx?scid=kb;en-us;2022997

SBS2008: Cannot browse OWA, Server Error in '/owa' Application:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2024306

Some old KBs in there but some I don't remember...

Remote Web Workplace connect to computer feature may be slow to redraw the screen:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2011807

Adding that to the SBS 2008 build doc

Remote Web Workplace connect to client computer feature may display black bars:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2011825

It's the annual Blackhat event where you listen to presentations and my takeaway is "we're screwed".

I'm listening to the cloud security thread and my first takeaway is that we're pretty much plopping our premise server brainmindset up into the cloud and we are not reinventing the security we need.  Especially in the SMB world.  We need more identity management and PKI and in SMB we freak over how often BPOS passwords require you to change them (and as an aside that's adjustable -- all you need to do is open a trouble ticket and ask them to change that).  We're looking to move our existing applications to the cloud and not designing them and building them for the cloud.

We keep hearing the headlines about how cheaper it is, how better it is and no one is asking us if we've pulled out a threat model and looked to what risks we're going to face and what changes we need to do.

Don't worry this excessive paranoia will wear off a bit and I'll go back to normal paranoia by next week.  But for now I'm sharpening my Dixon Ticonderoga and will be using a No. 2 pencil rather than a computer until I feel safe again.

So I'm listening to the presentation by  Tavis Ormandy and Julien Tinnes and they are discussing kernel bugs and how the attack surface is growing in general and even in systems that have been designed with security in mind.

One thing I thought interesting was the fact that their deck has the google logo all over it.

The other interesting item to note was the number of kernel bugs still under investigation:

Remember that after the blow up over Tavis' release of a zero day done "on his free time" other security researchers jumped on the zero day band wagon... MSRC will fully disclose vulnerability information discovered in our free time, free from retaliation against us or any inferred employer."

http://news.softpedia.com/news/Upset-Security-Researchers-Start-Releasing-Microsoft-0Days-146251.shtml

Okay so I was giving Tavis the benefit of the doubt that he was doing this on "his free time", but not now.  If this was truly on his free time, you'd not put your company logo on the slide deck.  If you've ever seen a presentation of mine done in the SMB space I do not put my real firm's logo on that deck.  This blog is on my free time and thusly speaking gigs I get as a result do not have my firm's logo on it.

So at least for those particular upcoming kernel bugs that he's pointing out there... dude...that is not on your personal time.  You are google finding flaws in Windows and Linux kernels because Chrome's sandboxing depends more on the security of the kernel.

I got sucked in.... no not to an iPad but to a Kindle.

http://www.amazon.com/gp/product/B003FSUDM4/ref=kinw_dp_gy

Amazon just dropped the prices down to a price tag that I can relate to (better than the iPad price tag for sure)

Don't want the 3g -- check out this price tag -- http://www.amazon.com/Kindle-Wireless-Reading-Display-Graphite/dp/B002Y27P3M/ref=amb_link_353169942_2?pf_rd_m=ATVPDKIKX0DER&pf_rd_s=center-10&pf_rd_r=17N2ZWYPY36CYE3T1F4Y&pf_rd_t=201&pf_rd_p=1270979502&pf_rd_i=B002FQJT3Q

Crypt32 8 events continuously reported on Windows Server 2003, Windows Server 2003 R2, or Windows XP:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2253680&sd=rss&spid=10394

Okay so ... I'm not sure I like the resolution to ignore or untick the update root cert solution.  I've seen this on my servers that have no antivirus (ones that I just deployed), I've seen this on ones where the only firewall is the MS firewall so there's nothing third party on them.

So now what?  Ignore and hang loose looks like still the best plan of action. 

'Configure Internet Mail' wizard crashes on SBS 2008:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2020759

"This issue can occur if the Windows SBS Internet Send connector is not associated with the correct Hub Transport server"

Okay so I wonder who or what is doing that?

What's fascinating about these consulting engagement KBs is not really that MS is offering consulting engagements in the first place but that they give a framework of what to do and what Microsoft will do.

Check out the posts and see if YOUR checklists have the same info.

Microsoft Advisory Services Engagement Scenario - Windows Small Business Server 2008 – Migrating Exchange Data from SBS 2003:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2275538
Microsoft Advisory Services Engagement Scenario - Windows Small Business Server 2008 – Migrating Folder Redirected Shares from SBS 2003:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2275550
Microsoft Advisory Services Engagement Scenario - Windows Small Business Server 2008 – Hosting POP3/IMAP4 Clients:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2275616
Microsoft Advisory Services Engagement Scenario - Windows Small Business Server 2008 - Migrating SharePoint (CompanyWeb) Data from SBS 2003:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2275764
Microsoft Advisory Services Engagement Scenario - Windows Small Business Server 2008 – Migration Source Server Retirement and Environment Health Check:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2275779

SBS 2003 Performance Report indicates an automatic service is not running:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2290390

I have a better plan...don't install .net 4 at all on SBS 2003 or SBS 2008.  It's not needed for a functional SBS network.

So ticking the box to refuse it/ignore it is the better plan.

Getting ready for beta season means that you need to get your hardware ready to go.

The first up beta will be "Aurora" which is the new kid on the block.  Think of a combo of Windows Home server, but supporting active directory, and then supporting hosted Exchange and hosted SharePoint. 

As Exchange 2010 gets ...well... larger... Aurora will fit into those situations where installing Exchange 2010 and it's 8 gig minimum requirements just won't do for the small firms.  Unlike SBS 2008 and SBS v7, Aurora includes client backup as well.

If you have not already invested in a virtualization platform, now is the time to do so.  If you need help setting up a virtualization platform, don't forget the resources at smbvirtualization@yahoogroups.com . 

Cause:

Recovering Disk Space on the C: Drive in Small Business Server 2008 - The Official SBS Blog - Site Home - TechNet Blogs:
http://blogs.technet.com/b/sbs/archive/2010/03/02/recovering-disk-space-on-the-c-drive-in-small-business-server-2008.aspx

Effect:

Vlad Mazek – Vladville Blog » Blog Archive » This is why your email is getting delayed..:
http://www.vladville.com/2010/07/this-is-why-your-email-is-getting-delayed.html

If you want to get Vlad mad at you, continue letting WSUS eat up all of your drive space on your C drive.  However if you want to keep him happy (and planning for Vlad v3) do me a favor and SHUT THE IIS WSUS LOGGING OFF!

..stupid grumble grumble not even yet flagged by the sbsbpa stupid grumble grumble rant rant...

(thank you)

It is rocket science these days to put together a TV/Amp combo.  It's no wonder that BestBuy and their kind have TV installers. 

I finally go the pieces in the right place but similar to how the COA stickers on PCs are so small that you can't tell what the numbers are, trying to figure out exactly what composite video cables go where.. and at some point in time you just plug without reading and go with your gut of what should go where.

This time we were setting up the TV/dvd/stereo in the upstairs of the house.  Everything is working but I need to redo the cables with 3 meter cables rather than the longer 6 foot that I have as I have cables stuck in the back all over the place.

We're redoing the TVs and now using HDMI cable connections which make for a nicer clearer picture.  When even Home Depot is selling cat6 cables and what not, you can tell technology for the home is now "normal".

I think setting up a computer is easier than wiring a TV/Cable/Amp.

How to diagnose "Operating system supported for edition" pre-requisite errors while installing SQL 2008 Standard Edition for Small Business - The Official SBS Blog - Site Home - TechNet Blogs:
http://blogs.technet.com/b/sbs/archive/2010/07/21/how-to-diagnose-quot-operating-system-supported-for-edition-quot-pre-requisite-errors-while-installing-sql-2008-standard-edition-for-small-business.aspx

I've seen this a couple of times in migration where the SQL doesn't think it's being installed in a SBS network.

Take one wireless printer - http://www.brother-usa.com/printer/modeldetail.aspx?PRODUCTID=hl2170W

Set it up on the wireless network..... through a very interesting wireless process where you first hook it up via adhoc and then associate it with the wireless access point. 

Then you buy a printing app for the iPad and iPhone.... http://www.macworld.com/appguide/article.html?article=150937 and now one can print wirelessly from the laptops, from the iPhones and from the iPad.

How geeky is that?

Failed extract of third-party root list from auto update cab
http://msmvps.com/blogs/bradley/archive/2010/07/21/1773669.aspx

Follow up from that post

Failed extract of third-party root list from auto update cab:
http://social.microsoft.com/Forums/en-US/partnerwinserversbs/thread/84ba0e65-ae99-4b68-9268-321069dde942

Hi Susan,

Thank you for posting!

I also noticed this event error logged on my servers, and have consulted the Dev team. This error has no impact to functionality and no troubleshooting is needed.

Here is the information from the Dev team:

The event log error indicates that the signing certificate for the CTL (certificate trust list) has expired. This was likely caused by the following issue:

The signing certificate for the automatic root update CTL expired on 7/9. We re-signed the CTL with a renewed certificate and published it on Windows Update on 7/7. A valid CTL was available on WU before the signing certificate expired.

However, for any machine that had the older CTL cached, CAPI will first try to use the cached CTL which would result in the error you are seeing. Since the cached CTL does not have a time valid signature, CAPI will retrieve the CTL from WU and obtain the valid CTL. As a result, certificate validation will not be affected but you will see the error being logged due to the cached CTL with an expired signing certificate. Once the updated CTL is retrieved from WU, you will not see this error and no further action will be required for resolving this.

Thanks!

Best regards,

Tony Ma
Partner Online Technical Community
-----------------------------------------------------------------------------------------
We hope you get value from our new forums platform! Tell us what you think:
http://social.microsoft.com/Forums/en-US/partnerfdbk/threads
------------------------------------------------------------------------------------------
This posting is provided "AS IS" with no warranties, and confers no rights

Added to the "my brain is getting old and I can't remember all this stuff" document  is the tip from Yves Gourle about fixing an alert you might see for

Task scheduler failed to start “\User_Feed_Synchronization-{guid}” task for user “<DOMAIN>\user”

Small Business Server 2008 - Build document - TechNet Articles - Home - TechNet Wiki:
http://social.technet.microsoft.com/wiki/contents/articles/small-business-server-2008-build-document.aspx

TWEAKS FOR REMOVING RSS FEED SYNC

Since a server is probably not syncing RSS feeds, there's a task that runs in the background that is not needed on the server.  In some cases you may see an alert in the event logs that indicate that the rss sync has not completed.  While it can be ignored, you can also adjust the rss feed sync to not occur.   This tip is courtesy of Yves Gourle:

You can disable the automatic feed sync as follows:

• Run the following command (with a command prompt started with elevated rights) : msfeedssync disable
• Or in IE options go to content  -feeds and web slices,  click on settings  and uncheck “automatically check for feeds”

Critical and Security Updates

Update for Windows SBS 2008 Migration Preparation Tool (KB981802)
This software update adds source server health scanner to Windows SBS 2008 Migration Preparation Tool. This update is highly recommended for all Windows SBS 2008 Migration Preparation Tool users.

To all the WSUS admins out there that are wondering what the heck they have a SBS migration category in WSUS now... sorry... why WSUS has to have a category for a tool that is only used during migration is beyond me.

It adds checks for DNS issues and what not during the migration process.