Besides Home Server's finalization, and Windows Small Business Server Essential finalization ...what else is getting ready to come out on OEM systems?

Windows Storage Server 2008 R2 Essentials is Ready to Roll! - Windows Storage Server - Site Home - TechNet Blogs:
http://blogs.technet.com/b/storageserver/archive/2011/03/31/windows-storage-server-2008-r2-essentials-is-ready-to-roll.aspx

And don't forget Multipoint server that is already out --  http://windowsteamblog.com/windows/b/business/archive/2011/03/31/higher-learning-and-cost-savings-with-windows-multipoint-server-2011.aspx
It's not just about education...think in terms of an easy Terminal server deployment too.

SBS 2011 System Requirements:
http://www.microsoft.com/sbs/en/us/system-requirements.aspx

Small Business Server 2011 Standard

See that?  I'd argue it's incorrect.  That processor is not a hard and fast minimum.  Nor is the memory a hard block.  I'd argue that RAM is the important of the two.  But that "minimum quad core" should be RECOMMENDED or MAYBE YOU MIGHT LIKE THIS SPEED or THIS WILL BE A REALLY ROCKIN' BOX but a hard block minimum of a processor?

Nope it's not a hard core minimum.

Intuit, Salesforce.com Team Up to Target Small Businesses - Digits - WSJ:
http://blogs.wsj.com/digits/2011/03/31/intuit-salesforce-com-team-up-to-target-small-businesses/

Promise of the cloud

Letter From Kiran Patel | Intuit Community:
http://community.intuit.com/important-message

Meet reality.

Gotta build out those data centers guys if you want all of your clients up in cloud computing.

http://msmvps.com/blogs/bradley/archive/2011/03/30/ask-to-microsoft-how-about-better-help-getting-ie9-deployed.aspx

With EXTREME thanks to Ramesh Srinivasan

I have my Title_url menu extension working again (yea I'm a happy camper)

Hey Susan,

Recently I had an update on this from an IE MVP. I've tested his solution
and it works fine in IE9.

>From Socrates (Soc) Trikes, IE MVP

<quote>

I have received the following response from the IE team.  If the following
makes any sense to you, will you update the script?

"The context menu extension is broken due to a by design security
improvement. The context menu script is being executed in Local Machine
Zone. For this, we grant access to the document. However, we now block the
boundary between the window proxy and the local document. This is why the
set of the textarea's value fails when using location.href.

But since you still have unrestricted access to the document, the workaround
is to use  window.external.menuArguments.document.URL instead of
window.external.menuArguments.location.href."

</quote>

The file you want to alter (as administrator/elevated, if you're using
Windows 7/Vista) is "C:\windows\Web\Title_URL.htm". I shall test this in
earlier IE versions and update the script. It was MVP Bill James who wrote
this brilliant script originally. And I implemented it as a button/Extension
later.


Regards,

Ramesh Srinivasan

Credits to Socrates (Soc) Trikes, IE MVP

So the revised content of the title_url.htm page is like this:

<!--
Title_URL right-click context tool for IE4+
Bill James - bill@billsway.com - rev 2 Nov 2000
-->
<form name=a><textarea name=a1></textarea>
<SCRIPT language=javascript defer>
  //To disable popup confirmation, change "showConfirm=1" to "showConfirm=0"
  var showConfirm=0
  var oExtArgs=external.menuArguments;
  var sTitle=oExtArgs.document.title;
  if(sTitle=='')(sTitle='No Title');
  /*
    kludge - to keep newlines we must set text in
    textarea, then create textRange and copy that.
  */
  var oTarget=document.a.a1;
  oTarget.value=sTitle+': \r\n'+oExtArgs.document.URL+'\r\n';
  oTarget.select();
  var oTextRange=oTarget.createTextRange();
  oTextRange.execCommand('copy');
</SCRIPT>

And sure enough my copy the title and url of a web page is back to working again!

KBs for SBS 2011 Essentials

A Scheduled Server Backup May Take An Excessive Amount of Time
http://support.microsoft.com/kb/2524602/en-us?sd=rss&spid=1167
Load Driver Fails to Find an Appropriate Driver File
http://support.microsoft.com/kb/2525898/en-us?sd=rss&spid=1167
Unable to Send Email Notification for Alerts
http://support.microsoft.com/kb/2519903/en-us?sd=rss&spid=1167
Remote Web Access File Sharing Gadget Search Results May Be Inconsistent on Fareast Language Versions of the Server
http://support.microsoft.com/kb/2519932/en-us?sd=rss&spid=1167
Bare Metal Recovery of Server May Fail
http://support.microsoft.com/kb/2519923/en-us?sd=rss&spid=1167
Uninstall the Client Connector Software Prior to Upgrading the Client Operating System
http://support.microsoft.com/kb/2525890/en-us?sd=rss&spid=1167
Network drivers for devices implemented for Server operating systems only cannot be used for iSCSI boot
http://support.microsoft.com/kb/2510084/en-us?sd=rss&spid=1167

http://windowsteamblog.com/ie/b/ie/archive/2011/03/29/a-thoughtful-approach-to-measuring-browser-adoption.aspx

So that says IE9 will be starting to be offered up around June-ish on Windows update.  One thing I'd recommend to Microsoft is that they provide some sort of better way to get help for IE9 issues.

I'll give you an example.  I use ...or rather...used to use a browser script that added a little right mouse click to IE 4 through IE8. 

http://www.winhelponline.com/blog/copy-title-and-url-menu-extension-for-internet-explorer/

It worked perfectly up until IE9.  Now when I try to use it, it throws off an error --

An error has occurred in the script on this page Line 17 Char 3 Error Permission denied Code 0 url: file:///c:/windows/web/TITLE_URL.HTM

So I go in search of an answer... and first found that it was reported during the beta.  But with no resolution that I can see -- http://social.msdn.microsoft.com/Forums/is/iewebdevelopment/thread/774b93e3-ccd1-468f-a5e3-adcf5f9d5835

So then I posted in the IE9 public forum on the issue -- http://social.technet.microsoft.com/Forums/en/ieitprocurrentver/thread/f4e0842c-86d9-43d2-9193-c2a0e4fe4303

And then I was told to ask my question over there:  http://social.msdn.microsoft.com/Forums/en-US/iewebdevelopment/thread/c85c8793-3e68-4211-a5e4-41444977a263/ even though it wasn't answered there in a prior thread.

So then they told me to post in http://connect.microsoft.com

Okay.  But what feedback forum?   I'm not an IE9 beta tester but an RTM user?   The only one I could see that was relevent was the IE9RC feedback connect site.

So I posted it.
https://connect.microsoft.com/IE/feedback/details/654260/tool-that-worked-from-ie4-ie8-no-longer-works

Which kinda felt like this was being phased out as this site was originally set up for the RC but at least this write up sounds like they are accepting issues -- https://connect.microsoft.com/IE

Now to be fair my resources aren't over yet, as I have one more place I can post to.  I have access to the Microsoft partner forums where the response came back:

Hello Susan,

Thank you for your post and glad to see you here.

I have done a lot of research on this issue, and I can reproduce it from my side. Seems that the issue happens due to the following line (line 17) of the Java script.

oTarget.value=sTitle+': \r\n'+oExtArgs.location.href+'\r\n';

After some further test, I found “oExtArgs.location.href” seems by default not compatible with IE9. For example, if we change the script line above to this:

oTarget.value=sTitle+': \r\n'+'\r\n';

or

oTarget.value=sTitle+': \r\n'+location.href+'\r\n';

Then the script does work, but cannot copy the URL. Regarding this issue, I will do some further research and then let you know how it goes. However, I appreciate your understanding that script is not supported in the forum, and I may not find out the root cause since I’m not familiar with script.

Thanks for your time and I look forward to being in touch with you.
Best regards,

Kevin Su
Partner Online Technical Community

Who was the ONLY venue that confirmed my problem and granted... wouldn't promise a solution but at least made me feel like I wasn't being shunted around and passed on to the next feedback location.

Want to help us get IE9 more deployed?  Then make this process of reporting issues where things worked before and now don't a lot easier for those of us dweebs that aren't coders and don't understand what to do to fix something that used to work and now doesn't. 

Streamline this feedback process and include little things like allowing people to edit their own bugs to add additional information after they've hit submit.  I kid you not, in that venue once you hit submit on the connect bug you cannot go back and edit your own bug.  And THAT bug was closed as 'by design, won't fix' even though I positively know you can edit your own bugs because I do it in other betas I'm involved in.

Bottom line make it easier to get the advice we'll need to ensure things work in IE9...and sometimes it's the little things, like a little right mouse click menu that allows the ease of copying the title and url of a web page to pop into an answer on a forum...that you miss when you upgrade that is like a tiny itch that you want get if fixed and working again.

Unless you had a real strong need for Exchange 2007 sp3 update rollup 3 and went out of your way to download it, this blog post is interesting to read, but one that you don't need to take action on since the update NEVER was released on Microsoft Update or WSUS and only available for manual download.

http://blogs.technet.com/b/exchange/archive/2011/03/29/potential-for-database-corruption-as-a-result-of-installing-exchange-2007-sp3-ru3.aspx

Here's where the wizard of SBS Essentials is different than SBS 2011 Standard.

You see in SBS Essentials YOU MUST have a third party cert OR park your domain under their remotewebaccess.com domain in order to have remote access.  You ARE NOT allowed to use self signed certs.

You turn on remote access and it attempts to configure your router.  If it barfs, ignore that it barfed, I've never seen this configure a nice good business class firewall as we tend to turn off UPnP, just manually port forward 443 to your server.

I'm skipping the set up and setting it up manually.

It enables the web site

Ignore the fact it can't set up the router, again we can do this manually, no worries.

Yeah yeah you don't like my non UPnP router, I get that.

Now comes the nuance you need to be aware of... the "Cert" part of the wizard.

So we're assuming here you already have a domain name.  Let's say this domain name is parked over on enom's domain servers.

We put in the domain name (in this case this domain is set up at enom)

And at this point it stops because you HAVE to buy a SSL cert now.  Now to make your life easier, buy the cert from the domain where your url is parked.  You can set up the SSL cert manually, but your life will be a lot easier to just roll with the wizard.

If your domain that you are setting up is parked at godaddy, it offers up the SSL certs from godaddy.  Again at this point what it's stopping for and saying  "You need to upgrade" has nothing to do with the domain hosting but EVERYTHING to do with the fact that you MUST have a third party cert with SBS Essentials.

If the domain you are trying to set up isn't recognized by the domain service (like in this case it was a networksolutions.com one) it will throw up a different wizard that you have to walk through manually to get the SSL cert.

I'll show you what it's like to buy the cert next, but see how this is done?  It's a lot different than the wizard of SBS 2011.

Configure the network

This is a required task.

If your router does not support the UPnP framework, or if the UPnP framework is disabled, there may be a yellow warning icon next to the router name. Ensure that the following ports are open and that they are directed to the IP address of the Destination Server:

·      Port 80: HTTP Web traffic

·      Port 443: HTTPS Web traffic

Moving the data over.

Remember on this step of the migration from SBS 2003 to SBS 2011 Essentials you re moving over the file shares.

But before you get to this point make sure that you've contacted your vendors that they support x64bit servers. 

Granted if your line of business application is so old that YOU are the support team, then test it on a x64 bit server and see it it works.  Normally all you need to do to get a really old app working is disable UAC and check the permissions.  You may have to give that folder full rights.

Did she just say disable UAC?  Yes I did.  Sometimes in a small firm you do what you have to do with a crappy line of business app.

Review the list of shared folders on the Source Server, including permissions for each folder, and create or customize the folders on the Destination Server to match that of the Source Server. Review the size of each folder and ensure the Destination Server has enough storage space. If not, add more storage space to the default storage pool.

If you are performing the copy during business hours, we recommend that once you start the copy of a share, you make the share read-only for all users so no more writes to the drive can take place.

When you are ready to copy the data from the Source Server to the Destination Server, perform the following steps.

1.   Log on as a domain administrator on the Destination Server.

2.   Type the following command and press ENTER.

robocopy \\<SourceServerName> \<SourceShares> \\<DestinationServerName> \<DestinationShares> /E /B /COPY:DATSOU /LOG:C:\Copyresults.txt where:

·      <SourceServerName> is the name of the Source Server

·      <SourceShares> is the folder name on the Source Server

·      <DestinationServerName> is the name of the Destination Server

·      <DestinationShares> is the shared folder on the Destination Server.

3.         Repeat the previous step for each folder. Create and remove folders as appropriate to make the Destination Server match the Source Server.

http://blogs.technet.com/b/sbs/archive/2011/03/29/sbs-2011-essentials-readies-for-release.aspx The blog

http://www.sbsessentialsforum.com The forum

So what does this mean for you?  It means that SBS Essentials is now ready to go to the OEMs, in a little bit it will be on Technet for Action pack and then after that able to be sold to your customers.

What should you be doing right now?  Checking what hosted email vendors you'll be aligning with.  Ask them their plans for integration with SBS-essentials.

And what about hardware?  While this is 64bit it's much less in RAM due to the fact that it offloads Exchange and SharePoint to hosted deployments.

After rebooting it looks like this

Since I've been blogging on migrating from SBS 2003 to SBS essentials a new version of the document came out.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=288a1d8a-5620-4f20-ad67-20af97275a80&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3a+MicrosoftDownloadCenter+$Microsoft+Download+Center$

This one includes a script to add users to the console

Okay it's about at this step that you go... okay someone could have coded up a tool for this....

After the replication has taken place, users will appear in Active Directory Users and Computers, but will not appear in the Windows SBS 2011 Essentials  Console. Use the Windows Powershell commands in the following two procedures to import user names and the Destination Server into the console.

1.   On the Destination Server, click Start, click Administrative Tools, and then click Active Directory Users and Computers. 2.   In the navigation pane, expand <DomainName>, expand My Business, expand Users, and then expand SBSUsers. 3.   Right-click on the right-hand panel, and click Create New Group. type one of the following group names, select the Security Group radio button, and click Create. Repeat this step to create the remainder of the following security groups: ·      RA_AllowAddInAccess ·      RA_AllowComputerAccess ·      RA_AllowDashboardAccess ·      RA_AllowHomePageLinks ·      RA_AllowNetworkAlertAccess ·      RA_AllowRemoteAccess ·      RA_AllowShareAccess ·      WSSUsers

Since the administrator account being used was migrated over from the Source Server, by default it does not have memberships to the Windows SBS 2011 Essentials  security groups. To add group memberships to the administrator account that you are using for migration, perform the following procedure.

We're back blogging the steps to migrate from SBS 2003 to SBS Essentials and next up is turning on the UPnP beacon.Enabling the UPnP beacon for the Destination Server

The UPnP beacon is used to advertise the location of the Destination Server to the clients. You must restart the following services in the order listed to enable Launchpad to find the Destination Server.

1.   SSDP Discovery

2.   UPNP Device Host

3.   Windows Server UPNP Device Service

Why do we need to set this up?

Because remember the normal way SBS Essentials is set up is WITHOUT dhcp on the server and WITH a dynamic IP.  No you can manually set up DHCP on the server and give it a static IP but it doesn't have to be set this way.

Instead of "you must restart" it should say....

Click on Start, Adminstrative Tasks, Services.

In the Services Console, you need to ensure that the following services are set to automatic and started.

The SSDP Discovery service will be disabled.  Right mouse click on SSDP Discovery and change the startup type to automatic.  Click Apply.  Now Click Start to start the service and click OK.

Scroll down to UPNP Device host.  Right mouse click on UPNP Device Host and change the startup type to automatic.  Click Apply.  Now Click Start to start the service and click OK.

Scroll down to Windows Server UPNP Device Service and start this service.  It will already be set to automatic so you only need to start the service.

Remember the design of SBS Essentials is that the DHCP server is on the router, not on the SBS Essentials box.  During client install, there will be an install of Windows Server LAN Configuration code that handles updating of the DHCP addresses by using this upnp beacon service.  The Essentials server has a dynamic IP so what it does is this service pings the server every 30 seconds and the server responds. 

(and yes before you ask... if you want to you can set up the server with a static IP and move dhcp back onto the server if you really want to)

Show me a corporation and I'll show you where they need, they want metrics. 

Once upon a time, when an issue occured with a security patch or service pack and you didn't know immediately what was wrong and you were not aware of the nntp newsgroups you called Microsoft.  They got the call.  They'd set up a case.  You got help.  They had a metric.

Show me the current state of social media and I'll show you that trying to gather metrics from social media is a study in estimates at best. Take for example my recent exercise to take an accurate head count of those people impacted by the "C34" error in Windows 7 sp1 after WSUS was used to deploy it. I could tell from the folks I personally knew that were impacted that few of them called into Microsoft. When you ask a consultant they will tell you that it's inefficient to call into Microsoft. The client/customer needs the PC working now, not a several hour call back later. So they do what is now the norm for today's world.  We search.  And in moving from a support venue that has exact counts of impacted customers and contact information via SRX case numbers to the world we live in now of Google, Bing, Twitter and Facebook  I'd argue we've lost that metric value and not replaced it with anything that comes close.

Fast forward to today.  Twitter is now seen as a support venue.  Facebook and forums are the new normal.  But yet in these venues I'd argue it's near impossible to gain a true count of issues.  Again using the Windows 7 sp1 c34 issue as an example...go to twitter and search for http://twitter.com/#search?q=0xc0000034 .  Count the tweets.  We have our metric right?  Not so fast.  Look at the tweets.  Many are retweets of headlines.  So how do we know how many of those in twitter are really impacted or just echoing what they see someone else tweeting?

Okay so let's search on blogs... http://www.google.com/search?hl=en&ie=UTF-8&q=0xc0000034&tbm=blg  Count the posts..... oh wait... hold on... again the posts seen there may be and truly appear to be echos and reblogs of other blogs.  How many of those are actual impacted customers?

Now let's look at google trends of the 0xc0000034 over the last 30 days.  That has to find something right? 

http://www.google.com/trends?q=0xc0000034&ctab=0&geo=all&date=mtd&sort=0

Wait.  Nothing? No results in the last 30 days at all?  Okay so what about 2011 as a whole?

http://www.google.com/trends?q=0xc0000034&ctab=0&geo=all&date=2011

Hmmm not much better, okay so we can't see any pattern or blip.

Okay so now what?  Okay so let's hop on over to the forums and email all of those people in the forum and ask them.  We see these threads where people have posted....

http://social.technet.microsoft.com/Forums/en-US/w7itproinstall/thread/1c9a7151-b48c-4a98-aae7-a4b82682ea8e
http://social.technet.microsoft.com/Forums/en-US/w7itprogeneral/thread/fb81fb04-2854-48f6-a627-7be66baf43e8
http://social.technet.microsoft.com/Forums/en-US/w7itprogeneral/thread/20d3f158-c198-4f4a-af0f-9c95e2ed8d3f
http://social.technet.microsoft.com/Forums/en-US/w7itprogeneral/thread/c06fb719-bc91-4c4e-8fe7-a385d139617b
http://social.technet.microsoft.com/Forums/en-US/w7itprogeneral/thread/608ecca8-b815-4ff6-8f3c-a828518434a7
http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_install/fatal-error-c0000034-applying-update-operation-282/2750aef6-958e-43bf-a890-2dac95c5f43d
http://answers.microsoft.com/en-us/windows/forum/windows_7-system/fatal-error-c0000034-applying-update-operation-282/bd99ead9-ece9-48af-9ad8-3c0377d01301

Oh wait, we don't have their email addresses as that's private and the forums don't support private messages.

And in the case of the new Microsoft answers site -- see that "me too" button on there?

Can we use that as a metric?  We can surely use that as our count of people with issues right? 

Wait, not so fast.  You see when the new Answers 2.0 forum opened up those of us that answer questions that need to know if the poster came back and needs more help found that the only way we could set up an alert to get an email when someone posts on the thread is to click on that "me too" button.  So any "me too" count needs to be questioned as it may be hyperinflated by answerers of questions that really do not have the same problem, but merely clicked "me too" in order to set up an alert to get notified of a response to a thread they posted to.  A "Me too" of 5 may not be 5 impacted customers.  Instead it may be one guy with a problem and 4 other people that posted to the thread and then wanted to get alerted when someone else posted on the thread.  Yeah, not a good metric to count on at all.

Okay so let's hop on over to facebook and see what the chatter is over there.

http://www.facebook.com/#!/search.php?q=fatal%20error%20c0000034&init=quick&tas=0.47961585820526425

hmmm okay so that's only coming back with what we already know.  If people use facebook as a help venue, we can't see the results.

Get the idea here?  Searching may have revolutionized how we get our computer help these days, but I'd argue it's not helping to get a better count and feel for true customer impact.

On the one hand we don't want to build in a big brother service that people would object to, but at the same time, no social media venue I see is ensuring that it can track number of computers impacted, OS's involved, or any sort of basic metric information that anyone would need to make decisions.

If social media will rise in the scale and use of a support venue, and I'd argue it will, then someone needs to take the bull by the horn and ensure that these venues don't turn into echo chambers and instead include tools that get real metrics and customer counts and build in a means to get truer counts than there is now.

In my unscientific process of posting out on this blog, the www.patchmanagement.org listserve, the SBS2k, smallbizit and smbmanagedservices yahoogroups and asking people to contact me to give me numbers of computers impacted and trying to count the bodies in the posts of various blogs, I came out with a head count of 370 impacted computers.  Of those 370, only two computers had support cases set up.  2.  Out of 370.   Including two customers that had over 70 pcs in one firm nailed by the c34 issue.

Microsoft only sees two phone calls.

I see 370 dead pcs that are now screwed up and need to be dealt with.

A challenge to those in charge of customer support these days.  Think about this impact.  Build into your data gathering processes better ways to track.  Don't just put up a twitter account and say you've done your job.  Don't just build a listening venue, but the online version of that support call system and do real tracking.

When you build your forum venues, consider ways to gather information about impacted pcs, operating sin an easy but not big brother way.  Yes, I know that's asking a lot but you are going to need this ... in fact you need this right now in order to better respond to your customers.

So I was asked the other day how do you patch a server that is behind on patching?

What's the best action plan?

1.  Take a backup.  Ensure you have a DR plan first and foremost.  While 99.999999999% of the time throughout the entire world we patch and reboot just fine, it's that .00000000001% of the time that I guarantee you will be when you don't have time to deal with it.  So having a DR strategy first and foremost ensures that you can roll back.

2.  Finding about known issues.  Get asked about this one a lot as well.  See the goal of Microsoft, and any vendor that releases patches is that they shouldn't disrupt your business.  The vast majority of patches and updates occur without issue.  When there are some issues Microsoft typically documents them in the upper section of a Security bulletin.  That "Known issues" section that is up there documents the known issues.  By now the majority of the known issues are known and documented.  Many of the known issues section are more about install issues that interactions with a vendor software.  And most interactions with vendor software by now are remedied by ensuring that the updates from the vendors are installed.  And remember (well with the exception of the recent botched Win7 sp1) you can uninstall patches.  So even if there is some funky interaction that isn't known because you have the wacky client with the unusual line of business app, most updates are uninstallable so you can roll back.  And these days in light of the Win7 sp1 blow up you might think about imaging/backing up some of the key workstations.

3.  But I don't have time to read each bulletin or paying attention to what patches get offered up on my system, you say.  Okay.  So then if you don't have time, then your DR plan should be even more robust.  Because sometimes there's reasons to not deploy patches and service packs right away. 

Here's categories of patches that I wait a little bit on before deploying.

a.  SQL.  Read the bulletin or review in the window if the update for SQL is a service pack.  Unless the method of attack is from some remote attacker, there's typically no rush needed to patch sql.  And you REALLY need to make sure you take a backup of the system first before applying either a security patch or a SQL update.  The older your SQL instance (as in 2000, 2005) the more you may have issues patching it.  While I've not updated 2008 or 2008R2's too much, they've made increases and fixes in the updating so that it's not as horrific as it was in the SQL slammer era when you had to practically read a white paper to update SQL. 

b.  .NET.  Me and .net hate each other.  A lot.  Again review the description of the update.  Again if the manner of attack is not "can worm there way in" and is instead "local attacker must log in and..." then the risk is much lower in your network.  Supposedly .net 4 was supposed to be better.  But it's had patches already for .net 4 and caused such install issues that I'd recommend that unless the server has .net 4 (like SBS 2011) don't install it unless your line of business app puts it on there.  Also try to keep older .net's off of Win7 and Server 2008 r2 (more on this later ).  Try to keep the .net version in the age range of the server.  1.1 and 2 is just fine for SBS 2003.  2 and 3 is just fine for SBS 2008.  2, 3 and 4 is fine for SBS 2011.

c.  SharePoint.  There are times that SharePoint and .NET are fighting to see who will be on my hated updates list.  Make sure you have a backup of the SharePoint first before installing, don't freak if it doesn't properly run the psconfig command.

d.  Service packs of any kind, but especially Exchange or any other one that says it's uninstallable.  Because Exchange is a database, it's service packs are not uninstallable.  You want to roll back to SP2?  You reinstall Exchange ...which on a SBS box is not what I'd recommend.  Always always always have a backup of your system before doing any service packs.  It's only been recently that SQL now allows for uninstallable service packs.  As we've seen lately install them ALL BY THEMSELVES.

e.  XML updates.  For a while there we used to get this patched a lot and it sometimes either got stuck and reoffered over and over again, or just wouldn't install.  Havent had a problem in a while, nor gotten a patch in a while.

So now that we have our problem categories identified... let's identify how we'd tackle this beast.

1.  Look at the server and see if it needs a major service pack and thus will leapfrog you past the umpteen plus security updates.  ALWAYS install these separately and consider downloading the full file and install that rather than going to MU or using WSUS.  Once you have the major service packs out of the way, then chunk the patches down into categories -- choose the windows updates and install them.  Chose the Exchange and install them.  For anything that is database-y, I'll typically do those one at a time just because I feel more comfy doing so. 

2.  Don't patch over RWW.  I guarantee that when you update that server web services will be turned off.  So don't plan on using RWW to update.  In fact I'd recommend that you think about some other patching tool in addition to WSUS if that's what's on the server.  The reason is WSUS is a pull technology - you approve the update and it will take time to check in with the server and deploy it.  If you want to patch RIGHT NOW, WSUS is not your tool.  Whether that's a RMM/scripting tool like Kaseya for the MSPs or something like it.shavlik.com, consider having something else so you can PUSH a patch and do it right now. 

3.  Reboot before you being patching.  So many times something bad reported is not the result of a patch at all, but a condition that was going to occur if you'd merely had rebooted.  It's amazing how many times drives suddenly decide to stop working when you reboot a system.  So reboot BEFORE you begin patching so you can ensure that the system is robust and healthy before you update.

4.  Ask yourself - does it make sense that you are seeing this issue.  I've had people swear that KB####### stopped all Internet connectivity.  Okay.  Did you google that KB number?  Do you see other dead bodies?  Did you ask on the sbs2k@yahoogroups.com list if others have seen this?  If you are the ONLY one reporting this, chances are that whatever you are seeing is not a result of a patch.  Also know EXACTLY what you installed.  When you reboot and should something occur, look at the update(s) you just installed.  Does it make sense that a patch for outlook express on a server would stop web sites from running if the OE patch never touches the binaries that a web site uses to do it's job?  Or perhaps is it some misconfiguration you did when you were messing around with the web site that came to light when you rebooted it.  There's always a cause and effect.  I shouldn't get too much off onto my rant box but it annnnooooys me no end when people claim that their update settings changed without their permission or after a patch.  I will go to the mat on this statement:  Windows update never spontaneously changes settings.  It also never gets changed by an update.  If your windows update settings change, it's because someone or something changed them.  Installing Office 2007 was a HUGE silent flipper of machines to automatic updates as at the very end of the install it would ask "Would you like me to keep you up to date?" and it would change your WU over to Microsoft update and then turn automatic updates on if you unknowingly said "Yes" to it.  Bottom line ask yourself if it makes sense that after applying X that Y freaks out. 

5.  When you say "my Server did this today and yet nothing changed" ... ask yourself if nothing really has changed.  Really?  Nothing at all?  No antivirus updates?  No spam def file updates?  Nothing at all changed?  So many times I'll see "nothing changed" turns into "that stupid antivirus program was blocking it". 

6.  Don't layer up on third party programs.  This is more true for workstations than servers as we tend to keep servers less clogged up with third party software, but I have even seen patching issues caused by the very tools you were trying to use to remotely monitor the system you are trying to maintain.  Just because you've used that tool for years, doesn't mean that they too don't push out updates. 

7.  Reach out to the community and check to see if others are seeing it.  In the recent case of the Win7 sp1 failures, it's safe to say that everyone that took the advice to edit the pending.xml would do it again in a heartbeat.  They HAD to get their machines operational.  They HAD to get them back functional and they ALL feel that calling Microsoft is not an efficient use of their time.  Most have the SP now declined or blocked for deployment.  Remember there are venues to get help from Microsoft that isn't as highly critical but you'll still get a venue to ensure that Microsoft sees the trends.  The SBS partner forum at http://social.microsoft.com/Forums/en-US/partnerwinserversbs/threads is where you can post things and make sure Microsoft sees it.  Cost.  Free. Time.  Time of an email. 

8.  Plan for patching.  Sign up for the Microsoft security alerts and know the amount and type of updates that are coming.  Also you can usually plan that one month will be a heavy month, one month will be a light month.  So plan/staff/read accordingly.

Hopefully this bit of a Friday night ramble helps to identify those areas I look at when I tackle patching.

I no longer need your log files, but I do need to ask you if I can set up a support case for you.

Email me at susan-at-msmvps.com

Recently there was an issue where Win7 sp1 was put on WSUS and then due to default settings in SBS, it was automatically applied. Depending on if it was installed with other updates, in some cases it failed miserably leaving you with a "C34" error (see blogs below for references).

Many of you then googled and found references to editing the pending.xml file which got you immediately back in business, but put the system in what is now called a 'torn' state, i.e. 1/2 rtm, 1/2 sp1.

To get a feel of the true impact I'd like to find out the following. Can you please email me at susan-at-msmvps.com with the following information?

How many PCs under your control were impacted?

How many MS support cases did you open?

Thank you in advance for this info.

http://blogs.technet.com/b/joscon/archive/2011/03/09/error-0xc0000034-during-service-pack-1-installations-for-windows-7-and-windows-2008-r2.aspx
http://blogs.technet.com/b/joscon/archive/2011/03/11/why-you-don-t-want-to-edit-your-pending-xml-to-resolve-0xc0000034-issues.aspx
http://blogs.technet.com/b/joscon/archive/2011/03/16/new-information-on-error-code-0xc0000034.aspx

Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered. This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider. The error returned from CoCreateInstance on class with CLSID {e4eb5095-f587-4159-a1d8-2710692fd243} and Name SW_PROV is [0x80004002, No such interface supported
].

Operation:
   Obtain a callable interface for this provider
   List interfaces for all providers supporting this context
   Check If Volume Is Supported by Provider

Context:
   Provider ID: {24602736-bed9-4619-91b0-243447c6409c}
   Class ID: {e4eb5095-f587-4159-a1d8-2710692fd243}
   Snapshot Context: 0
   Snapshot Context: 0
   Execution Context: Coordinator
   Provider ID: {00000000-0000-0000-0000-000000000000}
   Volume Name: \\?\Volume{d8c46869-812e-11dd-b657-806e6f6e6963}\

Which googles up to a leftover Storagecraft

http://social.microsoft.com/Forums/en-US/whssoftware/thread/a611e7cf-6661-4c8f-9984-4f6686fddd8c

So I was trying to do a VSS backup on a workstation tonight and found that one wouldn't work.  Come to find out a leftover Storagecraft was causing the issue.

There's so many times that conflicting backup software just does not play nice nice with each other.

Deleted out the registry key and then the VSS backup would work.