THE OFFICIAL BLOG OF THE SBS DIVA

If you haven't figured out already, technology pretty much means constant change and learning... here's some resources in regards to new technology that you may need to be aware of:

Introducing Windows MultiPoint Server 2011 Partner Training Session - The Canada Partner Learning Blog - Site Home - TechNet Blogs:
http://blogs.technet.com/b/the_canada_partner_learning_blog/archive/2011/04/29/introducing-windows-multipoint-server-2011-partner-training-session.aspx

New Jump Start! Microsoft Office 365 for IT Professionals May 24-26 - Born to Learn - Born To Learn - Born to Learn:
http://borntolearn.mslearn.net/btl/b/weblog/archive/2011/04/27/new-jump-start-microsoft-office-365-for-it-professionals-may-24-26.aspx

Microsoft Virtual Academy - Free Microsoft Cloud Technologies Training:
http://www.microsoftvirtualacademy.com/Home.aspx

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=B3C93558-31B7-47E2-A663-7365C1686C08&displaylang=en

When downloading SBS Essentials from the eval site you might want to run a Sha1 test to make sure that the download is a good download.

SHA1: 58FE96CD15B46107C0030713CB75A18B5FAFEF69  ISO/CRC: 1345F2EF

Z:\>fciv en-us_sbs_ESS_eval_installdvd.iso -sha1
//
// File Checksum Integrity Verifier version 2.05.
//
664d2d01564070f11699bcc219fbe4ad48866d99 en-us_sbs_ess_eval_installdvd.iso Is the Sha1 I received.  The MD5 was d96ad518b35fb02e67b728d988007ea8 en-us_sbs_ess_eval_installdvd.iso

One interesting recent kb that may impact you when to try to install the server is this one:

http://support.microsoft.com/kb/2525898

Who knew that uppercase and lowercase mattered.

Doesn't everyone have a solar powered Queen that automatically waves her hand in sunlight?

Once you become a Mini cooper owner the british starts rubbing off...

The scones are baked.  The YouTube channel bookmarked - http://www.youtube.com/theroyalchannel the Clarence House twitter stream is running http://twitter.com/#!/clarenceHouse and since I'll be up for the next few hours watching CNN's coverage of the Royal Wedding, I figure this is a good night to be installing and deploying updates.

So far, knock on wood, .NET is deploying okay.  I don't have to worry about PowerPoint 2003 since I don't have that anywhere but if you did, don't forget to deploy the hotifx to fix the issue with the corrupted background.

Known issues in security update 2464588:

• When you open presentations that contain layouts with background images in PowerPoint 2003, an error may occur. When the error occurs, you receive a message that states that some contents (text, images, or objects) have corrupted. You can determine what content has been lost by viewing the layout, but not by viewing the slide content. Items that were removed will display a blank box or a box that contains "cleansed."
  
  To resolve this issue, install hotfix 2543241. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
  2543241 (http://support.microsoft.com/kb/2543241/ ) Description of the Office PowerPoint 2003 hotfix package

Getting ready for SBS Essentials?  I just worked on a wiki post for router information for SBS 2011 Essentials

http://social.technet.microsoft.com/wiki/contents/articles/windows-small-business-server-2011-essentials-router-setup.aspx

Remember it can be headless, it won't host email or SharePoint so there's no need to open up ports 25 or 987.

So if you want to play around with HyperV, Small Business Server Essentials and a Home Premium you'll soon find out that Home premium and hyperV don't really mix.  You have to use a legacy nic for it to even connect and it doesn't offer mouse integration, nor allow the integration software to be loaded up.

You end up having to tab tab tab your way around the OS to play with things. 

So while it ultimately will connect.. it's a bit of a hassle in HyperV to test.

May be unable to modify some users and users may disappear from the SBS Essentials Dashboard:
http://support.microsoft.com/kb/2542106/en-us?sd=rss&spid=1167

SBS 2011 Standard Edition Setup Crashes Unexpectedly:
http://support.microsoft.com/kb/2535810/en-us?sd=rss&spid=1167
Completing the SBS 2011 Standard setup after a failure during the promotion to a domain controller:
http://support.microsoft.com/kb/2536941/en-us?sd=rss&spid=1167
SBS 2011 Standard Edition Source Tool Scan Fails:
http://support.microsoft.com/kb/2542156/en-us?sd=rss&spid=1167
The SBS 2008 or 2011 Standard Migration Wizard may fail to launch due to an incomplete setup:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2533423

Rule of backup.  Don't do multiple ones at the same time.

http://social.microsoft.com/Forums/en-US/partnerwinserversbs/thread/f8898fce-0641-4477-9ef9-4c2c58b72c8f

I have an SBS 2008 SP2 server that does not run VSS on schedule. In the event logs there is event ID 12310 source VSS and the desciption is - "Volume Shadow Copy Service error: The shadow copy could not be committed - operation timed out. Error context: DeviceIoControl(\\?\Volume{f43780c5-d303-11df-8272-806e6f6e6963}"

I can click on "Create Now" on the Shadow Copies settings and it works.

It turns out this problem is due to Zenith BDR taking a snapshot at the same time. I found this problem existed on most servers that are being backed up with that BDR. I changed the schedule to take a snapshot at 7:05 and they all worked.

Check what time your snapshots and backups are running and move them to better times.

If you have a Windows phone 7 there's a new blog app

*PTS Extended Web Seminar: Windows SBS 2011 Essentials*
Click the following link to view the activity details:
https://training.partner.microsoft.com/learning/app/SYS_Login.aspx?lang=en-us&RU=https%3A//training.partner.microsoft.com/learning/app/management/LMS_ActDetails.aspx%3FActivityId%3D735863%26UserMode%3D0 <https://training.partner.microsoft.com/learning/app/SYS_Login.aspx?lang=en-us&RU=https://training.partner.microsoft.com/learning/app/management/LMS_ActDetails.aspx?ActivityId%3D735863%26UserMode%3D0>

*Start date:* 4/26/2011 7:00:00 AM PDT
*End date:* 4/26/2011 9:00:00 AM PDT

*Event Location:* Location: United States

http://blogs.technet.com/b/joscon/archive/2011/04/25/update-on-torn-state-systems.aspx

I'm not thrilled about that resolution.

Especially since it appears to me that they didn't learn any lessons from this fiasco the last time  - http://news.softpedia.com/news/Vista-SP2-Perpetual-Black-Screens-of-Death-0xc0000034-121528.shtml

I also don't think that the product group really and truly understands the impact to the customers.  Many of those impacted either will be paying a consultant to clean up the mess or the consultant will be eating that cost.

Bottom line I'm not happy at all how that turned out.

http://msmvps.com/blogs/bradley/archive/2011/04/24/looking-for-your-clipboard.aspx

Boy was that a wrong answer.

The way to connect to the clipboard was right under our noses the entire time and needs no code hacking up at all.

You click on Computers

Then on options

Then scroll down and click on the clipboard option and hit save

The clipboard passthrough is now a permanent option.

The AWS Outage: The Cloud's Shining Moment - O'Reilly Broadcast:
http://broadcast.oreilly.com/2011/04/the-aws-outage-the-clouds-shining-moment.html

I think the biggest failure with Amazon's outtage is of communication.

It's an interesting read.  My biggest take away is that cloud deployment is another tool, another option, but just like with on premises, don't assume that anything is guaranteed.

Don't trust your vendors.  Get the gory details.  Test.  Don't assume.  Yeah you need to be testing using the cloud and what it means, because it doesn't always mean better, sometimes it just means different.

If you are RWA'ing to SBS 2011 and you notice that the ability to pass through the clipboard is gone moved and you want it back do the following:

On the main RWA screen click on the work computers.

Now click on Remote Options.

Click on the option to add sound, clipboard and/or drive passthrough.

Hit save.

Now your clipboard will be back without hacking any code up.

Add the property name entry below into the “ Guid + Username.settings “ file where under path “ C:\Program Files\Windows Small Business Server\Data\RemoteAccessProfiles ” for per user profile to enable clipboard option:

<property name="RdpDoesRedirectClipBoard" value="True" />

http://social.technet.microsoft.com/Forums/en-IE/smallbusinessserver/thread/cd43b172-2555-405b-a710-e744208c6e5f Spotted in that thread.

So the good news is they made that yellow warning now gray.

The bad news is, unless you click on details you don't notice that clipboard isn't there anymore and only printers are passed through on SBS 2011.  If you want it back, follow that edit.

I put this in the www.sbsbuilddoc.com for SBS 2011 as well.

2464588 (http://support.microsoft.com/kb/2464588/ ) MS11-022: Description of the security update for PowerPoint 2003: April 12, 2011

Known issues in security update 2464588:

• Presentations that contain layouts with a background images may cause an error when they are opened in PowerPoint 2003. When the error occurs, you receive a message that states that some contents (text, images, or objects) have corrupted. The specific content lost will be what is specified in the layout, not the actual slide content itself. Items that were removed will display a blank box or a box that contains "cleansed."
  
  To resolve this issue, install hotfix 2543241. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
  2543241 (http://support.microsoft.com/kb/2543241/  ) Description of the Office PowerPoint 2003 hotfix package

It now has a hotfix.

,,,why it couldn't have been in the original patch from the get go is beyond me.

So I'm sitting in the backyard with my laptop remoting back into the desktop upstairs trying to keep from being eaten by Mosquitos and trying to fix the upstairs computer.  Now here's the thing, Office 2010 is loaded up on this machine but it was an upgrade from 2007.   And it's trying to update PowerPoint 2007 and obviously not working. 

So I'm going to remove the Office 2007 interop assemblies on the chance that that is what's causing the error to occur because according to the program and features, there's no Office 2007 loaded on this pc but obviously I've mangled it up doing an inplace upgrade. 

Bingo that was it.  I had to remove the Microsoft Office 2007 Interop Assemblies (whatever THAT is) and then the PowerPoint 2007 patch offering went away.

Now if only the mosquitoes would go away too.

SBS kbs of interest - April 2011

IIS log files for WSUS Web Site May Not Be Deleted:
http://support.microsoft.com/kb/2538579
SBS 2011: Home Page of RWA display an error "There is a problem with this Web page":
http://support.microsoft.com/kb/2537508/en-us?sd=rss&spid=1167

A common question I get is ...should I clean install or should I do a migration. 

I honestly think it comes down to your comfort with the AD.  Sometimes you decide you just don't trust the AD and thus you'd rather rebuild, export out email (or exmerge) out to pst files. You'll copy over the profiles and the date.  (needless to say I've blogged this before -- http://msmvps.com/blogs/bradley/archive/2009/02/09/so-ya-wanna-do-a-clean-install-in-an-existing-network.aspx)

If someone else set up the AD and you really don't trust it, if you need to majorly redo the network, if you want to rename the domain... all of these are valid reasons.  But I'm still not convinced that "I have 5 users" is a good enough reason. 

Then there's probably a follow up question ...should I do Microsoft migration or swing migration.  Now I'll be the first to say that as long as you have a system state backup, to take your server back to pre SBS 2011 install is honestly trivial.  You shouldn't be picking through AD trying to do what the migration did, you should just restore the system state.

SBSmigration.com - Why Swing to SBS 2011?:
http://www.sbsmigration.com/pages/44/

A common question I get is "Why do a Swing Migration" now that Microsoft has defined their own Migration Mode and path for setup that can preserve the Active Directory as part of the installation?

One answer might be: Ask the people trying the LIVE DOMAIN MIGRATION procedure defined by Microsoft and think about the agony of getting half-way through and stuck, or worse, the upgrade dies during setup but YOU have to undo everything it did to try again. Swing Migration is safe, it's sane, it's predictable and it's done without modifying the production domain or server. Relax...Swing Migration solves the headaches.

If you are familiar with Swing Migration, you likely have valued the following benefits:

• Same domain name and Active Directory preserved
• Same server name and IP preserved
• Work "construction offline" for parallel testing and an open timeline to deploy
• Existing production server remains online and unchanged during construction
• Nothing to Undo if your migration plan is delayed or construction becomes blocked
• Transparent replacement of the OriginalDC with a new FinalDC
• Option to put the OriginalDC back online if needed...unchanged by the migration path
• Convenient and optimized work to build offsite, offline, and minimize transition time
• Schedule the server transition, and the data transfer, obtaining minimized downtime
• Little if nothing to do at the workstations, no change to profiles or UNC paths
• Predictable project construction path
• Clean install server that "looks the same" to the domain computers and users

A larger view of the benefits of Swing Migration using the new Swing It!! Kit solution (once it is completed) is that the tools and updates available will make it much easier to keep up with changes and new information. Rather than trying to keep all the new concerns in your head, updates to the migration tools will make it feasible to limit the amount of documentation and supplements necessary to have a "current project path" solution month after month, year after year

Microsoft started a new coordinated vulnerability disclosure.

MSRC Blog Post: http://blogs.technet.com/b/msrc/archive/2011/04/19/coordinated-vulnerability-disclosure-from-philosophy-to-practice.aspx

CVD at Microsoft Paper:  http://www.microsoft.com/downloads/en/details.aspx?FamilyID=2f25ef80-88b1-461e-95e0-3e3ec7f2fe8e

MSVR Advisories landing page: http://www.microsoft.com/technet/security/advisory/msvrdefault.mspx

MSRC CVD page: http://www.microsoft.com/security/msrc/report/disclosure.aspx

Which I'm guessing Mr. Ormandy's (Google security guy, has released Microsoft zero days) latest tweets are in response to:

Twitter / @Tavis Ormandy: "Security" is not simply i ...: 
"Security" is not simply ignorance of vulnerabilities. If having more information makes you less secure, then you're doing it wrong.
http://twitter.com/#!/taviso/statuses/60650095577808896 

My take:  It depends on who's got the information and what they do with it.  If that information about the vulnerability is in the hands of people that can now code up browsers exploits and there's no mitigation that my Mom and Dad can do on their PCS, then more information in the wrong hands does not make us more secure.  It's what I'm still concerned about in regards to cloud computing.  Right now we're a distributed target.  Lots of small businesses and small firms scattered all over the place.   Move to a business model where we're all with our data in the cloud and what happens when the bad guys decide that Office 365 makes a really good target to go after.  Yeah, not good.

Twitter / @Tavis Ormandy: Wake me up when Microsoft ...:
Wake me up when Microsoft has an official policy about not threatening or bullying security researchers
http://twitter.com/#!/taviso/statuses/60464631193419776

Wake me when security researchers care as much about the users of computers as much as they say they do.  For every time you release a zero day, how about you release with it mitigation guidance that's actionable and realistic from Enterprises all the way down to my Mom and Dad's computer.  Don't just get mad at the vendor, think all the way down to people just using computers.  Make sure they have the RIGHT information for them.  Merely putting out information isn't enough.  Putting out the RIGHT actionable information for each type of computer user is needed along with ensuring there is actionable mitigation that doesn't just think of Enterprise users and no one else.

And if you think you are helping computer users by pushing vendors to making their software more secure, how about you also push to help people get updates installed while you are at it.  If you have some free time, hop on Windows answers forum and help out. http://answers.microsoft.com/en-us/windows/forum/windows_update?page=1&tab=no