THE OFFICIAL BLOG OF THE SBS DIVA

But you'd never know it how Microsoft is handling their blogging and facebook pages. Case in point the recent release of update rollup 2 for Windows home server that made the connector deployment work better on Lion. Posted to the blog? Nope. Posted to Facebook by a team member? Nope.

Today's posting of the two bugs that throw off computer monitoring alerts - http://social.technet.microsoft.com/wiki/contents/articles/7852.computer-monitoring-error-on-dashboard-or-launchpad.aspx, posted to the SBS Blog Yea!  Posted to the Home Server Blog? http://windowsteamblog.com/windows/b/windowshomeserver/

Nope.  No posts since October. 

And twitter?  Even worse - http://twitter.com/winhomeserver no posts since August.

To be fair Microsoft folks are posting in the forum - http://social.microsoft.com/Forums/is/whs2011/threads

But in this day and age of "social" supposedly being where it's at to showcase that you still care about a product, Microsoft is sadly lacking here.  If you are going to "do social" then do social.  And Windows Home Server 2011 is still a supported product and will be so until 2016.  http://usingwindowshomeserver.com/2011/04/07/now-we-know-microsoft-lifecycle-support-dates-for-windows-home-server/

So Microsoft?  How about in the year 2012 showcasing that you will still be supporting it in 2016 by blogging about it's support issues?

http://blogs.technet.com/b/sbs/archive/2012/02/29/computer-monitoring-error-in-dashboard-or-launchpad-of-sbs-2011-essential-servers.aspx

http://social.technet.microsoft.com/wiki/contents/articles/7852.computer-monitoring-error-on-dashboard-or-launchpad.aspx

Two bugs

Bug one:  Install the sbsbpa on the server and leave it as the defaults and it will throw off errors on every single client.  Remove it, all is well.  Workaround for now is to only install the BPA on an Essentials box when you need to run a scan, remove it for now.

Bug two:  If you have archived computer backups but have removed the computers the UR2 update tries to do an inventory of the network looking for Mac clients to update.  Because these past workstations are in the device XML listing, the inventory process will cause an alert every 1/2 hour to go off.

In 30 minutes that will be green again.  Another 30 minutes more and it will be back to yellow.

If you are seeing this and your network does NOT have any archived backups in the console, please email me at susan-at-msmvps.com as I want to talk with you as to exactly what you are seeing in SBS Essentials.

Both bugs above are being worked on and there will be future fix.  Stay tuned.

Update Rollup 6 for Exchange Server 2007 Service Pack 3 (KB2608656)
Update Rollup 6 for Exchange Server 2007 SP3 addresses issues identified within previous versions or updates to Exchange Server 2007.

Syncing up to WSUS tonight is Update rollup 6 for Exchange 2007 sp3 - aka SBS 2008.

http://blogs.technet.com/b/exchange/archive/2012/01/26/released-update-rollup-3-for-exchange-2007-service-pack-3.aspx

Checking the comments on the blog, don't see any SBSized issues.

Spotted this tonight and I'll have to dig into in detail.  I think any SBS 2011 era server (standard and essential) should be able to pull this off.

Connecting iPads to an Enterprise Wireless 802.1x Network Using Certificates and Network Device Enrollment Services (NDES) - Windows PKI blog - Site Home - TechNet Blogs:
http://blogs.technet.com/b/pki/archive/2012/02/27/ndes-and-ipads.aspx

Windows Storage Server 2008 R2 Connector Software Installation Dialogs not Displayed in Localized Language:
http://support.microsoft.com/kb/2679127/en-us?sd=rss&spid=1167

Got Controlerfunktion and Spiegelungen? We do! Featuring the HP MicroServer check out Oliver Sommer and www.sbstools.com

How to Clean Up Active Directory after an Unsuccessful Migration:
http://support.microsoft.com/kb/2647882/en-us?sd=rss&spid=1167
This article contains steps to clean up the Active Directory when a Small Business Server 2011 Standard migration installation fails. If the setup of SBS 2011 Standard fails and the installation must be performed again, it is advisable to perform a system state restore on the source server and then retry the migration install. Sometimes it is not possible to perform a system state restore. This article contains the steps to clean up active directory so that a second attempt at installation will be successful.

This article should be subtitled:  "You didn't listen to Susan after she REPEATEDLY said over and over again to make sure you have a system state backup BEFORE you start the migration from SBS 2003 to SBS 2011.  And then your migration barfed and you were stuck".

Next time, take a backup.  This time, there's your KB.

Are you an IT Pro seeking a head start with the new Windows 8 technology wave?

(or in my case are you an IT Pro that can't leave the office this time of year and thusly can't attend the MVP summit nor the public MVP Nation as usual?)

Attend the MVP Nation 2012 streaming conference webcast!

• Intensive on everything Windows 8: server, desktop, mobility, tablet
• No travel – No airfare – No hotel
• When you purchase a virtual ticket you will receive online access to the live event.
• You will be able to watch all of the sessions via streaming video as they happen. You can ask live questions.
• You will also receive online versions of the conference materials that you may download and print to follow along.
• No physical materials will be shipped to you. All access is via a password protected site.
• After the event, you will continue to have access to this site in order to access the recorded sessions and posted materials.
• HURRY! Seating is limited to 500 virtual attendees!

110% money-back guarantee if not completely overwhelmed.

mvp.smbnation.com

• Dates
  • Webcast: March 2-3, 2012
  • Broadcast Location: Microsoft Conference Center, Redmond, WA
  • Sign-up: http://mvp.smbnation.com
  • Cost: $99 for the two-day web cast
  • More information: 1-888-SMBNAT1

Hire this person:

http://www.flickr.com/photos/36724189@N05/6892887709/in/photostream/

They have been posting up on their flckr account some of the best Windows 8 logos ... better than what you probably paid gazillions for. 

http://www.flickr.com/photos/36724189@N05/

At some point in the future, we'll have a new category in WSUS:

New Category for Windows Small Business Server - WSUS Product Team Blog - Site Home - TechNet Blogs:
http://blogs.technet.com/b/wsus/archive/2012/02/08/test.aspx

But in the meantime check out the updates to the BPA

Update 2 for Windows Server Solutions Best Practices Analyzer 1.0 is available:
http://support.microsoft.com/kb/2652984/en-us?sd=rss&spid=1167

So one of the questions people have upon moving to SBS 2008 and SBS 2011 is why they need to have a firewall enabled on the server and workstations if you have a firewall on the external edge.  I mean after all that's all you need to really protect you right?  Right?  I mean it wasn't there on SBS 2003?

Yeah and that server was built 9 years ago when the Internet was a different place.   An external firewall protects you from the edge but the internal firewalls you have inside the office protects you inside the office as well as limits exposure.

The firewall on workstations and servers blocks ports inbound.  To have a nicely (and securely) set up network you want only those ports that are authorized to be open inbound.  Should you have any changes in that firewall profile, it's one sign of tampering, malware or other intrusions.  On a default SBS 2008 and SBS 2011, the server has a series of ports open in order to have file and sharing traffic, Exchange traffic etc.  Should another inbound hole in the Windows Frewall with Advances security on the local computer be set and YOU didn't set it, it's a good forensic trail to start investigating.

Same on the workstation side.

If you've got the firewall controlled by the group policies of SBS 2011 standard,  anytime you see a firewal port that is not grayed out (that's the clue it's been built by the group policy of the server), and pokes holes in the firewall profiles of the domain/home and public, you might want to make sure you know exactly what application built that hole.

If you didn't approve it, you don't recognize it as an authorized app on that workstation, it's a place to start when understanding how things wiggled into your system.

Ensuring that you leave the firewalls on inside your network, and can document what you authorized, means should something happen in that firm, you may have more forensic evidence for investigation. 

Now let's get into historical reasons why firewalls and only authorized ports are a good thing.  Many years ago there was Slammer and Blaster.  Slammer in particular nailed people with open SQL server ports, many times open TO THE OUTSIDE when they shouldn't have been.  If we would have had firewalls on the inside of our offices and SQL apps that had no business talking outside that firewall were blocked from being open, SQL slammer would have hurt a lot lot less.

And finally lets talk about the vendor issue.  I see many people just turn off the firewall because they have an application that needs ports open.  I WANT you to know exactly what ports are open on that firewall for that application.  Because I've seen some vendors demand an insane amount of ports open.  If the vendor is on the ball, they will tell you a list of applications to build firewall rules for NOT ports.  If you use applications in the firewall rule, when the application is not in use, the port will close.  If you build rules with port numbers they won't close.  Some vendors even have networking diagnostic tools to help http://support.quickbooks.intuit.com/support/Articles/SLN41458. 

But the vendors that just tell you to shut off the firewall, go back to them and ASK them specifically what ports or what application exceptions need to be built.  If they don't know, that's a sign that they aren't security aware, aren't making sure their application is coded well.  Use this as the litmus test for these vendors.  If they can't tell you the ports and application exceptions in an on premise solution, you going to trust them with a cloud solution?  Seriously?

Bottom line you have approximately 65000 tcp/udp ports ready and willing to be talking to anything.  Don't make it easy for that system to get into trouble.

These KBs that have links to post sp1 hotfixes are good to keep in mind....

Links to post SP1 hotfixes for Windows 7 Service Pack 1 - The troubleshooters and problem solvers... - Site Home - TechNet Blogs:
http://blogs.technet.com/b/yongrhee/archive/2012/02/19/links-to-post-sp1-hotfixes-for-windows-7-service-pack-1.aspx

Dig into them and see if you've seen any issues that these may fix.

Do you deploy Home Server 2011?  Do you want to install WSUS on Home Server 2011?

Check out Terry Walsh and Jim Clark's Step by Step ebook!

WGS' New eBook "Windows Home Server 2011 Step By Step" Is Now Available | We Got Served:
http://www.wegotserved.com/2012/01/24/windows-home-server-2011-step-step/
 
And keep in mind that due to the shared code base between Home Server and SBS Essentials there's a lot of shared information that you can use in SBS Essentials.

The ebook starts out with a step by step on how to build the server from scratch.

Nicely done guys!

http://windowsteamblog.com/windows/b/bloggingwindows/archive/2012/02/17/redesigning-the-windows-logo.aspx

So MS announces a new logo based on the Metro principles.  So far so good.  Metro is (per http://en.wikipedia.org/wiki/Metro_(design_language) "partly inspired by signs commonly found at public transport systems," and "Metro places emphasis on good typography and has large text that catches the eye. Microsoft says that Metro is designed to be "sleek, quick, modern" and a "refresh".

Ooh great.

And now we go to the forums where on the Technet forums the subject lines have been "Metro-ized"

Ready?

http://social.technet.microsoft.com/Forums/en-US/reportabug/thread/1802c665-1d9e-44c4-b869-0bc3fd87647a

Go there to see it in person.

Okay granted the person didn't understand that a subject line doesn't mean you put your entire problem in there, but if this:

inspired the thin, light, gray lines of this:

I think another usability study needs to be done.

What do you think? 

Looking for an Australian embedded vendor for Windows Storage Server 2008 R2 Essentials?

Check out www.boonbox.biz

Featuring the HP MicroServer and Windows Storage Server 2008 R2 Essentials it joins an active directory domain and backs up the client workstations.

So you install update rollup one on your Windows Storage Server 2008 R2 Essentials (or Home Server 2011 or SBS Essentials 2011) and some of your Windows XPs now show up as offline?

The client side updates pushed out require a reboot as Wayne blogged about:

http://www.sbsfaq.com/?p=3297

If you weren't near the machine at the time it did it, you might not notice the message.

There's some big changes in this one:

Update Rollup 2 for Windows Small Business Server 2011 Essentials is available:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2630429

Firstly the Office 365 integration module is included in this.

Next it has fixes for getting Lion OS's connected better to the server.  Mind you the backup from Lion to the Essentials is not fixed as there's an underlying change in technology that Apple did, but at least the launchpad will now install as it's supposed to.

I just wanted to put you on notice that I'm getting a bit fed up with being branded as an idiot.  I don't use hosted Exchange, I use on premise Exchange.  For many reasons one of which includes the fact that we need to put custom footers on our emails as we're a CPA firm and under Circular 230 of the IRS code we have to annoy anyone with a 10 inch legal verbage that is totally not binding, everyone agrees is a crock, but some Lawyers somewhere agreed we have to do it. So we have these customer footers that sense when we have typed tax verbage, you get the annoying Circular 230 verbage.  Not easily do-able on Office 365, especially on the P1 plan.

But I'm getting too geeky on you and digressing.  Back to my rant.  I'm getting sick and tired reading articles about how Exchange is so difficult to administrate and maintain and blows up at the drop of a hat.  The other day I saw someone put up a hypothetical scenerio that a mere power outtage would corrupt Exchange jet blue databases so badly that they needed a full restoration from backup.  Honey, I know some jet blue  Engineers that would go into the details of how that would not be possible or probable with how JetBlue handles transactions.

As someone way smarter than me said, Exchange 2003 and later almost never loses data.  Exchange writes to the disk as it receives the transactions, then writes to the database, then writes to transaction logs that document changes made to the database since the last full backup.  If you have a dirty shutdown, Exchange will typically do what it needs to do to get the databases in sync with the logs.  If there's any actions it cannot do, it will log them, but that doesn't mean you've had data loss.  Moving email up to Office 365 is still storing email in an Exchange database.  There's a reason that Exchange hasn't changed their database to SQL, because Exchange's jet blue works.

So every time I get beat over the head by marketing that Small Businesses need to be in the cloud, and Small Businesses need to have hosted email because that's the only thing that makes sense, I keep feeling like if I stand back here and say "Hang on guys,  I have some key reasons why I haven't jumped on the cloud bandwagon, the majority of which is my technology just works.  I don't need to muck with it.  I haven't adjusted or done anything to Exchange in years and I currently have a blazing speed of 1.5meg on my DSL connection.  There's a glimmer of a hope that I might get Comcast in my future, but I don't right now, and furthermore, I can't roll out something to my office that right now, I don't see it as an upgrade, more like just an equal trade of features with some disadvantages that when I DO need access to the server, I CAN get access to the server and I'm not having to post in a forum or attempt to figure out the PowerShell equvalent of what I do now natively in the Exchange MMC".  But protesting too much will just get people reading my blog to say that I'm a luddite and out of touch. 

I choose cloud options when they make sense, but right now I can't justify chucking out the door technology that is bought, paid for and just works, for technology that is still rolling out features and I'd have to pay for on a monthly basis. 

So now that I've laid out my reasons why I'm tired of being called an idiot for choosing on premise Exchange, prepare yourself to be called an idiot:  http://www.pcworld.com/businesscenter/article/250091/why_small_businesses_should_switch_from_exchange_to_office_365.html#tk.hp_new

"What started as a simple pro bono assist turned into hours of troubleshooting to see where Exchange was improperly set up. It's clear that these small-business IT guys don't have the training to deploy a system as complex as Exchange."

J. Peter, I'm sure you didn't mean to call ALL Small-business IT guys as idiots.  And certainly when it comes to SBS 2011 standard, trust me, it's a HECK of a lot easier to deploy Exchange with full SSL certificates on THAT box than it is right now with SBS Essentials and Office 365 integration module.  Especially when you've already got a domain, it's no walk in the park as that domain wizard was built assuming you had no domain at all. 

"Ultimately, I wish companies would call me before they deploy an on-premise Exchange environment so that I can try to talk them out of it, save them some money, and help me avoid the frustration of hunting down the cause of their deployment woes. For many companies, Office 365 is simply a much better option."

J. Peter, there you go again.  Granted you didn't say ALL companies and merely used the word many, but you can't just be as blind to hosted as you are claiming the Small-business IT guys are to on premise.... one size does not fit all.  Cloud has to be chosen when it makes sense just as much as on premise does.  You can't make blanket statements.  There's issues of support.  There's issues of features.  There's issues of cost.  Because it's not always cheaper in the cloud.  And especially ... in California... in a library?  Where we are facing budget shortfalls and cash is tight?  You sure you want to recommend locking in a firm to a monthly bill that -I-guarantee-you- will not decrease.  (We just got my cable bill, it NEVER goes down).

Just the other night on our local NPR radio in fact they had a show about our local libraries and stated that "Governor Jerry Brown released his new budget with no state funding for libraries for the second year in a row" and that our local Measure B, which is up for renewal this fall, that MAY NOT GET renewed, may severely impact services.  That Library may have had a County Measure that gave them the capital budget for that technology upgrade in a single year budget item.  They may not have the ability to purchase technology on a monthly fee basis.  How is that California budget going to plan on paying for that Office 365 subscription next year if they don't have the money to do so.

See what I mean here?  This isn't black and white.  There's cash flow and nuances here that are not always obvious.  Cloud makes sense when it makes both cents and sense.  But people that don't choose it are not idiots.  And Small Business IT consultants that deploy technology based on the needs of the client and the cash flow of the client are not idiots either.

http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_update/kb2668562-silverlight-update-will-not-install-feb/46bcf0b1-c9b8-41f5-b802-b6a8e822d930?page=1&tm=1329252863223#footer

If you are installing KB2668562 for Silverlight and it's failing, you are not alone.

Hang loose for now.  It appears that it's actually getting installed but just bogusly (if that's a word) putting up an error message.

Redmond has been alerted, they are investigating.  Hat tip to Seve Ward, Consumer Security MVP for the reports.

UPDATE:

http://marc.info/?l=patchmanagement&m=132925862114053&w=2

Subject:     RE: Slow going on that Silverlight KB2668562 patch
Date:     Tue, 14 Feb 2012 22:25:56 +0000
From:     Doug Neal 
Reply-To:     Patch Management Mailing List
To:     Patch Management Mailing List



Thanks to responses on this listserver, we've looked into the Silverlight update, have identified a metadata (logic) error and will be releasing a revision to correct this very soon.

Consider holding off on this update until a revision is published and visible in your WSUS/SCCM consoles - or simply allow auto-approval to permit the revision to replace the original version.  We have similarly 'down throttled' unmanaged (consumer) machines until the revision is released (throttled at 0% = no consumer machines will get this installed automatically - but users who open WUApp and choose it, will still be able to run it - even though it will fail).

doug neal
Microsoft Update (MU)

So what are the default IIS settings in SBS Essentials?

Mind you this is on a default box without the wizards run.