THE OFFICIAL BLOG OF THE SBS DIVA

http://www.youtube.com/watch?v=zHUxrVlLcU0

If you want to see a fantastic step by step process done by Robert Pearman, check out that video

On March 29th at around 3 p.m my workstation here suddenly started throwing up massive number of windows indicating a write error to the c drive.  Uh oh, says I, what's going on and a drivesmart window popped up indicating I had massive failures on my C drive.  Worrying that it was a fake alert I rebooted my pc and got the lovely experience of a pc that booted but didn't build a full start bar and then died.

I tried again and no go this time.  Massive harddrive failure on a Western Digital VelociRaptor 300 gig drive.  Not something you want in the middle of a busy week with projects still to do and forensic software loaded up with keys tied to the operating system and other such licensing things that make rebuilding a forensic workstation something you do on a down time, not during busy season.

But I have BBBG.  Backup Box by Gramps a Windows Storage Server 2008 R2 Essentials box that takes a backup of my system.

Buy one here: http://www.smallbizserver.com/store.php

Buy several for your clients.

I inserted a spare 500 gig SATA drive that I happened to have in the closet.

You boot from a usb key or a cdrom and then you follow the screen commands.

You start the restore process

You enter the password for the server

You select the computer (it's really a Windows 7, still called SusanVista - don't ask)

You confirm you want to over write the drive you've put in the machine

They lie.  It took like two hours.  I fired up a laptop and remoted into a TS box in the meantime. 

It completed.  Note I went back a day and restored from the day before's backup in case there was any corruption.  Mind you there was NO errors or warnings anywhere about drive failure from this drive.

Rebooted the system.  Because it was a totally different style of hard drive it needed a second reboot but it did not kick a WGA freak out.

And there we have it.  Fully restored to exactly the way it was.

After a complete failure of a hard drive:

We now hold a moment of silence for a dead hard drive.

And we have a happy Backup box by Gramps customer.

So if you are looking for a solution to add client backup to an existing SBS 2008 or 2011 standard network, this is how you do it:

http://www.smallbizserver.com/store.php

A few years ago at a SMB nation there were like 400 vendors of which 399 were backup vendors.

Okay so that's a bit of a stretch, but you get the idea.

Microsoft Online Backup Service - Windows Server Blog - Site Home - TechNet Blogs:
http://blogs.technet.com/b/windowsserver/archive/2012/03/28/microsoft-online-backup-service.aspx

So along comes Microsoft and offers ...yet another online backup offering.

Does it allow for geographic limitation of the data to not be tainted by the Patriot act?

Does is allow for fedexing and seeding of backups and restoration of backups?

'cause if you ain't got that honey, you are not bringing anything to the table.  And you -cannot- restore an online backup with any sort of reasonable recovery time unless you have a really really fat pipe.

http://krebsonsecurity.com/category/smallbizvictims/

A call to action.

Small businesses are being targeted for phishing attacks.  Brian Krebs of Krebs on Security is leading the charge to try to educate and warn all of us that are at risk.

If you get phished or tricked and your bank account emptied out, you have no recourse at this time.

http://www.zdnet.com/blog/security/fbi-us-losing-hacker-war/11143  The FBI says we're losing the hacker war.  Us small businesses need to be warned about how we're being targeted.

Our risk is our computers.  Our risk is our trust of emails being sent to us.  Our risk is clicking.  We're not keeping track of our banking transactions. I'd like those of us in the small business IT industry and small business accounting industry to help our customers become a lot more aware, a lot more proactive and realize that if something happens, we have no protection.

I'm going to be reaching out to Intuit, to the California CPA Society and to other organizations to see if we can get a bit of grass roots organizing going.

In the meantime read those posts of Brian Krebs and see if you or your clients would fall for an attack.

Update Rollup 1 for Exchange Server 2010 Service Pack 2 (KB2645995) 
<http://support.microsoft.com/?kbid=2645995>
This update rollup resolves problems that were found in Exchange Server 
2010 Service Pack 2 (SP2) since Exchange Server 2010 SP2 was released 
and replaces previously released update rollups for Exchange Server 2010 
SP2.

More Details on Microsoft Small Business Competency Trickling Out! - SMB Nation Blogs:
http://www.smbnation.com/index.php?option=com_easyblog&view=entry&id=296&Itemid=124
CloudSpeak. “In for a penny, in for a pound of cloud” was the message we heard regarding the technical emphasis of the SB competency. Legacy on-premise solutions such as Windows Small Business Server weren’t really part of the conversation today. Instead, it was all about Office 365. Interesting but albeit somewhat risky strategy for Microsoft to be all in the for cloud when the channel has expressed revenue reservations about that path. True, the reality is that times are changing fast. Microsoft is hedging partners will get on the cloud train with the SB competency.

Translation... because you guys are supporting your clients' SBS 2003 boxes that are still chugging, Microsoft can't make money off of you.  They need you to upgrade those guys to Office 365 where they lock them into monthly subscription fees!  You are holding Microsoft back, dude! 

I just hope someone up there in Redmond knows what they are doing.  For every one partner that says they are using Office 365, there's another five I see that says that they can't make money off of it or it has no support model for their needs.  You guys in Redmond are betting the farm and I just hope this goes your way.  Out here in the sticks I see Google docs being used by small businesses, I know of no one (other than myself on that free year long offering) using Office 365.

also known as the ipad and uefi fix

Update Rollup 2 for Windows Small Business Server 2011 Standard is available:
http://support.microsoft.com/kb/2660819/en-us?sd=rss&spid=15817

Update Rollup 2 for Windows Small Business Server 2011 Standard is now available.

This update rollup contains all the updates that were included in the previous update rollup. Additionally, this update fixes the following issues that were not previously documented in a Microsoft Knowledge Base (KB) article.

Issue 1

Consider the following scenario:

• You enable the Unified Extensible Firmware Interface (UEFI) mode on a computer that is running Windows Small Business Server 2011 Standard.
• You configure a recurring backup task on the computer.
• You try to perform a bare-metal recovery by using the Recovery Console.

In this scenario, the Bare Metal Recovery feature does not find any valid backups.

Note This update does not change any existing backups on the computer. Therefore, to resolve this issue, you must configure the backup task again after you install this update.

Issue 2

Assume that you try to log on to the Remote Web Access webpage of Windows Small Business Server 2011 Standard by using a user principal name (UPN). In this situation, you receive the following error message:

Issue 3

Assume that you try to connect to a client computer that is joined to a Windows Small Business Server 2011 Standard-based network domain by using the Remote Web Access webpage. However, if your username contains Unicode characters, the username is displayed incorrectly when you are prompted to enter your user credentials. For example, this issue occurs if your username contains a Chinese character.

Issue 4

You cannot download files from the Remote Web Access webpage if you log on to the webpage by using a slate device. For example, you cannot download files from the Remote Web Access webpage to an Apple iPad.

Issue 5

Assume that you migrate from Windows Small Business Server 2003 Standard to Windows Small Business Server 2011 Standard. In this situation, you cannot log on to the Remote Web Access webpage by using a nonadministrative account. When this issue occurs, you receive the following error message:

http://msmvps.com/blogs/bradley/archive/2012/03/25/playing-with-windows-8.aspx

Playing with Windows 8 part 2:

For now don't use the connect computer wizard to join a Windows 8 to a SBS 2011 standard.  There's a currently being investigated issue where the permissions set during the process mangle with metro.

It's a beta what can we say.

But Susan, what will I lose if I don't use the connect wizard?  On SBS 2011 - actually nothing.  Everything comes down via group policy EXCEPT for the moving of the profile and on a brand new system... you don't have a profile move to worry about.

http://social.technet.microsoft.com/wiki/contents/articles/3887.connectcomputer-troubleshooting.aspx

The Connector has encountered an unexpected error

If you receive an error that says "The Connector has encountered an unexpected error" please also check if the NetTCPPortSharing service is in starting status but not successfully started. In some situations, NetTCPPortSharing service fail to start on XP client with .NET 4.0 installed. That may caused by several reasons including

1.LocalService account does not have proper access rights to the root of the C: drive
2.LocalService account does not have proper access rights to the C:\Windows\Microsoft.NET\Framework\V4.0.30319\SMSvcHost.exe.Config file 3. "The disk on which the C: Volume exists is a Dynamic disk"

You may be able to resolve this issue by perform the following steps:

1.Give LocalService account Read permission to C:\Windows\Microsoft.NET\Framework\V4.0.30319\SMSvcHost.exe.Config
2.OR Give LocalService Read and List Folder Contents permission to the root of C:

You may see this if you have used a repartitioning program to expand your c drive and it required you to change your C drive to a dynamic disk.

Prior to this we followed these posts  where we used files from .net 3 and replaced them with files in .net 4. Please do not use this workaround anymore and instead use the recommendations above and adjust the permissions of the C drive above.

Please also see the client troubleshooting guide at http://social.technet.microsoft.com/wiki/contents/articles/3941.aspx

And review Robert Pearman's great resource located at http://titlerequired.com/2011/09/27/troubleshooting-client-connector-install-sbs2011-essentials/ 

(putting this here for bingle juice)

If you are playing with Windows 8 make sure you check out:

http://social.technet.microsoft.com/wiki/contents/articles/7875.known-issues-when-join-windows-8-beta-to-windows-small-business-server-2011-essentials-windows-storage-server-2008-r2-essentials-and-windows-home-server-2011.aspx

and

http://social.technet.microsoft.com/wiki/contents/articles/8497.known-issues-of-windows-8-client-computers-connecting-to-windows-home-server.aspx

In addition to that Metro apps shipped on the consumer preview kinda go wonky after joining the domain.

Note the following posts:

http://social.technet.microsoft.com/Forums/en-US/w8itproinstall/thread/e39a7312-7863-4645-9e66-d5b2fa3a4a15 and http://social.technet.microsoft.com/Forums/en-US/w8itprogeneral/thread/863fe449-4e31-444c-9b21-6accc0eb4a10

Also follow Philip's blog to open up RDP on Windows 8 - see http://blog.mpecsinc.ca/2011/09/windows-8-remote-desktop-connection.html

Bottom line when you join a Windows 8 consumer preview to a domain Metro kinda loses it's mind a bit.

Funny email from Amy Babinchak this morning:

Friendly reminder that this weekend is your last chance to register at 50% off for our next Brain Explosion and the IT Pro Conference. The details on the sessions for the Brain Explosion can be read here: http://www.thirdtier.net/2012/03/brain-explosion-50-discount-and-content-revealed/

Then stay for this unique conference and soak in the business talk surrounding the important role that you'e going to play in advising your clients on how to protect their intellectual property in the cloud era. What's unique about the IT Pro conference? It's a peer conference. No big wig from Microsoft, Intel, Cisco is going to stand up there and tell you about the Cloud and your role in earning 1% margin and how you're going to love it. This conference is about peers having a conversation on an important topic. It's you and me and owners of IT firms from around the world getting together to discuss in panel sessions how we are going to succeed in the future and how we can best help our clients navigate through the storm clouds to the fluffy white clouds safely, effectively and make money all at the same time. Oh, we'll have some parties too. So get signed up now. Don't pay double and we'll see you in New Orleans.

http://blogs.technet.com/b/educloud/archive/2012/03/23/what-is-the-difference-between-exchange-online-unified-messaging-and-exchange-2010-on-prem-unified-messaging.aspx

Ah the use of the word premises used in the context of Exchange and messaging!

Premise as defined by bing - http://www.bing.com/Dictionary/search?q=define+premise&qpvt=premise&FORM=DTPDIA basis of argument: a proposition that forms the basis of an argument or from which a conclusion is drawn

Premises also defined by bing - http://www.bing.com/Dictionary/search?q=define+premises&qs=ds&form=QB land and buildings: a piece of land and the buildings on it

On premises software - http://en.wikipedia.org/wiki/On-premises_software

Yet when you hear Microsoft talk about Exchange on premise you see both premises and premise

I think we should pick premises and stick with it.

Interesting comment from "SpiceUser"

http://community.spiceworks.com/topic/197779-opendns-transitioning-to-paid-only-service-for-businesses

http://www.miniusa.com/mini10/index.html

Look real hard I'm listed on the right hand side by the tire.

Microsoft cuts back on Windows keys after pirates grab booty • Channel Register:
http://www.channelregister.co.uk/2012/03/21/microsoft_subscriptions_pirated/
A Microsoft spokesperson told us: “Over the past few months, pirates have exploited these programs and systems to obtain free or lower cost genuine product and have then resold at significant profit margins, depriving Microsoft and its partners of legitimate revenue and leaving users with an improperly licensed and unsupported product.

Sorry Microsoft, not buying that explanation.  We've had Technet bogus keys for years.  This is not new.  What is new is how many of these Technet subscriptions you've handed out all over the place.  It's included now in Action pack.  (and if you are a SMB partner/reseller you SHOULD sign up for Action pack).  What you should do now for testing is make snapshots or copies of the activated versions and build your test beds from there.

It seems to me that if all of us SMBs are supposed to go to the cloud or hybrid deployments that Microsoft would make this a lot easier.

Case in point.  Migrating from SBS 2003 to SBS 2011 Essentials/Office 365.

So the documentation to move the AD is documented in http://www.microsoft.com/download/en/details.aspx?id=3231.  But if you need to know how to move the Exchange email the documentation is....uh.... it's ...... well no where to be found in an easy step by step documentation.

And how about documentation to go from the on premises SharePoint of SBS 2003 to Office 365's SharePoint?  That documentation is located....uh...well... foggetaboutit.  Not anywhere to be found.

I know there is this tool http://www.quest.com/migration-suite-for-sharepoint/ but I'm checking to see how much it is.  (If you have to ask it's usually way too expensive).

To ease migrations from on-premises Exchange to online Exchange check out Migrationwiz - http://blog.migrationwiz.com/2011/04/22/cloud-essentials-migration-offer-free-migration-licenses/  I'm not sure that free 10 licenses is still there as a valid offer but at $9.99 a mailbox, that's a reasonable price tag - http://www.migrationwiz.com/Public/Pricing.aspx

But come on Microsoft.  If you expect all of your existing on premises (notice the premises not premise) to go to this hybrid model, put forth the roadmap for your customers.

An invitation from Jeff Middleton, Founder of SBSmigration.com

Early-bird conference registration expires Sunday March 25, 2012.

This is a reminder that the savings in early-bird discount offer includes:

• $100 off the 2-day Attendee Registration, $100 savings for your guest registration too!
• $60 off the pre-day registration for Third Tier Brain Explosion deep-dive

Did you know that early-bird registrations are FULLY REFUNDABLE up to 1 week ahead of the conference? Book your registration today!

WHY ATTEND IT PRO CONFERENCE?

With an Executive Conference experience, we now accommodate 150-200 attendees by blending technical and business concerns, while including an unparalleled level of attention to food, music and evening entertainment. Our single-track event is held in the New Orleans French Quarter, it’s an event focused on content and discussion experience, rather than vendor expo marketing.

WHAT’S NEW IN 2012!

Three special points to highlight what’s new in our international conference in June 2012:

• Third Tier Brain Explosion – Pre-Day Technical Deep Dive (June 7 Thu)
• 2012 Conference Theme – Trusted Identity: Faith in a Technology World (June 8-9 Fri-Sat)
• 7-Day Cruise Seminars – NEW Cruise! Roundtrip NOLA to Jamaica, Grand Cayman, Cozumel
  (June 10-17 Sun-Sun)

The Third Tier Brain Explosion pre-day sessions and speakers are announced! This full-day deep dive includes your lunch and these sessions:

• IPv6 Right Now – Presented by Cliff Galiher)
• Active Directory Management – Presented by Brian Higgins
• Exchange 2010 Compliance and Archiving – Presented by David Shackelford
• Managing Data Encryption – Presented by Jeremy Anderson

SPOUSE TRACK

For our 5 year anniversary reunion in 2012 we are featuring a NEW cruise route, a NEW cruise ship, a NEW 7-day itinerary with a NEW Caribbean cruise adventure experience in ports of call visiting 3-countries! Please note that full-payment cruise registrations will continue beyond March 25, but act ASAP to get the best options on your cabin preference!

I am delighted each year I can host my friends, clients and peers for the French Quarter Weekend Conference in New Orleans. It’s the signature event with international impact, one of the most unique IT Pro conferences in SMB segment. Join us, you will find we offer sessions with peer interaction on technology issues, entertaining evening events, and the total experience that sets the standard other conferences envy.

Best regards,

Jeff Middleton
SBSmigration.com

Word 2007 on 2008 R2 Terminal Server crashes often:
http://social.technet.microsoft.com/Forums/en-US/word/thread/7c14bf57-e511-4e71-985c-b6d4db30dfc3
How do I enable or disable DEP for Office applications?:
http://support.microsoft.com/kb/971766
So you have Office 2007 on a terminal server box and it keeps crashing?  Apparently turning off DEP can help.

Granted that's not that great of a solution from a security standpoint though....

Brain Explosion 2012 content revealed! 50% off registration until March 25th too.

http://www.thirdtier.net/2012/03/brain-explosion-50-discount-and-content-revealed/

Third Tier staff are known for the depth of knowledge they bring to your business. At Brain Explosion 2012 they’ve developed some very practical sessions that will leave you empowered to deploy.

IPv6 Right Now Presented by Cliff Galiher

In this session, we will cut through the theory and dig in to how IPv6 impacts today’s business networks. Cliff will give you practical tools to understand IPv6, deploy and transition your network, and support an IPv6 infrastructure including DNS, DHCP, and coexisting with IPv4. This session will leave with a better understanding and a few “next steps” to help bring your networks forward with this exciting advancement in technology.

Active Directory Management Presented by Brian Higgins

Active Directory is a complex and powerful system, and combined with the power and complexity of Group Policy it can be downright difficult to manage sometimes. Proper setup and configuration upfront can make management and troubleshooting of complex system like Active Directory (almost) simple. We will start this session by exploring some of the common topology mistakes when setting up Active Directory, and how proper topology layouts can make managing Group Policy much easier. Next we will dive deeper into some strategies behind planning your Group Policy deployments, and discuss some performance considerations when you create new policies. Finally you’ll learn how to create your own custom schema extensions to store custom information in Active Directory. I’ll show you how to use that schema extension knowledge to effortlessly, and automatically deploy and manage network printers to users in a completely new way.

Exchange 2010 Compliance and Archiving Presented by David Shackelford

Few small and midsized businesses that have clients in the medical, financial and legal professions are actually prepared to provide data to the courts in the event of a lawsuit or investigation. Those who have some measures in place still find e-discovery to be a very tedious process. In this session we’ll look at ways the Exchange 2010 feature set has made storing and retrieving archived emails easier and will also discuss some third-party solutions that have made compliance processes even easier.

Managing Data Encryption Presented by Jeremy Anderson

Jeremy Brings forth the Encryption as he discusses BitLocker. Addressing the physical security of your network, including laptops and tablets Jeremy will discuss Bitlocker and how to Implement and deploy it in your Active Directory Domain. How to back up the recovery keys into AD DS using the BitLocker Active Directory Recovery Password Viewer tool, and how to recover data from a drive will be discussed and demonstrated. New features, including Network Unlock and Partial Drive Encryption that is available in Windows Server 8 and Windows 8 will be discussed. Learn how easy full disk encryption is to deploy and use in your networks, and the security that it brings to your clients knowing that if they have a device lost or stolen, that the data is secure from theft.

Today's risk report for MS12-020:

There's a Metasploit module out today that has at this time a Denial of Service impact.  We  have not yet seen a Remote code exploit at this time.

But clock is still ticking.

=====================


Metasploit :: Browse Exploit & Auxiliary Modules:
http://www.metasploit.com/modules/auxiliary/dos/windows/rdp/ms12_020_maxchannelids
This module exploits the MS12-002 RDP vulnerability originally discovered and reported by Luigi Auriemma. The flaw can be found in the way the T.125 ConnectMCSPDU packet is handled in the maxChannelIDs field, which will result an invalid pointer being used, therefore causing a denial-of-service condition.