THE OFFICIAL BLOG OF THE SBS "DIVA"

So I had a server at home with these three updates still being offered.  I clicked on the yellow icon to attempt to install them.  I got this window, I clicked close and the yellow icon went away and I'm no longer being offered these updates.

If you see differently holler, as I can't repro anymore getting these updates.

MS12-016: Description of the security update for the .NET Framework 2.0 Service Pack 2 on Windows XP and Windows Server 2003: February 14, 2012:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2633880
MS11-044: Description of the security update for the .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows XP Service Pack 3 and on Windows Server 2003 Service Pack 2: June 14, 2011:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2518864
MS11-078: Description of the security update for the .NET Framework 2.0 SP2 for Windows XP and Windows Server 2003: October 11, 2011:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2572073

Seeing these being offered up tonight on a Server 2003 and on XP on unmanaged,  or Automatic updates enabled machines.

Hang loose until someone in Redmond wakes up and fixes Microsoft update.

It is reported that it will be fixed sometime after 10 a.m pacific.  It appears that MS12-035 will be rereleased and this is what is causing our momentary blip in detection.

Edit:  Now fixed, and the Microsoft securty bulletin alert indicates that some of these updates got a detection change.

********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: May 22, 2012
********************************************************************

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.


   * MS11-100 - Critical
   * MS12-034 - Critical
   * MS12-035 - Critical
   * MS12-MAY


Bulletin Information:
=====================

* MS11-100 - Critical

   -http://technet.microsoft.com/security/bulletin/MS11-100
   - Reason for Revision: V1.5 (May 22, 2012): Added entry to the
     update FAQ to announce a detection change for KB2656352 for
     Microsoft .NET Framework 2.0 Service Pack 2 to correct an
     installation issue. This is a detection change only. There were
     no changes to the security update files. Customers who have
     already successfully updated their systems do not need to take
     any action.
   - Originally posted: December 29, 2011
   - Updated: May 22, 2012
   - Bulletin Severity Rating: Critical
   - Version: 1.5

* MS12-034 - Critical

   -http://technet.microsoft.com/security/bulletin/MS12-034
   - Reason for Revision: V1.2 (May 22, 2012): Added an entry to
     the Frequently Asked Questions (FAQ) Related to This Security
     Update section to explain this revision.
   - Originally posted: May 8, 2012
   - Updated: May 22, 2012
   - Bulletin Severity Rating: Critical
   - Version: 1.2

* MS12-035 - Critical

   -http://technet.microsoft.com/security/bulletin/MS12-035
   - Reason for Revision: V2.1 (May 22, 2012): Added entry to the
     update FAQ to announce a detection change for KB2604092 for
     Microsoft .NET Framework 2.0 Service Pack 2 and KB2604110 for
     Microsoft .NET Framework 3.0 Service Pack 2 to correct an
     installation issue. This is a detection change only. There were
     no changes to the security update files. Customers who have
     already successfully updated their systems do not need to take
     any action.
   - Originally posted: May 8, 2012
   - Updated: May 22, 2012
   - Bulletin Severity Rating: Critical
   - Version: 2.1

MSDN Blogs:
http://blogs.msdn.com/b/b8/archive/2012/05/21/enhancing-windows-8-for-multiple-monitors.aspx

Data collected through the Windows Feedback Program indicates that approximately 14% of desktop PCs and approximately 5% of laptop PCs have run with multiple monitors.

Steven honey, 100% of the users in this office have multiple monitors and if I hear that you are coding through telemetry one more time... I may scream.

That is currently one of the weak points of Windows 8 - the multiple monitor experience.  Glad to know that you you are listening to some feedback.

So here's one best practice that I for sure follow... I ignore the ability to do snapshots in anything other than my Test HyperV.  On my real production, snapshots are to be ignored.

http://www.techrepublic.com/blog/five-apps/five-tips-for-optimizing-hyper-v/726

Primarily in my mind for the fact that making a snapshot of a DC isn't wise as it could lead to tombstone issues where if you roll back you could be going back in your AD history unknowingly, and then secondly ...now granted by TestHyperV is an overgrown Frys desktop, but it nails that servers performance when it snaps an image.

So just plan on having a normal backup for your HyperV child and not taking snapshots.

Viorel  in the comments says..."So what about NUMA settings Susan? And Processor core allocation? There is a good opportunity to use Hyper-V Server 8 (2012) for better performance ( >4 core) and NUMA management.

For management purpose I suggest to use add-in (cheap) netcard - onboard cards are server grade and can be more usefull for VM. "

Keep in mind that my personal experience with virtualization... I am talking about one server with two, maybe three, maybe four virtual machines on it.  And I don't think that  NUMA settings really make a huge difference for this size of deployments.  If you guys have tests and benchmarks on small servers,  by all means post them, but most of the NUMA articles I see are server farm discussions and I've not see benchmarks and tests for small servers. 

http://technet.microsoft.com/en-us/magazine/hh750394.aspx

http://blogs.technet.com/b/winserverperformance/archive/2009/12/10/numa-node-balancing.aspx

I think the better idea is to have a good enough machine that you aren't having to squeeze out that last bit of performance. 

For a SBS standard, you give it all cores that are exposed in the virtual interface.  For any other computer, I have personally found that when I put in a small virtual workstation, it worked better with two cpus than one.  Again, think about what cpu you'd be physically buying for the workload.  In the servers that I have running HyperV, the CPU load honestly isn't pulling that much.

I wouldn't recommend HyperV Server 2012 on a client machine.  It's a beta.  Play with it, learn about it, but it's still a work in progress at this time.

http://www.vadapt.com/2011/05/performance-recommendations-for-virtualizing-anything-with-vmware-vsphere-4/

And I'm not a fan of overcommitting ram or resources.  Again, these servers that I'm talking about are typically in a single firm, not in a server farm.  I think if you go down the path of squeezing every last performance out of a server, I think that's asking for trouble in small businesses.  You want room for growth and expansion.

So bottom line I let the box handle the NUMA settings and don't mess with tweaking. 

http://blogs.technet.com/b/windowsserver/archive/2012/04/05/windows-server-8-beta-hyper-v-amp-scale-up-virtual-machines-part-1.aspx

http://www.techrepublic.com/blog/five-apps/five-tips-for-optimizing-hyper-v/726

http://workinghardinit.wordpress.com/2011/08/08/virtualization-with-hyper-v-the-numa-tax-is-not-just-about-dynamic-memory/

Granted you have to understand my HyperV mindset.  In my HyperV world, it's the SBS that is the head cheese and everyone else is secondary.  If you have a SQL server that you want to tweak because there's some app that is written poorly and needs some TLC, well you might want to play around with those settings.

Bottom line I can't give best practices here because I personally haven't done enough testing to know what a best practice for SBS would be.

This one I think you'll have to do some tests yourself.

So how much RAM do you need?

When you are using the full GUI of 2008 r2 as the parent, reserve 1 gig for the needs of the OS.  Then carve out the ram for the rest.  SBS, Exchange and SQL will not do dynamic memory.  I've got a small biz mentality that isn't so sold on "over committing" memory anyway.. I think it's asking for trouble.

SBS 2011 standard - I'd say 16 gigs or more is where you want to have your mind at.  SBS 2011 essentials however, you can set that RAM much less.

And remember whatever the inside child is assigned as ram, that's what the outside partner will have in use. 

And how much ram should you have in the parent?  Remember that win2k8 r2 standard has a max of 32gig.  If you use the free non gui HyperV server you can bump up the ram.

Make sure you've installed all bios updates on the parent.  Dig into the network card and especially if it's a broadcom, get those latest nic drivers.

http://social.technet.microsoft.com/wiki/contents/articles/365.hyper-v-gotchas.aspx

Because SBS doesn't support nic teaming I tend not to do it.  Sometimes keeping it simple means you keep it simple.

So now that you've built the parent, have it in your mind that you got so much ram for each child, you've got a network connection set up on two nics, one is the main nic I'll call the "admin" nic.  This is the one you'll RDP into and use for maintenance.  Now set up at least another one that will be the nic that you bind the children to. 

This took a bit of mind wrapping... as you end up with something I'm going to call the outside nic and an inside nic.

First off on the parent all you install is the HyperV role.  That's it.  Nothing else.  And in fact on the free HyperV server, that's all you are allowed to do.  Same with the 1+1 role you get when you get a copy of Win2k8 r2 server and are allowed to lay down a parent HyperV.  You start the server, go to Server manager and add the HyperV role.

Now you launch the HyperV manager.  On the right hand side you click on Virtual Network manager and you build a network connector.  I normally call this External so I know that this connects to the outside. 

(this is my test HyperV box at the office).  The box that is checked that says "allow management operating system to share this network adapter" is checked that way due to the HyperV wizard - http://blogs.msdn.com/b/taylorb/archive/2009/01/12/hyper-v-v2-guest-only-external-networks-add-roles-wizard-changes.aspx

When it does that ..and this is the part you have to get your head around... that one physical nic turns into two nics and the bindings on each indicates which one has the bindings inside the virtual machine.

See how one has the virtual bindings and one does not?

You need to set up a virtual nic and bind it to a live nic in order to have external internet connectivity

For every physical nic you can bind connections to it.  In a small firm ..and especially in a test server you can actually have multiple machines share the same virtual nic.  In production you probably want to plan your nic bindings a bit more carefully and not so willy nilly.

Up next...we start to install the SBS Essentials.

Raid can be a bit of a religious argument.  Raid 5, Raid 10 ...what's your passion?  In my case I like Raid 10 because someone told me I should get Raid 10 for the type of data I have - SBS.  http://www.cyberciti.biz/tips/raid5-vs-raid-10-safety-performance.html   Others have actually done testing, me I just believe.

Now I don't set up the configuration so that the vhd's match the partitioning in the HyperV parent but some do. 

But the main thing is when you have a hyperV parent and are planning multiple virtual machines... you are putting your eggs in one basket in terms of hardware.  So select well so that it will keep chugging even if it drops a drive and what not.

Distribution and recipients list 100 email address limitation | Forums | Groups | Go Daddy Support:
http://support.godaddy.com/groups/community/forum/topic/distribution-and-recipients-list-100-email-address-limitation/?pc_split_value=1

In the native (not Exchange) hosted email of Godaddy you can only set up a Distribution list that contains a maximum of 100 members.

Wow..who knew.

I'm going to blog that answer over a series of blog posts.

Step one, get a nice server.  If you are going to do hyperV you want one that does raid.  I like a box that you can walk up to it, yank a drive out and the server keeps on chugging. 

I prefer HP myself. 

Next I haven't seen a server of that quality that didn't have a quad nic card.  While I'm of the opinion that separating the management nic from the "working" nic is probably not as big of a thing if you are only running one or two machines in HyperV, you'll have a quad card there anyway.

However you set up the server for the raid, you'll end up partitions in the virtual machine that may or may not match the physical disks on the actual server.  And that's actually okay. 

Next up installing the operating system...

Congrats to Jeremy Anderson named https://www.microsoftcommunitycontributor.com/logon.aspx Microsoft Community Contributor for his work in the forums.

Way to go Jeremy.  He'll be in New Orleans with the Third Tier preday event as well!! http://www.sbsmigration.com/pages/406/

Jeremy Anderson :: Third Tier:
http://www.thirdtier.net/who/jeremy-anderson/

Cloud Computing Security Benefits Dispel Adoption Barrier for Small to Midsize Businesses:
http://www.microsoft.com/en-us/news/Press/2012/May12/05-14SMBSecuritySurveyPR.aspx

Now before you read the report... read the fine print of how many people they surveyed...and how people self selected themselves for this...

Note: With pure probability samples of 94 (U.S. cloud) and 93 (U.S. noncloud), one could say with a 95
percent probability that the overall results for U.S. cloud users and nonusers would have a sampling error
of +/- 10.1 and 10.2 percentage points, respectively. Besides sampling error, all sample studies and polls
may be subject to several additional sources of error that cannot be calculated, including, but not limited
to, coverage error, error associated with nonresponse, error associated with question wording and
response options, and post-study weighting and adjustments. It should be noted that the sample used in
this study is based on those who initially self-selected for participation, therefore no complete estimate of
sampling error can be calculated.

I'm getting increasingly concerned in regards to the level and quality of Microsoft support.  I have personally set up support cases for folks on this thread - http://answers.microsoft.com/en-us/windows/forum/windows_xp-windows_update/kb2686509-repeatedly-fails-with-error-code/0deeacb6-115c-419d-ac37-03ff8927b79c  and have had folks email me saying that they contacted Microsoft.

The guy who contacted Microsoft directly at 1-800-microsoft was sent off to consumer support where the technician used logmein.  Since when does Microsoft support use logmein?  He wrote...

 I've seen your messages on the Microsoft Answers group regarding this update and the fact that many people, myself included, are having difficulties installing it.  I decided to contact Microsoft for assistance.  I spoke with a very patient gentleman who, to his credit, worked on the problem for nearly four hours.  He had me download a logmein client and was able to take control of my computer.  However, after several failed attempts he tried to convince me that this update was likely not compatible with my computer.  I asked him how he knew this and he gave me very generic answers about how certain updates are compatible depending on usage.  I kept asking him to elaborate and I think that his point was that certain updates are compatible with certain programs but I found his answers vague and extremely generic, not to mention unhelpful.  If it can be explained to me that this update is not necessary or applicable then I will accept this and won't worry about it.  I told him that I was not satisfied with the resolution of the call and that I wished to speak with another technician.  He said that someone would call me in an hour or two.  I know that others on the forum have had success in installing this update when doing some registry hacks.  I don't mind doing it but I'd like guidance while I do it.  I consider myself an intermediate user and I'm not afraid to try anything that might fix this.  Is there anything you can advise me when/if this person should call back as far as what I can suggest or how to direct the technician?

This patch is applicable to all Windows XP machines.   It is applicable to all Windows XP machines.
Next I set up several support cases and the "scope" email that was setup for two of the cases said this...

Issue Definition: Unable to install the specific update KB2686509Scope Agreement: We will work together to help you install the KB2686509 through the course of this case. Once we are able to install the update we will consider the ticket as resolved. AlsoYou receive this message if any registered keyboard layout files are not in the %Windir%\System32 folder. In this scenario, the computer is incompatible with the security updates. If that is the scenario then there is nothing much we can do because the hardware is not compatible with the update.

Nothing much we can do?  Excuse me?
Genius bar this isn't for sure....

For anyone that knows I still have an Acer Travelmate C110 you'll be pleased to know it can handle a SSD drive.

What it can't handle is Windows 8.  Barfs.  Completely.  So I think I've hit the wall with it on Windows 7.

But at least it's a little more speedy now.  Still is a nice size for travel.

How satisfied are you with the quality of SBS 2011 Standard?
How satisfied are you with the quality of SBS 2011 Essentials?

I'm just interested to see the feedback.  Unscientific survey and all that.

Released: Update Rollup 7 for Exchange 2007 Service Pack 3 - Exchange Team Blog - Site Home - TechNet Blogs:
http://blogs.technet.com/b/exchange/archive/2012/04/16/released-update-rollup-7-for-exchange-2007-service-pack-3.aspx
Support lifecycle statement: This is the final release under standard support for Exchange 2007, as the Exchange 2007 Mainstream Support has now ended. Extended Support for Exchange 2007 SP3 will end on 4/11/2017.

....I always use Exchange as the guideline for support for SBS.  That means SBS 2008 is supported until 4/11/2017 too.

Lots of stuff are left behind in log files.

Spotted this in the partner forum tonight:

If you are using Office 365 for Small Businesses, we need to trouble-shoot the issue at the client side. I’d like to check the desktop setup logs to see if the pc has been setup correctly. The Office 365 Desktop Setup log files can be found in the following locations:

1. On a computer that is running Windows 7 or Windows Vista, the log file can be found in one of the following locations:

1. C:\Users\<var><User_Name></var>\AppData\Local\Microsoft\Office365\DesktopSetup
2. %LOCALAPPDATA%\Microsoft\Office365\DesktopSetup

2. On a computer that is running Windows XP, the log file can be found in one of the following locations:

1. C:\Documents and Settings\<User_Name>\Local Settings\Application Data\Microsoft\Office365\DesktopSetup
2. %USERPROFILE%\Local Settings\Application Data\Microsoft\Office365\DesktopSetup

Microsoft’s Lady Licensing Details How System Center 2012 Licensing Makes Cloud Management Easier - Volume Licensing - Site Home - TechNet Blogs:
http://blogs.technet.com/b/volume-licensing/archive/2012/05/04/microsoft-s-lady-licensing-details-how-system-center-2012-licensing-makes-cloud-management-easier.aspx
Follow up from DFW IT PRO Meeting - Yuri Diogenes's Blog - Site Home - TechNet Blogs:
http://blogs.technet.com/b/yuridiogenes/archive/2012/05/04/follow-up-from-dfw-it-pro-meeting.aspx

Lately I"ve been struggling with Microsoft's big push for Private cloud because I don't see that it's small business-able at all.  To me private cloud is a private, colo deployment of servers.  Like how this web site runs on a server in Dallas Texas and it's not a shared tenant site with anyone else. 

When Microsoft talks about private clouds, they are not talking something sold to small businesses.  Even the licensing of system center isn't small business friendly.

What small businesses are doing right now are sharing clouds, and hopefully with nice neighbors.

http://msmvps.com/blogs/bradley/archive/2012/05/03/windows-could-not-start-because-of-a-computer-disk-hardware-configuration-problem.aspx

As someone tweeted the only problem with the blog post is that it's a Windows XP. 

A Windows 7 recovery doesn't need all that.  You put in the usb flash drive, boot, it finds your Storage Server on the network, you enter your server password, and tell it to restore the computer.

Once it completes, it reboots.  The computer than reacts to the new harddrive, demands a second reboot and voila.  It's restored.

You may have to flip it to a workgroup and then flip it back to a domain if the security between the server and the workstation has broken due to the restore, but again, both of these are non issues.

For all that we are "in the cloud" we still have some workstations that it's key to keep those people happy with their icons and applications just so.

And like any small business, I still have Windows XP in the office.

Twice when I've restored a backup of a Dell XP via Windows Storage Server 2008 r2 Essentials (aka backup box by Gramps -- www.smallbizserver.com sells them) I've hit an issue where I had to follow this KB right afterwards:  http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;314477

Hard drive died.  I replaced the harddrive and then booted with the Storage server usb boot device, pointed the computer to the backup server and restored the image to the clean hard drive.  When it rebooted I got this screen:

Ugh.  But don't fear the OS is still there, just needs a little coaxing back into proper booting condition.

Once you know the trick it's not hard at all.

Method 2

Use the Bootcfg utility in the Recovery Console to correct the Boot.ini file:

1. Use the Windows XP CD-ROM to start your computer.
2. When you receive the message to press R to repair Windows by using the Recovery Console, press the R key.
3. Select the Windows installation that you want, and then type the administrator password when prompted.
4. Type bootcfg /rebuild, and then press ENTER.
5. When the Windows installation is located, the following instructions are displayed:
   Add installation to boot list? (Yes/No/All)
   [Type Y in response to this message.]
   
   Enter Load Identifier:
   [This is the name of the operating system. Type Windows XP Professional or Windows XP Home Edition.]
   
   Enter OS Load options:
   [Leave this field blank, and then press ENTER].
   After you perform the preceding steps, restart the computer, and then select the first item on the boot menu. This should allow Windows XP to start normally.
   
   After Windows XP has successfully loaded, the Boot.ini can be modified to remove the incorrect entry.

Hopefully you remember the local Administrator password or it's a blank.  If not you can reset it to blank with the NTbootdisk -- http://pogostick.net/~pnh/ntpasswd/

Once you reboot it remember you have to go into the boot.ini and fix the two loading instructions and remove one.

You can get here by going into the control panel, system, startup and edit the boot.ini

Remove the bottom line, and reboot.

...and there it is a fully restored to it's exact condition but with a new hard drive.

All backed up and brought to you by Backup Box by Gramps - who sells Windows Storage Server 2008 R2 Essentials servers that can join a domain and backup workstations - more info at www.smallbizserver.com

Some additional information, a Q&A, on the Microsoft Partner Network Small Business Competency - Microsoft SMS&P Partner Community Blog - By Eric Ligman - Site Home - MSDN Blogs:
http://blogs.msdn.com/b/mssmallbiz/archive/2012/05/02/some-additional-information-a-q-amp-a-on-the-microsoft-partner-network-small-business-competency.aspx

Question: Right now you have the Microsoft Small Business Specialist Community (SBSC). What does the Small Business competency mean for SBSC now and moving forward?

• Answer: The current Small Business Specialist Community (SBSC) program will continue to exist and support SBSC partners for a 12 month grace period after the Small Business competency launch. During this grace period, both the Small Business Specialist Community (SBSC) and the Small Business competency will reside side-by-side, and SBSC partners will continue to benefit from the SBSC program and branding. After the grace period, the Small Business Specialist Community will transform into a Microsoft Partner Network partner-to-partner community. There will be no requirements to join the community and the current SBSC benefits will go away as well. In other words, the Small Business competency will be the Microsoft Partner Network offering for Small Business starting 12 months after its launch.

Read the whole post but there's the gist.

After a year the SBSC is dead.

Microsoft you are insane.  You just killed off the small business partner community.  The only firms I see wanting a Small Business competency are Geek Squad.  Even the medium sized firm folks will go after the more sexy compentencies.