THE OFFICIAL BLOG OF THE SBS "DIVA"

iPhone iOS4 Devices Required to Install iOS 4.0.1 - Microsoft Online Services Team Blog - Site Home - TechNet Blogs:
http://blogs.technet.com/b/msonline/archive/2010/07/23/iphone-ios4-devices-required-to-install-ios-4-0-1.aspx

There's one thing I hate about iPhones... no not what you think.. it's updating them.  They take forrrever to update.  About 30 minutes to download, backup, install, reboot yadda yadda.

It's worse than patching a SBS box I tell ya.

So I got asked about how to set up an iPhone to an ActiveSync Exchange on SBS 2003.  We're not talking imap but 443 to Active sync.

Author of the SBS 2008 administrator companion book Charlie Russel gives us the quick step by step:

So, settings are as follows:

1.) Email: whomever@wherever.com
2.) Server: www.wherever.com   <- or whatever the front page of your
exchange account is. (see * below for comments)
3.) DOMAIN: WHEREVER  <- NetBIOS name of domain
4.) Username: whomever <- Your logon account name
5.) Password: whatever you use to log on to the domain
6.) Description: Your Exchange Mailbox Name!!!! <- See ** below
7.) Use SSL: on

* To log on to OWA, I use https://www.domain.com/exchange. Therefore,
my server name in the Server: field is: www.domain.com. 

** Description: This is the gotcha. You need to use your Exchange
Mailbox name here. For me, that's Charlie Russel. Not Charlie. You can
get this from Outlook, looking at "Mailbox - MailboxName" at the top the
left hand tree view pane. 

It should 'just work'.  If it doesn't try out the Exchange connectivity analyzer. 

http://www.testexchangeconnectivity.com/

And check out this troubleshooting thread from the Partner managed newsgroups:

Hello Partner,

Thank you for posting here! My name is Dorothy. We will work together on
this issue.

From your post, I understand that some issues are encountered when trying
to use ActiveSync to synchronize to the Exchange server on the iPhone; and
the Event ID 3005 and 1503 were found in the application log. If there has
been any misunderstanding, please let me know.

According to my experience, the issue can be caused by one of the following
factors.

1. The Virtual Directories which is require for ActiveSync is corrupted.
2. The folders related Virtual Directories have insufficient permission or
the Virtual Directory settings are improper. 
3. The mailbox for the specific user is corrupted.
4. The settings on the iPhone set improperly.

At this point, I will first assist in narrowing down the root cause of this
issue. If it is caused by the improper setting on the iPhone, it is
recommend contacting Apple for more detailed information. Please understand
that as we are not familiar with iPhone, you really need someone of expert
at it to help with this issue.

First, please refer to the following article to check if the SBS 2003
server has deployed properly for ActiveSync setting.

Deploying Windows Mobile 5.0 with Windows Small Business Server 2003
http://technet.microsoft.com/en-us/library/cc747512.aspx

After that, please refer to the following steps to check the settings on
the Exchange server

Check Default Web site setting
=======================
1. Open Internet Information Services (IIS) Manager, expand server.
2. Right click on the Default Web site, click properties. 
3. Check Enable HTTP Keep -Alives

Check ActiveSync Virtual Directory setting
============================
1.  Click Start, point to Administrative Tools, and then click Internet
Information Services (IIS) Manager.
2.  Expand Web Sites, and then expand Default Web Site.
3.  Right-click Microsoft-Server-ActiveSync, and then click Properties.
4.  Click the Directory Security tab, and then click Edit under
Authentication and access control.

5.  Make sure that the Basic Authentication check box is checked.
6.  Click to unselect the Enable anonymous access check box if it is
already selected; click to unselect the Integrated Windows authentication
check box if it is already selected.
7.  Click OK twice.

If the above setting is correctly, please provide me with the following
information so that we can narrow down the root cause of the issue:

1. Do all users who use ActiveSync encounter this issue?

2. What Support Code is received when the mobile device fail to connect to
the Exchange Server?

3. If the affected users configure ActiveSync on a Windows Mobile device,
will the same issue occur?

So for the past week I've been unable to update my Mac to 10.5.6 version.  I guess I should look at the bright side that it doesn't tell me to contact my System administrator (ME) to fix it and I wouldn't have a clue.

http://www.pcmag.com/article2/0,2817,2337151,00.asp

PCMag and the Apple discussion boards are a bit messy and looks like maybe this is one update to be glad that it's not working

Apple - Support - Discussions - Installation and Setup:
http://discussions.apple.com/forum.jspa?forumID=1219&start=45

However based on this looks like a reinstall of the OS is in my future.  Ugh.

Apple - Support - Discussions - 10.5.6 unknown installer error ...:
http://discussions.apple.com/thread.jspa?messageID=8644170&#8644170

http://msmvps.com/blogs/bradley/archive/2007/10/14/to-get-an-iphone-to-connect-to-a-sbs-box.aspx

With the activesync technology in the iPhone, that entire blog post is obsolete. 

SBS 2008 it should just automagically work .. with the exception if you have a self signed cert there's a click in there to say "just accept the cert" or something like that.

SBS 2003 you'll need to put the server name in.

How To Set Up iPhone Exchange ActiveSync - Stephen Foskett, Pack Rat:
http://blog.fosketts.net/2008/07/10/how-to-set-up-iphone-exchange-activesync/

Walkthrough: Exchange ActiveSync On Your iPhone 2.0 | The iPhone Blog:
http://www.theiphoneblog.com/2008/07/13/walkthrough-exchange-activesync-on-your-iphone-20/

But the days of hacking into imap are over.

http://money.cnn.com/2008/05/29/smallbusiness/macs_small_biz.fsb/

I remember reading in a Mac online journal about this firm that went to Mac's after their 25 person firm got a proposal for $100,000 to roll out a Windows network.

 When I read it the last time the ONLY thing that $100,000 price tag could be would be a fully licensed external MOSS/SharePoint portal with unlimited SQL per processor and Cals up the wazoo.

The conclusion we came to at the time was that someone hadn't a clue and that they should have been quoted a SBS 2003 + an external SharePoint hosted collaboration environment.  Heck even if they'd gone a "normal" Windows server setup, there's no way a 25 person firm could get a bid that high.

http://msmvps.com/blogs/bradley/archive/2008/04/10/why-would-a-small-business-not-use-leopard-server.aspx

Ah yes, there's my "there's no way it would cost $100,000" post from before.

I would love it if this firm posted the actually bid they got.  I'll bet there's a fully publicly exposed MOSS/SharePoint 2007/SQL server licensed up the wazoo in there.

About the Mac OS X 10.5.3 Update:
http://support.apple.com/kb/HT1141

• Improves Safari reliability when connecting to the Internet through a Microsoft ISA proxy.
• Improves Active Directory binding and login.
• Eliminates a delay when logging in as an Active Directory user in a .local domain.

http://feeds.feedburner.com/~r/MicrosoftDownloadCenter/~3/267995267/details.aspx

Connect Across Platforms with Remote Desktop Connection | Mactopia:
http://www.microsoft.com/mac/products/remote-desktop/default.mspx

http://bmighty.com/hardware_software/showArticle.jhtml?articleID=206902503&pgno=1

I see a fair amount of articles targeted to small businesses that have to do with this "myth" of no techs support needed for Macintosh.  Apparently small business people hate Tech support so much that they want to get rid of it?  Or perhaps, and more likely, that they aren't getting the right support they need?  Maybe it's because they aren't getting proper training on the technology they have that they think there's greener pastures somewhere else.

From needing to outfit an office with minimal IT assistance to realizing that your network problems aren't inevitable to just wanting a nicer décor, there are lots of reasons to Go Mac. But now you need to know how to get your Mac office up and running. We've filtered through Apple's, and other Mac vendors', products to take you on a visual tour of your future infrastructure.

Only on slide 12 does the reality of running a small business on an alternative platform is hinted at.. http://bmighty.com/hardware_software/showArticle.jhtml?articleID=206902503&pgno=12  I'm not talking about "legacy applications you don't want to replace", how about we talk about applications we can't find a Macintosh equivalent?  When you start to investigate alternative platforms, solutions, systems, you need to do a "Y2k" analysis.  What exactly is it that you depend on that if you couldn't find an EXACT replacement on the alternative platform you are using that you could not function.  Most small businesses I come across do not build databases, we buy programs. 

Even cloud based databases have operating system requirements.

Technology is an investement.  And hardware is many times the less costly piece of the puzzle.  Go into a migration project with your eyes wide open.  It's never as easy as the salesmen, or the Tech journals say it is.  Do your homework and then make the investments.

http://www.apple.com/iphone/enterprise/  

Enterprise features in iPhone 2.0 software beta.

Upcoming iPhone support for Microsoft Exchange ActiveSync and industry-standard corporate security standards will allow IT professionals to seamlessly integrate iPhone into their enterprise environments.

Eriq Neale (The SBS/Mac guru at www.msmvps.com/blogs/onq reports that there's an Exchange/Iphone beta soon)

My MacMini got stuck rebooting just like Yoda did this month (must be a month for stuck reboots).  But if you are managing Macs, just a FYI regarding some issues being seen.

Somehow I broke the automatic updating in the MacMini.  Now some would argue that breaking auto updates in general might be a wise thing, but it was working before and now it not automatically checking for updates anymore.

http://www.apple.com/search/support/?q=auto+update  hmmm wonder where the appleupdate.log file is and if they have MVPs that specialize in updating issues :-)

Update:  Currently Mac and Vista are running neck and neck in the contest for "heck if I know how to fix it when updates hork up"

Apple - Support - Discussions - Leopard software update not working? ...:
http://discussions.apple.com/thread.jspa?messageID=6283086&#6283086

Apple - Support - Discussions - Software Update not working ...:
http://discussions.apple.com/thread.jspa?messageID=5972188&#5972188

Okay so Quickbooks is doing their part to encourage trust in the update/patching process.  Which reminds me I need to see what's up with the logmein on the Mac.. after it updated the other day I can't get into the Mac remotely.

....and one wonders why we hate updates?

Is anyone else getting a prompt to install logmein on their mac over and over and over again?

https://secure.logmein.com/products/free/

http://www.sierrawireless.com/product/product_policy/mac_os_x.aspx

So in talking to a fellow traveler who was askng me about my aircard and how well it connects.  And as you can see from this blog post, it connects to the web just fine.

And he has a Mac so the thing we had to check to see if the aircards are supported on the Mac platfom.  That's probably my biggest take away of seeing the Mac marketplace is that the options are limited.  In some cases like in terms of Quickbooks for Mac, the one version that they offer is it.  It's like the Model T era, you get the "black' model and that's your choice.  This can be good ...and bad..... good from the standpoint that the vendor has less to test...bad from the standpoint that you have less options. 

(and yes we already chatted about Leopard and Boot Camp, Parallels and Vmware's Fusion ;-)

For those with Leopard's on Windows networks...this is a must have patch

http://docs.info.apple.com/article.html?artnum=307004
http://docs.info.apple.com/article.html?artnum=306907

   * Addresses an issue in which Microsoft Windows shared folders may
     be read-only when connected via SMB.

And there's that "it's not the same thing as Vista's UAC" that one has to enter the password to authorize the install.

But the firewall stuff that they are patching is an interesting read....

heise Security:
http://www.heise-security.co.uk/articles/98120

http://www.engadget.com/2007/10/30/mini-how-to-remove-the-windows-bsod-icon-in-leopard-make-os-x-a-little-less-smug

When I first read this .. I went.. no way... they didn't do that did they? And I had to fire up the OS and drill around and check...

All the operational computers in my network look like this...

Now mind you .. BSOD's happen so infrequently that when they do it's such a rare treat to dig up Peter Gallagher's blog post so I can figure out what third party driver was the culpret...

http://blogs.technet.com/petergal/archive/2006/03/23/422993.aspx

I did have one last week but that was a known self induced event anyway due to not following my own cardinal rule of using a driver from Microsoft Update.

But you know... Apple needs to get on board with Interoperbility.  Having Macs and Windows side by side working happily is what he's all about and embracing technology to just work better together is what everyone in this industry should strive for. 

That icon is indeed a bit lame in a shipping product.

http://www.microsoft-watch.com/content/security/security_what_microsoft_can_teach_apple.html
http://www.microsoft-watch.com/content/operating_systems/why_leopard_isnt_better_than_vista.html
http://www.microsoft-watch.com/content/operating_systems/why_leopard_is_better_than_vista.html

Three interesting threads.

I personally didn't notice surfing delays on the Leopard so I can't confirm that I've seen that issue here in the office, but there are some default settings in Leopard that definitely make me poke under the hood a lot more.

"Allow all incoming connections" was the default setup.  It would be nicer if stealth/set access was the default.

Another ..hmmm... long term is that wise?  Guest is enabled...

Leading to tell tale signs of it hitting network resources until I provided authentication.  Another ...hmmmm ... will have to understand that more....

A good moment?  Where Safari in one click will allow you to go into private browsing mode.  Nice touch.

The hmmmm .... moment was the web page before where Safari autofilled my contact in and I didn't realize that it was going to keep the MacMini registration as auto fill info as the auto fill info.

It just points to recent posts where privacy and security is different for different generations.

Updated info on connecting a Mac to a SBS is here:

Connecting a Macintosh to an SBS 2003 Server via SMB (2007):
http://www.smallbizserver.net/Articles/tabid/266/articleType/ArticleView/articleId/233/Default.aspx

Author: Eriq Neale

http://docs.info.apple.com/article.html?artnum=306804

http://docs.info.apple.com/article.html?artnum=306490

Okay ..take this as a patchers rant tonight.  I understand that software has to get shipped but at what point in time did it become acceptable to release something that on the third day it's in public release I'm already getting patches for this Operating system?

The first byproduct of the upgrade is that RealVNC 4 won't work and I had to load up logmeinfree (that has a beta version that runs on Mac) to remote into the system.

https://secure.logmein.com/products/mac/

But did you have to take a page out of the Microsoft playbook and patch the OS the first thing?  Can't you at least wait a week or something?  Lull me into a false sense of security or something?

P.S. after reboot and changing RealVNC to full color the RealVNC works.

http://www.engadget.com/2007/10/27/leopard-vs-vista-feature-chart-showdown/

I think the funnist thing on that chart is how Home Server wins out over Apple's network storage in that chart.

I actually took my MacMini back out of my Active Directory at my office and made it more like a XP Home or Vista Home works... with pass through authentication because it was annoying me too much to have it in AD control places in the network still messing up my R2 WSUS console no matter what I tried.  So rather than have it in my Active Directory I took it back out so I don't have to build group policy to try to exclude it.  Vlad is challenging me to try out Linux as he considers Mac a bit of a "sell out" platform, but the reality of the platform choice is still this.  It's a platform.  A base.  And you still need to determine what applications are driving your needs.  That's the deciding factor for any platform along with a good dose of having tools and knowledge to serve your needs.

And quite frankly.. I'm/we're still a Windows apps driven firm with not enough apps "in the cloud" .. at least not for the foreseeable future anyway.

Now to get this out of my daily email.....

But it does point out the fact that all my normal patch managment tools that I'm used to are no longer of help to me on the Mac platform.  Shavlik can't patch it, nor can WSUS, and the Secunia inspector that looks for third party software vulnerabilities doesn't run on it.

I hear you saying "But Susan, it doesn't get viruses."  No, it's not that it doesn't get virsues or doesn't have vulnerabilities, it's not targeted at this time for viruses and vulnerabilities given the fact that the marketplace of the bad guys go after the 90% marketplace.  It still has a browser.  It still has a stupid user that can be tricked by social engineering.  It still is running as an administrator with admin approval because even though the Apple documentation says to build a standard user account, I've been too lazy to figure out how to do that.  Dan Geer once argued that monoculture is a bad thing.  That the key was to watch nature and have genetic diversity.  But at the same time, one cannot put a blind eye to the fact that diversity also means complexity.  I've lost my control, my management because I don't have the bandwidth (nor in some cases the budget) to have the tools needed to control.  For one machine do I need it?   Arguably not.  But one needs to be aware that diversity has a price tag as well.

Branching out and supporting new things has a learning curve.  Be prepared to crack open a book and not just expect the answers to be googlable.