Blocking MSN Messenger from ISA 2000 Server – Part II

Continuing from my previous post, I found another easy-cheeky way to block MSN Messenger from ISA 2000 Server in Cached Mode or Integrated Mode. All you have to do is create a Site and Content Rule to block the *.msgr.hotmail.com destination set.


Procedure


1. Create a new destination set for “*.msgr.hotmail.com“. To create a destination set, follow the procedure;


To create a destination set - 


  • Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management
  • In the console tree of ISA Management, right-click Destination Sets, point to New, and then click Set.
    • For array policy destination sets, where?
      Internet Security and Acceleration Server > Servers and Arrays > Name  > Policy Elements > Destination Sets
    • For enterprise policy destination sets, where?
      Internet Security and Acceleration Server > Enterprise > Policy Elements > Destination Sets.
  • In Name, type a name for the destination set such as “Block MSN”. 
  • (Optional) In Description, type a description for the destination set. 
  • Click Add and Click Destination and type “*.msgr.hotmail.com“.

2. Create a Site and content rule using the “Block MSN” destination set to deny “*.msgr.hotmail.com“. 


To create a site and content rule -  


  • In the console tree of ISA Management, right-click Site and Content Rules, point to New, and then click Rule.
    • For array policy, where?
      Internet Security and Acceleration Server > Servers and Arrays > Name  > Access Policy > Site and Content Rules
    • For enterprise policy, where?
      Internet Security and Acceleration Server > Enterprise > Policies > Enterprise Policy  > Site and Content Rules
  • Type the name of the rule “Block MSN Messenger”
  • Click the deny radio button and then click next.
  • Click the Deny access based on destination radio button then click next.
  • Select Specified destination set.
  • Now select “Block MSN” destination set that is created earlier.
  • Click Next and Finish.

You have successfully created “Block MSN Messenger” site and content rule using “Block MSN” destination set that will deny access to “*.msgr.hotmail.com“. Restart ‘Microsoft ISA Server Control’ service to test and let me know if that works or if that doesn’t.

Blocking MSN Messenger from ISA 2000 Server – Part I

Yesterday I was trying to block MSN Messenger from ISA 2000 Server in Cached mode.  I have done that before on ISA 2000 Server in Integrated mode using MSNIM.vbs script available from ISA Server Tools Repository – http://isatools.org/ (Thanks Jim for excellent tools site).


When I ran the script, it gives the following message;


Creating (or updating) the FW App Settings
Creating (or updating) the protocol definition
Creating (or updating) the protocol rule
Error 0x80040361; At least one protocol must be specified. – while trying to set ISA up for MSN Messenger


I quickly wrote to ISA Server guru Jim Harrison and he replied – “ISA 2000 can’t block MSN Messenger using MSNIM.vbs script in cache mode”.


In Part -II we will see a cheeky method to block MSN Messenger from ISA 2000 Server.


MORE INFORMATION


Instant Messaging with ISA Server
http://www.microsoft.com/technet/prodtechnol/isa/2000/maintain/isaimsec.mspx


Common Application Signatures
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/commonapplicationsignatures.mspx


ISA Server Tools Repository
http://isatools.org/


Microsoft ISA Server Firewall and Cache resource site
http://www.isaserver.org/


Scripts for ISA Server
http://www.isascripts.org/


Dr. Tom Shinder’s ISA Firewall Space
http://spaces.msn.com/drisa/


ISA Server Blogs
http://www.microsoft.com/isaserver/community/default.mspx


ISA Server Community (MVP’s)

Double clicking a folder opens Search Companion

One of the forum members on http://groups.msn.com/NTarabia posted a problem on NTarabia with a strange issue and I thought to share that here.


Question: “When I double click any folder instead of opening the folder its going for the Search Option”


Answer:


You have the following options;

1. Run this command from command prompt
regsvr32 /i shell32.dll and do a Reboot. This should fix the search companion.

2. The other option is – Click Start, Run and enter REGEDIT and Navigate to:

HKEY_CLASSES_ROOT\Directory\Shell
Set the Default value to “none” without the quotes. To do this, double click where it says Default. If you want to do this automatically, then take a look at my script as attached on http://www.msnusers.com/NTarabia/Documents/PPT%20Slides%2FFIX%5FSearchCompanion%20%28zipped%29%20Folder.zip

Files: Fix_SearchCompanion_DIR.reg & Fix_SearchCompanion_DRIVE.reg. Run the files from the command prompt and restart your machine.

3. Also, take a look at a detailed solution offered by one of the MVP’s on http://windowsxp.mvps.org/searchwindow.htm

4. Last but not least, I also found an article on Microsoft;
Search Companion Starts If You Double-Click a Folder
http://support.microsoft.com/?kbid=321186

CRM 1.2 Crystal Reports moved on to SQL Reporting Services (SRS) in CRM 3.0

In CRM 3.0 Crystal Reports moved on to SQL Reporting Services (SRS) and after the CRM 1.2 migration, you will not be to access the reports that were created /developed / customized in version 1.2.

To confirm the same, I quickly wrote to some of the Microsoft Dynamics CRM MVP’s and they quickly responded (Kudos).

Anne Stanton: It is correct that Microsoft dropped Crystal and that you can’t “migrate” the reports to SRS. Needless to say one of the huge disadvantages of customizations (the environment always changes). On the other hand there is built into 3.0 the ability to get access to your reports for manual conversion.

Matthew Wittemann: The bad news is that Crystal Reports are no longer supported in version 3.0. CRM 1.2 included a built-in license for Crystal Enterprise, which allowed the CRM system to serve up Crystal reports to licensed CRM users. Since CRM 3.0 now uses SQL Reporting Services, Microsoft did not include any license for Crystal. In order to continue providing access to Crystal reports to the end users, you would need to purchase a license of Crystal Enterprise Server. The other option is to re-create your custom reports in SQL-RS. There are also services on the internet that will convert your Crystal report to a SQL report for a small charge. (You can google “Convert Crystal Reports To SQL”). If you have a copy of the Crystal Report designer, you can continue creating reports against CRM databases and saving them as PDFs for manual distribution, though this is obviously not ideal.

Larry Lentz: To the best of my knowledge they do not migrate to CRM 3.0.

Andreas Donaubauer: You will have no possibility with an update from Crystal Reports (CRM 1.2) to SQL Reportingservices (CRM 3.0). Only one way – make again under SQL Reportingservice.

Jürgen Beck: There is not really an upgrade way from old CRM 1.2 reports (Crystal reports) to the new CRM 3.0 SSRS-reports. The easiest way is to forget the old reports and created new one with SRS.

Mike Snyder: Unfortunately there isn’t a great Crystal Report migration story regarding Microsoft CRM 1.2 customers upgrading to Microsoft CRM 3.0. Customers will need to recreate their reports for SQL Reporting Services, or use run their old Crystal Reports using a Crystal Reporting Server. Customers can, of course, access these Crystal Reports through the Microsoft CRM 3.0 User Interface by uploading the report as a “link to Web page” instead of a file. Simply specify the URL of the Crystal Reporting server and customers can run the reports from within Microsoft CRM.

That was good enough and I gave up the option to convert though I found some hints who do convert Crystal Reports to SQL. http://www.rpttosql.com/index.html & http://www.ktlsolutions.com/t-crystalconverter.aspx

Deploying Internet Explorer 6.0 using WSUS

I have seen folks in the newsgroup seeking assistance in deploying Internet Explorer 6.0 using WSUS. As a matter of fact, WSUS only supports security updates aka patches and hotfixes to a particular application (categories) or Operating System and it does not support Application / OS upgrades.


Microsoft has another product called SMS to do such tasks.


UPDATED (April 26, 2006):


Bobbie has posted an update on microsoft.public.windows.server.update_services


Bobbie Harder (MSFT):


I should mention folks on the question of upgrading IE via WSUS – we do have future expectations of being able to support this in future versions of IE. No precise timelines known now but it is under heavy consideration and a key ask from many of our customers.


MORE INFORMATION


How to deploy Internet Explorer without local administrator logon
http://support.microsoft.com/?kbid=296702


Internet Explorer Administration Kit Home Page http://www.microsoft.com/technet/prodtechnol/ie/ieak/default.mspx


IE Blog
http://blogs.msdn.com/ie/


HOW TO: Deploy and Manage Internet Explorer 6 Service Pack 1 on Windows 2000-Based Computers
http://support.microsoft.com/kb/814567/en-us


What can you expect in WSUS 3.0?
http://msmvps.com/blogs/athif/archive/2006/04/12/What_can_you_expect_in_WSUS_3_0.aspx

Step-by-Step Microsoft CRM 1.2 Migration to CRM 3.0 Part – IV

ISSUE# 3


So, now you have restored the database, corrected the mappings in Deployment.xml and we are ready to install CRM 3.0. Before you actually install CRM 3.0, run Microsoft CRM 3.0 Upgrade Advisor Wizard (CrmUpgradeAdvisor.exe). Advisor Wizard is a diagnostic tool that you can use to determine if your Microsoft CRM 1.2 installation can be upgraded to Microsoft CRM 3.0 and also make sure you have the licensing information. 


You might see some Errors in the Upgrade Advisor report as shown and update the SQL SP3 to SP4;

- <Errors>
+ <Error CheckId=”E195606F-7BE7-49dc-9BFB-ADC4F144C79D CheckType=”Microsoft.Crm.Setup.Server.SqlServerValidator GroupId=”Sql Description=”Version message=”Minimum required version is SQL 2000 SP4 (8.0.2026).>
  <MoreInformation />
  <HelpLink>SqlServerValidator.Version.htm</HelpLink>
  </Error>
+ <Error CheckId=”D6E8BA5F-B1E9-40ba-B36C-E06F837FDA92 CheckType=”Microsoft.Crm.Setup.Server.SqlServerValidator GroupId=”Metadata Description=”Version message=”Minimum required version is SQL 2000 SP4 (8.0.2026).>
  <MoreInformation />
  <HelpLink>SqlServerValidator.Version.htm</HelpLink>
  </Error>
  </Errors>

The most important thing is to make sure the Windows and SQL Service Pack and HOT FIX level of the production server is similar to that of the test server.


If the versions do not match then an error may occur when you reinstall Microsoft CRM to a new server, “Setup was unable to register the security service.” If you click Ignore to continue the install process you will receive the error, “Error 1053: The service did not respond to the start or control request in a timely fashion.” when trying to start the Microsoft CRM Security Service after a reboot.


This is due to a mis-match in the Service Pack level on the test server as compared to the actual database version which means the Microsoft SQL server specified in the MSCRM registry key is  not equal to Microsoft SQL server that holds the CRM databases. You will find a list of hotfixes installed in the following location: C:\Program Files\Microsoft CRM\Hotfix Keyfiles\Server and all you have to do is to install those hotfixes on the test server. But in case you do not have all those fixes then, there is a cheeky workaround which I found in the NG as follows;


To resolve this, you have to compare the database version with MSCRM registry key with the production server and you will need to modify the registry so that MSCRM database version and registry version match.

1. On the CRM SQL server open SQL Enterprise Manager by clicking Start, click Programs, Click Microsoft SQL Server and then finally click Enterprise manager.

2. Within SQL Enterprise Manager click the + sign to the left of the Databases folder and then click the + to the left of the Your_Organization_Name_MSCRM database.

3. Click on the Tables object beneath the Your_Organization_Name_MSCRM database and then right-click on the table BuildVersion in the right window. Select Open Table and then click Return all rows.

4. Within the BuildVersion table note the values for BuildNumber, MajorVersion, MinorVersion, and Revision. You will need these values later when verify them against the registry.

5. Now go to the Microsoft CRM Server and click Start, click Run, type regedit and click OK.

6. Locate the following subkey:

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM

7. Within the MSCRM subkey find the Database Version registry value, right-click on it and select Modify.

8. The Database Version registry value will look something like the below value:

        1.2.3297.0

9. Modify this value to reflect BuildNumber, MajorVersion, MinorVersion, and Revision values that you had noted from the BuildVersion table in step 4.

        a. The MajorVersion will reflect the first number in the above example.
        b. The MinorVersion will reflect the second number in the above example.
        c. The BuildNumber will reflect the third number in the above example.
        d. The Revision will reflect the forth number in the above example.
        NOTE: You will probably only have to modify the Revision number.

10. Click OK.

11. Now right click on CRM_Server_Version registry value and select Modify.

12. Make sure that the CRM_Server_Version registry value matches the value of the Database Version registry value that you just modified.

13. Click OK and close the registry editor.

14. Now on the CRM Server click Start, click Run, type services.msc and click OK.

15. Within the Services window locate the Microsoft CRM Security service, right-click on it and select Start.

Step-by-Step Microsoft CRM 1.2 Migration to CRM 3.0 Part – III

ISSUE# 2


Moving ahead to the next issue you might encounter error: “An error occurred during mapping the computer accounts – the mapping failed” if the “Deployment.xml” file contains mapping of old (in my case it was old CRM server) servers which are not existing in the Active Directory.


<mapping type=”computer role=” dbname=” oldguid=”{3fbd6178-2aad-4911-8b46-8f00547de3e0} newguid=”<update manually> oldname=”CN=CRM-OLD-SERVER,CN=Computers,DC=sadad,DC=com newname=”<update manually> oldsid=”S-1-5-21-622582695-539100016-4190993944-1642 newsid=”<update manually> />


To circumvent this problem, you have to delete the above mapping for OLD-SERVERS. Save Deployment.xml and run RedeployWizard.exe successfully.

Step-by-Step Microsoft CRM 1.2 Migration to CRM 3.0 – Part II

As discussed in my previous blog entry, lets now take a peek at some of the issues you might encounter whilst CRM 1.2 Migration to CRM 3.0.

ISSUE# 1:

1. Importing “Mapping.xml” and “Deployment.xml” XML files might fail on the new test server with error: “An error occurred during mapping the computer accounts – the mapping failed”. To resolve this error, open import.log for more details. There is a KB article which discusses about hot fix but that might not help. More information on http://support.microsoft.com/kb/889685/EN-US/

The reason you get this error is due to the fact that the computer names of the TEST CRM Server, GUID and SID are not updated (newguid=”<update manually>“, newname=”<update manually>“, newsid=”<update manually>“.) and during the import process it attempts to reuse and eventually it fails with an error occurred during the mapping of computer accounts. The mapping failed. Exception of type System.Exception was thrown (SDTransform).

To resolve this, open “Deployment.xml” in notepad (Make a copy of that before you actually edit). Watch for word-wrap and search for the following tag (<mapping type=”computer);

<mapping type=”computer role=” dbname=” oldguid=”{206e4599-8fa2-4e37-b893-6791f81b6369} newguid=”<update manually> oldname=”CN=CRM-PRODUCTION,CN=Computers,DC=DOMAIN,DC=com newname=”<update manually> oldsid=”S-1-5-21-622582695-539100016-4190993944-1640 newsid=”<update manually> />

Note that the XML file says to update the newguid=”<update manually>“, newname=”<update manually>“, newsid=”<update manually>of the new CRM TEST Server.

You have the newname of the TEST CRM Server. Now, the task is to get the newguid & newsid. This is achieved by using ADSIEDIT & GETSID.exe.

ADSIEDIT – ObjectGUID

  1. Install ADSIEDIT from Windows Server 2003 Support Tools.
  2. Launch ADSIEDIT.msc and browse through Domain – DC=DOMAIN,DC=COM – CN=COMPUTERS – CN=TEST-CRM-SERVER-NAME.
  3. Right click CN=TEST-CRM-SERVER-NAME, Click on Properties – Double Click on Attribute: objectGUID and copy the hexadecimal value and you have to paste in the deployment.xml file newguid=”<Paste objectGUID>.

GETSID – Get Security ID

You can identify the SID by using GetSID.exe. Getsid.exe is a simple tool that returns the SIDs for two user accounts that you specify and tells you whether the accounts’ SIDs match. You must provide two account names. If you want to determine the SID for only one account, the simplest solution is to specify the same account twice.

  1. Install GETSID from Windows XP SP2 Support Tools.
  2. The syntax for Getsid.exe is – getsid \\server1 account \\server2 account. For instance; CMD: getsid \\TEST-CRM-SERVER-NAME administrator \\TEST-CRM-SERVER-NAME administrator
  3. Copy the SID to paste in the deployment.xml file newsid=”<update manually>

Now, simply paste the above values in the deployment.xml file as explained above. Run RedeployWizard.exe again and the import should be successful.

In the next blog entry, we will see some more issues with related to “Deployment.xml” file. Stay tuned!

Step-by-Step Microsoft CRM 1.2 Migration to CRM 3.0 – Part I

Ok, I am involved in CRM 1.2 migration to CRM 3.0 and I thought I had rather share my CRM migration experience :-).

Before you do and In-Place-Upgrade, you might want to easily replicate the CRM 1.2 installation in test-bed using Microsoft Business Solutions CRM Redeployment Tools which includes User Data Export Wizard and the Microsoft CRM Redeployment Wizard.

1. Backup the following from the Production aka Live Server;

  • Run User Data Export Wizard (\Export folder), to extract Active Directory information about CRM OU, its structure, the CRM users, their roles and group memberships n 2 XML files named “Mapping.xml” and “Deployment.xml”. XML
  • Now, you will have to backup the CRM SQL Database from the production server 

                a.      Organization_Name_MSCRM Database
                b.      Organization_Name_METABASE


  • Also, use BackupCrystal.exe (\ReportsTool folder) to backup Organization_Name_Crystal Database. (Note: Crystal password should be blank)
  • Export the Customizations – To export Customization.xml, Browse to Start -> Programs -> Deployment Manager and right click on the top node and select Export Customizations.
  • Export the Work Flow – To export Workflow.xml , Browse to Start -> Programs -> Microsoft CRM > Export Workflow.

2. Restore the following to the TEST SERVER;


  • Restore the MS CRM Databases (On the NEW Server) 

              a.       Organization_Name_MSCRM Database
              b.       Organization_Name_METABASE Database

  • Install Redeployment Tools.
  • Import “Mapping.xml” and “Deployment.xml” XML files on the test-bed, use Microsoft CRM Redeployment Wizard (\Redeploy folder) to import Active Directory information about CRM OU, its structure, the CRM users, their roles and group memberships in to the Active Directory, (Note that you will need to have Active Directory, Exchange Server & CRM Server with SQL Database in your test-bed)

3. Now, you might want to run Microsoft CRM 3.0 Upgrade Advisor Wizard (CrmUpgradeAdvisor.exe) to determine if your Microsoft CRM 1.2 installation can be upgraded to Microsoft CRM 3.0. Make sure the report is clean before you proceed.


4. Install CRM 3.0. 


5. Finally, Import Workflow.xml and Customization.xml.


This is not so easy and you might encounter several issues. In my next blog entries, I will try to cover those :-)


“We are what we repeatedly do. Excellence, then, is not an act but a habit.”  –Aristotle