Monthly Archives: May 2007

You are browsing the site archives by month.

"Help and Support" feature is missing after you install Microsoft Windows Server 2003 SP2

“Help and Support” feature is missing after you install Microsoft Windows Server 2003 SP2 on a computer that is running Windows Small Business Server 2003:
http://support.microsoft.com/kb/937231/en-us

A hotfix is not regression tested…. please do not place it on a production system without a good backup and testing, but I”ve never had issues with them in my network.


And I called to 1-800-936-4900 (USA) pressed 2 for IT pro and told the phone call person during the AFTER HOURS Biz crit time (hey if Microsoft’s going to break my box after hours, I want to fix it after hours) and got the hotfix.


And as you can see… I got it FOR FREEEEEEEEE no charge and at 8 p.m at night.  And just to prove I did, here’s the SRX email (details munged so you can’t get the patch from here you will need to call in yourself and get it)


——– Original Message ——–

Subject: Hot fix ready for your incident SRX070531603166
Date: Thu, 31 May 2007 20:06:24 -0700
From: <compmail@microsoft.com>
To: <>


CASE_ID_NUM: SRX070531603166 
MESSAGE:
Hello,

The hot fix for your issue has been packaged and placed on an HTTP site for you to download.

WARNING: This fix is not publicly available through the Microsoft website as it has not gone through full Microsoft regression testing.
If you would like confirmation that this fix is designed to address your specific problem, or if you would like to confirm whether there
are any special compatibility or installation issues associated with this fix, you are encouraged to speak to a Support Professional in
Product Support Services.

The package is password protected so be sure to enter the appropriate password for each package. To ensure the right password is
provided cut and paste the password from this mail.

NOTE: Passwords expire every 7 days so download the package within that period to insure you can extract the files. If you receive
two passwords it means you are receiving the fix during a password change cycle. Use the second password if you download after
the indicated password change date.

Package:
———————————————————–
KB Article Number(s): 937231
Language: English
Platform: i386
Location: (
http://hotfixv4.microsoft.com/Windows%20Server%202003/sp3/mundgedandallthatjazzbutinterestingit’saSP3fix)
Password: DoyouhonestlythinkIwouldpostthelinkandthepasswordheregetreal!

NOTE: Be sure to include all text between ‘(‘ and ‘)’ when navigating to this hot fix location!

Thanks!

No, the CPA’s password is blank

I had to laugh about this….


The risk of passwords…. http://www.riskinstitute.org/PERI/PTR/Technology+Risks_LIB_1305.htm and in that document it warns about passwords ….


Are any of them in this list?:


  • Asdf
  • 1234
  • admin
  • password
  • spooky
  • buster
  • webster
  • machoman
  • bootsie
  • sparky
  • badboy
  • qwerty

And today when I was using Elcomsoft.com’s Quickbook password cracking software apparently they thought passwords were too hard for their CPA as they had none


Engagement letters

On the panel and Jeff’s ITPro conference I said that folks needed “Engagement letters” and someone asked me what they were.  They are basically a letter that limits your liability.  I’ve just now posted up two sample engagement letters.  As always, review them, edit them, and take them to an attorney for review.


http://www.conference2007.sbsmigration.com/forum/comments.php?DiscussionID=10&page=1#Item_2

Using POP connector with AT&T Yahoo?

Dear AT&T… I nearly blew off this email as a malware attempt as the subject line read “Reminder: Important Security update” which sounds like the 40,000 other emails I get that say “your system is infected, run this tool that we’re hiding bad things inside to clean your system up”.

Well you might want to search for this email and read this VERY CAREFULLY as it may impact your SBS domains if you are in the AT&T/Yahoo area.

——– Original Message ——–

Subject: Reminder: Important security update
Date: Thu, 31 May 2007 06:00:14 -0700
From: AT&T Yahoo! Customer Care <bulkmailer@prodigy.net>
To: AT&T Yahoo! Internet Members <members@sbcglobal.net>








 


Time is running out — update your email settings to help us serve you better

Dear AT&T Yahoo! Member,

We recently contacted you about some important security improvements we’re making to your AT&T Yahoo! service. These changes will affect members who send or receive email from a desktop or mobile client program, such as Microsoft Outlook, Microsoft Outlook Express, Eudora, Apple Mail, or Thunderbird.

To help us ensure the security of your email, you will need to change the settings on your desktop or mobile email client program. Please choose one of the three options:

<!–

–>

Make the Changes Automatically: To automatically make the required changes to Outlook Express, use the AT&T Self Support Tool.
  • If you already have the AT&T Self Support Tool installed on your computer, simply select Cannot send/receive email from the Self Support Tool Main Interface to run an email settings check. When prompted to change your email settings, select Yes.


  • If you do not have the AT&T Self Support Tool installed, download it and then follow the instructions above.
Make the Changes Manually: To manually make the required setting changes in Outlook and Outlook Express, please view the detailed instructions here.

Alternatively, you may take the following steps to change the settings on your desktop or mobile email client program:
  1. Open your email client program.
  2. Locate the email account settings for your particular client.
  3. Change the POP server to pop.att.yahoo.com.
  4. Change the SMTP server to smtp.att.yahoo.com.
  5. Check the option labeled Use an encrypted connection (SSL) and change the SMTP port to 465.
  6. Check the option labeled Use an encrypted connection (SSL) and change the POP3 port to 995.
  7. Confirm the above settings then click OK.
The web-based version of AT&T Yahoo! Mail is not affected by these changes and will continue to be available at http://mail.yahoo.com/.

Thanks for your cooperation.

Sincerely,
AT&T Yahoo! Customer Care
1-800-ATT-2020

 
 

 

Bottom line if you use pop to pull in your email on your SBS network from an AT&T/Yahoo account that got this notification, you will no longer be able to use the Microsoft supplied POPconnector as it does NOT support secure pop.  You will need to purchase popbeamer.com or some other third party pop connection program that supports this protocol.  Microsoft does not.

 

Or, even better, move to full SMTP and use www.exchangedefender.com in front of your systems.

Firmware updates for Broadcoms

If you have Broadcom nics you might want to look for some driver updates… both Dell 
and HP and notifying that there are nic firmware updates. 
Your alerts 
 
HP NC-Series Broadcom Online Firmware Upgrade Utility for Windows Server 2003 ver 2.1.0.5B 
OpenView Patch Notification (OpenView login required)  
Priority: Recommended  
Products: HP BladeSystem Dual NC370i Multifunction Network Adapter,HP Embedded NC7761 
Gigabit Server Adapter,HP NC1020 Gigabit Server Adapter,HP NC150T PCI 4-port Gigabit Combo Switch Adapter,
HP NC320T PCI Express Gigabit Server Adapter OS: Microsoft Windows Server 2003,Microsoft Windows Storage Server 2003 Release Date: 05/23/2007 Description: This component contains utilities for the online upgrade of HP NC-Series Broadcom NIC boot, PXE,
UMP and iSCSI code running under Microsoft Windows Server 2003. HP NC-Series Broadcom Online Firmware Upgrade Utility for Windows Server 2003 ver 2.1.0.5B:
http://r.your.hp.com/r/c/r?2.1.HX.2XR.1LeACe.CnJOt2..T.Efl%5f.25g6.DZIKEZZ0 HP NC-Series Broadcom Online Firmware Upgrade Utility for Windows Server 2003 x64 Editions ver 2.1.0.5B OpenView Patch Notification (OpenView login required) Priority: Recommended Products: HP BladeSystem Dual NC370i Multifunction Network Adapter,HP Embedded NC7761 Gigabit
Server Adapter,HP NC1020 Gigabit Server Adapter,HP NC150T PCI
4-port Gigabit Combo Switch Adapter,HP NC320T PCI Express Gigabit Server Adapter OS: Windows Server 2003 for 64-bit Ext Sys Release Date: 05/23/2007 Description: This component contains utilities for the online upgrade of NC-Series Broadcom Gigabit
Ethernet NIC boot, PXE, UMP and iSCSI code running under Microsoft Windows Server 2003 x64 Editions. HP NC-Series Broadcom Online Firmware Upgrade Utility for Windows Server 2003 x64 Editions ver 2.1.0.5B:
http://r.your.hp.com/r/c/r?2.1.HX.2XR.1LeACe.CnJOt2..T.Efly.25g6.DbROEaT0

Brilliant idea regarding patching

So you get this idea that you will install.. say ISA 2004 sp3 remotely… and you get to the end and don’t realize that it breaks the network connection and you are stuck as it wants a reboot to finish..what do you do?


Do what trick I learned from a SBSer at Jeff’s ITpro conference this weekend…. schedule a reboot for an hour after you begin your Service pack install.  That way if you get the machine stuck, in a hour it should force a reboot, get the box back into workable state and you can continue on with what you needed to do.


Kewl idea, huh!

Backup and Monitoring part cannot be viewed in server management console

PROBLEM:
==========
Backup and Monitoring part cannot be viewed in server management console

CAUSE:
==========
Insufficient Permission

RESOLUTION:
==========
For monitoring:
—————
1. Make sure there is no web.config file under C:\Inetpub\wwwroot
2. Correct the permission on C:\Inetpub\monitoring folder
3. Correct the permission on Monitoring Virtual Directory
4. following steps to reinstall Monitoring completely:

I.     Uninstall Monitoring
 
1.      Click Start, click Control Panel, and then click Add or Remove
Programs.
2.      Select Windows Small Business Server 2003 and then click
Change/Remove. The Setup Wizard appears.
3.      Click Next to start the wizard.
4.      On the Windows Configuration page, click Next.
5.      On the Component Selection page, in the Action column, change
Server Tools to Maintenance, change Monitoring component to Remove, and
then click Next.
6.      On the Component Summary page, click Next.
7.      Click Finish.
 
II.   Uninstall Microsoft SQL Server Desktop Engine (SBSMONITORING)
 
In Add or Remove Programs, select Microsoft SQL Server Desktop Engine
(SBSMONITORING) and then click Remove. A dialog box appears. To confirm
that you want to remove, click Yes.
 

III. Rename the folder
 
Start Windows Explorer, and then locate and rename C:\Program
Files\Microsoft SQL Server\MSSQL$SBSMONITORING folder to C:\Program
Files\Microsoft SQL Server\Old.MSSQL$SBSMONITORING
 
 
IV. Use Registry Editor to delete the following registry key:
                       
HKEY_LOCAL_MACHINE\Software\Microsoft\SmallBusinessServer\Monitoring
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\SBSMonitoring
 
 
V.    Install the Monitoring component
 
1.      In Add or Remove Programs, select Windows Small Business Server
2003 and then click Change/Remove. The Setup Wizard appears.
2.      Click Next.
3.      On the Windows Configuration page, click Next.
4.      On the Component Selection page, in the Action column, change
Server Tools to Maintenance, change Monitoring component to Install, and
then click Next.
5.      On the Logon Information page, click Next.
6.      On the Component Summary page, click Next.
7.      Click Finish.


For backup part.
—————
1. Check the C:\Inetpub\backup folder permission as same as monitoring
folder
2. Check the backup virtual directory permissions in IIS manager as same as
monitoring folder except the IP address and domain name restriction
section. In this section you need to make sure that “Denied access” is
selected, and only server internal NIC IP address and 127.0.0.1 is located
in the IP list below:

When an oops occurs….

There are some questions you need to ask yourself… 


1. Has the server/client/product ever worked?

2. If so, what changed?

3. What service packs and updates were applied?

4. What are the steps to reproduce the problem?

5. Does it happen the same way on any other systems?


And if you want folks to help out… when you go to forums or other online help venues…

6. Please provide the exact error message with any screenshots, if possible.


…the EXACT error message please!

Securing the Small Business

http://blogs.msdn.com/rockyh/archive/2007/05/23/jesper-johansson-at-tech-ed.aspx


TLC – Securing the Small Business



They’ve got little money to spend on security, and big demands. Minimal staff and zero tolerance for disaster. The risks aren’t reduced because it’s a small business. The risk can actually be greater than for a large network. Join us as we look at the unique challenges small businesses face and show you successful methods to help secure them. Securing the small business doesn’t need to cost a lot of money!


Saw this TechEd session and had to laugh… some of us have enough budget and reduce our risks better than our big serverland bretheren.  Some of us down here “get” security.  What we do preach about though is not getting caught up in the “you must do this to meet this regulation” when the regulations are murky and not defined.

The PFM of Home Server

If you were at the ITPro Conference and heard Grey Lancaster talk about Home server and wanted to check it out you can join the beta via this link


http://forums.microsoft.com/WindowsHomeServer/ShowPost.aspx?PostID=1219741&SiteID=50


…and yes…like Grey said there are indeed some Russian folks that are on the development team… and like Grey said “you know how those Russians can do anything with harddrives“…. definitely some PFM going on in that product…