Funky Monitoring reports? Try this

For all of those folks that have had “funky” monitoring reports since about mid July on your R2 boxes, I want you to try on a box or two the following test:

Subject: monitoring reports not working?   7/30/2008 7:18 AM PST
By:   Les Connor [SBS MVP]  In:
If you're on WSUS v3, try running the server cleanup wizard from within 
'options' in the WSUS console. Only tick the first box (deselect the rest, 
for now), and be warned, this could take 24 hours (or more) to complete so 
just let it go.

See if the monitoring report works after the cleanup. You can also select 
the other boxes on a subsequent run of the cleanup wizard.

Les Connor [SBS MVP]
Get the SBS BPA here:

So what’s the minimum you can run SBS 2008 RC on?

You ‘can ‘ do less than 4 gigs….

About 3.5 gigs in fact… and you can do less than 60 gigs… but it looks like it’s 3.5 gigs on the SBS 2008 and 50 gigs on the hard drive are the “real” minimums.


Got a Mac? Patch for DNS

CVE-ID:  CVE-2008-1447
Available for:  Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.4, Mac OS X Server v10.5.4
Impact:  BIND is susceptible to DNS cache poisoning and may return
forged information
Description:  The Berkeley Internet Name Domain (BIND) server is
distributed with Mac OS X, and is not enabled by default. When
enabled, the BIND server provides translation between host names and
IP addresses. A weakness in the DNS protocol may allow remote
attackers to perform DNS cache poisoning attacks. As a result,
systems that rely on the BIND server for DNS may receive forged
information. This update addresses the issue by implementing source
port randomization to improve resilience against cache poisoning
attacks. For Mac OS X v10.4.11 systems, BIND is updated to version
9.3.5-P1. For Mac OS X v10.5.4 systems, BIND is updated to version
9.4.2-P1. Credit to Dan Kaminsky of IOActive for reporting this
Run a Mac? Go patch your DNS

Patch your Macs

Take mitigation now

The main issus with DNS is not so much if YOU have patched, but rather if your ISP and all their upstream servers have.

HDMoore’s Austin ISP of AT&T didn’t patch in a proactive manner.  If you are holding back on the patches on your SBS box for fear that they will have issues, we know the known issues (see 

But please take mitigation action.  Consider flipping to as your forwarders, stop and restart your DNS services.

MSPMentor 250

Let’s see if we recognize anyone on these lists:

MSPmentor 250 Managed Service Provider Experts, Part I | MSPmentor:

Stuart Crawford who just released a free pdf on dealing with change

MSPmentor 250, Part II | MSPmentor:

The MSPmentor 250, Part II of Our Managed Services Expert List | MSPmentor:

Amy Luby and Matt Makowicz, Curtis Hicks

MSPmentor 250 Managed Service Provider Experts, Part IV | MSPmentor:

Karl Palachuk

MSPmentor 250 Managed Service Provider Center | MSPmentor:

Check it out


One fix creates another problem

The Old New Thing : When I double-click an Excel spreadsheet, Excel opens but the document doesn’t:

So exactly why would one check the box that tells Excel  “Ignore other applications that use Dynamic Data Exchange”, that ends up screwing up Excel’s open up the file and Outlook opening up an Excel file?

Because when your Word based document that had an Excel linked file kept freaking out with an error message saying “a document with the name is already open” that’s the exact instructions that I googled on a post somewhere…

Two days later when the guy couldn’t open up and preview an Excel attachment in Outlook and I googled on that error I realized that the fix for one problem created a much larger one.

We now live with the Word/Excel link document warning.

The amazing thing about this issue is that it googles all the way back to like Excel 97…and we’re running Excel 2007.

Oh yeah there was some other registry hack thingy I tried as well.. but bottom line if you wondered why anyone would do that “ignore DDE” it’s because site tells you that it’s what you need to fix another issue.  Trust me, it doesn’t.  It makes another issue.

Today’s MINI report brought to you by….

We temporarily interrupt this SBS themed blog to bring you the MINI post of the week …. okay lately more like day:

To answer Ron, to bring the newbies up to date, I ordered my MINI Cooper around July 5th.  I went to the web site and ‘built’ my baby and then took it to the Crevier MINI dealership in Santa Ana, California. 

It will look like that.  It’s been built and is Southhampton awaiting a ship from England to Oxnard, California.  It’s the MINI Cooper S with the Hardtop.  My Sister got the convertible.

Once it leaves Southhampton, it will be put on a ship to arrive in Oxnard, California.  It will probably go through the Panama Canal but not cross the dateline or the equator (which if you talk to the Navy guy in the office means it won’t get any unofficial Navy certificates.

After arriving in Oxnard it will go to the MINI distribution center, get looked over and from there on to Crevier in Santa Ana.

Base MSRP* $21,950
Destination & Handling $650
Black Bonnet Stripes $100
Pepper White Body Color $0
Black Roof/Mirrors $0
Premium Package $1,250
        Automatic AC
        Dual Pane Panoramic Sunroof
        Leather Sport Wheel w/Multifunction
Dynamic Stability Control STD
Front Fog Lamps STD
Xenon Headlamps w/Power Wash $500
6-Speed Getrag Manual STD
16″ S-Winders (Perf. Run Flats) STD
Sport Seats STD
On-Board Computer STD
6-spkr AM/FM CD Player STD
Cloth: Checkered Carbon Black/Black $0
Interior Surface Checkered Silver STD
No selections in this category
No selections in this category

It’s Pepper White (due to the heat/sun in Fresno, you want something in a light color….)

With a black contrasting roof with a sunroof (yeah yeah I know that kinda negates the white car factor but I’m planning to get the cab cover to help protect the interior from the heat.

Black stripes, and airconditioning (of course)

It will have those xenon headlights that I hate to be a driver opposite someone who has them (yes they do increase visibility but I still say they glare at other drivers)

The interior will be checkered cloth

I was debating if I would get Checkered rear view mirrors…but thought that was a little bit too much…so I didn’t opt for that.

But there you have it.

Oh yeah… have the coffeeMug already…


SBS 2008 and Run As Administrator

So on SBS 2008 you want to open up the SBS 2008 monitoring database… okay so “I” wanted to… and when you click on the SQL Server management express you get this lovely error when trying to open up the SQL SBSMonitoring instance.

So the trick is to open up that SQL management tool with Run As Administrator.  Duh.

Okay so because it’s clear that I’m lazy and can’t remember which ones RunAs and which ones don’t, I want to build a shortcut on the desktop that prechecks that.  Start, Programs find the SQL management program and right mouse click and “send to” “desktop, create shortcut” as the first step.  Now that we have the icon on the desktop.

Right mouse click on it and in the Compatibility tab, click on Run As Administrator and Apply

Now when you click on the ICON you will get a UAC prompt

And once you do that you can log into SQL instance for the SBSMonitoring

Remember the Forefront console needs this as well.

So if at first you get an error, try Run As Administrator.

Back at ya Andy and Ron….

Andy and Ron are just going to have to wait to see.  Yes, personalized plates have been ordered.

Videos on Security

Virtualization and Security: What Does It Mean for Me?:

The Spy Who Hacked Me!:

A Hackers Diary: How I Can Hack Your Vulnerable Services and How You Can 
Stop Me:

Windows Security Boundaries:

Windows Logins Revealed: 
A source that I really like is the EMEA web site that puts up some of the videos from TechEd and other Microsoft venues.  
The security ones are obviously some of my favs. So sit back, get comfy, be in Air conditioning rather than sweaty humid Orlando and enjoy.