Monthly Archives: October 2009

You are browsing the site archives by month.

Too much, too little, maybe just right?

For the past two years since we started rolling out Vista, I’ve felt like Goldilocks.  I can’t find an antivirus software I like.  Trend was my choice until it started putting a firewall in there that made it not quite right.  Then I was testing out Nod32 and it nearly was my choice until it too started to have known issues with iTunes and network icon interference. 



So in addition to the desktop icon review tonight, I’m starting the process of removal of the various antivirus’ I’ve been testing on various machines and starting to standardize on the one that I think will be the one I choose.  But I want a wider beta so I’m going to be installing it on more machines.  What is the maybe, hopefully, possibly just right antivirus?  I’m leaning towards Forefront client security now.  For those who have home users or home businesses, the Microsoft security essentials is my current choice of antivirus.  Notice I didn’t say “free” antivirus, I said antivirus.  It’s discouraging when we’re paying annual subscriptions to products that are not catching rogue antivirus, causing slow downs of our systems, and in general, if they were operating systems, we’d be a lot more upset than we are right now.


So before you ask, can the management console of Forefront go on SBS 2008?  Nope.  Can’t.  But this is part of my larger test to see if the native notification of antivirus status is good enough for this Goldilocks.


I’ll let you know how this fairy tale ends.

Happy Halloween

Tonight to answer the door of the trick-or-treaters I’m answering the door as Danica Patrick’s older, less sexy, sister that is a Mini Cooper race car driver.



Okay so it’s a stretch, I’ll admit, but with a Mini Cooper racing shirt and a black wig, what do you expect?


I’m also remoting back into the office and doing the annual “what icons landed up on the desktop” review of the desktops.  While most of us do remote work as a matter of ease and efficiency, sometimes the only time you see issues is looking at the actual desktop.  So I’ll take my secondary admin account and log into the workstations remotely and see what icons are there.  See if there’s patches that WSUS or Shavlik missed, see if the event viewer looks good.  While I have remote tools that also pull this info, sometimes actually LOOKING at the desktop is like most picture experiences, a picture is worth a thousand words.


In my case, that picture of Danica is worth way more than what I look like in my Mini Cooper get up.

Migration Step Two: On the Source server, make sure the Active Directory is healthy

F. On the Source server, make sure the Active Directory is healthy.

If there is only one DC, make sure the SYSVOL and NETLOGON shares are present. Also, check the File Replication Service event log to see if it is in Journal Wrap. The event below is an example of what to look for.


Event Type: Error
Event Source: NtFrs
Event ID: 13568
Description:
The File Replication Service has detected that the replica set “DOMAIN SYSTEM
VOLUME (SYSVOL SHARE)” is in JRNL_WRAP_ERROR.


If there are multiple domain controllers in the source environment, force an Active Directory replication between them in Active Directory Sites and Services and verify it is successful.


You can also run the Microsoft IT Environment Health Scanner in the source environment to uncover any AD health issues.


Microsoft IT Environment Health Scanner


(I’ll blog about that in a separate blog post)


An unhealthy Active Directory can result in the following setup errors:


  • Windows Small Business Server group policies cannot be configured.
  • Windows Server Update Services cannot be configured.

To fix this, you will need to restore the source server, resolve the AD Health issue(s) and start the migration all over again.


We’re going to check this with a couple of things including this command:


  1. The following are run from the command prompt to test Active Directory health:
  2. DCDiag

  •  
    • DCDiag [Enter]
    • DCDiag /test:DNS
    • DCDiag /? (List of switches)

  1. DcDiag
    _______________________________________________

    Microsoft Windows [Version 5.2.3790]

(C) Copyright 1985-2003 Microsoft Corp.


 


C:\Documents and Settings\Administrator>dcdiag


 


Domain Controller Diagnosis


 


Performing initial setup:


   Done gathering initial info.


 


Doing initial required tests


 


   Testing server: Default-First-Site-Name\DOMAIN


      Starting test: Connectivity


         ……………………. DOMAIN passed test Connectivity


 


Doing primary tests


 


   Testing server: Default-First-Site-Name\DOMAIN


      Starting test: Replications


         ……………………. DOMAIN passed test Replications


      Starting test: NCSecDesc


         ……………………. DOMAIN passed test NCSecDesc


      Starting test: NetLogons


         ……………………. DOMAIN passed test NetLogons


      Starting test: Advertising


         ……………………. DOMAIN passed test Advertising


      Starting test: KnowsOfRoleHolders


         ……………………. DOMAIN passed test KnowsOfRoleHolders


      Starting test: RidManager


         ……………………. DOMAIN passed test RidManager


      Starting test: MachineAccount


         ……………………. DOMAIN passed test MachineAccount


      Starting test: Services


            IsmServ Service is stopped on [DOMAIN]  <<<< <this is okay and normal on a SBS box — ignore this


         ……………………. DOMAIN failed test Services


      Starting test: ObjectsReplicated


         ……………………. DOMAIN passed test ObjectsReplicated


      Starting test: frssysvol


         ……………………. DOMAIN passed test frssysvol


      Starting test: frsevent


         ……………………. DOMAIN passed test frsevent


      Starting test: kccevent


         ……………………. DOMAIN passed test kccevent


      Starting test: systemlog


         ……………………. DOMAIN passed test systemlog


      Starting test: VerifyReferences


         ……………………. DOMAIN passed test VerifyReferences


 


   Running partition tests on : ForestDnsZones


      Starting test: CrossRefValidation


         ……………………. ForestDnsZones passed test CrossRefValidation


 


      Starting test: CheckSDRefDom


         ……………………. ForestDnsZones passed test CheckSDRefDom


 


   Running partition tests on : DomainDnsZones


      Starting test: CrossRefValidation


         ……………………. DomainDnsZones passed test CrossRefValidation


 


      Starting test: CheckSDRefDom


         ……………………. DomainDnsZones passed test CheckSDRefDom


 


   Running partition tests on : Schema


      Starting test: CrossRefValidation


         ……………………. Schema passed test CrossRefValidation


      Starting test: CheckSDRefDom


         ……………………. Schema passed test CheckSDRefDom


 


   Running partition tests on : Configuration


      Starting test: CrossRefValidation


         ……………………. Configuration passed test CrossRefValidation


      Starting test: CheckSDRefDom


         ……………………. Configuration passed test CheckSDRefDom


 


   Running partition tests on : DOMAINNAME


      Starting test: CrossRefValidation


         ……………………. DOMAINNAME passed test CrossRefValidation


      Starting test: CheckSDRefDom


         ……………………. DOMAINNAME passed test CheckSDRefDom


 


   Running enterprise tests on : DOMAINNAME.lan


      Starting test: Intersite


         ……………………. DOMAINNAME.lan passed test Intersite


      Starting test: FsmoCheck


         ……………………. DOMAINNAME.lan passed test FsmoCheck


 


C:\Documents and Settings\Administrator>dcdiag /test:DNS


 


Domain Controller Diagnosis


 


Performing initial setup:


   Done gathering initial info.


 


Doing initial required tests


 


   Testing server: Default-First-Site-Name\DOMAIN


      Starting test: Connectivity


         ……………………. DOMAIN passed test Connectivity


 


Doing primary tests


 


   Testing server: Default-First-Site-Name\DOMAIN


 


DNS Tests are running and not hung. Please wait a few minutes…


 


   Running partition tests on : ForestDnsZones


 


   Running partition tests on : DomainDnsZones


 


   Running partition tests on : Schema


 


   Running partition tests on : Configuration


 


   Running partition tests on : DOMAINNAME


 


   Running enterprise tests on : DOMAINNAME.lan


      Starting test: DNS


         ……………………. DOMAINNAME.lan passed test DNS


It should come back “clean”


Then do Netdiag


It starts out with a whole bunch of KBs listed… (hotfixes)


________________________________________________


Netcard queries test . . . . . . . : Passed

 

 

 

Per interface results:

 

    Adapter : Server Local Area Connection

 

        Netcard queries test . . . : Passed

 

        Host Name. . . . . . . . . : DOMAIN

        IP Address . . . . . . . . : 10.0.0.2  <<< I’m still at that original SBS 4.0 10.0.0.2 range btw

        Subnet Mask. . . . . . . . : 255.255.255.0

        Default Gateway. . . . . . :

        Primary WINS Server. . . . : 10.0.0.2

        Dns Servers. . . . . . . . : 10.0.0.2

 

 

        AutoConfiguration results. . . . . . : Passed

 

        Default gateway test . . . : Skipped

            [WARNING] No gateways defined for this adapter.

 

        NetBT name test. . . . . . : Passed

        [WARNING] At least one of the <00> ‘WorkStation Service’, <03> ‘Messenge

r Service’, <20> ‘WINS’ names is missing.

            No remote names have been found.

 

        WINS service test. . . . . : Passed

 

    Adapter : Network Connection

 

        Netcard queries test . . . : Passed

 

        Host Name. . . . . . . . . : DOMAIN

        IP Address . . . . . . . . : 192.168.1.2

        Subnet Mask. . . . . . . . : 255.255.255.0

        Default Gateway. . . . . . : 192.168.1.254

        Primary WINS Server. . . . : 10.0.0.2

        NetBIOS over Tcpip . . . . : Disabled

        Dns Servers. . . . . . . . : 10.0.0.2 <<<< I still have two nics, I need to rerun this after I’ve removed ISA

 

 

        AutoConfiguration results. . . . . . : Passed

 

        Default gateway test . . . : Passed

 

        NetBT name test. . . . . . : Skipped

            NetBT is disabled on this interface. [Test skipped]

 

        WINS service test. . . . . : Skipped

            NetBT is disable on this interface. [Test skipped].

 

    Adapter : {A89DD362-5097-4A2B-AE4F-D7AB874ED971}

 

        Netcard queries test . . . : Passed

 

        Host Name. . . . . . . . . : DOMAIN

        IP Address . . . . . . . . : 10.0.0.16  <<<< VPN connection going on here

        Subnet Mask. . . . . . . . : 255.255.255.255

        Default Gateway. . . . . . :

        NetBIOS over Tcpip . . . . : Disabled

        Dns Servers. . . . . . . . :

 

        AutoConfiguration results. . . . . . : Passed

 

        Default gateway test . . . : Skipped

            [WARNING] No gateways defined for this adapter.

 

        NetBT name test. . . . . . : Skipped

            NetBT is disabled on this interface. [Test skipped]

 

        WINS service test. . . . . : Skipped

            NetBT is disable on this interface. [Test skipped].

 

 

Global results:

 

 

Domain membership test . . . . . . : Passed

 

 

NetBT transports test. . . . . . . : Passed

    List of NetBt transports currently configured:

        NetBT_Tcpip_{31680511-DFA0-4A2D-A3A9-D1044337C37A}

    1 NetBt transport currently configured.

 

 

Autonet address test . . . . . . . : Passed

 

 

IP loopback ping test. . . . . . . : Passed

 

 

Default gateway test . . . . . . . : Passed

 

 

NetBT name test. . . . . . . . . . : Passed

    [WARNING] You don’t have a single interface with the <00> ‘WorkStation Servi

ce’, <03> ‘Messenger Service’, <20> ‘WINS’ names defined.

 

 

Winsock test . . . . . . . . . . . : Passed

 

 

DNS test . . . . . . . . . . . . . : Passed

    PASS – All the DNS entries for DC are registered on DNS server ‘10.0.0.2’.

 

 

Redir and Browser test . . . . . . : Passed

    List of NetBt transports currently bound to the Redir

        NetBT_Tcpip_{31680511-DFA0-4A2D-A3A9-D1044337C37A}

    The redir is bound to 1 NetBt transport.

 

    List of NetBt transports currently bound to the browser

        NetBT_Tcpip_{31680511-DFA0-4A2D-A3A9-D1044337C37A}

    The browser is bound to 1 NetBt transport.

 

 

DC discovery test. . . . . . . . . : Passed

 

 

DC list test . . . . . . . . . . . : Passed

 

 

Trust relationship test. . . . . . : Skipped

 

 

Kerberos test. . . . . . . . . . . : Passed

 

 

LDAP test. . . . . . . . . . . . . : Passed

 

 

Bindings test. . . . . . . . . . . : Passed

 

 

WAN configuration test . . . . . . : Skipped

    No active remote access connections.

 

 

Modem diagnostics test . . . . . . : Passed

 

IP Security test . . . . . . . . . : Skipped

 

    Note: run “netsh ipsec dynamic show /?” for more detailed information

 

 

The command completed successfully

 

C:\Documents and Settings\Administrator>

 


Next we’ll do RepAdmin


  1. RepAdmin

  •  
    • RepAdmin /viewlist *
    • RepAdmin /SyncAll
    • RepAdmin /KCC

__________________________________________________


Microsoft Windows [Version 5.2.3790]


(C) Copyright 1985-2003 Microsoft Corp.


 


C:\Documents and Settings\Administrator>repadmin /viewlist *


DC_LIST[1] = DOMAIN.DOMAINNAME.lan


 


 


C:\Documents and Settings\Administrator>repadmin /syncall


CALLBACK MESSAGE: SyncAll Finished.


SyncAll terminated with no errors.


 


 


C:\Documents and Settings\Administrator>repadmin /kcc


 


repadmin running command /kcc against server localhost


 


Consistency check on localhost successful.


Next we’ll do NetDom /query FSMO


  1. NetDom /query FSMO

____________________________


Microsoft Windows [Version 5.2.3790]


(C) Copyright 1985-2003 Microsoft Corp.


 


C:\Documents and Settings\Administrator>netdom /query FSMO


Schema owner                DOMAIN.DOMAINNAME.lan


 


Domain role owner           DOMAIN.DOMAINNAME.lan


 


PDC role                    DOMAIN.DOMAINNAME.lan


 


RID pool manager            DOMAIN.DOMAINNAME.lan


 


Infrastructure owner        DOMAIN.DOMAINNAME.lan


 


The command completed successfully.


 

Other than reruning this after I remove ISA… AD using DCdiag looking fine.

Check out my pumpkin!

Check out my pumpkin! http://halloween.cloudapp.net/pumpkin/98338f63-ccce-4ee0-a7bd-3ff27ae837d8



Well look at the bright side.  There’s no icky disgusting azure and silverlight seeds to scoop out and throw away now is there?


http://blogs.msdn.com/bardak/archive/2009/10/30/happy-halloween-from-the-silverlight-team-and-archetype.aspx

Migration Step One: On the Source server, run the SBS 2003 BPA

We’re going to start doing some scans on a SBS 2003 to make sure we’re ready to go for migration.


We’re going to take all of these tips mainly from here:  www.sbsmigrationtips.com whcih resolves to http://blogs.technet.com/sbs/archive/2009/02/19/sbs-2008-migrations-from-sbs-2003-keys-to-success.aspx


 And this — http://blog.mpecsinc.ca/2009/06/sbs-2003-to-sbs-2008-migration-guide.html


So first tonight we’re going to run the SBSbpa on the box and go through item by item what it’s telling us.


E. On the Source server, run the SBS 2003 BPA.

  • SBS 2003 BPA
  • Resolve any issues reported in the source environment ahead of time.
  • Know that SBS 2003 SP 1 is not the same as Windows 2003 SP 1 or SP 2. See item #4 for an explanation.

Download it from www.sbsbpa.com which resolves to http://www.microsoft.com/downloads/details.aspx?FamilyId=3874527A-DE19-49BB-800F-352F3B6F2922&displaylang=en


Now run it on your system:



 


Click on the view a report…



So let’s go down line by line of the things it found.


1.  Disk space low.  No kidding Sherlock.  It’s a five year old server so I think I done pretty darn good to be still with 19% free with about a month left to go before we move to a new box. 


2.  Network interface driver file more than one year old.  If you think I’m going to be flashing network card drivers on this baby now, keep dreaming.  That’s an ignore for now. On a server you had not upgrade the nic drivers since it was built that would be another story.  You’d need to look at that and make sure it has newer drivers.  for me, it’s going to stay there for now.


3.  Network interface driver file more than one year old.  This is a SBS 2003 with two nics and ISA (for about another week) and so that’s why the two warnings.


4.  Windows Update Service v3 is at RTM.  Ignore this.  I actually have SP2 on the box but the BPA hasn’t been updated to reflect that.


5.  Your email domain is on the turf list.   Your e-mail domain exists in the list in the msExchTurfListNames attribute. This can cause problems with public folder replication during a migration. To remove the domain from the list, open Exchange System Manager, expand Global Settings, right-click Message Delivery, and then click Properties. Click the Sender Filtering tab, and then remove your domain from the Senders list.



I’m pretty sure that’s another bogus error as my domain name is not in that list, but to be safe I’ll be removing those addresses and rescanning regardless.


So I removed the entries, rescanned and voila… (except now my external backup drive is indicating it needs more room :-)



 So now we’re done with item number E .


E. On the Source server, run the SBS 2003 BPA.

  • SBS 2003 BPA
  • Resolve any issues reported in the source environment ahead of time.
  • Know that SBS 2003 SP 1 is not the same as Windows 2003 SP 1 or SP 2. See item #4 for an explanation.

>>> NEW TOOL: Exchange Remote Connectivity Analyzer <<<:

>>> NEW TOOL: Exchange Remote Connectivity Analyzer <<<:
http://social.microsoft.com/Forums/en-US/partnermsgexchange/thread/421c8eb2-7579-4806-a276-3aaeb90a10a4


Announcing the release of Exchange Server Remote Connectivity Analyzer for Exchange 2003, 2007, and 2010: https://www.testexchangeconnectivity.com/


 


Client connectivity and inbound email scenarios make up a significant portion of the Exchange support calls.  This tool will allow you to remotely test the following client types and services:


 


Exchange ActiveSync


Windows Mobile 5, 3rd party devices


Windows Mobile 6.1+ with AutoDiscover


Outlook Anywhere (aka RPC/HTTP)


Outlook 2003


Outlook 2007 with AutoDiscover


Inbound SMTP


 


The tool will simulate the protocol logic used by the specific client and not only tell you if the scenario was successful, but if it fails, it will tell you exactly where in the process it failed as well as try to guide you to the problem resolution.


 


 


HELPFUL LINKS:


More information https://www.testexchangeconnectivity.com/Pages/ChangeList.htm


Exchange team blog http://msexchangeteam.com/archive/2009/03/25/450908.aspx.


Exchange Remote Connectivity Analyzer Forum: http://social.technet.microsoft.com/Forums/en-US/exrca/threads


Provide feedback to exrcafb@microsoft.com



Best regards,

Ryan Ye
Partner Online Technical Community
—————————————————————————————–
We hope you get value from our new forums platform! Tell us what you think:
http://social.microsoft.com/Forums/en-US/partnerfdbk/threads
——————————————————————————————
This posting is provided “AS IS” with no warranties, and confers no rights.

Should Exchange 2007 sp2 should be installed on a SBS 2008 box?

So I got a question today as to whether or not Exchange 2007 sp2 should be installed on a SBS 2008 box.


And I said:


1. there’s an icky KB you have to work through

2. it breaks the sbs sites without the kb

3. IMHO it doesn’ add any value (the Exchange backup we already have)

4. You wanna keep a test box for the sp2 wrapper that they will be building out


5.  You want to wait for that sp2 wrapper that they will be offering up for SBS boxes


There is no reason limited reasons that I can see at this time to be installing SP2 for Exchange 2007 on SBS 2008.  Thus don’t. consider it carefully.


EDIT – it has been pointed out that Powershell v2 is not supported on SBS without Exchange 2007 sp2.  Thus for those folks who envision themselves on a remote beach in Bora Bora, sipping fruit drinks with umbrellas on them and using remote Powershell v2 commands to administer their Exchange 2007 sp2 boxes, you “may” want to consider going through the KB and apply the service pack.


The rest of us grunts may want to wait until the wrapper comes out.

Can’t see your tax software help files on Win7?

How to fix an application that isn’t working after 05-026 – THE OFFICIAL BLOG OF THE SBS “DIVA”:
http://msmvps.com/blogs/bradley/archive/2005/06/23/54763.aspx

After rolling out a new workstation (Win7) our tax software wouldn’t show the help file.. I had forgotten that I’d disabled the group policy on the server for some reason on this.


Fortunately I remembered the easy fix and found it on the blog :-)  Figured it wouldn’t hurt to reblog this as you start to roll out Win7 machines


http://support.microsoft.com/default.aspx?scid=kb;en-us;896054


  • Click on Start
  • Run
  • Regedit
  • Find HKEY_LOCAL_MACHINE
  • Find the subfolder of SOFTWARE
  • Find the subfolder of Microsoft
  • Find the subfolder of HTMLHelp
  • File the subfolder of 1.x
  • Now click on that 1.x folder and right mouse click
  • Now click on ‘new’ and then on ‘key’ and add a new key
  • Type in ItssRestrictions
  • Hit enter
  • Click on the subfolder of ItssRestrictions
  • Right mouse click, click on ‘new’ and then on ‘dword’
  • In the “New value“ box, type in MaxAllowedZone
  • Hit Enter
  • Click on that “MaxAllowedZone“ and right mouse click
  • Click on “Modify“
  • Change the value data from 0 to 1
  • Click OK
  • Close the Registry

Try CCH tax software again.  Your help files should now work as expected.


When you get done the left side should look like this



The right side should look like



P.S.  This KB article is actually referred to from a “caveat” link at the top of the Security bulletin that points to known issues.  Always review the “Known issue” for the issues that have already been found and fixed.

So what about those action pack licenses?

http://msmvps.com/blogs/bradley/archive/2009/10/30/mpan-program-closed.aspx


So the bigger and more important question is …what about the action pack license that was allowed to be purchased by CPAs as a result?  Are they still licensed?  Can they renew?  Can they keep the licenses or do they have to buy all new Server and OS licenses to make themselves legal?  [notice I’m using the word they as I’ve kept my firm buying software assurance for the server all this time and didn’t use the action pack for the firm]


I don’t know the answer to that one.  Stay tuned.


[and shame on the Office Accounting team that didn’t anticipate that this would be the bigger question of the morning]

MPAN program closed

Dear valued MPAN member:


 We are writing to let you know that Microsoft® Office Accounting will no longer be distributed by Microsoft after November 16, 2009. As such, MPAN membership will also be closed to new members effective November 16, 2009 and the complimentary download of Office Accounting Professional 2009 and the Office Accounting Customization will be discontinued November 16, 2009. Some existing MPAN benefits, such as online on demand training, will remain.


 We would like to thank the many dedicated users and partners who have been enthusiastic supporters of Microsoft Office Accounting and MPAN over the years.


 As a registered Office Accounting user, you may continue to use Office Accounting after November 16, 2009 and Microsoft will continue to offer product support for Office Accounting in accordance with the terms of the support policy. Your current MPAN membership entitles you to unlimited phone support through January 15, 2011.


 To learn more about other Microsoft offerings that can be useful to your business, please visit the following:


   –   Microsoft’s Small Business site is a great resource for small businesses.


   –   Microsoft Office is a great tool for small businesses, especially when used with our easy-to-use templates.


   –   Microsoft Dynamics products offer adaptable business management solutions, and we invite you to visit the Microsoft Dynamics Community Web site, which offers role-based content, including a Finance sub-community, product forums and networking functionality.


 Please refer to MPAN FAQs for more information on MPAN benefits going forward.


 If you have further questions about Office Accounting changes, including changes to add-on services, additional information can be found on the Office Accounting FAQ page.


 Again, we thank you for your support of MPAN and Office Accounting. 


MPAN US Team