Monthly Archives: December 2011

You are browsing the site archives by month.

Risk of MS11-100

http://blogs.technet.com/b/msrc/archive/2011/12/30/december-2011-out-of-band-security-bulletin-webcast-q-amp-a.aspx

*Q: If the main target is Internet facing systems with IIS & ASP.NET installed, should I concentrate on patching my webservers first before patching client systems?**
A:* Prioritization for this update would be specific to users’ environments, but servers that are internet-facing and accept input from unauthenticated or untrusted user-provided content are most affected and should be prioritized. Likewise, clients are typically not in a web server role, and so systems that are running a web server role should be prioritized.”


Q: These updates run on Windows clients whether or not IIS or ASP is installed. Are the updates not effective in this case?
A: By default, IIS is not installed with .NET and by default, .NET is not installed by ASP.NET. Customers would first need to installed .NET framework with ASP.NET in order to be vulnerable to the vulnerabilities documented in
MS11-100.


On workstations, where .net versions from 1 to 4 are installed, you are not at  risk.


On SBS servers, I just dont’ see that an attacker would target a small business server. 


If you have a public web site (like ecomerce site), those would be of greatest risk.

So about Google Plus

I talked to a social expert today.  AKA the 17 year old in high school.  And despite all the Google Plus is adding millions of users talk going on (see http://techcrunch.com/2011/12/27/googleplus/) he says the reality is that it’s still dead.


Social right now is still Facebook and twitter.  No matter what the pundits may predict, Google still isn’t winning where it counts – in the hearts and minds of users of the platforms.


So if you still aren’t into Google plus, don’t worry, no one else is either.

Out of band update today

So tonight on your wsus MS11-100 sync’d up.  An out of band .net update.


http://blogs.technet.com/b/msrc/archive/2011/12/29/microsoft-releases-ms11-100-for-security-advisory-2659883.aspx


On workstations I see no need to rush here.  In fact I see low risk if you decide to pass on this update.


On servers, unless it’s a public facing web server, I’m not seeing a huge rush either. 


For anyone running high targeted cloud servers, you not only need to be concerned about .net but ruby, java and apache patching as well as this is a hash table denial of service for lots of web servers.


But for us normal folks…. this is not an out of band that I would be freaking out over.

Office 365 and SBS Essentials KB

Error message when an SBS 2011 Essentials user signs in to Office 365 after they change the password for their user account: “Microsoft Online Services ID or password is incorrect”:
http://support.microsoft.com/kb/2652040

The Office 365 Integration Module for SBS 2011 Essentials does not work as expected:
http://support.microsoft.com/kb/2652021

Looking for a Windows Storage Server R2 Essentials vendor? Check out Backup Box by Gramps

2012 is starting off early with the announcement of a new OEM vendor for Windows Storage Server Essentials R2:



Backup Box by Gramps is the new OEM vendor.


http://www.smallbizserver.com/store.php



Now before you go… Backup Box by …..huh?  Grey Lancaster (aka Gramps) is now an OEM vendor for Windows Storage Server Essentials r2. 


http://www.smallbizserver.com/store.php


He will build to suit on either HP’s microserver hardware or a single bay foxconn box.  Why is this the perfect Windows Storage Server Essentials solution?  Well for one it’s just plain Windows Storage Server software, no fancy smancy OEM customization to get in your way, and then he keeps the box under the 2 terabyte size so that when you want to make a backup of the OS part, Windows backup actually works (there’s an issue if you attempt to backup more than 2 terrabytes in the current Windows setups — you can’t back it up).


It just works.  I use it to backup all of the workstations in the office as it supports 25 computers.  Whereas in the past I had to have 2 Home servers running and couldn’t monitor one of them very well, now I have one unit that just chugs.


Remember what Windows Storage Server Essentials R2 is?  It’s like Home Server, but it supports 25 computers and supports domain join.  Now you can opt to have it not do domain join but honestly I did it because in the SBS console when I domain join the server, it lights up as “online” so I can monitor it better.


http://sbs.seandaniel.com/2010/11/announcing-windows-storage-server-2008.html


Bottom line if you are looking for a Windows Storage Server R2 Essentials vendor, look no farther than one by Gramps.

SBS 2011 kbs of interest in December

Event ID 6398 due to CEIP Data Collection for SharePoint Foundation:
http://support.microsoft.com/kb/2616940/en-us?sd=rss&spid=1167
This issue can occur because of a failed job CEIP Data Collection for SharePoint Foundation.

Error 503 Service Unavailable while browsing SBS Web Sites:
http://support.microsoft.com/kb/2619402/en-us?sd=rss&spid=1167

Error 440 Login Timeout While Browsing OWA:
http://support.microsoft.com/kb/2629776/en-us?sd=rss&spid=1167

When SpecialPollInterval is used as a polling interval, the Windows Time service does not correct the time if the service gets into Spike state:
http://support.microsoft.com/kb/2638243/en-us?sd=rss&spid=14498

Latest hotfix for backups

Spotted this in a forum — latest hotfix for Win2k8 r2 sp1 for vss backups


“fvevol!FveFilterDeviceControl+1d0″ Stop error when you create a VSS snapshot backup in Windows Server 2008 R2 SP1:
http://support.microsoft.com/kb/2632149

Remove KB974674

Description of the Windows NT Backup Restore Utility for Windows 7 and for Windows Server 2008 R2:
http://support.microsoft.com/kb/974674
The Windows NT Backup Restore Utility for Windows 7 and for Windows Server 2008 R2 is not intended to remain on computers that are running Windows 7 and Windows Server 2008 R2 indefinitely and should be removed once you have restored backups that were made on Windows XP and on Windows Server 2003.


Let’s make it really clear what happens if you leave this installed.


You install that to restore some data from a 2003 era backup. You install it on a SBS2011 server.  You then go on your merry way and make backups.  You go to do a bare metal restore and upon the first boot you end up with a black screen.  Not a good place to be in.


Bottom line, if, for any reason you use this KB to restore data from a 2003 era backup to a 2011 machines, make sure you uninstall it and kick a manual backup.  Any backup made with it uninstalled will work just fine.  Any backup made with it installed will work to restore, just bare metal restore will be messed up.

Merry Christmas!


You think Santa is being tracked by Norad?  Well the SMBMVPtour is borrowing his hat tonight.


Don’t forget that more tour events are starting up in 2012 with one of the first being in the Netherlands on January 18th!


https://www.facebook.com/SMBMVPTOUR#!/photo.php?fbid=346028938747948&set=a.264610463556463.85421.229972950353548&type=1&theater

Fixing a backup issue

Greg shares —


  Hi Susan,

I have used your site many times and wanted to pass on an article that fixed a backup issue.
Since Day 1, my SBS Server 2008 windows backup has only worked intermittently, it might work for 2 days, fail 1 day, work again for 1 day, no real pattern. Microsoft had tried twice to resolve but were unable to. Finally I found an unrelated event viewer application warning telling me that my SBS monitoring database was full. It pointed me to this article:
http://blogs.technet.com/b/sbs/archive/2009/07/14/sbs-2008-console-may-take-too-long-to-display-alerts-and-security-statuses-display-not-available-or-crash.aspx
After running this fix my backup has worked consistently for 3 weeks now. Please share this with the masses.