Category Archives: 747

Last Call for SBS 2003 SP1/ISA 2004 Media Kits


Yup – that’s right.  This is the last call for anyone that has not yet picked up their SBS 2003 SP1/ISA 2004 Media Kits.  December 31, 2007 is the end date for Microsoft to supply these and if you have not yet ordered your kit then you need to do it NOW!

For more details on how to get your copy of the media, see this link from the official SBS blog 

Don’t say you were not warned!

Category: SBS 2003
Published: 1/12/2007 11:08 AM

SBS2003 R2 SQL 2000 and SQL 2005 Downgrade Rights

SBS 2003 R2 is in beta now and the Premium Edition contains SQL 2005 Workgroup Edition which is nice.  It will give forward looking customers the chance to get all the great features of SQL 2005… that is once their application vendor supports it.  What do they do in the meantime if they need SQL 2000 then?  Well – based on the information on the MS website, they can do one of two things…

Option 1  suggests that they downgrade their SQL to SQL 2000 Standard Edition (I guess they have not figured out fulfilment just yet)

Q. What do I do if I want to upgrade to SBS 2003 Premium R2, but need to keep SQL Server 2000 Standard Edition until my application is certified or tested on SQL Server 2005 Workgroup Edition? 
A. We understand that customers and partners will require time to test their applications on the new SQL Server 2005 Workgroup Edition before installing it and need to keep the business running in the interim. To facilitate this, you may install SBS 2003 R2 and remain on SQL Server 2000 Standard Edition, moving to SQL Server 2005 Workgroup Edition once the application has been tested and is ready to be in a production environment. We highly recommend customers work closely with their IT solution provider or consultant as well as the line-of- business (LOB) application provider to work through this situation.

Option 2 suggests that they work with their application vendor to figure out WHEN to upgrade – this does not sound like the above.

Q. I want to upgrade to SBS 2003 R2 Premium Edition, but I need to keep SQL Server 2000 Standard Edition until my application is certified or tested on SQL Server 2005 Workgroup Edition. What do I do?
A. You should talk with your IT solution provider, system consultant, and the line-of-business (LOB) application provider to help you determine when the time is right to upgrade.

I can only hope that Microsoft have really thought out how best to handle this as despite their (Microsofts) desire to have the entire world use SQL 2005, reality is that many application vendors are only just now thinking about testing their apps on SQL 2005.  There will be at least 12 months more before application vendors have tested their apps on SQL 2005 and certified them for it.  So – Microsoft – which is it – which path will you take that shows that you understand the need of the Small Business Owner that you so desperately want to adopt SBS as their First Server and their Right Server?

Patching – needs to be even simpler please Microsoft

Today we had an interesting issue on a client site – the client runs SBS 2003 – they sent out an email blast to 60 of THEIR customers but they mistakenly put everyone in the cc line instead of the bcc line.  What then happened was a deluge of emails that bounced back to them and continues even now.  Our IT team immediately checked out our clients SBS server and could not see a problem, until we realised that the mail was coming from one of their customers servers.  We investigated and the based ont he MX records, it gave us the impression that the clients customer was using the POP3 connector.  So we figured it was linked back to the now infamouse POP3 connector patch I then spoke with the IT Guy that was looking after the clients customer – his response was “They should be right as they have automatic updates turned on”.  His belief was that the customers server was fine with just Automatic Updates turned on.  Depending on the media you installed SBS from, you may find that your not covered.  Automatic Updates in the original pre SP1 versions of SBS 2003 just ensure that the Operating system is patched – it does not take into account all the other components of SBS such as Exchange Server, the POP3 connector or ISA server.  The issue we have here is that Microsoft fail to understand that this issue exists and they fail to do anything about resolving it for older software.  That my friends is bad.  Sure, in the next version of SBS 2003 – SBS 2003 R2 (or SBS Version that shalt not be named) it’s all sorted with the total integration like never before of WSUS, but Microsoft need to make it much more clear to the IT Pro’s out there just what is and is NOT patched by Windows Update, Automatic Updates and Microsoft Update.  The way that we can handle it on our SBS servers is to visit the Microsoft Update site and use Microsoft Updates once, this will “flip the bits” that will ensure that future Automatic Updates will include the additional Exchange, SBS and ISA component.  Had the IT Guy done this then we would not have this problem right now.  Fingers crossed that he deals with this quickly now.

Update – just recieved email that he’s applied the MS POP3 patch very quickly (in fact within an hour of being told) so things should settle down quickly now.

Media Centre PC for home – LCD TV selection.

My wife and I have been planning to redecorate our formal lounge / dining room – we don’t use it for these functions, but instead we’re using it as a home office / library.  Now we want to add another function to it and at the same time redecorate.  With our kids getting older now, we decided that we want to use this as a parents retreat / home cinema.  So I’ve been shopping this weekend to get some of the components.  I won’t bore you with the hassles we are about to go through with ripping up the carpet and laying a floating timber floor, or the problems selecting the right colours for the paint etc.  What I will let you in on is the selection of technology that is going into our home right now. 

We’re going to setup a Media Centre PC here in the library, and team that with a nice big wall mounted LCD screen.  I did quite a bit of investigation into the LCD vs Plasma debate, and settled on LCD as the selection for me – one of the prime concerns I had with Plasma was the screen burn issues that I’ve heard about.  We do plan to use the big screen with the media centre PC and I was worried that if we had plasma it would not be good for this.  So – once decided on the LCD screen it was off shopping.  There is a new big store opened up nearby in the last week, so they are having massive sales on everything.  Of interest to me were Harvey Norman, The Good Guys and JB Hi-Fi – all but The Good Guys were new to this location.  So I went along – my wife had set a maximum of $3000 for the TV purchase – I dearly wanted a 42” screen, but sadly they were out of the price range.  The 32” screens were in the price range, but I really wanted to see if I could go for the 37”.  After looking at the screens somewhat, I settled on the Sharp LC37GA4X as being the one I liked the best – I saw this in 2 of the three stores and it was the one that stood out from the rest.  It had an RRP of $5999-$6599 based on many stores.  I asked for the best price from one store and got it down to $4800.  I came home, did a bit of searching on the net, found that the people that had reviewed this screen loved it – even found some people that had teamed it with a media centre PC with great success.  The best price online I could get was $3800 here in Australia – good I thought.  I went back to one of the stores, and they under pressure from my wife gave me a price of $3500 which was higher than budget, but my wife allowed me to stretch a little (thanks dear).  I then went over to Harvey Normans and they price matched it.  Great – I was going to also buy my media centre PC from Harvery’s too, but in the end the one they had didn’t have a dual tuner hence I could not record two programs @ once.  Long story short – I’ve placed a deposit on the Sharp LC37GA4X for $3500 and pick it up Tuesday. 

In my next bit I’ll go over the selection of the media centre PC and then after that how we hook it all up.  I’ll need to integrate this PC into my SBS 2003 home network – the server already has 750GB of RAID 5 storage just ready for it.  Hope you learn something from my experiences.

Darwin Special MS Partner / End User Presentation

I’ve just returned from a quick trip to Darwin – my first visit there.  Man was it hot… we landed at 10:35pm at night and it was still 30c outside and sticky.  I was asked to be involved with Microsoft in presenting to the reseller community in Darwin about SBS – do a summary of the 2 hour network build and also present my spin on Dean Calverts excellent session on how he builds his business around SBS 2003 and a session on mobility around SBS 2003.  What I learned going over Deans presentation was that we do many things in a similar fashion and at the same time many things differently.  I’m going to be adopting some of his ideas into my business model in the future.

What surprised me about Darwin resellers was their initial reluctance to look at doing any real marketing.  Many of the Darwin SBS resellers are like I was a few years back – they get 100% of their business via word of mouth.  Now this is not all that bad – it tends to give you qualified leads that are of good quality.  The problem though with word of mouth marketing is that it’s inconsistent.  You can not predict when you will get your next lead, therefore if you are having a low time in your business, you can’t really do all that much to excite it and get it moving.  This is one of the key things that I feel has held back the growth of our business over the last few years.  The solution to this is to get involved in marketing – getting your name out there so that you can get a larger share of peoples mindset and business than what you already have.  When asked at the beginning of these presentations by Microsoft if the resellers would engage in marketing, only one or two people put their hands up.  I then had the chance to present a number of sessions based on my real world experience, and as part of that I presented Deans session.  I kept reinforcing to the audience just how we were doing marketing around these activities and how little effort some of it required.  I had a lot of fun presenting to this crowd, and they were all ears.  At the end of it, around half the audience now want to get involved in marketing activities because they saw that it’s not as scarey as they first thought.  I felt good about this because I felt that I had helped them see the light and the potential they could achieve with this.

We ended with the potential to start an SBS User Group in Darwin – Lucinda Hodges is going to head up the group for now, and we’re looking at the first meeting late January 2006 or early February.

Time will tell how they succeed with this or not.  I enjoyed my all too brief visit to Darwin

“Redmond, we have a green light on SBS2003 Service Pack 1 Beta”

In scenes reminiscent of the space shuttle launch, the SBS Dev team this morning had their release meeting for the Beta of SBS2003 Service Pack 1.  The managers from the Dev/Test/Program management team and the user education managers Lead program managers were all asked to signify their signoff of the release of this beta as they went around the room responding “Go“ when asked about their specific teams focus areas.

Incorporating Windows 2003 Service Pack 1, Exchange 2003 Service Pack 1, various other hotfixes and security patches, this represents the first major release of code for SBS since it’s launch in October 2003.  Users who have SBS 2003 Premium will also get ISA 2004 and SQL 2000 Service pack 4 as well.  Although this is a beta release and should only be used on non-production systems, it’s a step forward for many of the SBS’ers out there in the fight towards increased security and reliability.

If you’ve been accepted into the beta program for SBS 2003 SP1 then you should be able to download the updates from the MS beta site some time over the weekend.

The input that MS have taken in preparing this beta from partners and the community reflects a commitment to improve the product based on not only their own PSS reports, but those comments from the people at the coalface.  Good work MS – we look forward to the release of the final RTM version of this in the coming months.  Thanks also for allowing the MVPs to be part of this process as an interface to the community.

When is a virus not a virus???

OK – yesterday was one of those days that I’d like to do over again.  It started with a very late night before when I went to the airport to pickup my in-laws and their flight was delayed a few hours – ultimately I got home in the early hours of the morning and therefore had little sleep.  My first appointment was an 8am visit with one of my long term clients and went well – planning for a 170 location VPN solution, VLAN’s in the head office and cool stuff like that.  I got into the office around 10am and was almost immediately hit by my phone support guy Daniel with a “we’ve got a virus outbreak and what should we do“.  Now Dan has only been with us a few months, he’s a great guy and what he lacks in knowledge he makes up for with enthusiasm and desire to learn.  But we had two sites call in within a few minutes of each other telling us that they had massive outbreaks of a virus on many workstations and their servers.  This had also affected their terminal servers and users were kicked off and when they tried to reconnect, they timed out.  Now I am (and still remain) a very big advocate of Trends Antivirus products – for me they have saved the day every time, and the only infection that I’ve had has been a single PC that was hit by a virus in the first few hours of it’s life, before the AV vendors became aware of it.  So I have a great faith in Trend and it’s abilities to keep me clean and secure.  So when you get something like this, you start to worry.  We could not TS into the clients site (which were a side effect of the problem) so we got the client to tell use what the name of the virus was.. We got the name HKTL_LSASSSBA.A from the client and did a lookup on Trends site.  The infected file was always the same on my sites – c:\winnt\system32\netapi32.dll .  At that point in time Trends site reported this as a low risk but that they had only discovered it less than 15 hours beforehand.  Given what appeared to me to be a wide spread infection combined with the fact that I’d not heard about this virus in the community earlier in the day, I was concerned that we were at “ground zero“.  I used IM to ping about 18 other SBS MVPs around the globe to see if they had seen it either on their customers sites or in the community – the response was No.  After a few minutes, one of the guys found that one of his sites had just started to report it too.


So we hit the panic button – started to warn the community and our customers to be on the lookout for this as we felt that we would not be alone.  Given that the apparent description was the it installed a hackers toolkit, we didn’t know what it would then do.  I advised my infected clients to shutdown their internet connection as first step and then to shutdown all workstations – we left the servers running so we could gather information about it.  I spoke to Trend locally and they didn’t know anything other than what was in the on line information, but proceeded to try to assist.  The problem was that we didn’t know how this virus got into our systems in the first place – was it email borne, web browser based or who knows what.  

I ultimately believed the best way to get a handle on this was to go to site myself, so I jumped into the car and lucky for me, the nearest client was 15 minutes away.  Got there and was able to run the Trend Console and this showed that the server and a few workstations were affected by the virus – the customers terminal server (sitting next to the SBS server) was apparently clean.  We went over the logs, and found that the virus pattern had updated to 2.333.00 at around 2:30am that morning – and the first reported infection of the netapi32.dll file was at 9:17am – other PCs were shown as infected after that time – therefore we believed that the server was the “zero point“ in this system for the infection.  We still didn’t know how it got infected though which was a big worry.  I spoke with a Melbourne reseller – Daryl Maunder who also had two sites affected by this – what made it more interesting was that one of his sites was a Lotus Notes site and therefore it was not likely that it was email bourne.  His other infected site was actually a single PC that sat in the corner and did not have email or web browsing done on it at all – it was used just for running a scheduled FTP download from an external site to the internal system.  NOW WE WERE REALLY FREAKED OUT.

So, given I had already spoken with first level support at Trend and didn’t seem to get too far, I got on the phone with my mate Andy Huntrods at Trend (Andy is the Aussie Channel Manager) and said “we’ve got a problem and I need this kicked up to the top ASAP please“ – Andy proceeded to walk around the office and passed me on to the Aussie Technical Manager – Anthony.  He was not aware of anything big “out there“ right now which made me both happy and worried at the same time.  But he took it on board and went digging into his information.  After a few phone calls back and forth, he came back to me with a pattern file to apply to our infected system.  This ultimately resolved the problem for us as it was a “false positive“.  We had NO infection, but Trend thought we did and did it’s job of protecting us.  So what happened???

Well first you need to understand something here and that is that Trend alerts show an infection by spyware in the exact same way as an infection by a virus.  When Trend detects a virus, it attempts to block access to the infected file (which it should do of course).  The netapi32.dll is a critical system file and as such access to it was being blocked even from the system itself.  This we suspect caused the terminal services components to cease functioning and was an unfortunate side effect of the bigger issue.  So shortly at 9:11am, the clients sites started to download an update for the spyware signatures (v0.195.00) from Trend (these are different files from the normal virus signatures) and this had incorrectly identified the netapi32.dll file as being the HKTL_LSASSSBA.A “virus“.  Trend did it’s job and then distributed this new pattern file to all the workstations which was what we saw as the “spread of the infection“.  Now I’ve learned that HKTL is actually Trends short version of “HacKer TooL“ which means it’s not actually a virus, but potentially spyware.  The updated pattern file that Anthony provided was a “Bandage“ solution – one that they use in times of high risk virus outbreaks to quickly get a customers site under control – it’s version was 0.196.00.  We applied that to the server, pushed it out the the client PC’s and then scanned the network to be sure – all was good and systems returned to normal.  Later in the day (actually about 1hr after I got this sorted), Trend pushed 0.197.00 out to the world via their normal channels.  So the problem was fixed – all that remained for me was to go to the other infected site and manually push the 196 file out to the server and workstations.

So what did I learn from this?  What feedback can I provide to Trend?

  1. In our standard configuration we elect to turn on the Spyware scanning for workstations AND servers (which is by default turned off in CSM Suite for SMB) – I plan to modify this slightly and only have it enabled for workstations.
  2. For Trend – Give us a different type of warning for spyware and virus infections – don’t make us and the customers decipher HKTL – it should tell us in big clear letters “Virus infection“ or “Spyware Infection“.
  3. Also for Trend – Give me a console that I can use (as a VAR/Reseller) to manage ALL my clients sites from my office – I had to initiate a person to login to each and every site in the early stages to check each clients CSM installation to see what signature versions they had etc.  I want a console that I can use to control my sites installations of Trend products – you have this for the enterprise already, you just need to make it available to us for this end of the market as a reseller!
  4. You can never have too many friends in too many places – thanks for the SBS MVPs worldwide who got onto this and helped investigate what may have been a potential outbreak.

So the last question is – do I still trust Trend?  Will I still be as enthusiastic about it?

YES – for sure – although it caused me some pain this time around, it is the first time it’s done so and I would rather be having it detect things than not.  The people and relationships I have with Trend are one of the main reasons I love working with the product.  They help make supporting it even easier.

SBS2000 to 2003 Upgrades – a few considerations…

Ok – my preference for installations of SBS2003 is to do a totally fresh installation.  However there are times when this is not possible due to budget contraints or time limitations.  I’ve had two such customer scenarios this week that needed to have the inplace done, one for budget reasons, and the other for time constraints.  So we’ve used the inplace upgrade method.  Before using the in place upgrade method I’d considered a few things.

1. Did I install SBS2000 on this system? I look at this as I want to ensure that it’s a system that I’ve controlled for it’s life.  If I didn’t install it then there may be a heap of underlying issues just waiting to bite me.

2. Is the hardware capable to run SBS2003 for the next 2-3 years.  In the case of the systems I’ve done this week, both were for 5 user sites, one was a 2.4Ghz system with 1GB RAM which was fine, the other was an 800Mhz system with 1GB RAM which was at the very low end of what I wanted.  I advised the 800Mhz customer of this and he was fine – wants to replace the server next financial year anyway.

So here’s the process I followed in these upgrades this week.  Both of them had RAID 1 using software mirroring, so we disconnected the mirrored drive before we commenced as our utlimate backup plan, and then later once it was done and we knew the upgrade was 100% we reconnected it and reconfigured the mirror.

Preflight Check – these can all be done prior to the day of the upgrade to minimise the downtime


  1. Check workstations – if any Win95 or Win ME then upgrade can not proceed
  2. Check SBS2000 Service Pack levels – must have SBS 2000 SP1 installed
  3. Minimum 2GB Free on C: Drive
  4. Ensure ISA SP1 is installed (v3.0.1200.50 if no SP, v3.0.1200.166 SP1)
  5. Install hotfix for ISA for W2003 Server (ISAHF255.exe – KB331062)
  6. Download and unpack the latest supportpaq from HP for the server
  7. Clean up drives, delete files not needed and empty recycle bin
  8. Defrag drives (if time permits – do this remotely)
  9. Verify backups are good

 Rollout Process

  1. Ensure the Internet NIC is disconnected
  2. Disconnect the mirrored hard drive (if it’s a dual drive mirrored system)
  3. Remove any UPS cables to the server
  4. Remove Exchange IM
  5. Remove Admin tools
  6. Remove AV software

    1. Remove Scanmail for Exchange
    2. Remove Trend Client from the server
    3. Remove OfficeScan Corporate Edition from the server
    4. Reboot

  1. Note any specific config options that need to be reinstated later

a.      Exchange – forward all mail to specific host

  1. CHKDSK /f on all hard drives
  2. Save and clear event logs
  3. Reboot server
  4. Check event logs – note / decide on action about ANY errors
  5. Insert SBS2003 CD1 and commence setup
  6. During the W2003 installation portion of setup, if it asks you for drivers for the HP/Compaq server, insert the SmartStart CD as it has the drivers the system needs.
  7. Phase 2 of the SBS Setup
  8. Reboot and complete the To Do list
  9. Do not do step 6 of the to do list – Import Files – as we don’t use this option
  10. Detune ISA security

    1. Remove the authenticate all users from the outbound web listener

  11. Windows Update & reboot
  12. Review loginscripts to ensure that they are correct and do not have any additional characters in them
  13. Test one workstation on LAN – verify access to email, files etc
  14. Install ISA FP1, ISA FP1 URLSCAN (isafp1ur.exe), ISA SP2
  15. Install Trend AV & configure
  16. Install GZIP Hotfix, E2003SP1 and Post SP1 SBS Hotfix
  17. Modify hardware firewall to add additional ports and protocols

    1. 443,444,4125

  18. Shutdown and configure the mirror the original hard drive
  19. Workstation rollouts

    1. Assign applications to all workstations from the SBS console wizards
    2. Remove old AV & rollout the new AV
    3. Add users to be able to logon remotely via RWW on the desktop computers

  20. Verify all AV clients are seen in the AV console