THE OFFICIAL BLOG OF THE SBS "DIVA"

Okay I give up.. I'm building another SBS sp1 base..why?  Because it failed out during the install and said it couldn't apply SQL 2000 sp4... all because in the second screen of the "where would you like me to put your data folders and databases, I stupidly put in D:\MSSQL... not Programfiles\blah blah..but just MSSQL and our wizard install obviously didn't like it.. so now.. I'm putting the entire thing on one stupid giant partition and just letting all the defaults put everything on C:

When wizards work ..it's great.  When they don't warn you ahead of time what they are expecting... you end up with me venting and ranting out here like this.

The gang says they flatten OEMs and reinstall them ...if for nothing else to ensure that they can truly restore from stratch in case of a disaster because there are times that the drivers are not on the cdroms, so they need to know exactly 'how' to restore.

But.. I tell ya.. right about now... a 15 minute OEM install would look REALLY nice.. 'cause I'm having to start ALL over again to get a base of a SBS sp1 just so I can start the process of testing things it getting real old.. real fast.  I just wasted today's build and have to start over because if my foundation isn't installing correctly, there's no use doing any more testing on top of a bad baseline.

Normally we say that you need to install three times... but installing three times isn't exactly what I planned to do tonight... I mean after all ..Grey's Anatomy is on next.

Event 1030 and event 1058 may be logged, and you may not be able to start the Group Policy snap-in on your Windows Small Business Server 2003 computer http://support.microsoft.com/default.aspx?scid=kb;en-us;888943&sd=dell

So you loaded up an OEM and now get a funky error about OEMSBSDN in your error logs and group policy isn't applying...then try those steps in that KB for resolution.

While many in SBSland would advise you to flatten that OEM and start over.. I'd honestly like to get that OEM install to be better so that the vars/vaps will trust it.  As a person today who had to restart a base install of SBS 2003 sp1 because of moving drive locations screwed up the server tools, feeding cdroms to load up SBS is not fun, nor entertaining and gets old after a while.

A DVD would be grand.

An OEM install that we trusted even better.

Want to know some of the things that went into the decision regarding the model of our most recent desktop computer?

I bought that model because it is the business class version that installs the least amount of additional stuff, I can purchase the media for $10.. (real media not imaged restore media) and ...don't laugh... the top of the mini tower is flat, and the usb slots on the front are not insanely and stupidly under a trap door like thing that you have to crawl on your hands and knees to put the usbcable in.

Besides the fact that it's got sata drives and all that.. the fact that the top of the minitower was flat was a reason we got that model....

I kid you not....  ;-)

BTW I understand that this isn't 100% effective.. http://www.yorkspace.com/dell-de-crapifier/ but it's interesting nonetheless

You receive an error message when you try to perform any editing tasks, or you must click to enable the compose frame in Outlook Web Access:
http://support.microsoft.com/?kbid=911829

Coming down on Servers tonight on MU is this KB to fix an issue where in OWA 2003 you need to 'click here to activate control' due to the Eolas patch.

... you might not want to during the middle of the day as well as it temporarily stops Exchange...

...and being the geek that I am.. took a photo of my car and the other car with my Windows Mobile 3 Cell phone....long story short... she pulled out nose first right into traffic... I couldn't avoid/stop fast enough.

But the minor impact reminded me of ... what else.. geek that I am ... of disaster recovery...

Lessons learned today

• Have your documentation in one place for your software, hardware, know what systems you have, serial numbers, etc. -- when you are ever so slightly a bit scattered after the event... you'll probably be a smidge flustered... ensure that you keep key information in a spot that you know where that is, in the case of the car accident, that's License, registration, insurance, etc.
• Ensure that there is someone less flustered on hand to help you through the disaster -- no matter how old you are.. I still called Dad when the event occurred (he lives not that far away) and he had the presence of mind to remind me that I carry with me a cell phone that has a camera.  Great for documenting in just these situations.

Now what this event can't do for disaster.. but I've heard Brian Desmond talk about before.. is make sure you test your DR processes.. because when the real disaster occurs you will be slightly flustered. So make sure you've tested restoring a server and make notes along the way.  These days with VPC/VMware/Vserver being free, there's no reason not to fire up and do a test restore. Sometimes you have to see the screens to understand what is going on.

So do a little planning.. because when the real DR hits... don't be like me and flustered on a Friday morning...

P.S.... damage is only the bumper and the headlight.. on the personal front, a little soreness on the right side from tensing, turning the wheel trying to avoid the car....but fortunately no whiplash...

I blogged about this earlier when it was a hotfix and we're seeing it now when it's a "public patch"

http://support.microsoft.com/?kbid=916106

If you have ISA 2004 sp2 and you then get offered that patch.. some machines kick a reboot.. some don't.  And when they don't, because the patch is not automagically restarting the services they leave the IIS sites not running and thus your email is not working and companyweb is not functional until you restart the services.

After you get this patch applied.. check the services.... or reboot...

I'm still not sure why some boxes are rebooting and some are not.

Will be on the topic of Vista

and the month after that on Exchange....

For anyone in the area.. just send an email to smbtn-fresno-subscribe@yahoogroups.com if you are interested in getting the announcements.

Shall I translate this blog post?

The second Tuesday in July Windows 98, 98SE and ME are dead. To borrow a lyric from Munchkins... Morally, ethically, spritually, physically, postively, absotutely, undeniably and reliably dead....

Don't forget.. Thursday at 6:30 p.m is the next meeting of SMBTN Fresno

The topic is SBSC.. Small Business Specialist Certification

• What's it all about
• Advantages
• What's the buzz?
• WWPC and the Small Business Symposium
• Is it a brand?  Is it a credential?
• The Best Buy impact

...along with top news of the month

6:30 p.m. at the Fresno Airport Holiday Inn in the Sequoia Room

See you there!

I just got through cleaning up the "teenager" virus.

Clients laptop that I was booking journal entries on their Quickbooks.  The minute the machine booted up ... all sorts of lovelies.... and there on the desktop was the reason for all this scum and adware and crud... not IE.. .not Windows needing patches... and not one.. but two peer to peer file sharing programs.... when you visited their home pages WARNED you that you might be infected, nailed with spyware and other stuff.

This was a nice, clean pristine laptop not 2 months ago.

Would Firefox or any other software protected this machine?

Are we to blame because we in the tech world want everything "for free"?  Yup... and that "for free" comes with a high price.

http://aresgalaxy.sourceforge.net/p2prisks.htm

Read that.. now tell me... why would anyone in their right mind want that on their computer?  And why do we then wonder why our computers can't be protected.. .because we can't make the proper judgements when the software even warns us in black and white that we're going to be up a creek without a paddle if we install it.

So you saw today's Crown Jewels of SBS and want to see tomorrows? 

Sign up here!

part 2 - http://www.msreadiness.com/WS_abstract.asp?eid=15004064   4/27/2006
part 3 - http://www.msreadiness.com/WS_abstract.asp?eid=15004065   4/28/2006

No.. and while I go look for a page/whitepaper somewhere...

Here's this.... and when Mothership Los Colinas says "no"..that's gospel.

And here's Mark on the subject...

825505 List of software installation requirements for SharePoint
Portal Server.

From the article:

____________

If you are installing SharePoint Portal Server on a domain controller, you
must install it without the database engine. When you install it on a
domain controller, the option to install with the database engine is not
available.

Before you install SharePoint Portal Server, Microsoft recommends that you
make sure that the following programs or technologies are not installed:  
- Microsoft Exchange Server (any version)
- Microsoft Site Server (any version)
- Microsoft Office Server Extensions
___________

The Exchange component piece is covered by 288654 SharePoint Portal Server
May Not Install on Exchange 2000 Server.  

So, you end up with two major blocks on an SBS server.  First, you cannot
install the database engine, and, secondly, you have to uninstall Exchange,
thus removing core functionality from both pieces.

(Take that back to that partner 'eh Angie?)

Susan, I haven't been able to find much on this. Have you written anything on whether it is safe to host a public anonymous website on a SBS server? If it's safe to do so, where can I find something on best practices?

Well it depends.....would "I" host a public website on my SBS box?  Heck no.  Why?  Because of the data on my box is why. 

What's the important thing to remember about doing this?

It's about the data ..... what is on that box?  Know that you need to patch soon after patch Tuesday...know that you need to ensure you have a good firewall.. and no folks.. having servers with merely Windows Firewall is not good enough.. you need to have auditing enabled.... mind you that a SBS box with all it's defaults and ISA and daily email and the addition of Dana's Firewall Dashboard (which isn't just a tool for ISA by the way...) could make for a well monitored website... but it honestly comes down to that data.  There is more risk with port 80 open.  There is more risk hosting a public website, putting out the welcome mat for any and all... so the "best practice" in doing it on a SBS box?

Ask yourself if the data on that box requires extra paranoia and proper protection.  If it does... then maybe hosting a web site on a domain controller isn't the wise thing to do....

It's all about this isn't it?

..making things easy...more agile.. easier to get the job done... Watch that and see if you don't agree with me that that's exactly what SBS is all about.. the foundation and base that makes it all possible....

....and I need to order two more Mobile phones for the gang in the office...

So the gigabit issue from yesterday has been solved... so far.. and I think the resolution was the updated NIC card drivers... but there's one more thing that Frank recommended... http://support.microsoft.com/kb/q305293/ that KB to ensure that the group policy is being properly applied.. he's seen that on some of his networks....

So on my glowing blue baby test server I got a dooozy of a BSOD yesterday... just as I was needing it to be in good shape for Vlad's SBSgroup meeting.  So I got it operational and it sent off a Dr. Watson... but I remembered PeterGal's post on how to do debugging... so while I sent the dump file off to the expert of "~", I made him a deal..that I'd try to look at it first and see if I could figure out what was doing it.

..now I had an idea that the virtual cdrom driver that I'd downloaded probably was the culpret since it was unusual and not my normal thing that I install on my server... but I followed Peter's blog post....

I downloaded the debugger tools....

I set the symbols like he said to do

I ran the program and....

 Probably caused by : atapi.sys ( atapi!IdeLogSaveTaskFile+1f )

Now given that the cdrom virtual cdrom has a post in their forum about atapi.sys... what do you want to bet that that virtual cdrom driver is the one causing the issue.

... and like many things in tech.... that wasn't so hard to do after all!

Now I can't wait until my next BlueScreen!  This is cool!

So Rob sent me a comment via the blog........and since he didn't give me an email address.. I have to address him via this way.  But before you click to download the updated 06-015 patch, or reboot your box for the iTunes/Delta hotfix for ISA 2004 sp2, keep reading and don't make the same misinterpretation that Rob did in his reading about what SBS "can" and "cannot" do....

Rob has made a new post: SBS and the domain controller issue.
 

Can you send me a link to the podcast that confirms the fact that SBS 2003 (standard or enterprise) will happily coexist with other domain controllers on the same network\tree\forest etc please bearing in mind the following from microsoft.
 

"Q. What is Windows Server 2003 for Small Business Server? 
 

A. Windows Server 2003 for Small Business Server is designed for partners who want to deliver a server solution based on Windows Server 2003 as part of their product offering. It provides the same version of Windows Server 2003 that is used by Windows Small Business Server 2003, but it has none of the added features included in the standard edition or premium edition of Windows Small Business Server 2003.
 

Windows Server 2003 for Small Business Server has the following restrictions:
 

. Only one computer in a domain can be running Windows Server 2003 for Small Business Server.

. Windows Server 2003 for Small Business Server must be the root of the Active Directory forest.

. Windows Server 2003 for Small Business Server cannot trust any other domains.

. A Windows Server 2003 for Small Business Server domain cannot have any child domains.

. Each additional server must have a Windows Server 2003 for Small Business Server client access license (CAL). You can use CALs for each user or for each device."

( excerpt from http://www.microsoft.com/windowsserver2003/sbs/evaluation/faq/prodinfo.mspx - note that the products this refers to is the sbs 2003 family which is 'windows small business server 2003 standard edition' or 'windows small business server 2003 enterprise edition')
 

if what you say is correct (i.e. more that one domain controller allowed in a sbs 2003 standard or enterprise network) then why are microsoft misinforming us?
 

member servers i know are ok.
 

secondary dc's ? (what as in pdc/bdc pre NT5 compat), do you mean mixed or native mode.
 

having a server that will not relinquish fsmo roles is a pain in the *** for diaster recovery as I hope you well know.
 

I found that SBS 2003 CAL's way too expensive it was cheaper to buy server 2003 standard ed and exchange 2003 standard - with much more flexibilty with regard to recovery.
 

On a sillier note wouldn't placing more than one DC in a sbs 2003 (std ot ent) network be in violation of the microsoft eula.
 

I eagerly await your reponse.

Rob

…. Rob…couple of things wrong here.. first off that quote is about the ‘base’ operating system software of SBS.. not exactly SBS per se but the same rules apply…but I’m still not reading that that says you cannot have additional domain controllers.  SBS from day one has to be the primary domain controller, (note the emphasis on primary) but it does not have to be the only one.  It can’t do trusts..but you don’t need trusts to do additional domain controllers… so I’m not sure what you are reading in that that says you cannot add additional domain controllers.
 

You can’t add another SBS box…that’s what you can’t do and is what they are referring to here.
 

But which part of those phrases you quoted above in any way restrict us from having an “additional” “normal” Windows server acting as a domain controller.  All it says is that only one box can run the Windows  Server 2003 for Small Business software in a domain… it doesn’t say a thing about blocking another Windows server.
 

Microsoft is not misinforming us, you are just reading it wrong.  As far as the lack of movement of FSMO roles… sieze the suckers in a disaster.   If you have that additional DC.. all you have to do if you want it to have the FSMO roles is type in the commands and seize the suckers.  If “I”, blonde that I am… can do a swing migration… walk through the steps and see how having the FSMO roles on one box can be moved to another…. Everyone who works with servers should be able to see that under the hood, SBS is active directory.  Sure a few speed bumps here and there…but it’s AD.  And if you can’t handle disaster recovery of a SBS box… man… you probably can’t handle a normal server recovery either.
 

As I’ve said before, Jeff Middleton talks a lot about the myths of disaster recovery and it’s amazing all the misconceptions about SBS.
 

…Now....as a beancounter.. I’m having a hard time doing your math where you are saying that it’s cheaper for Windows Server/Exchange Server and cals.  Remember all the other stuff we get on a SBS box that is unique and worth it's weight in gold.  Remote Web Workplace, Rob is WHY you want SBS.  The daily email is WHY you want SBS.  And on the premium, show me how you pencil out that it's cheaper?  As far as flexibility for recovery… have you tried recovering a SBS box?  Truly.. all of you folks who complain about the DR-ability of a SBS box as compared to “normal” server.  Folks.. I got news for ya.  Restoring any server is no walk in the park.  Active Directory is the same whether you are running SBS or Windows Server. 
 

You cannot have another “SBS” in a SBS network.. but the Eula does not prohibit us in any way shape or form of having an additional domain controller.  BDC (backup domain controller) is a NT4 term and is no longer used.
 

READ THIS SBS MULTI-SERVER WHITEPAPER… and can everyone out here understand once and for all, that you can have 74 additional domain controllers if you really wanted to and SBS wouldn’t care?  Hey you wouldn't have any workstations...but if you really and truly wanted 74 additional domain controllers to provide redundancy to that SBS box.. you could.  SBS just has to hold the FSMO roles. 

"Windows Server 2003. One of the most common misconceptions is that customers cannot run another member server or domain controller in a Windows SBS domain. This is not true! You can add additional member servers that are running Windows Server 2003 or Windows 2000 Server to a Windows SBS domain. You can even promote a member server that is running Windows Server 2003 to be a domain controller, in order to improve authentication services at remote offices."

But as far as disaster recovery goes.. I personally think that everyone from SBS boxes to big server land needs to do a SBS migration method once.. why?  Because it showcases exactly how “normal” of active directory we really have.
 

In chatting with Jeff Middleton…. Who will be speaking on the myths of disaster recovery of Small Business Server at TechEd 2006 in Boston…"I'm saying that what is not understood is what it really takes to replace a single server...any single server...if a restore from backup is one way, and rebuild is another way...but transparency is what you are looking for regardless. The problem is that not enough people even understand the issues. Swing Migration demonstrates the issues by proving that it can work, it does work...they just don't attempt to understand the issues, we format and reload instead of repairing, or preparing to repair."
 

Sometimes the best thing in disasters is to save what you can and start over….but use the power of active directory to do just that... and stop thinking that SBS in any way gives you any less tools to do what you can in a disaster in a cost effective manner.

Brand new Dell Optiplex and I'm sitting at my desktop doing stuff  (uh...like blogging this) while the desktop I'm setting up is just outside my office where I can keep an eye on it and as it reboots and comes back up I CANNOT remote desktop into it until it's logged into.  I keep getting the "desktop is too busy to accept connections".. I mean how can you be too busy when I'm the one controlling you?  On the listserves they've been talking about this and it's ALWAYS been gigabit network card related.

Turn off the "offload components" under the Advanced setting in the NIC is what Karen said, but I disabled the power settings, and anything else that might interfere in the network card configuration, then under the advanced setting, reboot the box and see if I can RDP from this desktop to it.

Dang.. nope.  Still doing it.

hmmmm...that didn't work either..... okay I'll keep testing settings...but know that if you are seeing this.. you are not alone.....

P.S.  But I "can" TS from the server via computer management/server management console...and once I do that.. I can then RDP from my workstation.

.... now that's really weird...why can I RDP after the server kicks the session off...but not desktop to desktop?

After reading this blog post....

Windows Mobile 5 on Audiovox SMT 5600:

and this one... and checking in with the guy that I know who has done this to his phone..... I think I'll stay on my Windows Mobile 3 and not blow up anything....

But if you want to flash your SMT5600 up to Mobile 5... it "can" be done.... just have the First Aid kit at the ready...

Heads up ..this 'may' need to reboot your server, so you'd probably need to install this after hours just in case...

(and if you have WSUS set for "publically available patches" ... or whatever that one category is....you should see this in your WSUS console as well....)

Download details: ISA Server 2004 Standard Edition Update:

http://www.microsoft.com/downloads/details.aspx?familyid=2aa53ee6-527c-4398-ab7c-fcf8e8dde8ce&displaylang=en

       Overview

This update addresses the following HTTP issues for ISA Server 2004 Standard and Enterprise Editions with Service Pack 2 (SP2):

• KB 915045: Error 502 "The HTTP request includes a non-supported Header" when accessing certain web servers. This occurs when accessing certain Web servers that return headers that are incompatible with each other.

• KB 915421: Errors 11001 or 400 when accessing certain web servers. This is caused by a misinterpretation of spaces in headers provided by ISA Server, and results in a corrupted URL and failure to load the Web page.

• KB 915422: Event ID 23004 when accessing web sites that respond with compressed content. Some Web servers always return compressed content, which is denied by ISA Server when it did not request compressed content.

• KB 916573: Error 500 (Internal Server Error. Not implemented (-2147467263)) when trying to download zip attachments from an Outlook Web Access server. The header returned by Outlook Web Access causes ISA Server to deny the response.

• KB 917134: Grayed out checkbox “Enable caching of content received through the BITS service”