While there are a few different ways to transfer the certificate to a mobile device, I have had 100% success with the following method each time I have used it. Hopefully it will be of use to you, whether you have the self-signed SSL cert from SBS or a third-party cert that is not recognized as valid by all mobile devices.
]]>And no, I don't have to replace mine...
]]>The new part number is Q56-00232 Entourage Mac 2004 Mac English Disk Kit CD (this is listed on http://www.microsoft.com/windowsserver2003/sbs/evaluation/faq/prodinfo.mspx). I'll post an update when I have a better idea that it is actually available. I now have on good authority that not only is the new part number available for order, but someone has actually received their copy of the media. Well, it seems that even though someone was able to order the media, it still has yet to get delivered to that person. Plus another person was having difficulty getting the media ordered. So, it's back to "I'm not sure what the status is" status on the Entourage media.I received confirmation on 10/23/2006 that the Entourage media is happily in the hands of the person who ordered it in mid-September. I think it's finally out there...
Looking in the logs, we found the following error lines:
Error 0x8007042c returned from call to Installing RRAS (LAN)().
Error 0x8007042c returned from call to CNetCommit::Common().
Error 0x8007042c returned from call to CNetCommit::Commit().
Googling on this error returned no useful results.
We looked up the error in err.exe (part of the Exchange Admin Tools download) and got the following output:
ERROR_SERVICE_DEPENDENCY_FAIL winerror.h
# The dependency service or group failed to start.
At that point we did a service-by-service comparison on that box to a known good SBS server and found that the Telephony service had been disabled. Once we re-enabled the Telephony service, the CEICW completeld successfully.
Lessons learned from this experience:
But what if the Exchange SP2 installer tells you that IMF is still installed, even after you uninstall it from Add/Remove Programs? Or what if you don't see the IMF listed in Add/Remove Programs to uninstall it?
Here are a few suggestions to get around this, followed by instructions for manually removing the IMF so Exchange SP2 can install.
]]> First, let's look at what to do if you don't see the IMF listed in Add/Remove Programs to uninstall it. The most likely cause for this is that you are trying to uninstall it from a different account than was used to install it originally. The IMF gets listed in Add/Remove programs only for the account that installed it. So if the IMF was installed as Administrator but you are trying to use an administrator-equivalent account to do Exchange SP2, the SP2 installer will fail and you won't see IMF in the Add/Remove Programs list to uninstall. In that case, log in with the Administrator account (or with another account that might have been used to install IMF) and uninstall it from there.Second, if the IMF is not listed in any account's Add/Remove Programs listing or you do uninstall it but still get the block in the SP2 installer that you must first uninstall IMF, try installing IMF again, rebooting, and uninstalling. In many cases, this is enough to get all the parts and pieces of IMF out of the way so SP2 will install cleanly.
Finally, if all else fails, you can use the following steps to manually remove the IMF from the server. Please note that this method should be used as a last resort, only if the above information has not worked to get IMF off your system. These steps include information about modifying settings in the registry. The standard registry warnings apply, including the recommendation that you make a backup of the registry and the specific registry key before making any changes.
Having had to go through this again this weekend, I rediscovered an old trick and learned a new one. Here they are:
Permanently Turning Off the Reading Pane:
Permanently Turning Off Grouping
[WARNING: the following describes a modification to the registry. Improper editing in the Registry can lead to a dead machine. If you don't know what you're doing in the registry, stay out. You have been warned.]
Any chance the SBS community at large has to communicate through official channels with the product team at Microsoft is something we should jump on. Especially when the feedback has been officially requested.
Details of the process follow (taken directly from the official blog post - you can link there directly and follow the instructions from there if you choose). Please note that even though a Passport is required to get into the survey, it is there simply to validate access to the survey. It is not used to track what your responses are. The survey is completely anonymous.
The Small Business Server Product Team would like to hear from the SBS User Community. This direct anonymous survey of the SBS User Community is brought to you by the SBS Product Team.
You are invited to participate in the Windows Small Business Server Community program on the Microsoft Connect Web site at http://connect.microsoft.com. This site has been set up to directly gather feedback anonymously from the SBS User Community.
Your role in the SBS Community is important to us. Microsoft Connect enables you to connect with Microsoft developers, product managers, and other development team members to help us make our products the best they can be.
To accept this invitation and become a member of this program, please follow these steps:
1) Use your Internet connection to visit our Web site at http://connect.microsoft.com.
2) Click on "Invitations" on the left-side menu.
3) You will need to sign in using a valid Passport and before you can continue to the "Invitations" page.
4) Enter your Invitation ID in the blank.
Your invitation ID is: COMM-GKXK-WJKV
5) Click "Go."
6) If you have not previously registered with Microsoft Connect, you may be required to register before continuing with the invitation process. This a light registration and we will not use any information that you provide to contact you later unless you tell us otherwise.
Please follow the steps shown to you by that program to become an active participant. Once you complete the steps, you will be automatically approved. From that point forward you should be able to log into this site using your passport account and take any surveys that are available to you.
Here is the link to the survey: SBS Community Survey. You will find this link on the main page of the http://connect.microsoft.com site under Small Business Server Community Site.
I have to admit that when I heard Apple was releasing a new series of Macs based on the Intel chip, I was a little befuddled. For years, one of the claims to fame of the PPC and G-series CPUs is that they ran circles around the Intel equivalents in terms of performance. Soon enough, I started hearing about how Apple had, once again, done a fabulous job of porting their entire solution to a completely different hardware structure (ala Motorola 68000 CPU architecture to PPC architecture) in a way that was seamless to the end user. Then there were reports that you could actually install Windows XP and run it on one of the Intel-based Macs, some reports indicating that Windows even ran better on an Intel-based Mac than on your average name-brand Windows-only PC.
Then two announcements caught my attention. The first came from Apple, introducing a public beta of a software known as Boot Camp. The second came from a company I had previously not heard of called Parallels, announcing a solution that would allow you to run non-Mac operating systems in a virtual environment on Intel-based Macs.
Needless to say, my curiosity was piqued, and I started my research. That, combined with several queries from my mixed environment clients, prompted me to acquire an Intel-based Mac and do my own research. What follows are my initial observations of the solutions.
I went through the Mac setup out of the box, and it followed the same setup process as my other Mac Mini that I purchased last year. The OS X 10.4 setup runs just the same on the Intel hardware - there were no extra or different steps I had to follow because of the Intel setup. In fact, the system seemed to run a little faster through setup than my last Mac Mini did. (No, I haven't done any actual performance testing between the two boxes, just a "feel" thing based on my use of the original Mini for over a year.)
I then went and registered for the 30-day trial of Parallels Workstation for Intel-based Macs. I have not, and probably will not, install and test Boot Camp, and here are the reasons why:
I really wanted to take a look at Parallels workstation for a couple of reasons. The biggest is that Microsoft Virtual PC for Macintosh will not run on the Intel-based Mac. To be honest, I've been less than impressed with Virtual PC for Mac since Microsoft bought it from Connectix, but it's really been the only option thus far. The chances that Microsoft will try to develop a build of VPC for Mac that will run on the Intel chipset are, in my opinion, pretty slim. The other reason I was interested in Parallels was the price point: $49.99 for a single license. You can, in fact, pre-order the Mac version before the final release for $39.99, which is even more attractive than the list price of $129.99 for VPC for Mac. In both cases, you will need a legit license of Windows to install with the product. Microsoft does offer versions of Virtual PC for Macintosh that are bundled with an OS, but it costs more, and still doesn't run on the Intel-based Macs.
So I downloaded the 30-day trial of Parallels and went through the setup process. I've used a number of virtualized interfaces before, including Microsoft's Virtual PC (for PCs as well as Macintosh), Microsoft's Virtual Server, VMWare, and a few older solutions that are no longer available, and I will say that the installation for Parallels Workstation, like just about any other Mac software install, was simple and straightforward. In about two minutes, I had the software installed and ready to go.
Given that most people who are Mac fanatics are probably going to go straight into the install process without reading any documentation whatsoever, I decided to do the same. There's a nice PDF that comes with the Parallels install that I have yet to open. So I launched the application and got started. I went through the new Virtual Machine (VM) wizard, selected the OS I would be installing, set the path to the virtual hard disk file, and upped the RAM allocation from 256MB to 512MB. Again, it seems that Parallels missed the mark with the default RAM allocation for Windows XP, but MS says you can run XP in 128MB, so 256MB must be nice. Given that this is virtualized and probably will be slower because of it, I didn't want lack of RAM to add to the performance issues. Hence the increase to 512MB. I inserted the XP install CD and started the install process.
Twenty minutes later, I had a fully-installed XP workstation that had already been activated over the internet. No funky drivers needed for the install, no special configuration needed. And as I started downloading security updates from MS, I noticed that the performance of the XP box is pretty peppy. In fact, it actually seems a little faster than the Dell Optiplex GX260 I'm using as my PC workstation.
I did a few quick and unscientific benchmarks on the box after I got the security updates installed, and the performance of the XP in Mac is really, really good. I compared an OWA connection to my mail server in IE with Parallels versus Virtual PC on my old Mac Mini, and the difference is night and day. In fact, testing OWA against my Dell workstation showed that the Dell is slower than the VM on the Mac.
So far, I'm very impressed with what I've seen. Next, I'll be loading my regular software suite and seeing how it performs under that load. But right now I'm thinking that my desired situation, having one box on my desk running both Mac and Windows applications instead of having a dedicated Mac and a dedicated PC, is going to work very nicely. I can sure stand to get rid of the clutter of multiple keyboards and mice on my desk, too.
Today, I ran across another reason to keep Out Of Office replies from going outside of the network.
When I got into the server, I found 20-30 queues with one or two messages in them, and the queues were in a Retry state. My initial though was that it looked a lot like a Reverse NDR attack, but the volume was very small, and all the messages were coming from a user, not from postmaster.
I pulled the e-mail address from one of the messages hung in a queue and looked through the SMTP logs (another reason why I always enable SMTP logging on SBS even though it's not enabled by default) to see where that message was coming from.
As it turns out, the message was not being generated by the user account. Instead, an incoming SMTP connection was delivering messages to this particular user from the bogus account in question. There was no indication that the user was generating a message to that address at all.
When I asked my client if the user had delivery receipts or read receipts enabled on the account, he said "no" but did indicate that Out Of Office had been enabled for the user. So what was happening is that Exchange was receiving the message for the user, then turning around and trying to send an Out Of Office response to the sender, which was a bogus address in this case, and these messages started getting hung in the queue. When my client mentioned that this particular user gets lots of spam, I knew where the culprit was.
The short term fix was to turn off Out Of Office for the user in question and make sure that the flood of e-mail getting hung in the queue died down. When it does, he can look into changing the Out Of Office settings back to default, so that OOO replies only go to internal senders, not external senders.
If you have clients that have requested that you enable Out Of Office replies be allowed to external senders, add this example to your list of reasons "why not."
A client needed assistance installing an SBS 2003 server into an existing Windows 2003 domain. He had looked at the documentation in the Microsoft KB 884453 but decided he wanted my assistance with the process. So I get to the site and start going through the process.
There's one key piece of information missing from the KB, however, when you use the SPS 2003 SP1 integrated installation media. When installing the server portion, the setup enables the Windows firewall on the NICs in the server so that no bad stuff can get in. This is a wonderful change from the original install media where you really had to disconnect the NICs from any live network when doing the install to make sure that the box didn't get hammered by Blaster of Slammer or any other other threat that was protected against with SP1. But I overlooked it. So when I did the dcpromo, the box came up into the network correctly. When I installed DNS, it installed correctly. But I could not get the two DCs to replicate.
Fortunately my friend Wayne helped me find what should have been an obvious step in the process for me - can you ping both machines by FQDN from each other? I could ping the existing server from the new server, but the old server could not ping the new server. When I went in and disabled the Windows Firewall on the NIC in the new server, replication started happening immediately and the remainder of the installation process finished successfully.
So add this one to your hat - when you follow MS KB884453 and you're using SBS 2003 SP1 integrated installation media, you need to turn off the Windows Firewall on the NICs to let replication complete.
]]>This morning I got a call from a client who rebooted his server and received the ever frightening "Windows could not locate the following file C:\Windows\System32\Config\System" and booting stopped at that point. I immediately had him boot from a 2003 install CD and get into the Recovery Console and looked in the C:\Windows\Repair directory. Sure enough, the System file was there (this file represents the System hive of the registry) but it was dated from the initial install of the SBS server over 2 years ago. The backup software he is running is not configured to do a System State backup as part of its normal process, so no recent copies of the System registry hive were located there.
As it turns out, his problem was not a corrupt or missing registry hive but instead was bad memory that he had tried to install, but that's another story. We did run a System State backup using NTBackup as soon as we got the server booted again, and I've set up a weekly process to run a System State backup prior to the start of the backup process of his other software.
The bottom line is that recovering from a damaged or deleted registry hive file can actually be a simple process, if a System State backup has been done recently. If not, recovering from a damaged registry hive file can be much more cumbersome, and probably a topic for a different post.
]]>Apple released a tool called Boot Camp that will allow the new Intel-based Macs to install Windows directly onto the Mac and boot either into Windows or into Mac OS. This is currently a beta product, but it's expected to be a free tool available to users of the new Macs. This will allow Macs to run Windows and Windows-based apps directly on the Intel chipset, bypassing any virtualization, which will increase the speed of the Windows side. Reports say that Windows XP on the Mac Intel hardware runs faster than on other Intel-based PCs. The downside is that you cannot run both OSes at the same time. If you boot into Windows, you will not be able to run Mac apps or possibly access the Mac data that's on the drive.
Parallels has released a beta of their product, Parallels Workstation, which will run Windows on an Intel-based Mac in a virtual session. This will allow you to run both OS platforms at the same time, although neither OS will run quite as fast as if it were the only app running on the system (ala Boot Camp).
The Microsoft Virtual PC product for Mac currently will not run on the Intel-based Macs and I am unaware of any expected updates to the current product to allow that. Possibly in a future release, but with the Parallels Workstation price point of $49, it'll be hard to beat.
Keep your ears open for more developments on this front...
]]>Batch files can use the system variables %DATE% and %TIME% to get the current date and time of the system. These variables return data in the following format:
]]> %DATE% gives DOW MM/DD/YYYY (may vary depending on you location - you can run echo %DATE% at a command prompt to see what values you get). So for today, as I'm writing this post, the output is:Sun 04/02/2006
%TIME% gives HH:MM:SS.hh where HH is hour (in 24-hour format), MM is minute, SS is seconds, and hh is hundredths of seconds. Who needs hundredths of seconds? Don't know for sure, but it's there if you want.
This is all well and good, but what if I only need to know the current minute? Easy! cmd.exe gives you a way to pull substrings out of variables right in the batch file. If I only want to know what the current minute is, I can refernce that as %TIME:~3,2%.
Side note: a quick explanation of this parsing. The ":~" characters tell the batch file to return a subset of data from the variable. The number that immediately follows :~ is the character position to start with, and the first character in the string is always 0. So %TIME:~0% is functionally equivalent to %TIME%. Optionaly after the number can be a comma followed by another number, indicating how many characters to include. So the reference %TIME:~3,2% tells the batch file to return two characters starting at position 3 from the current time. In other words, the two characters that represent the current minute.
In addition, if you want the last two digits of the year (for those who still use a 2-digit year value) you can reference %DATE:~-2%. The "-2" indicates the last two charactes in the string, so you don't have to count the entire string length. If you want the four-digit year, use %DATE:~-4%.
Rather than figure all this out every time, here's a quick menu of values that I use regularly.
| Item | Variable |
| Current hour: | %TIME:~0,2% |
| Current minute: | %TIME:~3,2% |
| Current second: | %TIME:~6,2% |
| Current day of week: | %DATE:~0,3% |
| Current month: | %DATE:~4,2% |
| Current day date: | %DATE:~7,2% |
| Current year (2 digit): | %DATE:~-2% |
| Current year (4 digit): | %DATE:~-4% |