Quickly download the SBS 2011 training from Microsoft.

There are several short videos available from Microsoft that cover the new features in SBS2011, but unfortunately Microsoft decided to make you download each one individually. However if you right click and download this
List of SBS 2011 Training videos file, you can use wget to download all of the files in a batch file.
Assuming you have wget installed on your machine and it is in the path (if not then why not? It is incredibly useful for downloading files from a command line – Get it from Sourceforge’s wget page), just run with the following in a command prompt window.

for /F %i in (sbstraining.txt) do wget %i

You should end up with 38 files totalling 241MB.
Update: See comments for assistance in downloading a copy of wget without needing all the extra gnu stuff

Fixed – Archive options missing in Outlook 2007 and send/receive issues

We had a weird issue this morning where the Archive options were missing in Outlook 2007. This is apparently a known issue with the kb2412171 December 14, 2010 outlook update which allegedly improves stability. It is hard to see how removing functionality, breaking send and receive and reducing performance when you switch folders comes under the category of improving stability and increasing performance.
Thankfully the solution is simple, just remove 2412171 from add/remove programs and everything should go back to normal.
Further details on the patch are also available which includes the known issues when installing 2412171.
Needless to say, we have unapproved this patch on our WSUS servers.

Fixed – Printers missing in Windows 2008 r2 (and Windows 7)

As part of a client migration this week I had to install a whole load of new printers on a new Windows 2008r2 server. In particular, one copier printer had about 7 different printers setup pointing to the same device – this was to allow the user to select which tray they wanted to print to without having to change the printer settings each time.
By the time I got to my fifth printer I noticed that the devices window was only showing two printers. When I selected the details view in explorer it was only showing printer1 and printer4, pressing F5 to refresh the screen would only show printer2 and printer3. This was really disconcerting as I kept getting interrupted in what I was doing so it was hard to work out which printers had already been setup when they did not appear in the user interface. However they did appear in the list of printers when I went to print something from notepad.
Puzzled, I did some searching and eventually came across Network Steve’s post about bringing back printers in Windows 7. Following his instructions and creating a new Key under hklm \Software \Microsoft \Windows \CurrentVersion\ Explorer \ControlPanel \NameSpace called {2227a280-3aea-1069-a2de-08002b30309d} a new icon appeared in control panel called printers and I can now see all of the printers so Thanks Steve!
Incidentally, these printers were set up and shared on a print server and then accessed on a locked down terminal server. I haven’t been able to work out how to get the list of printers to show up for a locked down user within control panel. The printer icon is not a normal .cpl file so I can’t include that in the list of available icons in control panel for users to use. This is not a critical function but helps when testing and troubleshooting printer issues for users in the future.

Fixed – wifi not resolving dns on laptop with Windows7

I had a strange case the other day at work when all of a sudden my laptop would fail to resolve dns queries for my wireless connection only – my wired card was not affected. Changing dns entries to another server did not fix the issue. Eventually I tried disabling the Microsoft Virtual Wifi Miniport Adapter (from device manager) and immediately I was able to resolve dns again. Once I discovered this fix I remembered something similar with this adapter. Looking back through my previous notes we had an issue with Shrewsoft’s vpn software – with the Microsoft Virtual Wifi Miniport Adapter enabled we were unable to get a vpn session working to a Cisco client.
So far, disabling this adapter does not seem to have caused any issues – apparently it’s purpose is to allow you to connect to more than one wireless connection at the same time – an unlikely requirement in most business situations.

Fixed – Right click option to scan files missing in Microsoft Security Essentials Beta

I’ve been doing a bit of work with the latest beta this morning and found that the option to right click on a folder or file and scan it was missing. According to the connect website, the “Item Scan with Microsoft Security Essentials is missing from right click menu because file shellext.dll is not registered in the OS (C:\Program Files\Microsoft Security Client\shellext.dll). To resolve this issue, open a command prompt with administrator permissions, type regsvr32 “C:\Program Files\Microsoft Security Client\shellext.dll” and press ENTER.”
Sure enough this works. Thanks to 777Andrey777 for the solution on the connect website (login required).

The other issues that I have also encountered include the Windows Home Server connector monitor flags the fact that my av is out of date or turned off when the computer is rebooted – this lasts for about 20 to 30 seconds. The instructions to provide feedback are also missing on the connect website (which was not very helpful). However log files can be generated by running “mpcmdrun -getfiles” from the Microsoft Security Client\Antimalware directory within program files.

Fixed – Group Policy settings show “An error occurred while generating report: An unknown error occurred while the HTML report was being created.”

Whilst doing some troubleshooting work for a client’s group policy settings that were not being applied to a vista machine I launched the Group Policy Management Console (gpmc) and when I went to view the Resultant Set Of Policy (RSOP) of a client machine and when I tried to view the default domain policy I received the message “An error occurred while generating report: An unknown error occurred while the HTML report was being created.” All other group policies appeared fine – it was just the default domain policy – arguably the most important one and not an easy one to restore. My first step was to use a DC that did not have the gpmc installed to use the native group policy tools within the Active Directory Users and Computers snapin. Fortunately this tool worked and I could see the settings…..lots of them.
As I knew the group policy did not seem to be corrupt I then went back into gpmc and attempted a backup of the group policies. All but the default domain policy backed up successfully.
The error message almost looked similar to issues when trying to view web pages on a server with the enhanced ie security enabled but it didn’t really make sense that it was only affecting one group policy.

After a few minutes of digging I found an entry on tek-tips (a site I don’t like to use due to the popups and nag screens) but in this case the answer worked. From Roadki11’s posting on tek-tips.com:-

Cause:
Seems to be something with importing IE security settings.

Solution:
Edit install.ins inside: {GUID of Policy}\user\MICROSOFT\IEAK

[Security Imports]
ImportSecZones=1

Set it back to “0”

Using gpmc I obtained the guid of the policy by right clicking the policy and choosing properties then I connected to c:\WINDOWS\SYSVOL\sysvol\domain\Policies\{guid}\user\Microsoft\ieak
First I made a backup and then edited install.ins, set ImportSecZones to 0 and was then able to edit the policy in gpmc.
Hopefully the background information and the instructions on how to connect to the correct file helps others.
Whilst you are in the gpmc make sure you go down to Group Policy Objects, right click, Backup All, select a location, enter the date and time stamp for the description and back those policies up. Document where the backups are stored so that if you need to restore them they are easily accessible – even on another computer.
I’ve now added the backup to our checkup and system documentation instructions so at a minimum we will have monthly backups of the group policies and a documented location for where this information is kept. In an ideal world, printing off the settings would also be a good way to document the information too.

Cost for bulk uploading to Microsoft’s Exchange Hosted Archive

As part of our investigations into hosting mail online using Microsoft Exchange Hosted services I have spent several hours on the phone with several companies to obtain prices and quotes. A couple of companies are out of the running as they didn’t bother to return my calls and although Microsoft were helpful, they just did not get it.
One of their offerings is email archiving. Every email sent and received, both internally and internally is copied to the archive service which is then searchable for ediscovery or just in case you can’t find that one email you know you received way back when. The only downside with this is the old email currently sitting on the exchange server that would not be searchable. However according to the Buy Microsoft Exchange hosted Services, “”You may bring historical data into the archive for a one-time charge, which is priced per GB”
As you can purchase the standard archive service from Microsoft and the same page contains prices for this service, it makes sense that Microsoft would be able to provide costs for this data import. About 2 hours on the phone later I realised that Microsoft unfortunately do not have a clue and nobody was able to give me a straight answer or even a ballpark figure. I was bounced around to several departments until eventually someone said that this service is purchased through the reseller channel. This doesn’t really make sense as the BPOS service itself can basically be purchased direct so why not the data import?
Our reseller is Ingram Micro, but their price list is only available to people with an account – useless for a tech like me who is trying to get some data together. However, CDW came to the rescue and this service is available by purchasing the “Microsoft Exchange Hosted Archive Historical Data Load at a cost of $60 per user (not per GB as in the original Microsoft documentation). The part number is 74P-00053. If you have an Enterprise Select agreement the part number is 74P-0059 but the price is still the same.

I’m not sure why Microsoft can’t give this price in the original web page and say to contact your normal reseller for more information.
Once the order has been placed there are more hoops to go through to get the data sent to Microsoft. The data can apparently be ftp’d to Microsoft – I’m hoping this is actually secure ftp – but as most users are going to have many Mb’s or Gb’s of data the normal scenario is to put the data onto a USB drive. I was pleased and also surprised to see they support Truecrypt. For more details of the process, continue to read the rest of the entry.
Continue reading “Cost for bulk uploading to Microsoft’s Exchange Hosted Archive”

Fixed – “Manage Network Connections” is missing in network section of control panel of Windows 2008 R2

Occasionally you may see references to Manage Network Connections in the Microsoft Documentation. I came across this item when following a link in the Best Practise Analyzer for the dhcp server that complained that the binding order was incorrect on the server. Step 1 of the solution reads

Click Start, click Network, click Network and Sharing Center, and then click Manage Network Connections.

Unfortunately Manage Network Connections is actually called Change Adapter Settings. If you click this, the rest of the instructions make sense.

I’ve added a comment to the Technet article – hopefully it will get changed. The documentation is also incorrect in the BPA itself.  If anyone knows how to log a service request with microsoft to get the documentation changed then please let me know.

BPOS active Directory Synchronization does not work on 64bit or domain controllers.

Thinking about BPOS to host the exchange mail for your small office? – I discovered a small gotcha this afternoon but first a couple of thoughts in our recent experiences between Google Apps and Microsoft BPOS.

We’ve had several requests from clients to host their email in the cloud using services like google apps or Microsoft Hosted Exchange. Our first deployments were with google apps due to the lower cost per year, but as we’ve found out the support from Google is severely lacking.  We had a peculiar issue where one users email sent through outlook would get marked as spam all the time, yet if they used the gmail web interface and sent exactly the same content the mail would get sent with no problems.  The service that marks the destination mail as spam is postini – now owned by Google so it should really be a simple matter of turning over the problem to Google to investigate. Unfortunately Google’s response so our request was basically “thanks – if we feel like getting back to you, we might do – in a couple of days”.   As it turned out, the issue was resolved by deleting the google sync profile and recreating it again.

Contrast this to a Microsoft issue which started off as a pre-sales technical call to get a user id setup and ended up with the gtlv owa issue I blogged about earlier. I had several calls from Microsoft within an hour to work on the issue. They worked really hard to ensure my problems were solved and it almost felt like they were harassing me as they kept following up for a status even though I’d told them a couple of times that I was happy for the case to be closed – I even got a call at 5pm on Saturday afternoon from support – something I’ve not experienced (at least from a end user experience!)

So, after singing Microsoft’s praises – the gotcha.  Microsoft’s Hosted Exchange service has a directory sync service that synchronises AD information to the cloud ready for newly created users and distribution lists to appear in the hosted exchange environment. Unfortunately, according to the Directory Synchronization prerequisites the server needs to be running 32bit AND not be a domain controller.   Unfortunately for small companies just starting out from a peer to peer network and getting their first server (but don’t want SBS2008 for some reason), this first server is very likely to be 64bit (crazy not to nowadays) and also a domain controller – possibly/probably even THE domain controller. Installing a 32bit member server is totally out of the question.   It’s not *that* big a deal as all the information can be created online, but it’s twice the amount of data entry along with the possibility of typos but also every AD change of membership and user creation/deletion now needs to be duplicated online.  For large organizations this is not going to be a problem as they’ll likely have extra servers lying around, but for small businesses this is very unlikely. For very large organizations (ie Universities hosting mail through live.edu) it seems that the AD sync program actually requires extra software functionality with the Identity Lifecycle Manager (ILM) package (however I’m not too familiar with these details just yet)

This is the second flaw in Microsoft’s online feature list that extols the virtues of Microsoft vs Google that I’ve found – Active Directory synchronization is not always possible and the other is the benefit of not having to download an application to synchronize data from outlook to the cloud/google – fair enough a client doesn’t have to be downloaded for that application but instead a single signon client needs to be downloaded to prevent the various Microsoft apps asking for the password multiple times. I did think that was the whole point of the “save password” option is for in the outlook and browser applications!

I was also really surprised that the Exchange online is not running Exchange2010 – the Outlook Web App is so much nicer in 2010 compared to 2007 – as I run Outlook 2010 at home and Exchange2010 in the office I’m spoilt (but I still need Office 2010 on the work laptop – thats hopefully coming real soon)

Small Business Specialist certification upgraded to 2008

I finally got around to taking 70-653 on Friday and passing it. It was an interesting experience as I had to take a survey before the exam that asked questions about my experience with the product and what I thought were my strengths and weaknesses. If I didn’t know the exams were downloaded overnight, it would make me very suspicious – if I answered that I didn’t know remote access very well, would I get lots of questions on vpn configuration or would Microsoft be kind and avoid that area? Although I passed it would have been nice to also get a comparison with my answers from the survey and my final test results. Funnily enough my weakest area was user management – I’m pretty sure that is because I’m so used to doing things in AD and I know to do things with the wizard but I don’t pay attention to EXACTLY what the wizard is called.
Now that I’ve passed I’ve got another Technical Specialist under my belt and this should also upgrade my SBSC to 2008 status (although the SBSC doesn’t appear on Microsoft transcripts as this certification is “awarded to companies rather than individuals” (which I think is a big mistake on Microsoft’s part))