The Vista debacle

Seems like the angst over Visa and Visa Service Pack 1 just won’t go away. Have a look at this article from the Australian and take the time to read some of the comments posted by people. Then go and read this posting from Susan Bradley which kinda illustrates that we have seen this sort of karfuffle before.

I agree that Microsoft hasn’t done a very good job getting Vista out to the market but I do think you have to take a step back and look at the reality of the situation here. Microsoft is a commercial organisation. The reason it releases new software is to make money. The sooner it gets people to buy this software the sooner it makes money. Sad, but true. If you want to run Vista and avoid potential issues, get it with a new PC that has enough grunt to run it (i.e. 2GB of RAM). If you upgrade on existing hardware or over the top of a previous version of Windows, sorry, but you are going to have problems. Sad, but true. If you think that all your old software is going to run on Vista, it ain’t. You are going to need to upgrade. Sad, but true.

Look technology is all about change. If you want to use the latest features and benefit from the latest advances then you gotta upgrade. You can’t usually retro fit airbags to a 1960’s car can you? If you want airbag protection then you gotta go and buy a new car. Sad, but true. It is important not to over look the fact that these issues aren’t solely the fault of Microsoft. Other companies that run under Windows have been slow to modify their programs to suit the changes in Vista. Why? Like Microsoft they are commercial organisations. They aren’t going to spend money on developing something until it is worth their while. They are clearly waiting until there are enough Vista systems out there before they act. Sad, but true. Does this create a viscous circle, where everyone one is waiting for some critical point at which enough Vista is shipped? Yes. Sad, but true. Ladies and gentlemen, this is a commercial world we live in. If these companies don’t make money, they go out of business and then who is going to write the applications your require? It’s all about money. Sad, but true.

Sure Microsoft could have done a better job but they are working under a number of restrains here. Are other software companies failing to do their part to make Vista compatible software? Yes. Are hardware companies failing to provide driver updates for their products because they don’t deem it commercially viable? Yes. Are people failing to appreciate that they really need to upgrade to new hardware (and software) if they want to go to Vista? Yes. And so on and so on.

Bottom line? If you want to reduce your chance of issues with Vista get new hardware and be prepared that some of your old software may not work. Is that fair? Nope. Sad but true. That that is the way with technology. So maybe it is just time to accept the fact that you are going to HAVE to move to Vista sooner or later and you are PROBABLY going to experience some issues. That’s life with technology, so just get over it so you can on with it.

Here’s an interesting observation

Of late we have been removing ISA 2004 (and 2000) from our clients SBS servers and implementing dedicated firewall devices that also do any spam and web content filtering. There are a lot of reasons for this, increased reliability, less load on the SBS box, more flexibility and so on. Once we learned that the new version on SBS (SBS2008) won’t be supporting ISA on the same box as the other SBS software we decided that was further confirmation that this is the right thing to do moving forward. So the only reason that you’ll be selling a client SBS Premium in future is if they want SQL Server?

Interestingly, after removing ISA from these SBS boxes we no longer see all these strange kerberos and failed authentication errors in our SBS monitoring reports. Now, all the client workstations did have ISA Firewall client installed but in our experience certain software (especially printer monitoring software) always wanted to get to the Internet and usually via it’s own method (resulting in authentication errors). So remove ISA out of the loop and this software simply goes to the Internet out the default gateway. Whether that is good or bad is still debatable but interestingly in some cases we have had servers with thousands of authentication errors per day disappear to almost none. Interesting eh?

Now ISA did serve a purpose but lately we have found it to be more of hindrance than help. If you need to configure port forwarding sometimes you got issues, many of the usage reports didn’t show totals correctly or in order or with actual user names and so on. Now I’m sure all of these could be solved but it is much easier to get the whole firewall function off the SBS box and onto a dedicated device. It also improves reliability in the fact that you can fiddle with the Internet without affecting the SBS box.

So, if you have a whole lot of authentication and kerberos errors in your monitoring reports and you are running SBS with ISA and two NIC’s then have a look at ISA maybe being the cause of the errors. What you can do to prevent these errors I’m not 100% sure but I have found that perhaps taking ISA out of the loop is an effective solution. Today, if we sell a client SBS Premium because they SQL server we won’t install ISA or WSUS for that matter (why we don’t do WSUS is whole other story). Unless a client specifically wants SQL Server we’ll sell SBS Standard with a stand alone firewall device, much easier and much cheaper for the client.

The more I do, the more I learn

Just learnt some more important lessons recently after being involved in another SBS Migration. In most cases these days we migrate existing clients using the SBS Swing Migration kit put together by Jeff Middleton. If you are in the business of upgrading Windows networks then I strongly suggest you take a look at Jeff’s site (www.sbsmigration.com) and invest, since it is going to save you hours of work.

During the forklift of Exchange Server databases from the old server to the new server we discovered that they wouldn’t mount. The reason was that the distinguished name of on the old server was different than the new server. The old server looked like /o=first organization /ou=first organization.. while the new server read /o=business name /ou=first organization. The reason for this? Well, it turns out the old server was an OEM installation which meant that Exchange had been configured BEFORE the client details had been entered. Thus, even using the Swing Migration kit, the same server name and domain name there was an issue. The situation can be rectified using LegacyDn, which allows you to change these values. Now, you have to be careful using this tool as the following Microsoft KB article says and make sure the values from the old server match the new server. We also found that after making the changes you need to reboot the new server so that the values will be flushed through the AD.

After the reboot you will also probably need to disconnect all the existing user mailboxes and then re-connect them so that all the details are correct. A pain, I know but it did the trick. So the lesson here is that if you are migrating from an OEM installation of SBS then more than likely you should run LegacyDn to record the Exchange database details just in case there is name mismatch after the migration.

Now, during the migration process we had some issues with Exchange public folders and I was trying to mail enable them while using Remote Desktop from a workstation. Now for some reason the option to run the Exchange tasks wasn’t being displayed when I hit the right mouse button on the public folder. Turns out that it won’t display unless I am using Remote Desktop as the console session. To to this you need to run:

%SystemRoot%\system32\mstsc.exe /console

It seems that there are somethings that just don’t work unless you are remoted in as the console session. So lesson two is that if you plan to do any administrative work on a server via remote desktop (especially during a migration) always remote in as the console session.

Video 41 – Configuring SBS monitoring

Our latest video is now available as always on YouTube. You’ll find it by clicking here. This video focuses on configuring monitoring on Small Business Server 2003, which will email health reports and alerts from your server. Sure, it isn’t that hard to configure but many people don’t even know that this feature is available.

As always, we are trying to improve the quality and professionalism of what we provide but that is hard without any revenue for our efforts. As such we can only continue to offer these videos whenever we get some free time. Initially we thought that perhaps asking for a donation from viewers would provide at least some low level of assistance. However, to date we have been very disappointed with the response (thanks to those that did donate – the small number of you – we really appreciate it). We are not asking for hundreds of dollars, AUD $5-$10 from people would really go a long way if enough people saw fit to donate.

So in light of this poor response we have opted to now provide a set of show notes on each video we do for a minimum of AUD$5 donation. The show notes will cover what the video covers but also provide some more advanced information about the topic at hand. We hope that perhaps this enticement will encourage people to support the work that we do by helping us fund our planned improvements. You can find a list of these by clicking here.

10 critical things you should know about Small Business Server

We have just released an extensive report detailing 10 critical things you should know about Small Business Server.

The report was developed from the most common questions we are asked about networking with Small Business Server and doesn’t just contain information about software. The report will provide relevant information about what hardware to buy as well what other considerations you need to make when thinking about networking. If you want a reliable and flexible Small Business Server network then you need to have this report.

This report also contains many resources (webs sites, books, etc) that can be used to gather more information about networking with Small Business Server.

For more information about how to obtain the report click here or email robert@saturnalliance.com.au.

Offline Microsoft Updates

Now many years ago I used to like WSUS. That is was when I ran it on a server separate from my Small Business server. When Microsoft incorporated WSUS into SBS2003R2 that’s when my relationship with WSUS turned sour. Personally I found WSUS on SBS caused all sorts of problems from failing to update correctly to downloading content that was not requested and finally being impossible to uninstall once it is on the system. So, bottom line, I no longer install WSUS on SBS2003R2. Typically, we use Shavlik to apply updates to all our networks for so many reasons which I am not going to go into here (maybe a later post if enough people out there ask me).
Problem was, when we get a new machine in that needs to be run up, typically, it is missing heaps (last count 94 for XP Pro) of updates. So we’d get the PC working, connect to the Internet and then do all the updates, reboot do ’em again and so on and so on until the system is fully patched. Also, when you go out to new client and check their machines, typically updates haven’t been done for a long, long while and the only solution is to fire up Windows Update and download from the Internet. This can be a really painful experience, especially if they have lots of out of date machines and a slow Internet connection. Sigh.
That is now a thing of the past since I have discovered Heise Security DIY service pack. simply download the latest version of the software (which is a whole swag of clever scripts), expand into a directory on a machine and then run the update program. when run you’ll be asked what downloads you desire :
Select your desired Windows Updates

also select you Office updates

ensure you have the option selected to create an ISO image and hit the Start button. The program will then go off and download all the selected updates (even service packs if you selected that). It will obviously take a while the first time it runs as it has to download a lot of updates for all packages selected.
Once the download process is complete it will create a separate ISO image for all the products you selected like so :

Here you can see I have Office 2003, office 2007, Office 2000, Office XP, Windows 2003 Server, Windows XP and more! Burn the ISO’s to media and now you have your own offline update library.
Now simply pop the CD/DVD into a machine which you want to update and run the installer program (which auto launches as well). Simply select the desired options :

and press the Start button. The installer will firstly determine what updates need to be apply and then start applying and rebooting automatically if you selected that option. So now you can walk away from the machine while it continues to do all its updates – MAGIC.
I tried this out on a new original XP Home system OEM installation without Service Pack 1. I popped the Windows XP DVD into the drive, selected the reboot option (it gives you a warning that this may not work all the time) and pressed Start. The installer dutifully installed Windows XP Service Pack 2, rebooted, installed more updates, rebooted and so on till completion. At the end of the process I have a full patches XP System that I only had to attend once and didn’t have to expose to the Internet before it was updated.
Best of all with this offline updater is the fact that when you run it again it downloads any new updates that Microsoft has brought out and adds it to a new ISO image it creates. So, I’ll be running this after every patch Tuesday to create a new set of offline update CD’s that are going to save me HOURS and HOURS both in house and on client sites.

No longer called Cougar

Ok, so Microsoft has finally gotten around to making SBS 2008 a real product. It even now has its own web site :

http://www.microsoft.com/windowsserver/essential/sbs/default.mspx

Still digesting exactly what all the information means but I thought this was interesting :

It has the following components as standard

Windows Server 2008 x64
Exchange 2007
Windows SharePoint Services 3.0
Windows Live OneCare for Server <<– **
Subscription to Forefront Security for Exchange Server Small Business Edition <<– **
Integration with Office Live Small Business <<– **
Enhancements to mobile and remote working tools and management

So Microsoft is trying to make SBS 2008 an all encompassing product eh? I wonder how the people at Trend feel now they are getting cut out?

The whole press release is here :

http://www.microsoft.com/presspass/press/2008/feb08/02-20EBFamilyPR.mspx

I’ll write some more when I’ve had time to digest all this new info.

Vista Service Pack 1 – Who cares?

The big buzz is the apparent release of Vista Service Pack 1 but I say who cares? Not me that’s for sure. I do run Vista on my business workstation but I’m in no hurry to download and install it. I’ll let some other idiot download it and stuff up their machine before I do it.

Look, as far as I’m concerned Vista has been a total waste of time. No client we have wants it, most clients specifically tell us ‘don’t give me that F*&^ING Vista’ and personally I tend to agree. Vista is SLOW, it consumes so many systems resources that you need at least 2GB of RAM to make it work with any application, the interface is all different and heaps of important things are now in different locations. By and large it is a pain.

It was even more of a pain until I disabled the Aero interface and all the advanced features so it would run quickly. Now my desktop looks as boring as Windows 2000 and it still isn’t even as quick. So without the Aero interface why the hell would you buy Vista unless you had do? I expect after Service Pack 1 is released Microsoft is going to make it harder to obtain XP since for many Service Pack 1 is the theoretical point at which they install Microsoft software.

So if you look at it pragmatically, if you have Vista (sucker) then I’d wait and see what other people find with Service Pack 1 because I’m sure it is going to cause some issues and let me tell you that you don’t want to be the first to experience that pain. If you have Windows XP (lucky) then I’d say hang onto it with all your might because it is probably the fastest “supported” Operating system Microsoft currently has.

So whether you have Vista or XP I’d just get on with what you’re doing and let Vista Service Pack 1 wreck someone else’s system.