Tuesday, February 28, 2006

Using the Microsoft Exchange Server ActiveSync Web Administration Tool on SBS

By now you probably have a fleet of Windows Mobile 5.0 devices in the field, and you've been reading up on all the new security benefits that WM5.0 provides to your business, or your clients business. You get excited (as any good person would about solid security) and install the Using the Microsoft Exchange Server ActiveSync Web Administration Tool.

And that's when things seem to go wrong.

Not to worry! There is a solution for you!

First, open the IIS manager and ensure you still only have one default website. If you have two, then you should probably

  1. Un-install the web tool

  2. Copy down the IP address settings for the default website, and change them to All Unassigned

  3. Re-install the web tool

  4. Revert the IP address settings to what you had copied down before

Next, you'll want to check the ExAdmin virtual directory.

  1. Open IIS manager again (unless you never closed it)

  2. Check out the Directory Security in the Secure Communications tab, edit it and clear the Require secure channel (SSL) box.

Finally, we need to ensure the MobileAdmin virtual directory is running in the Exchange Application Pool

  1. Again in IIS Manager, expand default website and open the properties of the MobileAdmin virtual directory

  2. On the Virtual Directory tab, in Application Pool, select ExchangeApplicationPool

Phew! After all that you're good to go with mobile administration. Now you can again celebrate the best in mobile security using your SBS server as the centerpoint of that security.

Thursday, February 16, 2006

Wednesday, February 08, 2006

Sync Errors from Mobile Devices in your Server Status Report

Ok, new tip for you. When you're the person that gets the Server Status Reports from the Small Business Server, and you notice a critical error that your boss (or person who pays your salary/bills) can't sync his mobile phone to the server, you may want to jump on it a little faster than I did.

Sure, I didn't get in trouble because I was actually doing the rest of my job, but it would have made his life easier.

What am I talking about? Daily I have seen the following exerpt from the Server Status Report on our Catfood server here at the office:

Now finally getting the chance to take a peak, I looked at the IIS logs located in %windir%\logfiles\w3svc I was able to determine that the phone was indeed logging into the server, but failing to synch. So the password wasn't an issue.

The goal was to get it fixed as quickly as possible. So we took the approach to remove the inbox from the server sync schedule, sync the phone, and then add the inbox back in, essentially resetting the inbox sync with the server. Problem solved, the phone now sync's perfectly, and there aren't any ugly red X's on my server status report.

... Now if I can just get people on the team to stop typing their password incorrectly, I might get a clean server status report!

Whoops, I just realized that the error above is a picture, so MSN and Google won't be able to find this post if you search for it. The error is "Unexpected Exchange mailbox Server error: Server: [] User: [] HTTP status code: [409]. Verify that the Exchange mailbox Server is working correctly."

Saturday, February 04, 2006

My First Swing Migration

This weekend was my first Swing Migration. I have to say that I'm impressed with the process. It's kind of nice not to have to touch all the clients after a migration.

We had a few minor snags, and didn't optomize the process as much as we could have, but we got through it and things are in good working shape again. If you haven't checked out the Swing Migration process, you should, it's worth the time, and along the way during the migration, you might actually learn something: I did.

So what problems did we have? Well, the first problem was we hit a replication problem from the production SBS server to the temporary DC. It must have been something in the steps that we missed, because after fighting for 5 hours to try to get it to work, we started over with a restored VPC image of the Temporary DC and things went much according to plan. In Jeff's first version of his documents he says to watch the event log to tell when replication is done. In speaking with Jeff and actually doing it myself, we discovered to use the command net share from a command prompt to look for the SYSVOL and NETLOGON shares to appear, some rebooting may be required. We can probably also blame the slow replication on the old server, it was fairly slow and had some hardware issues slowing it down even more! (Yes, it was definitely time to migrate!)

Once we got past this hurdle, it was smooth sailing, the replication from the temporary DC to the new SBS server was a snap! Following that install of SBS, followed by the SP1 and the premium CD, then the Todo list, Trend Micro AV.

Last but not least, we had the Exchange Fork-Lift and data migration. In order to leave the previous SBS server exactly intact, we decided to move the data through other means than the network, that being a USB disk. We copied the MDBDATA folder from the old server to the USB disk in 10 minutes, then there must have been only USB 1.0 on the new server (odd yes) but it took upwards of an hour!!! Once that was done, we copied the files over and the mount failed!!!.

Luckily, reading Jeff's documentation we realized that we needed to have the databases and log files in exactly the same position as they were on the old production server. Fixing this the store mounted immediately.

Finally (and still currently pending) is the restore of the use data to the new server from the same USB disk. Of course we have to do this around the Seattle SeaHawks in the SUPERBOWL!!!!, but that's ok, the restore will probably take 9 hours!

Let me tell you what I find most impressive about this process.

  • On the first reboot of the new production SBS server, we checked out the eventlogs, only to see a failure of the Folder Redirection. After the installation of all the SBS 2003 parts, this error went away, and the folder of the server was actually already redirected, exactly as it was in the old domain!

  • After we finished the ForkLift of Exchange, we quickly browsed to https://localhost/exchange and logged in as a user of the system, the mailbox already contained over 6000 email messages! How is that for cool!

So there you have it. If you've got the extra hardware for a Swing Migration, you should definately give it a shot, if you're having trouble, just check out the You Can Swing That - SBS Migration website for updated documentation.

Using your Smartphone/PPC as a gateway to the Internet over Blue Tooth

You give a Dev a laptop and a smartphone, and you end up with really cool links in your inbox. This particular one I want to share.

Last week I was asking myself how much I actually spent on my Internet access. It came out to a pretty heafty sum because of the amount of money I pay for my SmartPhone to get access. I was wondering how I could use that same internet access on my cellphone for more and more uses. Then my trusty dev Leszek, pointed me to a site on how to connect your bluetooth SmartPhone or PPC to your Laptop wirelessly to create a gateway to the Internet for use on your laptop! Especially handy when you don't want to pay for internet access at your local Starbucks.

If you're interested, check out the instructions over at SmartPhoneThoughts.com

Wednesday, February 01, 2006

ISA SP2 is released!

Well, The ISA Service Pack 2 is available for you few, but passionate folks who are running SBS Premium with ISA 2004 installed.

The service pack comes with a roll-up of all the hotfixes currently released, and a few new features. Don't get all excited just yet. The features are primarily focused at Enterprise solutions including BITS Caching, HTTP Compression and Traffic prioritization.

As The SBS Diva mentions, make sure you install this from in front of the physical box. During the install, the box enters lock-down mode in which case you won't have any traffic flowing inside and outside of the network. Oh yes, and another thing, this means that your folks won't be browsing the Internet during the upgrade also.

So choose your Install time wisely ....