Thursday, August 28, 2008

How the new SBS 2008 Internet Address Management Wizard Works

Posted on 8/28/2008 04:49:00 PM by with 23 comments

As you saw from the major differences between SBS 2003 and SBS 2008 post, the SBS 2003 Configure E-Mail and Internet Connection Wizard (or CEICW) was broken into 5 different wizards.  The part that configures your external domain name was brought into this wizard, the Internet Address Management Wizard

Now similar to the 2003 CEICW wizard, everything on the local box is configured to the domain name of your choice, that includes:

  • Remote Web Workplace - IIS is configured to respond to the host header of your domain name
  • Certificate Authority - While the CA is new to SBS 2008 as an "installed by default" component, the specific thing the IAMW does here is configure the website self-issued certificate used to encrypt the traffic between the client and the server, as well as validating the identity of the server to the client.
  • TS-Gateway - Also new to SBS 2008, this is configured to line up with the new domain name as well to allow connectivity to the client computers through the Remote Web Workplace
  • Exchange - Email SMTP connectors, and Exchange authoritative domain names are configured to be the domain name of choice.
  • UPnP Enabled Routers - If your router supports UPnP, ports 25, 80, 443 and 987 are opened to point to the Windows SBS 2008 server.

What's new to SBS 2008, is the ability to configure a Domain Name Provider automatically with your Host Records, Mail Records, Spam Records, and Service Records.  To do this you must use one of our supported providers.  Those providers in alphabetical order are, eNom , GoDaddy.com, and Register.com.  (If your provider is not supported, send them to our partner page!)

So, when configuring a domain name, how does this work?

It's not complicated by any means.  When buying a new domain name, the wizard uses your Internet Connection and sends the Country/Region data you entered during setup to a Microsoft Referral service.  This service responds with the domain name providers you can buy domain names from within your Country or Region. With this data, we are able to show the following page where you can choose which provider to work with:

image

At this point, there is no further contact with the Microsoft Referral service, and the server communicates directly with the partner of your choice to help you find an available domain name.  If you choose to send the rest of your postal address to the domain provider, they may use some of that data in domain name spinning to help you find an available domain name, and they may also default some of this information into the check-out process, speeding things up a little.

Eventually you will open a web browser with the domain name provider to provide your purchasing information.  Once you have bought your domain, and any other additional services you may want to buy for your server, then you simply return to the wizard and input the newly created (or potentially already existing) credentials with the domain name partner into the wizard.  The server stores them securely in the credential manager for use immediately, and also later.

The wizard will then configure the local box and network, then reach out via a secure API, to the domain name provider and configure an A-Record, MX-Record, TXT-Record (for the SPF), and an SRV-Record (for Outlook Autodiscover).  If the domain name is not ready to be configured (which can often be the case in a migration), the Dynamic DNS client tries every 10 minutes (by default) to update these records, and as soon as the domain name is ready, the records are updated.

Over time, the Dynamic DNS client will keep your A-Record up to date with your current IP address.  This can be customized or disabled (in the Static IP case) via the property page in the Windows SBS console, on the Network Tab, and Connectivity Sub-tab.  However, the Dynamic DNS client also gets information about your domain name, like if it's about to expire, or if your password has changed, and will report it in the Server Report, so you might want to leave that on.

Our current partners, at the time of this post, offer the following domain names.  This is obviously subject to change without notice:

Register.com

.asia, .biz, .br.com, .ca, .cc, .cn, .cn.com, .co.nz, .co.uk, .com, .com.br, .com.cn, .de, .de.com, .eu, .eu.com, .hu.com, .info, .jp, .jpn.com, .net, .net.cn, .net.nz, .org, .org.cn, .org.uk, .qc.com, .ru.com, .sa.com, .se.com, .se.net, .tv, .uk.com, .uk.net, .us, .us.com, .uy.com, .vg, .web.com, .ws, .za.com

GoDaddy

.ag, .com.ag, .net.ag, .org.ag, .asia, .at, .be, .cc, .cn, .com.cn, .net.cn, .org.cn, .co.nz, .net.nz, .org.nz, .de, .fm, .tw, .idv.tw, .com.tw, .org.tw, .eu, .jp, .me.uk, .org.uk, .co.uk, .ms, .tc, .nu, .vg, .ws, .org, .com, .tv, .net, .biz, .us, .mobi, .jobs, .name

eNom

.com, .net, .org, .info, .biz, .us, .name, .de, .uk, .cn, .co.uk, .org.uk, .me.uk

If you already have a domain name, you can transfer it to one of the partners, or just use it! Now you don't have to worry if your DNS records are updated correctly, just look for the green check!

Tuesday, August 26, 2008

SBS 2008 Install Certificate Package Error

Posted on 8/26/2008 07:06:00 PM by with 5 comments

Lots of people in our Beta program have been using the Install Certificate Package, and lots of people are reporting an error to install the certificate on their client computer.  When you get this error, the log file that appears in the same directory looks something like this:

8/21/2008 7:12 PM
OS version is 6.
Initial the CDP dialogue.
PC Radio button is clicked.

8/21/2008 7:12 PM
OS version is 6.
Initial the CDP dialogue.
Install the cert on PC.
Opening cert store.
Failed to add cert to the store. Error Code: [-2147024891]
Initial the Finish dialogue.

The key thing to note here is the piece in red.  This specific error code means "Access Denied". 

Due to the fact that Certificates can only be installed by local administrators, you need this type of permission.  That means on Windows XP, you need to be logged into the machine as a local admin, or on Vista, when it prompts you to elevate, you need to provide admin credentials.

Monday, August 25, 2008

Deep Dive into SBS 2008 Monitoring and Reporting

Posted on 8/25/2008 10:47:00 PM by with 11 comments

[This post courtesy of Adrian Maziak, Senior Program Manager]

Poking around the newsgroups, and Windows Small Business Server 2008 support communities, we've seen a lot of confusion regarding the new Monitoring and Alerting infrastructure included with the 2008 version of the product.  Adrian wanted to provide some in-depth deep dive into the solution.

In Windows Small Business Server 2003, the Monitoring and Alerting was provided by a Microsoft product called "Health Monitor" or HealthMon for short.  HealthMon was an extremely old application, rectified in the 2003 timeframe for SBS only, but was beyond the end of its development lifecycle.  Impossible to maintain and improve for future versions.  As a result, HealthMon is not included with the 2008 product.

Network Essentials Summary

So let's focus on what we do have.

The heart and soul of the infrastructure is the Windows SBS Manager Service. This service drives a series of tasks including: Report Generation, WSUS Configuration & Update Approvals, Server Backup, Other alerts (Data collection tasks, domain name provider tasks, certificate expiry tasks, licensing tasks), Internal system maintenance (database clean up), and some ad-hoc things like Anti-Spam Safe List updates, and trimming down the Bad Mail directory.

The service is essentially on a timer for 30 minutes.  Every 30 minutes, it wakes up and looks for tasks to do.  What it does depends on the tasks scheduled time and recurrence.  The service queues tasks, and only allows one task to run at a time, so as to avoid conflicts, and minimize any resource hits on the server as much as possible.

The service also supports the Other Alerts function which has a large set of included alerts with the server.  Other Alerts are extensible by using the Windows Small Business server 2008 SDK.  In fact, as I posted earlier, the MVPs have started an Alert Sharing Web Site over on CodePlex.com.  The scope of Monitoring and Reporting does vary depending on what the host Operating System of the client is, the table below breakouts the level of monitoring and reporting available:

  SBS Server Domain Joined Client 2nd Server & additional Servers
Auto-Start Service Monitoring Yes No No
Key Event Log Entry Monitoring Yes No No
Disk Space Monitoring Yes Yes Yes
Anti-Virus/Anti-Spyware Status Yes Yes No
Host Firewall Status Yes Yes No

The Other Alerts for each computer are displayed on the Computers Tab against each computer, and of course if you specify an e-mail address on the property page of the View Notifications Settings, you will get emailed when an alert fires.

The Other Alerts have two ways to resolve:

  • A Clearing Condition is received
    • For example, Alert ID 1 fires, and shows an alert, if the condition is fixed when Alert ID 2 appears, then the Alert ID 1 is cleared and there is no longer an error
  • A Timeout occurs
    • Many problems are caused by external sources, such as the ISP being down.  So if there is an alert that your DNS record can't be updated, simply waiting until the Internet connection comes back will resolve the alert.  Thus if the Event ID 1 happens once and then never happens again (by default the clearing timeout is 30 minutes, but can be changed alert by alert individually).
  • Note: If you're writing alerts, you cannot use a combination of above.

IMPORTANT: An "Other Alert" created by an Event ID condition may have a latency of up to 30 minutes, based on the Data Collection service runs every 30 minutes.

General Alert Comments

  • Configuring the Alerts to be E-mailed
    • To enable the "Other Alerts" to be directly e-mailed to the administrator, you need to specify the e-mail address(es), simply navigate to the Computers Tab, and click View Notification Settings.  When an "Other Alert" is specified to be an alert, it will be included in the reports and be emailed within the 30 minute window.  Removing an Alert removes it from both as well.
  • An Alert E-Mail may be sent more than once if there is no timestamp for tracking when the condition occurred
    • e.g, service start-ups, disk usage, etc.  These are Windows Management (WMI) based queries and we cannot identify when the condition exactly occurred
    • Items from the Event Log should be generated only once
  • The data for the service is all maintained in a SQL 2005 Express data store.
  • For Troubleshooting, make sure the service is running
    • Additionally check the log files in c:\program files\windows small business server\logs\monitoring\

Gotcha's Using the SBS 2008 Answer File

Posted on 8/25/2008 11:55:00 AM by with 1 comment

This blog post comes courtesy of all of the folks that have already gotten into trouble using the SBS 2008 Answer File and "Certificate Authority Name".  Through the beta process, we've found a number of people miss-using the Certificate Authority Name from the Answer File.

image

The Certificate Authority Name is only used to override the default.  If you leave this blank (which is totally acceptable) you will end up with a Root certificate issued to %DOMAIN%-%SERVER%-CA (e.g. CONTOSO-SBSSRV-CA, for the NETBIOS domain as CONTOSO, and the server name as SBSSRV).

You can override this to be whatever you want EXCEPT your domain name.  Make it "Contoso CA" or "Contoso Web Certificate Authority".... just don't make it "remote.contoso.com" if that's the domain you will use for your network.

What happens if you do make this mistake? you'll need to use a DIFFERENT domain name inside the Internet Address Management wizard, because this wizard will fail to configure anything certificate related on your network.

If you're not sure what to put in here, just leave it blank.  Oh, and one more thing, if you make something far too long, or use crazy complex characters, then the server ignores your selection and just makes it DOMAIN-SERVER-CA again.

Thursday, August 21, 2008

Windows Small Business Server 2008 RTMs!

Posted on 8/21/2008 11:30:00 AM by with 2 comments

Today, at 11:00am, the entire SBS product team crowded into the Ship-room conference room (most likely a fire violation) to sign-off and celebrate the release of Windows SBS 2008 to the wild.  After 3-4 years of sold work on the product, it's time to set it free, time to let it run in the wild.

This has been a HUGE release for this team, of which the following things were accomplished:

  • The team integrated not only across team, but across time zones (China, India, United Kindom, etc)
  • The team integrated multiple companies (OEMs, Domain name providers, etc)
  • The team released 2 private betas, 2 public betas and 2 release candidates
  • The team processed over 2000 pieces of feedback from the community betas
  • The team doubled in size
  • The team continued to fully support SBS 2003, while building a new product, SBS 2008
  • The team dunked our Product Unit Manager in whip-cream.

This is a huge milestone for the product team, we are very proud to reach this point, and we are excited to give you Windows Small Business Server 2008!

Copyright Sean Daniel. The data on the website is available "AS IS" with no warranties and confers no rights.

Wednesday, August 20, 2008

Windows SBS 2008 - Extensible Alerts!

Posted on 8/20/2008 08:22:00 PM by with No comments

If you're not familiar with it, Windows SBS 2008 has it's own Software Development Kit, which allows you to extend the security tab, and the Alert infrastructure.  Because of the extensibility of this, our MVPs have started to write their own Alerts, even before the RTM of Windows SBS 2008.

Because they are MVPs and want to share with the community, they have kindly created an SBS Code Plex.  A place for the community to write, and share Alert Add-in's.  If you have an alert that you wrote and find handy, chances are others will as well.  Head on over to download and participate!

SBS 2008 UA Launch!

Posted on 8/20/2008 03:59:00 PM by with 1 comment

The User Assistance team here on main campus has been crunching away for a long time on documentation for the SBS 2008 product.  As we get near to releasing the final bits to manufacturing (known as RTM), the UA team has also finished updating all their content on the web. Below are all the primary links you need to know.

Tech Library:  http://technet.microsoft.com/en-us/library/cc527559.aspx

With topics included such as:

SBS SDK: http://msdn.microsoft.com/en-us/library/cc540261.aspx

Because the documentation is online, it can be updated over time.  The SBS UA team has plenty of content still to add to this document library that should continuously publish over the next several months!

Why is this important to you?  Because when something isn't clear in the UI, we document it.  So why risk making a mistake when you could easily just read the documentation to understand the product, instead of just guess what things are for.  Get familiar, get acquainted, get reading.

Copyright Sean Daniel. The data on the website is available "AS IS" with no warranties and confers no rights.

Monday, August 18, 2008

Exclusive Opportunity for SBS Specialists and Partners!

Posted on 8/18/2008 04:05:00 PM by with 2 comments

While normally I focus on technical tips and tricks, this one cool tip, because if you graduate from the program, a "for resale" copy of Windows Small Business Server 2008 is available to you as a prize!

Ok, so now the details of the deal:

Exclusive Opportunity!  Online Peer Groups for Small Business Specialist and Windows SBS Partners

Microsoft announces Online Peer Groups, a new benefit for current Small Business Specialist partners that took the Windows SBS 70-282 exam.

What are the Online Peer Groups?

The Online Peer Groups are an opportunity for Microsoft partners to learn, share and complete activities designed to improve their business and professional lives. The Content will consist of these six topics over a 12-month period:

  1. Vision, Mission, Values
  2. Business Planning
  3. Sales and Marketing
  4. Budgeting and Finance
  5. HR and Metrics
  6. Vendor Engagement and Wrap-up

The online Peer Groups consist of up to 15 members partners per group.  The meetings are scheduled at uniform times.  Each meeting will focus on practical, useful content and tools that help you improve your business over the upcoming month and beyond. Homework and goal assignments are required and will supplement the learning.  Peer group sharing is also a key part of the best practice exchange and overall learning.

  • Have to be a current Microsoft Small Business Specialist
  • Passed the SBS 70-282 Exam
  • Fluency in English (open to partners worldwide)
  • Commitment to participate includes attending peer group sessions and completion of homework
  • Pay USD $600 for participation (partners that successfully graduate will receive a free ‘for resale’ copy of SBS 2008 Standard Edition)

To learn more or to SUBMIT the nomination form. Form needs to be submitted latest by August 31, 2008 for participation in the FY09 Online Peer Groups. Submitting the form does not guarantee selection. Microsoft and Heartland Technology Groups reserve the right to decline a submission. All peer groups will be conducted in English only.

Thursday, August 14, 2008

Simplify your Favorites Across Computers

Posted on 8/14/2008 09:04:00 PM by with 3 comments

image

I have three different computers I use on a regular basis.  Favorites were useless to me because when I marked something on the web, I never knew if I was going to be using that computer the next time I wanted it.  I discovered Windows Live Favorites

Windows Live Favorites keeps your favorites up on a Windows Live server on the Internet, benefits to that? (1) they are backed up, and (2) they can be synced to each computer you use. It's Easy!

Simply install the Windows Live Tool bar from Get Live on each of your computers, it plugs into IE.  Don't worry, if you're not bought into Windows Live Search yet, you can change the search engine it uses, but Windows Live, it's improved a lot!

image

Your favorites are automatically synced to the Live Favorite service, and then down to each other computer that has the tool bar installed.  Bingo! just like that, your favorites are in sync across all your computers.

As an added bonus, there are sites, such as ZDNet that allow you to add links directly into your favorites.

But wait! It gets better!

If you use Windows Live Spaces, you can choose which favorites to share with your friends.  You add the Favorite Widget, then the favorites you share are visible to all your viewers.

If anything has simplified my life, it's been the ability to have my favorites on all my PCs...

Wednesday, August 13, 2008

Online Training with the SBS Product Team

Posted on 8/13/2008 04:50:00 PM by with 1 comment

The Windows SBS Product team (yes, that's us), are putting together some training demonstrations to learn SBS 2008 from the comfort of your living room, you don't even have to turn off the Olympics!

Get Ready for the Windows Essential Server Solutions Launch with Technical Training Series

The November 12, 2008 launch for Windows Essential Server Solutions is fast approaching!  Prepare by attending Partner Academy Live technical training sessions for Windows Small Business Server 2008 and Windows Essential Business Server 2008 starting on August 15, 9am PDT with “The Small and Midsize Business Server Platform: Which Is Right for Your Customer?”.  Topics include planning and installation, migration, security, management, virtualization, and more for both Windows SBS 2008 and Windows EBS 2008.

The SBS Product Team is coming to your Town!

Posted on 8/13/2008 04:42:00 PM by with No comments

... Or a town near by.

Below is the schedule, to register for an event, simply click up to the partners web site and register!

City Date
Redmond, WA Saturday, Sept. 6, 2008
Alpharetta, GA Tuesday, Sept. 10, 2008
Charlotte, NC Wednesday, Sept. 11, 2008
Fort Lauderdale, FL Thursday, Sept. 11, 2008
Houston, TX Friday, Sept. 12, 2008
Cincinnati, OH Monday, Sept. 15, 2008
Downers Grove, IL Tuesday, Sept. 16, 2008
Irving, TX Wednesday, Sept. 17, 2008
Minneapolis, MN Thursday, Sept. 18, 2008
South Field, MI Wednesday, Sept. 17, 2008
Waltham, MA Thursday, Sept. 18, 2008
New York, NY Friday, Sept. 19, 2008
San Francisco, CA Monday, Sept. 22, 2008
Irvine/LA, CA Tuesday, Sept. 23, 2008
San Diego, CA Wednesday, Sept. 24, 2008

Monday, August 11, 2008

Subscribe to: Posts (Atom)