Welcome to 







Welcome to Mickyj.com SBS RSS feed

Follow me through the highs and lows of IT in general

New additional blog (Added August 2011). Mickyj Mindspill at msmvps.com

More SP2 issues Agghhhh
Potential Trend Micro Server Protect Security Risk (August 23, 2007)
Trend Micro has been spamming us with alerts. They have recently been informed by the SANS Internet Storm Centre (ISC) that there has been an increase in scans of port 5168, which is a key communication port utilized by the Trend Micro Server Protect software. This was bound to happen as the Server protect core product has not been updated in ages.

Trend Micro has been made aware of potential vulnerabilities in the Server Protect product and has been actively working on developing patches to eliminate the vulnerabilities. This sudden increase in scanning traffic could indicate malicious entities may be looking for ways to exploit vulnerable machines.

Trend state that to date no confirmed exploits of this vulnerability. Nevertheless, they want you to apply the latest Server Protect security patch available from Trend Micro as soon as possible so to protect against any preventable potential attack.

The latest security patches and readmes can be found at the following locations:

English (Security Patch 4): http://www.trendmicro.com/download/product.asp?productid=17

If you need more information you can contact a Trend Micro support representative on phone Australia - 1800-201-122 or email support@trendmicro.com.au

Pondering for the day: Why must Excel be different ?
I like my printers the way I configure them. I know what driver for a particular MFP produces the best results. I know what tray I want and I know which driver produces colour or greyscale. I go into the Printers and faxes, select the driver I want and configure it. I setup the trays and other default settings. When I go into Microsoft Word, it elects to use the drivers settings for which ever printer I select. If I don't like this, a quick excursion into the menu (Tools - Options) I can change the defaults or under Page setup. This information is then stored in the Microsoft Word file. Why then must Excel be different ? For the same MFP, it appears to take the settings from the default printer. If my default printer is monochrome and then if I stray and select another printer, even if it is a colour driver, it drops the settings back to monochrome and forces me to manually setup the printer driver before I print. There seems to be no control over the printer driver under page setup and there are no menu options. Why oh why must Excel behave like this ?

Hatred of offline files when logging off
Don't you just hate logging off when you have offline files activated and an Outlook pst file or other files on a cached drive? You can't shut your PC down without accepting the fact some files can not be synchronised and you have to click the ok button. How can you suppress this annoyance?

There are two ways.

You can add filenames or suffixes to an “exclusion list” that is controlled via Group Policy. Specifically, Computer Configuration->Administrative Templates->Network->Offline Files->Files Not Cache, whose default value is "“*.SLM;*.MDB;*.LDB;*.MDW;*.MDE;*.PST;*.DB?"

You can also edit the registry on the local Machine.

Warning: Incorrect use of the Windows Registry Editor may prevent the operating system from functioning properly. Great care should be taken when making changes to a Windows registry. Registry modifications should only be carried-out by persons experienced in the use of the registry editor application. It is recommended that a complete backup of the registry and workstation be made prior to making any registry changes. In cases where you're supposed to delete or modify keys or values from the registry it is possible to first export that key or value(s) to a .REG file before performing the changes.

Using the Registry Editor navigate to


(you might need to make the ExclusionErrorSuppressionList key).

Create a new dword value for each file type to exclude (the name of the Dword item is the data). If you want to exclude a type of file no matter where is exists on the cached offline volume, try the following


Do you want your Exchange 2003 SP2 IMF data to be auto updated ?
Edit your server Registry

Warning: Incorrect use of the Windows Registry Editor may prevent the operating system from functioning properly. Great care should be taken when making changes to a Windows registry. Registry modifications should only be carried-out by persons experienced in the use of the registry editor application. It is recommended that a complete backup of the registry and workstation be made prior to making any registry changes. In cases where you're supposed to delete or modify keys or values from the registry it is possible to first export that key or value(s) to a .REG file before performing the changes.

create a Dword ContentFilterState value 1

You can refer to this link for more information.

I have a repeating Unexpected Network Error (Event ID 1054) on my AMD based server
Recently we installed a HP ML115 AMD server. We found that we had Event 1054 every 10 or so minutes. Previously there was an issue with Athlons and a patch. Now there is also a patch for Opterons.

A Microsoft Windows Server 2003-based server may experience time-stamp counter drift if the server uses dual-core AMD Opteron processors or multiprocessor AMD Opteron processors

Unexpected Network Error (Event ID 1054)
Event Description:
Windows cannot obtain the domain controller name for your computer network. (An unexpected network error occurred.) Group Policy processing aborted.

refer KB 938448

Also look into "AMD Opteron Processor with AMD Power Now! Technology Driver for Windows XP and Windows Server 2003 Version (x86 and x64 exe)"

The AMD Technology driver corrects the negative ping response times and any other issues caused by inaccurate ping times (group policy application for example).
Please note that the AMD Technology Driver should only be applied after the following hot fix from Microsoft
Download it from here

Is a workstation hacking my server?
In my last blog I mentioned about a machine with the error
" DETAIL - The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you. "

I have fixed it. Following numerous attempts to repair it the solution was totally unexpected and not anything close to what was mentioned on the web.

I tried new Network card drivers, made sure Microsoft networking was installed, told Kerberos to communicate via TCP, not UDP (regedit), checked the servers DNS, checked local TCP/IP, set IPSEC Services service to manual, check region zones, time zones, uninstalled the ISA firewall client, uninstalled Trend Micro antivirus, disjoined te pc from the domain and much more.

It was interesting to note that changing the network driver, produced more errors in the event log and helped diagnose this issue.
It turned out to be a Windows 2003 SP2 issue. The server is running SBS 2003 R2 and now SP2. The workstations are all working fine except this particular one. This is why I was trying to diagnose the error on the workstation, not the server.

It turns out I needed ISA 2004 SP3 and a Hot fix (Refer blog 12 August). Now everything is working fine. I had the added confusion as the administrator could log on fine and access everything. Only users could not log on and access the network (I also tried new roaming profiles etc as it appeared to be a user problem).

Here are the errors in order (After installing a new network card driver)
Event Type: Failure Audit
Event Source: Security
Event Category: Policy Change
Event ID: 615
IPSec Services: IPSec Services failed to initialize IKE module with error code: An invalid argument was supplied. IPSec Services could not be started.

Event Type: Failure Audit
Event Source: Security
Event Category: Policy Change
Event ID: 615
IPSec Services: IPSec Services has experienced a critical failure and has shut down with error code: The network connection was aborted by the local system. Stopped IPSec Services can be a potential security hazard to the machine. Please contact your machine administrator to re-start the service.

Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
User: N/A
The Security System detected an attempted downgrade attack for server LDAP/server-adc1.server.local. The failure code from authentication protocol Kerberos was "No authority could be contacted for authentication. (0x80090311)".

Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40961
User: N/A
The Security System could not establish a secured connection with the server LDAP/server-adc1.server.local. No authentication protocol was available.

Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
User: N/A
The Security System detected an attempted downgrade attack for server cifs/server-ADC1. The failure code from authentication protocol Kerberos was "No authority could be contacted for authentication. (0x80090311)".

Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40961
User: N/A
The Security System could not establish a secured connection with the server cifs/server-ADC1. No authentication protocol was available.

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1521
Windows cannot locate the server copy of your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator. DETAIL - The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you.

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1053
Windows cannot determine the user or computer name. (An internal error occurred. ). Group Policy processing aborted.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
User: N/A
The IPSEC Services service terminated with the following error: An invalid argument was supplied.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
User: N/A
The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.

Send feedback about this particular blog
Read Feedback from others

25 August 2007 - Mickyj.com

End blog for: 25 August 2007

Mysteries, conundrums, new kids on the block and departures
RWW works ?
With reference to my previous blog, I have two sites connected via a 2 mbit Fibre wan link (private IP ranges, different subnets). I need RWW to work remotely, to both sites from the one SBS server. (One site has the internet facing connection). I need to know what I need to do to make this work. This is where I need your feedback because after all the research I have done and changes I have implemented, it does work, and I don't specifically know why. What have I done in particular to make this work ?

All my (and my colleague, thanks Sam W) research suggested I needed the remote PC's to have a DHCP lease from the local SBS server. The pc's are still configured to be Static, and it works. (Currently an IPconfig /release and /renew do not get leases from the SBS server, ... that is an issue for another day).

It might have helped that I joined the PC's to the domain using the Connectcomputer wizard whilst they were physically attached to the subnet of the SBS box, then they were shipped to the remote site. It might also help that there is a Domain controller, DNS, WINS etc at the remote site. Under RRAS on the local SBS box I have a DHCP relay agent, I have DHCP configured with the remote subnets details (Workstation's DNS, WINS and gateway settings). There is also a bootp (DHCP relay) address on the Cisco routers. (ip helper-address 10.0.0.X)

I also have edited the SBS route table so that the remote subnet is reachable via the gateway router.

Does anyone have any idea if in this solution, there is one thing that makes this work?

Question number 2 ......
I have a client who on logging on today gets

"Windows cannot locate the server copy of your roaming profile.... DETAIL - The system detected a possible attempt to compromise security. Please ensure that you can contact the sever that authenticated you."

They can not get to network shares (It asks for a username and password and is never happy), they can not run the logon scripts or participate on the network in anyway. There are numerous solutions on experts exchange, the Microsoft knowledge base and eventid.net however, there is one clear difference with this error. The error above is the only error logged anywhere. I have tired numerous solutions and none have worked. Has anyone else got a comment on this error they can share?

Home server is almost here
Yes, I have seen wholesale pricing. I have seen it for the product and the actual HP server units. I can almost smell the money parting company, all to aid me in getting my hands on a shiny new network server for home. Microsoft have kept their word and it is priced well for the home Market. I have not seen an actual RRP price so I am not going to suggest one here, but it is certainly very affordable and less than an OEM copy of Windows XP pro cost (When you cold get it).

RIP MAR Workskil
I have had a hardware partnership with Microsoft Authorised Refurbisher Workskil for some time. I provided second hand PC's, they refurbished them and installed MAR software (Windows and Office). These PC's were then destined for the under privledged. Unfortunately their budget has not allowed them to continue their great work. So long, we will miss you in the community.

Blu-Ray camp shrinking
Thankyou to Sam for pointing out that Viacom's Paramount Pictures and DreamWorks Animation SKG will release their next-generation DVD titles exclusively on HD DVD. Paramount had sold titles in both the new competing high-definition formats (HD DVD and Blu-Ray). They have descided to exclusively use HD DVD because it offers better quality, lower-priced players and lower manufacturing costs. At last someone is thinking about the consumer. The age Article is here

HP resellers unite!
Thanks to Pete for finding this article about Dell who have to restate results after finding data manipulation. An internal audit found that some employees had changed account balances in order to meet quarterly financial targets. Naughty, Naughty. The ARN Article is here

Xbox is affordable ?
The price of the Xbox 360 video and entertainment system is now at a new low price and you can get yours today from $399.95. So make your move to next generation gaming now. With over 200 top titles already available and hot new releases like Halo 3, PGR4 and Mass Effect almost here, it's time to get this gaming godsend.

Trial Office 2007
Have a play with the new user interface which was designed to simplify the way you work by organising program features according to the activities you want to do. In addition, you can preview formatting and editing decisions before committing to a change. It is designed to help you quickly and easily create great-looking documents, spreadsheets and presentations, organise and search for information easily, all with enhanced security. Download it here

Dual Quad Core processors and SBS
Will it work? Yes. Just ignore the processor warning as per this link
(thanks Wayne Small (MVP)). Also if you have SBS Premium box and ISA, you need ISA SP2 and/or 3 as mentioned in the SBS Team blog. Thanks for the reminder Oliver Sommer (MVP).

Send feedback about this particular blog
Read Feedback from others

23 August 2007 - Mickyj.com

End blog for: 23 August 2007

Various SBS migrations and extensions
Time to practice what I preach
Can you setup a distributed file system with SBS 2003?
Can you setup sites in Sites and services for AD replication for remote sites ?

Yes and Yes.

I have just finished setting up a remote site over a 2 mbit fibre wan link. The remote site is on one Subnet (e.g. 10.0.10.X / and the main site on another (10.0.0.X / The local SBS 2003 server has a static route added using the command prompt tool, Route. This routes traffic from one subnet, to the other via the gateway for the range. The router then handles the traffic across the link and finally to he remote hardware.

At the remote end, I installed Windows 2003 server, I used DCpromo to make it a domain controller, I installed Wins and DNS. I setup a folder on the servers hard drive, later to be the root of my DFS tree. I used the Distributed file system tool under the Administrator tools on the start menu to point to this "root" (right click, new root, new domain root, your domain name, server name, give the root a name, point to the folder to share and click finish) . I then created a root target beneath this for the data to be load balanced and distributed. (Right click, new root target, server, folder to share). I created some links, added some targets to them (Shared folders on the other server) and setup replication. I used the full mesh topology. (I added a folder to the SBS server and added this as another target to the target that existed). Now everything in the two folders would be replicated. Now how do I control the replication ?

In Active Directory Sites and Services, I found the DEFAULTIPSITELINK under Intersite transports - IP. The sites were created when I ran DCpromo. When you open the properties of the DEFAULTIPSITELINK you can change the AD and other replication times. I have set it to out of hours as the data is fairly static. Although a number of people have recommended not using DFS for profiles, I am trailing it, quite successfully so far. I have found the clientapps (Specially Outlook 2003 CD disk) and the Isa client not to be the best behaved from DFS. I have also tested RWW to the remote server and this is working successfully. There you have it, RWW, DFS and Sites and services work well under SBS 2003. A big shout out to David Phillips who paved the way and did this before me. (I know others have to but he helped me with this project). Also a thankyou to Sam Webster who did some of the research and testing. The remote users are members of the domain, they log on successfully and are fully load balanced. They take their internet and email from the SBS site and access mounted network shares locally through the 2 mbit link. Whilst allot of what they do is in a Terminal session, printing, file access and much more work very well.

Weird rootkit sccfg.sys
The mystery of the sccfg.sys file. It has been confirmed that it is a part of the Folder Lock software. This can be removed by installing the Folder Lock software and uninstalling it as per the instructions.

Migrating from SBS to Windows Server
Recently I was asked my advice on this. I would use two tools. Exmerge and ADMT 3.0. I would probably use Exmerge to pull the email out of one server, transport the PST files across to the second and as long as you have account names in the AD of the same name, import them back in. You could also try the one step method and migrate the email across. Before you do this, move the AD across.

ADMT 3.0 is the industries tool of choice.

Break out the SBS box using the Transition pack, flick both AD's into Native mode. Make a trust (You need to do this for all different forests, AD/or domains). You might also have to setup the secondary DNS on the servers to point to the new master Server.

Then just choose the source move/copy what you want

There is extensive documentation for ADMT on support.microsoft.com

This might be a helpful link

Send feedback about this particular blog
Read Feedback from others

22 August 2007 - Mickyj.com

End blog for: 22 August 2007

Jabra Headsets and Dopods!
How do you get your Smart phone to use your Bluetooth headset for voice commands ?
There are three solutions. One for Microsoft Voice command (WM5), One for for WM6 with Voice commander 1.6 and then there is version 2.0. The issues getting this to work all come down to the 16 kHz handsets and 8 kHz Bluetooth (BT) devices.

You can read more about that here

If you have a PDA with a hands free profile and a BT headset with a Hands free profile, you should be set.

If you have a WM5 device with Microsoft Voice Command
Firstly, the WM5 devices, the i-Mate JasJar's and many others come with a program for voice dialling called Voice Speed Dial, or SDDialer.exe. It works like your typical voice dialling feature commonly found on phones. You have to create a voice tag for everyone you want to dial. Voice Command from Microsoft, however, leverages the power of the Windows Mobile OS. It reads all of your contacts and when you say "Call Home on mobile" it recognizes "Call" as a command to dial a number from contacts, it will match your saying "Home" to the appropriate contact and will then dial the number you have in the mobile field.

This doesn't work with Bluetooth headsets. You have to speak into the Pocket PC microphone for it to work and you can then use the headset to proceed with the rest of the call.

This is very inconvenient if you are driving or need to be hands free.

By making a change to the registry, you can change sddialer.exe to the voicecmd.exe program. This allows you to press the button on the headset, you will hear Voice Command respond with the beep, give your command, it will repeat the command through the headset it is so configured then it will wait for you to say "Correct" or "Cancel" and then dial. The steps are:

Warning: Incorrect use of the Windows Registry Editor may prevent the operating system from functioning properly. Great care should be taken when making changes to a Windows registry. Registry modifications should only be carried-out by persons experienced in the use of the registry editor application. It is recommended that a complete backup of the registry and workstation be made prior to making any registry changes.

  • Install Microsoft Voice Command to the default location.
  • Open your registry editor (Resco Registry editor is my recommendation)
  • Export and save out the registry key before you edit it
  • Modify the string marked "path" from the default "\Windows\SDDialer.exe" to "\Program Files\Voice Command\VoiceCMD.exe"

    If you have a WM6 device with Cyberon Voice Commander 1.6 (Blackjack, Dash)
    Warning: Incorrect use of the Windows Registry Editor may prevent the operating system from functioning properly. Great care should be taken when making changes to a Windows registry. Registry modifications should only be carried-out by persons experienced in the use of the registry editor application. It is recommended that a complete backup of the registry and workstation be made prior to making any registry changes.

  • Open your registry editor (Resco Registry editor is my recommendation)
  • Go to: HKEY_LOCAL_MACHINE\Software\Microsoft\Bluetooth\AudioGateway
  • On this key, look for the value BTAGExtModule and change the string there to be: \windows\vcbthag.dll (and write down the existing one if you ever have to roll back to the original value).
    The existing one might have been OEMAGW.dll or BTAGEXT.DLL etc. Others have had to set the key to BTAGExtModule - \Program Files\Voice Command\vcbthag.dll

    Now, reboot your phone. Once it is ready, you should be able to use it. If it doesn't work, press and hold the allocated CVC (Cyberon Voice Commander) key on your handset to make sure Voice Command is up and running.

    You should hear ear set go *Boop* and then hear the Voice Command *bebaboop* that tells me to talk now.

    If you have a WM6 device with Cyberon Voice Commander 2.0 (Dopod, HTC)
    In Cyberon Voice Commander 2.0, make sure
  • The mobile device has to support BT hands free profile.
  • The BT headset has to support had free profile as well, and compatible with Microsoft Windows Mobile BT protocol stack.
    Cyberon Voice Commander itself supports BT headset. :
    Make sure the BT device is marked as a headset and when you click and hold on the device in the Bluetooth manager, set as hands free.

    Print command is not available in Picture Manager 2003
    When you try to print an image file in Picture Manager 2003, there may be no Print command on the File menu. Additionally, the Print button may not appear on the toolbar. In fact, you can not add it in any way.
    This issue occurs if Picture Manager 2003 is installed on a Windows 2000-based computer, because print functionality in Picture Manager 2003 requires the Windows Photo Printing Wizard. The Windows Photo Printing Wizard is not included in Windows 2000. I am afraid, if you have Windows 2000, you need to open and print your files with something else. Maybe Paintbrush or the Imager preview tool ?

    Save as dialogue for download of zip file is missing
    Someone used my machine and they clicked on a .ZIP file (and set the flag to run/open the file automatically). how can I get back the save as option ?
  • Explorer-View-Folder Options-File Types
  • Find the .zip association (may be WinZip File)
  • Edit, and check the "Confirm open after download" box

    Send feedback about this particular blog
    Read Feedback from others

    13 August 2007 - Mickyj.com

  • End blog for: 13 August 2007

    New Toys to look at
    This past week has been a walk through the garden of technology earthly delights. I now have access to a Dopod 838 pro smart phone running Windows Mobile 6 and all the software I can throw at it. On the other hand, I have been ogling and wanting the latest P200 Satellite pro from Toshiba.

    Dopod 838 pro
    The Dopod is built by parent company HTC. It is a wonderful unit with all the mod con's you would expect (Video, Camera (With Macro), Micro SD slot, touch screen, keyboard, Bluetooth, WiFi 802.11 b/g, Quad band (GSM, CDMA), IR, GPRS, GPS ready, barcode scanner (Software), Voice command, Video conferencing, Exchange server push capable, MSN live built in, transcriber, handwriting recognition and much much more). All of this and all I really am really excited about is the QWERTY keyboard. It rocks. Yes, it is cool I have my appointments from work, my email, tasks and internet favourites. Yes it is cool I can surf the internet and remote into servers using an RDP client. I can take photos of my daughter, take notes and embed audio but all I really wanted was the keyboard. SMS and email is now easy at the handset. The keys have a very positive action and are shaped so that the pads of your fingers only touch the right keys. I rarely make a mistake when I type. Suddenly communication became so easy.

    Well done HTC, you have a huge fan. Now if only I could get a Jabra headset to talk to it correctly I would really be in business.

    Satellite Pro P200
    The Satellite Pro P200 is an Intel Core 2 Duo Processor T7300 (2.0GHz, 800 FSB, 4MB L2 cache) and it is now here. It is big and beautiful.

    This unit sports the Mobile Intel PM965 Express Chipset, Microsoft Windows Vista Business, 200GB 4200 rpm 2.5" SATA HDD, 1GB DDR2 667 (1 slot used, 1 slot free), 17" Widescreen SXGA+ CSV TFT Active Matrix (1680x1050), DVD SuperMulti Dual / Double Layer, Integrated Intel 802.11 a/g/n Kedron, Bluetooth V2.0 + EDR, Intel High Definition Audio , Stereo speakers, V.92 data + fax modem and Integrated Intel GBit TX Ethernet, 103 key (US) New Vista keyboard including 10 key numeric pad and integrated Wide Touchpad, 6 Buttons (CD Play).

    It is a heavy 3.27kg with 6 cell battery. Unfortunately the only reason I have not run out and got one, it has a 256 MB video card. I small shortcoming in these days of MCE and Vista. Never the less, this is a killer laptop. (Oh and no remote control unlike it's P100 predecessor)

    Windows mobile 6
    I am now playing with Windows Mobile 6. I have found a few PPC applications that kill it (mainly Divx codec players and today screen plug ins). I am already annoyed with it's Vista like security and having to authorise everything I install however the wizards used to set the unit up for email (access to Microsoft Exchange) are fantastic. The new versions of Word and Excel feel the same as under PPC2003 but they have so many more new features. If your unit can upgrade to 6, and your vendor has one to download, I would do it.

    My MP3 ring tone on my phone died.
    I installed a Divx player on my Smart Phone. It also associated with MP3 files. Now my ring tones will not play. I could not find an uninstall for the application so I had to find a way to fix the file associations for MP3 files. I used Resco File Explorer (tap-and-hold a file with MP3 extension and choose 'Associate' from the pop-up menu. From the file chooser window, navigate to \Windows and select wmplayer.exe)

    Now I get the error "The system cannot find the path specified". (I would have liked to uninstall my Divx player but it did not give me the option). I installed some other file association tools but still had no joy. It appeared the association does set back to media player but the string was malformed and the software forgot the quotes. Manually editing the registry to

  • wmplayer.exe "%1"
  • wmplayer.exe,-2002

    Fixed the problem. The tool I used to check out the associations (Pocket PC tweak) can be found here

    Here is a links to common issues with PPC/Smart Phones and associations
    Windows Media Player: WMP mini FAQ
    Additional links

    Blocked internet
    Help, I can't surf the internet. I can ping things and I could surf yesterday? Have you had clients with this issue before? Maybe yourself? Have you paid your bill? A good way to tell is to go to the ISP's website. Does it work? A lot of ISP's will let you get to their website (so you can pay your bills and check your status) but you can't go anywhere else. The next time you loose internet, check if you can get to your ISP's website. Especially if you are an Internode client.

    Important changes in Windows Vista
    It is now more important than ever for you and your customers to get only genuine Windows Vista software. The new Software Protection Platform – built into the Windows Vista operating system – detects non-genuine versions and disables valuable enhanced features such as Windows Aero and Windows ReadyBoost on non-genuine versions, ultimately resulting in reduced functionality mode of the PC.

    Make sure you protect your reputation and enhance your credibility as a trusted advisor by providing your customers only genuine Windows Vista.

    SBS 2003 now has Windows SP2 slipstreamed
    Beware. If you can not get your connect computer wizard to work (the client PC tells you "The page cannot be displayed", "The page you are looking for is currently unavailable. The Web site might be experiencing technical difficulties, or you may need to adjust your browser settings.", "Cannot find server or DNS Error", check to see if your new disks have SP2 installed (Right click, properties on My Computer). If so, you need a hot fix and ISA SP3. You need KB 936594.

    MCE cannot find Video card
    My MCE worked fine. I then decided to do an upgrade to my ATI Radeon 9600 Catalyst drivers. Now I get "Your video card or drivers are not compatible with Media Centre". When i press, "OK" media centre loads with no problem and I can browse my videos. However, when I try to play one, I get another error: "VIDEO ERROR Files needed to display video are not installed or not working correctly. Please restart Media Centre and/or restart the computer."

    I tried to turn off the video detection/validation with
    \Windows\Microsoft.NET\Framework\v1.0.3705\CasPol.exe -s off

    Others with this issue try decompiling the exshell.exe, replacing one of the lines of code, and recompiling it (using a new exshell.res that I found on the Media Centre 2005 on a Windows 2003 Server topic). However, this is against the Microsoft EULA so I am not interested in this solution. Besides most people then get the error "Strong name validation failed for assembly 'C:\Windows\ehome\ehshell.exe'. The file may have been tampered with or it was partially signed but not fully signed with the correct private key."

    My solution was to download the ATI Omega Drivers, they worked fine once I turned on WMP acceleration. They can be found on www.omegadrivers.net

    Send feedback about this particular blog
    Read Feedback from others

    12 August 2007 - Mickyj.com

  • End blog for: 12 August 2007

    Dealing with Rootkits
    How do I remove rootkits?
    I am often asked what I personally do about Rootkits. First task, Find it. Second is to identify it and finally remove it. It is no good removing it if there will be system instability and unknown consequences. Research everything then make your move.

    I use rootkitrevealer (Sysinterals/Microsoft). You can get this from my Tools page.
    Once you know the Rootkits location, my next step is to Boot with a BartPE disk from http://www.nu2.nu/pebuilder/
    (Or ERD commander, NTFS2DOS boot disks)

    I usually then rename the suspect file to something else. Then I run the "strings" program (Previously available at http://www.sysinternals.com/Utilities/Strings.html) on the suspect file from within BartPE.
    I look for anything strange, like websites, ip addresses, etc. I google the file name.

    If it is safe to do so, I delete the file (from within BartPE), create a directory of the same name as the suspect file at the same folder level (If you have a folder of the same name, the original rootkit file can't be put back into the file system) and Look for the filename in the registry.

    Reboot and all should be good.

    Now scan your system. Rootkits can be harmless but their payloads malicious. Use Spybot and an online antivirus scan.

    Send feedback about this particular blog
    Read Feedback from others

    5 August 2007 - Mickyj.com

    End blog for: 5 August 2007

    Always tell your IT consultant everything.
    Malware, Rootkits and Folder Lock
    I was recently working on a clients PC looking for Malware. He had some strange BSODS and freezes under Windows XP. I found nothing. Process explorer showed no issues. The event logs and file systems looked clean. Antivirus and Malware detectors found nothing. The fault seemed more and more likely to be Malware so I did a rootkit detection with RootKitRevealer Look on my tools page here).

    I received the message that the registry was clean, drive D: was fine but it could not enumerate drive C:\. I opened My Computer, right click drive C:\ and tried to turn off indexing. It told me it could not access Drive C:\. I suspected an NTFS problem. He was running Fat32. I then decided to do a Chkdsk on reboot. It found no faults. I converted his partition to NTFS. Nothing unusual turned up.

    Then I stumbled on a folder under Program Files called Security. I could not open it and could not modify it. This client was running Folder lock. Whilst he was not locking C:\ per say. the program seems to have elected to lock the root of C:\. I could not do anything to the actually C:\ designation except change the volume name. Once we turned this off, we reran rootkitrevealer and found a rootkit in the C:\ drive. I booted up with BartPE, killed the file, rebooted and the system now seems fine.

    Always tell your IT guy about anything you have securing your machines.

    Folder lock looks very interesting. It looks like a rootkit itself. It is not a service, it does not stay resident and it is totally transparent.

    From their website:
    "Folder Lock is a fast file-security program that can password-protect, lock, hide and encrypt any number of files, folders, drives, pictures and documents in seconds. Protected files are hidden, undeletable, inaccessible and highly secure. It hides files from kids, friends and co-workers, safeguards them from viruses, Trojans, worms and Spyware, and even protects them from networked PCs, cable users and hackers. Files can also be protected on USB Flash Drives, Memory Sticks, CD-RW, floppies and notebooks. Protection works even if files are taken from one PC to another on a removable disk, without the need to install any software. It locks files in Windows, DOS and even Safe Modes. Additional Options include Stealth Mode, Hacker Attempt Monitoring, Shred files, AutoLock, Auto Shutdown PC, Lock your PC, Erase PC tracks, 256-bit Blowfish Encryption and Context Menu in Explorer. It is Windows Vista/2003/XP/2000/NT/Me/98/98S compatible and works on all kinds of disk types like FAT16, FAT32, NTFS."

    That is scary stuff.

    Send feedback about this particular blog
    Read Feedback from others

    4 August 2007 - Mickyj.com

    End blog for: 4 August 2007

    MAPS and reviews
    New Microsoft Action Pack Subscription (MAPS) Rules
    With this months Action pack (for those Microsoft Registered and Certified Partners who subscribe to it) there is a change. Microsoft have announced that they are changing the format. They have heard the cries of the resellers who argue that their clients are becoming registered Partners and then buying the Action pack (Hence cheap software) and bypassing the Channel. You now need to sit an online Exam every 2 years and have a 70 Percent pass mark to be eligable for the pack. Personally I think it is about time. More information can be found in the latest pack. Due now.

    Software and Hardware reviews
    I am always being asked to review hardware and software. I have previously been on the Atomic Magazines hardware focus group and now, through the MVP program, I am being "given" registered software to try. Some of it is very good and quite handy. It is due to this that I have started reviewing the software and hardware and recording my thoughts. Current reviews:
  • Recover Deleted or lost data with GetDataBack from Runtime Software
  • Add a file manager and much more to your MCE machine

    Other reviews can be found here.

    Send feedback about this particular blog
    Read Feedback from others

    30 July 2007 - Mickyj.com

  • End blog for: 30 July 2007

    Mac's get an RDP refresh
    Revised Mac RDP client
    A revised version of the Mac Remote Desktop Connection client (v2) is on it's way.
    The Mac team has just announced a beta of a new version of RDC.
  • Public announcment
  • Mac Mojo
  • More News

    Infrared remote controlled in-line power switch
    Someone hear my call...

    Whilst building my perfect MCE machine today, I turned on items like wake on lan etc and don't detect keyboard on boot. I now have my MCE at the point where I can turn on the power at the wall and the machine will auto boot without me having to touch the PC and the keyboard being wireless with the MS Home IR kit, needs not be detected.

    It is almost MCE Nirvana except, I have to get under the table to turn on the power. Someone her my call !! make a power switch that works via remote. Then I can power up my MCE and play with all it's goodness the Lazy mans way. Come on someone ... Hear my pleas and start designing the perfect MCE with powerboard and remote !

    Trend tries to confuse me !
    Trend have changed their Neatsuite packages.

    There is now Trend Micro NeatSuite Advanced and NeatSuite Standard - fully integrated, centrally managed enterprise security suites designed to protect your customer's network from the Internet gateway to desktops and laptops.

    "Multilayered, multi-threat protection stops viruses, spyware, spam, phishing, and blended threats, including Web-based attacks—a rapidly growing problem. Both versions offer Web threat protection that is unmatched in the industry.

    NeatSuite Advanced meets the needs of enterprise by offering scalability, extensive configuration options, maximum administrative efficiency, support for the broadest range of operating systems, and tight integration with Microsoft and Cisco technologies.

    NeatSuite Standard meets the needs of mid-sized businesses with limited IT resources by providing an all-in-one solution that is easy to manage and deploy. It offers centralized management from a single console, support for Windows and Linux operating systems, and unified graphical installation.

    Send feedback about this particular blog
    Read Feedback from others

    22 July 2007 - Mickyj.com

  • End blog for: 22 July 2007

    Email, Email and Email
    My Outlook no longer starts. It hangs when I try and open it.
  • The last thing I did was end the task with Task manager
  • The last thing that happened was an unexpected shutdown on my PC
  • There was a hardware failure

    There are many tricks to try and get back into Outlook. There are many causes of the hang. From corrupt views, outlook bars, rules and corrupt PST files.

    The first thing I attempt it to start Outlook in Safe mode.

    "C:\Program Files\Microsoft Office\Office(Version number here)\OUTLOOK.EXE" /safe

    If this hangs more than 5 minutes and you end the task with Task manager, the next time you try to open Outlook in any way, it will try a detect and repair. If you do not have your disks handy, abort the Detect and repair, end the task and try these command lines. To try each one, you might need to end task after 5 minutes on each one.

    "C:\Program Files\Microsoft Office\Office(Version number here)\OUTLOOK.EXE" /CleanFinders
    "C:\Program Files\Microsoft Office\Office(Version number here)\OUTLOOK.EXE" /CleanFreeBusy
    "C:\Program Files\Microsoft Office\Office(Version number here)\OUTLOOK.EXE" /CleanProfile
    "C:\Program Files\Microsoft Office\Office(Version number here)\OUTLOOK.EXE" /CleanReminders
    "C:\Program Files\Microsoft Office\Office(Version number here)\OUTLOOK.EXE" /CleanSchedPlus
    "C:\Program Files\Microsoft Office\Office(Version number here)\OUTLOOK.EXE" /CleanViews
    "C:\Program Files\Microsoft Office\Office(Version number here)\OUTLOOK.EXE" /ResetFolderNames
    "C:\Program Files\Microsoft Office\Office(Version number here)\OUTLOOK.EXE" /ResetOutlookBar

    After all this, your profile is clean, your views are tidy, items are reset and Outlook should run. If not, maybe time to check your PST's open on another machine ?
    Try a detect and repair ?
    Search Google for more ideas.

    Spam in PDF files
    Not content with spamming us with images selling Rolex watches and Viagra, Spammers are now sending very small (15kb) PDF files advertising their wares. We live off information in PDF files so it is not a simple matter of dropping the PDF attachments. I guess Spammers got sick of the antispam software running OCR over their embedded images and determining their content. Now the Antivirus and anti spammer solution providers have to contend with PDF files.

    I'm spamming people ?
    Why does my email with a semi large Attachment transmit numerous times to recipients, stay in outbox and not go into my sent items ? My Recipient received the file heaps of times. It keeps sending until the sender deletes it from the outbox.

    There is usually no error message. Outlook just doesn't understand that the message has already been sent and the Send/Receive percentage goes from 100% to 0% instead of growing.

    This is a well known "Outlook Time Out". It happens with Trend Micro, MacAfee and many other antivirus utilities. Usually this is the result of integrating a antivirus scanner into Outlook when you send out email.

    The large email gets handed to the Antivirus which starts scanning it and the Outlook in the background does not thin kit was sent due to a timeout. There is a registry change out their to increase timeouts or some people simply choose not to scan their outbound email. (Don't stop scanning your inbound email).

    Send feedback about this particular blog
    Read Feedback from others

    10 July 2007 - Mickyj.com

  • End blog for: 10 July 2007

    Events and News in the new tax year
    Expo tech is in Adelaide
    One of the biggest Vendor shows of the year is almost upon us. Ingram Micros Expotech. When: Wednesday 25 July, 2007 Where: Adelaide Convention Centre, North Terrace, Adelaide, Hall H Exhibition Centre

    Office 2003 Retired
    After June 30, 2007, Microsoft Office 2003 will no longer be available from Microsoft. Review details of the Microsoft End of Life plan, access customer-ready communications, and take advantage of other Office 2003 technical and support resources. We also recommend that you begin encouraging your customers to learn more about the benefits that the 2007 Microsoft Office system offers.

    New Microsoft OEM rules to meet Classmates PC's
    A small change has been made to the System Builder License that ships on all System Builder Channel packs. The definition of a PC now includes the Classmate PC (CMPC). This is a small unit which boots and runs on a 2GB internally-mounted NAND drive. The CMPC was designed by Intel specifically for students, at an affordable price point for emerging market schools, and supports Windows or Linux. Now we specific guidelines for these PC's as previously they did not meet the description of a "computer".

    Give Microsoft Silverlight Beta a go
    Microsoft's answer to flash is here and is very exciting.
    Silverlight is a cross-browser, cross-platform plug-in for delivering the next generation of Microsoft .NET–based media experiences and rich interactive applications for the Web.

    Home Server RC arrives!
    The highly anticipated Windows Home Server Release Candidate is available today. The product team has been slogging away introducing innovations and have released this new and improved build. I have been on the Alpha and Beta teams and honestly, this product is hot. Catch up with the product team here.

    Partner roadshow around the corner
    From the 29 - 31 August, Hamilton Island will once again host the biggest Partner business event on the calendar! The Microsoft Australia Partner Conference 2007 is all about opportunity. The opportunity to learn about new products and releases, discover the future direction of Microsoft, understand how you can grow your business, and network with peers and members of the Microsoft Partner Team. Sign up here.

    Arrowkey CD inspector helped out my Dad
    My Father burnt all his precious photos to a CD disk (500mb), then in another session, closed the old session and wrote 70 mb more data. This meant he could no longer read the first 500 mb and this was more than a little upsetting. ArrowKey to the rescue. I have used this product previously and sung it's many praises. People underestimate the power of software. It is a simple matter to extract the old session, merge with the new and burn it to a CD disk. If you ever have an unreadable disk, sratched or other wise, give this product a go. You will be surprised. (Unless you have schreeded the disk :)

    Getdataback (Runtime Software)
    Now it is my turn for data recovery. I have a 112 gb drive that worked one night, failed to spin up the next. Windows asked me if I wanted to format the drive NO !...... I have all my daughters pictures on it. I have some of my video from when I present and Audio. Irreplacable memories. I have previously used Runtime software so I thought I would give it a go. It turns out, I have numerous bad sectors, in the partitions tables. This is going to be messy and about now, I know I will have lost something. I ran Getdataback and was surprised to see it found almost everything. It found to much. It found 22 gb of my virtual PC images (With various flavours of Windows and Servers etc) and loaded their contents in as my file syste, Maybe VPC images are raw NTFS filesystems ? Now it tells me I have 6 TB to restore off a 112 Gb drive ??? Looks like a long week ahead. I still like the software from Runtime. Others I tried, gave up after the first 10 bad sectors. I have already retreived some items so I am feeling better !

    Dr Red and High Blood Pressure.
    For those who know me, I suffer from extreme high blood pressure. There is a new product our called Dr Red Rosella Punch. As so little is know about it and if it actually works, I thought that I would blog about it. I have just completed my first bottle. It is not cheap at $40 a bottle. I am prepared to give it a go as I lived in the Northern Territory of Australia and recall seeing Rosella growing wild on the sides of roads. I remember the Jams and other things Rosella was made into. I have been having my 25 ml two times a day and stayed on my Blood pressure medication. So far I have not seen any improvement. I am unsure how much of a difference I should see and how long I need to be on this before it makes a difference. I will report back after bottle number 2.

    Details about Dr Red can be found here

    SBS 2003 (non R2) fails SBS SP1 installation
    I had a popup during installing SBS SP1 (This is after Windows server 2003 SP1, SharePoint 2, Exchange SP1, XP SP2 etc)
    Windows Small Business Server Service Pack 1 has encountered an error. For more information .....

    When looking in the setup.log file I see the error:

    Component Name: Networking
    Version: 5.0
    Installation Status: Failure
    Error Message: An error occurred while copying files for the Networking component. See C:\Program Files\Microsoft Integration\Windows Small Business Server 2003\Logs\SBSMSI-Connectivity.LOG for the list of files that were not copied. You may want to run Setup again and reinstall the component.

    I have no real clues in the "SBSMSI-Connectivity.LOG" so I re-ran setup which came up on the screen for 5 seconds, said the patch was already installed and bombed out. It seems SP1 has fully applied. Has anyone else seen this ? The log certainly contains the word error a few times but nothing that points to anything.

    Socks error

    After rebooting from the SBS SP1 error, I got the following.

    Event Type: Error
    Event Source: SOCKS Filter
    Event Category: None
    Event ID: 20002
    Date: 20/06/2007
    Time: 1:25:30 PM
    User: N/A
    SOCKS filter: failed to bind IP address for listening. Future SOCKS requests will be refused.
    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    I turned off the Socks service in ISA 2000 (As we do not use it anyway). All now runs well.

    I also found the following fault:

    Event Type: Error
    Event Source: MSExchangeIS
    Event Category: General
    Event ID: 1194
    Date: 25/06/2007
    Time: 12:40:37 PM
    User: N/A
    Accept clients on external interface MAPIRPC failed with error 0x4b1.
    For more information, click http://www.microsoft.com/contentredirect.asp.

    I referred to Microsoft KB836565 which indicated that there were multiple stores running at once. As you can not do this in Exchange Standard (Except for a recovery group) I did a little deeper digging. It ended up, Ldapsvc was missing from the IIS parameters in the registry.

    1. Start Registry Editor (regedit.exe).
    2. Locate and click the following key in the registry:
    HKEY_LOCAL_HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ InetInfo\Pa­rameters \DispatchEntries
    3. In the "Multi-String Editor" dialog box, type any of the following values that are not already present:
    - "Ldapsvc" (without the quotation marks)
    - "Smtpsvc" (without the quotation marks)
    - "Nntpsvc" (without the quotation marks)
    - "Imap4svc" (without the quotation marks)
    - "Pop3svc" (without the quotation marks)
    - "Resvc" (without the quotation marks)
    4. Quit Registry Editor.
    5. Shut down the computer, and then restart it.
    All fixed.
    Another curious error occurred when I installed Symantec Backup Exec 11d.

    Event Type: Warning
    Event Source: SQLBrowser
    Event Category: None
    Event ID: 3
    Date: 25/06/2007
    Time: 12:40:08 PM
    User: N/A
    The configuration of the AdminConnection\TCP protocol in the SQL instance BKUPEXEC is not valid.
    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    It turns out that on SQL Server 2005 Express Edition, this event is "by design". I also found our that this message appears because the TCP/IP Protocol for the instance is disabled. If desired, you can enable the TCP/IP Protocol for the instance and then configure the IP addresses you want the instance to listen on (meaning that the browser service cannot open a connection to the instance of SQL Server though the specified protocols (in this case TCP)). Obviously under the SQL express edition with no end usr tools, this is a little hard.
    If you have the Full SQL, you can refer to this blog

    Microsoft H.323 Gatekeeper error 21075
    When you configure incoming virtual private network (VPN) access on a Microsoft Windows Small Business Server 2003 (Windows SBS)-based computer that is also running Microsoft Internet Security and Acceleration (ISA) Server 2000 using the CEICW and VPN wizard, you can sometimes get this error.

    After running the wizards, remote clients can connect to the server by using a VPN connection. However, the remote clients cannot access any network shares.

    You might get the following event on the Windows SBS-based computer:

    Event Type: Error
    Event Source: Microsoft H.323 Gatekeeper
    Event Category: None
    Event ID: 21075
    Date: 24/06/2007
    Time: 9:19:24 AM
    User: N/A
    Failed to create a RAS context for the IP address Please insure that no other application or service is using the H.225 RAS ports (1719 and 1718). Context status code: 00002741H Context status text: The requested address is not valid in its context.
    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    This issue typically occurs when another service or another program that is running on the Windows SBS-based computer is accessing the H.225 remote access ports.

    To resolve this issue, you must create a new gatekeeper, and then disable the WAN (PPP/SLIP) interface. To do this, follow these steps:
    1. In ISA Server Management, right-click H323 Gatekeepers, and then click Add gatekeeper. If you cannot add a new gatekeeper and if the following error message is logged in the Application log, you may have to grant the Administrators group the correct permissions:

    Event Source: DCOM
    Event ID: 10016
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {3502C94C-FF68-11D2-BDE1-0000F81FDFDE} to the user DomainName\AccountName SID (S-1-5-21-2889785249-1173992337-4123802653-500).

    This security permission can be modified using the Component Services administrative tool.
    To grant the Administrators group the correct permissions, use the DCOM Config utility. To do this, follow these steps:
    a. Click Start, click Run, type dcomcnfg, and then click OK.
    b. In the Component Services Microsoft Management Console (MMC) snap-in, expand Component Services, expand Computers, expand My Computer, and then click DCOM Config.
    c. Right-click Microsoft H.323 Gatekeeper, and then click Properties.
    d. Click the Security tab.
    e. Under Launch and Activation Permissions, click Edit.
    f. Add the Administrators group to the list, and then enable the following permissions:
    • Local Launch
    • Remote Launch
    • Local Activation
    • Remote Activation
    g. Click OK two times.
    h. Close the Component Services MMC snap-in.
    i. In ISA Server Management, press F5 to update the console to view the new gatekeeper.
    2. In the Add Gatekeeper dialog box, click This computer, and then click OK.
    3. Right-click the server name that is listed under H.323 Gatekeepers, and then click Properties.
    4. Click the Network tab.
    5. Click to clear the WAN (PPP/SLIP) interface check box, click Apply, and then click OK.
    6. Click Start, click Administrative Tools, and then click Services.
    7. In the Services MMC snap-in, right-click Microsoft ISA Server Control, click All Tasks, and then click Restart.
    8. Right-click Gatekeeper, click All Tasks, and then click Restart.

    CEICW fails during running at the configuring email section
    Open the icwlog.txt file. It is invaluable. In my case I found :
    calling _RestartService (RESvc, 1).
    Error 0x80070420 returned from call to _RestartService().
    Error 0x80070420 returned from call to EnableSMTPConnector().
    Error 0x80070420 returned from call to CEMailCommit::Commit().

    THis is normally caused by a third party application wanting to use the SMTP server. This error means an instance of the services has already started.

    I uninstalled Trend Micro ScanMail , reran the wizard, reinstalled ScanMail and it all now works perfectly.

    Do you suffer from stuck or dead pixels ?
    Stuck pixels or dead pixels are a by-product of LCD screen manufacturing. Stuck pixels will be permanently a specific colour (One of the ones that makes up each LCD pixel). A dead pixel remains black. Stuck pixels can come good overtime or even go bad over time. You can exercises a pixel to repair it. You can also try the Rub Method to repair it (If you are game).

    The rub method should only be used if your screen is out of warranty or does not meet the Dead pixel policy of the manufacturer and you have tried everything else first. By doing this, you can create more stuck pixels. Get a soft moist cloth (Not dripping). Place a pointed object (like a Biro, something not to sharp) into the cloth and hover over the stuck pixel. Turn off the LCD screen. Depress the pen and cloth to the stuck pixel, apply a little pressure and turn the screen back on. If unsuccessful repeat it 2-3 times.

    Also, take a look at the Dead Pixel tester (DPT) and UDpixel tools. They will exercise the stuck pixel.

    Network Load Balancing service failed to start
    After installing Backup Exec 9.x, 10.x or 11.x on a Windows 2003 server, an error message is generated indicating that the Network Load Balancing Service failed to start.

    Exact Error Message
    Event ID: 7000 Event Source: Service Control Manager Description: The Network Load Balancing service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    Even when Network Load Balancing (NLB) is not currently installed, some NLB registry keys may be present in the registry. I have previously seen this in Veritas Backup Exec 9 and now in Symantec backup exec 11d.

    To prevent these error messages from occurring, remove the following registry subkeys (if they exist) after a complete backup of the registry:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ WLBS

    An alternative method, as recommended by Microsoft, to prevent this event ID from appearing in the system event log, is to modify the following registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WLBS\Group (if it exists)

    Follow these steps:

    1. Start Registry Editor. To do so, click Start | Run, type regedt32, and then click OK

    Warning: Incorrect use of the Windows Registry Editor may prevent the operating system from functioning properly. Great care should be taken when making changes to a Windows registry. Registry modifications should only be carried-out by persons experienced in the use of the registry editor application. It is recommended that a complete backup of the registry and workstation be made prior to making any registry changes.

    2. Locate and then click the following registry subkey:
    3. In the right pane, right-click the Group registry entry, and then click Modify
    By default, the Group string value is set to PNP_TDI. To prevent the occurrence of event ID 7000, set the value of the Group entry to an empty string (Figure 1). To do so, delete the PNP_TDI value in the Value data box, and then click OK.
    Veritas support article 263037 IIS and Corrupt Applications pools in the Metabase
    Ok, this next error gave me a run for my money. My one big lesson, after SBS is installed, use the IIS tool to make a backup of the Metadata.

    I attempted to install Trend Micro IMSS to my server. It failed before it got started. Suddenly, the server would no longer run Companyweb. More than half the tools in the to do list would not work. Connectcomputer was dead and the server dropped to half speed. An error kept popping up.

    Microsoft Visual C++ Runtime Library
    Runtime Error !
    This application has requested the Runtime to terminate in an unusualy way.

    This error is so Generic. There are lots of comments over the web but no direct solutions. When I clicked ok, waited 2 seconds, it popped up again. I could not get rid of it. I left the error on the screen, dragged it to one side and opened the IIS admin console. It would not open. I clicked ok on the C++ error, IIS came up but would not expand, I clicked the next C++ error, the sites expanded. I could see that IIS was wildly affected by IMSS in some way. The services would not remain running. As IIS was marked as a service to restart on failure, each restart caused chaos. I suspected the SMTP connector to be faulty as IMSS intimately plays with this. I disabled SMTP, rebooted and everything was fine. I manually restarted SMTP, it all went bad.

    It looks like I am running some code on the web server that is crashing the worker process (it is dereferencing NULL) and if I have rapid-fail-protection enabled. Need IIS6 to disable the application pool from restarting. Otherwise, the application pool will continuously try to restart (by-design). This was exactly what I was seeing.

    In the event log I have

    Event Type: Warning
    Event Source: W3SVC
    Event Category: None
    Event ID: 1012
    Date: 25/06/2007
    Time: 9:47:13 AM
    User: N/A
    A process serving application pool 'DefaultAppPool' exceeded time limits during start up. The process id was '7764'.

    As ASP.NET limits the number of worker threads and completion port threads that a call can use to execute requests. When the system makes calls to XML Web services from an ASP.NET application, you experience contention, poor performance, and deadlocks. Clients may report that requests stop responding (or "hang") or take a very long time to execute. If a deadlock is suspected, the worker process may be recycled. I also found an ISAPI error.Looks like a faulty ISAPI filter.

    I backed up the Metabase in IIS and marked the Metabase as editable.

    (In the IIS Manager tool, right-click the local computer and select Properties. Select the Enable Direct Metabase Edit check box. You can then open the MetaBase.xml file using Notepad. Editing can be done by scripts once editing has been enabled. See the IIS 6.0 online help installed with Windows 2003 for more information. Editing can also be done with a script, however it is a better practice to use one of the provided WMI or ADSI interfaces.)

    I removed the Trend ISAPI filter and that fixed everything. IMSS was removed and the system was stable. As I wanted IMSS, I tried to reinstall it again. Famous last words. It died again with the same C++ error. I opened the Metabase and the ISAPI file was not there this time.

    I toyed with the idea of uninstalling the SMTP component of IIS under Add/Remove however, when Exchange is installed, it extends the SMTP service so it can no longer live under the IIS snap-in and instead is available in the Exchange System Manager under Protocols -> SMTP. Unfortunately, If you uninstall and reinstall SMTP natively, the Exchange settings are gone, and will need to reinstall. So, I did not proceed.I restored back to a previous Metabase and all ran well again. Something in the Metabase is faulty and I just can not detect it.

    Even though IIS 6 on W2K3 lets you edit the metabase directly using a text editor like Notepad, be careful.To do this you enable direct metabase editing, but you need to know how to write well-formed XML since the IIS 6 metabase is written in XML, not binary code like in IIS 5. If you make a change to the IIS 6 metabase however, say a configuration change to a website or virtual directory, that change may not show up immediately. The reason is because IIS 6 caches such metabase changes so it can write them as one chunk, usually within 5 minutes of when you made the changes. This is true whether you edit the metabase directly or use ADSI or WMI to do it programmatically using scripts. So don't be surprised when you make changes to the metabase and they don't seem to "take". Just give it time. If you're impatient however, you can right-click on the IIS node in IIS Manager and select Save Configuration To Disk to have your changes applied immediately.

    I used a tool called DebugDiag from microsoft.com to diagnose and fix whatever is running that is crashing. SBS uses rapid-fail-protection so I can debug.

    I sought help from David Wang's HOWTO Understand and Diagnose an Application Pool Crash.htm

    I also downloaded IISState. IISState is a free utility to help users with their IIS installations. The product is not supported by Microsoft and the only method of feedback regarding IISState should be done through the Microsoft IIS Newgroup at (news://microsoft.public.inetserver.iis/).

    IISState requires that the Windows debugger pack from Microsoft (www.microsoft.com/ddk/debugging) to be installed. This is a download of approx 19MB but is required in order to provide the debugging support needed by the IISState application.

    The IIS Diagnostics Toolkit is a compiled set of tools aimed at reducing the overall time to resolve problems with Internet Information Services (IIS) products.

    Download Here

    And information from:IISfaq

    I have now removed IMSS and all the application pools (Called Jakarta and runs Tomcat under IIS) from my Metabase and it runs well. I still have no idea why IMSS will not install. Any idea appreciated.

    Send feedback about this particular blog
    Read Feedback from others

    1 July 2007 - Mickyj.com

    End blog for: 1 July 2007

    Surveys, forgotten passwords and a rant about Sata
    Do you know what an MVP is ?
    Here is a great intro on Channel 9. Even I learnt something. Take a listen to this pod cast!

    Microsoft Surface
    Cool new Microsoft initiative, Surface. Yes, straight out of the Minority Report. This software gives you full human control. There is no way I can explain this, you need to take a look.

    Forgotten Symantec Corporate password ?
    Do you have Symantec Corporate Antivirus on a server and you do not know the password ? Reset it! Yes, Symantec include a tool called iforgot.exe but you then need to call Symantec and give them the code it spits out. It is far easier to just reset it.

    TechNet Update for Adelaide. ?
    This event is fast approaching on 26/06/2007. If you are registered, see you there !
    Event Code: 1032339206
    Event Name: TechNet Update for Adelaide
    Location: Microsoft Adelaide Innovation Centre

    Servers and airconditioning
    Ever wondered how much heat your servers are producing ? Do you know the wattage at maximum load ? If so, take a look at this Watt to BTU converter.

    Virtual Earth 3D
    Microsoft announced a while ago about Virtual Earth 3D. Virtual Earth 3D gives customers an immersive 3D experience by allowing them to search, browse and organize local information in a three dimensional setting. taking search to the next level by bringing the virtual world that much closer to the physical world. When people visit Live Search (http://live.com), type a query into the search bar and click the “maps” tab, they get their search results in a map context that offers the option to explore the area using two-dimensional views (aerial and exclusive bird’s-eye imagery) or three dimensional models with Virtual Earth 3D. It is not a full product with loads of maps yet but it looks promising.

    Culminis Survey
    Culminis would like you to provide input on how the Microsoft Windows Client team can better support IT Professionals. They would like you to complete the short survey at no later than June 26th.

    GDC 2007
    Whilst I was in the US, earlier in March, I could not find a spare hotel room. I had wondered why all these geeks were running around (Obviously I am also a geek but then, ...). It was a Gaming Convention. It was held at the Moscone Convention Centre North in San Francisco. Whilst I was off seeing Alcatraz, others were talking about Xbox, rendering and frame rates. I caught up with a few of the guys at the conference and I believe it is a great use of the delegates time. They not only talked games, but hardware, designs and much more. If you are so inclined to invest your time in games, why not get involved in the culture and communities. Take a look http://www.gdconf.com/

    SMB Focus conference
    Time to pre-register for the SMB Focus conference being held in Sydney late November. Wayne Small is the host and this is going to be awesome. http://www.smbfocus.com/

    If you are a Microsoft Registered OEM, Win $1000
    To be in the running to win $1,000 from Microsoft, all you have to do is register as a participating OEM system builder, and sell an Office Ready PC with an OEM Medialess License Kit for either Microsoft Office Small Business 2007 or Microsoft® Office Professional 2007. You could walk away with $1,000! Get involved in the Small Business Jackpot campaign today. http://oem.microsoft.com/

    TechNet Vista Sidebar Gadget
    Microsoft have just released the new TechNet Sidebar gadget for Vista users. The Microsoft TechNet Gadget for Australia and New Zealand delivers information from several of the common news feeds and security alerts. It supports up to 6 feeds with TechNet Highlights and Basic Security Alerts as default options. A range of other feeds are selectable with options for more comprehensive security alerts, Australian and New Zealand IT News and TechNet Virtual Labs. Get it today.

    Visual Studio 2008 Shell
    If you create software development tools, you’ll want to consider building on the Visual Studio 2008 Shell. A streamlined Visual Studio development environment, the Visual Studio Shell provides the core foundation so you can focus on building your application’s unique features. Flexible customization options help you deliver optimized experiences for specific markets. Keep an eye open for it as it is coming very soon.

    Windows SteadyState
    Whether you manage computers in a school computer lab or an Internet cafe, a library, or even in your home, Windows SteadyState helps make it easy for you to keep your computers running the way you want them to, no matter who uses them. I had the pleasure of picking up a Beta copy whilst at Redmond. This is far better than the old shared computer toolkit.

    Servers, sata and Cheap Mirrors are not condusive to ntbackup or reliability
    I recently had an inherited clients server fail. It was caused by a hard disk failure and subsequent data corruption. This server was setup to fail. It was using consumer grade components not designed to run 24 hours a day for 7 days. The server was also running without an Uninterruptible Power supply. The server had two hard drives. This design was implemented to prevent data loss by using a mirror. In normal circumstances this is a good idea (I prefer RAID 5). In this situation, further data corruption occurred on the remaining single drive that was functioning. Whilst I could not find any bad sectors, this mirror now broken was stalling the server, causing freezing and random reboots. This was a Sata Mirror with cheap Sata drives. As the drives in the machine were consumer grade and not server class, the failed drive reduced the speed of the system and the system was unstable. I do not use SATA drives or mirrors on my servers. I use SCSI or SAS. I use RAID5. I have seen drives fail before but they never effect server performance or reliability. Is this bad reliability experienced in Fault mode an issue due to the Sata, cheap mirror RAID card or design ? I suggest all of the above. In addition to these issues, various Computer drive letters were corrupted and needed resetting. After restoring NT backup the drive quotas turned themselves back on, shares vanished and permissions changed. I have never seen such shenanigans. Needless to say, this client is getting better hardware. I am posting this so that you can see, restoring from Ntbackup into an unreliable server can lead to more issues.

    Send feedback about this particular blog
    Read Feedback from others

    24 June 2007 - Mickyj.com

    End blog for: 24 June 2007

    It is a Trend Micro kind of day ....
    Trend Micro ScanMail 7.0 for Exchange 2000/2003 needs SP4.
    As discovered by accident, ScanMail 7 has a fault in the attachment blocking system. If you are not running SP4 and you turn it on, you run the risk of deleting all your attachments and then restoring your email stores from tape. The real-time and scheduled scans will walk your exchange stores and start stomping on your attachments. Do the upgrade available from Trend Micro

    This is going to be a Trend Micro kind of day ...... Expect me to update this blog with more info about ScanMail as it comes to hand.

    How can I read the attachments in Scan mails Quarantine ?
    The files on the SMEX quarantined folder are stored in a raw message format unlike in SMEX 6.2x, where only the quarantined attachments are stored that makes it easy for administrators to open the file before resending.

    You can rename the files to .eml files, which Outlook Express can open.

  • Go to the SMEX Quarantine folder. By default location is C:\Program Files\Trend Micro\SMEX\Storage\Quarantine.
  • Rename the quarantined file to an EML format. For example, rename 4379b8f81_ rename to 4379b8f81.eml.
  • Open the renamed EML file using Outlook Express

    More details on Trend Micro's site

    Can I rename the Scan mail end user junk folder ?
    Yes you can. Users can rename the End User Quarantine (called EUQ) spam folder using Microsoft Outlook because ScanMail (SMEX) identifies the folders by ID, and not by folder name. I have still to check to see if we can point the email to the same folders used by Exchange IMF.

    What files/folders should be excluded from Officescan (OSCE) or Server Protect (SPNT) scanning when running ScanMail for Exchange (SMEX) 7.0? [Solution ID 125967]
    Do not run Server Protect for NT (SPNT) or OfficeScan Corporate Edition (OSCE) on Exchange databases, logs, temporary files, the IIS system files, or the IFS drive (drive M in Windows 2000 server). The following is a detailed list of what files and folders should be excluded:
  • ScanMail files and folders
  • \SMEX\temp
  • \SMEX\storage
  • \SMEX\SharedResPool
  • Microsoft Exchange directories
  • Your accounting package
  • Trend Micro quarantine directories

    More details are available on Trend Micro's site

    What is the effect of turning on both ScanMail for Exchange (SMEX) 7.0 EUQ and MS Outlook Junk E-mail Filter? [Solution ID 1031631]
    End User Quarantine (EUQ) works hand-in-hand with Anti-spam scanning. Once Anti-spam detected a message as spam, EUQ creates the Spam Mail folder in the user's mailbox and forwards the spam message there. Junk E-mail Filter is a functionality that helps in reducing the amount of spam received by users. Spam messages detected by this filter are forwarded.

    More details are available on Trend Micro's site

    Try Windows Live OneCare: The always-on security and performance service for your PC
    More details are available on Microsoft's site

    No Adminpak For Vista?
    It looks like there is no Adminpak for Vista. Here is another MVP site with the news: adminpak-for-windows-vista

    Reward for dobbing in pirates
    Illegal software piracy costs Australian industry $622 Million. Heads up, there is a $5,000 reward from the BSA for dobbing in a pirate. In the past this has been as high as $10,000. Some companies prosecuted in Australia face million dollar fines.

    It is far cheaper to actually buy the correct licence in the first place. The latest campaigns of the BSA focus on the SMB sector as this is where most of the pirating and miss licensing occurs.

    Send feedback about this particular blog
    Read Feedback from others

    3 June 2007 - Mickyj.com

  • End blog for: 3 June 2007

    Microsoft transportable formats
    The latest Toshiba Copiers now support Microsoft XPS
    Toshiba Photocopiers now have a firmware update to allow you to scan from the copier to XPS.

    The XPS file format is Microsoft's electronic paper format, an alternative to the PDF format. Office 2007 will support 'Save As' to both of these formats.

    Unlike the Office Open XML Formats, XPS does not attempt to capture the full structured richness of an Office document. As an electronic paper format, it is all about a high fidelity representation of the output only. Because of this, creation of an XPS document from Office is a one-way, export operation.

    XPS is different to the Microsoft Office Document Image Writer.

    Microsoft Office 2003 included the Microsoft Office Document Imaging print driver which uses Microsoft Document Imaging Format (MDI), a file format based on the Tagged Image File Format (TIFF).

    The advances in technology just keep on coming.

    Send feedback about this particular blog
    Read Feedback from others

    31 May 2007 - Mickyj.com

    End blog for: 31 May 2007

    New Pages, statistics and Creative X-FI sound
    Mickyj.com Updates
    I have had a number of regular readers ask if they can submit their own thoughts to my blog. I have created a Community Bulletin board and a page where you can submit an article or content for the blog.

    I have also been asked to run a spell check over the pages (Thanks Sam) and I have done so for most pages. I have added more buttons to the menu to reduce the large menu's scrolling off the page and added a section soon to be filled with details on Windows Home Server. (Feel free to submit content).

    I really want to thank my biggest group of readers. They include Adelaide - Australia (Must be the Adelaide SBS Users Group), Melbourne - Australia, Singapore, London - England and New York - USA.

    I have been getting a steady 400 visits per month. The most visited pages involve Malware removal.

    I have added additional pages for helping users to install and run Spybot and Trend Housecall. Please feel free to point people to these pages.

    Creative Labs : Product Boards : Sound Blaster : X-FI XtremeMusic causing slow downs and errors
    I have a client with a top of the range HP workstation. I mean it has heaps of ram, best CPU, Video and sound. Absolutely top of the range. It runs very well,... for a few minutes anyway. Then it starts slowing down. 10 minutes to open MS Word, longer off a USB key.

    It turns out, the fancy X-Fi Xtreme Music card we supplied has a driver issue. Now that I know this, when I Google about it, I can see lots of others have had the same issue. I guess, in retrospect, it is always to see what the cause of an issue is. When you have no idea where to start, finding the solution is difficult. Always work with elimination down to the root cause.

    For others who have this sound card, press ctrl+alt+delete and use task manager kill the process called DLLML.exe

    This is a non-essential module creative includes in it's drivers.

    I have tried removing the module with msconfig but but the dllml.exe is always on when the computer boots.

    I have asked the client to manually kill the process every time the computer boots (Until Creative has a solution).

    Send feedback about this particular blog
    Read Feedback from others

    30 May 2007 - Mickyj.com

    End blog for: 30 May 2007

    Surveys and Updates
    The Annual SBS survey is here!
    It is that time of the year again where the guys (Well Kevin really) at Redmond are running the SBS Community Survey. It is a short survey and this time and it is 100% anonymous. Please have a go at it.

    Read more here.

    SBS 2003 SP1 upgrade media is back!
    Yes, Microsoft removed the ability to order SBS 2003 SP1 upgrade media! It is back.

    Windows Small Business Server 2003 Service Pack 1:

    Read more here.

    From the website: Existing Windows Small Business Server 2003 Standard Edition Customers

    For existing Windows Small Business Server 2003 Standard Edition customers, Service Pack 1 is available as a free download. Download Service Pack 1. If you choose to download Service Pack 1, you will need to allocate sufficient time to do so as the process includes five separate downloads and may take considerable time, depending upon your Internet speed. Existing Windows Small Business Server 2003 Standard Edition customers need not order any media because everything you need is downloadable, at the above link.

    Existing Windows Small Business Server 2003 Premium Edition
    Existing Premium Edition customers need to:

    1. Download the Standard Edition Service Pack 1 (available as a free download). If you choose to download Service Pack 1, you will need to allocate sufficient time to do so as the process includes five separate downloads and may take considerable time, depending upon your Internet speed.

    2. Order the Service Pack 1 Premium CD3 (which includes ISA 2004 technologies), before December 31, 2007. Existing Premium Edition customers can order the Service Pack 1 Premium CD3 for Windows Small Business Server 2003 Premium Edition for a nominal fee, including shipping, handling and applicable taxes. Note: This Service Pack 1 Premium CD3 will only be available until December 30, 2007, after which time it will be discontinued and unavailable.

    How to order the Service Pack 1 Premium CD3: During the CD3 ordering process, the Windows Small Business Server 2003 Premium Edition Product Key used in your original installation will be required. The Product Key is located on the back of your product CD case or on the side of your server box if your current version was purchased through an Original Equipment Manufacturer (OEM). CDs will be shipped to you within 1-2 weeks in North America. Expect 6-8 weeks for delivery outside of North America.

    Freshening website
    With over 400 visitors per month, many coming form links from Microsoft's site, I have decided to freshen the look of Mickyj. This labour of love is getting a little heavy with over 100 pages and has almost consumed all the space I have with my ISP. Comments would be appreciated. Tell me what you love / hate.

    Windows Home Sever presentations
    Thank you to all who came to the Microsoft Sbc event. It was great to see you all there. Seeing 220 people in the Audience made me very nervous but the comments have been great. All the big demo issues seem to now be insignificant and everyone got something out of the presentations. The follow-up SBS users night event went well and a lot of people came to both. Windows Home server is going to be big. Watch this space.

    Send feedback about this particular blog
    Read Feedback from others

    27 May 2007

    End blog for: 27 May 2007

    Latest on SSD, a new Beta and ICT awards.
    Community ICT Awards
    I had the pleasure of being at Microsoft's table for the Community ICT Awards on the evening of the 14th. Great food and Company. It was great to see all the awards, all the volunteers and all the non profits that had worked so hard relax and wind down. Ok, I admit it. I ran up to the Ubantu Linux display for a quick look, stole a little lolly penguin and ate him head first. ... I digress.

    The Community ICT Awards Competition is a successful venture of CISA’s Connecting Up conferences. It promotes Australia’s most innovative use of ICT by nonprofit organizations, government agencies and companies working with nonprofit organizations. It is amazing seeing companies that survive on zero income produce such fantastic infrastructure including all facets of ICT.

    Time we were all a little more careful with our cash. Maybe the world would run a little better.

    SanDisk produced a UATA 32GB solid state drive (SSD), but a certain Korean company just couldn't let the Flash memory manufacturer take the spotlight away from them. Samsung has leaped in with a 64GB 1.8-inch Flash-based drive. This SSD "is based on an eight gigabit single-level-cell (SLC) NAND, which provides significantly higher performance over conventional SSDs."

    Samsung is claiming that the new SSD is faster than the 32GB model (they revealed the 32 Gb unit last year). They state that the read speed is improved by 20 percent, whereas write speed is improved by 60 percent.

    The flash-SSD is a drop-in replacement for a hard disk drive in a laptop, whereas smaller models would work great in personal navigation systems and digital camcorders. Samsung is even claiming that they can create larger (100GB+) models for servers.

    Mass production of the 1.8-inch 64GB SSD is scheduled for Q2 2007.

    Imagine a world where your laptop just turns on and there it is in all it's glory. No, not from standby or hibernate. Just on!
    More ... (refer 15th May on the link)

    Microsoft Office Communications Server 2007 and Microsoft Office Communicator 2007
    Microsoft has entered into the world of SIP and VOIP with Office integration (Outlook) and more. If you want to give it a try, download the Beta. It is now available to the public.

    Feeling Smart ?
    Preliminary Round of Cisco Tech Mastermind 2007

    Need a quick free mail server and you have Windows 2003 server ?
    Remember the MS mail in NT4 ? Not quite old enough to recall this product ? Well here we go, the same principle. Use IIS to handle a small Pop3/SMTP server for you. There is a great tutorial at ilopia.

    Send feedback about this particular blog
    Read Feedback from others

    15 May 2007

    End blog for: 15 May 2007

    Today lets talk recent patches ! (And Spybot)
    Browser helper issue
    Using IE7 and Outlook 2003 and the HTML format, there can be a significant typing delay creating a new e-mail message. Using the plain text or rich text options there is no lag.

    If you rest IE7 it will fix the problem because it resets the Add-ons.
    (Control Panel - Internet Options - Advanced - Restore - Reset)

    Caution: As this resets the IE7 add-ins, you must then investigate each one and re-enable as necessary.
    (Open IE7 - Tools - Manage Add-ons - Enable or Disable add-ons)

    The issue points to SpyBot Immunization and Spyware Blaster Enabling Protection for Restricted Sites.
    Either one causes the problem.

    Many BHO's (Adobe, Sun Microsystems BHO (ssv.dll) and others) will slow down your IE7. If you do not need these items, turn them off, Close your browser and then re-open.

    Here is a link for you to review

    I use Hijackthis to remove BHO's.

    IE issues in the month of May
    Issues to watch out for:
  • Issues with Vista and navcancl apparently caused by people moving the Temporary Internet location folder... move it back to the expected default location, all is well.
  • Issues with IE on Win2k getting offered up old patches appears to have been a server side issue with Microsoft, now fixed.
  • IE with Outlook 2003 where 2003 get sluggish. Other than the post above, Microsoft are still working on this one.

    KB931768 causes IE7 failure
    Customers have been reporting Outlook 2003 as running slow and there being a painful wait (lag) when opening and rendering emails. People are starting to report the issue on various forums throughout the Internet.
    Current thinking is the problem might be related to the Internet Explorer cumulative update contained in May’s patch cycle. Turning off automatic updates and uninstalling “Cumulative security Update for Internet Explorer 931768 has so far been successful.
    It has been suggested that changing Outlook’s start-up configuration to show Outlook Today also works around the issue.
    Outlook 2007 isn’t affected by this issue since they moved to using the Word rendering engine.
    More information here.

    SVCHOST Performance Problems in Windows Server Update Services (Update on svchost/MSI performance issue and 3.0 Client distribution plan)
    This has been a real problem affecting many people. SVChost has been taking all the Resources from the machine affected and causing odd behavior. Here are some links to solutions and discussions.
  • Microsoft's discussion about the Wsus2 to Wsus3 issue on TechNet.
  • "So you want to fix all your WSUS clients" - Useful Scripts
  • Re-installing Windows Update Agent (WUA)
  • For x86-based computers (WindowsUpdateAgent20-x86.exe)
  • For x64-based computers (WindowsUpdateAgent20-x64.exe)
  • VBScript to check if the new AU Client (WUA) is needed and installing it accordingly
  • Automatic Update Client Versions History
  • WSUS Product Team Blog

    For the sake of others trying to troubleshoot WSUS through ISA, the command 'wuauclt.exe /detectnow' will allow you to force an immediate update so you can watch your logs while it's updating.

    Note, on the Product team blog it states

    "If you are still seeing UI hang issues with WSUS 3.0, then
    * please confirm that you are indeed having WSUS 3.0 client. (File version of C:\windows\system32\wuaueng.dll should be 7.0.6000.374)
    * Please follow-up with Microsoft product support
    There is no charge for support issues with Windows Update"

    Should I install ISA SP3 on my SBS box ?
    ISA SP3 on SBS has not been a huge issue. There are some issues but not many. Firstly, what you will get ...

    ISA Server 2004 Service Pack 3 provides increased security, new troubleshooting options and tools available directly from the ISA Server Management console, new diagnostic logging functionality, and enhanced log viewer and log filtering options for ISA Server 2004 Standard Edition and Enterprise Edition. In addition, this service pack adds support for publishing Microsoft Exchange Server 2007 with ISA Server 2004 (Not a biggie for SBS 2003 users).

    Now, to some of the issues,
    There is an developing known issue. You must be sure the ISA Console is closed before running the update, this includes any instances in remote sessions. If you follow the Best Practice of any Service Pack and reboot the server just prior to the install you should be fine.

    Some users have installed SP3 on installs of SBS 2003 Premium R2 and the server is hangs on Applying Computer Settings... This is not common. I am unaware currently of the fix.

    Some people are seeing new errors regarding credentials and web proxy denials. This has affected OWA and pop3 email services.

    Again, a rare problem, one exists where the Installer crashes.

    For these people I recommend the rollback process.

    Here is the link.

    Key longhorn virtualization features cut out !
    Refer to this article

    Send feedback about this particular blog
    Read Feedback from others

    14 May 2007

  • End blog for: 14 May 2007

    Aimless meanderings
    Legacy free motherboards not far away
    Whilst Intel discusses the future and work on legacy free motherboards (No PS/2, Serial, Parallel etc onboard - Only USB2 ports) one wonders, how will I get around in the BIOS ? Do I really want my server running everything off USB2 and loading down the CPU ? The bad news is, this legacy free idea is not very far away. I read an in-depth article and seen a prototype just recently.
    Stay tuned to see where we are going from here.

    Microsoft product lifecycles
    Are you intrigued to know the lifecycle for your Microsoft product ? Here are two links to help you out a little.
  • Products support lifecycle
  • Microsoft Support Lifecycle Policy FAQ

    Next week is Autism Awareness Week
    A lot of the Microsoft MVP's are getting behind and promoting the awareness of this condition and the week that helps us all understand it a little better.. You can also look up Autism Victoria..

    VMware ACE 2 Enterprise Edition is here !
    The next generation in VMware desktop virtualization is now available. Download it and have a play.
    You could also go to Microsoft's site and download VPC 2007 for free.

    Longhorn "Beta 3" is here !
    In case you missed it Windows Server Codename "Longhorn" Beta 3 has been made available for download. Beta 3 is a major milestone for Microsoft on the road to release and this is the time to begin evaluating it. There are also many resources available to help you with your evaluations.

    Microsoft Website Calls Longhorn Windows Server 2008
    Microsoft may have slipped up Thursday afternoon and inadvertently posted the official name of its next server operating system, currently codenamed Longhorn. Keith Ward wrote the story for MCPMag.

    Trojans Hijack Windows Patching Code and Bypass Firewalls
    During this week, researchers at Symantec reported that late last year they first noticed Russian hackers talk about the Background Intelligent Transfer Service (BITS) in Windows. BITS is a pretty cool piece of code. It allows patches to be downloaded in asynch mode, and it also throttles itself to not impact performance. But now Trojans are using it to download Malware! The "benefit" here is that BITS is trusted so the Trojans now bypass firewalls effortlessly.

    The idea itself is not new, but now Malware writers are leveraging a component of the OS to update their own Malware content. BITS first appeared in WinXP, is a part of W2K3 and is also in Vista. Malware is getting more and more sophisticated. You need advanced anti-Malware code to protect your networks. Some of the tools you need to keep yourself can be found at my main website.

    New Radmin V3 is a complete, secure and lightning fast Remote Control tool designed by and for system admins. Supports Vista - Try it out!
    Click here

    Next Version Of SQL Server Slated For 2008
    Microsoft kicked off its very first Business Intelligence (BI) Conference in Seattle with a keynote speech by Business Division President Jeff Raikes. He basically said that they would move into that market at a low price point. He also said that the next version of SQL Server would be the main component of that move, and that the next version code-named Katmai will be available in 2008. Katmai will have a tighter integration with other MS products, like Office, SharePoint Server and Excel. Good news for developers too, Katmai will come with an integrated development environment consisting of Visual Studio and the .NET Framework.

    Voiding the warranty on a liquid-cooled Alienware Area-51 7500
    Alienware turned over one of their liquid-cooled Area-51 7500 gaming PCs to TechRepublic. They couldn't resist dissecting the over clocked monstrosity to see what made it tick. They found the Intel Core 2 Extreme QX6700 quad CPU and the 768MB NVIDIA GeForce 8800 Ultra video card. Take a look at Techrepublic

    Configure Cisco routers to use Active Directory authentication -- the router side
    Did you know that you can leverage the Windows Active Directory username/password database to log in to your Cisco routers and switches? Take a look at this Techrepublic article here

    Do Not Call Register
    The Do Not Call Register has opened and individuals can now register their home phone and mobile numbers through the Do Not Call Register website, by post and by fax. Telephone registrations will commence in late May.

    Postal registration forms are available on the Do Not Call Register website. A brochure about the register will be available from mid-May. This includes an application to register.

    Registration is free.

    Please be aware that the Do Not Call Register is currently experiencing very high demand. Thank you for your patience when attempting to register your number.

    For further information on the Do Not Call Register, see Consumer FAQs.

    From 31 May 2007, telemarketers must not make calls to numbers listed on the register. Any business that calls a number on the register, or arranges for a call to be made to a number on the register, may be in breach of the legislation and could face penalties.

    Registration may take up to 30 days to take effect.


    While it will generally be unlawful for telemarketing calls to be made to numbers listed on the register, there are some exemptions. Certain public interest entities will still be allowed to make specific types of calls to numbers on the register. These include:
  • charities
  • educational or religious organizations
  • registered political parties and independent members of parliament
  • electoral candidates
  • government bodies.

    Market and social researchers conducting opinion polling and standard questionnaire-based research calls will also be permitted to call. However, these calls will be subject to a national standard for telemarketing and research calls.
    More information can be found at the ACA website

    Is SMS or Morse code faster ?
    This is interesting - a showdown between a "Morse coder" and "the fastest text messenger in the country" to see who could transmit the message "I just saved a bunch of money on my car insurance" in the shortest amount of time.

    Trend Micro VSAPI 8.5 Beta Program
    Trend Micro have started the VSAPI 8.5 Beta Program.
    The Trend Micro scan engine, VSAPI, short for Virus Scan Application Program Interface, is a robust, industry-leading carrier class virus scanning and cleaning engine which is at the heart of all Trend Micro enterprise and personal antivirus products.

  • Improved performance
  • Reduced pattern size
  • Microsoft Office 2007 file-type support.
  • Microsoft Vista support

    May 16, 2007 to June 13, 2007

    Lets all hope this makes all their products faster and more stable. If you are a Beta tester for Trend, follow your invite email or log onto the Beta site.

    Hot topics for May from the SBS partner newsgroup
    After running the Backup Configuration Wizard to change the tape changer to another person, the original tape changer still receives the Outlook Reminder which prompts him/her to change the tape.
    The reminder for changing the tape drive was left in the original tape changer's calendar in Exchange.
    Delete the recurring appointments from Outlook.

    When connecting to the server via the Remote Desktop through the VPN connection, the logon window never appears.
    The MTU size on both the VPN client and server are larger than the MTU size on the router.
    1. Use the Ping utility to find the largest MTU size which is supported by the router.
    2. Set the MTU size on both the client and server side as the largest
    MTU size supported by the router.
    How to Troubleshoot Black Hole Router Issues http://support.microsoft.com/default.aspx?scid=kb;EN-US;314825

    The SBS integrated setup failed with the installation of the "Network Components" and "Client Components". We saw the following text in the setup
    [04/04/07,12:16:43] Networking: [2] An error occurred while copying files for the Networking component. See C:\Program Files\Microsoft Integration\Windows Small Business Server 2003\Logs\SBSMSI-Connectivity.LOG for the list of files that were not copied. You may want to run Setup again and reinstall the component. [04/04/07,12:16:43] Intranet: [2] Failed to get version regkey in CClientX::HrGetSTSVersion. This is a clean install of ClientX. [04/04/07,12:18:49] Client Deployment: [2] Failed to set DACL to E:\Program Files\Microsoft Windows Small Business Server\ClientSetup\Clients [1] [04/04/07,12:18:49] Client Deployment: [2] Failed to set DACL to E:\ClientApps [1] [04/04/07,12:19:04] Client Deployment: [2] Error copying service packs with error [3]. [04/04/07,12:24:01] Intranet: [2] Failed to get version regkey in CClientX::HrGetSTSVersion. This is a clean install of ClientX. [04/04/07,12:25:09] Server Configuration: [2] Failed to Add/Remove TDL Task; Key="ICW", Name="Connect to the Internet",Desc=""%SystemRoot%\hh.exe" %windir%\help\SBSMain.chm::/TDLc_ConnectInternet.htm",Action=""%SBSProgramDir%\Networking\ICW\ICW.exe" /s", Pri="25",Enabled="0",Complete="0",Status="1",Category="0" with error [80070002] [04/04/07,12:25:09] Server Configuration: [2] Failed to Add/Remove TDL Task; Key="SecBestPractices",Name="View Security Best Practices",Desc=""%SystemRoot%\hh.exe" %windir%\help\SBSMain.chm::/TDLc_SecurityBP.htm", Action="" %SystemRoot%\hh.exe" %windir%\help\SBSMain.chm::/TDLp_SecurityBP.htm", Pri="20",Enabled="0",Complete="0",Status="1",Category="0" with error [80070002] [04/04/07,12:25:09] Server Configuration: [2] Failed to Add/Remove TDL Task; Key="Modems",Name="Configure Fax",Desc=""%SystemRoot%\hh.exe" %windir%\help\SBSMain.chm::/TDLc_ConfigFax.htm", Action=""%SBSProgramDir%\fax\faxcfg.exe"",Pri="84",Enabled="0",Complete="0",Status="1",Category="1" with error [80070002] [04/04/07,12:25:09] Server Configuration: [2] Failed to Add/Remove TDL Task; Key="RRAS",Name="Configure Remote Access",Desc=""%SystemRoot%\hh.exe" %windir%\help\SBSMain.chm::/TDLc_rraswiz.htm",Action=""%SBSProgramDir%\Networking\rraswiz\sbsrras.exe"", Pri="31",Enabled="0",Complete="0",Status="1",Categor y="0"with error [80070002]

    Permissions are missing on Temp folder.
    Give the full control permission on the C:\Documents and Settings\Administrator\Local Settings\Temp:

    Users cannot send emails to some roaming users who use another email domain. The users get NDR with the SMTP error code 5.4.6.
    Local Exchange organization is authoritative for the other domain.
    Unauthorize the Exchange server for that email domain.
    You receive an NDR with a 5.4.6 status code when you send a message to a specific domain in Exchange http://support.microsoft.com/kb/324732/en-us

    Cannot back up the server and received the following text in the backup log file:
    Backup Status
    Operation: Backup
    Active backup destination: File
    Media name: "Small Business Server Backup (01).bkf created 3/19/2007 at 11:33 PM"
    Volume shadow copy creation: Attempt 1.
    Timeout before function completed
    Error returned while creating the volume shadow copy:0x80042319.
    Error returned while creating the volume shadow copy:80042319 Aborting Backup.
    The error 0x80042319 indicates VSS_E_WRITER_NOT_RESPONDING. The problem can occur if the VSS-related DLL files are not registered properly.
    Re-register the DLL files:
    Net stop vss
    Net stop swprv
    regsvr32 ole32.dll/i
    regsvr32 vss_ps.dll
    Vssvc /Register
    regsvr32 /i swprv.dll
    regsvr32 /i eventcls.dll
    regsvr32 es.dll
    regsvr32 stdprov.dll
    regsvr32 vssui.dll
    regsvr32 msxml.dll
    regsvr32 msxml3.dll
    regsvr32 msxml4.dll

    Send feedback about this particular blog
    Read Feedback from others

    12 May 2007

  • End blog for: 12 May 2007

    ISA 2004 SP fails During SBS 2003 SP1
    You all have SP1 ? Right ?
    I hope you all have R2. For those less fortunate, at least Windows SBS 2003 SP1. If not, you should. SP1 is a huge leap for Exchange and many other things. A few people have had some issues with SP1 with ISA 2004. Just to dig back into the archives, if you have ISA2004 Installation Failing during the SBS 2003 SP1 Install, here is some hope for you.

    Send feedback about this particular blog
    Read Feedback from others

    9 May 2007

    End blog for:9 May 2007

    Here's to those who make to think ! Thanks.
    Time to shout out my thanks
    Those who know me, know I take on 1 special community project per year. I also have my other annual projects like the Scout Jamboree (12 years) and sometimes get 2 projects done but I try to limit to 1. I have been the IT manager for AJ2004 with 12,000 scouts, IT Manager for NCYC2005 with 2,000 delegates, the Executive Producer for Dryzone and technical editor for Pro Windows, Small Business Server 2003. I have been an MVP for 4 years running and this year, as an added bonus, I am looking at doing talk back segments on a local radio station. So why am I telling you all this ? Because I have people to thank and people to inspire.

    This month, I have started analyzing people who visit my website. I can see that Redmond (Microsoft) have been visiting. (Who ever you are, say Hi!). I get a constant stream of emails from people wanting help. They come from delegates at previous conferences where I have spoken (From Around Australia and New Zealand), from the MVP links on the Microsoft website, from the community SBS web links linking to my website, the MVP orgs links, my blog and the many news groups. If you google me, you will find me.

    I thought it was about time I said thank you to the people who I have helped this month. The reason is simple. I help to create a more educated user out there in the world, who in turn educates me. Forces me to learn, research and talk to my peers. They push my mind further than I would normally take it and help me stay current. there is never one email or thread that is the same. For privacy reasons, I am not going to list peoples last names however, my thanks out to :

  • Walt B (USA) - Hang in there mate. We will fix it.
  • Ron S. (AUS) - I hope those backups are working well !
  • Richard B. (Aus) - We will get this DNS and Dodo nutted out (Congrats on the engagement to mate)
  • John M. (UK) - I hope you got a good Hardware based external non USB v90 modem for your faxing
  • Jens C. (Denmark) - I trust Exchange is now running as it should
  • Jack F. (Unknown) - Thanks for the inspiration I needed to get my SBS logon script up and running (on my Scripts page)
  • George E. (USA) - I hope Hot bar has long since left you alone.
  • Don M. (Honolulu) - I hope you got your DC and member server all up and running
  • Phil M. (NZ) - I hope Exchange is ticking along
  • Jerry G. (NZ) - I hope you are liking RWW
  • James G. (NZ) - Is SBS monitoring working now ?
  • Jack G. (NZ) - Good to get your last feedback !
  • Tony S. (NZ) - Thanks for the feedback on my blog. I posted your response.
  • Mike F. (Aus) - I hope the modem for faxing worked out.
  • Clark K. (USA) - Thanks for the blog feedback and update on Intellipoint

    You know who you all are. Thanks Guys

    Send feedback about this particular blog
    Read Feedback from others

    6 May 2007

  • End blog for:6 May 2007

    Updates and Exams
    A bit 'o' Fun
    I have been sitting here, getting my OEM Preinstallation exams up to date with Microsoft. I was a little bored during the process and found some great sites to get side tracked with. If you need a little fun, take a look at the following audio enigma and then if you still need to do something fun, try the Starwars personality test. In case you are wondering, I came back as Luke Skywalker. And I am also now an SBS Preinstallation Specialist and Office Ready Specialist.

    How do I get my floppyless laptop to install Windows with all the hardware drivers I need for my RAID ?
    I can not see a USB key or CD disk when I press F6 during the install. Just how do I do it ? Slip streaming my friend. I can blab on about it here or you can look at this cool tutorial using Nvidia drivers and download a great tool for helping you to do this, called nlite.

    My SBS box is loosing hard drive space !
    I am using Trend Neatsuite, SBS 2003 premium and Symantec Backup exec. What can I do to free up space ? Firstly, delete all the old Trend Micro pattern files. I have found I can sometimes clear up to 1 Gb doing this. The files seem to accumulate and can be 32 MB each. There are various temp and pattern files under each of the Trend Components installations that can all be cleared. Check out the Trend Knowledge base for more info on what you can delete.

    As I am using Backup exec, I can also go to Program Files\Backup Exec\NT\CATALOGS subdirectory and delete any temporary catalog files such as: *.SM, *.FDD and QTC*.* files.

    I am also using ISA. This creates many Firewall logs and other clutter you can delete. I also delete reports generated by ISA. An administrator can scheduled reports at one time or another and they get left behind. Go under Monitoring/Reports in ISA to view the reports. Disable reports or delete the jobs under Monitoring Configuration/Report Jobs if you don't want them to fill up your hard drive. Or you can reduce the number of reports that are kept. (look for it under Report Jobs properties/Log Summaries tab)

    I delete all "Program Files\Microsoft ISA Server\ISASummaries\*.tmp" Files.

    The last question is why my hard drive space free is 900 mb but the drive only has 3 Gb of data on it and it is a 6 Gb partition. Do I have a rootkit taking up the missing space or something else malicious ? It is likely not. I would look at the Volume Shadow copy settings. Even if the drive is marked as disabled for VSS, backup tools take snaps when they start. I have 2 Gb allocated to the snaps. I enabled the volume shadow for the drive in question, deleted the snaps, disabled it again and all of a sudden, I have 2.9 Gb free.

    pet32.exe, not an animal to pat on the head.
    If you find it, use Process explorer to kill this in memory, find the file in C:\, delete it, create a folder called pet32.exe and then start looking at your memory disks and USB drives. Delete it from those to. Once you have deleted them all, remove the registry startup key for pet32.exe for the local user. This is one freaky virus that spreads to everything digital. Dictaphones and more,. Anything with memory and storage. Now crank up trend micro Housecall and scan your PC.

    Take a look at this link.

    Here are some technical details for you:

    W32/IRCBot-VE is a worm and IRC Backdoor for the Windows platform.
    W32/IRCBot-VE may spread via removable storage devices.
    W32/IRCBot-VE runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
    When first run W32/IRCBot-VE copies itself to \pet32.exe.

    The following registry entry is created to run pet32.exe on startup:

    Registry entries are created under:

    Windows Server Update Services 3.0 is out for you to play with !
    This has the power to really make patching easy. This is a welcome update.

    Read this:
    Installing Microsoft Windows Server Update Services 3.0 on Windows Small Business Server 2003
    Before doing this:
    Download Windows Server Update Services 3.0

    My PST file got big, died and now I have lost my email
    Lets stop this happening. This KB talks about a simple regedit that will save you losing your email if your PST reaches 2 Gb.
    How to configure the size limit for both (.pst) and (.ost) files in Outlook 2007 and in Outlook 2003

    Take your SharePoint OFFLINE !!!!
    Thanks to Colligo Contributor
    This cool utility allows you to take the contents of a WSS or SPS site offline – most functions work offline. A few items will not work (like linked lists etc won’t work offline – but you can still view the content).

    No ... Stop using WEP !
    The Wall Street Journal has a fascinating article about how the bad guys stole a lot of Credit card data from TJMaxx over a period of years. It was by exploiting WEP.

    They were grabbing the WEP-encrypted data from a store in St. Paul, got a username and password for the corporate network, set up accounts for themselves, and that was that. Also, they were pulling out unencrypted credit card info in real time, so while TJMaxx was bagging your purchase, someone in Mexico was buying Walmart gift cards with your credit card.

    If you are interested, just Google "stole all that data from TJ Maxx". Interesting read.

    Take a look at this link

    ISA 2004 SP3 available
    Microsoft has announced the availability of SP3 on Microsoft.com. You will find the SP3 software packages at the following locations:
    Standard Edition
    Enterprise Edition

    It will want a reboot. The new colors on it are nice. DO NOT INSTALL VIA A REMOTE SESSION !

    Some people have reported their servers simply getting locked down. No remote access, no internet access from the server, no nothing. The majority of installers have not had major issues just yet.

    System Center Essentials 2007, AKA SCE has RTM'ed.
    The links are available in full on TechNet here
    The English version is currently available for evaluation here
    See the following site for Essentials Self-help resources. click here
    See the SCE Support Forum (linked on the TechNet link)
    Find out more about Essentials in the Overview Whitepaper here
    See a demo of Essentials here
    Download the datasheet for more information on what Essentials provides here
    Or just visit the homepage here

    Are you email bankrupt ?
    I receive hundreds of emails a day. When I read this article on the smh website I not only identified with it but I almost shed a tear. If you to receive to much email and spam, take a look at this article. under-siege-users-declare-email-bankruptcy

    Want to see what the Longhorn Beta 3 build looks like without DL and install?
    Have a look at this page of screen shots

    Send feedback about this particular blog
    Read Feedback from others

    5 May 2007

    End blog for:5 May 2007

    Cool gadget to tell people where my readers are from !

    Send feedback about this particular blog
    Read Feedback from others

    30 April 2007

    Clustermaps is a new type of page counter. It graphically tells me where in the world my readers are from. It is accurate enough to tell me roughly what is going on. Check it out and try it on your own sites !

    End blog for:30 April 2007

    Send feedback about this particular blog
    Read Feedback from others

    25 April 2007

    WARNING, WARNING If you have not yet read KB 935964 DO it. This is one of those security updates you can not simply ignore. This KB, Microsoft Security Advisory: A vulnerability in RPC in the Windows DNS Server service could allow remote code execution, is very real.

    Also look up
  • Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution
  • Windows DNS server advisory
  • The KB 935964 DNS Server Vulnerability and SBS

    If you are a "Not for Profit" organization or working on a community project, are you going to CU07 ? If you are not, why not ?

    It is not that I am speaking and I need your help to make the room feel full, it is the place to be.

    I plan to talk about two items.
  • Microsoft and how do you get this powerhouse to support you?
  • How do I find help in the community ? User groups ? News groups ? Shout at the top of my lungs ?

    Last year I spoke about the large community projects I have had the pleasure of being involved in and how I managed on such a small budget. The session was so well received that I was asked to come back. I can not promise fireworks and smoke like last years enthusiastic presentation but I am sure I have a Gem or two for you.

    Take a look at the schedule here

    Thanks to David Phillips and CISA, here is another tip for Not for Profits. Australia finally has it's own bargain basement pricing for NFP's. Check out Donortec

    Whose is that ?
    I needed to find out which Australian ISP registered an American Domain with Tucows domains, for a client. I tried the normal Nslookups and whois. I stumbled across a site that does exactly what it claims. It is a better whois. check it out ! http://www.betterwhois.com/

    To Task manage or not to - That is the question
    I have a client whose task manager has no menu and you can not exit the product. It was annoying. How do you get rid of this blot on your screen ? Simple. Double click anywhere in the grey area outside of the data window and you change the view. Task manager remembers this vie next time it runs.

    Physical to Virtual
    Do you have an operating system somewhere you would like to virtualise ? Maybe with Vmware or Virtual PC ? Open up google and search for "physical+to+virtual+p2v" and review the various solutions. I was surprised to see so many. Now I need top go off and try it out.

    Can't view, delete or rename this stupid file !!
    Have you ever accidentally created a file name or path to deep, now can not administer it ? You can't do anything with it as Windows just ignores you. If you have file and printer sharing turned on, share the folder above the location you can not get to. now, go to the share via networking and you suddenly have a shorted file path. Delete, rename or view it. i.e. \\machinename\sharename\filename is the new path to the stubborn file.

    MSDN transfer manager vanished
    If you are a big user of files form MSDN, you would have to hate the Microsoft transfer manager if your machine gets rebooted or the transfer interrupted. There is no link to it and it appears not to be installed on your PC for you to activate it again. Here's the trick, run "C:\WINDOWS\Downloaded Program Files\TransferMgr.exe"

    ISA/SBS Create a report by visited websites - By Amy Babinchak
    "Many admins learned how to create reports by opening up the log files in ISA 2000 and using Excel features to organize the data in a meaningful way. Contrary to popular opinion, you can use Excel to generate a report using ISA 2004 with MSDE logging much easier than in ISA 2000 flat files.

    Start by trimming out what you don't want to see, right in ISA.

    In the monitoring tab create a query with the information you want to view.

    Logging last 7 days
    Protocol HTTP
    Action Allowed Connection
    Rule SBS Internet Access Rule
    Client Username Not Equal Anonymous

    This will display in the monitoring viewer a list of packets going to websites. Press the Copy to Clipboard and then paste into Excel to start organization the data into a report."

    Multi-Core Processors: Another reason for SP2 - By Amy Babinchak
    "While loading an ISA2004 onto new hardware I ran into a problem where the firewall service would not run. When something like that happens on a new install you get that sinking feeling that it's going to be a long night. Fortunately a quick search came up with the solution. Install ISA 2004 SP2. ISA 2004 SP2 corrects an issue where ISA misidentifies the number of processors in the system. This can happen for a variety of reasons, one of which is multi-core processors."

    ISA issues after an installation of Windows 2003 SP2
    The ISA team has blogged about some issues affecting ISA after an installation of Windows 2003 SP2. The original post is here.

    "ISA Server and Windows Server 2003 Service Pack 2

    Recently Microsoft released Service Pack (SP) 2 for Windows Server 2003 (http://www.microsoft.com/technet/windowsserver/sp2.mspx). We tested ISA Server with the Windows service pack quite extensively. Unfortunately we discovered after the release of the Windows service pack that there are several issues that have potential ill-effects on ISA Server. This blog summarizes the currently known issues, and suggestions on how to mitigate those issues.

    1. If you run ISA Server 2004 Enterprise Edition with or without the ISA Server SP2, you must install ADAM SP1 on the ISA Server Configuration Storage Server prior to installing the Windows Server 2003 SP2. ADAM SP1 can be downloaded from http://www.microsoft.com/downloads/details.aspx?FamilyId=9688F8B9-1034-4EF6-A3E5-2A2A57B5C8E4. If you install Windows Server 2003 SP2 without first installing the ADAM SP1, ISA Server will not start after the installation, and you will have to uninstall Windows Server 2003 SP2. Further information is available in the Windows Server 2003 SP2 release notes, at http://technet2.microsoft.com/WindowsServer/en/library/ed5382af-e819-4d33-ace0-225d31b7ab751033.mspx?mfr=true .

    2. If you run ISA Server 2000, 2004 or 2006 Standard or Enterprise editions on a multi-core / multi-processor 32-bit computer, and the CPU is heavily utilized, you might experience performance degradation in certain deployment scenarios after installing Windows Server 2003 SP2. The issue stems from a change in interrupt handling introduced in SP2.To correct the issue you must download and run the Interrupt Affinity Tool (intfiltr) available in Windows Server 2003 resource kit (http://www.microsoft.com/downloads/details.aspx?FamilyID=9d467a69-57ff-4ae7-96ee-b18c4790cffd). You can read about installation and usage of intfiltr.exe in http://support.microsoft.com/kb/252867.

    3. If your network adaptors (NICs) support receive-side scaling (RSS), then in certain NAT scenarios ISA Server 2000, 2004 or 2006 Standard or Enterprise editions might not transfer packets from one NIC to the other after installation of Windows Server 2003 SP2.To correct the issue you must disable RSS support ­­- follow the instructions in http://support.microsoft.com/default.aspx?scid=kb;EN-US;927695.

    Neta Amit
    Program manager
    ISA Server Sustained Engineering Team"

  • End blog for:25 April 2007

    Microsoft for Partners coming to town on the 17th May (Adelaide)
    Send feedback about this particular blog
    Read Feedback from others

    19 April 2007

    See you there !

    A slightly different format this year. There is the normal Keynote and the OEM evening. What might catch you off guard is the Technical training in the middle at $129 AU per person. Before you shoot the messenger, this is not the same technical briefings that are free at all MFP events. This is TRAINING. Bring a laptop. Yes, it is $129 AU but this is real hands on training with material provided for those without laptops and this kind of event costs money. So .. Before you boycott the event and get upset as previous events ran all day for free, remember, this is not a sales event where people are trying to help you sell the Microsoft product. This is real hands on Valuable training. Oh, and I might see you from the stage for the OPK training and other items ! Just don't throw things at me :)

    Details for the MS Partner Roadshow are available at http://www.microsoft.com/australia/partner/events/mfproadshowplus.aspx

    End blog for:19 April 2007

    Trend IMSS disclaimer clues and RSS feeds for my WSS
    Send feedback about this particular blog
    Read Feedback from others

    18 April 2007

    Time to archive

    Yes, RSS feeds and blogs are missing form here, I am running out of web space and I need to archive out all my old RSS feeds. Look for old blogs in my archive.

    Trend Micro Internet Messaging and Security Suite (IMSS) sends email body as at attachment

    I have seen this happen when the Disclaimer outbound policy is turned on and the disclaimer contains a huge amount of txt or a html tag character. As you can type native html into the disclaimer, it can be miss interpreted.

    Whilst we are talking Disclaimers, you can should use notepad to edit your disclaimer and manually press enter at the end of each line. Using word wrap can produce strange results when you past into the policy. The other issue can be strange blank lines appearing between lines of text. This can occur if you edit the text in Ms Word or have hard character returns that are interpreted as line feeds.

    Where are my Weather and news WebPart's in WSS in SBS 2003 ?

    The MSNBC Web Parts that normally appear on SBS in the online gallery (online Web Part gallery for Windows Share Point Services) have been discontinued. On February 6, 2007, these Web Parts were discontinued, and they will no longer display data. Beginning on that day, the Web Parts will link to an article. At the end of

    February, the Web Parts will return an error.

    Please refer:
    Ok, so I really liked these WebPart's. How do I survive ? With Feedreader from smiling goat.

    Read about Feedreader from smiling goat

    Download it from Codeplex

    -What is it ?
    FeedReader is Smiling Goats most popular web part. With the world of aggregation getting more popular and more portals and mainstream internet media leveraging syndication feeds RSS, Atom, etc.), there is a greater need to provide a home for this information. In SharePoint, a team site or your My Site provides a great landing area for you to represent your own personal/team space with relevant information...and leverage syndication feeds. (SBS 2003 is a great place to expose this) FeedReader is a web part that can consume multiple RSS or Atom syndication feeds and represent it in a clear, concise web part view (with different view options). FeedReader was the first web part of it's kind. Unlike others (and the WSS XML Web Part), FeedReader was the first to allow multiple feeds in one web part, caching of information, collapse/expand options on the feed description, and filtering options.

    -The System Requirements:
  • Microsoft Windows SharePoint Services (SBS 2003 includes this)
  • Microsoft .NET Framework 1.1 (SBS 2003 includes this)
  • Microsoft Windows 2003 Server (SBS 2003 includes this)

    -To Install the Web Part use
    "stsadm.exe -o addwppack -filename (path to file) -globalinstall -force"

    I ran stsadm.exe from within the install directory (As it was not in my path, I cheated and copied stsadm.exe from C:\Program Files\Common Files\Microsoft Shared\web server extensions\60\BIN)

    C:\Program Files\Smiling Goat\FeedReader>stsadm -o addwppack -filename SmilingGoat.FeedReader.cab -globalinstall -force

    The output was as follows:
    "smilinggoat.feedreader.cab: Deploying to http://companyweb/. Operation completed successfully."

    When adding the web part to a page, it will default to having no RSS feeds input. Open the Companyweb page (Or your WSS url)
  • Select Modify shared page
  • browse WebPart's
  • look in the Virtual server gallery
  • Add feedreader by dragging to your page.

    Add RSS Feed URLs through the "Modify My Web Part" option and separate them with a semicolon ";" before saving.

    In the XML path for weather and news I used (Adelaide)

    and selections from http://www.weatherzone.com.au/
    If you need to get your webpart out through a proxy server (I did not need to do this):
    There are two ways you can use this web part within your proxy server. The first is to set your proxy configuration in the Portal's web.config


    Note: If you use the above method your proxy server must allow non user-authenticating traffic from the SharePoint server as you cannot specify a user account in the above .NET Framework method. The second option is to configure the proxy server settings on the web part. In SHARED VIEW, the proxy server/port settings are enabled for you to enter them.

    I have Telstra Bigpond and am resetting my router. What are their DNS servers ?

    Rather than spend 9 hours on hold, take a look at their end-user page here.

  • End blog for:18 April 2007


     New additional blog (Added August 2011). Mickyj Mindspill at msmvps.com







         ( )

    View Previous posts before 18 April 2007





                                                                 This page was written and designed by Michael Jenkin 2011 ©



    Don't forget the other blogs etc