Pages

Windows Server Solutions BPA Updated September 2011 but is not prompting for update

Microsoft released an update this week for the Windows Server Solutions BPA that covers a number of products, including:

  • Small Business Server 2011 Standard Edition
  • Small Business Server 2011 Essentials
  • Windows Storage Server 2008 R2 Essentials
  • Windows MultiPoint Server 2011

More information about this update is available on the Official SBS Blog page at http://blogs.technet.com/b/sbs/archive/2011/09/29/windows-server-solutions-bpa-updated-september-2011.aspx

So how do you get the update? First, make sure you have the Microsoft Baseline Configuration Analyzer 2.0 installed. To get it, go here. Next, make sure to download and install the Windows Server Solutions Best Practices Analyzer 1.0 here

During the install, you will be prompted with this screen:

image

Make sure to check this box during your install, or you will not be prompted to automatically update!

Once you have it installed, launch the BPA either via the SBS Console under security (if you selected to integrate it in the console) or when you launch it under the start menu. You will see in the system tray an icon/pop up stating to update, like this:

image

Select that, and a window will open

image

Close the BPA you have open and then wait about 5-10 seconds. The next box will change and allow you to click on it. That’s it, you are now updated!

Hey Lyle, I don’t see it prompting me. Why?

Ok, so you got it installed, but now you launch it and don’t see it prompting you for the update. No problem, here is how to fix this:

Open up the registry and navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsServerSolutions\BPA

image

Look for the DWORD item “Update”.  It is probably set to a 0. We want to change it to a value of 1. It should now look like this:

image

 

Close out the BPA if you have it open. Now re-launch it and you will see it appear in the SysTray.

Office 365 is down for over 3 hours causing business disruption

Well Microsoft’s new Office 365 solution goes down causing business disruption. Sometimes I wonder if this cloud nonsense is just another bad joke.

 

image

What is the correct model number?

Today we received a batch of new Seagate Enterprise hard disks, which should have been model ST2000NM0011. It looks like someone in the label department in Thailand made a mistake, as the model number is shown with a 1 (1TB) and a 2 (2TB). After plugging it in, it was detected as a 1TB drive. Glad to know we can’t always rely on stickers.

image

Exchange 2010 SP1 Rollup 3 and BlackBerrys sending duplicate messages

Tonight I had a customer informing me that since we installed the latest rollup for Exchange 2010 SP1 their BlackBerry were sending duplicate messages. After doing some research into the issue, I came across this blog http://blogs.technet.com/b/exchange/archive/2011/03/14/exchange-2010-sp1-rollup-3-and-blackberrys-sending-duplicate-messages.aspx

image

For the time being, hold off on installing RU3 until Microsoft get’s this fixed. In fact, they state that they have pulled the Rollup for now. I suggest looking at the EHLO link above to confirm when it is fixed.

Exchange 2010 Mailbox Server Role Calculator

I am currently working on planning out a new data center that will be running Exchange 2010. I found a great tool from the Exchange team called Exchange 2010 Mailbox Server Role Requirements Calculator which is quite powerful. An updated version of this tool can also be located at http://blogs.technet.com/b/exchange/archive/2010/01/22/3409223.aspx 

Enjoy.

Lyle Epstein

Kortek Solutions

Android update gives more features with Exchange EAS

Today my wife updated her Sprint Samsung Transform phone with the latest Android OS. I have been waiting for Sprint to push out this update as I found a very strange bug in the base OS that was shipped with the phone in November 2010.

For a list of versions and when they were shipped, see http://socialcompare.com/en/comparison/android-versions-comparison

The bug I identified was if you setup the phone to Sync with the Exchange server, in this case Exchange 2010 SP1 RU2 and then proceed to select a contact, change the picture of the contact to one that is on the device, and re-sync, you will now see the new picture in your Outlook. That is how it is suppose to work. The bug part comes in when you now edit that contact, say change the phone number or email address. Now sync the device, and you will notice the data doesn’t change in the device. The only way to fix it from my testing was to delete the contact via the phone. Once you do that, re-sync, and it will be gone from the Contacts in Outlook. Now go into your deleted items and you will see the contact. Move it back to your contacts, and re-sync the phone, and the contact is now correct on the phone. But if you make a change to the contact again, you will run into the same issue.

This was VERY annoying! I had found an update to the Android OS but it required rooting the phone, something I didn’t want to do. After the update came down today from Sprint, I retried my issue, and the bug has now been fixed. Other things I noticed in the new update is the support for OOF, or Out of Office. That is a nice touch as Active Sync get’s more aligned to the features in Exchange 2010 and EAS. I also noticed that the new update now enforces Active Sync’s security policies, including requiring a device password.

Now we wait for Microsoft’s own Windows Phone 7 to start supporting more Exchange EAS policies. If you are interested in knowing more about EAS, here is a chart by Marco Nielsen

 

Versions

The important versions of EAS usually follow the Exchange Server releases and they are are currently:

EAS Version Server Release Comments
EAS 2.0 Exchange Server 2003  
EAS 2.5 Exchange Server 2003 SP2  
EAS 12 Exchange Server 2007 The Exchange software becomes part of Office release 12 aka Office 2007.
EAS 12.1 Exchange Server 2007 SP1  
EAS 14 Exchange Server 2010 The Office product team skips over number “13”.
EAS 14.1 Exchange Server 2010 SP1  

More details can be found here.

Compatibility Comparisons

Due to the incremental versions, protocol licensing and various implementations on different mobile devices, OS platforms and software clients it is very hard to get a complete view of what features are supported on a given device. Even if the mobile device is running a specific OS platform, the OEM, and mobile operator (especially here in North America) can decide to make specific changes.

I have found several references that may help, but all will obviously become out of date as new platform versions, software and devices come out.

I take no responsibility for their accuracy or the content. All information should always be tested on the devices you have on hand. I also apologize if the links become dead after a given amount of time, please ping me and I can update.

Name Hyperlink Comment

Comparison of Exchange ActiveSync Clients

Link

Updated by the “public” on Wikipedia, has Android 3.0.

Exchange ActiveSync Client Comparison Table

Link Updated table posted on Microsoft TechNet. Please notice the Nitrodesk Touchdown comparison. This can close many gaps on Android devices and also supported by MDM vendors.
Android and iPhone Exchange Activesync Policies Link Nice listing by Tom Basham in the UK. Points out some problems with the Wikipedia comparison on the CALs.
Android 2.2 and ActiveSync policies – a complete guide that works Link Only using a HTC Desire running Android 2.2 on Exchange 2007 SP1. But great play by play.
iPhone OS 4 and EAS – what really works? Link Only using an iPhone running iOS 4.2 on Exchange 2007 SP1. But another great play by play of all the policies.
More on Windows Phone 7 Security Policies Link Brief review from Tom Basham of the Windows Phone 7 related security policies.
Exchange ActiveSync Considerations When Using Windows Phone 7 Clients Link Detailed TechNet article on Windows Phone 7 supported features by Henrik Walther.

 

This excellent chart was posted by Marco Nielsen at http://www.myitforum.com/absolutenm/templates/Articles.aspx?articleid=22540&zoneid=100

White House wants to impose tougher penalties for software piracy

image

The White House is currently reviewing a new set of much tougher laws for software piracy, including jail time of up to 20 years. There are several other items in this list of recommendations that do not pertain to software, like drug offenses, but all fall in the intellectual property category. If you want to see what these new limits are about take a look at http://www.whitehouse.gov/sites/default/files/ip_white_paper.pdf 

I am pretty sure this one will get signed into law. This is a good thing, as software piracy hurts everyone.

The User accounts cannot be added into GroupPolicy ‘AllSBSUsers’ SBS 2011

I began seeing this error on a migrated SBS 2011 Standard server in the event log Microsoft-Windows-Small Business Server/Operational section

 

image

 

image

In order to identify what originally happened in the migration, I went to C:\Program Files\Windows Small Business Server\Logs and viewed errors.log file. In this file, it showed ConfigureGP: Windows Small Business Server group policies cannot be configured. This was a good clue that this part of the migration got messed up. It is quite similar to the issue talked about on the official SBS Blog site

How to Manually Create the SBS 2008 and WSUS Group Policies Objects at http://blogs.technet.com/b/sbs/archive/2009/09/03/how-to-manually-create-the-sbs-2008-and-wsus-group-policies-objects.aspx 

To fix the issue, follow the instructions on that site except the difference here is that this is a SBS 2011 server and that blog entry was written for SBS 2008. Instead of using the file gpofix.txt that is listed on that site, use the updated SBS 2011 file you can download here

Download File – gpofix

I suggest before doing this, to backup your GPO’s, WMI filters and delete these GPO’s and WMI filters as they will be recreated with this script. if you don’t know how to backup your GPO’s, check out this site http://www.petri.co.il/backing-up-group-policy-objects.htm 

When you run this updated script, it will create the following Group Policies objects

  • Windows SBS Client – Windows 7 and Windows Vista Policy
  • Windows SBS Client – Windows XP Policy
  • Windows SBS Client Policy
  • Windows SBS CSE Policy
  • Windows SBS Users Policy

In addition, 3 WMI filters will be created

  • Windows SBS Client
  • Windows SBS Client – Windows 7 and Windows Vista
  • Windows SBS Client – Windows XP

Everything else on the Official SBS Blog site is the same. To confirm that it was applied correctly, take a look at your Group Policy Manager and you will see the newly created ones with the current date and time.

image

Of course if you want to see even more details, open the file GPOTask.log at C:\Program Files\Windows Small Business Server\Logs and you can see each action that was taken. If you are not aware of this folder and logs, it is one of the standard places I look on a SBS 2008 or SBS 2011 server when troubleshooting SBS related issues.

SBS 2011 Change Folder Permissions causes SBS Console to crash and RWA view folders provides error

Today I was troubleshooting a strange issue in the SBS 2011 Console. When I select Shared Folders from the SBS 2011 Console and click on Change Folder Permissions

image

the SBS Console crashes with Windows SBS 2011 Standard Console has stopped working, as shown below

 

image

After troubleshooting for several hours with Microsoft and not able to find a quick resolution I became more determined then ever to discover the cause and solution. In order to fix this situation, either change the Users Roles from one to the other and then back, or modify the existing Users Roles with a new setting like disabling the quota’s so that it re-applies the role to the users. You can then change this setting back and reapply it once again.

image

It appears that this happens on servers that are migrated and not new installations. In the SBS 2011 migration guide at http://technet.microsoft.com/en-us/library/gg615504.aspx it states

image

Upon further testing, I discovered that if you don’t Replace user permissions

 

image

and simply add to the existing permissions, it will not resolve the issue.  Therefore, you MUST replace user permissions. If you have created custom security groups and didn’t add them to a custom user role, please make sure to write down the current security groups  and distribution groups that the user is a member of as running it in replace mode WILL remove all other membership groups.

During my troubleshooting of this issue, I also discovered that all of my email enabled distribution groups showed no users via the SBS 2011 Console. I went into Exchange Management Console and attempted to view the distribution groups to see if members were listed, but upon expanding this node, EMC stated An error caused a change in the current set of Active Directory server settings. Restart the Exchange Management Console.

image

I then opened up each distribution group in the SBS 2011 Console and added the users to the correct groups. After that, EMC worked correctly and showed the groups with the correct members listed.

Another issue you will see by not replacing the user permissions via the Change User Role wizard is when you open up the Remote Web Access,  you will see the following error stating There was a problem loading a gadget. Contact the person who manages your server.

image

This is also caused by the same issue. Rerun that Change User Role wizard and you will now see

image

In a future post I will document all of the troubleshooting steps I took including looking at many log files for hours.Smile with tongue out

SBS 2011 setup or migration fails

Today I did my first SBS 2003 to SBS 2011 Standard migration. I did all the checks, BPA’s, and every other best practice I have learned over the years including reading Susan’s blog at http://msmvps.com/blogs/bradley/archive/2010/12/23/sbs-2011-migration-keys-to-success.aspx . Everything on the source server looked great. I created my answer file, and started the migration installation. Everything seemed to go fine, until the final screen which said:

image

I thought that was quite weird. Upon further digging, I noticed in the ExchangeSetupLogs folder the file ExchangeSetup.log had the following errors:

[12/28/2010 00:35:18.0614] [1] Installing MSI package ‘C:\Program Files\Windows Small Business Server\Bin\CMPNENTS\EXCHANGE14_SP1\exchangeserver.msi’.
[12/28/2010 00:35:18.0616] [1] Installing a new product. Package: C:\Program Files\Windows Small Business Server\Bin\CMPNENTS\EXCHANGE14_SP1\exchangeserver.msi. Property values: DISABLEERRORREPORTING=1 PRODUCTLANGUAGELCID=1033 DEFAULTLANGUAGENAME=ENU DEFAULTLANGUAGELCID=1033 INSTALLCOMMENT="Installed language for this product: English (United States)" REBOOT=ReallySuppress TARGETDIR="C:\Program Files\Microsoft\Exchange Server\V14" ADDLOCAL=AdminTools,Bridgehead,ClientAccess,Mailbox,AdminToolsNonGateway
[12/28/2010 00:35:46.0524] [1] [WARNING] Unexpected Error
[12/28/2010 00:35:46.0524] [1] [WARNING] Installing product C:\Program Files\Windows Small Business Server\Bin\CMPNENTS\EXCHANGE14_SP1\exchangeserver.msi failed. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance. Error code is 1601. Last error reported by the MSI package is ‘Error writing to file: amd64_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4959_x-ww_db77817b.cat.   Verify that you have access to that directory.’.
[12/28/2010 00:35:46.0524] [1] [WARNING] The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance
[12/28/2010 00:35:46.0554] [1] Ending processing install-msipackage
[12/28/2010 00:35:46.0555] [0] The Exchange Server setup operation didn’t complete.  More details can be found in ExchangeSetup.log located in the <SystemDrive>:\ExchangeSetupLogs folder.
[12/28/2010 00:35:46.0563] [0] End of Setup

Based on that error, it would appear it was a .MSI installer issue. After doing more digging I tried to manually install it, I got the same error. I searched the internet for any known issues, but as this product just came out there was nothing. I didn’t have much choice, so I opened a case with Microsoft. After 4 hours of troubleshooting, Microsoft agreed everything on the source server was set correctly. We did a manual install as:

C:\Program Files\Windows Small Business Server\Bin\CMPNENTS\EXCHANGE14_SP1>Setup
.com /mode:Install /roles:"HubTransport,ClientAccess,MailBox,ManagementTools" /e
nablelegacyoutlook /legacyroutingserver:"W3SBS-FT01" /Mdbname:"Mailbox Database
2010122716"

Welcome to Microsoft Exchange Server 2010 Unattended Setup

Setup will continue momentarily, unless you press any key and cancel the
installation. By continuing the installation process, you agree to the license
terms of Microsoft Exchange Server 2010.
If you don’t accept these license terms, please cancel the installation. To
review the license terms, please go to
http://go.microsoft.com/fwlink/?LinkId=150127&clcid=0x409/

Press any key to cancel setup…………….
No key presses were detected.  Setup will continue.
Preparing Exchange Setup

    Copying Setup Files                           COMPLETED

The following server role(s) will be installed
Languages
Management Tools
Hub Transport Role
Client Access Role
Mailbox Role

Performing Microsoft Exchange Server Prerequisite Check

    Configuring Prerequisites                                 COMPLETED
    Language Pack Checks                                      COMPLETED
    Hub Transport Role Checks                                 COMPLETED
Installing Exchange Server on a domain controller will elevate the privileges f
or Exchange Trusted Subsystem to domain administrators.
    Client Access Role Checks                                 COMPLETED
Installing Exchange Server on a domain controller will elevate the privileges f
or Exchange Trusted Subsystem to domain administrators.
    Mailbox Role Checks                                       COMPLETED
If Microsoft Outlook 2003 is in use, you should replicate the free/busy folder
on this server to every other free/busy server in the organization. This step sh
ould be performed once Setup completes.
Installing Exchange Server on a domain controller will elevate the privileges f
or Exchange Trusted Subsystem to domain administrators.

Configuring Microsoft Exchange Server

    Preparing Setup                                           COMPLETED
    Stopping Services                                         COMPLETED
    Copying Exchange Files                                    FAILED
     Installing product C:\Program Files\Windows Small Business Server\Bin\CMPNE
NTS\EXCHANGE14_SP1\exchangeserver.msi failed. The Windows Installer Service coul
d not be accessed. This can occur if the Windows Installer is not correctly inst
alled. Contact your support personnel for assistance. Error code is 1601. Last e
rror reported by the MSI package is ‘Error writing to file: amd64_Microsoft.VC90
.MFC_1fc8b3b9a1e18e3b_9.0.30729.4959_x-ww_db77817b.cat.   Verify that you have a
ccess to that directory.’.

The Exchange Server setup operation didn’t complete. More details can be found
in ExchangeSetup.log located in the <SystemDrive>:\ExchangeSetupLogs folder.

Exchange Server setup encountered an error.

C:\Program Files\Windows Small Business Server\Bin\CMPNENTS\EXCHANGE14_SP1>

 

To finally rule out that it was an issue with the actual media causing the issue, we ran the Exchange setup from the Repair DVD. That worked fine. So the final conclusion was the media was bad. Quite weird since everything else seemed to be fine.

I am downloading the media again now. Hopefully the issue is now resolved.