SMB Nation Spring 2010:
http://smbnation.com/Events/SMBNationSpring2010/tabid/286/Default.aspx

Monday is the day.  The last day of a steal of a deal.  It's the end of the early bird sign up for SMBNation East.  What's special about SMBnation east held April 30th to May 2nd?  I'll be there for one.  My talk.. or rather my open session with you is about Windows 7 a year later. 

What's worked for you, what hasn't?  What annoys you?  What doesn't?  It will an honest look at Windows 7 in a small business.

Join me at SMBnation east.

And check out how the hotel is included in the price.  Cool!

Once upon a time we had a Pepsi machine.  It was over 20 years old, and the company wouldn't rent it to us anymore.  And a firm without their caffeine is ...well.. not pretty.  So we had to find a replacement machine.  So I went online to ebay and on the web to search for refurbished Pepsi/Coke machines.  Finding a company was not a problem - through ebay I found a company that sold refurbished ones.  They were out of a machine that had a certain logo that we were used to.  So I had to settle on another logo'd machine.

Finding a company to deliver it from Rancho Cucamonga to Fresno, also was not a problem. 

Getting in through the door of the office and set up in the kitchen THAT was a problem.   

First lesson learned, don't go with the cheapest price, it will always cost you more in the long run.

I'm Feeling Lucky? - F-Secure Weblog : News from the Lab:
http://www.f-secure.com/weblog/archives/00001897.html

At least the health of your computer anyway.

FDIC: Hackers took more than $120M in three months:
http://www.computerworld.com/s/article/9167598/FDIC_Hackers_took_more_than_120M_in_three_months

I always see people say that you don't have to reformat a system after they've found malware on it.  But the more you read about rootkits, about the only way you'd know for sure is if you put a port sniffer on the outside and looked at the traffic of the box.  Are we to the point that you want to have a virtual machine that is only used for online banking?  After reading that it makes you wonder doesn't it?  Business banking accounts do not have the same safety net as the regular consumer credit accounts. 

I'm not one to throw my XPs out the window and replace them with Ubuntu but definitely googling on a XP with admin rights is like holding up a loaded gun and playing Russian Roulette these days.

Last week Steve Ballmer gave a speech at the University of Washington on Microsoft’s cloud computing strategy. This speech was an important step in illustrating to customers and industry how Microsoft’s comprehensive cloud strategy is helping change the way people and businesses use technology.
 
On Wednesday Allison Watson, corporate vice president of Microsoft’s Worldwide Partner Group, will speak to members of the Microsoft Partner Network via webcast about the opportunities cloud computing offers for Microsoft partners. The webcast will air Wednesday, March 10, at 11 a.m. Pacific, and will be available for replay afterward.
 
To view the webcast, please visit www.microsoftpartnernetwork.com.

Microsoft Partner Network Community:
http://www.microsoftpartnernetwork.com/Social/PartnerEvents/Permalink/Watch-Allison-Watsons-Webcast-on-Cloud-Computing-Opportunities-on-March-10

The original cloud computing visionary... Joni Mitchell

Do you have clients or customers in Massachusetts?

Do you hold key info about them like name and social security number?

You know what went into effect March 1st?

http://www.mass.gov/Eoca/docs/idtheft/201CMR1700reg.pdf

In a nutshell... if you have Massachusetts customers.

If you have name and SSN or credit card number or something that would lead to identity theft in the wrong hands

You need a written security program

You also need:

(1) Secure user authentication protocols including:

(a) control of user IDs and other identifiers;

(b) a reasonably secure method of assigning and selecting passwords, or use of unique identifier technologies, such as biometrics or token devices;

(c) control of data security passwords to ensure that such passwords are kept in a location and/or format that does not compromise the security of the data they protect;

(d) restricting access to active users and active user accounts only; and

(e) blocking access to user identification after multiple unsuccessful attempts to gain access or the limitation placed on access for the particular system;

So Dean and I were swapping emails about licensing and he said...

http://msmvps.com/blogs/bradley/archive/2010/03/04/iis-7-on-sbs-2008-logging-is-going-haywire-server-fault.aspx

Revisiting this. 

You know how the guy on serverfault theorized that "NTLM authentication is not persisting behind the scenes, causing continual reauthentication attempts throughout the session. " Well that may be what it looks like, but that's not what is going on under the hood.  The WSUS API is apparently a bit of a chatty cathy and it's normal for it send out a lot of IIS calls.   Each call sent to the site goes through the 3 phases of integrated security negotiation that you are seeing there as it's supposed to do.  What looks like a bug to our untrained eyes, isn't. 

So what we call a lot of failures, what we call excessive logging, what we call a really big waste of hard drive space that can put you at risk for stopping email service and what not, is really the console doing what it

It's a measure to try and stomp on the spammers.  If you sign up as a registered user you can be allowed to post without it.

Thanks for your understanding!

http://msmvps.com/blogs/bradley/archive/2010/03/05/the-news-today-ebs-has-been-declared-end-of-life.aspx

(please note there's a new captcha on the blog to slow down the spammers sorry about that)

So.

As Vlad pinged me this morning and asked if I was mourning and I said no because they hadn't nuked SBS.  He and I both responded with (yet).  And therein lies the rub.  The elephant in the room is the concern that the small partner/small business owner like me has when looking to the future.  Will Microsoft continue to service the small market just as they just re-evaluated the mid market?  What's next?

The info from Microsoft's PR arm by way of WindowsSecrets read as follows:

'Hero' goes down: Microsoft cutbacks spell the end of Essential Business Server | IT Systems News - Betanews:
http://www.betanews.com/article/Hero-goes-down-Microsoft-cutbacks-spell-the-end-of-Essential-Business-Server/1267814339
Microsoft To Discontinue Essential Business Server -- Virtualization Review:
http://virtualizationreview.com/articles/2010/03/05/microsoft-discontinue-essential-business-server.aspx
Microsoft to discontinue its mid-market server line | All about Microsoft | ZDNet.com:
http://blogs.zdnet.com/microsoft/?p=5503
Windows Essential Business Server Team Blog : New IT Trends Bring Change to Mid-Market Product Line:
http://blogs.technet.com/essentialbusinessserver/archive/2010/03/05/new-it-trends-bring-change-to-mid-market-product-line.aspx

SiliconRepublic.com: In three years desktops will be irrelevant - Google sales chief - Business:
http://www.siliconrepublic.com/news/article/15446/business/in-three-years-desktops-will-be-irrelevant-google-sales-chief
Given that I wasn't personally there and can't hear/see a transcript I'm not sure if Mr. Google said that desktops will be irrelevant in three years or desktops that we use for entertainment and information sharing will be irrelevant.  I'll buy that we're moving to a more kindle/tablet/iPad/mobile device world for entertainment and information (digital newspapers and what not) but to say that in three years desktops will be irrelevant means that the folks at Google are just as ivory tower as we complain that Microsoft is ivory tower.  Get real.  There is still not a replacement that matches the power of the QWERTY for businesses.  And I don't see that changing in three years.  I think you guys in San Jose need to drive over the Altamont Pass a bit more often and see that there

Saw this the other day on Server fault and I can say now after playing around (and paying attention) to the logging it is indeed exactly when you leave the SBS console open on the server is when the excessive logging into the log files occcurs.

IIS 7 on SBS 2008 - logging is going haywire - Server Fault:
http://serverfault.com/questions/41808/iis-7-on-sbs-2008-logging-is-going-haywire


UPDATE: Okay, I've been able to examine a few more files. The bloat is apparently being caused by something going wrong when someone (i.e., me or another admin) logs in to WSUS interactively:

1.     The trouble begins with a single log entry with no username (just "-"). It gets an HTTP status of 401.2 and a sc-win32-status code of 5.

2.     This is followed by a long stretch of entries that alternate between no username and my own username. The ones with no username have an HTTP status of 401.1 and a sc-win32-status of 2148074254. The ones with my username are normal HTTP 200 entries.

Just helped someone with the issue of out of space on the c:\

The only symptom he had was a biggie... email wasn't being delivered and NDRs occurred.  The underlying cause was out of space on the c:\drive

Users may experience some of the following errors or non-delivery-reports: Error 0x800CCC6C, SMTP_452_NO_SYSTEM_STORAGE, or 452 4.3.1 Insufficient system resources. 

So we deleted out the excess WSUS admin logs and disabled the logging like this:

Launch IIS Manager from Administrative Tools.

Click on UAC

Expand Server, Sites, and select the WSUS Administration web site.

On the feature panel, click to open Logging.

Click Disable in the Actions panel (rightmost panel)

Repeat the steps for any other web site. Please note that logging may be needed for troubleshooting or auditing purposes on sites that are public facing, this is usually not the case on the WSUS Administration site.

So far in my unscientific investigation, when the SBS 2008 console is up and open on the server this causes an excessive amount of logging on that WSUS administration log which tracks to what this person was noting in the Serverfault forum:

SBS2008: No mail flow, Getting Event ID: 10003, Error: The type initializer for 'Microsoft.Mapi.ExRpcPerf' threw an exception:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2013890

 

Unable to send or receive emails. The following errors is recorded in the Application log.

     Log Name:         Application
     Source:             MSExchangeTransport
     Event ID:           10003
     Task Category:   PoisonMessage
     Level:                Error
     Description:       The transport process failed during message processing with the following call stack: System.TypeInitializationException: The type initializer for 'Microsoft.Mapi.ExRpcPerf' threw an exception. ---> Microsoft.Mapi.MapiExceptionLowLevelInitializationFailure: MapiExceptionLowLevelInitializationFailure: ec=-2147467259 (0x80004005)
   at Microsoft.Mapi.ExRpcModule.Bind()
   at Microsoft.Mapi.ExRpcPerf..cctor()
   --- End of inner exception stack trace ---
   at Microsoft.Mapi.ExRpcPerf.ConnectionCacheBirth(Int32 maxConnections)
   at Microsoft.Exchange.Data.Storage.ConnectionCachePool.GetConnectionCache(String server, ConnectFlag connectFlags)
   at Microsoft.Exchange.Data.Storage.ConnectionCachePool.OpenMailbox(String serverDn, String userDn, String mailboxDn, Guid mailboxGuid, Guid mdbGuid, Object identity, ConnectFlag connectFlag, OpenStoreFlag openStoreFlag, CultureInfo cultureInfo, String clientInfoString, Boolean secondTry)
   at Microsoft.Exchange.Data.Storage.ConnectionCachePool.OpenMailbox(String serverDn, String userDn, String mailboxDn, Guid mailboxGuid, Guid mdbGuid, Object identity, ConnectFlag connectFlag, OpenStoreFlag openStoreFlag, CultureInfo cultureInfo, String clientInfoString)
   at Microsoft.Exchange.Data.Storage.MailboxSession.Initialize(LogonType logonType, ExchangePrincipal owner, DelegateLogonUser delegateUser, Object identity, OpenMailboxSessionFlags flags)
   at Microsoft.Exchange.Data.Storage.MailboxSession.CreateMailboxSession(LogonType logonType, ExchangePrincipal owner, DelegateLogonUser delegateUser, Object identity, OpenMailboxSessionFlags flags, CultureInfo cultureInfo, String clientInfoString)

Third Thursday with Third Tier: Managing SQL for SMB :: Third Tier:
http://www.thirdtier.net/2010/03/third-thursday-with-third-tier-managing-sql-for-smb/

If you are like most SMB IT Professionals, you’re a generalist and not a SQL expert. If that’s true this then webinar is for you. Edwin Sarmiento, SQL MVP, will show you how to manage your SQL applications. It’s not as simple as hoping your server backup will cover it and if you’re an SBS or EBS admin you’ve got a bunch of SQL apps installed by default to deal with.

So join us on the Third Thursday, March 18th at Noon eastern.

Third Tier has invited you to attend an online meeting using
Microsoft Office Live Meeting.

https://www.livemeeting.com/cc/harborcomputerservices/join?id=B4Z6S5&role=attend&pw=j%7En5%23%22rQr

Meeting time: Mar 18, 2010 12:00 PM (EST) 

Add to my Outlook Calendar:
https://www.livemeeting.com/cc/harborcomputerservices/meetingICS?id=B4Z6S5&role=attend&pw=j%7En5%23%22rQr&i=i.ics

Want even more options for remote file transfer and encrypted email?

ExchangeDefender Web File Sharing:
http://www.exchangedefender.com/features_web_file_sharing.php

The encrypted email is actually VERY easy.  You put the word [ENCRYPT] in the subject line and it automagically sets up an encrypted email process. 

The Official SBS Blog : Recovering Disk Space on the C: Drive in Small Business Server 2008:
http://blogs.technet.com/sbs/archive/2010/03/02/recovering-disk-space-on-the-c-drive-in-small-business-server-2008.aspx

So Susan, why are you reposting a blog post you just did?

Because.

Because why?

Because I really want you to go back and read this post.  It's really really important.

Why?

Because if you aren't careful and aren't paying attention to your fleet of SBS 2008 boxes, it could bite you.

Oh?  Really?

Yes, really.  You see the default settings for the WSUS administration web site in IIS are to lay down the log files in the c:\inetpub and if you aren't careful you could have really big IIS log files build up in there and you won't realize it.  Then if you use any disk viewing tools (like treesize free for example), if you don't Run As administrator, it won't let you quite see properly on that drive.

The Official SBS Blog : Recovering Disk Space on the C: Drive in Small Business Server 2008:
http://blogs.technet.com/sbs/archive/2010/03/02/recovering-disk-space-on-the-c-drive-in-small-business-server-2008.aspx

Interesting read:

https://www.isecpartners.com/files/iSEC_Aurora_Response_Recommendations.pdf

Dean Peters and I have been swapping emails for a bit regarding how SMBs can keep themselves safe.  He is of the strong opinon (and hopefully I'm not misstating anything here) that merely protecting the boundaries isn't enough that we need to be looking at what's coming in AND out of our sites to make sure nothing is maliciously entering in, and nothing maliciously got in and is now wiggling out.

It reminds me of Roger Grimes recent blog post about how bad it seemingly is out here -- http://www.infoworld.com/d/security-central/world-hacked-and-its-users-fault-028

So what are you doing?  Do you feel safe enough?  Are you changing your views?  Have you added a security awareness education for your users? http://msmvps.com/blogs/harrywaldron/archive/2010/02/26/microsoft-new-security-awareness-toolkit.aspx  What are you doing to not only BE safer but FEEL safer in the rising tide of all of this scary stuff lately?

Susan,

          Isec Partners released the results of thier Aurora investigation. What is the very first thing that they recommend that companies do to protect themselves ? The very thing that I have been saying. Collect and log ALL network traffic, mostly for DNS.

With today's technology my life on the west coast is known ahead of time.  I feel like a mindreader at times.

I know whom the Bachelor chose before I see it on TV (VIENNA?  NO, way.  Really?!!  No way, man.  What was he thinking?!!  Over Tenley?)

I know who wins the Oscars before I rag on what they are wearing on the red carpet.

I know who win games before I watch them.

I've never seen Saturday Night Live really live.

Good Morning America is old by the time I get up.

My entire life has been filled with a tiny little subtitle of: [tape delayed for this time zone] 

Here's another vote to be sent to NBC on the topic of just letting the  [tape delayed for this time zone]  to die a silent death.  Next time you do the Olympics (assuming you get to do the Olympics) just let it happen when it happens.