Friday, February 26, 2010

Blackberry Controller Service stops with error error 5003 (0x138B)

On one of my SBS 2003 servers, I run Blackberry Professional Server Express. All of a sudden, last night at about 7 pm, I got this in my application event log:

EVENT ID 20000
COMPUTERNAME SERVER1
DATE / TIME 2/25/2010 7:05:00 PM
MESSAGE Could not connect to Service Control Manager at \\127.0.0.1: 1722

and then I got this error when trying to start the Blackberry Controller Service - which was stopped:
The BlackBerry Controller service terminated with service-specific error 5003 (0x138B).

Long story short . . .

For some reason, the DNS Server service causes some problem with the Blackberry Controller service. It's easily fixed by stopping the DNS Server service and then starting the Blackberry Controller service. And then you can restart the DNS Server service. It's not a big deal - but it looks like I'm going to have to go through this stupid rigmarole each time I reboot the server from this point forward.

Thursday, February 25, 2010

using an SBS 2003 box after a 2008 migration

Typically, you wouldn't use your SBS 2003 box after you've done an SBS 2008 migration. In my most recent upgrade, I did need to use it. I had Filemaker Pro 9 on the SBS 2003 box, which apparently can't be installed on 64 bit Server 2008. As part of the 2008 migration, I took the SBS 2003 box out of the domain and put it in a workgroup and demoted it to a member server. Not being in the domain wasn't a big deal - Filemaker didn't need to be in the domain - the clients just needed to see the server over TCP/IP. However, the server kept shutting down every two hours or so saying that the server needed to be a domain controller. The easy solution was to put the server in a new domain and run dcpromo. Problem solved.

Thursday, February 18, 2010

notes on SBS 2008 upgrade

I did my first SBS 2008 upgrade from SBS 2003 this week - and it was surprisingly easy - though time consuming. Here are my thoughts on it:
  • the Microsoft SBS 2008 migration demo is generally excellent and following it is a MUST. It is here
  • After you create the answer file and stick it on a flash drive, you can start the installation using regular non-migration means (in my case, I used the Dell OpenManage CD to start the SBS 2008 installation). There's no real indication that you're doing a migration until you're quite a bit into the process. It doesn't really prompt you for a migration, it just starts doing it when it sees the answer file part of the way into the process
  • After it detected the answer file and began doing the install, it said "this process may take 30 minutes or more" - it took 2.5 hours. Of note the machine I was installing on was a Dell PowerEdge T310 with 12 GB of RAM, a Xeon X3450 processor at 2.66 Ghz, and 7200 RPM drives
  • the mailbox migration took 11.5 hours - going from a 3 Ghz Xeon something with 3 GB of RAM, and 7200 RPM drives to the aforementioned PowerEdge T310. Amazingly, it was only 44 mailboxes and 18 GB of data. I saw a reference to someone else who migrated 57 mailboxes with 50 GB of data in 3 hours 20 minutes.
There are some other parts to it - like the potential necessity of having to change your SSL certificate (the default is remote.domain.com). You are also required to use a certain set of IP addresses - either 10.X.Y.Z or 192.168.Y.Z or 172.X.Y.Z.

Overall, things went great. I'll post more notes when I do my next migration.

Friday, February 12, 2010

finding install date for servers/computers

Here is a simple command for finding the installation date for a computer:

systeminfo | find /i "install date"

Just put that in a DOS prompt and it will output a single date.

Thursday, February 11, 2010

winsock failed to initialize

When cleaning up a fakealert virus the other day on an XP machine, I had successfully cleaned it, but none of the network interfaces could get an IP address. My only real clue was a simple dialog box that said "winsock failed to initialize"

Luckily, I found this utility:

http://www.snapfiles.com/get/winsockxpfix.html

I ran it, and it fixed my problem very easily.

Monday, February 8, 2010

altering the default lockout policy on Server 2003 (SBS or Standard)

For servers that are publicly facing, it's possible that hackers will attempt to hack you. Recently, I had a hacker try to guess logins and passwords over and over and over again (thousands of times) over port 25. I was able to thwart that by disabling port 25 for a bit (15 minutes) and the hacker lost interest. But theoretically, had I not seen the hacker attempting, he could have tried hacking forever, just guessing and guessing.

There's no lockout policy for invalid usernames. If the hacker is guessing on jsmith and you don't have a jsmith user, he can keep guessing forever. The lockout policy will not apply. But if the hacker is trying legitimate user names, the hacker should be locked out after a limited number of attempts. I have seen the default as no limit and as 50 attempts on SBS machines.

The number of attempts should be 6 or fewer and the lockout times should be 15 minutes or longer.

You can get to the appropriate place via:

Group Policy Management -> expand to default domain policy, right click on default domain policy and click edit. Then edit these fields: