Fixing 800B0001 in Windows Update on SBS networks

If receiving 800B0001 errors on domain connected machines on your SBS 2008 network, it's because an update had strengthened the communication channel between the machine and the SBS server and broken the connection.

Ignoring the absurdity of the issue, the fix is to run an update on the SBS box.  This page talks about it (you can ignore the portions about NLB - network load balancing for your SBS box):
http://support.microsoft.com/default.aspx?scid=kb;en-us;2720211

In essence, the resolution is to download this:
http://www.microsoft.com/downloads/details.aspx?FamilyId=2ba0b137-d85b-4734-9a95-11a04004a355

and run this command from an elevated command prompt:

WSUS-KB2720211-x64.exe /q C:\MySetup.log

Calling Office365 support

Microsoft seems to make it as difficult as possible to find the number for phone support for Office365.  After going through the trials and tribulations of finding it, I'm putting it here:

1-800-865-9408

autocomplete on Outlook 2011 connected to SBS 2008 not working

I had a user with Outlook 2011 for Mac (running on OS X 10.8) connected to his Exchange account.  The server runs SBS 2008, fully patched (running Exchange 2007 SP 3).

The Outlook account was set up using autodiscover when the user was on the same LAN as the Exchange server.  When the user was not on the same LAN as the Exchange server, autocomplete did not work.

I troubleshot this problem off-site where I was able to replicate the problem.

I'm not sure exactly what I did to fix the problem, but I'm going to document what I did and what I saw.

First, I investigated the user's settings.  Interestingly, the field for server under directory services was blank.  I wasn't sure if there was supposed to be something there.  I assumed yes.

I created a new identity in Outlook 2011 and created a new Exchange account in that new identity that pointed to my personal Office365 account.  I let autodiscover create the Outlook connection settings.  Interestingly, there was nothing there in the server field for directory services either.  The autocomplete was not working in this Outlook profile/account either.

I logged out as the user and logged in as another user (another local account on the Mac).  I opened Outlook and Office update told me there was an update to install (perhaps 10.2.5 - I'm not sure).  I let that update install.  I opened Outlook and set up an Exchange account for a complete separate client that also has an SBS 2008 server (fully patched).  I let autodiscover create the settings.  Autocomplete was not working on this account either, but I did notice that there was a value in the server field in directory services. The value was set to servername.domainname.local.  Clearly, this server would not resolve since the server was not local and there was no route to the server.  This make some logical sense to me that my client's autocomplete was working in the office when he was on the same LAN as the server so Outlook must have been able to route to the server in some way to pull autocomplete data.  So I replaced servername.domainname.local with the FQDN of the server - remote.contoso.com.  I checked the box for SSL.  Directory services said it would use port 3269 so I went to the firewall of my SBS 2008 server and redirected port 3269 to the local IP of my SBS 2008 box.  I closed Outlook and reopened it.  Outlook complained of a certificate mismatch (directory services was pointing to remote.contoso.com but the cert was for servername.domainname.local).  I allowed Outlook to use the server anyway despite the certificate mismatch.  And lo and behold, autocomplete began working.

In addition, Office 2011 also notified me of another update, 10.2.6 i believe - which I allowed to install.

But this is where it gets weird.

I go back into my the user's original profile and autocomplete is working.  I made no changes to his Exchange account.  None at all.  All I did was get aucomplete working on another Exchange account in a completely different Mac profile.  There is no reason that would have any effect on the user's profile.  Autocomplete also began working on my Office365 profile as well.

I rebooted the Mac and the changes persisted (autocomplete still working).  I disconnected from the WLAN the Mac was on and connected the Mac to my iphone's personal hotspot and the changes persisted (autcomplete still working).

I can't narrow this down to a specific thing I did to fix it, but it's working.

EMail hosting options for the small business for late 2012

Email hosting options have changed drastically in the last couple of years.  This post will cover the three main options I see for a company of 20 employees.  I'll lay out the costs as well so that companies with larger or small numbers of employees can make their own analyses.

I see three main options for corporate email hosting:
1) internal Exchange hosting
2) Hosted Exchange
3) Google Apps

Each has their own pros, cons, and costs which I will go over here.

Internal Exchange hosting:
For a long time, hosting Exchange internally was the only cost effective way to get Exchange.  When it cost more than $30 per user per month to get 2 GB of mailbox storage when hosting externally, it seemed like a no-brainer to get in-house Exchange for $8k to $12k.  For some people, internal Exchange hosting is still preferred.

Pros:

• you have complete control over your data (required for some law firms)
• you can open your Outlook in your terminal server
• Mailbox sync with the server when in the office is lightning fast
• you have full ability to customize your server with no limitations
• costs are generally one-time fees for hardware/software purchase and not ongoing and internal hosting is often cheaper over the long run (definitely the case for single server implementations as if often the case with small businesses)

Cons:

• implementation costs nearly double to get redundancy (redundancy typically requires two servers)
• anti-spam options are generally not as good for internal hosting options as they are for external hosting options
• problems (whether they be internal like a hardware failure or software crash or external like an ISP outage or power problem) can lead to long periods of time without email particularly if IT support is outsourced

Costs:
If we're talking about a company of 20 users, I'd say you could get a server for $8k that would suffice and handle up to 75 users.  Then I'd personally get Windows SBS 2011 for $750 (includes 5 licenses) and approximately $60 per license for the next 15 licenses.  We'd also want to get anti-spam software.  My current favorite is Vamsoft ORF.  For an SBS server, the price is $375.  Let's also add 20 hours of IT support time to build the server and 2 hours per month to maintain the server at a cost of $125 per hour (a total of 44 hours).  In total, we're looking at $15,525 for the first year and approx $3000 per year thereafter (24 hours of IT support at $125 per hour).  I might also include $240 per year in costs for online backup at ibackup.com in recurring costs and two 2 TB USB hard drives for on-site backup at a cost of $250 in one time costs.  So in total, I'd say we're looking at $15,775 for the first year.  Recurring annual cost beyond the first year is $3240.


Hosted Exchange:
In 2007 or so, the hosted email world was dramatically changed by the release of Google Apps.  Google began offering 25 GB mailboxes for $5 per mailbox per month.  Because they offered  comparable Exchange functionality at a *much* lower price point, Google destroyed the pricing structure that all outsourced Exchange hosts were using at the time.  It took years, but Microsoft itself finally caught up in mid-2011 with their hosted Exchange product, Office365.  In my mind, there is only one Office365 plan that small businesses should look at, the Hosted Email (Exchange Online) plan for $4 per user per month (plus tax) for a 25 GB mailbox.  This option provides all the important features of hosted Exchange that the more expensive plans offer.

Pros:

• servers where email are hosted are maintained by world class tech support in state of the art data centers
• email servers are redundant
• upgrades are automatic with no additional costs
• there is no hardware to buy or maintain
• spam filtering is state of the art
• virtually unlimited storage

Cons:

• More advanced configuration changes need to be made via Exchange Shell, not a GUI
• using Outlook in a terminal server will be too slow to be usable, will require webmail in a terminal server
• Support response time for mail server issues is not anywhere near as fast as a qualified local sysadmin/consultant

Costs:

An organization of 20 users would require 20 mailboxes at $4 per mailbox per month.  At $80 per month, annual cost would be $960 per year.  The transition to the hosted Exchange would probably take an hour per user.  Let's average 45 minutes of support for Exchange per month for a total of 9 hours per year at $125 per year.  First year cost - $4585 ($960 for hosting and 29 hours of labor at $125 per hour).  Recurring annual cost beyond the first year is $2085.

Google Apps:

Google Apps email service is a very good service.  I consider it the only real alternative to Exchange that exists in the corporate email world.  There are isolated cases where I might put in a POP solution, but I recommend against it and do my very best to only ever implement Exchange or Google Apps.  Google recommends using Google from within Google Chrome - and actually using the web browser to manipulate your calendar, contacts, and email.  The experience in Chrome is good, but in the corporate world, most employees are used to (and prefer) Outlook.  Luckily, Google makes a plugin that allows you to have full functionality (email, calendar, and contact synchronization) in Outlook for the PC.

Pros:

• familiar Google interface for those who like that interface when working within the browser
• works very well when staff user Outlook for the PC
• servers where email are hosted are maintained by world class tech support in state of the art data centers
• email servers are redundant
• upgrades are automatic with no additional cost
• there is no hardware to buy or maintain
• spam filtering is state of the art
• virtually unlimited storage

Cons:

• requires using the browser when working on a Mac (IMAP is available for programs, but that doesn't allow calendar and contact synchronization)
• unable to use Outlook inside a terminal server, will require using webmail
• sharing calendars and contacts between users requires going into webmail (cannot be done in Outlook like it can be in Exchange)
• Support response time for mail server issues is not anywhere near as fast as a qualified local sysadmin/consultant

Costs:

An organization of 20 users would require 20 mailboxes at $5 per mailbox per month.  At $100 per month, annual cost would be $1200 per year.  The transition to the hosted Exchange would probably take an hour per user.  Let's average 45 minutes of support for Google Apps per month for a total of 9 hours per year at $125 per year.  First year cost - $4825 ($1200 for hosting and 29 hours of labor at $125 per hour).  Recurring annual beyond the first year is  $2325.

unable to use DRAC 4 because Java version is too new

The other day, I was working on a server that had stopped during POST and needed me to hit F1 to continue, but I was remote.  I attempted over and over from multiple computers to use the console redirection, but I kept getting the error that my currently installed version of JVM is not supported.  After some research, I came across this excellent blog post that said I needed to download the older version of JVM from the Java web site and disable the newer version in the JVM applet in the control panel.

This excellent post is here:
http://blog.tjitjing.com/index.php/2012/08/drac-console-java-virtual-machine-jvm-not-supported.html#comment-104093

link for getting application specific passwords for gmail 2 factor (2 step) authentication

Gmail 2 step authentication is a security measure that greatly reduces the hackability of your gmail account.  But it's also a but of a pain as several items (like the password you enter in your iphone) are no longer your password, but an "application specific password" that google creates for you.

In order to get your application specific password, you need to log on to your google account and go here:
https://www.google.com/accounts/IssuedAuthSubTokens

From there, you'll be able to get your application specific password for entering into different locations that need your gmail password after you've enabled 2 step authentication.

PowerPoint 2010 will not play mp4 files - need to install Quicktime

Out of the box, PowerPoint 2010 will not play mp4 files or even files that have been converted to AVI that may still contain MP4 codecs.  The relatively simple solution is to install Apple Quicktime.  Even though you're able to play MP4 videos through Windows Media Player (without Quicktime installed), PowerPoint still won't play the videos.  After installing Quicktime (which no longer installs with iTunes), the videos played normally.

As per Microsoft, the best format for inserting videos into PowerpPoint 2010 is WMV.

Skype click to call disables copy paste in MS Word 2007

I've seen this twice - an installation of Skype Click to Call (which I think is mostly useless anyway) keeps MS Word 2007 from copying and pasting normally.  In my most recent test, I opened a Word doc and edited the font size and font color.  I copied that text and went into a new document.  I pasted it and all formatting was lost.  I went into paste -> special on the new doc, and the only two formats I could paste in were forms of unicode text (rich text and/or HTML or others not there).

After removing Skype Click to Call, I could copy and paste normally between Word documents.

Windows could not start the DNS server service on the local computer. Error 1717: The interface is unknown.

I ran into an issue the other week where my SBS 2008 box lost power.  There's a bunch of irrelevant backstory that I won't go into.  But the next day, more than a dozen services were not started - including all the Exchange services.  In the end, I tracked it down to the DNS Server service not being started.  When I attempted to start it manually, I got "Windows could not start the DNS server service on the local computer. Error 1717: The interface is unknown."

I found two solutions.  I applied them both simultaneously, so I don't know which one worked, but I'm documenting them here:

Solution 1:

I set my group policy back to defaults as per this page:
http://forums.whirlpool.net.au/archive/1533833
I did this (copying the solution in case that page ever goes away):

• dcgpofix /ignoreschema
• Press OK twice and run gpupdate /force
• Reboot

Interestingly, my drive mappings group policy stayed in effect.  However, my password policy group policy settings were removed.

Solution 2:

I removed all of my event logs as per this page:

http://vittoriop77.blogspot.com/2007/10/error-1717-interface-is-unknown.html#.UDmCEsFlTB-

I'm writing this a couple weeks after the incident.  I don't remember not being able to open the event log, but I was in a panic as the issue was occurring during work hours, so I was throwing the kitchen sink at the problem.  To accomplish this task (copying the solution in case that page ever goes away), I did this:

• Stopped the event log service
• moved all files from %systemroot%\system32\winevt\logs to another location
• Started the event log service

SBS Monitoring Log Filled to Capacity Redux

In November 2011, I had a client server whose SBS Monitoring log filled to capacity.  I talked about that here.  The fix I implemented should have been a permanent resolution (or so I read).  In July 2012, I began to get the same event log errors related to this problem.  My log had filled to capacity again.  I had to follow the same procedure.  In this case, I kept these notes:

• it took 1 hour and 10 minutes to run the script
• the SBSMonitoring.LDF file grew to 28 GB

As a reminder, I followed the article listed here to fix this:
http://blogs.technet.com/b/sbs/archive/2009/07/14/sbs-2008-console-may-take-too-long-to-display-alerts-and-security-statuses-display-not-available-or-crash.aspx

Screen shot of the SBSMonitoring.LDF file after running the script:

Screen shot of the place where you shrink the  SBSMonitoring.LDF file:

Screen shot of the SBSMonitoring.LDF after being shrunk:

Annoying issue - but I'm documenting this for my own knowledge and for anyone else who may have this issue.

resetting admin password on a Mac

I had a client with a Mac where we did not have the admin credentials for the sole administrator on the laptop.  I was luckily able to find this option to tell the mac to set itself up from scratch by removing the file that tells the Mac it has already gone through the initial setup process so it goes through the initial setup process again on the next reboot.  That is described here:

http://osxdaily.com/2010/08/10/forgot-mac-password-how-to-reset-mac-password/

In case this that post is ever removed, here are the steps:

Restart the Mac holding down the Command+S keys, this will take you into Single User Mode and its Terminal interface

type:
mount -uw /

type:
rm /var/db/.applesetupdone

type:
reboot

This worked very well for me and allowed me to create a new account on the Mac and did *not* delete the existing data already on the Mac on the user whose password we did not know.

removing password change requirement on Office365

By default, Office365 forces you to change your password every three months.  Should you want to keep Office365 from forcing you to change your password every three months, these instructions will help:

Follow steps 1 through 4 here:
http://www.christiano.ch/wordpress/2012/03/28/office-365connect-to-msonline-using-powershell/

This gets you to the powershell for your account.  Now, you need to enter the command to disable the password change requirement.

The command is:

Get-MsolUser | Set-MsolUser -PasswordNeverExpires $true

It looks like this:

It doesn't give you any confirmation, but it works.

SBS 2008 - An internal transport certificate expired

On one of my SBS 2008 servers, I was getting this event log error 2 years after I built it:

EVENT # 2048076
EVENT LOG Application
EVENT TYPE Warning
OPCODE Info
SOURCE MSExchangeTransport
CATEGORY TransportService
EVENT ID 12015
COMPUTERNAME   SERVERNAME
DATE / TIME   5/19/2012 10:57:55 AM
MESSAGE An internal transport certificate expired. Thumbprint:98F05ABC27FEB37D5C156FD7E9FFBFFC0B098288

I had a 3 year UCC Exchange certificate on this server that IIS, POP, IMAP, and SMTP were using.  But for some reason, this "internal transport certificate" was using a self signed certificate.  It seems as though the solution was as simple as running "New-ExchangeCertificate" from the Exchange Shell.  I had already run this to replace my internal certificate, but here's what it looks like when you run the command, it prompts you to overwrite the SMTP certificate for internal processing (noting that the 3rd part SSL cert takes precedence for external communications).

moving autocomplete data on Outlook 2010

Good post on moving the Outlook 2010 autocomplete data from computer to computer:

http://benosullivan.co.uk/windows/how-to-copy-auto-complete-in-outlook-2010/

AT&T Uverse error on google - 404. That’s an error. The requested URL /cgi-bin/redirect.ha was not found on this server. That’s all we know.

One of my clients recently changed their internet service to AT&T UVerse. AT&T (in San Francisco) says they are no longer offering DSL, only UVerse. After setting up UVerse, one of my users was getting this error in Firefox when going to www.google.com:

404. That’s an error. The requested URL /cgi-bin/redirect.ha was not found on this server. That’s all we know.

She got a similar error when going to www.yahoo.com. After some research, this seemed to be a common theme in Uverse. I resolved this by clearing the cache in Firefox:

http://support.mozilla.org/en-US/kb/How%20to%20clear%20the%20cache

Annoying, but easy fix. Of note - she did not have this issue on IE 9. Just Firefox 11.

removing 6to4 adapters in Windows 7

I was working on a client machine that was having trouble acessing network drives. I did an ipconfig and found 200+ network adapters. After some research, it seemed there was an issue with having multiple 6to4 network adapters and they were screwing up the machine's networking.

I followed this blog post for the automation of the removal using devcon:

http://www.ryanvictory.com/posts/automating-6to4-adapter-removal-in-windows/

The automated method took probably 3 seconds to remove each 6to4 adapter, so it wasn't fast, but it was easy.

configuring company URL for Office365 webmail

There's a lot of misinformation I've found on creating a custom URL that goes to Office365 webmail.

You can always go to:

https://portal.microsoftonline.com

But if you want to create a custom URL with your company URL, you can simply create a CNAME record that points to Outlook.com

So if your domain name was xyz.com and you'd like mail.xyz.com to go to your Office365 webmail, you'd configure a CNAME record for mail that points to outlook.com

generic Windows icons for Office apps (in this case Office 2007 on Windows 7)

I've seen this twice and fixed it the same way both times. On the user's desktop, he/she has generic Windows icons instead of the typical Word or Outlook icons in the taskbar. Here's what that looks like:

I've been able to fix it each time with a batch file I found. Since I can't attach the batch file to this post, I'll put the text of the file here, since it's short:

@echo off

cls

echo The Explorer process must be killed to delete the Icon DB.

echo Please SAVE ALL OPEN WORK FIRST

pause

taskkill /IM explorer.exe /F

echo Attempting to delete Icon DB...

If exist %userprofile%\AppData\Local\IconCache.db goto delID

echo Previous Icon DB not found...trying to build a new one

goto :main

:delID

cd /d %userprofile%\AppData\Local

del IconCache.db /a

pause

echo Icon DB successfully deleted

goto main

:main

echo Windows 7 must be restarted to rebuild the Icon DB.

echo Restart now? (Y/N):

set /p choice=

If %choice% == y goto end

echo Shutdown aborted...please close this window

explorer.exe

:end

shutdown /r /t 0

exit

SBS 2011 Backup Failure - A Volume Shadow Copy Service operation failed. Unknown error (0x800423f0)

I was configuring SBS backup on an SBS 2011 machine to a 2 TB external hard drive. But I got this error on the first backup:

SBS 2011 Backup Failures - A Volume Shadow Copy Service operation failed. Unknown error (0x800423f0)

After some quick research, I found that in some of the updates installed, there was a Sharepoint update that had downloaded, but needed to be manually installed. That's pretty lame, but whatever.

The method of updating Sharepoint properly is discussed here:

http://blogs.technet.com/b/sbs/archive/2011/05/24/you-must-manually-run-psconfig-after-installing-sharepoint-2010-patches.aspx

In essence, it's just go to an administrative command prompt. Go to this folder:

C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN

and run this command:

PSConfig.exe -cmd upgrade -inplace b2b -force -cmd applicationcontent -install -cmd installfeatures

backing up a virtual machine to a local USB hard drive

A virtual machine can't natively see USB hard drives. The USB hard drives are attached to the host OS and not visible by the virtual machine. I wondered how to get a virtual machine created in Hyper-V to see a local USB drive and I found this excellent tutorial:

http://blog.ronnypot.nl/?p=721

A summary:

In the host OS, go to disk management and take the USB drive offline (right click on it and choose offline)

Shut down the virtual machine you want the USB drive to attach to.

Open the settings for that virual machine

Go to SCSI controller -> hard drive

Under phsyical hard disk, select the USB drive, which should be visible there

Now you'll be able to see the USB drive in the virtual machine and back up to it if that's what you'd like to do.

creating a CSR for a UCC SSL certificate on Exchange 2010 or SBS 2011

I installed an SBS 2011 box this weekend and I wanted to install a UCC SSL certificate on it. I get my certificates from godaddy, and this was the method I used in the Exchange Management Console to create the CSR that godaddy needed.

http://www.digicert.com/csr-creation-microsoft-exchange-2010.htm

Here is the text in case that link ever gets moved or taken down:

Open the EMC

Select "Server Configuration" in the menu on the left, and then "New Exchange Certificate" from the actions menu on the right.

When prompted for a friendly name, enter a name by which you will remember this certificate in the future.

This name is not an integral part of your certificate request.

Under Domain Scope, you can check the box if you will be generating the CSR for a wildcard. Otherwise, just go to the next screen.

If you do select that box for a wildcard, skip to step 7.

In the Exchange Configuration menu, select the services which you plan on running securely, and enter the names through which you connect to those services, as prompted.

At the next screen, you will be able to review a list of the names which Exchange 2010 suggests you include in your certificate request. Review those names (using our SAN Name Help tool if necessary, and add any extra names at this point.

Your Organization should be the full legal name of your company.

Your Organization unit is your department within the organization.

If you do not have a state/province, enter the city information again.

Click "Browse" to save the CSR to your computer as a .req file, then Save, then Next, then New, and then Finish.

You should now be able to open the CSR as a notepad or wordpad file, and you will want to copy the entire body of that file into the online order process.

Corrupt PST handling (particularly > 2GB files on the old PST format)

I had a case where I exported an old mailbox from Exchange 2003 and could not access the file I exported. The mailbox was larger than 2 GB, but Exchange 2003 could only export 2 GB. When I tried to open the PST file in Outlook, I got "the [PST file] has reached its maximum size." and I wasn't able to open the PST.

Ugh.

I used the PST crop tool and tried to use scanPST - to no avail. The crop tool worked, but scanPST would fail and say it didn't make any changes to my cropped PST file. I tried cropping various amounts and running scanpst. I used a hex editor and altered some parts of the PST as I read other places. No success.

Reading through someone else's thoughts, I was able to use exmerge to import the PST back to an Exchange mailbox. I was able to do this *without* cropping the 2 GB PST.

This was very annoying, but eventually worked using exmerge. If that failed, I would have had to use one of the many paid PST recovery options. The fact that Exchange will export a corrupt PST is absurd. Why would there not be an error if it couldn't complete the export?