Thursday, June 29, 2006

CRM Mobile 3.0 pains ICMP error and 500 internal server error


OK so we're moving into the CRM world more and more and starting to roll out Microsoft CRM 3.0 with consistentcy. However rolling out the Mobile client has been a little bit of a struggle, not only because it's pretty new but the documentation is pretty convoluted in my opinion. So here are some things to watch out for that I found.

After installing CRM Mobile and trying to get ISA 2004 configured correctly with the proper ports (we're using 446) for SSL (Mobile requires it) on a SBS 2003 Premium box we encountered a couple of errors.

The first was: Error Code: 500 Internal Server Error. Internet Control Message Protocol (ICMP) network is unreachable. For more information about this event, see ISA Server Help. (10051).
CRM Mobile uses a internal web to sync up the device. It's at https://server.domain.com:446/sscerda. This is a good website to try and troubleshoot your CRM mobile install without using a mobile device. Well when we simply from the server browse to https://servername:446/sscerda we could get the cert to display and then authenticate, however the above error was always displayed when trying to come in from the outside.

It was just simply a DNS issue. We normally use mail.domain.com for our SBS servers and this server had naturally a different local DNS zone. We created the domain.com zone on the local DNS server and pointed mail.domain.com to the internal NIC. Error #1 down.

The next error was the following: 500 Internal Server Error - The certificate chain was issued by an authority that is not trusted. (-2146893019). Now when we were local we still could get authenticated but outside was still a problem. The problem above was because ISA 2004 was choking because the mail.domain.com cert was not in the local computer trusted certificates store. Go to Start...Run and mmc.exe. File...Add/Remove Snap In...Add...Certificates...Computer Account. Now open up the Local ISA computer. Click on Certificates and then Trusted Root Certification Authorities. Make sure that your mail.domain.com certificate is listed here. If not you'll get the above error. Add it and now https://mail.domain.com:446/sscerda should work.

If I get the chance I'll post a step by step of CRM mobile on SBS Premium with ISA 2004. Hopefully this will save you a couple hours of headache.

Dr J hits the D with the Security summit

A little late on this but Jesper Johansson (affectionately called Dr. J by Susan Bradley and others, he is a Dr btw) came into the D on Monday for the Microsoft Security summit. I have to admit that security is one of those things that we start to really get glassy eyed in the SMB space mainly because it involves so much Enterprise level stuff.

So I went into Dr. J's presentations a little hesitant but came out very impressed. Dr. J has a great way to weave wit into his presentations and talk normal talk to everyone. He gave a presentation on Domain Controllers and IPSEC that really was impressive. Now that's not to say it would apply with Small Business Server but the principles are definitely there.

There are those app servers out there on top of SBS that run in the same domain. And the only front end is located on the SBS server. So why don't we make it so that no one can talk to the app server except the SBS front end server? Have you encountered a scenario like this? Nope neither have I. But it's something to consider. Head over to Dr. J's blog and learn a little something, if you dare!

Monday, June 26, 2006

New Download: Publishing a SharePoint Site Accessible to External Users

Need to think about collaboration with users outside of your network with Small Business Server. Then definitely check out the whitepaper from Microsoft on the subject and particularly using Sharepoint externally.
Publishing a SharePoint Site Accessible to External Users

Friday, June 23, 2006

No Windows Defender Updates in WSUS



Wow what a week. Ever have one of those weeks where you are just on the run from Monday until Friday? Yep me too.

Here's something to look for. A client recently complained he wasn't getting updates to Windows Defender. This is a SBS 2003 Premium site with WSUS installed. We had Windows Defender selected as a product and still no updates were showing up. Unfortunately in the categories we hadn't chosen the category "Definition Updates" which Windows Defender needs. You'll see it in the pic attached. Just something to look out for.

Tuesday, June 13, 2006

Multiple Servers with Windows SBS

Version 2 of the whitepaper regarding Multiple Servers with Windows SBS is out. YES you can run multiple servers with SBS. This paper does a good job of overviewing the various technologies and what works. However getting there may be a different challenge.

One thing that this whitepaper does do very nicely is give you some Business reasons why you would deploy this scenario. This is very good and a simple item for justification to upper management of those extra server expenses might be to simply quote the whitepaper and say "OK this is the way that Microsoft sees it".

Thursday, June 08, 2006

The Mobilize SMB Gang rolls into the D

Yesterday we had the chance to have Amy and Steve Luby and Chad Gross in town for Mobilize SMB. Definitely check and see if they are coming to a town near you. If you're a VAR/VAP that is thinking about managed services or wants some more ideas to think about then this is definitely for you. The gang did a great job of explaining what they do and more importantly give you some great examples to follow at no charge!

If they look a little frazzled don't mind them it's just they are on a 3 week caravan trip driving everywhere with a 15 passenger van and Amy's 6 kids! Now that is total commitment to the SMB community.

Oh and stay for a while afterward and enjoy a few stories over some pops. You'll enjoy the time and laugh a lot as we did.
Great job to the gang and thanks for staying in the D, even if your first hotel was right on 8 mile! :)

Trixbox replaces Asterisk@Home

Somehow in working on the business lately I totally missed this one. My favorite Asterisk implementation that we use here for rolling out VoIP to small businesses was Asterisk@Home. Well naturally some had the idea that because of the name that it shouldn't be run in business installations. That was pretty much hogwash, as it worked great and we run it internally when you dial our main number.

Well now the name has changed and it has a new look. Trixbox - up and running in one hour is the new name.

Like to get started on it? Head over to nerdvittles for a detailed explanation.

I'll be updating our system in house probably this weekend to the newest implementation and I'll let you know how it goes.

Wednesday, June 07, 2006

Windows XP SP1 and SP1a support ends on October 10, 2006

Just reading a newsletter from Microsoft and I guess perhaps I didn't see this but here it is: Windows XP SP1 and SP1a support ends on October 10, 2006. Well standard answer is yeah definitely be on SP2 of XP as it was a tremendous upgrade especially from the security standpoint.

But for that very reason many have decided not to upgrade their machines. Well here's a reason now, you're mainstream support is ending. Hard to believe that in September SP2 of XP will have been out for 24 months. Where does the time fly?

Tuesday, June 06, 2006

Microsoft Antigen Trial Software Ready

Today Microsoft has readied trial software of it's Antigen Software, this is from it's recent purchase of Sybari. I'll have to test out the spam manager and Exchange items just to see how they work out and if the fact that Microsoft has the code base of all the products has helped them to integrate everything well.

One thing I don't see is an SBS sized version. It would be nice naturally to have that and build on the success of SBS.

Another note is that they've included a virtual lab at the Antigen site for you to monkey around with it in a sandbox setting. This is a great idea and one that I think other virus and spam companies should follow for resellers. Let us play and work with the product in an environment that allows us to see first hand how it works and then we can properly decide on what to use. Right now the spam/virus game is pretty much a "Hey what do you use and how do you like it?" world.

Monday, June 05, 2006

SBS 2003 R2 Released to Manufacturing

Received a note from the SBS Community Lead this evening that SBS 2003 R2 has been released to manufacturing effective today! I guess we better start looking for it in the pipeline now.

Here's my take now that the beta is closed and it's RTM'd. I think this is a slight upgrade but a necessary one. If you already have SBS 2003 SP1 installed on site with WSUS installed as well, I doubt you're going to see a need to spend the dollars to upgrade. Although having the green check in the email sent out from the server is a nice thing I doubt it'll be $$$ nice to most businesses.

We've been rolling out WSUS more and more in the last month. The reason? Everything gets patched and we get a report to show to the boss. Not just critical patches but we install Windows Defender on platinum clients and those definitions roll out with WSUS. We update the outlook email portion and it rolls out with WSUS. We update IMF in Exchange 2003 and it rolls out with WSUS...getting the idea? It just plain works.

Here's the kicker. Although you can opt to have items stored at off site locations be careful because many small shops will cry for space once they realize how WSUS sucks up the disk space and their data partition is slowly eroding.

I've been working with the SBS product since version 4.0. Man what a change. Security wasn't even thought of back then. Just trying to get NT 4 to run right with the proper drivers was pain enough. Now we've got patches under the hood. You've come a long way baby!

New Website and Logo


I've been focusing on the business side of TAZ Networks a little more lately than probably splitting my time 50-50 with the technical side.

The result is our new website. Please visit www.taznetworks.com and let me know what you think. I'll be getting more items out as we grow the website as well including new whitepapers and information for the small business. In addition we're officially rolling out our new logo and phone numbers. We wanted to make our logo more updated with a technical edge to it but definitely keep with the traditional theme. Our old logo was just something I came up with when I started the company. In addition we are rolling out our new toll free number of 800-936-6080 and our local number of 517-376-3000. It connects to our Asterisk Voice Over IP system that is the same system we roll out to customers.

Also watch for updates to our sister site www.michigan-voip.com as we begin to ramp up operations for Internet access and VoIP rollouts.

Thanks for your continued feedback and we hope that this is the start of continued growth with TAZ Networks!

Intelligent Message Filter Operations Guide

One of the core products of SBS that I just really enjoy working with is Exchange. The email functionality is great and time and again it is one of the highest rated Servers in the Microsoft stack. One thing that I just swear by now is the Intelligent Messaging Filter that Microsoft has now included in Exchange 2003 Service Pack 2. It's free folks, use it to stop your spam! It could definitely be a little easier to configure but use this newly updated paper entitled Intelligent Message Filter Operations Guide.

Great way to take a quick look at the behind the scenes adjustments you need for IMF to work good and get auto updates. The guide above is definitely worded around big server land but the items in it work just as fine with SBS.