SBS 2011 install and why Windows 2008 R2 SP1 doesn’t get offered

**After installing SBS 2011 I immediately wanted to install Windows 2008 R2 SP1 but instead I got offered 59 other updates and no SP1!  So of course you can just roll with that and eventually after cycles of updates and reboots you’ll get SP1 offered …but I really wanted to lay down SP1 saving time and then build from there.  Why isn’t it being offered though …even if you scan via Windows Updates?  Google didn’t give me any good results on Windows 2008 R2; however, remembering that since the Vista ‘major release’ kernel unification change to align the desktop and server kernel led me to look at Windows 7 information.

The following article identifies three required updates that must be installed in order to get offered W2k8R2 SP1.  Interestingly I was offered the KB2534366 patch (required a reboot) via WSUS but I had to go out to Windows Update to be offered the KB2533552 patch (didn’t require a reboot).  KB2454826 is the latest patch to be added to this list as this KB article has gone through multiple revisions over the years.

You do not have the option of downloading Windows 7 SP1 when you use Windows Update to check for updates

• “0xC000009A” error message when you try to install Windows 7 SP1 or Windows Server 2008 R2 SP1 http://support.microsoft.com/kb/2534366
  § for SBS 2011 download – http://www.microsoft.com/download/en/details.aspx?id=7391
• An update that prevents a “0xC0000034″ error message when you try to install Windows 7 SP1 or Windows Server 2008 R2 SP1 is available http://support.microsoft.com/kb/2533552
  § for SBS 2011 download – http://www.microsoft.com/download/en/details.aspx?id=10038
• A performance and functionality update is available for Windows 7 and for Windows Server 2008 R2 http://support.microsoft.com/kb/2454826
  § for SBS 2011 download –
  http://www.microsoft.com/en-us/download/details.aspx?id=4895
  **note that the KB states this is update IS for Windows 2008 R2 though the download itself omits this information

Use a Go Daddy SSL cert with DYNDNS site

How To:

• Let’s say you like keeping as much money as possible and only spending what is necessary.
• Let’s also say you like the idea of using an industry standard certificate that often has its Root and Intermediate certificates prepopulated in cell phones.

What Why Where?

• Why DYNDNS?  …typically due to the business using a dynamic IP address
• they hold the DNS name servers for their entire namespace which is how your DNS records can get instantly updated across the globe when your IP addy changes
• …and you can have your ‘real’ domain name also registered and managed there using this same ‘instant-change’ DNS methodology
• The cert offered by DYNDNS is overpriced at $99/yr.  Their other services are extremely price friendly so maybe this isn’t such a big deal.  …but then again it’s money you can keep
• Go Daddy often has a Google Search keyword “security certificate” $12.99 SSL cert special.  This is the same cert they (Go Daddy) normally charge $45 for.  You can purchase from 1-5 years.

Hypothetical Site

• your site:  rubberduckies.dyndns.com

your DYNDNS WHOIS information

• it won’t be able to be seen by Go Daddy in order to send you the verification email
• Why?  WHOIS queries only happen at the root domain level ….& the root domain DYNDNS.com isn’t owned by you
• The Administrative Contact for that WHOIS query is hostmaster@dyndns.com which BTW isn’t you
• http://whois.dyndns.com

DYNDNS Custom DNS

• Let’s imaging you also paid for a real domain name “rubberduckies4vr.com” with DYNDNS and associate it with your rubberduckies.dyndns.com zone
• It will have the same WHOIS information as above …and the same failed results for a SSL cert issuance validation step
• you can set up your SSL cert with either domain name – that won’t be covered in this post …assuming you understand and would most benefit of using the rubberduckies4vr.com name

SSL certificate issuance steps

• First step –generate a CSR (certificate signing request) – at your IIS server
• Buy a cert – you are really buying a credit which later can get ‘managed’ into a real certificate – at GoDaddy
• Manage the Certificate that is listed under your Go Daddy “My Products”
• Use the cert credit – involves entering the CSR by cut-n-paste from the text file on your PC to the Go Daddy GUI
• Cert goes to a state of ‘pending’
• Go Daddy sends a validation email to the Administrator Contact which requires reception and a reply to prove you actually are authorized from the domain – …but that isn’t you (see WHOIS above) and you don’t get that email

When that fails (see above reason if you have forgotten) you **can** request that Go Daddy send you a 7 digit code to create a TXT record for validation

• adding a DNS record into your domain proves you to be an authoritative person for the domain
• Go Daddy must be called before they email you this
• create the TXT record per their instructions
• you manage your DNS records at DYNDNS (required when using a dynamic IP/DNS account) and that is where this TXT record gets entered

With that TXT alternate validation method in place you return to the Go Daddy certificate management portal and click the link for “What’s holding this up?”

• you will see a window with a link to click to have Go Daddy use the TXT validation

Return to the cert portal and see if the cert has cleared all hurdles and is “issued”

If it isn’t you may have to wait for Go Daddy to manually review your site and request

• I phoned and politely requested that it be moved to the top of the list – and so it went upwards to the top
• took about an hour and your mileage may vary since there are a lot of unknown factors to a manual process …but it will get completed!

Download the certificate

A five year Go Daddy SSL cert just cost you $65.  Of course you could have spent $495 with DYNDNS.  Please send your grateful donation to me at your discretion. ;-D

SBS 2011 Standard – Test Build Write-up

For those just looking for “What’s New” and the official Release Documentation for SBS 2011 Standard Edition those are found here:

http://technet.microsoft.com/en-us/library/gg490793.aspx

It seems that the Premium Edition is rebranded as a “Premium Add-on” though it is the same thing as before. BTW there isn’t a Premium download as of yet.

IMO this release looks and feels much more like an R2 rather than a full revamp of the platform. Kudos to Hilton Travis for that idea.  Perhaps the R2 branding is being dropped from the Microsoft marketing lexicon branding wheel.

After having gone through a lab build out and poked around in the UI, I can say that the reworked RWW page is nicer with its published “Shared Folders” visible much that same as previously seen in WHS. Using SharePoint Foundation 2010 will make for a richer and more easily adoptable teamwork platform. The improved and renamed “Internet Address Management Wizard” simplifies setting up a public domain name complete with DNS records creation if hosted at Enom or GoDaddy. You can separately purchase the domain name and the wizard accommodates this …thankfully. The rest of the newness is attributed to Windows 2008 R2 and Exchange 2010 SP1 including WSUS 3.0 w/ SP2 allowing for usage of Branch Cache. Also SQL gets a bump to SQL 2008 R2 Express (Std Ed) or SQL 2008 R2 Std (Prem) …FWIW 

Plan on two rounds of updates.  At not even weaned from infancy (or available from OEM’s) I downloaded 11 initial updates and then 36 more the second reboot go around.  Wish the boys up top could avoid saddling every install with massive time taking patching.  If this minor miracle of technology could be automated or avoided it would easily stimulate businesses with cost savings on the technology deployment that could be better spent on training and adoption of the new goodness.

As in SBS 2008 there is an Answer File Tool for creation of this file required if doing a Microsoft migration. Both it and an .html file tutorial are found under Tools off the root of the media (you have to create).

Speaking about media …since the download is a whopping 6 + GB in size no mere mortal DVD will do. As alluded to by many already …plan on building a bootable USB drive. Tim Barrett’s helpful and well written tutorial works exactly as advertised.  Per the suggestion of a colleague I’ve also tried a cool Open Source tool “UNetbootin” which made the bootable USB drive a synch by merely pointing to the .iso and clicking OK (expect it to take over 30 minutes). I’ve also confirmed that the Dell Systems Build and Update Utility recognizes both the Tim Barrett method and the UNetbootin method created USB Flash Drives as ‘OS Media’ and will succeed in installing SBS 2011.

SBS 2011 launches – get your USB Flash Drives out – the big ones

SBS 2011 has gone gold with OEM’s expected to have them loaded for purchase sometime mid January 2011. For those of us who can download the .iso from TechNet you can build your test machine today. Just be prepared to use a 8GB Flash Drive or larger to create a bootable piece of media to install it. DVD’s are too small for the over 6GB .iso file download. How do I do that? Well to start head over to Tim Barret’s blog. http://www.nogeekleftbehind.com/2010/12/22/how-to-install-sbs-2011-with-a-bootable-usb-drive

 Additionally I’ve tried a recommendation to build the bootable USB drive with the UNetbootin tool and it worked just as well as the very manual Tim Barret method.  Expect the creation of the bootable USB drive to take well over 30 minutes once you click to initiate that process.

BESX – BlackBerry Enterprise Server Express

Subtitled – Woh! BESE

Going through a BESE installation I’ve noticed a few things I wished someone had shared with me beforehand and so I’ll share them for anyone who hasn’t installed this software so you can be better prepared.

First don’t use the BlackBerry written instructions but only as a supplement if at all.  Instead use the new BlackBerry step by step video; it covers in details the steps that are vague or inaccurate in the written tutorial.  Both are found off the BESX software page’s link for documents.  Also you can specifically choose a SBS installation walkthrough which isn’t covered at all in the written version.

• The written instructions leave a lot of information out (If you never did this before you would be scratching your head in the configuring Exchange System Manager parts)
• The instructions are not written for SBS where Exchange sits on the Domain Controller
  • not a Workgroup computer
  • no Local Admin group (use Built In -> Administrators instead)
  • cannot set Log on Locally or Run as Service in Secpol.msc (use the Domain Controller Security Policy found through Administrator Tools)
• Java hasn’t been at version 6 v15 for some time and the installer didn’t detect that the current 6 v20 was there
  • so stupid installer installs an insecure version of Java anyway (which I’ll have to remove)

Once through with the database portion of the checklist the server has to reboot.  Once back up and signed in with the newly created BB account you created then you finish it up.  The SRP info and BlackBerry CAL information were given to you previously online at the time you registered for the download.  If you didn’t follow those directions to record it then you will have to go back online and attempt to retrieve them.

When I got to the Start Services portion nothing was starting up.  I manually went into the Services.msc console and started each and every service successfully.  It took awhile for the BB installer to recognize that all the services were running and then I was given the option to Finish.

Following this you will hopefully succeed in seeing a web based UI to add a User so you can use this crappy program.  Did I say that?  sorry

For my first go it was a 3 hour ordeal.   BlackBerry needs to continue to improve the initial installation/activation process on their software IMHO or they will get forgotten by the very simple to configure I-phone/Android phone w/ Exchange Active Sync.