Just setup an email address attached to an Exchange public folder. So incoming emails can be shared between several people but it also acts as a master list, that way you can see what has been actioned already.
You can also add the Send As permission in the Active Directory for that folder, so staff can change the email address that the message is sent from. You then need to enable the From field in the new message box. Also make sure the address is visible in the global address list and not hidden.
We noticed that incoming emails stored in the public folder didn't show the email distribution if anyone had been cc'd in. This was tracked down to the format being IPM.Post not IPM.Note. You can add a registry setting to force all new emails to store as Note, and therefore display the email distribution:
HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeIS\servername\public-folder-id\
"Incoming defaults to IPM.Note"=dword:00000001
Restart the Exchange Info Store.
Friday, 23 January 2009
Tuesday, 2 December 2008
Antivirus XP 2008 and tdssserv.sys trojan / rootkit
Just had another encounter with this fiend - except this time it was too late to try and load Malwarebytes or AVG updates or Ad-Aware. They were all blocked, although internet access appeared ok for most sites. Trying to access AVG for example just bounced you back to a Google looking results page every time.
There's some good info over here and I was interested to see that the old Microsoft/Sysinternals Rootkit Revealer showed up the hidden components (the F-Secure Backlight rootkit eliminator showed up nothing). I booted off CD and manually removed them - the TDSSserv components were key. Was then able to start Windows and install Malwarebytes to clear up any loose ends.
It's getting rough out there.
There's some good info over here and I was interested to see that the old Microsoft/Sysinternals Rootkit Revealer showed up the hidden components (the F-Secure Backlight rootkit eliminator showed up nothing). I booted off CD and manually removed them - the TDSSserv components were key. Was then able to start Windows and install Malwarebytes to clear up any loose ends.
It's getting rough out there.
Wednesday, 26 November 2008
Microsoft Update error 0x80244022
Just been on the Microsoft Update website (WindowsUpdate) and received error 0x80244022 from three different PCs. Just worked out that if you leave that error open on the screen and go to File > New > Window and run the Update a second time it works ok :-)
Those pesky Update errors just keep coming.
Those pesky Update errors just keep coming.
Friday, 21 November 2008
Symantec EndPoint Protection 11 MR3 client fails to install on SBS2003
Just attempted to upgrade one of the Small Business Server 2003 Premium servers from Symantec Client Security (SCS) or was that Symantec AntiVirus (SAV), well v10.2 anyway. Old version System Center Console (SCC) came off ok, rebooted and the new Symantec EndPoint Manager (SEPM) went on without error. However the newly packaged client for the server - AntiVirus and AntiSpyware modules only - wouldn't install. It got most of the way there and then suddenly rolled back without an error. There was a simple error event id 11708 from msiinstaller, operation failed.
Sounded just like some problems discussed on Experts Exchange and the Symantec forums. There was a whole thread dedicated to people opening support cases and requesting EndPoint Cleanwipe. So I did the same and within 20 minutes had a copy off Symantec ftp. It didn't fix the problem but wasted a couple of hours trashing the SEPM install as well as the previous Mail Security for Exchange. So after reinstalling both I was back to square one. Twelve hours later, Symantec tech support popped up having gotten around to reading the install log. Turns out there was an old Alert Management Server installed. It wouldn't remove from Add/Remote Programs or via CleanWipe.
The Microsoft Windows Installer Cleanup tool went all Chuck Norris on it and saved the day. One reboot later and a successful client install :-)
Sounded just like some problems discussed on Experts Exchange and the Symantec forums. There was a whole thread dedicated to people opening support cases and requesting EndPoint Cleanwipe. So I did the same and within 20 minutes had a copy off Symantec ftp. It didn't fix the problem but wasted a couple of hours trashing the SEPM install as well as the previous Mail Security for Exchange. So after reinstalling both I was back to square one. Twelve hours later, Symantec tech support popped up having gotten around to reading the install log. Turns out there was an old Alert Management Server installed. It wouldn't remove from Add/Remote Programs or via CleanWipe.
The Microsoft Windows Installer Cleanup tool went all Chuck Norris on it and saved the day. One reboot later and a successful client install :-)
Saturday, 6 September 2008
Antivirus XP 2008 or 2009 virus/spyware removal
I've come across a few PCs in the past month with the Antivirus XP 2008 problem. Basically its some spyware that fakes your Security Centre to look like there's a problem and needs fixing. It looks very authentic. There's a very thorough write-up at The Register, Anatomy of a Hack.
Two of the infections I saw had got in past AVG. One had 7.5 Free and the other had v8 but slightly dated definitions - unlucky timing, I wouldn't hold it against the folks at AVG. My AVG 8 Pro spotted the .exe as soon as I copied it over to the PC.
I've heard of a couple of cases where people have had to put hours into extracting the bad and getting their PC back up and running - should have called Redleg tech support first ;-) Best fix I've come across has been the AntiMalware product from Malwarebytes. You can find it over here.
Two of the infections I saw had got in past AVG. One had 7.5 Free and the other had v8 but slightly dated definitions - unlucky timing, I wouldn't hold it against the folks at AVG. My AVG 8 Pro spotted the .exe as soon as I copied it over to the PC.
I've heard of a couple of cases where people have had to put hours into extracting the bad and getting their PC back up and running - should have called Redleg tech support first ;-) Best fix I've come across has been the AntiMalware product from Malwarebytes. You can find it over here.
Wednesday, 27 August 2008
SEP, SBS and SIFMSMSE - they're tech not medical in case you were struggling
There was a time when I could remember what the Symantec antivirus acronyms were - life was simpler with SAVCE (Symantec Anti Virus Corporate Edition) and even SMSMSE (Symantec Mail Security for Microsoft Exchange). Now we've got SEP which doesn't remind you of an AV connection, worse still with the current version its SEP11 which just says its all coming crashing down. Then the latest Symantec Information Foundation Mail Security for Microsoft Exchange which just trips off the tongue, even the acronym SIFMSMSE is longer than most competitors' product names.
Anyway to the point. I've had an SBS2003R2 server running SEP 11.0 MR2 (I'm not even going to go there with the rest of the acronyms, but it was pre MP too) and SIFMSMSE 6.0.6 generating daily warnings in the Event Viewer which were making it into the SBS 6am daily monitoring report. The daily report didn't actually show much other than the source was Symantec AntiVirus. Taking a look in the Event Viewer shows Event ID 45 and screams SYMANTEC TAMPER PROTECTION ALERT. Turns out its Symantec's own product, the SIFMSMSE server which happily lives in the old SMSMSE directory.
Long story short, you can tell the antivirus to stop worrying about Symantec playing with itself (yes there was probably a more popular blog title in that) by going into SEP Console > Policies > Centralized Exceptions > right-click on the policy and choose Edit. Click Centralized Exceptions and add a Tamper Protection Exception for
[PROPGRAM FILES]
\Symantec\SMSMSE\6.0\Server\SAVFMSETask.exe
with an action of ignore.
All quiet on the front now.
PS I do like Symantec products - one of the few - always worked well for me, although the complexity and management from an SBS point of view seems to be increasing significantly. Reminds me of the old MacAfee which just got too complex to manage quickly and easily for a small business - haven't touched that since.
Anyway to the point. I've had an SBS2003R2 server running SEP 11.0 MR2 (I'm not even going to go there with the rest of the acronyms, but it was pre MP too) and SIFMSMSE 6.0.6 generating daily warnings in the Event Viewer which were making it into the SBS 6am daily monitoring report. The daily report didn't actually show much other than the source was Symantec AntiVirus. Taking a look in the Event Viewer shows Event ID 45 and screams SYMANTEC TAMPER PROTECTION ALERT. Turns out its Symantec's own product, the SIFMSMSE server which happily lives in the old SMSMSE directory.
Long story short, you can tell the antivirus to stop worrying about Symantec playing with itself (yes there was probably a more popular blog title in that) by going into SEP Console > Policies > Centralized Exceptions > right-click on the policy and choose Edit. Click Centralized Exceptions and add a Tamper Protection Exception for
[PROPGRAM FILES]
\Symantec\SMSMSE\6.0\Server\SAVFMSETask.exe
with an action of ignore.
All quiet on the front now.
PS I do like Symantec products - one of the few - always worked well for me, although the complexity and management from an SBS point of view seems to be increasing significantly. Reminds me of the old MacAfee which just got too complex to manage quickly and easily for a small business - haven't touched that since.
Monday, 25 August 2008
Allocated Memory - please sir, can I have some more
More! Couple of SBS2003 servers have spells of hitting me with daily allocated memory alerts, i.e. the warning threshold has been tripped in the monitoring. Now you can simply push that threshold figure up in the Server Management console, look under Monitoring and Reporting. Then Change Alert Notifications > Performance Counters > Allocated Memory and edit the figure up from say 2147483648 to 2447483648, i.e. another 300MB ish to go at before it starts screaming.
But if you look closely in the Task Manager and find that there are large memory allocations (170MB+) for sqlserver instances, you can adjust their figures.
Details on changing the maximum memory for a SQL instance, e.g. for the SBS Monitoring or the ISA Firewall or the Update Services can be found in the SBS team blog on troubleshooting high memory use.
There are some suggested figures to use from Susan's blog on throttling. They worked fine for me - one server regained 550MB and another around 200MB, with no apparent performance hits. Looked to me like it might be more relevant to pre-R2 servers, but that may have been coincidence.
But if you look closely in the Task Manager and find that there are large memory allocations (170MB+) for sqlserver instances, you can adjust their figures.
Details on changing the maximum memory for a SQL instance, e.g. for the SBS Monitoring or the ISA Firewall or the Update Services can be found in the SBS team blog on troubleshooting high memory use.
There are some suggested figures to use from Susan's blog on throttling. They worked fine for me - one server regained 550MB and another around 200MB, with no apparent performance hits. Looked to me like it might be more relevant to pre-R2 servers, but that may have been coincidence.
Friday, 22 August 2008
SBS Manchester meet 2008
Thursday's meeting of the SBS Partners group in Manchester was good. The group is several meetings down the line now and starting to feel like its got some direction. Great turn out from Microsoft with 4 people representing the company. In particular Gareth Hall, server product manager, and Emily Lambert, SBSC programme lead, who are heavily involved in the new SBS2008 launch and had plenty to tell us about what to expect in the next couple of months and how we could get involved. Certainly got me fired up for the new upcoming version.
Also pleased to meet Vijay who is the partner area lead for SBSC - think we'll just refer to him as the SBSC API ;-) Been keeping an eye on his iQubed blog for useful posts this year. Be good to see you up here again Vijay. BTW he seems to have more acronyms than Symantec.
(Hey Manchester got a mention :-)
The meeting isn't just about Microsoft either, we've got a range of partners from one-man to 20 staff so the peer support and discussion is varied and helpful. Next meeting is 18 September with some interesting third-party visitors from what I've heard. See you there.
Also pleased to meet Vijay who is the partner area lead for SBSC - think we'll just refer to him as the SBSC API ;-) Been keeping an eye on his iQubed blog for useful posts this year. Be good to see you up here again Vijay. BTW he seems to have more acronyms than Symantec.
(Hey Manchester got a mention :-)
The meeting isn't just about Microsoft either, we've got a range of partners from one-man to 20 staff so the peer support and discussion is varied and helpful. Next meeting is 18 September with some interesting third-party visitors from what I've heard. See you there.
Saturday, 9 August 2008
SBS 2003 Monitoring Report cannot be displayed
Had a couple of Small Business Server (SBS) 2003 boxes throw up blank daily monitoring reports recently. Most servers have been ok apart from these two, both SBS 2003 R2 with WSUS 3.0 SP1. One's a home build basic PC spec and the other is a Dell PowerEdge 860 dual core with 2GB RAM.
I wasn't able to get a fix despite trying reboots, updates, disk checks, reconfiguring monitoring, SQL database checks, etc. Got a fix now thanks to advice from Les Connor a Canadian SBS MVP, see the link here.
Basically you need to go into the main WSUS console (from Admin Tools) then Options and Server Cleanup Wizard. Running this with just the first option for Unused Updates fixed both servers. The PowerEdge took 18 hours to complete - reporting unused updates 11,092 and revisions 3,830. Sounds like this WSUS maintenance needs to happen on a monthly/quarterly schedule to keep the server optimised.
The basic server crashed out at 19 hours with SQL timeout errors. The monitoring report didn't come back immediately, until after a reboot.
Both are happy again ... me included :-)
I wasn't able to get a fix despite trying reboots, updates, disk checks, reconfiguring monitoring, SQL database checks, etc. Got a fix now thanks to advice from Les Connor a Canadian SBS MVP, see the link here.Basically you need to go into the main WSUS console (from Admin Tools) then Options and Server Cleanup Wizard. Running this with just the first option for Unused Updates fixed both servers. The PowerEdge took 18 hours to complete - reporting unused updates 11,092 and revisions 3,830. Sounds like this WSUS maintenance needs to happen on a monthly/quarterly schedule to keep the server optimised.
The basic server crashed out at 19 hours with SQL timeout errors. The monitoring report didn't come back immediately, until after a reboot.
Both are happy again ... me included :-)
Saturday, 19 July 2008
The Hotel Vista
Had some problems at a hotel client last year when the first new Vista laptops started appearing with guests and delegates. The guest wireless has no password so its as simple as its gets really. Some of the laptops failed to get an IP address allocated and therefore wouldn't connect out. The laptop would associate and then do nothing or report Limited Connectivity. Other times they would work for a short time and then appear to disconnect. Also saw what looked like a normal connection, you could ping an external IP but website site addresses and hostnames wouldn't resolve - bit strange to diagnose. Needed a Gregory House moment.
I managed to track down a couple of registry keys that helped. Thought I'd better post them now just for the record following a discussion recently about dodgy wireless connections.
First one is from Microsoft KB933340
HKLM\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\DhcpGlobalForceBroadcastFlag \1
"0"= dword:00000000
I was reminded of the second one by Susan Bradley who pointed out Steve Riley's post.
Start a Command Prompt
(there's a cool short cut to this by shift-right-clicking a folder such as Documents)
(or use Windows-R key combo and type CMD)
then run the command
netsh int tcp set glo aut=dis
I managed to track down a couple of registry keys that helped. Thought I'd better post them now just for the record following a discussion recently about dodgy wireless connections.
First one is from Microsoft KB933340
HKLM\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\DhcpGlobalForceBroadcastFlag \1
"0"= dword:00000000
I was reminded of the second one by Susan Bradley who pointed out Steve Riley's post.
Start a Command Prompt
(there's a cool short cut to this by shift-right-clicking a folder such as Documents)
(or use Windows-R key combo and type CMD)
then run the command
netsh int tcp set glo aut=dis
Subscribe to:
Posts (Atom)