David Overton's Blog and Discussion Site
This site is my way to share my views and general business and IT information with you about Microsoft, IT solutions for ISVs, technologists and businesses, large and small. I specialise in Windows Intune and SBS 2008.
This blog is purely the personal opinions of David Overton. If you can't find the information you were looking for e-mail me at admin@davidoverton.com.

To find out more about my Windows Intune BOOK - Microsoft Windows Intune 2.0: Quickstart Administration click here

To find out more about my SBS 2008 BOOK - Small Business Server 2008, Installation, Migration and Configuration click here

December 2008 - David Overton's Blog

David Overton's Blog

Buy my books

Windows Intune:Quickstart Administration

This is the RAW book (Read as Written).
Click here for more information
Buy or pre-order today

SBS 2008 - Installation, Migration and Configuration

Small Business Server 2008 – Installation, Migration, and Configuration

Buy today in book or e-book form

Request a Review Copy



  • Steve from Sytec saw me …

    Steve sent me this earlier in December, but I thought it was worth sharing. Here is the photo he took: ttfn David Technorati Tags: David Overton , Overton , Personal , UK Train Stations
  • Office Small Business 2007 – get up to 25% off in the UK

    I saw this at the Special Offers site from the Small Business team and thought I would share. Office Small Business 2007 – get up to 25% off Buy Office 2007 Small Business Edition before 17 January and you can get a discount of up to 25%. Enhance productivity in your workplace and manage tasks and your customers more efficiently with Microsoft Office Small Business 2007. Excel, Word, Publisher, Outlook and PowerPoint provide all the tools you need to give your business a professional edge. (Offer applies to FPP (Fully-Packaged Product) only, ie not via volume licensing or OEM etc.) Availability: UK Small Businesses Valid from: December 21 2008 Offer expires: January 17 2009 How to buy: Equanet: Microsoft Office 2007 Small Business CD Equanet: 2007 Version Upgrade Grey Matter: Microsoft Office 2007 Small Business CD MacWarehouse: Microsoft Office 2007 Small Business CD MacWarehouse: 2007 Version Upgrade Microwarehouse: Microsoft Office 2007 Small Business CD Microwarehouse: 2007 Version Upgrade PC World Business: Microsoft Office 2007 Small Business CD PC World Business: 2007 Version Upgrade WStore: Microsoft Office 2007 Small Business CD MS Store: Microsoft Office 2007 Small Business CD Hopefully it will make a nice present for the New Year. Have a Merry Christmas!! David Technorati Tags: Microsoft , Small Business , Office 2007 , Offer , Partners
  • Hyper-V Management console stops working after a month or so with error “Cannot connect to the RPC service on Computer ‘xxx’. Make sure your RPC service is running.

    [updated with net accounts command 20/2/2009] This can help diagnose and resolve the issue if like me, it was running fine and then it suddenly stops about 4-5 weeks after it all got started. My initial thought was that some update had changed things as the blog post here documented the initial setup where the same error was seen. The error once again looked like this: However checking all the same firewall and other settings revealed nothing. Finally I discovered that the user I had created had a password setting that meant the password had expired. Simple, yet checking from the command line is a right royal pain. To fix, these were the commands I used: net user <username> “<new or existing passsword>” /active:yes /expires:never /passwordchg:no net accounts /maxpwage:unlimited Simple, yet the cause of so much time trying to fix. Hopefully this will solve it for you too. Thanks David Technorati Tags: Microsoft , Hyper-V , Error , User , Password
  • SBS 2008 Forefront Virus protection for e-mail Errors or Warnings - “At least one of the engines enabled for update has not been updated in the last week” – how to solve

    My SBS 2008 installation is pretty good, but one area I’ve noticed some problems was with ForeFront. I either had errors or at best warnings all the time about the scan engines. I would go and hit a manual update, but the bar would be 30-90% across and suddenly stop. When I looked in the event log I could see errors like these below. Searching the internet delivered me the KB article http://support.microsoft.com/kb/939411/en-us which talks about timeout issues, however even with the recommended change things did not resolve themselves. Source: GetEngineFiles Event ID: 6014 Level: Error Description: Microsoft Forefront Server Security encountered an error while performing a scan engine update. Scan Engine: AhnLab Update Path: http://forefrontdl.microsoft.com/server/scanengineupdate/x86/AhnLab Proxy Settings: Disabled Error Code: 0xC0001F58 Description: The operation timed out. Source: Microsoft Forefront Security Event ID: 7003 Level: Warning Description: Not all of the selected engines enabled for updates successfully updated at the last attempt Source: GetEngineFiles Event ID: 6012 Level: Error Description: Microsoft Forefront Server Security encountered an error while performing a scan engine update. Scan Engine: Kaspersky5 Error Code: 0x80070102 Description: Unable to acquire the scan engine update mutex within the designated timeout period. The fix was to realise that the timeout value in the KB was still too slow. The KB recommended creating a DWORD called EngineDownloadTimeout in HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server and setting the value to 600 decimal for 10 minutes. I’ve now set mine to 900 (384 hex) for 15 minutes and finally all the updates have succeeded. While the console has not shown the change just yet, looking at the events in the event log show that indeed everything is now up to date. ttfn David Technorati Tags: Microsoft , SBS 2008 , ForeFront , Security , Updates , Tips , Support
  • Internet Explorer security vulnerability fix now available – think of it as an early Christmas present… now about Firefox’s 3 issues this week…

    I think everyone knows that an urgent security issue has arisen in IE this week and Microsoft has taken the (wise) decision to publish a fix outside the normal 2nd Tuesday release cycle. Some have said switch browser because of this issue, but not only can that be complex, but most browsers suffer security issues so once again the only real protection is to wrap in cotton wool and hide. Or, use the built in features of Vista and IE7/8 which means protected mode and NOT running as admin. You might ask why a Christmas present? Well, if this continued un-patched then your information is seriously at risk and that would make for a very bad Christmas if your credit card information was stolen!! Either way, if you have IE on your systems then you will need to update your systems urgently. Of course, my Hyper-V server (or Windows Core for that matter) don’t have IE, so no updates for them!!! Just for completeness, here is the information from the Technet newsletter Internet Explorer Security Update I wanted to update you on the Advance Notification of security update MS08-078 which will address a new vulnerability allowing remote code execution in all affected versions of Internet Explorer products. We plan to release this update on December 17th, around 10 a.m. Pacific Time (6pm UK time) through Automatic Updates and Microsoft Update. We encourage you to test and deploy this update as soon as possible. Our investigations of the known attacks have verified that they are not successful against customers who have applied the security update. You may be interested to know, that in response to the threat we mobilized security engineering teams worldwide right away to develop, test and deliver a security update of appropriate quality for worldwide distribution in the unprecedented time of eight days. We also published the Microsoft Security Advisory 961051 . Microsoft's teams worked constantly to identify more options for customers and updated this advisory 5 times in six days. We remain committed to building secure...
  • How to size the hardware required for SBS 2008

    This question has been asked many times and was once again asked today on an internal forum.  It is hard to come up with an explicit answer, but I feel I can give you some (personal, non-binding, your mileage may vary, please take with a pinch of salt and don’t sue me) opinions.  For SBS 2003 the non-scientific sizing appeared to go like this: “between 2 & 4GB of RAM, depending on number of users”.  I often saw a machine for around 25 users with 4GB of RAM and there was headroom. Disk – don’t buy 1.5TB disks, but don’t by 30GB either.  Buy largish and try to size data before you make the decision 1 CPU or 2, or perhaps more importantly, a box that can take 1 CPU or 2? The the time SBS 2008 arrived the difference in cost of a 2GB or 4GB box was trivial.  Now SBS 2008, if you want to be scientific about it would look something like this: Minimum specs are found at http://www.microsoft.com/sbs/en/us/system-requirements.aspx Think Windows Server 2008 for x users, plus Exchange sizing for x users plus some wiggle for all the SBS 2008 bits, including WSS, Backup.  Since working all the above out, I tend to use the following guides: 4GB of RAM for 1 User, 8GB for more than 30 or so, however this is MY opinion and not tested Disk as above, mirrored in h/w (yes, mirrored, not raid 5) Dual core for a starter system going to multi-cpu & multi core for a very busy system The Premium node is sized as any other Windows Server 2008 system SQL or Terminal Services or ISA… etc Now while this might sound very sketchy, I’ve never benchmarked any SBS systems and this is my rule of thumb.  I’ve seen some 5-person businesses that stressed a 4GB 2-cpu Xeon SBS 2003 system and I’ve seen 40 people lightly load a 1 cpu, 2GB RAM system.  Sizing is not a science and you should always put in more than you need as it is easier for something to be sat idle than to be “in need”.  Finally, on the sizing, consider your own system.  Put in SBS 2008 for yourself and can use yourself as a reference...
  • Two more SQL 2005 to SQL 2008 issues fixed - Provider=SQLNCLI – Provider cannot be found error and Property Owner is not available for database

    So these are really quick snippets.  I hit an error where my Gateway monitoring software could not connect to the database.  All the errors were along the lines of “Provider cannot be found” and when I looked in the Connection String it stated “Provider=SQLNCLI” which is the SQL Native Client connector software. The fix that worked for me was very simple, to change the “Provider=SQLNCLI …..” to “Provider=SQLNCLI10 …..”.   The second issue was nothing that came about from the SQL 2005 to SQL 2008 conversion, but became an issue when I could not see the properties for the database.  The error I would see was that “Property Owner is not available for database”.  The fix can be found here - http://blog.dampee.be/post/2008/06/22/MSSQL-2005-error-message-quot3bProperty-Owner-is-not-available-for-Database-databaseNamequot3b.aspx .   ttfn David Technorati Tags: Microsoft , SQL Server , SQL Server 2008 , Tips
  • SQL 2005 to SQL 2008 forklift upgrade resulted in 50% cpu utilisation (& resolution) – aka SBS 2003 to SBS 2008 SQL Application Move

    I’ve recently moved the database behind DavidOverton.com (also uksbsguy.com) from a Windows Server 2003 system with SQL 2005 to Windows Server 2008 with SQL 2008.  This would be the same process if you were potentially performing a migration from SBS 2003 with SQL 2005 to SBS 2008 Premium with SQL 2008 (or SQL 2005, but the performance issue only happens with SQL 2008). The process was amazingly simple: Stop the database on the Windows 2003 system Copy the datafiles, errorlogs, logs etc to the new system Install SQL 2008 on the new system, creating an instance by the same name Modify the registry to point to my new files (details here ) Start SQL 2008 Obviously I had to do some IIS stuff (create a new site) and install and redirect my logging software (WhosOn), but overall it went very well. Or so I thought until I noticed that my normally nominal CPU utilisation had gone bananas.  One of the SQL 2008 new and improved features is the Server Activity History which makes it very easy to pinpoint problems, along with the Activity Monitor.  To get the monitor you need to configure the SQL Data Collector (run it twice, once to configure the data warehouse and once to configure the collection process itself).  Then right click on the data collection and chose one of the reports.       Notice the Activity History above shows 50% cpu utilisation when less than 50 people are hitting the website.  This should be a snooze for the system.  I ended up disconnection the web site, my monitoring software and everything else and running a trace with every box ticked.  This gave me a trace output like this: I got around 200,000 lines like this when every process on the system that could access the system was stopped. Wow!  A quick search of the internet talked about corrupt msdb files and then it hit me.  I had lifted all the database files from my SQL 2005 system, including the MSDB files to the SQL 2008 system.  A quick checked showed that the SQL 2008 files were...
  • Christmas season arrives at the Overton Home, except Yipp Productions for Channel 4 TV were there!

    This year, like all others for the last 10 years we’ve decorated our house with Christmas lights.  We have at least 3 different religious views in our house, which is amazing considering there are two adults and two children, aged 8 and 2, however we love the smiles the lights bring to ours and others' faces, so each year it gets a little grander (or kitch or tacky!). The pictures from this year can be found at http://davidoverton.com/media/g/doverton/tags/Christmas/Personal/default.aspx .  Below is what the outside of my study looks like! So, why Yipp for Channel 4 this year?  The house is “well lit up”, but not enough to make the news, however being a working dad who has had some trials and tribulations, and very much being in the right place at the right time meant I was asked if I would mind being filmed and having a chat about life.  Yipp recruited Martin Hampton to come along, ably assisted by Katie.  You should be able to hear about my life in a very short film clip next year, so alas the lights will not be on “telly” for Christmas!   Let me know if you do silly things at Christmas to make it more special !!   ttfn David Technorati Tags: Personal
    Filed under:
  • How to get an existing disk to be available inside Hyper-V, how to install RAID Management tools and how to shrink a non-Dynamic VHD

    Once I had built my Hyper-V Server I still had a few to resolve.  I thought I had better document the solutions I found to my 3 disk related problems from this entry . So the 3 issues covered are: How to get an existing disk to be available inside Hyper-V How to install RAID Management tools How to shrink a non-Dynamic VHD How to get an existing disk to be available inside Hyper-V (called a pass-through disk) Just to give you some background, I was moving a non-VM OS inside a Hyper-V system.  I had created the VM, but I could not get it to just “boot” from the old boot disk – the disk was not showing.  I’d read that this type of disk was a pass-through (or pass-thru) disk, but I could not find out how to configure it easily.  The solution turned out to be very simple.  Run DISKPART on the Hyper-V server, identify the disk and mark it offline.  It would then appear in the list of disks that could be installed.  What is more, if I ran out of disks I could install a SCSI controller and continue to add disks there too. So, the commands for DiskPart: List Disk Select disk n – pick the disk you want, replace n with the disk number from the List Disk output Offline Disk You then need to add the disk inside Hyper-V - How to install RAID Management tools I don’t have pictures for this, but you should get the idea.  I put in the CD for the RAID software and I found some EXE and MSI files ( DIR /s /a *.exe *.msi from a command prompt will do that).  I ran these (using common sense to work out which ones to try first) until the drivers were installed and also the raid configuration software.  I then looked in the C:\Program Files and C:\Program Files (x86) folders for exe’s, cpl and jar files ( DIR /s /a *.exe *.cpl *.jar ).  The exe’s can be services or tools to run, the cpl are control panel files and the jar files are Java modules.  It turns out that the configuration tools are Java based on my e-sata card. How to shrink a non-Dynamic VHD Finally I had my disks and...
  • How to change where SQL Server looks for it’s master datafiles (master.mdf)

    I’ve found myself moving datafiles around or backing up to new locations before enough that I need to change SQL to point to the new locations before it will start for me to do further work.  The process to get it up and running is to find the SQL instance in the registry and change 3 values. The magical location is: “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL10. <instance> \MSSQLServer\Parameters” Under here you will file 3 arguments.  Notice the double backslashes “\\” which is required for each single backslash you want.  For example, for my site, I have changed them from the default instance pointers to: "SQLArg0"="-dD:\\databases\\Community Server\\master.mdf" "SQLArg1"="-eD:\\databases\\Community Server\\ERRORLOG" "SQLArg2"="-lD:\\database_logs\\Community Server\\mastlog.ldf" Change these to the location of your datafiles.  The “-d” is for the master database datafile, “–e” for the Error Log and finally “-l” for the log for the master database.   ttfn David Technorati Tags: SQL 2008 , SQL , Microsoft , Microsoft SQL Server , Tips
  • Invalid certificate issued to localhost.localdomain when remotely access SBS 2008 from a Windows PC

    This is another question I was recently asked. One particular user noticed that the certificate they saw when accessing their server from the internet did not match that when accessing from the LAN. The certificate looked something like this: This was a little strange as when the system was accessed from the intranet, all things appeared fine. The culprit for them was the SBS 2003 self signed certificate on the same machine. By removing the certificate and then installing the correct new one things got better. To remove the old certificate, start MMC.exe and accept the UAC prompt. Now press Ctrl+M to add a new snap-in and select Certificates and when asked, add for the user account . The do the same again, but select Certificates and Computer Account and hit OK to accept the current computer. Now expand out Personal Certificates and remove any SBS 2003 self signed certificates. To load the new certificates open a browser inside your SBS 2008 network and point to http://companyweb/Lists/Announcements/DispForm.aspx?ID=3 which should give you instructions and the URL. I hope that makes sense. ttfn David Technorati Tags: localhost.localdomain , SBS 2008 , Certificates , Tips
  • How to resolve errors like "Cannot connect to the RPC service, make sure your RPC service is running" with Hyper-V Server and Hyper-V Manager

    In my last post on installing Hyper-V for my home setup I said I had a number of issues.  One was that the Hyper-V Manager kept on showing the error "Cannot connect to the RPC service, make sure your RPC service is running".  This turned out to be several issues. To start with my Hyper-V box is in a workgroup, so security is manually configured.  Then there is the connection ID security - by hand and finally there is the client setup too.  I spent a long time with John Howard's blog which got me the following commands for the Hyper-V server: netsh advfirewall set currentprofile settings remotemanagement enable netsh advfirewall firewall set rule group="Windows Management Instrumentation (WMI)" new enable=yes netsh advfirewall firewall set rule  name="Remote Administration (RPC-EPMAP)" new enable=yes profile=domain netsh advfirewall firewall set rule name="Remote Administration (NP-In)" new enable=yes profile=domain netsh advfirewall firewall set rule name="Remote Administration (RPC)" new enable=yes profile=domain netsh advfirewall firewall set rule name="remote desktop (tcp-in)" new enable=Yes profile=domain net localgroup “Distributed COM Users” /add David There was then a few things to do on the client PC where it would not connect.  Again the postings at http://blogs.technet.com/jhoward/archive/2008/03/28/part-2-hyper-v-remote-management-you-do-not-have-the-requested-permission-to-complete-this-task-contact-the-administrator-of-the-authorization-policy-for-the-computer-computername.aspx helped me solve the problems. I've put all this here as a reference really, because John has been a busy boy and now has a tool that does this for you called HVRemote . So, learn from my pain and use John's tool.  You should be able to add a user and set the permissions very quickly.   One thing I will say is that I use OneCare on my OC client and I had to add some rules in the OneCare firewall:   - Port 135 for...
  • Connect Manager for VPNs into SBS 2008 …er, not really, with CMAK information too

    [updated with “roll your own” information and how to make a 32-bit version of the exe file] I love it when people challenge me to solve a question and today’s prize goes to Simon (thank-you for the questions Simon) who asked me where Connection Manager was on SBS 2008? You remember Connection Manager right, to auto configure the VPNs… Well, the instructions in SBS 2008 are a little less simple. Rather than downloading a pre-configured tool you now need to roll your own. The reasoning, which is quite sound, is that you can access almost everything via the Remote Web Workplace, but for some things, you want a VPN and the way to get it can be found here - http://technet.microsoft.com/en-us/library/cc513974.aspx If you want to create a Connection Manager Install for SBS 2008 you need to add the CMAK to the SBS 2008 install. Go to Server Manager and click to add a feature. Install the CMAK by pressing Next. To start the kit, go to the Start Menu, Administrator Tools and then select Connection Manager Administration Kit. Click next until you need to select the target OS. Select to create a new profile and provide the name and filename (8 characters max) Provide the domain or realm name and include the “separator” character – eg “mydomain\” without the quotes. Select no profiles to merge and press Next Embed the VPN Connection name (eg remote.myserver.com as that is what the SSL certificate will say) into the file and then accept the VPN entry Remove the automatically update phonebook options and leave blank Accept the default entries for VPN, Routing tables, IE Proxy, Custom Actions Now accept the default graphics or add your own logo Accept the default information on help files, support information, User EULA screen, additional files Finally accept the answer and build the file: . You can now chose to put the EXE file somewhere your users can access and then they can download it. One problem solved, more to come. IF YOU ARE DEPLOYING TO A 32-BIT WINDOWS SYSTEM, YOU...

(c)David Overton 2006-13