Monday 17 August 2009

Moved House

I’ve moved my blog from here to my own site, please update your links :)

www.nicklloyd.it/blog

Friday 31 July 2009

SBS 2008 and Anonymous Mail

As previously mentioned we’re running CommitCRM as our CRM and PSA tool and the program needs to interact with Exchange to both receive and send emails.  Although we had this working to a degree, I finally got around to troubleshooting why we weren’t getting certain emails through.  I had previously read on UKSBSG that Exchange 2007 by default wouldn’t allow anon email to be routed internally – something a scan to email device might need to do.  CommitCRM has a tool to test the email settings and this was giving the following error:

AUTH CRAM-MD5
504 5.7.4 Unrecognized authentication type
AUTH LOGIN
RequestDone Rq=11 Error=504 5.7.4 Unrecognized authentication type

A quick Google didn’t turn up anything useful so I turned to the ever resourceful MS Partner Online Technical Community (PTOC).  As always I got a extensive reply and because it was in the SBS forum this was within four hours.  Shawn from MS explained that the application was trying to use “UTH CRAM-MD5”, but that this was supported by Exchange 2003 and not Exchange 2007.  To work around this problem Shawn laid out the steps to create a new Receive Connector for Commit to use:

  1. 1.  In EMC, expand Server Configuration, highlight the Hub Transport.
  2. 2.  Start new Receive Connector wizard
  3. 3.  On the Introduction page, follow these steps:
  4. a.  In the Name: field, type a meaningful name for this connector. This name is used to identify the connector.
  5. b.  In the Select the intended use for this connector: field, select Custom.
  6. c.  Click Next.
  7. 4.  On the Local network settings page, click Next
  8. 5.  On the Remote Network settings page, remove the existing 0.0.0.0 - 255.255.255.255 entry. Then add only the IP of the application server to the list
  9. 6.  After completing the Wizard, open properties of the new created receive Connector
  10. 7.  Enable the option "Exchange Servers" under Permission group
  11. 8.  On the authentication page, enable "Externally secured" option
  12. 9.  Restart Microsoft Exchange Transport service

This helped partially, but I also needed to allow Commit to send emails anonymously:

  1. 1. Open the properties of the Receive Connector we created.
  2. 2. Under the Permission Group tab, enable Anonymous users.
  3. 3. Under Authentication tab, only enable "Basic Authentication"
  4. 4. Restart the Exchange Transport Service.

I was now closer and could send emails internally, but not externally.  Via further communication with Shawn I discovered that Exchange 2007 doesn’t allow anonymous users to relay, but this can be changed with the following command in the Exchange Management Shell:

Get-ReceiveConnector "Connector_Name" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"

After using this command email started flowing correctly for Commit and I’m pretty sure the same setup could be used for other devices/apps that need to route email.

Many thanks once again to the guys at MS PTOC, life is a lot easier when you know someone will have the answer.

Technorati Tags: ,,

Sunday 19 July 2009

Getting Organised – A CRM Solution

We’ve dipped our toe in various CRM packages over the last couple of years here at Sirona, but we never quite realised how important it was until we finally had one place for everything.

We started our CRM journey using vTiger CRM, a free branch of the open source program SugarCRM.  Our primary requirement was a ticketing solution, but we also populated it with customer data and played around with it’s invoicing capability.  We used vTiger for a good twelve months until we decided to switch to using the ticketing system built in to Kaseya.  The main reason for the switch was all our customer’s PCs and servers were listed in Kaseya and tickets could be logged against them.  This meant we could run reports against individual machines to spot any issues.

We used Kaseya for probably six months until I started to want something more. My main aim was for customers to be able to email our support email address and have a ticket automatically logged. Having previously looked at both Connectwise and Autotask, I knew these products could do this.  We’ve had demos of both and they are fantastic looking products; I’m personally sold on Connectwise.  However, the cost of both is just prohibitive for us at the moment.  I think in a couple of years when we’ve grown some more we will head down the Connectwise route, but until then I needed something else.

What initially got me thinking about moving away from Kaseya was stumbling across Cerberus HelpdeskCerberus is an email based helpdesk with decent pricing and was a definite contender.  Seeing as we were thinking of a move, I decided I needed to look at more than just one option.  Searching brought up a couple of other options, Blue Folder and Zoho CRM being the two other likely candidates.  I spent a fair amount of time looking at these three and had finally decided that Blue Folder was the option when a friend suggested CommitCRM.

Now CommitCRM offered a lot more than any of the others we’d either used or trialled, in fact it bills itself as a PSA tool for IT service companies.  Like any good service it offered a free trial so I downloaded it and started using it in earnest.  That was about two months ago, we’ve now paid for it and use it on a daily basis. 

Commit allows tickets to be logged by email and will continue to track email conversations regarding tickets.  It’s not the slickest of tracking, but it works and the Commit team are actively working on improving it (we’re on the new beta and it’s already improved).  We have all our customer’s assets in there so tickets are tracked against the right asset.  We’re able to expand assets from just hardware to anything, so we track all software purchases and licenses.  We can also track contracts as to what they cover and how much they cost.  Commit will link to Quickbooks, so we’re working on getting that working to simplify the monthly invoicing tasks.  We track every piece of work we do against the relevant contract, so we can see how much time we spend on a contract in a month.  This will help us both to see whether a contract is profitable and also demonstrate to customers the value of their contract.

It’s still early days, but it’s already making a great difference in the way our business runs.  It’s great having one place for everything, but it’s also vital that we use it for everything.  Sometimes it’s easy to do it the old way, but we have to change our ways and ensure that if it happens, it happens in Commit.  Going forward it’s great to know we’ll have one place for all the history for all our customers.

Friday 12 June 2009

Hamachi Geekness

I was bathed in geekness the other day when I successfully shared my CD-ROM drive across the Internet to solve a little problem…

I was connected to an SBS server doing some application maintenance when the always annoying message ‘CD Required’ popped up. If I was a bit more organised I’d have a copy of the CDs backed up on the local hard drive, but alas I am not.  I didn’t want to drive out to site to insert a CD and my usual contact there was also on holiday.  I had the CDs I needed in our office, so I thought there must be a way to share my local CD-ROM drive with the server.  A quick Google brought up nothing, so I was about to admit defeat and plan a trip to site when I remembered Hamachi.

For those of you who aren’t aware of the product, it’s a small piece of software that will map a VPN between two places without opening any ports. It does this by using a third party to establish the VPN, but after this all data is only sent between the two parties at either end.  The software has the blessing of security guru Steve Gibson, so I’m more than happy to use it on a client site.

In this instance I fired up Hamachi on my laptop and on the server and established a tunnel. After sharing out my CD-ROM drive on my Vista laptop I mapped to it over the tunnel.  In the application I was modifying I pointed it to the newly mapped drive and lo and behold it grabbed the files it needed off the CD! Application updated, job done.

Behold, I am a geek!

Sirona now Microsoft Licensing Specialists (Lite)

My business partner and I attended a MS bootcamp on Licensing yesterday, hosted by Ingram Micro with a trainer from Microsoft.  It was an impressive set up at the Manchester Airport Radisson hotel and a great spread thrown in for lunch.  Great to see a distributor putting on events in the north and makes me more inclined to move my business away from C2K to Ingram.

The MLSS Lite accreditation is made up of two sections – products and licensing. The ‘Lite’ name certainly rang true and as a techy who is very familiar with Microsoft’s product line there wasn’t anything mind blowing on that side, but my business partner got more out of it.  The licensing side re-enforced a lot of what I’ve learnt but also threw up a few surprises, one being another OEM drawback.  I always knew that if you upgraded a CPU or mobo under an OEM OS license that license was then invalid. However, what I learnt yesterday was that if a CPU or mobo fails outside warranty, then that also invalidates the OEM license…  All the more reason to get at least 3 years warranty when dealing with OEM and it re-enforces the 3 year lifespan of a PC.

After lunch we were all able to sit the two exams and then get them marked while we waited. I’m very pleased to say Sirona now has two licensing specialists and we’ll now look to get it mentioned in our marketing literature.

The next step is to think about doing the higher level courses and exams, but I’m not sure of the relevance to our sector.  We’re generally dealing with 5 to 35 users and therefore only a very small area of licensing is applicable.  I’m hesitant to invest more time into the higher level accreditations as understandably they don’t just concentrate on our market.  Maybe the powers that be will revisit this in the future and create an accreditation linked directly to SBSC, but until then I’ll just make do with my ‘Lite’.

Friday 3 April 2009

SBS 2008 – Outlook Anywhere Hanging Outlook

Outlook over HTTPS, now renamed to Outlook Anywhere, is a great feature that we use in-house and at a number of clients.  It basically gives you Exchange connectivity outside of the network without using a VPN.  I use it on my laptop as my primary profile and it means Outlook works whether I’m in the office or not.

After recently deploying SBS 2008 in the office we noticed Outlook would struggle to connect over HTTPS.  Once connected it would generally work without a problem for a number of hours, but it would then become un-responsive and we had to move to OWA while it recovered.  If you left Outlook it would generally recover, although it could take up to an hour.

I raised this with my ever resourceful friends over at microsoft.private.sbsc.windowsserver.sbs and yet again they came back with the right answer.  In our case that was the TCP Chimney Offload problem, as described in this MS article.

Following the above article I found that TCP Chimney Offload was already disabled in the OS, but not on the network card. First of all I replaced the network card drivers that the SBS setup had installed with the correct drivers from HP. Then in the Advanced tap of the network card properties I set ‘Receive Side Scaling’ to disabled.

These two actions together have cured all the problems we were having with Outlook and another hats off to Robert in the newsgroups.

SBS 2008 – Stop Mail Being Marked as Spam in the IMF

The new anti-spam engine in SBS 2008 seems to be doing a good job on one of our customer’s sites.  However, the interface isn’t the greatest and I struggled to find a way to stop a particular email being marked as spam.  My struggle was explained when I raised a post in microsoft.private.sbsc.windowsserver.sbs – you can’t do it through the GUI, you need to use the Exchange shell (EMS).  One note about said shell, always right-click and choose ‘Run as Administrator’, certain commands, including the ones below, don’t work if you run it as a normal user.

Use the following shell command to add sender SMTP addresses to the BypassedSenders list:

Set-ContentFilterConfig -BypassedSenders foo@somedomain.com,foo2@somedomain.com

Use the following command to whitelist the sending domain:

Set-ContentFilterConfig -BypassedSenderDomains somedomain.com,someotherdomain.com

You don’t get any confirmation that the action has been taken, but you also don’t get any error message.  Use the following commands to list which users or domains have been added to the BypassedSenders lists:

Get-contentFilterConfig |fl BypassedSenders
Get-contentFilterConfig |fl BypassedSenderDomains

Thanks to Robert Li in the newsgroups for this info.

Related info:

How to Specify Recipient and Sender Exceptions for Content Filtering
http://technet.microsoft.com/en-us/library/aa995952.aspx

Get-ContentFilterConfig
http://technet.microsoft.com/en-us/library/aa998807.aspx

Wednesday 11 February 2009

Windows 7 and SBS 2008

The team at the Official SBS Blog have posted details on how to get your Windows 7 machine running on your SBS 2008 network:

Using Windows 7 BETA With SBS 2008

Technorati Tags: ,

Windows 7

I’ve been using Windows 7 since the public beta and I’ve been very impressed.  I’ve got it dual-booting with Vista on my laptop and running as my primary OS on my home machine.  It runs very nicely, although these are both pretty new machines (Core 2 Duos). From what I’ve heard it will run on lesser hardware, but it still needs to be current gen hardware.  One example is it runs quite happily on Atom based Netbooks, where Vista would struggle.

Unfortunately the public beta has now finished, however I’m sure readers of this blog will either have already got it, or know certain means to lay their hands on it.  Also, if you’ve got TechNet, it’s still there for the taking.

I did run into a problem with it on my desktop yesterday where a RAR set made in the old 00x style wouldn’t open.  However, trying the same RAR set on Vista produced the same problem.  Luckily 7zip came to the rescue and happily opened the set for me.

One other problem which I’m hoping will be addressed by a driver update is some sort of conflict with my video card on the desktop.  It’s a ATi 2400 Pro and I had the same problem for a while on Vista.  The driver crashes and Vista would usually recover, however Win7 seems get stuck in a loop which eventually crashes the system.  I’m still running the MS driver installed for the card when I installed the OS, so I’m hoping getting the ATi driver will resolve the issue.

All in all Win7 is a polished version of Vista and I’m a Vista fan.  However, I think Win7 will also win over some Vista haters – it’s certainly a lot more OS X like which will to be some people’s taste.

Wednesday 4 February 2009

How to Stop WSUS Downloading Updates in SBS 2008

In SBS 2008 WSUS is enabled by default and will start downloading updates once setup is complete.  We use a centralised update service which manages updates for all our clients and means we only have to approve updates once and not for each server.

WSUS in SBS 2008 gives you the option to not install updates and download only. However, this means the server is still downloading all the updates and wasting bandwidth and disk space.

I raised this issue with the guys in microsoft.private.sbsc.windowsserver.sbs and after some internal discussion they came back and said the only way to stop the downloads was to remove WSUS.  Unfortunately this has the side effect of stopping SBS reporting on patch level, but our centralised software covers this anyway.

So I’ve followed MS’s advise and so far so good. No unnecessary downloads and the server is ticking along nicely.

Technorati Tags: ,,

Tuesday 3 February 2009

SBSC Survey

Emily Lambert has posted about the Small Business Specialist Community online survey and the deadline for this is Feb 6th – this Friday.  If you’ve got five minutes today, please head on over there and fill out the survey to help MS understand us SBS’ers a bit better.

Technorati Tags: ,

Change the Anti-Spam Setting in SBS 2008

SBS 2008 has the Intelligent Message Filter (IMF) enabled by default, so out of the box mail will be filtered and the default behaviour is block rather than quarantine.  One of our customers had some missing mails so I needed to adjust this and Microsoft’s very own SBS expert Dave Overton had done a neat little blog entry that sorted it out in a few clicks:

http://uksbsguy.com/blogs/doverton/archive/2008/05/30/how-to-change-spam-settings-on-exchange-2007-sbs-2008-to-enable-some-all-more-spam-to-be-delivered-to-an-account-for-analysis.aspx

Thanks Dave.

 

Wednesday 14 January 2009

SBS 2008 – SendAs and Full Mailbox Permissions

This turns out to be a lot simpler than I thought, but a Google didn’t give me the answer, so I thought I’d share what I found. Thanks to the guys in microsoft.private.sbsc.windowsserver.sbs for the information:

SendAs Permissions

To use the Exchange Management Console to grant a user the Send As permission for another user's mailbox
1. Start the Exchange Management Console.
2. In the console tree, click Recipient Configuration.
3. In the result pane, select the mailbox for which you want to grant the Send As permission.
4. In the action pane, under the mailbox name, click Manage Send As Permission. The Manage Send As Permission wizard opens.
5. On the Manage Send As Permission page, click Add.
6. In Select User or Group, select the user to which you want to grant the Send As permission, and then click OK.
7. Click Manage.
8. On the Completion page, the Summary states whether the Send As permission was successfully granted. The summary also displays the Exchange Management Shell command that was used to grant the Send As permission.
9. Click Finish.

To use the Exchange Management Shell to grant a user the Send As permission for another user's mailbox run the following command (Run the shell as admin)
Add-ADPermission "Mailbox" -User "Domain\User" -Extendedrights "Send As"

Source: microsoft.private.sbsc.windowsserver.sbs

More info: http://technet.microsoft.com/en-us/library/aa998291.aspx

=================================================

Full Mailbox Access

To use the Exchange Management Console to grant the Full Access permission for a mailbox
1. Start the Exchange Management Console.
2. In the console tree, click Recipient Configuration.
3. In the result pane, select the mailbox for which you want to grant the Full Access permission.
4. In the action pane, under the mailbox name, click Manage Full Access Permission. The Manage Full Access Permission wizard opens.
5. On the Manage Full Access Permission page, click Add.
6. In Select User or Group, select the user to which you want to grant the Full Access permission, and then click OK.
7. Click Manage.
8. On the Completion page, the Summary states whether the Full Access permission was successfully granted. The summary also displays the Exchange Management Shell command that was used to grant the Full Access permission.
9. Click Finish.

To use the Exchange Management Shell to grant the Full Access permission for a mailbox
" Run the following command to add the Full Access permission directly to the mailbox (Run shell as admin)
Add-MailboxPermission "Mailbox" -User "Trusted User" -AccessRights FullAccess

Source: microsoft.private.sbsc.windowsserver.sbs

More info: http://technet.microsoft.com/en-us/library/aa996343.aspx

Technorati Tags: ,