“An error occurred while trying to copy the Client Setup files. Check the following, and then try again:

If you use a public proxy server to browse the Internet, clear the Internet Explorer connection setting for using a proxy server.  To do this, from the Tools menu, click Internet Options, click the Connections tab, click the LAN Settings button, and then clear the check box in Proxy Server.

If you do not have a public proxy configured for the Internet Explorer, then your network administrator must reinstall the Client Deployment component on the server. To do this, from Add or Remove Programs, run Windows Small Business Server Setup in maintenance mode, and then run Client Setup again.”

Here’s the fix:

1. Open Administrative Tools->IIS Manager
2. Go to Server(local computer)\Web Sites\Default Web Site\Connectcomputer
3. Right click Connectcomputer and select properties
4. On the Directory Security tab, under Secure Communications, click Edit
5. Remove the selection of Require secure channel(SSL) and Require 128-bit encryption.
6. Click OK two times and try again.

More info here…

Post from: Ramblings from The Montopolis Group

Windows 7 error connecting to SBS 2003

AstraSync is what we found and have recommended to our clients for years.  It works well and our Blackberry users seem to be happy with it.

Hopefully one day Blackberry will just license ActiveSync like Apple’s iPhone did, but for now, AstraSync works great and is cost-effective considering the alternative.

So if you need your Blackberry to talk to Exchange, get AstraSync and move on to more interesting things

Post from: Ramblings from The Montopolis Group

Easy Blackberry Sync with Exchange

Since GoDaddy does not provide a PFX certificate to download, you have to use the PowerShell command line.

Though you can use the new GUI to assist you in determining which SAN names you need if you want.

MY ADVICE:  make your common name just your top level domain name!  (ex. montopolis.com)  This way you can change out your SANs easily and rekey when needed.

Go to DigiCert’s Exchange 2010 CSR Tool which is just supper handy (GoDaddy really needs to make a version of this tool).

Enter all of your information and click Generate.

Copy the PowerShell code provided into Notepad.

In front of the code you pasted put in “$Data=” (without quotes).  Example:

$Data=New-ExchangeCertificate -GenerateRequest -KeySize 2048 –SubjectName…………………

On the next line enter the following (without quotes)

set-content -path “mycommonname.com.csr” -Value $data

Now paste these two lines into your Exchange Management Shell.

You should now have a mycommonname.com.csr file!

Open this file in notepad so you can copy & paste this for GoDaddy.

Go to https://certs.godaddy.com and request a new UCC certificate.  When asked paste your CSR.

Wait for GoDaddy to issue your cert and download it for Exchange 2007.  Copy the contents of the ZIP into the directory where your CSR is located.

From the Exchange Management Shell type in, replacing mydomain.com.csr with your filename:

Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path mydomain.com.crt -Encoding byte -ReadCount 0)) | Enable-ExchangeCertificate -Services “IIS”

Don’t worry about the services enabled right now.  We just want to enable one.

Now start your Exchange Management Console –> Server Configuration.  You should now see your new certificate listed.  Select it and click Assign Services to Certificate from the Actions menu.

Now assign the certificate to the services you want and voila!

I wasted a couple hours going the wrong way so I hope this saves someone else some time and frustration.  Good luck!

Post from: Ramblings from The Montopolis Group

Exchange 2010 & GoDaddy UCC certificate walkthrough

* The extension of these provisions results in potentially lucrative tax breaks for eligible technology purchases. Bonus depreciation is available for all businesses and provides an immediate depreciation deduction of 50 percent of the cost of new equipment and software placed in service during calendar year 2009. For taxable years beginning in 2009, 100 percent of new equipment and software purchases up to $250,000 can be expensed immediately. To limit this benefit to small businesses, the maximum immediate expense amount is reduced dollar-for-dollar to the extent that a taxpayer’s total new equipment and software purchases for the year exceed $800,000. (None of this information should be construed as or constitutes tax advice—please consult your tax adviser for a complete and detailed analysis.)

For more information on this tax break visit the IRS website.

Post from: Ramblings from The Montopolis Group

Lucrative Tax Break for Small Businesses

A Google search only relevantly led me here:

http://blog.mpecsinc.ca/2009/05/windows-7-no-logon-screen-saver.html

So after some leg work, here is the GPO you want to create & use now.

Create a GPO Link and set it up as follows:

Let GPO replicate or gpupdate /force it.

Tested on Windows 2003, XP, 2008 & 2008 R2 & 7.  Not tested on Vista, assume it’ll work.

If you want more granular control you can create WMI filters.  This nice article Creating WMI and Group Filters for 2000, XP, 2003, 2008, Vista, 7, 2008 R2 is right from the documentation gods @ Microsoft!

Post from: Ramblings from The Montopolis Group

New GPO for Screen Saver Lock aka Where did LOGON.SCR go?

I don’t care what language you write in or how good you think you are, there are some basic rules for sending email that seem to be continuously neglected which only causes unecessary drama for everyone around you.

I don’t care if you’re an internal/intranet developer, or work for eBay.  It’s the same basic rules.

Being both a developer and a mail admin myself, I know this stuff gets complicated real fast.  And I’ll also assume you haven’t been trained better.

So assuming you want to keep on developing code, here is what you should know…

1. ALWAYS follow ALL of the rules below

a. Whether sending 1 email or 60,000, the rules are always the same – no shortcuts!

2. ALWAYS authenticate, if you have the option!

a. Security is always important. Having proper permission to send/relay email is step 1, not step 99.

3. ALWAYS use SMTP TLS/SSL, if you have the option!

a. Again security is important, and you don’t want to be the developer who allows highly sensitive data and/or credentials to be read by a 12 year old, with a free network sniffer (http://www.wireshark.org/ or http://blogs.technet.com/netmon/), and then posted on MySpace.

b. No matter what you’ve heard, it’s too darn easy (and fun) to sniff network traffic.

4. ALWAYS specify a proper email subject, even during testing.

a. Blank subjects are bad form (see #6) and plain useless to all concerned.

5. ALWAYS insure a valid FROM and/or REPLY-TO email address.

a. Bogus data here increases the possibility that a server you are sending through can get blacklisted (worst case) or just poor email delivery (best case).

6. ALWAYS well form all emails sent, especially if you’re including attachments.

a. Using a good class (which is maintained by folks who know better) usually resolves this. Otherwise same concerns as #5.

b. If you aren’t using a class, then I expect to you to understand and have memorized all of these RFCs: RFC 821, RFC 822, RFC 2821, RFC 2822, RFC 2487, RFC 2045, RFC 2046, RFC 2047, RFC 2048 and RFC 2049

7. ALWAYS consider how to handle send failures in the event you are developing synchronous code.

a. If you are asked to write code to send an email, presumably the recipient is expecting one.

b.  Failing to properly handle errors means that the recipient is left hanging which only leads to a shortened development career.

8. ALWAYS insure you can enable and see debugging internals of your mail code.

a. You can’t blame the mail admin folks if you have no idea what your email code is ACTUALLY doing.

b.  They can’t AND won’t help unless you can provide PROOF of what is failing – they need to see the entire transaction. It’s the whole needle in the haystack thing. No mail admin wants to dig through a billion lines of logs to find your dumb mistake.

9. ALWAYS consider your email send volume and plan accordingly.

a. Don’t assume you’re allowed to send 6 million emails – you’re not.   When in doubt ASK.

b. Network throttling and limiting is implemented for a valid purpose – to keep bad stuff from happening. You know the Vulcan saying… The needs of the many, outweigh the needs of the few, and YOU!

c. Uh bandwidth costs money. Even if you’re not paying for it, someone is. And that someone will find you (or worse your boss) and get the money and/or pounds of flesh. Unless you’re the developer writing the next version of Google Earth or Microsoft Word, you can expect it.

I won’t even go into how to properly test your email code before going into production, because I will assume you can take it from here.  Right?

Those are the basics.  Learn ‘em, live ‘em, love ‘em.

Post from: Ramblings from The Montopolis Group

ATTN: Developers (aka How to properly send email from your app)

Looking for KB958644, must tick “Show Updates”

Post from: Ramblings from The Montopolis Group

Microsoft Critical RPC Vulnerability Patch Verification

Problem:

You launch the mail app, at the bottom all that is displayed is “Connecting…”. This goes on for hours, closing and reopening the mail app has no effect.

Solution:

This seems to be a new bug with the iPhone… Basically from what I gather is that while you roam around bouncing from Wifi to 3G or Edge, the phone gets confused at which connection to use.

You can reboot your phone and this will fix it, but that takes forever… Even easier, launch the mail app. Instead of just pressing the home button to get back to the home screen, hold the home button for 5 seconds. This forces the application to quit thus when you re-launch the application, the mail app refreshes and uses the appropriate connection.

Post from: Ramblings from The Montopolis Group

iPhone Mail App Connection Problems

In your policy map, you need to deny server requests to aimhttp.oscar.aol.com and kdc.uas.aol.com. This is in addition to the default SDM hosts, it appears the older server hosts are still alive.

The aimhttp.oscar.aol.com is the http proxy AOL has setup to bypass blocked hosts.

The kdc.uas.aol.com is a new host that has appeared with the latest version of AIM.

You can fully test your Policy by downloading AIM and running the auto-config wizard. If AIM is able to find a connection to AOL servers, you don’t have something setup right.

Post from: Ramblings from The Montopolis Group

Blocking AOL Instant Messenger at the Router Level (Cisco IOS)

We have run in to a few issues with the iPhone and Exchange sync when trying to sync to a server with a self-signed certificate.

It seems the iPhone will not do business with a non CA Cert.

Here is how we bypass this little problem.

You first need a personal email account setup on your iPhone! (Gmail, Yahoo, .me)

For simplicity, on your computer, open IE and navigate to your Outlook Web Access (you can do this from the server if you are an advanced user), click on the cert button:

In the drop down, select View Certificates.

On your certificate window that just popped up, go to the Details tab.

Click on “Copy to File…”

Go through the wizard and export the certificate as a DER encoded binary (.CER) file. Put it on your desktop.

Once exported, take the new .cer file and send it via email, as an attachment, to your iPhone.

On your iPhone go to your Mail icon and go to the Inbox of the personal account. Find the email you just sent.

Scroll to the bottom of the email and click on the cert.cer file…

After you click, you’ll be presented with the Install Profile screen.

Just click the Install button to install the certificate.

Once complete, you can now sync with Exchange, complete the setup process outlined in my previous post!

Post from: Ramblings from The Montopolis Group

iPhone 2.0 and Exchange Setup – Part Two!