Archive for September 2011

Sep
23

All the Details for the Brain Explosion

by amy

Post to Twitter Post to Facebook Post to StumbleUpon

We had a dress rehearsal of one of the presentations last night with a small local audience. The most technical guy, stopped me on our way out the door and said “I’m a bit embarrassed to admit this, but I learned something tonight. I shouldn’t have but I did. Who was that speaker again?” I was thrilled. That’s what it is all about, isn’t it? Picking up that tidbit that you didn’t know. Even if you think you know something inside and out there is always room to learn just that much more on a technical topic. When you pick up that nugget it make the whole thing worth the effort. That’s why I love IT and I bet that’s why you love it too. I’m looking forward to being in a whole room of amazing IT professionals. See you in Vegas! We have a great day planned for you.

Haven’t registered yet? Please do so now. www.thirdtier.net/registration Your registration fee includes a full day of training, lunch and an evening with Third Tier at the local pub. Space is limited so register today.

2011 Brain Explosion – A Master Class in Remote Access

8:30am – doors open, meet & greet, welcome by Amy Babinchak
9:00am – DNS Mysteries Unveiled
10:15 – break (15 min)
10:30 – Under the Covers of Remote Web Access
12:00 – Lunch – Calyptix Security
12:30 – Securing Remote Access using Radius
1:15 – Direct Access for Smaller Businesses
2:30 – break (15 min)
2:45 – Becoming a Messaging Sleuth
3:30 – Thin Client Standardization and Configuration
4:15 – Final thoughts, dismiss by Amy Babinchak

Later that same evening: PARTY with Third Tier and SBSMigration at McFadden’s Pub.

Direct Access for Smaller Businesses – Cliff Galiher

DirectAccess is a remote connectivity technology that opens new doors for end users to access company resources like never before and can greatly reduce the support burden of managing computers that are regularly outside a company LAN. Implementing DirectAccess can be a daunting task with most of the documentation focusing on large enterprise deployments. In this session you will learn about the DirectAccess from the inside. When you are done, you will know where it can fit in your network, how to do a deployment focusing on the small or midsized business, and some common pain points with troubleshooting tips, making DirectAccess more available to small businesses than ever before.

The Managed Edge – Ben Yarbrough, Calyptix

Calyptix Security is pioneering the development of “The Managed Edge” tm cybersecurity solution. The Managed Edge is born out of two massive trends that are converging to put extreme pressure on IT security for small and medium sized businesses. We’re seeing a massive migration of computing and network infrastructure from the main office into the cloud; and a parallel rapid proliferation of mobile computing devices in the form of bigger, faster tablets and smart phones. The combination of these two forces has resulted in a dramatic expansion in demand for remote access to corporate computing resources from employees who are increasingly working from home, on-the-road, or deployed virtually in an array of satellite offices.

KISS Edge Security – Brian Higgins

What do your wireless access point, a cable / DSL modem, and a VPN connection have in common? They can all be authenticated against a central user database such as Active Directory using RADIUS. RADIUS is one of the least known / utilized methods of authentication available in Windows, but one of the most useful. The most common use for RADIUS in small business is to authenticate external users who want to connect to a company’s VPN appliance, enabling them to use the same username and password for their remote access as their AD logon, because everything, including their password, is tied back to their Active Directory account. Ever wonder how an ISP tracks who is connected to their network, or what speed internet service you purchased? In this session we will answer that question and more as we explore some of the various uses of RADIUS, ways you probably already interact with it (probably unknowingly), and how you can take advantage of this very useful protocol to provide your clients with a simpler, more streamlined connection process, while actually making things easier to manage.

Under the Covers of Remote Web Access – Eriq Neale

Since SBS 2003, the SBS family of products has included a feature that, quite frankly, has made some of the other product lines jealous – the Remote Web Workplace (now called Remote Web Access in the 2011 series of products). Starting with the 2008 product series, Microsoft made some significant changes to the way this remote connectivity tool works behind the scenes, and in some cases that has led to some frustration on the part of the user and IT support community. In this session, we will show you how remote connectivity works under the hood so you can learn how to gain remote access to servers and workstations while bypassing the RWA interface, as well as finally being able to allow Macintosh and other devices to remotely control PCs using this same mechanism. Plus, we’ll show you how to build your own remote access infrastructure using the same tools that MS uses to make the remote connectivity of RWA work.

Becoming a Message Sleuth – David Shackelford

Sometimes as a consultant you are asked to be the expert on what happened to a message that was or wasn’t delivered. While you may have used the Exchange message tracking logs and the application log, there are also the SMTP protocol logs, the filtering logs and additional diagnostic logging at your disposal. This session will get you familiar with the tools and give you the best practices for getting useful data out of them, making you look like a CSI guy (or gal). I’ll focus on the scenarios that I encounter every week working for ThirdTier.

DNS Mysteries Unveiled – Jeremy Anderson

Name the single most important aspect of any computer network, from the smallest office to the largest multi-national corporation. Name the one thing that each of us use every day, that we don’t even think about. This is DNS.DNS is a complex protocol that is required for daily operation of your networks. DNS is often set up behind the scenes and has little maintenance and configuration. But what do you do if it’s not working? How do you troubleshoot and verify its operation? Can you be certain that you have your DNS set up and configured according to best practices? An overview of DNS and how it works, with an emphasis on ‘WHY’ it matters, how to troubleshoot, and what tools to use to verify its operation. I will go over the different types of DNS servers, split scopes, DNS replication, and other terms that you may have heard. DNS is a practical solution to an everyday problem, that we do not nearly spend enough time on, assuming that it will just work. The intricacies and mysteries of DNS will be explained to you.

Thin Client Device Standardization – Steven Banks

In a world of MultiPoint and increased use Remote Desktop Services it’s time we gained some understanding on how to best manage thin client devices. They aren’t PC’s after all and capabilities and available tools very from manufacturer to manufacturer and even among models of devices. Get too many varieties and you could have a real mess. We’ll have several different types of devices with us to demonstrate management techniques.

We still have a few tickets left, so feel free to share with your friends!

Haven’t registered yet? Please do so now. www.thirdtier.net/registration Your registration fee includes a full day of training, lunch and an evening with Third Tier at the local pub. Space is limited so register today.

0 Categories : Amy Babinchak, Brain Explosion, Brian Higgins, Calyptix, Cliff Galiher, Dave Shackelford, Eriq Neale, Jeremy, SMB Nation, Steve
Sep
22

It’s a Party!

by amy

Post to Twitter Post to Facebook Post to StumbleUpon

Third Tier and SBSMigration are hosting a welcome party at SMBNation following the Brain Explosion. For Brain Explosion attendees this is a chance to wind down and hash over the days events with fellow attendees and Third Tier staff. We’ll buy the beer. For SMBNation attendees it’s a chance to wind up, reconnect with old friends and get ready for a great conference.

SMBNationWelcomePostCard

 

 

       Last year the Ladies Gaga. This year?

image

0 Categories : Brain Explosion, SMB Nation
Sep
13

Brain Explosion Content Detail: The Managed Edge with Calyptix Security

by amy

Post to Twitter Post to Facebook Post to StumbleUpon

Calyptix Security and Third Tier have been friends for a long time; since birth actually. The Access Enforcer has matured into a very interesting solution for protecting the edge of your network and managing access. They are sponsoring your lunch at the Brain Explosion. Ben Yarborough will discuss how the explosion of remote access devices impacts edge security and how Calyptix Security is on top of the trend.

Haven’t registered yet? Please do so now. www.thirdtier.net/registration Your registration fee includes a full day of training, lunch and an evening with Third Tier at the local pub. Space is limited so register today.

                                explodingbrain                       calyptix

Calyptix Security is pioneering the development of “The Managed Edge” tm cybersecurity solution. The Managed Edge is born out of two massive trends that are converging to put extreme pressure on IT security for small and medium sized businesses. We’re seeing a massive migration of computing and network infrastructure from the main office into the cloud; and a parallel rapid proliferation of mobile computing devices in the form of bigger, faster tablets and smart phones. The combination of these two forces has resulted in a dramatic expansion in demand for remote access to corporate computing resources from employees who are increasingly working from home, on-the-road, or deployed virtually in an array of satellite offices.

This new reality not only highlights the need for more security at “the edge” of the company network — through which most of the critical business information is now flowing — but puts more pressure and emphasis on the need for regular management and maintenance of the critical devices protecting the edge.

The Managed Edge security solution not only monitors and protects the company from incoming viruses, malware, and other security threats from the outside world… it’s also monitoring and managing outgoing network traffic to protect the broader global network community from criminal hijacking and use and of the company’s computing resources. Moreover, The Managed Edge security solution itself leverages the massive trends of cloud computing and mobility to allow the company’s managed security service provider to manage and maintain the security devices remotely, and automatically.

Remember, register to reserve your space. Last year we sold out. www.thirdtier.net/registration

—–
So who wrote this blog and what do they do for a living anyway?
We’re Third Tier. We provide advanced Third Tier support for IT Professionals.
Third Tier Get Support BlogFeed Blog Twitter Twitter Facebook Facebook LinkedIn LinkedIN

0 Categories : Brain Explosion, Calyptix
Sep
12

Brain Explosion Content Detail: VPN and Wireless Authentication made Easy

by amy

Post to Twitter Post to Facebook Post to StumbleUpon

Brian likes simple things and he wants to show you how to use the tools you already own. Using Radius is one of these things. All of our edge devices are capable of it. But hardly anyone uses it. Brian will show us all when to use it, why to use it and how to use it to provide authentication at the edge of our networks.

Haven’t registered yet? Please do so now. www.thirdtier.net/registration Your registration fee includes a full day of training, lunch and an evening with Third Tier at the local pub. Space is limited so register today.

                           

 

What do your wireless access point, a cable / DSL modem, and a VPN connection have in common? They can all be authenticated against a central user database such as Active Directory using RADIUS.  RADIUS is one of the least known / utilized methods of authentication available in Windows, but one of the most useful. The most common use for RADIUS in small business is to authenticate external users who want to connect to a company’s VPN appliance, enabling them to use the same username and password for their remote access as their AD logon, because everything, including their password, is tied back to their Active Directory account. Ever wonder how an ISP tracks who is connected to their network, or what speed internet service you purchased? In this session we will answer that question and more as we explore some of the various uses of RADIUS, ways you probably already interact with it (probably unknowingly),  and how you can take advantage of this very useful protocol to provide your clients with a simpler, more streamlined connection process, while actually making things easier to manage.

Remember, register to reserve your space. Last year we sold out. www.thirdtier.net/registration

—–
So who wrote this blog and what do they do for a living anyway?
We’re Third Tier. We provide advanced Third Tier support for IT Professionals.
Third Tier Get Support BlogFeed Blog Twitter Twitter Facebook Facebook LinkedIn LinkedIN

0 Categories : Brain Explosion, Brian Higgins, Security
Sep
9

Cannot show requested dialog “There is no row at position 0″ and Making your Microsoft Connect Items Matter

by edwin
I have not opened a Microsoft Connect item before so I don’t know how the bug reporting and resolution process …

Continue reading »

Categories : Edwin Sarmiento
Sep
7

Brain Explosion Session Detail: Direct Access for Smaller Businesses

by amy

Post to Twitter Post to Facebook Post to StumbleUpon

Cliff Galiher knows technology. Direct Access is the kind of new technology that requires a Brain Explosion to get. Cliff will make your that your Brain explodes so you can provide your clients with this awesome new technology. Direct Access is the solution that they’ve been waiting for and after this session you’ll be the ONLY IT firm in your State that can provide it. It’s not that complicated. Cliff will show you how it’s done.

Haven’t registered yet? Please do so now. www.thirdtier.net/registration Your registration fee includes a full day of training, lunch and an evening with Third Tier at the local pub. Space is limited so register today.

DirectAccess is a remote connectivity technology that opens new doors for end users to access company resources like never before and can greatly reduce the support burden of managing computers that are regularly outside a company LAN. Implementing DirectAccess can be a daunting task with most of the documentation focusing on large enterprise deployments. In this session you will learn about the DirectAccess from the inside. When you are done, you will know where it can fit in your network, how to do a deployment focusing  on the small or midsized business, and some common pain points with troubleshooting tips, making DirectAccess more available to small businesses than ever before.

Remember, register to reserve your space. Last year we sold out. www.thirdtier.net/registration

—–
So who wrote this blog and what do they do for a living anyway?
We’re Third Tier. We provide advanced Third Tier support for IT Professionals.
Third Tier Get Support BlogFeed Blog Twitter Twitter Facebook Facebook LinkedIn LinkedIN

0 Categories : Brain Explosion, Cliff Galiher, SMB Nation
Sep
6

Replication Failed due to Schema Mismatch

by amy

Post to Twitter Post to Facebook Post to StumbleUpon

This post was written by Third Tier consultant Jeremy Anderson. Jeremy will also be presenting at the Third Tier Brain Explosion

In the process of two recent migrations, an issue has snuck up on me. The initial symptoms have all been different, but the end result has been the same. Replication errors. For one client it first appeared even when the Migration Wizard was not able to disable the DHCP service on the source servers, for another it did not appear until the mail box move was attempted.

If you are suffering from these issues you will see replication errors in your NTFRS event logs. “having Trouble enabling Replication from…”

clip_image001

When you run a dcdiag, you will get an error similar to the following:

Microsoft Windows [Version 5.2.3790]

(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Contoso>dcdiag /s:ContosoSBS

Domain Controller Diagnosis

Performing initial setup:

Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\ContosoSBS

Starting test: Connectivity

……………………. ContosoSBS passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\ContosoSBS

Starting test: Replications

REPLICATION LATENCY WARNING

ContosoSBS: This replication path was preempted by higher priority work.

from Old-Server to ContosoSBS

Reason: The replication operation failed because of a schema mismatch between the servers involved.

The last success occurred at 2011-07-09 12:29:54.

Replication of new changes along this path will be delayed.

REPLICATION LATENCY WARNING

ContosoSBS: This replication path was preempted by higher priority work.

from Old-Server to ContosoSBS

Reason: The replication operation failed because of a schema mismatch between the servers involved.

The last success occurred at 2011-07-09 12:29:51.

Replication of new changes along this path will be delayed.

REPLICATION LATENCY WARNING

ContosoSBS: This replication path was preempted by higher priority work.

from Old-Server to ContosoSBS

Reason: The replication operation failed because of a schema mismatch between the servers involved.

The last success occurred at 2011-07-09 12:24:50.

Replication of new changes along this path will be delayed.

REPLICATION LATENCY WARNING

ContosoSBS: This replication path was preempted by higher priority work.

from Old-Server to ContosoSBS

Reason: The replication operation failed because of a schema mismatch between the servers involved.

The last success occurred at 2011-07-09 12:24:39.

Replication of new changes along this path will be delayed.

If you open a command prompt, and on the new SBS 2011 Server and you do a repadmin /showrepl you will get a reply that also indicates DNS and Replica Link Errors.

C:\Documents and Settings\ContosoSupport>repadmin /showrepl

repadmin running command /showrepl against server localhost

Default-First-Site-Name\Old-Server

DC Options: IS_GC

Site Options: (none)

DC object GUID: 899d2bae-5a7b-44fe-bb2e-1a3f65221d34

DC invocationID: 276bef04-f1fd-4cd3-93e0-75b686c542f4

Source: Default-First-Site-Name\ContosoSBS

******* 9 CONSECUTIVE FAILURES since 2011-07-09 12:16:16

Last error: 8524 (0x214c):

The DSA operation is unable to proceed because of a DNS lookup failure.

Naming Context: CN=Schema,CN=Configuration,ContosoSBS,DC=lan

Source: Default-First-Site-Name\ContosoSBS

******* WARNING: KCC could not add this REPLICA LINK due to error.

Naming Context: ContosoSBS,DC=lan

Source: Default-First-Site-Name\ContosoSBS

******* WARNING: KCC could not add this REPLICA LINK due to error.

Naming Context: CN=Configuration,ContosoSBS,DC=lan

Source: Default-First-Site-Name\ContosoSBS

******* WARNING: KCC could not add this REPLICA LINK due to error.

All This sounds pretty nasty, and things are “just not right”. Never Fear. The fix is simple. Update your NIC drivers on your source server. Turn off RSS (Recive Side Scaling) and TOE (TCP Offload Engine)

   
 

Receive-Side Scaling (RSS) resolves the single-processor bottleneck by allowing the receive side network load from a network adapter to be shared across multiple processors. RSS enables packet receive-processing to scale with the number of available processors. This allows the Windows Networking subsystem to take advantage of multi-core and many core processor architectures.
http://technet.microsoft.com/en-us/network/dd277646
 
 

TCP Offload Engine or TOE is a technology used in network interface cards (NIC) to offload processing of the entire TCP/IP stack to the network controller. It is primarily used with high-speed network interfaces, such as gigabit Ethernet and 10 Gigabit Ethernet, where processing overhead of the network stack becomes significant.

http://en.wikipedia.org/wiki/TCP_Offload_Engine

clip_image003This has happened with on Broadcom and Intel Network card drivers. Once RSS and TOE are disabled, reboot the source server. Replication begins instantly, and you can carry on with your migration. Here is an Intel NIC with these options disabled:


So who wrote this blog and what do they do for a living anyway?
We’re Third Tier. We provide advanced Third Tier support for IT Professionals.
Third Tier Get SupportBlogFeed BlogTwitter TwitterFacebook FacebookLinkedIn LinkedIN

2 Categories : Jeremy, Migration, SBS 2011, Tips
Sep
2

Adding URLs to Internet Explorer Security Zones with Group Policy Preferences

by Eriq

One project we’ve been working on locally requires that a particular URL be added to the Trusted Sites zone in Internet Explorer for all users. Since this is a rather large site, we didn’t want to have to touch each machine individually, especially since some of the machines are shared. I did quite a bit of looking around to see if this could be done with Group Policy, and there is a solution that has a lot of blog posts about how to configure it using the Site to Zone Assignment List Policy setting. Unfortunately, when we tested this, it had the unfortunate side effect of locking users out from making any changes to the Trusted Sites list and effectively removed all of the sites that had been in their lists beforehand (luckily for us, we follow our own best practices and tested this internally before deploying at the client site).

It took quite a bit of digging, but I did find a way to achieve our goal using Group Policy Preferences and manipulating the appropriate settings in the user section of the registry. In this example, we’re going to add the url https://remote.smallbizco.net to the Trusted Sites zone. Here’s how it’s done.

  1. On the domain controller, open the Group Policy Management Console (gpmc.msc or under Administrative Tools).
  2. Right-click on the domain object and select Create a GPO in this domain, and Link it here…
  3. Give the GPO a meaningful name (I chose the not-very-clever URLs Added to IE Security Zones as a sample name).
    Enter a name for the Group Policy Object
  4. Right-click on the new GPO and select Edit.
  5. Expand User Configuration -> Preferences -> Windows Settings and select Registry.
    Editing the Registry settings under the User Configuration Preferences
  6. Right-click on Registry and select New -> Registry Item.
  7. Select Update for the Action and HKEY_CURRENT_USER as the Hive, then click on the browse button next to Key Path.
    Initial settings for the registry object
  8. Expand HKEY_CURRENT_USER -> Software -> Microsoft -> Windows -> CurrentVersion -> Internet Settings ->ZoneMap and click EscDomains, then click Select.
    Selecting the Registry Path
  9. Click anywhere in the Key Path field and press the End key. At the end of the Key Path string, type a backslash, then the domain of the site (in this case smallbizco.net) then another backslash and the name of the site in the domain (in this example, remote). In the Value field enter the protocol type (in this example we used https, but http, ftp, and other protocols can be used in this field, or you can ender an asterisk for all protocols). Change the Value Type to REG_DWORD, then enter the value data for which security zone you want to enter the URL into. 1 is for the Intranet zone, 2 is for the Trusted Sites zone, 3 is for the Internet Zone, and 4 is for the Restricted Sites zone).
    Finishing the Registry Edits
  10. Click Apply, then click OK. If you want to add other URLs repeat steps 6 through 10.
  11. After you have entered all the URLs you need, close the Group Policy Management console.
  12. From the domain controller, run the command gpupdate /force and wait for the command to finish. You may be prompted to log off, but that is not necessary for this policy to take effect.
  13. From the workstation, you can either reboot and let the policy apply at the next login, or you can close Internet Explorer and run gpupdate /force from the workstation to apply the updated policy.
  14. When you look at the Trusted Sites list in Internet Options, you will now see the URL has been added to the list.
    URL has been added to the zone

Note that the client will have to have the Group Policy Prefences Client Side Extensions loaded if the client OS is Windows XP, Windows Vista, or Server 2o03 ( KB943729). Adding URLs using this method does not interfere with any URLs that may have already been added by the user, and this will apply to every user in the domain. If you need to further restrict which users have this policy applied, you can either apply the GPO to a different OU within the domain or change the Security Group to which the GPO should apply in the Security Filtering settings of the GPO.

Categories : Eriq Neale
Sep
1

Brain Explosion Session Detail: Under the Covers of Remote Web Access

by amy

Post to Twitter Post to Facebook Post to StumbleUpon

Eriq Neale aka: The Boss, SBS MVP, SBS Unleashed lead author and baseball fanatic is going to throw off the covers of Remote Web Access. Why? Well, because if you know how it works you can implement similar technology for any of your clients and you can make it work for almost any OS, not just Microsoft’s.

Haven’t registered yet? Please do so now. www.thirdtier.net/registration Your registration fee includes a full day of training, lunch and an evening with Third Tier at the local pub. Space is limited so register today.

                       

Since SBS 2003, the SBS family of products has included a feature that, quite frankly, has made some of the other product lines jealous – the Remote Web Workplace (now called Remote Web Access in the 2011 series of products). Starting with the 2008 product series, Microsoft made some significant changes to the way this remote connectivity tool works behind the scenes, and in some cases that has led to some frustration on the part of the user and IT support community. In this session, we will show you how remote connectivity works under the hood so you can learn how to gain remote access to servers and workstations while bypassing the RWA interface, as well as finally being able to allow Macintosh and other devices to remotely control PCs using this same mechanism. Plus, we’ll show you how to build your own remote access infrastructure using the same tools that MS uses to make the remote connectivity of RWA work.

Remember, register to reserve your space. Last year we sold out. www.thirdtier.net/registration

—–
So who wrote this blog and what do they do for a living anyway?
We’re Third Tier. We provide advanced Third Tier support for IT Professionals.
Third Tier Get Support BlogFeed Blog Twitter Twitter Facebook Facebook LinkedIn LinkedIN

0 Categories : Brain Explosion, Eriq Neale, Remote Desktop, SBS 2008, SBS 2011, SMB Nation

Search

Support

Third Tier provides advanced support services to IT Professionals. Learn about what we do at http://www.thirdtier.net or click on the support icon below to chat with one of our support representatives.

Third Tier
Copyright © 2013 All Rights Reserved
iThemes Builder by iThemes
Powered by WordPress