During a demo of Microsoft Small Business Server 2003 to a client recently, I was demonstrating the Remote Web Workplace (RWW) and Outlook Web Access (OWA) features. These are always a great selling point to anyone who is considering a server solution.

Browsing to https://vpn.ourdomain.com/remote - Internet Explorer naturally flashed up a screen to say "The security certificate presented by this web-site was not issued by a trusted certificate authority" - which is, of course, a correct statement when your server is using a self-signed certificate (as my server was). I clicked Continue, as I always do, and was about to demonstrate the excellent features of RWW when the client asked the question

"Why did that error pop-up?"

My usual response is "It's nothing to worry about" but it did get me thinking. We are always trying to educate users not to click through warnings, especially on web-sites, without questioning why those warnings are there. The fact my own SBS server gives these warnings isn't a great demonstration of security! So how to avoid this error?

Asking around a few other SMB Consultants (the smaller outfits and still-learning SMB Consultants like myself, or "Riff Raff" as Vlad refers to us <grin>) on how they would tackle this issue gleaned a variety of answers, none of which were altogether conclusive. So here's my attempt at explaining how to use SSL certificates with SBS 2003!

First, a crash-course in Trusted Certificates as they are used within SBS 2003. When you visit a secure (https) web-site, your web browser (in this case Internet Explorer) checks the certificate it is presented with by that web-site against a list of Certificate Authorities (CA) it know's it can trust. Authorities such as Geotrust, Globalsign and Verisign. These are known as "Root Authorities" and are regularly updated by Microsoft.

So when you receive the error "The security certificate presented by this web-site was not issued by a trusted certificate authority" it simply means Internet Explorer cannot verify the certificate it has been presented by the web-site you are visiting as being created by a CA it can trust.

So the simple solution to this problem is - get yourself a Certificate created by a CA that IS trusted by Internet Explorer! Unfortunately, most of the big CA's charge a small fortune (£100+/year) for such Certificates. For a SMB Consultant rolling out a dozen or more new SBS 2003 solutions per year, that's going to be a nasty additional cost.

Is there a cheaper alternative? Yes! Get yourself over to www.godaddy.com and buy one of their Turbo SSL Certificates at $34 (about £17) per year. Use the discount code "dl.tv" for another 10% off. GoDaddy SSL Certificates are created by ValiCert who are a Trusted Root Authority.

Before you begin to create a new SSL certificate from GoDaddy, you need to do two things

1. Decide the sites Common Name (i.e. vpn.joebloggs.com) - this is the address that users who are typing in https://<yourcommonname>/rww will use and the address your certificate will become bound to.
2. Make sure that the Administrative Contact for that domain (i.e. joebloggs.com) has a proper e-mail address that you can access. GoDaddy will send confirmations to this address and you'll need to respond to it to proceed. You can usually check this information through a WHOIS lookup, or by contacting the ISP you registered the domain with.

When you go through the process of creating your GoDaddy SSL certificate, you'll be asked to provide a Certificate Signing Request (CSR). This is a chunk of text that tells the SSL provider what to generate within the new Certificate. To create a CSR from your SBS 2003 server:-

1. On your SBS 2003 server, open Server Management.
2. Open Advanced Management > Internet Information Services > [your server] > Web-Sites > Default Web-Site.
3. Right-Click Default Web-Site and select Properties.
4. Open the Directory Security Tab and select Server Certificate
5. Click Next and select "Remove the Current Certificate". Follow the prompts to remove the certificate.
6. Go back into the Server Certificate option and select "Create a New Certificate"
7. Select "Prepare the Request Now, but send it later" and click Next.
8. Enter your Organization name (your Company name) and Organizational Unit. Make sure this is accurate as however unlikely, you may be quizzed on this by the CA later!
9. Enter the sites common name. It's very important you get this right! This entry would be your sites externally accessible name (i.e. vpn.joebloggs.com - without the http) and not your servers internal name! Choose carefully here, as if you change your sites name in the future, the certificate you have bought may not work with it post-name change!
10. Click Next and Fill in the required Geographic Information as required.
11. Finally, save the request to a file in a location of your choice.

Once the CSR is created, you can open the file within Notepad and copy the information to your clipboard - ready to paste into GoDaddy's Certificate Generation screen.

GoDaddy will send you a variety of e-mails including an important one to the Administrative contact of the domain you are using. You'll need to reply to this e-mail to confirm you are the owner of this domain, to enable the Certifcate request to proceed.

Within a few minutes and a few e-mail responses, you should be able to download your new SSL certificate from GoDaddy's web-site! Save this to your server.

Now we have the certificate, we will need to apply it to your server:-

1. Open the Server Management console.
2. Click Internet and E-mail.
3. Click Connect to the Internet. The Configure E-mail and Internet Connection Wizard starts.
4. On the Welcome page, click Next.
5. On the Connection Type page, click Do not change connection type, and then click Next.
6. On the Firewall page, click Do not change firewall configuration, and then click Next.
7. On the Web Server Certificate page, click Use a Web server certificate from a trusted authority, click Browse.
8. You'll see the type of certificates SBS is looking for are .cer and your GoDaddy certificate may be named something different. In my case, I changed the drop-down list to search for "All Files" and the certificate worked anyway! You may need to use Internet Explorer to import the GoDaddy Certificate and then export it as a .cer file - but try it and see!
9. Navigate to and double-click the certificate file provided by GoDaddy, and then click Next.
10. On the Internet E-mail page, click Do not change Internet e-mail configuration, and then click Next.
11. On the Completing the Configure E-mail and Internet Connection Wizard page, click Finish.

Hopefully we're all done!

Open Internet Explorer and browse to the external address - i.e. https://vpn.joebloggs.com/remote and with any luck you shouldn't get any sort of Internet Explorer Certificate warning, and you'll be good to go! If you're an SMB Consultant, next time you demo SBS 2003 to a client you won't have to gloss over any of those error messages!

One thing to remember is that this Certificate verifies the identity of the server externally. If you accessed the server internally - i.e. https://yourserver/remote - you'd still get a warning message that the Certificate doesn't match the actual server name.

There is a way around this, using a Certificate option known as "Subject Alternative Naming" (SAN). Using this option you can give your Certificate both an internal and external address to use. The catch? Price - you'll usually find these types of servers are much more expensive.

If you're still interested in using SAN - go take a look at the options at Globalsign. The company comes highly recommended - it's owned by my Cousin Steven and he kindly helped me research the various options! :-)

Another upside of using a 3rd Party Certificate is that if you own a Windows Mobile device with an "always on" Internet connection, you can set it to synchronise with your Exchange Server and also push e-mails from Exchange directly to your device. I'll document how I set that up next time!

I hope you find the above information useful and it saves you some time drawing together the various snippets of information you'll find elsewhere on the 'net. If you've got anything to add or any corrections for me, do leave a comment!

There's a couple of videos up at http://www.microsoft.com/responsepoint/default.mspx explaining Microsoft's new "ResponsePoint" product - a Telephony server aimed at Small Businesses.

First impressions are that the system is very impressive. POTs and VoIP integration, the simplicity of installation, the integration with Microsoft Outlook and the excellent Voice Recognition features (pick the 'phone up, press the blue button, say who you want to call... it rings that person!) should immediately win over many small businesses.

There is the question of how the system will be priced - if it's considerably more expensive than a bog-standard small office PABX, I can see many small business owners still going for a lower price over any additional features.

ResponsePoint is OEM only - but does that mean we'll only see solutions from the like of D-Link and Dell - or will Microsoft Partners be able to build their own ResponsePoint solutions directly?

So is ResponsePoint an Asterix (the Open Source Telephony System) killer? I'm guessing not. I can see ResponsePoint having a great up-take in the sub-10 user market - and it does look incredibly easy to manage meaning very little ongoing maintenance. But any company with more advanced needs from a Telephony system will probably continue to look towards a good Asterix deployment, or, heaven help them an expensive traditional PABX solution.

In the past quarter, I've seen two of my clients spend a fortune on a "traditional" PABX solution from an old-school supplier, only for me to tell them the equivalent VoIP solution would have double the features and cost half the price. Ouch! You might say I need to work harder on being these clients "trusted advisor", not just their IT guy, but the thing is - many people still consider IT and Telephony to be two separate areas. I think the reality is that Telephony now is just as much a part of what is considered IT as e-mail, database or the PC on your desk is.

When using Technology and IT equipment you're faced with all sorts of acronyms, phrases and jargon. I learnt a long time ago that when discussing technology, if somebody uses a phrase I'm not familiar with then I don't pretend to understand what they are talking about... I ask them!

Once such instance occurred recently, when fellow SBSC member and all round good-guy Tim Long said he'd "ping" somebody on my behalf. I'd had other people use the phrase in conversation with me, but I'd never bothered to ask what it meant!

I'm familiar with "pinging" network devices, but how do you ping a person? Is this some sort of new technology I'm not aware with? Is the person Tim was "pinging" on my behalf some sort of "Borg" like creature with an inbuilt network connection?!

So I asked Tim what it all meant and the answer came back "It’s just a term I use that means “to contact someone with the intent of soliciting an immediate response or to ascertain their presence”. No special meaning that I’m aware of, but it is kind of like an ICMP echo request for people ;-)"

And so, Dear Reader, I'm guessing you now have one of two reactions:-

1. Richard's such an idiot. Who didn't know that was what pinging somebody meant?

2. Phew. Now that Richard's explained what pinging someone is, I won't need to pretend to know anymore!

Oh, and a third reaction

3. Now that I know what pinging someone is, I'm going to throw the phrase into conversation, and when someone asks me what it means, I can explain it and prove I'm technologically superior to them!

So without knowing it, this week I've been pinged, binged and poked. It's been an odd week. ;-)

Lowson Ward report that one in seven owner-managers of businesses work an extra 16 hours in the run up to a holiday break from work.

As a "one man band" who is about to take a couple of days away from the office, I can entirely empathise!

My time management and business systemisation techniques have improved ten-fold over the past couple of years, so I feel I'm running fairly efficiently (although there is always room for improvement!) - but I have worked extra hours this week to get things done before taking time off, including a late stint on Wednesday night. It may just be a perception, but I could swear that I always get an influx of new clients with new client requirement and demands around the time I'm about to take a break (not that I'm complaining about new clients!).

So it's at these times that I realise that "one isn't enough" and I may need to take staff on. Looking at the troubles fellow Microsoft SBSer Andy is going through though in his quest for an employee though, perhaps my existing strategy of "buddying up" with fellow IT Consultants to provide resources when necessary is a better way forwards?

One thing is for sure though - anytime I feel down about being self-employed I remind myself of all the good points it can bring such as independence, no office politics, no-commuting, fresh daily challenges and most of all - doing something I love for a living! Beats being an employee of someone else every time for me! :-)

Karl Palachuk's excellent book "Relax, Focus, Succeed" is now accompanied by a blog.

The blog, like the book, will focus on the fundamental keys to success - Focus, Hard Work and Balance. The last point, "Balance", is something I'm sure all of us - but especially those within the IT industry - struggle to achieve.

If you are an SMB IT Consultant or have any interest in becoming one, then Karl's blog "Small Biz Thoughts" is required reading. In the short time that I've been reading it - Karl's postings to his blog have spurred me on to achieve, or made me think about what I want to achieve as an IT Consultant, more than any other blog I read.

On that basis, I've added RFS to my Outlook 2007 RSS feeds too.

Logging a Support Call with Dell, but only have the Service Tag or Express Service Code and the Dell web-site is asking for both items?

There's a handy utility to convert your information between the two at

You want to automatically log a user onto a Windows 2003 Server after it has booted up. My first piece of advice would be... don't do it! It's a significant security issue to leave an account logged into the server console unattended, or indeed any PC!

In the scenario I faced today though, using Auto Logon it was unavoidable. The server in question also hosted some CCTV monitoring software (Geovision) that needed to be running 24/7 to allow constant monitoring. I tried to set the software up to run as a service - but it crashed every time. Getting in touch with Geovision Support in the UK and Taiwan saw the same response come back - running the software as a service is only supported under Windows XP. Drat.

Migrating the software to another PC would now have been the best option, but one that wasn't available to me so it was a case of biting the bullet and setting the server to auto-logon.

Fortunately, digging around in the registry to set the right options for Auto Logon is no longer required. Thanks to the guys at Sysinternals (now owned by Microsoft) a simple executable that sets everything up for you is available for download here.

Sometimes as an SMB IT Consultant your choices are limited by budget or circumstance and so you are forced to "make do" - I guess this would be one of those times!

Whilst doing some maintenance work on a customer server that had already been upgraded to Microsoft Small Business Server R2, but had experienced some problems recently which required a re-install of the upgrade - I tried to re-run MS Exchange SP2 but hit the "You already have Intelligent Mail Filter v1 installed".

The usual fix for this is to remove IMF v1 from Add/Remove programs - but in this case the entry didn't appear. Now what?

Kudos to Bharat Suneja, a Microsoft MVP who has posted a solution at The ExchangePedia blog - it saved my sanity on this occasion!.

Davey Winder writes in his blog on ITPro that "Grown up's invade Facebook". It's an interesting article quoting some statistics that prove what I had begun to realise was true over the past few weeks - that the Community networking site Facebook is the new MySpace for adults!

I've been a member of Facebook for a few months now, but have noticed in the past few weeks that lots and lots of people I know are joining Facebook. These aren't the "usual suspects", my friends & acquaintances who are seasoned on-line gurus and who you can find on all the major community sites - no, I'm talking folk I've never seen use a Community Site at all before.

I've seen friends, clients, suppliers, vendors, business contacts, old colleagues and family members join Facebook. That's an interesting mix - I've certainly now got more contacts on Facebook than I do on MySpace (which generally has a younger cooler demographic, which is of course why I fit in. Ahem...) and LinkedIn (which is aimed exclusively at building business contacts).

Even the Microsoft Small Business Specialist Community has woken up and saw the opportunity, creating it's own group for informal chat and discussion.

Generally, these Community Sites are a fad that run their course. I can't even tell you which sites I'm member of anymore! You receive an invite via e-mail from a friend who's already a member, you sign up - you never use it. Some sites, like MySpace, get so many friends that it's worth popping back now and again. But Facebook seems to have achieved critical mass - it's reached the point where you pop back every day to see what your contacts have been upto *because* everyone is on the site! As fellow SBS'ers Andy pointed out over on ViJay's blog - it's addictive!

Unlike MySpace, the interface is also "oldie" friendly - no hideous tunes and gaudy colours that teenagers might find thrilling, but more experienced members of society might find off putting!

Facebook also has some cool features for programmers to add their own applications. I've already got my Flickr photos linked in this way so they display on my Facebook page.

Not familiar with Facebook? Pop by and say hello - my Profile is here. You'll have to join up first, but if you don't, you'll only get sick of the forthcoming stream of invites in your inbox anyway - so just do it! :-)

If your Friday is going slowly, and you need a geeky pick me up for the weekend - then I suggest you browse on over to DL.tv where Patrick Norton and Robert Henron serve up a weekly video-show about technology and the Internet.

The show can be streamed or downloaded in a variety of formats, and is well worth a watch!

Apple's much vaunted iPhone went on sale in the U.S. over the weekend - with all the madness that you'd now associate with such a launch! BBC News has a good article on the launch fever, and my bestest buddy Texas Matt has put together a short review as a new owner of an iPhone himself!

Personally, I find it incredibly hard to get so excited about any new piece of technology nowadays. When I see people sleeping overnight outside a store to be first in line to buy a new PS3, XBox 360 or iPhone - I wonder - why?

It's not as though I don't go all geeky excited when I read about new technology, I just can't imagine getting that excited - and that actually makes me a little sad and wistful for earlier years in my life when the release of a new Graphics Card or Computer Game *did* blow my mind.

Anyone else feel this way too, or am I just turning into a miserable old geek? :-)