Tag Archives: microsoft

Windows 7 booms for Microsoft, everything else is flat

Microsoft has had a bumper quarter driven by Windows 7, as expected. I’ve put this into a table as I have before.

Quarter ending December 31st 2009 vs quarter ending December 31st 2008, $millions

Segment Revenue % change Profit % change
Client (Windows + Live) 6904 69.9 5394 98.9
Server and Tools 3844 0.24 1491 8.4
Online 581 4.60 -466 -49.5
Business (Office) 4745 -2.78 3010 -0.36
Entertainment and devices 2902 -10.87 375 288.5

The poor performance of Vista meant latent demand for Windows 7, as both individuals and organisations deferred upgrades, which was unleashed in this quarter. Microsoft said it was a “record quarter for Windows units” and “the fastest selling operating system in history”. Windows 7 is also a strong product in its own right.

There isn’t much else to cheer about, though given the general weakness of the server market the sliver of growth there is impressive. There is still no sign of a profitable online business, which is of major concern as interest in cloud computing accelerates.

Entertainment (Xbox) is now a steady business; I’m guessing that the huge growth in profits reflects lower investment and a reduction in cost of fixing endless red rings of death thanks to better quality hardware. Revenue on the other hand is somewhat down.

Windows 7 will continue to do well, though once the upgrade bump is passed the results will be less spectacular. Windows 8 will not get the same easy ride, unless Microsoft delivers something that surprises us all with its excellence.

The positive spin on these figures is that the company still has an opportunity to reinvent itself, financed by Windows profits. It needs its own iPod equivalent to show that it can escape its Windows and Office legacy. Windows Mobile 7? Laugh if you like; but the two things with obvious growth potential in the market generally are mobile devices, and cloud computing – the two go together, of course. That said, there is no evidence yet that Microsoft has the energy and agility to reverse its poor performance to date in both areas.

Who knows, perhaps after a couple of months of mobile focus, with details to be revealed shortly at Mobile World Congress and Mix10, the picture will look more promising?

Apple iPad vs Windows Tablet vs Google Chrome OS

Apple has announced the iPad – essentially a large-size (242.8 x 189.7mm) iTouch. Large multi-touch screen, claimed 10 hour battery life, flash drive of 16GB up to 32GB, browse the web, play music and video, read eBooks. Keyboard dock for the desk, virtual keyboard for when you are out and about. App Store support and runs iPhone apps.

image

Here’s my instant reaction with a few pros and cons.

The design looks great, as you’d expect from Apple, and I’m a fan of the tablet concept. I wrote a piece on the subject back in 2003 when it still looked possible that the Windows tablet would take off. I think laptops are too big and bulky, and that the clamshell keyboard idea is desperately awkward when you are travelling. Ever tried to use a laptop while eating a meal, flying economy, for example? Or quickly fire up your laptop to get an address from an email, while walking down the street? It’s a horrible experience and the tablet concept is much better in these scenarios.

I also think that Microsoft’s big mistake with Tablet PC was requiring a stylus. Styluses are horrible, expensive, easily lost, and destroy much of the advantage of having a tablet. They are fine of course as an optional input mechanism, for writing or drawing, but not as a required item. Our fingers are capable of fine control on their own.

Apple’s device wins here; plus it has a UI designed for multi-touch, rather than a desktop UI with pen input bolted on top. The same will be true of the apps.

All good reasons then why iPad will succeed. And it will.

Still, I have reservations. When I travel, I need a mobile phone, for voice and all the other things smartphones are good at; and I need a laptop for all the things laptops are good at: email, word processing, spreadsheets, web browsing, custom apps and so on.

However, I will be reluctant to carry three devices with overlapping features, so for the iPad to work for me, I will need to ditch the laptop. Otherwise I’ll leave it behind, use it a little round the house, but eventually wonder why I bought it in the first place.

Thus, the critical question for iPad is this: to what extent can it enable me to leave the laptop behind? A lot will depend on the usability of iWork, the virtual keyboard and so on.

A related issue is the extent to which the device is locked down. I’m not 100% clear about this, but my impression is that the only way to get apps onto the iPad is via App Store. You can get music on via iTunes, and pictures via a USB adapter designed for cameras, and there must be a way to transfer documents via iTunes, but I’m guessing these go into some secure area which cannot execute applications – though no doubt there will be hacks to get round this. In this respect the model seems to be the same as iPhone and iTouch, and different from the Mac. Another factor is the relatively limited storage space.

This aspect is an annoyance – unless you change gear and think of it as a web client. Let’s say I wanted to get my custom database app onto the iPad. Maybe I could do that with the SDK; but better still, why not write it as a web app? Add a bit of offline capability and it could be just about perfect.

In other words, if I can truly get the web habit, so that all the stuff that matters to me is available online, then I can leave the laptop at home and just take out an iPad.

Or indeed Google Chrome OS. From what we’ve heard so far, Google’s devices will also be locked down, and unlike the iPad you will not even be able to install apps from an app store or save music and video locally – though who knows, maybe that could change, when people complain about how useless it is on a train or aeroplane. And like Gizmodo I reckon Google should make a Chrome OS tablet.

I’m beginning to think that Apple could have the high-end tablet market, and Google the low-end, because it’s safe to say that a Chrome OS device will be cheaper.

Microsoft will do its own iPad-like multi-touch device in around 2013, judging by how long it has taken to do Windows Mobile 7 following the launch of iPhone in 2007.

See also: Battle of the portables: Netbook vs Apple iPad 2.

Picture courtesy of Apple.

The mystery of the slow Exchange 2007: when hard-coded values come back to haunt you

Following a migration from Microsoft Small Business Server 2003 to SBS 2008 users were complaining that Exchange was slower than before in some scenarios. How could this be? The new machine had 64-bit goodness and far more RAM than before.

I checked out the machine’s performance and noticed something odd. Store.exe, the Exchange database, usually grabs vast amounts of RAM, but in this case it was using surprisingly little, around 640MB. Could this be related to the performance issue?

I speculated that Exchange memory usage was limited in some way, so looked up where such a limit is set. I found this article. Ran ADSI Edit and there it was, a 640MB limit (or thereabouts), set in msExchESEParamCacheSizeMax.

I removed the limit, restarted Exchange 2007, and it immediately said “thank you very much” and grabbed 8GB instead.

Why did this setting exist? No doubt because back in the days of SBS 2003 and a much less powerful 32-bit machine, someone set it in order to prevent store.exe from crippling the box. It is another example of why Small Business Server is harder to manage than full server setups when Exchange invariably has a dedicated server (or several).

SBS 2008 cannot be installed as an in-place upgrade; but the official migration process does preserve Active Directory; and since that is where this value lives, and since it is not specific to any version of Exchange, it was dutifully transferred.

Why wasn’t the setting discovered and changed before? Well, you will observe that it is somewhat hidden. The main chances of finding it would be either if you were deeply schooled in the ways of Exchange, or if one of the Best Practices Analyzer (BPA) tools picked it up, or if the users screamed that Exchange was slow (which is what happened) and you figured out what was wrong.

The SBS BPA did not notice it. The Exchange BPA did, kind-of. It was not shown as a critical problem, but listed for information under “Non-Default Settings”, ironically with a tick beside it, as “Maximum ESE cache size changed”. Summoning help on this setting leads to this article which refers to Exchange 2000.

An admin failure, yes, but arguably also a defect in Exchange and SBS. Typical Microsoft: critical setting, hard-coded when it would make more sense to use a percentage value, not checked by setup and persistent across major upgrades of Exchange, deeply buried in Active Directory.

Mentioned here just in case it saves someone time when trying to figure out why their shiny 64-bit Exchange 2007 is running worse than 32-bit Exchange 2003 ever did.

A Silverlight UI for Windows Mobile 7, backward compatibility in doubt

Note: speculative post; I have no official information on this.

It’s been rumoured for ages; but at this point I would be surprised if the Windows Mobile 7 UI were not built with Silverlight. Consider:

  • Silverlight has to be supported – it should have been in 6.5 – otherwise nobody will take mobile Silverlight seriously
  • WM7 has to have excellent UI design; and WPF/Silverlight is Microsoft’s designer-friendly UI framework
  • Silverlight 4 already supports touch control in the current beta
  • Scaling/Zooming is baked into Silverlight and ideal for a mobile UI
  • If Silverlight is present on the device it would make sense to build the UI with it

If this is right, there are a couple of interesting aspects for developers. It will make Silverlight a more attractive platform in scenarios such as Enterprise roll-outs where the device can be specified.

The awkward question: what about all those existing Windows Mobile apps built either with native code or with the compact framework? Again, there are rumours of lack of backward compatibility. Does that mean that all Windows Mobile 7 apps with a UI will have to be done in Silverlight? That’s what John Biggs says:

WinMo 7 will not run 6.x code. End of story. It is based on Silverlight and .Net. Everything save a few basic programs will not work under WinMo 7. There is no expectation that this will be a “business device” and the focus is currently on games including some XBox Live functionality for gaming and messaging. There will be a Microsoft App store with an easy approval process.

I find this a stretch. I can believe that Microsoft might initially target the consumer market, or have crippled “consumer” versions; but not that it would give up on mobile business apps – we heard at PDC (to the point of tedium) how Microsoft is supporting “three screens and a cloud”, unified for developers by Visual Studio. There’s no reason why Silverlight should not be used for business apps.

What about backward compatibility though? Traditionally Microsoft does a good job of keeping your old stuff running, within reason; possibly too good – Windows is full of compatibility hacks that may be to its detriment overall.

Another point to bear in mind: WM7 needs a browser, and I don’t see Microsoft re-implementing IE in Silverlight.

So I’m sceptical about this too; but with Windows Mobile at such a low ebb could the company decide it has little to lose?

The end of Code Access Security in Microsoft .NET

In the early days of .NET I remember being hugely impressed by Code Access Security. It gave administrators total control over what .NET code was permitted to run. It’s true that the configuration tool was a little intimidating, but there were even wizards to adjust .NET security, trust an assembly, or fix an application – great idea, that last one.

image

Well, now the truth is out. Code Access Security was too complex for humans to configure. Buried deep in the documentation for .NET Framework 4.0 you can find Microsoft’s confession, under the heading Security Policy Simplification:

In the .NET Framework 4 Beta 2, the common language runtime (CLR) is moving away from providing security policy for computers. Historically, the .NET Framework has provided code access security (CAS) policy as a mechanism to tightly control and configure the capabilities of managed code. Although CAS policy is powerful, it can be complicated and restrictive. Furthermore, CAS policy does not apply to native applications, so its security guarantees are limited. System administrators should look to operating system-level solutions such as Windows Software Restriction Policies (SRP) as a replacement for CAS policy, because SRP policies provide simple trust mechanisms that apply to both managed and native code. As a security policy solution, SRP is simpler and provides better security guarantees than CAS.

The section below, headed Obsolete Permission Requests, is even more damning of the old system:

Runtime support has been removed for enforcing the Deny, RequestMinimum, RequestOptional, and RequestRefuse permission requests. In general, these requests were not well understood and presented the potential for security vulnerabilities when they were not used properly.

It goes on to explain why they did not work, with explanations like this one for RequestOptional:

RequestOptional was confusing and often used incorrectly with unexpected results. Developers could easily omit permissions from the list without realizing that doing so implicitly refused the omitted permissions.

The new .NET Framework 4.0 no longer enforces these obsolete permissions.

Microsoft is right. As far as I’m aware, few used the .NET Configuration tool, and I cannot even find it in Windows 7, even though Visual Studio and all the versions of the .NET Framework are installed. Developers feared, with justification, that tinkering with the settings would simply cause mysterious exceptions that were hard to resolve.

I recall though that Code Access Security was considered a highly strategic feature when .NET was first released. One of the promises of .NET was that applications would be more secure and malware less prevalent. The fine-grained permissions were a selling point versus Java.

The painful lesson is that simplicity is a feature. Of course some things are inherently complex; but technology succeeds when it simplifies rather than complicates the tasks that we face.

What does Ribbon Hero say about Microsoft Office?

Microsoft has released a tutorial game called Ribbon Hero in its Office Labs. This installs an Office add-in for Word and Excel which watches you work. It has several features. When you perform an action such as Copy and Paste for the first time, it awards you points. You get further points by performing “challenges”, where Ribbon Hero generates a document and sets you a task, like removing duplicates from a table. Finally, you can upload your score to Facebook to share with friends.

I gave it a go. It worked, though on the second challenge I got the right result in what the Ribbon Hero clearly considered to be the wrong way, which was annoying. Hint – use the Ribbon. Should have thought of that.

image

Ribbon Hero is easily impressed, and on a quick look the tasks are mostly basic ones, though I guess they could be expanded if the idea proves popular.

Irritating and patronising, or a brilliant training tool? Well, learning by doing is a good principle so I don’t dismiss it, even if my own reaction is more the former one.

The interesting aspect is what the existence of this tool says about Office. Not everyone gets on with the Ribbon; some miss the old menus. Further, Office is so bloated feature-rich that knowing it in depth is a formidable task. I have often been told that the majority of wish-list requests are for features that already exist.

In consequence, a large part of the challenge for Microsoft’s Office team lies in enabling users to operate the product successfully. This is not a new problem; the notorious “it looks like you’re writing a letter” Office Assistant, or Clippy, was another attempt. The Ribbon itself was also meant to address it, though I am convinced that Microsoft also intended to differentiate itself from the competition and to devise a user interface it had some hope of protecting, if necessary, in the courts.

You could argue that the very existence of Ribbon Hero is an admission of failure. The perfect office suite would not need a game to teach it; it would work so much in accord with what the user expected that it would not be necessary.

I use Office all the time and respect it. That said, eventually Microsoft (or a competitor) will need to remove features rather than adding them, or to retire Office and deliver something better in its place, that achieves the same goals but with less complexity – if such a thing is possible. And if it is going to happen, it will happen on the Web; for some, it already has.

Government security advice is misguided; switching browsers will not make you safe

I have mixed feelings about the recent government recommendations from France and Germany to switch from Internet Explorer for security reasons.

Although raising security awareness seems on the face of it to be a good thing, this is naïve advice and may do more harm than good. Security is a complex and multi-faceted problem, and it does people no service if they believe it can be fixed by switching browsers. Another common illusion is that running anti-virus software, or even up-to-date anti-virus software, makes you safe. It does not. Anti-virus software does not detect all viruses, and in particular it frequently fails on those that are most dangerous, in other words, those which are newest.

Another factor is that many of the most successful malware attacks come via social engineering. That’s not browser-specific, though there are attempts to maintain bad site lists, which don’t in my experience work very well.

The danger is that people think they are safe, and take fewer other precautions, ending up less safe than before.

Is FireFox, Chrome or Opera safer than IE? I’m not even sure about that. The latest versions of each are massively safer than IE6, for sure. But how does a fully-patched IE8 compare to the latest fully-patched versions of the other browsers? At least one test [pdf] says that IE8 is actually safer, though unfortunately it dates from March last year and does not cover drive-by downloads:

Microsoft Internet Explorer 8 (RC1) was the standout in our tests, achieving a best-in-class 69% catch rate against Malware. It is clear that Microsoft is making an effort to provide security to their customers with IE8.

Know a better one? I’d be interested in more recent tests.

Microsoft is not always competent; read this blog for evidence. But it has made genuine efforts to improve security and has a comprehensive update mechanism that mostly works. IE now has protected mode on Vista or Windows 7, which is no panacea but helps a little.

But what about the known zero-day vulnerability in IE? Isn’t that enough to make switching browsers necessary, if only temporarily?

I’m not so sure. Frankly, it would surprise me if there are not known multiple vulnerabilities in all the major browsers, if you move in the right (or wrong) circles.

How then do you do secure computing? Don’t connect to the internet. OK, how else? The risk cannot be eliminated but it can be reduced … don’t run with local admin rights, don’t run unknown executables, only enable plug-ins and scripting for web sites you know to be safe, keep your operating system patched and up-to-date, and so on.

Another thing you can do is to browse the web in a virtual machine – a sort of super protected mode – not perfect, but would prevent some attacks at the expense of convenience.

If you are really serious you can use AppLocker, or another whitelisting technique, to control what can run on your box.

And passwords … one thing I do hold against Microsoft is that the company has a brilliant authentication mechanism called InfoCard that is almost never used, even by Microsoft. Unfortunately that’s not something any individual can change; but it is possible at least to use more complex passwords and not to pass them over the internet in plain text.

I’m not sure, even today, that many people realise that when they use Twitter on an airport or hotel or conference wi-fi, or collect email via POP3, that they are likely passing their credentials in plain text over the internet for any smart hacker to read.

I am also depressed how often I see “security questions” on registration forms, asking for things like mother’s maiden name to be used in case of lost password. It is obvious that these are actually insecurity questions; they lower security while easing the burden on support desks. All too often, these organisations then lower it further by emailing your password back to you in plain text. It also sometimes turns out that the password itself is stored in plain text on their web-connected databases, accessible to hackers.

Overall the IT industry is desperately bad at security, and by and large convenience has won. Yes, I think that should change. No, after years of reporting on IT I am not optimistic that it will, certainly not soon. And knee-jerk instructions to switch browsers may please Mozilla and Google, and web developers for whom Internet Explorer is a constant irritation especially in old versions, but will do little else to improve the situation.

SharePoint Explorer View hassles show benefits of cloud storage

Many of us want access to our documents from anywhere these days, and if you are still storing documents on a Windows server then remote access to documents usually means either VPN or SharePoint. VPN is heavy on bandwidth and not great for security, so SharePoint seems the obvious solution.

SharePoint is a mixed bag of course, but once it is up and running the browser user interface seems reliable as a means of getting at your documents over the internet. That said, it is inconvenient to run up the browser and navigate to a web site whenever you want a document. A user recently highlighted another issue. Their company uses a web application that frequently requires documents to be uploaded. This is straightforward if the document is on a local hard drive or network share, but not if it is in SharePoint. The workaround is to save the document out of SharePoint to the local drive, then upload it.

Fortunately there is another option. SharePoint Explorer View lets you access documents through Windows Explorer; you can even map SharePoint as a network drive. Now you can browse documents without a web browser, and upload directly to a web application.

Sounds great; and when it works, it is great. Troubleshooting though is a world of pain. If you have looked into this, you will know that there are really two Explorer Views, one using Internet Explorer and ancient FrontPage protocols, and the other using WebDav and Explorer. It’s the second of these that you most likely want. However, achieving this is notoriously troublesome, raising uninformative messages such as “Your client does not support opening this list with Windows Explorer", or from the command line System Error 67, or System Error 53 “The network path was not found”.

image

Another common complaint is incessant login dialogs.

I discovered a few useful resources.

This white paper on Understanding and Troubleshooting the SharePoint Explorer View is essential reading.

From this you will discover that if you are using Windows XP, the WebDav SharePoint Explorer view will not work over SSL or on any port other than 80. You are stuck with the FrontPage view, which is less useful. Apparently Microsoft has no intention of fixing this. Upgrade to Vista or Windows 7.

In addition, many XP and even Vista users find this update essential before anything starts working. It is necessary on Windows 2003 since the web client is not installed by default. It does not apply to Windows 7 though.

A good resource on the repeated login issue is here. It can be tamed.

Windows 7 is better, though I experienced an odd issue. One Windows 7 machine cheerfully opened the Explorer view to a remote site on port 444. I could engage Explorer View from the SharePoint web site, or from Network in Explorer, and it just worked.

On another machine, same network, also Windows 7, same web client settings, I could not get it working. I was on the point of giving up when I happened on the right incantation from a command prompt:

net use s: https://your.domain.name:444\shared%20documents /user:domain\username password

In this example S is the drive letter for a mapped drive, your.domain.name is the URL for SharePoint, 444 is the port number, shared documents is the folder name. For some reason this worked instantly.

Well, SharePoint is an option. Before leaving this subject though, I would like to mention Gladinet, a third-party utility which is able to mount a variety of cloud storage providers as network drives, including Amazon S3, Google Docs, Windows Live SkyDrive, and in the latest version Windows Azure.  It works on XP, Vista, Windows 7 and Windows 2003, comes in 32-bit and 64-bit editions, and worked immediately in my quick test. The ability to mount drives in Explorer itself, as opposed to an Explorer-like application, makes a big difference in usability.

image

Gladinet does not support SharePoint, sadly. Still, before you roll out SharePoint it is worth considering that something like an Amazon S3 account requires no CALs (though third-party clients like Gladinet may do), is maintained by a cloud provider rather than on your premises, is not hooked in any way to Windows clients, and might be a lot less hassle to deploy.

I do also understand the attraction of SharePoint, if you don’t or can’t trust the cloud, and like the way it integrates with Active Directory or its other clever features such as versioning or workflow management. What I don’t get is why Microsoft makes basic features like Explorer View so hard to get working.

Finally, this aspect of SharePoint should get better in Office 2010 and SharePoint 2010, which includes SharePoint Workspace 2010. This will synchronize with SharePoint 2010 document lists, giving you an offline copy you can access in Explorer. Agnes Molnar has a summary with screenshots.

New HP and Microsoft agreement commits $50 million less than similar 2006 deal

I’ve held back comment on the much-hyped HP and Microsoft three-year deal announced on Wednesday mainly because I’ve been uncertain of its significance, if any. It didn’t help that the press release was particularly opaque, full of words with many syllables but little meaning. I received the release minutes before the conference call, during which most of us were asking the same thing: how is this any different from what HP and Microsoft have always done?

It’s fun to compare and contrast with this HP and Microsoft release from December 2006 – three years ago:

We’ve agreed to a three-year, US$300 million investment between our two companies, and a very aggressive go-to-market program on top of that. What you’ll see us do is bring these solutions to the marketplace in a very aggressive way, and go after our customers with something that we think is quite unique in what it can do to change the way people work.

$300 million for three years in 2006; $250 million for three years in 2010. Hmm, not exactly the new breakthrough partnership which has been billed. Look here for what the press release should have said: it’s mainly common-sense cooperation and joint marketing.

Still, I did have a question for CEOs Mark Hurd and Steve Ballmer which was what level of cloud focus was in this new partnership, drawing these remarks from Ballmer:

The fact that our two companies are very directed at the cloud is the driving force behind this deal at this time. The cloud really means a modern architecture for how you build and deploy applications. If you build and deploy them to our service that we operate that’s called Windows Azure. If a customer deploys them inside their own data centre or some other hosted environment, they need a stack on which to build, hardware software and services, that instances the same application model that we’ll have on Windows Azure. I think of it as the private cloud version of Windows Azure.

That thing is going to be an integrated stack from the hardware, the virtualization layer, the management layer and the app model. It’s on that that we are focusing the technical collaboration here … we at Microsoft need to evangelize that same application model whether you choose to host in the the cloud or on your own premises. So in a sense this is entirely cloud motivated.

Hurd added his insistence that this is not just more of the same:

I would not want you to write that it sounds a lot like what Microsoft and HP have been talking about for years. This is the deepest level of collaboration and integration and technical work we’ve done that I’m aware of … it’s a different thing that what you’ve seen before. I guarantee Steve and I would not be on this phone call if this was just another press release from HP and Microsoft.

Well, you be the judge.

I did think Ballmer’s answer was interesting though, in that it shows how much Microsoft (and no doubt HP) are pinning their hopes on the private cloud concept. The term “private cloud” is a dubious one, in that some of the defining characteristics of cloud – exporting your infrastructure, multi-tenancy, shifting the maintenance burden to a third-party – are simply not delivered by a private cloud. That said, in a large organisation they might look similar to most users.

I can’t shake off the thought that since HP wants to carry on selling us servers, and Microsoft wants to carry on selling us licences for Windows and Office, the two are engaged in disguised cloud avoidance. Take Office Web Apps in Office 2010 for example: good enough to claim the online document editing feature; bad enough to keep us using locally installed Office.

That will not work long-term and we will see increasing emphasis on Microsoft’s hosted offerings, which means HP will sell fewer servers. Maybe that’s why the new deal is for a few dollars less than the old one.

Crazy Microsoft stuff

I have a theory that Microsoft’s Small Business Server (SBS), which is meant to be easy to manage, is actually more complex than a full-blown multiple server setup – though you can now emulate the latter nicely using virtual machines.

Yesterday I spotted a post from Paul Culmsee which makes the point well:

A former colleague called me up because he knew of my dim, dark past in the world of Cisco, Active Directory and SharePoint. He asked me to help put in SBS2008 for him, configuring Exchange/AD/SharePoint and migrating his environment over to it.

“Sure”, I say, “it’ll be a snap” (famous last words)

Culmsee is a SharePoint expert. His mistake was to attempt installing Search Server Express (built on SharePoint) into SBS 2008:

Search Server 2008 Express, uses SQL Server Express edition when performing a basic install. As a result, an additional SQL Server Express instance (SERVERNAME\OFFICESERVERS) gets installed onto the Small Business 2008 server. Then, to make matters worse, the installer gets mixed up and installs some Search Server express databases into the new instance (a Shared Service Provider), but then uses the SQL Embedded Edition instance to install other databases (like the searchDB). Then later during the configuration wizard, it cannot find the databases that it needs because it searches the wrong instance!

The problem: there is too much installed on that box, and SBS comes way down low on Microsoft’s priorities, so it issues products and patches that ought to work on SBS as well as on mainstream Microsoft servers, but do not. Culmsee apparently gave up on Search Server Express.

Evidence 2: Exchange 2007 Service Pack 2. Released in August 2009. Does not work on SBS 2008 without daunting manual steps. Six months later, Microsoft releases a special Exchange Server 2007 SP2 Installation Tool for SBS. Even with the tool, the install may be problematic.

In some ways it would not be so bad if SBS were a totally locked-down product with its own patches and no possibility of installing generic Microsoft products – though third parties might scream. As it is, it falls betwixt and between.

You can make it work. You can make it work very well, if you have patience, read SBS blogs like that of Susan Bradley and David Overton, and maintain it carefully. But … don’t pretend it is not complex.

Note also the hassles Culmsee had configuring his HP server. Google Apps anyone?