So earlier today I posted about creating a profile file, but here’s what it actually looks like to the end user. I exported mine to a file and then emailed it to myself. Check out the stellar service AT&T was providing me with at the time.

The email with attachment.

Clicking the attachment brings up this screen. Notice I didn’t sign my profile with a certificate.

Clicking the More Details button gives me, well, more details.

And to reinforce the fact that I didn’t sign my cert (or that it can’t be validated up to a trusted root certificate) the iPhone issues me this warning.

And because I’m like anyone else I just press Install Now and continue on. A few seconds later the Wi-Fi icon popped up on my phone and I could see I had been connected to the network provided in the profile. All is groovy.

My last post was really more of a lead in to this one. As I was putzing around with the configuration utility I was surprised that the Wi-Fi tab doesn’t allow you to actually enter a password for a WEP or WPA/WPA2 network, which is arguably the most useful part of being able to provision a profile for wireless settings.

What I found was that although there is no password field in the GUI you can still include it with the profile by manually editing the file. The profile file that gets created is nothing more than an XML file so open it up with your favorite editor (I used Wordpad because Notepad had a tough time with the line breaks). Now somewhere between the <dict> and </dict> tags that contain the PayloadContent you need to add two more nodes:

<key>Password</key>
<string>(your wireless key)</string>

I added mine directly below the SSID_STR key and string for the wireless network name. If you have multiple Wi-Fi networks you’ll see a separate <dict></dict> structure for each so just make sure you put the passwords in the right spot. Now just save the file and either email or post it on a website for users to download. All they’ll need to is click install to have the Wi-Fi network automatically added to their phone.

So now that the JesusPhone iPhone has been deemed Enterprise worthy around the world with its Exchange support businesses are jumping at the opportunity to move employees on to the platform. Or should I flip that around to say employees are breathing down the neck of IT departments so they can finally get an iPhone?  Either way works.

Apple has actually provided a configuration utility named, oddly enough, the iPhone Configuration (Web - if you use the web version) Utility that you can download for free. There is a native application for OS X and a web-based one for Windows or OS X systems. As far as I can tell, they all have the same feature set. Here’s a quick little tour…

The main screen resembles the iTunes interface for syncing iPods and iPhones. You can also sign your profiles with a certificate, otherwise they’ll appear to be from an untrusted source to the end-user.

The passcode page lets you configure some lockout and pin policies.

Wi-Fi lets you configure wireless network profiles. It’s actually extremely flexible in how much you can configure.

The VPN page lets you configure either PPTP, L2TP or an IPSec Cisco VPN connection.

The Email tab will allow configuration of an IMAP or POP account.

The Exchange tab lets you configure a few settings to bypass any Autodiscover lookup.

The credentials tab lets you import certificates on to the iPhone. You can add a self-signed certificate here (hello SBS users!) to import on the device. You could alternatively point the user at a web address with the certificate file and mobile Safari would prompt them to install the certificate.

Lastly, you can set up the APN address, username and password if you’re really ambitious. I’d suggest leaving this setting alone.

iPhone 2.0 supports playback of WAV voicemail - Via TUAW.

This is awesome because it means if your Exchange mailbox is UM-enabled you can get your work voicemails on your phone. That is assuming your Exchange admin has enabled GSM or G.711 encoding for your voicemails. If not, hand them this command:

Set-UMMailbox "paul" -CallAnsweringAudioCodec gsm

I know, not the ideal Saturday night, right?

When trying to install the SBS 2003 R2 Technologies disc you might see a very descriptive error like this:

Windows Small Business Server Update Services has encountered an error.

The error references a log file at C:\Program Files\Microsoft Integration\Windows Small Business Server 2003\Logs\R2_Setup.log. There’s nothing terribly indicative of the problem in that log file either, but you might see some junk like this:

!Error! ForceAllDefaultSettings: An exception occured while configuring Wsus defaults. Information about the exception: System.Runtime.InteropServices.COMException (0×80040154): COM object with CLSID {E9D8E314-5A2C-4FBA-8DF9-C3A038544CB0} is either not valid or not registered. at Microsoft.SBS.UpdateServices.WsusDefaults.WsusConfigurationDefaults.ConfigureComputersForWsusAutomaticUpdates() at Microsoft.SBS.UpdateServices.WsusDefaults.WsusConfigurationDefaults.ForceAllDefaultSettings(Boolean isCleanInstall, Boolean configureAutomaticDownloads)
ConfigureUpdateServices: An exception occured while setting WSUS defaults: System.Runtime.InteropServices.COMException (0×80040154): COM object with CLSID {E9D8E314-5A2C-4FBA-8DF9-C3A038544CB0} is either not valid or not registered.
   at Microsoft.SBS.UpdateServices.WsusDefaults.WsusConfigurationDefaults.ConfigureComputersForWsusAutomaticUpdates() at Microsoft.SBS.UpdateServices.WsusDefaults.WsusConfigurationDefaults.ForceAllDefaultSettings(Boolean isCleanInstall, Boolean configureAutomaticDownloads)
   at R2SetupWizard.R2WIConfigureUpdateServices.DoWork(StringDictionary sd)
!Error! WorkItemExecutor: ComponentMessageException occured in DoWork() for work item ConfigureUpdateServices: R2SetupWizard.ComponentMessageException: Exception of type R2SetupWizard.ComponentMessageException was thrown.
   at R2SetupWizard.R2WIConfigureUpdateServices.DoWork(StringDictionary sd)
   at R2SetupWizard.WorkItemExecutor.ExecuteWorkItems(StringDictionary sd, ExecutorCallback beforeWork, ExecutorCallback afterWork)

Now it all makes sense, right? Yeah, didn’t help me much either.

The trick here is you need to use the BUILTIN\Administrator account, not some other domain/local admin account that you’ve created. I imagine you’d probably also have this problem if you’re renaming the Administrator account through group policy.

If you’re in the Exchange 2003 System Manager and try to open up the properties of a public folder you might see an error like this:

The mail proxy for this folder cannot be found. This may be due to replication delays. The mail enabled pages will not be shown. ID no: c1038a21

That will lead you to this KB article: http://support.microsoft.com/kb/328740 where the simple fix (Method #2) is to just mail-enable the public folder again. What the KB doesn’t mention is that in ESM you need to use the Folders node to do this. If you were to drill down through your Information Store and Public Folder Store you’ll never get this option. So in ESM make sure you do this through the folders node like in the screenshot.

At that point you can right-click on a folder, choose All Tasks and then Mail-Enable. You’ll see a warning message about only re-stamping the PRPRPROXY attribute if really necessary. Just press Yes and you should be able to look at the public folder properties again.

There’s a really nice article that just got published over at ISAServer.org about OCS 2007 and ISA 2006 setup. Those guys who wrote it sure seem smart.