iPhone Configuration (Web) Utility

So now that the JesusPhone iPhone has been deemed Enterprise worthy around the world with its Exchange support businesses are jumping at the opportunity to move employees on to the platform. Or should I flip that around to say employees are breathing down the neck of IT departments so they can finally get an iPhone?  Either way works.

Apple has actually provided a configuration utility named, oddly enough, the iPhone Configuration (Web - if you use the web version) Utility that you can download for free. There is a native application for OS X and a web-based one for Windows or OS X systems. As far as I can tell, they all have the same feature set. Here's a quick little tour...

The main screen resembles the iTunes interface for syncing iPods and iPhones. You can also sign your profiles with a certificate, otherwise they'll appear to be from an untrusted source to the end-user.

image

The passcode page lets you configure some lockout and pin policies.

image

Wi-Fi lets you configure wireless network profiles. It's actually extremely flexible in how much you can configure.

image

The VPN page lets you configure either PPTP, L2TP or an IPSec Cisco VPN connection.

image

The Email tab will allow configuration of an IMAP or POP account.

image

The Exchange tab lets you configure a few settings to bypass any Autodiscover lookup.

image

The credentials tab lets you import certificates on to the iPhone. You can add a self-signed certificate here (hello SBS users!) to import on the device. You could alternatively point the user at a web address with the certificate file and mobile Safari would prompt them to install the certificate.

image

Lastly, you can set up the APN address, username and password if you're really ambitious. I'd suggest leaving this setting alone.

image

SBS 2003 R2 Installation Fails

I know, not the ideal Saturday night, right?

When trying to install the SBS 2003 R2 Technologies disc you might see a very descriptive error like this:

Windows Small Business Server Update Services has encountered an error.

The error references a log file at C:\Program Files\Microsoft Integration\Windows Small Business Server 2003\Logs\R2_Setup.log. There's nothing terribly indicative of the problem in that log file either, but you might see some junk like this:

!Error! ForceAllDefaultSettings: An exception occured while configuring Wsus defaults. Information about the exception: System.Runtime.InteropServices.COMException (0×80040154): COM object with CLSID {E9D8E314-5A2C-4FBA-8DF9-C3A038544CB0} is either not valid or not registered. at Microsoft.SBS.UpdateServices.WsusDefaults.WsusConfigurationDefaults.ConfigureComputersForWsusAutomaticUpdates() at Microsoft.SBS.UpdateServices.WsusDefaults.WsusConfigurationDefaults.ForceAllDefaultSettings(Boolean isCleanInstall, Boolean configureAutomaticDownloads)ConfigureUpdateServices: An exception occured while setting WSUS defaults: System.Runtime.InteropServices.COMException (0×80040154): COM object with CLSID {E9D8E314-5A2C-4FBA-8DF9-C3A038544CB0} is either not valid or not registered.
   at Microsoft.SBS.UpdateServices.WsusDefaults.WsusConfigurationDefaults.ConfigureComputersForWsusAutomaticUpdates() at Microsoft.SBS.UpdateServices.WsusDefaults.WsusConfigurationDefaults.ForceAllDefaultSettings(Boolean isCleanInstall, Boolean configureAutomaticDownloads)
   at R2SetupWizard.R2WIConfigureUpdateServices.DoWork(StringDictionary sd)
!Error! WorkItemExecutor: ComponentMessageException occured in DoWork() for work item ConfigureUpdateServices: R2SetupWizard.ComponentMessageException: Exception of type R2SetupWizard.ComponentMessageException was thrown.
   at R2SetupWizard.R2WIConfigureUpdateServices.DoWork(StringDictionary sd)
   at R2SetupWizard.WorkItemExecutor.ExecuteWorkItems(StringDictionary sd, ExecutorCallback beforeWork, ExecutorCallback afterWork)

Now it all makes sense, right? Yeah, didn't help me much either.

The trick here is you need to use the BUILTIN\Administrator account, not some other domain/local admin account that you've created. I imagine you'd probably also have this problem if you're renaming the Administrator account through group policy.