Windows Internal Database

During the install WSUS under Server 2003 or as an optional component to be installed under Server 2008/R2 there is an option to use the “Windows Internal Database”. This database is based upon a stripped down version of SQL Server 2005 Express with three exceptions. First there is no database size limitations, any management of the database needs to be done locally either via command line or SQL Management Studio, and lastly there are no licensing restrictions (Moving to SQL Server Standard or higher requires SQL Client CALs or per-socket licensing in which both cost significantly more).

By default upon installation any databases will be installed under “C:\WINDOWS\SYSMSI\SSEE\MSSQL.2005\MSSQL\Data” as you may wish to adjust your antivirus scanning for this particular folder.

In the event you wish to manage the internal database via SQL Management Studio login to the server with administrative privileges with a server name of \\.\pipe\mssql$microsoft##ssee\sql\query while using Windows Authentication.

Intel Ivy Bridge Leak

The Ivy Bridge family of processors are scheduled to be released starting in April 2012. The first batch of desktop processors has been completely exposed, including the exact model name, complete specifications, with a total of 18 models of as many as belong to Core i7 , Core i5 two sub-series.

Ivy Bridge can be said that an enhanced version of Sandy Bridge’s technology, 32nm evolution of 22nm, architecture has also been fine-tuning, but overall little change. This first batch of products can be divided into four parts, from low to high in order of: i5-3300, i5-3400, i5-3500, i7-3700.

Low end Core i3 sub-series will be launched in the Q2 2012, Pentium models are arranged in Q3 2012 with the Celeron brand being discontinued as it would seem.

Ivy Bridge

Ivy Bridge the first batch of 18 models of specifications glance

IVB Core i5 has 14 models, in addition to Core i5-3470T than all four cores and four threads, the original frequency of 2.3-3.4GHz, Turbo Boost speed up the highest frequency of 3.2-3.8GHz, three cache 6MB, thermal design power side with suffix T are 45W, S are 65W, K or no suffix is 77W.

Core i5-3470T is special in that it’s dual core with four logical threads, L3 cache is halved to 3MB, carrying a 35W TDP, and carries 2.9GHz clock with turbo peaking at 3.6GHz.

IVB Core i7 only four models, the Core i7-3770 and the four variants, are quad-core eight thread, the original frequency of 2.5-3.5GHz, the frequency 3.7/3.9GHz two speed grades (still do not want to touch the 4GHz) L3 cache is full 8MB, thermal design power is divided into four categories according to different suffix 45/65/77W.

And now the same, Core i5-3570K, Core i7-3770K is an open multiplier.

Graphics core areas, Core i7-3700 series, Core i5-3570K, Core i5-3475S are integrated HD Graphics 4000, with sixteen execution units, and other fully integrated HD Graphics 2500, eight suspected graphics unit, just between the current between the HD Graphics 2000/3000.

What speed, unified set at the reference frequency 650MHz, acceleration frequency Core i5-3330S only 1050MHz, other Core i5-3300/3400 series is 1100MHz, Core i5-3500/i7-3700 series were all 1150MHz, not very different.

Incidentally, VT-d virtualization technology and equipment, AES-NI instruction set. Universal access to the latter, the former is missing in the Core i5-3300S/3300/3450S/3450 four lowest-end model and Core i5-3570K/i7-3770K two models.

Also in memory, all unified support dual channel DDR3-1600/1333.

Translated from:

Forefront Endpoint Protection 2010 Reporting Services

Over the last few days I’ve been working on a Forefront Endpoint Protection 2010 Deployment on top of an existing Server 2008 SP2 (64-bit) with SQL Server 2005 (64-bit) Standard Edition with SP3 and a production version of SCCM 2007 with R3 and SP3. While working through the pre-requirements and had a number of failures with the SQL server portion. The bulk of these revolved around being unable to detect the version of the Integration Services that were installed. Installing SP4 for SQL Server 2005 did not clear up this issue. The next step was do an in place upgrade to SQL Server 2008 R2 w/SP1, after completing this upgrade the Integration Services version issue was resolved (later the source of the problem was an unknown prior SQL Express install on the server originally which during the install never cleaned up properly).

With all the pre-requirements done, it appeared as life was good but this eventually was met with a failed install with the install going as planned with the exception of the Reporting/Alerting services. To step through this a custom install was done to install everything but the Reporting Services (this install worked). Then followed by a custom install of the Reporting Services only with again another failure. Below is a sample of what the FepReport_*.log created located C:\ProgramData\Microsoft Forefront\Support\Server\

MSI (s) (C8:48) [14:19:50:481]: Product: Microsoft Forefront Endpoint Protection 2010 Reporting — Installation operation failed.

MSI (s) (C8:48) [14:19:50:482]: Windows Installer installed the product. Product Name: Microsoft Forefront Endpoint Protection 2010 Reporting. Product Version: 2.1.1116.0. Product Language: 1033. Installation success or error status: 1603.

MSI (s) (C8:48) [14:19:50:484]: Deferring clean up of packages/files, if any exist
MSI (s) (C8:48) [14:19:50:484]: MainEngineThread is returning 1603
MSI (s) (C8:98) [14:19:50:485]: RESTART MANAGER: Session closed.

While the 1603 is very generic and when looking up this product there were references to TCP 1433 being blocked (which would be odd considering the SQL install was on the same server). Then an attempted manual install from the fepreport.msi was attempted with the below error.

Now at this point it would seem odd that all the pre-requirements foundwere met, the domain server account was even added to the local administrators group and UAC disabled during troubleshooting.

At this point what should be enough for permissions fails, so an attempt with a domain admin level account was done and worked without an issue.

Now doing this method in a production environment introduces many security issues so you’ll need to perform the below steps to change the credentials post-install for the reporting service.

  1. In a web browser, open the Report Manager. By default, the URL is: http:// ReportingServerURL /Reports Where ReportingServerURL is the URL of the reporting server in your organization.
  2. Click Forefront Endpoint Protection_XXX, where XXX is your Configuration Manager site code.
  3. Click Show Details and then click DataSources.
  4. Click DefaultDataSource, under Credentials stored securely in the report server, in the Password box type the new password, and then click Apply.
  5. Verify that the new password is correct by opening a Forefront Endpoint Protection report.

The above is taken from

Outlook and 5.4.4 Routing Errors

The below message is generated when an Outlook 2007/2010 client clicks on a e-mail address link from a Word document in the form of, now typically as a hyperlink there is no problem but if it is formatted and unusual errors occurs. When sending e-mail messages from the regular Outlook client the below message occurs.

Delivery has failed to these recipients or groups:

‘’ (
A problem occurred and this message couldn’t be delivered. Check to be sure the e-mail address is correct. If the problem continues, please contact your helpdesk.

Diagnostic information for administrators:

Generating server:
#550 5.4.4 ROUTING.NoConnectorForAddressType; unable to route for address type ##

Now for Outlook 2007 there is a patch available ( but for Outlook 2010 there is no patch. The word-around for 2010 is to use OWA or create a contact for the given user and then pull up the contact card for the user and select “Outlook Properties” and click on the “Internet type” button to convert the “e-mail type” from “MAILTO:” to “SMTP:”.

Using PowerShell to copy Active Directory Group Membership

If you’ve ever needed to group membership between to AD groups you could do this one by one which while does work, what happens if you have a list with 10, 20, 30,….or even 5000+ users? To copy the membership from one group into another via PowerShell under Server 2008 is a simple two lines (plus import command).


Import-Module ActiveDirectory

$mymembers = Get-ADGroupMember -identity My_Source_Group_Name | Select-Object SamAccountName

foreach($i in $mymembers){Add-ADGroupMember -Identity My_Destination_Group_Name -Members $i.SamAccountName}

Bad Fragmentation

Shortly before moving I ran across the worst fragmented by percentage system I’ve ever seen. To give some background the system was an IBM x336 running Windows 2000 Server (yes, 2000 Server) and it had been up and in production for 5+ years. As you can see the 10.6GB partition for the C-drive is reporting 124% fragmentation!


The screenshot from the above is taken by an old version of Defraggler (version 1.21) with the defrag taking about 12 hours.

Why is it that no-one ever does any maintenance on their systems?