November 2003 - Posts - THE OFFICIAL BLOG OF THE SBS DIVA

Publishing Sharepoint through ISA

Making Companyweb available via RWW with ISA installed.

NOTE: If ISA isn't installed, it all works through the CIECW, no further
configuration required.

NOTE: Run the CEICW first to create a certificate.

1. Create a new protocol definition for Inbound TCP/444

Go to ISA -> Policy Elements -> Protocol Definitions. Create a protocol
definition called "Companyweb Inbound" (Port number: 444, Type: TCP,
Direction: Inbound)

2. Create a Server Publishing rule to publish the new protocol.

Go to ISA -> Server Publishing Rules, create a rule called "Publish
Companyweb". Specify the internal and external IP, set it to apply to
"Companyweb Inbound" and Any Request.

3. Assign the FQDN cert to the companyweb with SSL port set to 444

Go to IIS -> Companyweb Properties. Directory Security tab. Click Server
Certificate -> Assign an existing certificate. Next, you should have 2
different certs available. One is the FQDN, the other is
Publishing.domain.local. Pick the FQDN and continue. Set the SSL port to 444
and next all the way.

4. Do the regedits for the sharepoint links you want to display in RWW.

HLKM\Software\Microsoft\SmallBusinessServer\RemoteUserPortal\KWLinks\STS to
1
HLKM\Software\Microsoft\SmallBusinessServer\RemoteUserPortal\AdminLinks\STS
to 1
HLKM\Software\Microsoft\SmallBusinessServer\RemoteUserPortal\AdminLinks\Help
Desk to 1

5. Type "iisreset" at a command prompt.
6. Restart ISA Server Control.
7. From a remote location, verify you can telnet to FQDN on port 444.

So if you created your certificate server.domain.com, then server.domain.com
must be reachable from the internet. If all you have is a fixed ip address,
then create your certificate using the ip. "123.456.789". Then telnet to
123.456.789 444 to verify. If this doesn't work, go back to the top and try
again, starting with the ciecw to create a certificate.

8. Connect to RWW and you should see the SharePoint links.

NOTE: If your remote client happens to also be behind an ISA server, you're
not done.

ISA does not allow HTTPS traffic on port 444 by default. Opening the packet
filters should not change the behavior since that only affects server based
communications. Your client is behind ISA and will be using the protocol
rules and if the HTTP Redirector is enabled it will also use the
site&content rule for its HTTPS requests. You need to follow the
instructions on the following article (change the port range to 444,444) on
the ISA server.

283284 Blank Page or Page Cannot Be Displayed When You View SSL Sites

http://support.microsoft.com/?id=283284

Now officially documented here:

838304 - How to publish http://Companyweb to the Internet by using ISA Server 2000 on a server that is running Windows Small Business Server 2003, Premium Edition: 
http://support.microsoft.com/?kbid=838304

Posted Sat, Nov 29 2003 17:06 by bradley | 9 comment(s)

Filed under: Sharepoint, ISA Server, Needed Patches/Tweaks

Ports used by SBS2k3

Table A: Ports that Enable Remote Access to SBS Services
      TCP Port Service Description
      21 FTP Enables external and internal file transfer
      25 Exchange Server Enables incoming and outgoing SMTP mail
      80 (http://) IIS Enables all nonsecure browser access, including:
internal access to IIS Webs including the company Web, Windows SharePoint
Web, Windows SharePoint administration Web, and server monitoring and usage
reports Enables internal access to Exchange by OWA and OMA clients
      110 POP3 Enables Exchange to accept incoming POP3 mail
      123 (UDP port) NTP Enables the system to synchronize time with an
external Network Time Protocol (NTP) server
      143 IMAP4 Enables Exchange to accept incoming IMAP4-compliant messages
      220 IMAP3 Enables Exchange to accept incoming IMAP3-compliant messages
      443 (https://) Outlook Enables all secure browser access, including
external access to Exchange for Outlook 2003, OWA, and OMA clients; required
for external access to server monitoring and usage reports
      444 Windows Share Point Services Enables internal and external access
to the SharePoint Web
      500 IPSec Enables external VPN connections by using IPSec
      1701 L2TP clients Enables external L2TP VPN connections
      1723 PPTP clients Enables external PPTP VPN connections
      3389 Terminal Services Enables internal and external Terminal Services
client connections
      4125 (Note: you can change this port in RRAS) Remote Web Workplace
Enables external OWA access to Exchange, plus internal and external HTTPS
access to the client Web site
      4500 IPSec Internet Key Exchange (IKE) Network Address Translation
(NAT) traversal

Posted Thu, Nov 27 2003 18:16 by bradley | 1 comment(s)

Filed under: SBS Installation

Rdp and vpn issues?

Courtesy of Jim Behning, SBS MVP from Georgia:

Do you have some users that can RDP into some accounts and not others? Can't make more than 2 concurrent connections vpn connections?

Have SQL server installed on that box as well?

Go find the key hklm/current control set/services/tcp/parameters/ReservedPorts.

Delete the value and restart RRAS.

Posted Wed, Nov 26 2003 17:31 by bradley | 1 comment(s)

Filed under: SBS Installation

If you can't get Sharepoint installed - reset your clock.

833019 - You Receive an Error Message When You Install Windows SharePoint Services, Create a New Content Database, or Provision a New Virtual Server:
http://support.microsoft.com/?id=833019

SYMPTOMS
If you try to install Microsoft Windows SharePoint Services by using the default settings after November 24, 2003, you receive the following error message:

Metadata manifest 'C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\bin\sqmcfg.dll' does not exist or has invalid signature. (Error code: 2779). If you try to provision a new virtual server or you try to create a new content database when you are running Windows SharePoint Services by using Microsoft SQL Server 2000 Desktop Engine (Windows) (WMSDE) after November 24, 2003, you receive the following error message:

Metadata manifest 'C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\bin\sqmsto.dll' does not exist or has invalid signature. (Error code: 2779). Note By default, SQL Server 2000 Desktop Engine (Windows) (WMSDE) is installed when you choose Typical Install during the installation of Windows SharePoint Services.

CAUSE
This problem is caused by code that verifies the signatures of the dynamic-link libraries (DLL) that are installed with Windows SharePoint Services. An error in the verification algorithm does not permit the signatures of the DLLs to be verified. All installations of Windows SharePoint Services experience this behavior after November 24, 2003.

WORKAROUND
To work around this problem, temporarily set the date in the Date and Time Properties dialog box to a date that is between May 24, 2002 and November 23, 2003. If you receive the error messages that are described in the "Symptoms" section when you try to install Windows SharePoint Services by using the default settings, follow these steps:
Remove Windows SharePoint Services.
Set the date in the Date and Time Properties dialog box to a date that is between May 24, 2002 and November 23, 2003.

Note You may have to temporarily disable the Windows Time service if it has been enabled. Install Windows SharePoint Services again by using the same options. Set the date in the Date and Time Properties dialog box back to the current date and time, and then restart the Windows Time service if appropriate. If you receive the error messages that are described in the "Symptoms" section when you try to provision a new virtual server or when you try to create a new content database, follow these steps:
Set the date in the Date and Time Properties dialog box to a date that is between May 24, 2002 and November 23, 2003.

Note You may have to temporarily disable the Windows Time service if it has been enabled. Try to provision the virtual server or to create the new content database again, and then verify your results. Set the date in the Date and Time Properties dialog box back to the current date and time, and then restart the Windows Time service if appropriate. Note If you receive the following message during this process, close your Internet browser, and then start the Internet browser again: The security validation for this page has timed out.

STATUS
Microsoft is researching this problem and will post more information in this article when the information becomes available. Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section of this article.

MORE INFORMATION
This problem does not apply to Windows SharePoint Services deployments that use Microsoft SQL Server 2000 for data storage. It also does not affect Windows SharePoint Services sites that have already been provisioned.

UPDATE - DON'T RESET YOUR CLOCK - JUST INSTALL IT AS IS AND THEN GO TO WINDOWS UPDATE AND GET THE PATCH

Posted Wed, Nov 26 2003 17:27 by bradley | with no comments

Filed under: Sharepoint

To Reinstall Sharepoint

If you have RTM, let's try this
1. Remove Intranet using sbs setup
2. Remove MSDE SharePoint from Add/Remove Program
3. Delete Program Files\Microsoft SQL Server\MSSQL$SharePoint\ and
HKEY_LOCAL_MACHINE\Software\Microsoft\SmallBusinessServer\Intranet
4. Delete Companyweb from IIS if it is still there.
5. Rerun SBS setup to put back Intranet.

Posted Wed, Nov 26 2003 7:21 by bradley | 2 comment(s)

Filed under: Sharepoint

Enabling Full Text Searches in Sharepoint by upgrading to SQL

To enable full text search you will need to do the following..

1) Upgrade the SharePoint named instance of SQL to full SQL Server 2000.. 
be sure that you install/add Full-Text Search.. (listed in the steps in the 
premiuminstallsteps.htm on the Premium cd)
2)  Once SQL Server the named instance is upgraded and service packed, then 
go to Start/Administrative Tools/SharePoint Central Administration  scroll 
down to the Component Configuration section and click on the Configure 
full-text search link.  Then click the checkbox to enable full-text search 
and index component..

Once that is done if you then go back to the companyweb site then you 
should see a text box in the upper right corner of the page (with a 
magnifying glass icon to the left.. ) to enter your search criteria.

Posted Tue, Nov 25 2003 14:54 by bradley | 5 comment(s)

Filed under: Sharepoint, Needed Patches/Tweaks

SBS 2k3 in Australia

LINUX no good for small business: Microsoft
iT News, Australia
Microsoft small business sales VP Steve Guggenheimer took a swipe at Linux
while pushing Small Business Server 2003 to partners at a vendor conference
yesterday ...
<http://www.itnews.com.au/storycontent.asp?ID=8&Art_ID=17222>

Posted Tue, Nov 25 2003 14:44 by bradley | with no comments

Filed under: News

RC to RTM "flip tool"

http://www.microsoft.com/downloads/details.aspx?familyid=181c5235-43ec-47c5-821e-ebeea4347d2d

The Windows Small Business Server 2003 Build-to-Build Upgrade wizard enables you to upgrade from the Release Candidate version of Windows Small Business Server 2003 to the full product version.

Posted Mon, Nov 24 2003 20:03 by bradley | with no comments

Filed under: SBS Installation

Hot fix for Travan tape drive mis-identification issue

http://www.microsoft.com/downloads/details.aspx?familyid=776e1f61-0c9d-43ac-9936-49154995f596

This hotfix corrects the problem of NTBackup incorrectly choosing the backup tape type on a drive that supports multiple tape types.

Posted Mon, Nov 24 2003 20:02 by bradley | 1 comment(s)

Filed under: SBS Installation, Needed Patches/Tweaks

Getting the Sharepoint/Company Web to work through ISA Server

Create a server publishing rule on port 444.

Assign the FQDN cert to the companyweb with SSL port set to 444.

Change HLKM\Software\Microsoft\SmallBusinessServer\RemoteUserPortal\KWLinks\STS to 1 and

\AdminLinks\STS and AdminLinks\HelpDesk to 1.

838304 - How to publish http://Companyweb to the Internet by using ISA Server 2000 on a server that is running Windows Small Business Server 2003, Premium Edition: 
http://support.microsoft.com/?kbid=838304

Posted Sun, Nov 23 2003 14:25 by bradley | 1 comment(s)

Filed under: SBS Installation

Using Trend and getting errors during your backup?

You need to have Trend skip some folders.

Open up NTbackup, click Backup tab, select Job -> Load 
Selections. Go all the way to Program Files\Microsoft Windows Small 
Business Server\Backup, click Small Business Backup Script.bks. Uncheck 
C:\Program  Files\Trend\SProtect\Virus, and C:\Program 
Files\Trend\Smex\Alert\. Save the file. Next time the backup will skip the 
folders.

Posted Sat, Nov 22 2003 20:47 by bradley | with no comments

Filed under: SBS Installation

Hotfix needed for the SBS2k3 to fix a "help and support center" issue

This hotfix corrects a problem with the Help and Support Center in which
Japanese-language Help files where incorrectly included in the
English-language version of Windows Small Business Server 2003.

http://www.microsoft.com/downloads/details.aspx?familyid=25121bcb-a35a-4cf9-9c36-566677115ff5

Posted Sat, Nov 22 2003 18:30 by bradley | with no comments

Filed under: SBS Installation, Needed Patches/Tweaks

If you are getting script errors in OWA in SBS2k3... get this fix:

831464 - FIX: IIS 6.0 Gzip Compression Corruption Causes Access Violations:
http://support.microsoft.com/?id=831464

[UPDATE - THIS IS NEEDED PRIOR TO INSTALLING EXCHANGE 2003 SP1 AND IS IN THE INSTALL PACK [I think anyway, I'll check]

Posted Wed, Nov 12 2003 16:03 by bradley | 1 comment(s)

Filed under: SBS Installation, Needed Patches/Tweaks

To reinstall the Management Consoles in SBS 2003

To reinstall the Management Consoles in SBS 2003, follow these steps:

1. Log on as an administrator to your SBS 2003 computer.
2. Insert the Microsoft Small Business Server 2003 CD-ROM 1 into your
CD-ROM or DVD-ROM drive.
3. Click Start, and then click Run.
4. Type the path of the Setup.exe file on the SBS 2003 CD-ROM 1, and then
click OK. Alternatively, you can click Browse and search for the Setup.exe
file on the SBS 2003 CD-ROM 1, click Open, and then click OK.

5. In the Microsoft Small Business Server 2003 Setup wizard, click Set Up
Windows Small Business Server.
6. On the Welcome to Microsoft Windows Small Business Server Setup page,
click Next.
7. On the Setup Requirements page, click Next.
8. On the Windows Configuration page, click Next.
9. On the Component Selection page, in the Action list, click the down
arrow next to Server Tools, and then click 10. Maintenance.
11. In the Action list, click the down arrow next to Administration, and
the click Reinstall.
12. Click Next, and then on the Components Summary page, click Next.
13. On the Finishing Your Installation page, click Finish.
14. Click OK to restart your computer.

Posted Wed, Nov 12 2003 16:02 by bradley | 3 comment(s)

Filed under: SBS Installation

Tip for excluding your box from Google Searches

Some customers may wish to exclude their SBS 2003 installation from the
scope of Web search sites such as Google.com. This may be because you would
prefer to restrict knowledge of your installation only to those who can use
it, or, you may want to keep some portions of your site (e.g. Business Web
site) searchable while keeping other portions under the radar of Web search
sites.

There is a way to do this using the Robots Exclusion Protocol. By placing a
simple text file at the root of your Web site, you can tell Web search
robots which parts of the Web site are open for search.

I've attached two versions of robots.txt that I've whipped up for my SBS
2003 server:

1.. robots.txt - Allows search of your business Web site but hides
SBS-specific sites from search robots.
2.. robots2.txt - (Must be renamed to robots.txt) Denies search of your
entire Web site.
For more information, check out these sources:

http://www.robotstxt.org/wc/robots.html

http://www.searchtools.com/robots/robots-txt.html

http://www.searchengineworld.com/robots/robots_tutorial.htm

Many Web sites implement this functionality. For example, you can check out
http://www.cnn.com/robots.txt.

Please respond to this post if you have any questions or comments - let us
know how this works out for you!

Thanks,
Alan Billharz

Program Manager, SBS 2003

# Place this file at the root of the Default Web Site (%system drive%\inetpub\wwwroot) 
# to allow search engines to catalog your Business Web site, but not catalog the other 
# SBS-specific Web sites. 
# 
# Note that you must choose to publish the root of your Web site to allow the search 
# engine robot to read this file.  In the Configure E-mail and Internet Connection Wizard, 
# choose to publish Business Web site (wwwroot). 


User-agent: *
Disallow:   /_vti_bin/
Disallow:   /clienthelp/
Disallow:   /exchweb/
Disallow:   /remote/
Disallow:   /tsweb/
Disallow:   /aspnet_client/
Disallow:   /images/
Disallow:   /_private/
Disallow:   /_vti_cnf/
Disallow:   /_vti_log/
Disallow:   /_vti_pvt/
Disallow:   /_vti_script/
Disallow:   /_vti_txt/

# Place this file at the root of the Default Web Site (%system drive%\inetpub\wwwroot) 
# to prevent all search engines from cataloging your Web site. 
# 
# Note that you must choose to publish the root of your Web site to allow the search 
# engine robot to read this file.  In the Configure E-mail and Internet Connection Wizard, 
# choose to publish Business Web site (wwwroot). 

User-agent: *
Disallow: /

Posted Fri, Nov 7 2003 10:04 by bradley | 6 comment(s)

Filed under: Security, Needed Patches/Tweaks