THE OFFICIAL BLOG OF THE SBS DIVA

www.sbsmigrationtips.com

Just like with the 2003 to 2008 migration there are keys to success

The purpose of this post is to showcase how the migrations from SBS 2003 to SBS 2008 is similar to SBS 2003 to SBS 2011.

If you are already experiencing a setup failure, please check the following post first:
http://blogs.technet.com/b/sbs/archive/2010/08/03/the-ultimate-guide-to-sbs-2008-setup-failures.aspx

A. Read through the migration guide before starting.

Understand what setup will do for you and what you need to do manually.

B. Watch the migration video demos and online training.

SBS 2011 migration video

C. Join an SBS 2008 forum or user group 

Find resources at www.sbsforum.info or www.sbspartnerforum.info or www.sbsgroups.com  

You might find an answer to a question you have, seek advice on your migration plan, or simply see what others have encountered that you might not have considered.

D. Practice a migration yourself in a test environment.

This way you know what to expect. This also allows you to test the hardware and verify you have the necessary BIOS updates and drivers.  Use Storagecraft or Sysinternals Disk2vhd tool and make an image.  Stand up in a virtual server (HyperV, VMware whatever) and do a dry run migration practice.

KNOWN ISSUES - SBS 2003 migrations to SBS 2011

E. On the Source server, run the SBS 2003 BPA.

• SBS 2003 BPA
• Resolve any issues reported in the source environment ahead of time.
• Know that SBS 2003 SP 1 is not the same as Windows 2003 SP 1 or SP 2. See item #4 for an explanation.

F. On the Source server, make sure the Active Directory is healthy.

If there is only one DC, make sure the SYSVOL and NETLOGON shares are present. Also, check the File Replication Service event log to see if it is in Journal Wrap. The event below is an example of what to look for.

Event Type: Error
Event Source: NtFrs
Event ID: 13568
Description:
The File Replication Service has detected that the replica set "DOMAIN SYSTEM
VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR.

If there are multiple domain controllers in the source environment, force an Active Directory replication between them in Active Directory Sites and Services and verify it is successful.

You can also run the Microsoft IT Environment Health Scanner in the source environment to uncover any AD health issues.  Please note that with the new source tool process you will be blocked from migration if these key issues are not resolved.

Microsoft IT Environment Health Scanner

An unhealthy Active Directory can result in the following setup errors:

• Windows Small Business Server group policies cannot be configured.
• Windows Server Update Services cannot be configured.

To fix this, you will need to restore the source server, resolve the AD Health issue(s) and start the migration all over again.

G. On the Source server, check the Primary group of the account you will use to install the SBS 2008 server into the domain.

Make sure the Primary group is set to something besides Domain Admins, Enterprise Admins, or Schema Admins. Otherwise, you may receive the following pop-up error during the migration:

The user account does not have the permission that it needs to join the domain. The user account must be a member of the Domain Admins, Enterprise Admins and Schema Admins groups.

1. In the properties of the user account, click the Member Of tab, and at the bottom look for the Primary group.
2. Make sure the Primary group IS NOT : Domain Admins or Enterprise Admins or Schema Admins.
3. To change it, select Domain Users and click the Set Primary Group button.

H. On the Source server, run the SBS 2011 Migration Preparation Tool.  (it's on the SBS 2011 media)

This tool performs the following actions:

1. Installs update 943494 on the SBS 2003 server to extend the migration grace period from 7 to 21 days.
2. Runs ADPREP to update the forest, domain, and group policy object access control entries.
3. Changes Exchange 2003 from Mixed mode to Native mode.
4. Adds the Authenticated Users group to the Pre-Windows 2000 security group.

If Exchange 2003 is not running in Native mode, Exchange Server 2010 will not be installed and you will have to start all over. The error message is Exchange Server 2010 cannot be installed.

If the Authenticated Users group is not a member of the Pre-Windows 2000 security group, then standard users will not be able to access the Remote Web Workplace. The error message they will see is: Cannot connect to the Remote Web Workplace site. To continue, contact your network administrator.

I. In the source domain, check for the existence of an account named Postmaster.

SBS setup tries to create a Distribution List with the SAM account name of Postmaster. If it already exists, you will receive the following errors at the end of setup.

Setup errors due to an existing Postmaster account:

• The e-mail distribution groups cannot be created.
• Incoming and outgoing e-mail for Windows SharePoint Services are not configured.
• Incoming and outgoing e-mail for Windows SharePoint Services are not configured.

To fix this, you will need to restore the source server, rename the Postmaster account and start the migration all over again.  Alternatively you can complete the steps listed in http://technet.microsoft.com/en-us/library/cc626214(WS.10).aspx and http://technet.microsoft.com/en-us/library/cc626120(WS.10).aspx.    I think this is now checked by the source server tool, I'll check on this one and report back.

J. Check Exchange 2003 policies:

• Existing Mailbox Management policies
• Duplicate SMTP addresses in recipient policies
• Invalid SMTP addresses in recipient policies

If any of these are present during the migration to SBS 2008, the setup will finish with the following errors:

Setup errors due to mailbox management policies or duplicate/invalid SMTP addresses in recipient policies:

• The Exchange E-mail address policy cannot be configured.
• Incoming and outgoing e-mail for Windows SharePoint Services are not configured.
• Incoming and outgoing e-mail for Windows SharePoint Services are not configured.

How to check for Mailbox Management policies:

If you have Exchange 2003 or Exchange 2000 recipient policies that are ONLY Mailbox Manager policies and do not define e-mail addresses (they do not have an E-mail Addresses (Policy) tab), perform the following steps to delete the policies:

1. In Exchange System Manager, expand Recipients, and then select Recipient Policies.
2. To verify that a policy is only a Mailbox Manager policy, right-click the policy, and then select Properties. The Properties page must not have an E-Mail Addresses (Policy) tab.
3. To delete the policy, right-click the policy, and then select Delete. Click OK and then click Yes.

If you have Exchange 2003 or Exchange 2000 policies that are BOTH E-mail Addresses and Mailbox Manager policies (they have both the Mailbox Manager Settings (Policy) tab and the E-mail Addresses (Policy) tab), perform the following steps to remove the mailbox manager portion of the policy:

1. In Exchange System Manager, expand Recipients, and then select Recipient Policies.
2. Right-click the policy, and then select Change property pages.
3. Clear the Mailbox Manager Settings check box, and then click OK.

How to check for duplicate/invalid SMTP addresses in recipient policies:

1. In Exchange System Manager, expand Recipients, and then select Recipient Policies.
2. Right-click the policy, and then select E-Mail Addresses (Policy) tab.
3. Inspect the SMTP Addresses for any that are unchecked. If you find any, place a check in the box or remove that address.
4. Inspect the SMTP Addresses for any that have an IP address. For instance, @192.168.1.1. If you find any, remove those addresses that contain an IP address.
5. Click OK.

Again, I think that this is auto checked by the source server tool, I'll double check and report back.

Recovery option 1:

Restore the source domain to before the migration, take corrective actions for any of the known causes, and start the migration over.

Recovery option 2:

Take corrective actions for any of the known causes. Complete the lengthy manual repair steps for each of the received errors as provided in the SBS 2008 Tech Library.

K. When you create the answer file for the migration, leave the Certificate authority name blank.

At the very least, do not use remote.domain.com or any periods in the name. For more information, see this.

L. On the SBS 2011 server, after setup is done, run the SBS 2011 BPA.

www.sbsbpa.com

M. Disabling IPv6 is not necessary in SBS 2011.

If you think you want to disable IPv6 in SBS 2011 or any Vista/Windows 2008/R2 product for that matter, you must do so in the registry. Unchecking IPv6 in the properties of the nic will cause you grief. For more information on how to do this, read here.

N. Remove the Last Legacy Exchange Server from an Organization

Before you are ready to demote and remove the source SBS 2003 server from the network, make sure you follow the steps to Remove the Last Legacy Exchange Server from an Organization BEFORE you uninstall Exchange 2003 from the SBS 2003 server. The steps are located here.

O. Disable WSUS on Source domain prior to migration

If you have a deadline set for a Windows 2008 or R2 update in WSUS that is past-due, your SBS 2011 setup can fail when the update is automatically installed and the SBS 2011 server is rebooted.  Deadlines are not automatically set in SBS 2003 but can be set by the Admin through the native WSUS console.  We recommend disabling WSUS for the duration of the migration.

P. On the Source Server run the Exchange 2007 Readiness Check in the Exchange BPA

Q. Make sure the Admin account you are using for the migration has a STRONG password

Strong passwords must meet the following minimum requirements:

• Passwords cannot contain the user's account name or parts of the user's full name that exceed two consecutive characters.
• Passwords must be at least six characters in length.
• Passwords must contain characters from three of the following four categories:
  • English uppercase characters (A through Z).
  • English lowercase characters (a through z).
  • Base 10 digits (0 through 9).
  • Non-alphabetic characters (for example, !, $, #, %).

R. SBS 2003 must be on a class C subnet (subnet mask of 255.255.255.0).

Since SBS 2008 only supports a Class C Subnet if your SBS 2003 server is not in a Class C subnet it can cause communication problems during setup.  Please see the following post for supported network topologies in SBS 2008: http://blogs.technet.com/sbs/archive/2008/09/16/sbs-2008-supported-networking-topology.aspx

S. Authoritative Restores of Active Directory

There has been a few cases where migrations fail on domains where customers have previously performed an authoritative restore of their 2003 domain environment.  Authoritative restores can cause the SBS migration to fail by invalidating Kerberos tickets which will cause the Exchange install to fail.  If you have performed an authoritative restore or you are not sure if an authoritative restore has ever been done please apply the following hotfix on all 2003 domain controllers in your environment before starting the migration.  This will be flagged by the SBS 2003 BPA.

939820  Events 1925, 1006, 1645, 1055, 40961 on a Windows Server 2008-based domain controller or error message: "No authority could be contacted for authentication" when you use Remote Desktop Connection

You know how I said that the migration docs wouldn't be released until January because that's what was said in the HP/MS webcast?

Guess what just got released on Technet today...

But ..instead of that "important we recommend you read this"...change that to "dude, Susan will come after you with a 2x4 if you don't practice this first".

Migrate to Windows Small Business Server 2011 Standard from Windows Small Business Server 2003:
http://technet.microsoft.com/en-us/library/gg563801.aspx

Published: December 23, 2010

Applies To: Windows Small Business Server 2011 Standard

(slightly bigger version here, download to get the larger view)

Do you get the idea in this process there's a lot of emotions involved in this decision making process?  Bottom line, it's what you are comfortable with.

In my opnion you shouldn't just knee jerk consider clean install when you are under 5 users.  Nor for that matter should SBS standard be the knee jerk solution in that space.   But then again, neither should a knee jerk solution to put Cloud based solutions in every 5 user micro network.

While Paul Thurrott laments that you'll need a partner to migrate to the cloud in SBS Essentials.. honey... you'll need a partner to clear though the cobwebs and hype of what works, what doesn't, what is ready for prime time, what Vendor will be in business for a year, what vendor you can trust to put your data in and then get it out should the need arise and all the other decisons to be made if you really want to go "all in the cloud" to borrow a phrase from Microsoft.

I'll do a flow chart on the decisions to be made BEFORE this step (go SBS standard, go Essentials or go something else), and then another one once you get into the migration process some of the key things to watch out for along the way.

But bottom line you have choices in migration paths.

Tim... I gotta say...

How To Install SBS 2011 With A Bootable USB Drive | NoGeekLeftBehind.com:
http://www.nogeekleftbehind.com/2010/12/22/how-to-install-sbs-2011-with-a-bootable-usb-drive/

This -- http://msmvps.com/blogs/bradley/archive/2010/09/21/making-a-bootable-flash-drive.aspx is sooooooo much easier though

Another annoyance you may want to adjust on SBS 2011 (and I'll be putting this in the SBS 2011 standard build doc) is how you may want to adjust the group policies in SBS 2011 standard to not push out changes to the home pages in IE

Launch the group policy management

Scroll down to the Windows SBS User Policy

Right mouse click and edit on the policy.

Drill down to User Configuration
Policies
Windows Settings
Internet Explorer Maintenance
URLs

Double click on Important URLs and REMOVE http://companyweb if that's not your preference.

And now companyweb won't be pushed out as the home page in IE on your domain joined workstations in SBS 2011

Your users might hate the password policy on the server.

Now mind you I'm not saying that this is a bad thing...just that you may need to tweak the policy.   Especially if you opt for two factor authentication with www.authanvil.com where you can make the 'normal' password policy a little bit 'dumber' as the two factor means you are now smarter.

First one ... the password policy. 

Launch the group policy management console

And in the default domain policy under Windows Settings\Security settings\Account policies/Password Policy here's the policy.

If you want to make the password expiration LONGER than 180 days, right mouse click on the default domain policy

Expand Computer configuration
Policies
Windows Settings
Security settings
Account policies
Password Policy

Now edit the policy as you want for your clients/your office

==================

Enforce password history

This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused. The value must be between 0 and 24 passwords.

This policy enables administrators to enhance security by ensuring that old passwords are not reused continually.

Default:

24 on domain controllers.  SBS 2011 has this at 24

==============

Maximum password age

This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it. You can set passwords to expire after a number of days between 1 and 999, or you can specify that passwords never expire by setting the number of days to 0. If the maximum password age is between 1 and 999 days, the Minimum password age must be less than the maximum password age. If the maximum password age is set to 0, the minimum password age can be any value between 0 and 998 days.

Note: It is a security best practice to have passwords expire every 30 to 90 days, depending on your environment. This way, an attacker has a limited amount of time in which to crack a user's password and have access to your network resources.

Default: 42.

SBS 2011 sets it for 180 days because the default of 42 drives you to drink.

=============

Minimum password age

This security setting determines the period of time (in days) that a password must be used before the user can change it. You can set a value between 1 and 998 days, or you can allow changes immediately by setting the number of days to 0.

The minimum password age must be less than the Maximum password age, unless the maximum password age is set to 0, indicating that passwords will never expire. If the maximum password age is set to 0, the minimum password age can be set to any value between 0 and 998.

Configure the minimum password age to be more than 0 if you want Enforce password history to be effective. Without a minimum password age, users can cycle through passwords repeatedly until they get to an old favorite. The default setting does not follow this recommendation, so that an administrator can specify a password for a user and then require the user to change the administrator-defined password when the user logs on. If the password history is set to 0, the user does not have to choose a new password. For this reason, Enforce password history is set to 1 by default.

SBS 2011 is set for 1 day but you may want to set this to 0 to allow for immediate changes.

=============

Minimum password length

This security setting determines the least number of characters that a password for a user account may contain. You can set a value of between 1 and 14 characters, or you can establish that no password is required by setting the number of characters to 0.

Default:

7 on domain controllers.
0 on stand-alone servers.

Note: By default, member computers follow the configuration of their domain controllers.

SBS 2011 is set for 8.  Keep this.  Longer passphrases are a good thing.

===============

Password must meet complexity requirements

This security setting determines whether passwords must meet complexity requirements.

If this policy is enabled, passwords must meet the following minimum requirements:

Not contain the user's account name or parts of the user's full name that exceed two consecutive characters
Be at least six characters in length
Contain characters from three of the following four categories:
English uppercase characters (A through Z)
English lowercase characters (a through z)
Base 10 digits (0 through 9)
Non-alphabetic characters (for example, !, $, #, %)
Complexity requirements are enforced when passwords are changed or created.

Default:

Enabled on domain controllers.  Enabled on SBS 2011.  Leave this.  People need to stop using the word password as a password.

===============

Store passwords using reversible encryption

This security setting determines whether the operating system stores passwords using reversible encryption.

This policy provides support for applications that use protocols that require knowledge of the user's password for authentication purposes. Storing passwords using reversible encryption is essentially the same as storing plaintext versions of the passwords. For this reason, this policy should never be enabled unless application requirements outweigh the need to protect password information.

This policy is required when using Challenge-Handshake Authentication Protocol (CHAP) authentication through remote access or Internet Authentication Services (IAS). It is also required when using Digest Authentication in Internet Information Services (IIS).

Default: Disabled.  Disabled on SBS 2011

If at first you don't succeed....

Don't forget to try again

 .Net updates do better when there's less updates to do.

Try it again...

And it succeeds.

...the install starts..

And services start to be stopped and disabled...

The status for service dfs (DFS Namespace) changed from Running to Stopped.
The status for service msexchangeadtopology (Microsoft Exchange Active Directory Topology Service) changed from Running to Stop Pending.
The status for service msexchangeantispamupdate (Microsoft Exchange Anti-spam Update) changed from Running to Stopped.
The status for service msexchangefds (Microsoft Exchange File Distribution) changed from Running to Stopped.
The status for service msexchangemailboxassistants (Microsoft Exchange Mailbox Assistants) changed from Running to Stopped.
The status for service msexchangemailsubmission (Microsoft Exchange Mail Submission) changed from Running to Stopped.
The status for service msexchangerepl (Microsoft Exchange Replication Service) changed from Running to Stopped.
The status for service msexchangesearch (Microsoft Exchange Search Indexer) changed from Running to Stopped.
The status for service msexchangeservicehost (Microsoft Exchange Service Host) changed from Running to Stopped.
The status for service msexchangetransport (Microsoft Exchange Transport) changed from Running to Stopped.
The status for service msexchangetransportlogsearch (Microsoft Exchange Transport Log Search) changed from Running to Stopped.
The status for service remoteregistry (Remote Registry) changed from Running to Stopped.

... and now services get disabled....

The Startup Type for service remoteregistry (Remote Registry) changed from Automatic to Disabled.

Oh wait... we still have to stop IIS services
The status for service iisadmin (IIS Admin Service) changed from Running to Stopped.
The status for service msexchangeadtopology (Microsoft Exchange Active Directory Topology Service) changed from Stop Pending to Stopped.
The status for service tsgateway (Terminal Services Gateway) changed from Running to Stopped.
The status for service w3svc (World Wide Web Publishing Service) changed from Running to Stop Pending.
The status for service msftesql-exchange (Microsoft Search (Exchange)) changed from Running to Stopped.

And of course all of those services get turned back on.

If you are unused to SBS 2008/SBS 2011's WSUS intereface you may not realize that the server is set to 'download but do not install' all security patches. So you'll need to install them.  But what if you don't?  Or what if you want to do one separately?

Click on the yellow indicator in the corner that says you have updates. 

In that section where the blue wording says 9 important updates are available click there.

You'll now see the updates ready to go.  Now unclick any that you want to do separately.  I tend to do SharePoint and Exchange updates all by themselves just because I'm a worry wart.

You could even HIDE an update by right mouse clicking and clicking on HIDE UPDATE

But in my case I don't want to hide it, I'll just do it later.

Now you'll see that only 8 updates will be installed.

(MONDAY UPDATE) Beta Exam 71-169 --- Registration open, code is working - Born to Learn - Born To Learn - Born to Learn:
http://borntolearn.mslearn.net/btl/b/weblog/archive/2010/12/17/registration-now-open-for-beta-exam-71-169-ts-windows-small-business-server-7-configuring.aspx

Translation this is the beta for the SBS 2011 exam.

So you have a ton of folks with Outlook 2003 and the are the ones looking to possibly upgrade to SBS 2011?

If so read this:

Prepare client side environment to Upgrade from Exchange 2003 to Exchange 2010 - Team blog of MCS @ Middle East and Africa - Site Home - TechNet Blogs:
http://blogs.technet.com/b/meamcs/archive/2010/12/19/prepare-client-side-environment-to-upgrade-from-exchange-2003-to-exchange-2010.aspx

As it will impact you.  While Microsoft will want you to upgrade to Office 2007 or 2010, you can still use Outlook 2003 to connect to Exchange 2010.

SBS 2011 ships with Exchange 2010 sp1.  So step one to make it easier to connect those Outlook 2003's is install update rollup 2 (which includes the rollup 1 stuff)

If you missed the HP/Coffee Coaching/MS webcast on SBS 2011 here's the recording --

https://www106.livemeeting.com/cc/plc_usa/view?id=7221332010121132746&role=attend&pw=3%7C9*q%3C%2CFT

So you don't have Technet for Action pack?

First check to see if you SHOULD have Technet for Action pack.  If you are a SBSCer/or signed up for Action pack you should have it... you just may need to hook your Action pack to your Technet.

Two folks when to the Technet chat and chatted with"Santa Kevin"

You are now chatting with 'Kevin Liu'.

Kevin Liu: Thank you for contacting the TechNet Online Concierge.  Please give me a moment while I review your question.

Kevin Liu: Please follow the steps:

Kevin Liu: 1. Go to the following link and sign in with your Windows Live ID

Kevin Liu: https://technet.microsoft.com/en-us/subscriptions/add/default.aspx 

Kevin Liu: 2. After login with the Live ID, fill out the profile center if required. In the process of authenticating a subscription, you will be prompted to enter your registered information: First name, Last name, Email, and Benefit Access Number. After that your TechNet subscription is associated with the login passport.  

Kevin Liu: 3. Click "Ok" to confirm that you want to assign this subscription with system the live ID even it has already associated with another passport.  

Kevin Liu: 4. Click "Cancel" to confirm that? you don't want to add another subscription.

thank You

But if you just have Technet... not to fear... Santa will come to you next week...

 I'm trying to understand why the links for Small Business Server 2011 keys and downloads are unavailable...they are available for SBS 2008

Kevin Liu: At the moment, Small Business Server 2011 only available for two special TechNet subscriber (for partner). But please do not worry, SBS 2011 will be released to all TechNet subscribers later this month.

Kevin Liu: The specific date is 24th December 2010.

That said next time you might want to consider Action Pack with Technet.  The price tag isn't that much higher.  You'll need it to be a SBSCer.  And it gives you access to not only the Technet resources, but the extra licenses and stuff of Action pack.

It's a geek Christmas weekend for sure!

Download details: Microsoft Windows Small Business Server 2011 Best Practices Analyzer:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=bbf35af9-f1ee-4397-b544-af3f31d7e32f&utm_source

I just updated the landing page of www.sbsbpa.com to reflect there's a new BPA just released.

Please note you'll also need to download http://www.microsoft.com/downloads/en/details.aspx?familyid=1B6E9026-F505-403E-84C3-A5DEA704EC67&displaylang=en to run the BPA (thanks Simon for the ping)

I'm trying to figure out if this is just temporarily broken or if this is now expected and we're supposed to do that update schema thing.  I think it's supposed to be fixed but for now if you need to fix your receive connector so you can do new ones after rollup 1 -or- 2, follow Lyle's blog:

Can’t create a new Receive connector after installing Rollup #1 or #2 for Exchange 2007 SP3 | Lyle Epstein's Systems Engineer Blog:
http://blog.korteksolutions.com/cant-create-a-new-receive-connector-after-installing-rollup-1-or-2-for-exchange-2007-sp3

So what about Direct Access on SBS 2011?

"DA is supported in Windows Server 2008 R2, and as you will need a 2nd server to run it (You will need to put your DA server in a DMZ), then you can integrated this into a SBS 2011 solution). However we have no DA integration into the SBS 2011 Std console, so you would need to use the WS08 R2 guidence in deploying DA. "

Personally... this is a technology that you need to check vendor support.  Quickbooks doesn't support Direct Access, so test and deploy carefully.

Gentlemen ...start your downloads....

https://technet.microsoft.com/en-us/subscriptions/securedownloads/default.aspx

This is what a normal standard outside home page of SBS 2011 looks like.

Booooorrrrrrinnnnng right?

But what if you could "bling" it up a bit?

We have several ways. 

Way one -

1. Open the Windows SBS Console.

2. On the navigation bar, click Shared Folders and Web Sites.  Click on the Web sites tab.
   
   
   

3. Right-click Remote Web Access, and then click View site properties. The Remote Web Workplace Properties page appears.

4. Click the Customization tab.

5. Do any of the following:

   • To record the name of your organization as you want it to appear on the sign-in, sign-out, and home pages of your Remote Web Workplace, type the name in the Organization name text box.
     
     
   • To choose a custom background image for your Remote Web Workplace sign-in page, in the Sign-in page dialog box, click Choose, select an image in the list, and then click OK.
   • To display your organization's logo on the Remote Web Workplace home page, in the Home page dialog box, click Choose, select an image in the list, and then click OK.

To see the impact immediately click start, find the command prompt, run as administrator, and do a iisreset.  Refresh the https://localhost/remote page locally on the box and you can see the impact.

Hmmm not quite what I wanted... so lets go back and adjust that back to the default background and try another way, click on Use default and clear out that background image.

But that's not exactly the customization I had in mind.  If you pick background it gets put behind the log in section.  If you choose organization logo it only is shown inside the logged in RWW page.  What we want to do is put the logo on that main pre-log in screen.

Since SBS 2011 is close to SBS 2008 the instructions are similar but a little bit different than what we had to do in SBS 2008: Costas Tsaklas’ Blog » Blog Archive » Customize the RWW logo in SBS 2008:
http://costas.cpstechgroup.com/2009/01/02/customize-the-rww-logo-in-sbs-2008/

If you want to replace it with your own company logo, you’ll have to have some editing skills but it isn’t very complicated.  Navigate to the following directory in SBS 2011:

C:\Program Files\Windows Small Business Server\Bin\webapp\RemoteAccess\Customization\Product

Right-click on the "logo.png" file and select "Edit". The file will open in Microsoft Paint, click on the "Selection" tool (arrow "a") and then select the default SBS image (arrow "b")

Or conversely just rename your .png file to logo.png.  Do remember to ensure your image doesn't have the "mark of the web" if you emailed it in from the Internet to get it on the box.

Now comes the fun part you need to note the size of that logo in pixels.  The old logo had a 200x48 size.  My new logo is 232x200 in size.  We know this when we open up the files in Paint they have the exact pixel sizing in the corner.  Note how big your new firm logo is, you'll need to adjust a setting in a css style sheet.  If you don't edit it, your resulting replaced logo gets all squishy on the Remote Access page.

Not quite what I wanted.  Not to worry we just need to find the place in the style sheet where the image is sized up and change it.

Now go to c:\Program Files\Windows Small Business Server\Bin\WebApp\RemoteAccess\Css and find the file called logon.css.  Open it up in notepad.

Instead of

.product-logo
{
               height: 48px;
               width:  200px;

Adjust that section to what you need.

Change the product-logo size section to EXACTLY the pixel height and width you need.  Keep the logos small, in a png format and small in size as the bigger that logo is, the more it will slow down that home landing page.

Now comes a little tricky part.  Save it as logon.css to your "my documents" folder and then copy it back to the Bin/WebApp/RemoteAccess/CSS folder and approve the copying

Now when your client logs into the RWW main landing page their logo is on the left.  Very professional looking.

Well I think it looks cute anyway!

Get the idea here?

A width of 200 pixels seemed to nicely place the logo to the left of the login window.

Twitter / Joe Tierney: An IT professional recomme ...:
http://twitter.com/JoeTierney/status/15154539149656065

An IT professional recommending #SBS2011 to a small business is like a doctor recommending a greasy cheeseburger to a heart patient. #Fail

Dear Joe:  Pushing buttons again I see?

A doctor who doesn't LISTEN to his patient and instead just blindly prescribes a medication to his patient should be sued for malpractice.  So should an IT professional that doesn't sit down with their client and ensure that the solution they are recommending FITS the clients needs.

Amy Babinchak of www.thirdtier.net and I were chatting about this earlier in preparation for a podcast with Kate of www.lookscloudy.com .   We're no longer one size fits all of the SBS 2003 era, we have a lot of choices. 

Show me a small firm and we all use "the cloud".  Show me a small firm and we all have different needs.  Even SBS 2011 can be easily combined with Internet solutions. 

But I"m starting to get real tired of the "premise" versus the "cloud" fights.  This is about building the right solution for the needs of the clients, the business requirements, the line of business apps (not all that are 'all in the cloud'), the regulatory environment, and last... and CERTAINLY not least, the comfort level of the owners of the data themselves. 

Bottom line we don't just have greasy hamburgers on the menu anymore.  We have lots of menu selections to choose from.