SBSDiva Mobile

Migration Step Thirty-Four: Running the SBSBPA

So one of the clean up things you need to do post install is this:

EVENT #    25091
EVENT LOG    Application
EVENT TYPE    Warning
OPCODE    Info
SOURCE    Windows SharePoint Services 3 Search
CATEGORY    Gatherer
EVENT ID    2436
COMPUTERNAME      SERVER
DATE / TIME      11/20/2009 11:20:30 PM
MESSAGE    The start address <sts3s://domain.com:987/contentdbid={b523f4fb-4a4a-4f37-98d3-855fda2496d1}> cannot be crawled.
Context: Application 'Search index file on the search server', Catalog 'Search'
Details:
Access is denied. Verify that either the Default Content Access Account has access to this repository, or add a crawl rule to crawl this repository. If the repository being crawled is a SharePoint repository, verify that the account you are using has "Full Read" permissions on the SharePoint Web Application being crawled. (0x80041205)

The Official SBS Blog : Event 2436 for SharePoint Services 3 Search:
http://blogs.technet.com/sbs/archive/2009/05/07/event-2436-for-sharepoint-services-3-search.aspx

You'll see two fo these over and over and over again.

Resolution

To resolve this issue, it is recommended to manually register the URL in your system, or even disable the Loopback check feature. To register this URL, please use the following steps,

Note: We recommend that you use this method.

1. Click Start, click Run, type regedit, and then click OK.
2. In Registry Editor, locate and then click the following registry key:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
3. Right-click MSV1_0, point to New, and then click Multi-String Value.
4. Type BackConnectionHostNames, and then press ENTER.
5. Right-click BackConnectionHostNames, and then click Modify.
6. In the Value data box, type the URL mentioned in the above warning event, and then click OK.
7. Quit Registry Editor, and then restart the IIS service.

You can figure out how to fix this a couple of ways... first by seeing this and googling, or merely by running the www.sbsbpa.com that now points specifically how to fix this issue.  As you can see, post install I've got some clean up to do.

Go through them one by one, expanding them and see what they tell you to do.

1.  It tells me that Exchange 2007 is missing SP2.  Who cares at this point in time.  I'm waiting for the sbs specific wrapper that will install this on the box.  I'm not following a KB, I'm holding out until that installer wrapper is released.

2.  It told me to set up the backconnectionshost name just as I did above.  This will get rid of the SharePoint error.

3.  It tells me I forgot to remove the Backup User account.  I have to go into Active Directory Users and Computers and delete it there.

4.  It tells me to get rid of add-on congestion control by typing in netsh int tcp set global congestion=none in an elevated command windows.

5.  It reminds me that the built in admin group is missing the logon as a batch job user right.  (I accidentally got the wrong group with the logon as a batch right)

6.  It is reminding me that IE Enhanced security is disabled (I did it as I was building this test box as I couldn't get downloads from HP on there)

7.  It reminds me that the "Local activation permission to the IIS WAMREG Admin service is required  - fixed with KB920783

1. Click Start, click Run, type dcomcnfg in the Open box, and then click OK.
2. Expand Component Services, expand Computers, expand My Computer, and then click DCOM Config.
3. Right-click IIS WAMREG admin Service, and then click Properties.
4. Click the Security tab.
5. Under Launch and Activation Permissions, click Edit.
6. In the Launch Permission dialog box, click Add.
7. In the Select Users, Computers, or Groups dialog box, type the domain user account that you specified as the Windows SharePoint Services 3.0 service account, [it's network service for sbs] click Check Names, and then click OK.
8. In the Permissions for UserName list, click to select the Allow check box that is next to Local Activation, and then click OK two times

8.  I'm warned about Windows Auto tuning level -- at an elevated command prompt type in netsh int tcp set global autotuning=disabled

9.  I'm warned about Receive side scaling -- at an elevated command prompt type in netsh int tcp set global rss=disabled

10.  I forgot to remove the STS_WPG group.... and remove the STS_worker and the IUSR_Domainname, and IWAM_Domainname user accounts.  Do not touch the IIS_WPG, but you can find the Iuser and Iwam with an _domainame and delete those.

11.  I need to get rid of task offload -- at an elevated command prompt type in netsh int ip set global taskoffload=disabled

12.  And I forgot the Vista WMI filter on the box.

All of these clean up stuff I found out by merely running the www.sbsbpa.com on the system.  It's now specifically checking for post migration issues.  Cool huh!

The sensible deployment

I'm taking a break from the Migration dry run blogging tonight because I had to do a slide show for a group of folks I'm doing a presentation for tomorrow.  My Dad's retired executives groups.  All of those years that I had to listen to Dad, I now get to give a presentation to "Dads and Moms" about computer security.  Or how to be paranoid just a little bit, without freaking yourself completely out.

Earlier this evening my Sister and I were chatting about software and she had heard that Office 2010 was coming out in beta.  And she mentioned that at her office they were just NOW starting to deploy Office 2007 and that she didn't see that they'd be upgrading soon.  There is the Microsoft upgrade cycle.  The one that hopes you'll be migrating and ripping things out every two years.  And then there's the reality of businesses, of change, of the economy.  So while Microsoft is announcing and touting Exchange 2010 and TechEd Berlin, I'm just NOW deploying Exchange 2007. 

Out here in the real world of deployment there's still a fair amount of Exchange 2003 deployed.  And the reason it is, is the very reason that it has taken me this long to deploy Exchange 2007.  There's a more sensible reason for the upgrade other than "it's got the latest cool thing".  In my case it's a hardware upgrade that is making the decision.

For all those that have asked, btw, the methodology that I'm doing it the most closely aligned to the "Microsoft Method" and yes at the end I'll put all of these blog posts in a word document you can download. But keep in mind that I'm not really using anything other that these documents:

http://blogs.msdn.com/sbsdocsteam/archive/2009/11/12/the-windows-sbs-2008-migration-guides-are-updated.aspx

And this book:

http://www.packtpub.com/small-business-server-2008-installation-migration-configuration/book

Which it too is basically taking the Microsoft method and giving me screen shots so I know where I'm supposed to be at.  Granted he does add the extras of the some scripts and things. 

At the end of the day YOU have to do a dry run and practice.  YOU have to establish a confidence in yourself.  YOU have to take WHATEVER method you chose, tweak it and make it your own for the needs of your client base.  What I've personally ended up with, isn't the Microsoft method, it's the "what Susan decided to do because she was the most comfortable with choosing it" method.

At the end of the day, that's what counts the most.  You have to be comfortable in your skills, and surround yourself with the tools that make you feel that way.

>>>Partner Community Hot issues November 2009 -- Client<<<

 >>>Partner Community Hot issues November 2009<<<:
http://social.microsoft.com/Forums/en-US/partnerwinserver7rcthreads/thread/cf96edb8-afd7-48e2-aac9-519844f5d048

>>>Partner Community Hot issues November 2009<<<

TOP SUPPORT ISSUES
NEW & UPDATED KB ARTICLES

TOP SUPPORT ISSUES

[ISSUE 1]

Problem Description:
=============
Get intermittent network pauses on the Windows 7 computer.

Resolution:
==========
Disable auto-tunning.

Use the below command in command line on the Windows 7 computer:

netsh int tcp set global autotuninglevel=disabled

[ISSUE 2]

Issue:

===========

You cannot change the power settings on a Win 7 ultimate client that is member of a SBS2003 domain.

Cause Analysis:

===========

If the power options are configured via group policy, the following registry key should be added to the Win7 client:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings]

We ran gpresult /v to generate a group policy results report on the problematic Win 7 client and found the GPO’s that configure the PowerSettings are:

Local Group Policy

Small Business Server - Windows Vista policy

Solution:

===========

Configure the settings under the Power Management node to Not Configured in both GPO

Remove the Vista GPO from the server and it is working now.

[ISSUE 3]

Problem

========

You have problem with inbound FTP connections from the public network if the Windows Firewall is enabled on the brand new Windows 7 Server.

Cause

========

FTP is a special case because of the way in which an FTP server establishes the data channel for an FTP file transfer. During a typical FTP user session, an FTP client initiates a control channel with an FTP server. When the FTP client transfers a file from the FTP server, the FTP server tries to establish a data channel with the FTP client by initiating communication on a TCP port different from the one used for the control channel.

Solution

========

Since you are using Windows Firewall with non-secure FTP traffic, to overcome the problem described above, Windows Firewall uses the Application Layer Gateway Service to provide dynamic port mapping for the FTP data channel, thereby facilitating the stateful filtering of FTP traffic. We can open port 21 and enable stateful FTP filtering on the Windows Firewall by using the following commands:

1. To open port 21 on the firewall, type the following syntax in a command prompt then hit ENTER:

netsh advfirewall firewall add rule name="FTP (non-SSL)" action=allow protocol=TCP dir=in localport=21

2. To enable stateful FTP filtering that will dynamically open ports for data connections, type the following syntax in a command prompt then hit ENTER:

netsh advfirewall set global StatefulFtp enable

Reference

========

I have also included some articles below, just for your reference. Hope they are helpful to you.

 How Windows Firewall Works http://technet.microsoft.com/en-us/library/cc755604(WS.10).aspx

How to Configure Windows Firewall for a Passive Mode FTP Server http://technet.microsoft.com/en-us/library/dd421710(WS.10).aspx

Netsh Commands for Windows Firewall with Advanced Security http://technet.microsoft.com/en-us/library/cc771920(WS.10).aspx

[ISSUE 4]

Issue:

===========

Step-by-step document about TS  gateway and remote app

Solution:

===========

Here is the basic sequence we should follow to deploy remote desktop service on windows server 2008 R2.

1.    Licensing server.

Deploying Remote Desktop Licensing Step-by-Step Guide

http://technet.microsoft.com/en-us/library/dd983943(WS.10).aspx

2.    Install Remote desktop service role.

Installing Remote Desktop Session Host Step-by-Step Guide

http://technet.microsoft.com/en-us/library/dd883275(WS.10).aspx

3.    Create virtual desktop pool using remote desktop web access.

Deploying Virtual Desktop Pools by Using Remote Desktop Web Access Step-by-Step Guide

http://technet.microsoft.com/en-us/library/dd883265(WS.10).aspx

4.    RDS(ts) gateway.

Deploying Remote Desktop Gateway Step-by-Step Guide

http://technet.microsoft.com/en-us/library/dd983941(WS.10).aspx

About application virtualization, this is entire solution for desktop level virtualization.

It has advantage over RDS like management, deployment and scale. However, it will remote more server and technical resource involved.

We are noticed that Application virtualization(previously called softgrid) is totally another solution. It use different protocol, different mechanism to implement application for client.

It has nothing to do with RDS(TS) anymore and client didn’t use “remote desktop” client anymore. User didn’t need to create a remote desktop session to access application running on server. It will “cache” the data on local machine and run it locally.

Here is some article for your reference.(A lot of document, really…)

Planning and Deployment Guide for the Application Virtualization System

http://technet.microsoft.com/en-us/library/cc843778.aspx

NEW & UPDATED KB ARTICLES

Computers that are running Windows 7 or Windows Server 2008 R2 stop responding at a black screen if a screen saver is enabled

http://support.microsoft.com/?kbid=976427

The "Run only allowed Windows applications" Group Policy setting displays no entries on a computer that is running Windows Vista, Windows Server 2008, or Windows 7

http://support.microsoft.com/?kbid=976922

Best regards,

Brandon Jiang
Partner Online Technical Community
-----------------------------------------------------------------------------------------
We hope you get value from our new forums platform! Tell us what you think:
http://social.microsoft.com/Forums/en-US/partnerfdbk/threads
------------------------------------------------------------------------------------------
This posting is provided "AS IS" with no warranties, and confers no rights.

Migration Step Thirty one: Adding a bit of Group Policy

Delete the old Folder Redirection Group Policy object. Follow the instructions on pages 73 through 74 in the Microsoft migration document.

Give the built-in Administrator group the right to log on as a batch job for Windows SBS 2008 migration

After you migrate, you should give the Administrator group the right to log on as a batch job.

After you migrate an existing Windows SBS 2003 domain to Windows SBS 2008, verify that the built-in Administrator group still has the right to log on as a batch job to the Destination Server. Administrators need this right in order to run an alert on the Destination Server without logging on.

One step I don't have to do... so we can pass on that one.. but on this one I need to do:

Give the built-in Administrator group the right to log on as a batch job. Follow the instructions on pages 74 through 75 in the Microsoft migration document.

Migration Step Thirty: DCpromoing the SBS 2003

At this point of the migration we need to physically remove any attached printers and attach them to the new server (more on that in another blog post).

And now we're ready to say goodbye to the SBS 2003 box.

Demote the Source Server

You must demote the Source Server from the role of an Active Directory Domain Services (AD DS) domain controller to the role of a domain member server.

Both the Source Server and the Destination Server must be connected to the network while the Group Policy changes are updated on the client computers. If you are about to demote and disconnect the Source Server from the network, ensure that Group Policy settings are applied to all client computers.

To force a Group Policy update on a client computer

To demote the Source Server

After you make the Source Server a member of a workgroup and disconnect it from the network, you must remove it from AD DS on the Destination Server.

To remove the Source Server from AD DS

Remove the Source Server from the network

Remove the Source Server from the network, and keep it available for at least one week in case some necessary data was not migrated.

Edit the Software Updates Group Policy object on the Destination Server

After demoting and removing the Source Server, it is still included in the scope for the Update Services Group Policy object (GPO) on the Destination Server. This is now an unresolvable security identifier (SID) and should be removed in the Group Policy Management Console on the Destination Server.

To update the Software Updates GPO

Migration Step Twenty Nine and a half, part two: Uninstalling Exchange 2003

Let's try this again now...

And voila

You must uninstall Exchange Server 2003 from the Source Server before you demote it. This removes all references in AD DS to Exchange Server on the Source Server. You must have your Windows Small Business Server 2003 media to remove Exchange Server 2003.

To remove Exchange Server 2003 from the Source Server, click Windows Small Business Server  2003 in Add or Remove Programs, and then click Remove. Follow the instructions to finish the procedure.

And we're done with that step. 

Finally.  The next step is dcpromo-ing down the SBS 2003.

But before ... remove printers physically attached to the SBS 2003...

Physically disconnect printers that are directly connected to the Source Server

Before demoting the Source Server, physically disconnect any printers that are directly connected to the Source Server and are shared through the Source Server. Ensure that no Active Directory objects remain for the printers that were directly connected to the Source Server. The printers can then be directly connected to the Destination Server and shared from Windows SBS 2008.

And... uh... I have none.  They are all attached via IP addresses as they have print servers.  Next up..a blog post about 32 versus 64 bit printer drivers and we dcpromo out our SBS 2003 and say goodbye.

Migration Step Twenty Nine and a half: Uninstalling the Exchange 2003

You must uninstall Exchange Server 2003 from the Source Server before you demote it. This removes all references in AD DS to Exchange Server on the Source Server. You must have your Windows Small Business Server 2003 media to remove Exchange Server 2003.

Important  

To remove Exchange Server 2003 from the Source Server, click Windows Small Business Server  2003 in Add or Remove Programs, and then click Remove. Follow the instructions to finish the procedure.

We're now at the step on step 29 where we are ready to remove the Exchange 2003.  We've already done a dry run of turning off the SBS 2003 box (but keep in mind with the 2k3 box still in the active directory of SBS 2008 it makes the rebooting of that box kinda dicey as it makes the AD in the SBS 2008 box not the happiest in the world.  The server still runs just fine, but it drags it's feet a bit booting up as it's looking for the turned off SBS 2003.

Stick Disk 2 in the cdrom, or stick the disk 2 iso in the HyperV cdrom drive.

click on Windows SBS 2003 (not the r2)

Click on change/remove, then click next.  In my case it warned me I had the system on a machine with more than two processors and click next.

Go down to the Exchange server section pull the arrow key down and click change the check mark to remove.

Click next.

Confirm that you'll remove Exchange

The removal begins

It will then want the location of of the cdrom.

(note, do-do brain me downloaded the disk two of the SBS 2003 service pack 1 media. I'm now remote to the box at home and in my Jammies and can't walk over to the dvd drive and give it a disk.  So I'm having and having to download the right disk 2 to remove the exchange.  So step we're going to stop here at step twenty-nine and a half where I give the box the RIGHT disk 2 will have to wait until tomorrow.  If for whatever reason you  have a disk with a non functional cdrom drive you can always download the ISO, or convert it to an ISO and feed it into a usb drive and then mount the media using magicdisc )

Making those shares

One of the steps I kinda slid over was the process of recreating the shares from the old SBS 2003 and putting them in again on the SBS 2008.  Now if I was a strict person at the office I'd give everyone one drive letter and be done with it.  But we don't.  And some of the drive letters/shares are unique with permissions that limit them to certain people in the office. 

So one of the sections of the David Overton book discusses the use of the rmtshar.exe tool to copy and recreate the shares from one machine to another.  In addition the book includes additional scripts that help in the process.  The script he includes does the following:

The script will open up a Notepad window with all the shares available on the
SBS 2003 system including those that cannot be migrated, such as printers, policy shares, or tools from SBS 2003 that are not relevant or are already provided with
SBS 2008 such as the fax client. Delete all the shares from the list that you do not
wish to migrate to the new server. This would normally include the following:
SYSVOL
clients
tsclient
tsweb
faxclient
clientapps
NETLOGON
Some file shares are shared with a $ sign at the end to stop them appearing on a network list, while applications and users can still access them. You need to evaluate if these should be moved across. Also, disks are shared as the drive letter followed by a $ sign. You normally do not want to migrate a whole disk, so these would normally also be removed.

Now mind you rather than using the straight robocopy, this is the preferred way of doing it, as it redoes the permissions AND does the robocopy at the same time.

For each share in the Notepad file, you will notice a section similar to the one shown in the following screenshot. You will need to change the destination folder setting to the location where you want a directory created, shared, and then the files copied into it.
REM MIGRATING backup
REM ===================================
SET Dest_Folder="c:\migrated_files\backup"

Bottom line once you run the script on the old server, edit the shares you don't want, move it over to the new server and run the edited script, it automates moving the shares over from one to the other.

Cool, huh!

The links for his scripts are  on page 192 and 193 of the book (or PDF version) and more than make the book worth every penny. 

The method of migration documented by Jeff Middleton of www.sbsmigration.com does the same sort of script helping and when I get this whole series of migration posts done I'll do a recap of why I chose the Microsoft method augmented by David Overton's book as compared to the www.sbsmigration.com method.  [To give you a hint, while the www.sbsmigration.com method leaves the SBS 2003 totally intact and untouched, due to the number of classes, training sessions, and betas I've done for the Microsoft method I was more comfortable with the Microsoft methodology.

Whoda thunk it's in security settings

Whoda thunk that enabling the 64bit VT chip to enable either a 64bit guest or Windows 7 XP mode would mean that you needed to go into the security settings of the bios.

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&taskId=115&prodSeriesId=3429268&prodTypeId=12454&prodSeriesId=3429268&objectID=c01484896

www.grc.com/securable said it would support the HyperV technology, but it wasn't kicking in.  I knew it was in the bios, but couldn't figure out where the VT ON switch was until I searched on the HP site.

Your mailbox has been deactivated

The zip file attached has a low detection at this time...

Subject:     your mailbox has been deactivated
Date:     Mon, 16 Nov 2009 21:26:25 +0100
From:     support@msmvps.com <support@msmvps.com>
To:     <administrator@msmvps.com>


We are contacting you in regards to an unusual activity that was identified in your mailbox. As a result, your mailbox has been deactivated. To restore your mailbox, you are required to extract and run the attached mailbox utility.

Best regards, msmvps.com technical support.

Virustotal. MD5: 6d0898ff5ea2a6581f1ca3fdd55d840d Trojan.Dropper Win32:Trojan-gen Trojan.Agent-128597:
http://www.virustotal.com/analisis/6399729d05ff10775fa1e068369d1433e7173680d00ce00a6bb33e6fbed31970-1258403165

Tweaking monitoring

In the category of Migration extras,  I'll add tweaking monitoring.

 You can add unique custom alerts to the existing monitoring on SBS 2008 http://technet.microsoft.com/en-us/library/ee407455(WS.10).aspx

First you need to ensure that the existing monitoring emails out notifications.

Go into network, computers, and then view notification settings.

Enter the email address in there to get notifications from the server.

Now go to the reports tab, click on detailed network reports, and click on view report properties.  Adjust the weekly report and make it daily.

Now go to www.codeplex.com/sbs and download the custom alerts to %programfiles%\Windows Small Business Server\Data\Monitoring\ExternalAlerts directory

You can also add in some custom info to add memory use and spec's in the monitoring email from http://www.sbsdeveloper.net/Plugins/SamplePlugins.htm

Download the xml files and copy them to Data\SHExtensions directory of your SBS 2008 installation. Restart your console and Windows SBS Manager service.

And then the following is now added to the monitoring email:

The home stretch

So we're down to the home stretch in the migration of SBS 2003 to SBS 2008...

• Enable folder redirection on the Destination Server
• Migrate SQL Server data
• Migrate Terminal Service licensing server

Before we uninstall Exchange, there's three categories left....

First off I don't do folder redirection.  Why?  Because we train folks to store important stuff on the server.  So I don't feel that folder redirection is of value to my firm.

Next SQL server data.  This one can be the fun one.  When you order premium you get the option of installing SQL 2005 or SQL 2008 (at least it's guaranteed to have that media through December 2009 (1)

If you want it on the SBS main box follow a couple of blog posts and remember a few rules:

The Official SBS Blog : Error While Installing SQL 2005 Express on SBS 2008:
http://blogs.technet.com/sbs/archive/2009/06/11/error-while-installing-sql-2005-express-on-sbs-2008.aspx

The Official SBS Blog : Requirements for Installing SQL 2008 Standard Edition for Small Business:
http://blogs.technet.com/sbs/archive/2009/03/23/requirements-for-installing-sql-2008-standard-edition-for-small-business.aspx

Can I install SQL Server 2008 from Windows Small Business Server 2008 Premium Edition on the first server?   Yes, this is a supported scenario. However the SQL Server 2008 management tools will not install on the same server; you must install them on another server  (or use the express tools)

Do not migrate the instance of SQL Server 2005 Express that is installed on the Source Server for monitoring (SBSMONITORING), because this is not supported.

·      Do not migrate the instance of Windows Internal Database (SQL Server 2005 Embedded Edition) that is installed for Windows Server Update Services and for Windows SharePoint Services (MICROSOFT##SSEE), because this is not supported.

Finally on the Migrate Terminal Service licensing server, I think I already have that covered as I stood up a Win2k8 box and enabled the TS licnesing on it already.

By default, RWW in Windows SBS 2008 does not automatically display the terminal server on your network. Because of this, users do not see the terminal server when they connect using RWW. You must configure Windows SBS 2008 to display the terminal server in RWW. For more information, see “To add a Terminal Services server in Application mode to the Select Computer drop-down list in Remote Web Workplace” in the “Advanced Settings” section in Managing Windows Small Business Server 2008 Remote Web Workplace at the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkID=131600). 

[I have no idea what link they mean but the real link is http://technet.microsoft.com/en-us/library/cc527532(WS.10).aspx under Advanced Settings.]

To change the server time-out setting for Remote Web Workplace

1. On the Windows SBS 2008 server, click Start, click Administrative Tools, and then click Internet Information Services (IIS) Manager.

2. At the User Account Control prompt, click Continue.

3. In the left pane, double-click the name of the server to expand the tree.

4. Double-click Sites to expand it, and then double-click SBS Web Applications to expand it.

5. In SBS Web Applications Home, double-click Session State.

6. In Cookie Settings, change the Time-out (in minutes) to the desired amount of time.

7. Click Apply to save the changes.

8. 

To change the client time-out setting for Remote Web Workplace

1. Open Registry Editor.

2. Open the following registry key:

   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SmallBusinessServer\RemoteUserPortal\PublicTimeOut

3. In the Value data box, type the number of minutes that you want to elapse before the Remote Web Workplace session times out.

   Important
   The value you enter should not be larger than 1440. Otherwise, Connect to a computer and Connect to a server will not function properly.

4. Click OK.

On this one you'll scratch your head.  Because there is no RemoteUserPortal key 

It's in the next section down that they tell you to ADD the key.  Duh.

Add the key

To add a Terminal Services server in Application mode to the Select Computer drop-down list in Remote Web Workplace

1. Open Registry Editor.

2. Open the following registry key:

   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SmallBusinessServer\RemoteUserPortal

   Note
   If the RemoteUserPortal key does not exist, create it.

3. Create the following multi-string (REG_MULTI_SZ) key:

   TsServerNames

4. Type the name of your terminal services server. Type one name per line.

   Verify that the name is exactly the same as the server. If a server key already exists, modify its value. If the type isn’t correct, remove it first, and then recreate it.

5. Click OK.

6. 

Type in the TS server name

To create a new registry key that shows all computers

1. Open Registry Editor. To do this, click Start, in the search field type regedit, and then press ENTER.

2. In the User Account Control window, click Continue.

3. Browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SmallBusinessServer.

4. Right-click SmallBusinessServer, click New, and then click Key.

5. Name the key BusinessProductivity.

6. Right-click BusinessProductivity, click New, and then click DWORD (32-bit) Value.

7. Name the new value ShowAllComputers.

8. Double-click ShowAllComputers, and then, in the Value data text box, type 1.

9. Click OK, and then close Registry Editor.

(1) SBS 2008 Premium Edition comes with SQL Server 2008 Standard Edition for Small Business. Can I exercise my downgrade rights and run an earlier version of SQL Server?

A.  
No. Components of the SBS solution cannot be separated. However, Microsoft recognizes that line-of-business applications may experience compatibility issues moving from one version to the next, so till 12/31/2009, we will ship SQL Server 2005 Standard (both 32 and 64-bit platforms) in addition to the SQL Server 2008 Standard for Small Business for the customer’s use in order to address these potential issues.

Note that once we stop shipping both versions of SQL Server, customers are restricted from downgrading just the SQL Server component. Our downgrade rights specify that if you downgrade, you must downgrade all the component parts of the server software. However, the customers who received SQL Server 2005 Standard with their SBS 2008 Premium can continue to use it after the shipping period ends, but they may not use both SQL Server 2005 Standard and SQL Server 2008 Standard for Small Business simultaneously. Customers can, however, move between SQL Server 2005 Standard and SQL Server 2008 Standard for Small Business per their needs

MUing a box

When you build a box I prefer to manually use Microsoft update for that very first 'getting up to snuff' process.

So the first thing I do is ensure that the box has been flipped over to use Microsoft Update and not Windows update.

Windows Update only patches windows, Microsoft update offers up patches for Microsoft products. 

If you leave the patching interface for WU you won't get Exchange or SBS rollup patches.  Why isn't the box on MU from the get go?  EU/DOJ reasons is why.

And remember, to ensure you get the update rollups for SBS 2008... remember that the SP2 version of Small Business Server will need that update rollup for Companyweb to work as Win2k8 SP2 puts the kerberos on the box which is fixed by the update rollup.

Update Rollup delivery model for Windows Small Business Server 2008:
http://technet.microsoft.com/en-us/library/dd919194(WS.10).aspx

Customizing the RWW page

To customize the appearance of the Remote Web Workplace

1. Open the Windows SBS Console.

2. On the navigation bar, click Shared Folders and Web Sites.

3. Right-click Remote Web Workplace, and then click View site properties. The Remote Web Workplace Properties page appears.

4. Click the Customization tab.

5. Do any of the following:

   • To record the name of your organization as you want it to appear on the sign-in, sign-out, and home pages of your Remote Web Workplace, type the name in the Organization name text box.
   • To choose a custom background image for your Remote Web Workplace sign-in page, in the Sign-in page dialog box, click Choose, select an image in the list, and then click OK.
   • To display your organization's logo on the Remote Web Workplace home page, in the Home page dialog box, click Choose, select an image in the list, and then click OK.

* You can customize the appearance of Remote Web Workplace, including adding a display name for sign-in, sign-out, and the home page.

* You can also choose a background image and display your company’s logo.

* Remote Web Workplace supports the GIF, PNG, BMP, and JPG image formats. Your custom background image or logo should be approximately 760 pixels wide by 500 pixels tall. Additionally, you can select only from image files that are stored in the \Program Files\Windows Small Business Server\Bin\webapp\Remote\Images folder on the server. If you have custom images that you want to use, copy them to this folder first.

But that's not exactly the customization I had in mind.  If you pick background it gets tiled all over the place.  If you choose organization logo it only is shown inside the logged in RWW page.  What we want to do is put the logo on that main pre-log in screen.

And it's on Costas's blog we find the details

Costas Tsaklas’ Blog » Blog Archive » Customize the RWW logo in SBS 2008:
http://costas.cpstechgroup.com/2009/01/02/customize-the-rww-logo-in-sbs-2008/

If you want to replace it with your own company logo, you’ll have to have some editing skills but it isn’t very complicated.  Navigate to the following directory in SBS 2008:

C:\Program Files\Windows Small Business Server\Bin\webapp\Remote\images

Right-click on the "background.jpg" file and select "Edit". The file will open in Microsoft Paint, click on the "Selection" tool (arrow "a") and then select the default SBS image (arrow "b")

Now when your client logs into the RWW main landing page their logo is front and center.  Very professional looking.

You can also do similarly by replacing the RWWOEMLOGO.png in that same folder with the clients logo.  Be sure to copy the original images just in case, and edit the images in paint down to the smaller size but you can customize the RWW page to be more unique for your client.  You'll probably need to save them temporarily to the pictures folder and move them back into the right folder, clicking those UACs the entire time mind you, but it makes the resulting landing page so much more unique than the old RWW page.

Costas Tsaklas’ Blog » Blog Archive » Add custom links to RWW on SBS 2008:
http://costas.cpstechgroup.com/2008/07/02/add-custom-links-to-rww-on-sbs-2008/

You can also add additional links in that main RWW home page.

In order to add custom links we have to go to the Windows SBS Console click on the Users and Groups tab, and then click on the Manage Desktop Links Gadget to the right of the window

 From the Properties window there are options to add Links to either the Organization or Administration columns.  For this post, I selected the Organization links section, and added a link to the SBS 2003 newsgroup.

You could add a link to your firm's help desk or blog or wiki page here.

A little smarthosting

Setting up your SMTPauthing or smarthosting.  If you use a mail hygiene provider they may (probably do) want you to bounce your email out through them.  This allows you to scan the email outbound as well as offload that duty to them. 

Normally my smart host goes to www.ownwebnow.com 's servers but for purposes of this dry run I'm bouncing it out my own ISP.

But here's the thing.. it goes out port 25, not SSL port  465.  If you need to securely smart host it, you need to adjust the smart host port number.

To that we go over to Chad Gross's blog of the firm www.thirdtier.net

Specifying a Custom Port for SmartHost Communications in SBS 2008 - Aimless Ramblings from a Blithering Lunatic . . . - MSMVPS.COM:
http://msmvps.com/blogs/cgross/archive/2009/03/09/specifying-a-custom-port-for-smarthost-communications-in-sbs-2008.aspx

Just this morning I helped a partner with this very scenario.  Unlike previous versions of Exchange, Exchange 2007 does not provide an interface within its management GUI to specify a custom port when using a SmartHost for outbound mail delivery.  As a result, we need to set this via the Exchange Management Shell.

Once you open the Exchange Management Shell, one simple command will allow you to specify the custom port to use:

set-sendconnector –identity ‘[Send Connector Identity]’ –port [Port Number]

In SBS 2008, the default Send Connector that gets created is named “Windows SBS Internet Send [SERVER]”  where [SERVER] is the netbios name of your SBS server.  So for example, if your SBS box was named  SERVER01 and you needed to use port 2525 to send email to your smart host, you would enter:

set-sendconnector –identity ‘Windows SBS Internet Send SERVER01’ –port 2525

If necessary, you can find the identity (name) of your Send Connector(s) from the Exchange Management GUI, or from the Exchange Management Shell.

In the GUI, expand Organization Information, select Hub Transport, then click on the Send Connectors tab.

In the Exchange Management Shell, run the   get-sendconnector   cmdlet to get a list of send connectors.

Microsoft-Windows-Kernel-Processor-Power

Once a day, every afternoon, I'd get an alert from my box with this:

EVENT #    10069
EVENT LOG    System
EVENT TYPE    Warning
OPCODE    Info
SOURCE    Microsoft-Windows-Kernel-Processor-Power
EVENT ID    37
USERNAME    NT AUTHORITY\SYSTEM
COMPUTERNAME    
DATE / TIME      11/11/2009 6:35:34 PM
MESSAGE    The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 2 seconds since the last report.

I'd get this alert for every processer/core it had on the box.  8 alerts in a row.  So in reading up on it, I mostly saw it on laptops.  Okay so my HyperV server isn't a laptop, but the suggestions were to ensure that the system was taken off of Power management, and adjusted to use full power.  (so much for green IT 'eh?).

So I tried the normal power management settings and waited overnight and still, these events occurred.  I downloaded every bios update I could find (even though I used the August HP build media that should have pulled down the newest drivers).  No change.  Still this event.  It didn't seem to hurt anything but 8 alerts in a row was kinda annoying.  So then I went into the bios and changed the power management setting in there.

So far, no alerts have been seen since I told the bios power settings to be maximum power not balanced.  We'll see if it stays true and I've made that error go away.

There are some key steps to remember for Outlook Anywhere...

There are some key steps to remember for Outlook Anywhere...

1.  You can merely get a godaddy or cheap cert and it will work as long as the srv records up are at the DNS hoster http://www.thirdtier.net/2009/02/setting-up-an-external-autodiscover-record-for-sbs-2008/

2.  You can test the outlook anywhere with the Microsoft Exchange tester https://www.testexchangeconnectivity.com/ .  Set up an account for testing and run the test through that web site.

3.  Last but not least, adjust the Web app pool as follows:

The Official SBS Blog : Slow Connectivity for Outlook Anywhere and Sites that use the SBS Web Applications App Pool:
http://blogs.technet.com/sbs/archive/2009/02/10/slow-connectivity-for-outlook-anywhere-and-sites-that-use-the-sbs-web-applications-app-pool.aspx

Changing the domain name in the email

SeanDaniel.com - Small Business Server and Other Technology: Hosting Multiple Domains on SBS 2008/Exchange 2007:
http://sbs.seandaniel.com/2008/10/hosting-multiple-domains-on-sbs.html

For many small firms they have multiple email accounts.  We already pointed to that blog post for how you can add additional domains.  But while we're here let's talk about some other policies including the Email domain name and the iPhone password lock policy.

If you need to change the email domain policy for the firm

From there right mouse click the default sbs mail policy and click edit

Click next and adjust the email domain policy as you need.

I'm also recapping all of the Exchange related enhancements you may want to do in Exchange 2007

The Official SBS Blog : How to Configure Trusted SMTP Relay in Exchange on SBS 2008:
http://blogs.technet.com/sbs/archive/2008/09/18/how-to-configure-trusted-smtp-relay-in-exchange-on-sbs-2008.aspx

The Official SBS Blog : How to Send Email from the Internet to Sharepoint on SBS 2008:
http://blogs.technet.com/sbs/archive/2009/02/20/how-to-send-email-from-the-internet-to-sharepoint-on-sbs-2008.aspx

The Official SBS Blog : How Do I Change Message Size Limits in Exchange 2007?:
http://blogs.technet.com/sbs/archive/2008/10/28/how-do-i-change-message-size-limits-in-exchange-2007.aspx

The Official SBS Blog : How to Configure Non-Authoritative Accepted Domains in SBS 2008 (Exchange 2007):
http://blogs.technet.com/sbs/archive/2008/09/25/how-to-configure-non-authoritative-accepted-domains-in-sbs-2008-exchange-2007.aspx

It's at this point in the migration where you should go into your firewall and flip the email port 25 to be pointing to this new box rather than the old box.

Also you should have ahead of time limited the firewall to your mail hygiene hoster.  This keeps port 25 closed to only that provider's traffic and does not expose your port 25 to drive by port rattlings.

 The next setting to do is to ensure that the phones get the password setting you want by adjusting the phone policy.

Go into the client access, Windows SBS Mobile Mailbox policy and adjust/set up additional policies as you need.

Moving public folders

Migration step twenty: Moving Public Folders - THE OFFICIAL BLOG OF THE SBS "DIVA":
http://msmvps.com/blogs/bradley/archive/2009/11/09/migration-step-twenty-moving-public-folders.aspx

The token supplied to the function is invalid. ID no:80090308 Exchange System Manager - THE OFFICIAL BLOG OF THE SBS "DIVA":
http://msmvps.com/blogs/bradley/archive/2009/11/10/the-token-supplied-to-the-function-is-invalid-id-no-80090308-exchange-system-manager.aspx


A good tip when you are getting ready to migration public folders (I didn't even think of this) is to totally remove the SSL cert from the ExchAdmin site and untick the box require SSL.

You'll be moving it to the new box as the next step anyway.

I've lost the faith

...in Antivirus. 

So for anyone running Trend, go look in your c:\Program Files\Trend Micro folder as you probably have a huge growing mass of a program that is sucking up more and more of your C:\.  Meanwhile name an antivirus vendor that doesn't miss a rogue a/v and why are we paying for these antivirus solutions again?

It's gotten so bad for me that I've actualy totally removed Trend and am now doing a full scale test with Forefront client security.  My only complaint right now is that the a/v is only sold under a 3 year open value license.  So far it's like Microsoft Security Essentials but with an obvious business eula.

It's quiet.  It doesn't make me question why I'm buying it.