SBS

SBS 2003 and SBS 2008

I know this blog is suppose to be all about SBS 2003 and SBS 2008 but sometimes there is not a lot of things happening at the moment and I am off on other missions. One thing nice about the SBS 2003 and SBS 2008 Servers I have out there is they just plain run with no problems bad for me but good for the clients makes them happy when they don’t have to worry about their server which makes me look good and when they do need to do something who they going to go with the Box or the person?

I can’t say enough about the stability of the SBS 2008 servers I have out there now, we have not had to do anything with them since the migration other than the clients doing the updates and also checking the backups. One thing I will be doing in a week or so it take a SBS 2003 Server on old hardware and running out of drive space and moving this to new hardware. The customer is really concerned about downtime so it is a Friday evening move for this to happen. I have a 12 hour window to get the job down and I will be posting on how that goes but my goal is the use the Storage Craft Shadow Protect software to do this. If you have not checked the product out yet I sure would be downloading the trial and trying it out you won’t be disappointed. One little trick with this software is to be sure you have your RAID drivers loaded on the USB Drive you are using for the migration and to select the HIR option and specifying the folder you have the drivers in. I have had to do the C Drive twice to get the drivers to inject into the restore but it sure beats doing the whole server install from scratch or a swing migration. I will work on that ISA documentation and get it out after the weekend.

Til Later just Roger

Publishing SBS 2008 with ISA Server 2004 or ISA 2006 Part 2

In this post we are going to talk about setting up the device sitting in front of your ISA Server either your Basic Router of choice or in this instance I will be using a Sonic Wall device. What you must decide is the IP Range you are going to use for your space between the SonicWall Lan link and the ISA Servers External NIC. Lets use 10.10.1.1 for your ISA Servers External Nics IP and 10.10.1.2 for your Sonic Wall Lan IP and a Subnet of 255.255.255.0

On your ISA Server on the External Nic properties you would define it’s IP as 10.10.1.1 Subnet of 255.255.255.0 and it’s gateway would be 10.10.1.2 this is your Sonic Walls LAN IP. On the Sonic Wall when you have set this up when you go through the setup Wizard the LAN and the WAN IP’s are defined which makes the whole process pretty darn easy. Once this is completed you would login to your SW and go to the Firewall Rules. I am using a Sonic Wall with the Basic Firmware on it and not the Enhanced OS that is a few more steps but for you that are familiar with the OS this will be a snap. You go to the Firewall Rules and Create the Rules for 443 and set it to allow and then from all on the WAN and point this to 10.10.1.1 on the LAN and do the same for Port 25 and Port 987. That is all you have to do on the Sonic Wall now to the ISA Server but the same logic will hold true for whatever type of device you have setting in front of the ISA Server if that is the choice you make. Or if you have nothing in front of this and you can ignore all of this and now on to setting up the ISA Server.

Til later just Roger

Publishing SBS 2008 with ISA Server 2004 or ISA 2006 Part 1

I know many of you have SBS 2003 Premium with ISA 2004 Server. I know there are those of us that like to use ISA to protect the domain either by itself or in a 2 Layer aapproach. I myself have my clients running a Sonic Wall firewalls out in front of the ISA Server. I will be walking you though the setting up the ISA Server for publishing the pieces of the SBS 2008 Server that you will want to access from the outside world. This is just basic Publishing with ISA Server.

The RWW is basically using the Terminal Server Gateway piece of 2008 Server for the connections into your network clients or servers. One thing you will have to do is export out your SSL cert off the SBS 2008 Server for your remote.domainname.com or whatever you are using for the outside world and then import that into the Server Certificates Personal Store on the ISA Server. This will be applied to your Web Listner on the External NIC of the ISA Server. Also on some you will need to import this into the Intermediate Trusts also as I have had some sites that I have had to do this on.

You can use the Exchange Wizard on the ISA Server to Publish the OWA and Mobile Access and your Exchange Server. I will go into this all in greater detail in more posts on this subject as I walk you through the setting up of the ISA Server to work with the SBS 2008 Server and also your Sonic Wall of like device in front of it all.

Til Later just Roger

SBS 2003 and Wild Blue

I am sure others have had this experience with a Wild Blue connection but this was my first. This was a new customerthat was 4 hours away and we sold the server over the phone and I thought I had asked all the questions I should have but not true I forgot one important one and assumed they was in town. Which in all actually they was outside of the town about 5 miles. So they had Wild Blue for a Internet connection, I had asked can you get a static IP and they checked and the answer was yes and I had asked do they block any ports and they checked no they don’t. But I did not ask any names anything like that of the ISP. Me bad and yes I can admit me bad.

So I get on-site get the server all setup and going which I did try SBS 2008 first but we couldn’t make the legacy LOB App work  so I rolled them with SBS 2003 R2 and then we went to address the Internet stuff which I could not make any connections to the server from the outside. So a call to support and no they say we don’t block ports so more testing thinking I had the router wrong. Nope this all looked good more digging and I hit the web and find others with this problem. When they say they are not blocking ports that is true they are smashing the packets in all actuality so you can’t do what the customer wants. Ok the customer calls back and asks them why did they sell them a Business Class service if that was not a true statement. No answer from them on that this is the way it is to them and the customer is hung with a contract and a buy out if they want to get out of it. We did find another service that will do the satellite and allow anything to come in but more equipment to be purchased. So we are exploring a couple of ways to go which this is one of them and now the ISP in town has wireless and they will find out if this will work next week. Bottom line if you have a customer that mentions Wild Blue tell them run screaming away from that call and find something else.

Til later just Roger

SBS 2003 and OWA

We had another site with OWA having issues and I am wondering if this was a problem with maybe a update that came down or was actually just something that came up. But they was getting the 500 error and Site busy from the outside when OWA was tried to go to. What they ended up doing was running this

We had to sync IUSR and IWAM

Used this piece of flotsam

We used the /inetpub/AdminScripts for this.

The syntax we used:

cscript adsutil.vbs set w3svc/anonymoususerpass “f00″

cscript adsutil.vbs get w3svc/anonymoususerpass (reports correct password)

cscript adsutil.vbs set w3svc/wamuserpass “f00″

cscript adsutil.vbs get w3svc/wamuserpass (reports correct password)

To sync the passwords with IIS we used:

cscript.exe synciwam.vbs -v

2^nd time through it worked

Til later just Roger

SBS 2003 with ISA 2004 Internal Client VPN Problems

I had a customer who has a SBS 2003 SP1 Server with ISA 2004 who uses a VPN off their client machines to a site that they submit claims too using the ATT Global Dialer. Well I got the sheet from them on Ports and IP’s that needed to be allowed to do there certain parts and got them all added but the workstations still would not connect. They keep getting error 223 VPN port in use. I finally tracked it down to on the SBS Server I had to go to the registry and add Port 4500 to HKey_Local_Machine\system\CurrentControlSet\Service\Tcpip\Parameters  in the Reserved Ports and I had to add 4500-4500 and then I could allow a VPN to initiate from the inside out. It seems to be the problem that a certain Windows Update allowed something else to take over this port. Once I defined this as reserved then the Clients was good. When I get the exact article I will post that info also.

Til later just Roger

SBS 2003 to Exchange 2007 migration Part 5

Well the server from hell started to blue screen this week. It was a SBS 2003 server that someone had decided to treat the server as one would for a Enterprise Server and had it all messed up. This server had many issues and that was one of the reasons that this customer decided to spilt off the parts onto Full Server Servers. Last week when I had been onsite I had done a Sharepoint backup and what I could so we could remove the Exchange 2003 Server and demote this server down. Well that was not the case as the server started to Blue Screen come Monday so the onsite IT guy said no more and shut it down.

I got onsite yesterday and made sure that was what we was going to do for sure and I then went through the process of cleaning AD up from the failed DC and seized the roles over to the Main 2008 DC and cleaned AD and DNS and all those fun parts that are still there. I have the matter of cleaning the orphaned Exchaneg server out of AD so the Exchange 2007 server don’t think it is there anymore. Ya know there is really no good articles on this process and I am still trying to find that article that will help clean up the Exchange 2007 Server from the reminants of the Exchange 2003. When I get that tracked down I will let you know but for the most part looking back on this whole deal it was really simple to do other than all the problems had with the SBS 2003 Server. I did get the Sharepoint restored onto a 2003 Server running in HyperV and that went over real good as the customer had figured it was gone. Now it is getting the new ISA 2006 server in place and publishing either 2008 TS Gateway or a Terminal Server they was still kicking that one around will see where that goes for sure. Well it is off to a weekend of fun at the Great Wolf Lodge in Kansas City with all my children except for my oldest he and his son. They will be missed but the rest of us sure will be thinking of them as we will be playing in the 84 degree warm swimming area.

Til later just Roger

SBS 2003 to SBS 2008 Migration Part 5

I was real pleased with the way this migration worked. The key to a sucessful migration is that your source server is healthy AD wise which makes it very important to use the SBS 2003 BPA on the source server until the reports are clean and your event logs are clean. Also to use the Exchange 2007 BPA to make sure the Domain is ready for Exchange 2007. DNS setup correctly and clean and the source server updated with MS Updates. Take your time and get your server ready don’t just dive in and expect to be able to fix anything that don’t migrate correctly on the other end because as of right now a lot of the fix is to call MS or to restore you source server and start again or both calling MS to find out you have to restore. SO Backup, Backup, and Backup your server before you start and do the rest to be sure your source server is ready…. I can not stress that enough because if you don’t think you need to worry about it better think again if the BPA or the Ebent logs are not clean. Here is the time it took me for a 20 user office with SBS 2003 and ISA involved.

1.      Setup parts in server 30 min

2.      Moved TS Licensing over to the TS Server. 15 minutes

3.      Removed ISA and ISA Client Settings and updated the Server with all Windows Updates and Run the SBS BPA on the server and also the Exchange 2007 BPA on the server till both was clean and ready to go.    3 and half hours

4.      Setup 2 Backups to run on Sunday and once these finished I Ran the Migration Tool on Source Server. 1.5 hours

5.      Checked everything over and then created answer file and then started upgrade process on server. This took 4 hours

6.      Updated new server with HP Updates and Windows Updates and Setup Drive partitions and folders to match source server for structure 1 hour

7.      Started Migration list and configured Exchange to move email automatically and created robocopy script to copy data and I scheduled this for during the night to run. 3 hours

8.      Day 2

9.      Moved Exchange parts to new server 30 minutes

10.  Moved Public Folders and those pieces to new server 1 hour

11.  Finished Migration Wizard except for removing Source Server 2 and half hours

12.  Setup Printers on new server and install 32 bit drivers and moved QuickBooks pointer on workstation and then DCPromoed Source server end of day. 4 hours

As you cans see it took me about 22 hours give or take to do this process and I took my time and did not rush anything.

Til Later just Roger

SBS 2003 to SBS 2008 Migration Part 4

Houston we have a problem here…….. When testing the RWW connect to computer it would work once and then the rest of the time the login box would keep prompting for a login. Ok what is going on here I ran the Fix network wizard and it would show this error.

Component ID #3If the Fix My network wizard shows that component ID #3 is broken, this
means that within IIS the RPC virtual directory settings are incorrect.
Continuing to fix this error within the wizard will correct the RPC virtual
directory to support both Basic and NTLM authentication to this virtual
directory.

I could see that the permission would get changed on the RPC Virtual directory but couldn’t keep it set. I finally posted this on the SBS 2008 connect newsgroup and got the fix for this issue from thomasds. I went to http://sbs.editme.com/sbs2008rww and on there was this

Another common problem on xp SP3 is that RWW keeps on prompting you for login details even though you enter the correct info.
Here is a possible solution for that issue:Authentication issues with Outlook Anywhere and Terminal Services Gateway (TS Gateway)

Use the procedure that follows to fix these authentication issues:

    * Microsoft® Outlook® repeatedly prompts you for credentials through Outlook Anywhere (previously known as RPC over HTTP)
    * Remote computer log on fails if you are using the Connect to Computer feature in Remote Web Workplace

You can encounter these issues if you open the TS Gateway Manager administrative tool. When you open TS Gateway Manager, the server turns off basic authentication for the RPC virtual directory. Because of this, there is a delay in accessing Outlook Anywhere. To prevent future authentication issues of this type, install the hotfix that is described in Knowledge Base article 954034 on the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkID=124578).

To immediately repair authentication issues with Outlook Anywhere and TS Gateway, perform the steps in the following procedure.
To fix the authentication issues with Outlook Anywhere and TS Gateway

      > Click Start, click Administrative Tools, and then click Internet Information Services (IIS) Manager.
      > In the User Account Control window, click Continue.
      > In the Connections pane, expand <your server name>.
      > Expand Sites, and then expand SBS Web Applications.
      > Click Rpc, and then in the /Rpc Home pane, in the IIS section, double-click Authentication.
  
      Verify that Basic Authentication and Windows Authentication are enabled. If either authentication is disabled, click it, and then in the actions pane, click Enable.

I applied the hotfix and life has been good. The main reason I really needed this to work correctly was my wife uses this a lot for work and one of the others also use this daily so it had to work. I also found that 443 was bound to the default website and this was causing a problem with the windows updates. I removed it from the default website and made sure it was applied to the SBS VD and then the WSUS started working. Simple enough and I then continued on and demoted the old server and away we went.

Til later just Roger

SBS 2003 to SBS 2008 Migration Part 3

So I got up a little earlier than normal and checked the scheduled jobs I had running and seen that the files had been copied and that the email had been moved. This is tough stuff here. I went ahead and moved the Exchange parts from the Source server to the Destination server and verified I had email flow in and out of the company. I had also disabled my incoming mail port on the firewall while the processes run the night before. Once I had the Exchange parts moved I then opened this backup and mail flow resumed as you would normally expect to see.

I had a couple of security groups controlling file access so I went ahead and converted them to the SBS 2008 server so the users would not see any problems with file access. Cooked some breakfast and then it was off to onsite to continue on with the migration. Got onsite and found I had missed a couple of file permissions but that was quickly fixed. Made sure everyone when they logged in got the new mail server and that was all good also. This was looking too easy here and nothing showing up as a problem so I setup the printers I needed on the SBS 2008 server and loaded the 32 bit drivers into the server also because we are still running 32bit machines and a 32 bit TS Server. I did add those printers using the run as administrator permission and had no issues adding drivers 64 or 32 bit.

I started back with the migration wizard and went through all the steps that needed to be done throughout the rest of the day and then moved users over to the printers on the SBS 2008 box. So far I had not found any issues with the migration or users access. Plus I got to have lunch with wife again double points here for me.

Til Later just Roger