License Issue: Clients unable to login to OWA

 

 

Descriptions of the problem:

Clients unable to login to OWA from inside or outside the domain.

Issue with all clients. Some clients have issues logging into the network.

 

Diagnosis:

Licenses were not available to users, the licenses issue was caused by low free disk space on c:\.

The authentication on Virtual directories in default website related to OWA was incorrect

 

Solutions :

Get error that username and password is incorrect when logging to OWA.

Also receive this warning on licenses issue.

The server was working fine and users were able to login normally few hours back the licenses should have been fine

Checked the licenses under licensing in server management.

Installed licesnses : 5

Maximum Usage : 1

 

Checked the disk space available

 

Total Size : 12 Gb

Free space: 117Mb

 

To retrieve licenses

1. Stopped the license logging service

2. Browse to c:\windows\system32

3. Renamed

4. Licstr.cpa à licstr.cpa.old

5. Autolicstr.cpa à licstr.cpa

6. Started license logging service

7. Went back to licensing in server management and saw that the licenses reappeared

To create space in c:\ moved the following files to a new folder under d:\

1. W3SVC1 folder which contains log files for IIS default website.

2. Downloaded updates

3. Drivers

Created 1.67 Gb of space.

Users still cannot login to OWA

1. Opened IIS console

2. Under default web site and OWA virtual directory, found that the authentication was incorrect.

3. Set it to default

virtual directory	Enable Anonymous Access	integrated authentication	Basic authentication	SSL required
Default Website	yes	yes
Exchange			yes	yes

4. Users able to login to OWA and network

 

Note : Product ID for windows SBS 2003 server is 74995-xxxxx-xxxx

If the server is OEM , you will see 74995-oem-xxxx

Windows Small Business Server 2003 SP1

 

Windows server 2003 SP1 and Windows Small Business Server 2003 SP1 are two different service packs. If you are not sure about this, windows server 2003 SP1 is meant for all windows 2003 servers including Small Business Servers. Windows Small Business Server 2003 SP1 is a service pack for Small business server 2003 only.

How to check if Windows server 2003 SP1 in installed?

 

1. Click start , then run.

2. Type winver and hit enter.

3. In the new windows that comes up you can check the service pack level.

There are other ways to check the SP level , but this is my favourite.

 

 

How to check if Windows Small Business Server 2003 SP1 is installed on your server?

 

1. Open Regedit. Start – Run -- Regedit

2. Browse to servicepacknumber number under

HKEY_local_Machine\Software\Microsoft\small business server

3. If the key is absent or is set to 0 , the service pack is not installed. A value of 1 indicates that Windows Small Business Server 2003 SP1 is installed.

 

 

A thing worth mentioning here , in case you are migrating to SBS 2008 from SBS 2003 you will notice that SBS 2003 should be updated with Windows Small Business Server 2003 SP1. However , you may not know that you can create the above key and assign it a value 1 , and the SBS 2008 will not come to know that Windows Small Business Server 2003 SP1 is not installed and will let you continue.

Do I see a smile there. It’s a work around worth mention.

Now that there are no doubts about Windows Small Business Server 2003 SP1 lets shed some light on issues you may encounter while installing Windows Small Business Server 2003 SP1. If you are managing Microsoft products for some time not you should be aware that you are instructed by Microsoft to take a good backup. GOOD is the golden word here.

Let me share a recent exploit. I installed SP2 for exchange 2007 on a SBS 2008 without a online exchange backup, something went wrong with the install and on rebooting , exchange binaries were completely installed. This had happened before in a test environment. I did try to dig down to the cause and found a reasonable explanation. It’s a feature of windows 2008 servers where it rolls back to a restoration point in case of a failed install. My restore point must have ...... . . . aargh!

 

 

You need to install the following before you can install Windows Small Business Server SP1

1. Windows Server 2003 Service Pack 1

2. Windows SharePoint Services 2.0 Service Pack 1

3. Exchange Server 2003 Service Pack 1

4. Windows XP SP2 for Client Deployment

 

 

If your install fails you can refer setup.logs.

C:\Program Files\Microsoft Integration\Windows Small Business Server 2003\logs\setup.log.

If the damage is irreversible revert to backup. If not try to resolve the issue you found in the logs and install again.

 

Scenario 1:

Most of the issues are encountered with Client deployment.

Make sure the following is inplace

1. ClientApps folder is located in the root of C: drive. It may have been moved to a new location to free space in C: drive.

If it has been moved , move back to original location.

2. The permissions are default on c:\ , c:\ClientApps and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SmallBusinessServer\clientsetup

3. Check if all ClientApps components are installed in integrated setup, I bet they won't be, in that case install them.

 

 

Scenario 2:

"THIS COMPUTER CANNOT BE UPGRADED TO THE OEM VERSION OF SMALL BUSINESS SERVER"

You may get this error if you install SP1 on a OEM machine. Try these steps

1. Open Regedit and browse to HKEY_LOCAL_MACHINE \software\microsoft\smallbusinessserver\IsRunFromWeb.

2. Set the value to 0X1.

If this does not work try

1. Browse on the SBS 2003 server to C:\program files\Microsoft integration\windows small business server 2003

2. Locate suiteinfo.dll and go to the properties. Under resource tab expand string
If it is OEM version, it will have an entry that says 74995-OEM
If it is the retail version, it will say just 74995

If it still doesn’t work replace the file from a OEM machine.

 

 

Scenario 3:

Event ID: 11714

If you encounter this error, try the steps below

Event Type: Error

Event Source: MsiInstaller

Event Category: None

Event ID: 11714

Description:

Product: Windows Small Business Server Fax -- Error 1714. The older version of

Windows Small Business Server Fax cannot be removed. Contact your technical

support group.

 

 

Are you using SBS Fax.

 

Yes

Reinstall Fax from integrated setup.

 

No

1) Remove fax using integrated setup

2) Export and delete the following keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fax

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fax

3) Rename the following files/folders

C:\Program Files\Microsoft Windows Small Business Server\fax

C:\Winnt\FaxSetup.log

4) Run client deployment again.

SBS BPA(best practice analyser ) does not update

 

Have you ever used the SBS best practice analyser from Microsoft. If you have , you must be impressed with the depth it reached. It runs a few WMI queries to get you results that may astonish you.But there is a slight flaw with this program.

You may have observed that you ran the BPA and it showed some error , you tried your best to fix it and there is no other way to tackle the issue.However , the BPA is still showing that error.

The BPA goes through the event viewer for the last 24 hours, so its bound to pick up errors that you may have resolved.This just stumps a lot of people , and they ridicule the BPA before a second thought.

From here on , don't ridicule the BPA. understand why its behaving the way it shouldn't. If its shows the error you resolved and you need to show your adamant boss that the BPA shows no errors , you need to go ahead and clear the event logs or just let him know that the BPA will  not show the errors after 24 hours.

How to Backup and Restore Your SBS and Default Group Policies.

In Windows 2003 server we have 2 default policies

1. The default domain

2. The default domain controller policy

In SBS 2003 we have 7 additional Group Policies, In SBS 2003 R2 we have 3 more for WSUS.If the SBS Vista Update is configured there will be another GP.

There may be issues in the domain when a policy is corrupt or while fixing NTFRS issues you may lose the policies. DCGPOFIX will only get default policies back and you may have to restore from another SBS 2003 server. It is a good idea to backup your GPs in spite of having a regular backup program. Check the easy steps below to backup and restore Group Policies.

 

 

HOW TO BACKUP?

1. Open Group Policy Management Console (Start – Run -- gpmc.msc).

2. From within GPMC expand domain.local and then Group Policy Objects.

3. Right click on Group Policy Objects and select Backup All.

4. Specify a location and a description for your Backup.

 

5. Click the Backup Button. You will get a progress bar which will show the status of the operation.

 

 

And you have a backup of the GPs on your server.

 

Restore Procedure:

1. These are the two default GPs in windows server 2003 and are necessary to run the DC stably. You cannot delete these policies.

 

 

2. To restore these policies from GPMC, right click on Group Policy Objects and select Manage Backups.

3. Select the Group Policy object we want to restore and click on restore. You will only be allowed to restore one policy at a time. You can see the progress of the operation in the progress.

4. Once policies are restored you need to re-link them to their appropriate OU. All of the SBS policies are linked at the domain level while The Small Business Server Auditing Policy is linked to the Domain Controllers OU.

Troubleshooting Issues with Remote Web Workplace-Part 3

 

It has been a few days since the last blog. Lets gets started with this one right away.

You can get to the RWW page however you are unable to login.

 

 

Scenario 1: The login gets stuck at “LOADING”

You may rarely see this one across the domain. This error is specific to client machines.

This is surely a problem with your web browser. You may not be using IE , or cookies may be turned off or its not allowing add-ons.

If you have not done this already, add the RWW URL to trusted sites

 

 

Scenario 2: The Loop of login page

You provide correct credentials and it gets redirected to the login page again and again and again.

This may be a very common one.It can be resolved by doing either of the following:

 

Method 1: Configure the number of worker processes for the DefaultAppPool application pool to 1

1. Open IIS manager (start à run à inetmgr), browse to Application Pools.
2. On the work pane, go to the properties of DefaultAppPool.

3. Under the Performance tab set the Maximum number of worker processes to 1.

4. Click OK and run IISRESET from command prompt.

OR

 

Method 2: Create a new application pool for the remote virtual directory

1. Under Application pools, in the Action menu, create a new Application Pool.

2. Give the app pool a sensible name like RWWAppPool.

3. Select Use default settings for new application pool option, and click OK.

4. In IIS console , Expand Web Sites, expand Default Web Site, right-click Remote, and then select Properties.

5. From the Application pools listed there, select the application pool that you created.

6. Click OK and run IISRESET from command prompt.

The next post will be up soon.No screenshots were available.

How to Change timeout for CompanyWeb, RWW, OWA websites in SBS 2008

 

 

By default in SBS 2008, companyweb is set to time out in 30 minutes if there is no user activity .Your organization may require a user to work all day in companyweb , and you may think that this time out is affecting productivity. The organization may have security concerns and may want to reduce the timeout

I list below simple steps to change the time out. But make sure you take a backup of the configuration before making any changes.

1) Open companyweb.

2) Click Site Actions and then click Site Settings.

3) Under Galleries section, click Master pages.

4) Right-click default.master, point to Send To and then click Download a copy and Save the file in a convenient location.

5) Make a backup copy of this file and open in notepad.

6) Once in notepad , click Ctrl+f and Locate “function EndSession”

It will look like this

//this value indicates after how many miliseconds

var LOGIN_SESSION_TIMEOUT_VALUE = 1800000;

function EndSession()

7) The time out here is specified in milliseconds , and you guesses it right the 1800000 value is the default timeout .

8) Modify the 1800000 value to the desired timeout.

9) Save the file. The file should not be saved as default.master.txt. but as default.master

10) In CompanyWeb , click Upload, and select the default.master file. Leave the box “Add as a new version to existing files” checked and click OK.

11) After the document is uploaded, click OK.

12) If you are having problems , then the file you uploaded is not default.master but default.master.txt.

 

 

How to change Idle time out for RWW

 

To change the client time-out setting for Remote Web Workplace . the default value is set to 30 minutes

1. Open Registry Editor and browse to

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SmallBusinessServer\RemoteUserPortal

If the RemoteUserPortal key does not exist , you can create it .Also make sure that you have the correct spelling in correct case.

3. Create a DWORD (32-bit) value named “PublicTimeOut “

4. In the Value data box, enter the number of minutes that you want to elapse before

the Remote Web Workplace session times out.

5. Click ok to exit.

To change the server time-out setting for Remote Web Workplace. The default value is set to 30 minutes:

1. Open IIS manager

2. 3. In the left pane, double-click the name of the server to expand the tree.

4. Double-click Sites to expand it, and then double-click SBS Web Applications to expand it.

5. In SBS Web Applications Home, double-click Session State.

6. In Cookie Settings, change the Time-out to the desired amount of time. The time is in seconds.

. Click Apply to save the changes.

How to set Idle time out for OWA

 

The Outlook Web App virtual directory must be configured to use forms-based authentication.

Using the Registry

1. Open regedit on CAS (client access server) server and browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchange OWA
2. Create new DWORD Value. In the details pane, name the new value PublicTimeout.
3. In the Value Data box, type a value between 1 and 43,200. This value is in minutes.
4. Restart The Microsoft Exchange Forms-Based Authentication service.

Important

• If the client timeout value is GREATER THAN the server timeout value, The RWW page will log you off after the client timeout value and return you to the RWW logon page without displaying any message.
• If you opened OWA from the link within RWW, the OWA page will also be logged off and returned to the OWA logon page when you click anything within OWA.
• If the client timeout value is EQUAL TO or LESS THAN the server timeout value, The RWW page will log you off after the client timeout value and display a message indicating the same.
• If you create a key named PrivateTimeout instead of PublicTimeout , it will affect the private/trusted computers. You can also use powershell to do the same.
• OWA Public TimeOut, default is 15 minutes. OWA Private TimeOut default is 8 hours.
• If you opened OWA from the link within RWW, the OWA page will remain open until the OWA idle timeout is reached (default is 15 minutes).
• The RWW timeout does not affect the companyweb timeout.

Troubleshooting Issues with Remote Web Workplace-Part 2

Continuing the post we will Troubleshoot some more scenarios where we can not get to RWW homepage and get an error.You can refer http://support.microsoft.com/kb/318380 to find cause and resolution to messages with error codes in them. We will discuss a few errors with error codes.

Error 1:
HTTP Error 403 – Forbidden
There are many versions of this error . So you need to go through the complete error and check what you need to Proceed with troubleshooting

If you get this error as well
You are not authorized to view this page
You might not have permission to view this directory or page using the credentials
you supplied.

• Check the permissions In IIS console for remote virtual directory under directory security.make sure it is default
  
• Check Documents in the properties of  Remote Vdir .Make sure Default.aspx is not missing .You can add Default.aspx if it is missing and you shoule be able to browse RWW.

Error 2:
HTTP Error 403.6 - Forbidden: IP address of the client has been rejected.

Open the IIS manager, under Web Sites, expand Default Web Site, Highlight Remote Virtual directory dir and click Properties.
Under Directory security tab, Under IP address and domain name restrictions, click Edit.
Select Granted Access and remove the IP addresses of any computers that you wish to allow access from the exceptions field.
Click OK to exit
 
Error 3:
403 Forbidden - The server denies the specified Uniform Resource Locator (URL). Contact the server administrator. (12202) Internet Security and Acceleration Server .
 

 
You will get this error only if you have a ISA server in the domain and it is blocking the requests.
Re-run the CEICW wizard and call in a seasoned tech if you still have issue.

Error 4:
The page cannot be displayed:

 

Make sure you are using the correct fully qualified domain name (FQDN) in the URL to access RWW and that it resolves to the correct internet IP address for the SBS 2003 server.

Check if  ports 80 & 443 are open on the firewall between the server and the client from where you try to browse.

If this does not resolve the issue , run  Connect to internet wizard (CEICW / ICW )

•       Launch connect to internet wizard.Click Next on the Welcome screen.
•       On the Connection Type screen, select Do not change connection type and then click Next.
•       On the Firewall screen, select Enable Firewall, and then click Next.
•       On the Services Configuration screen, click Next.
•       On the Web Services Configuration screen, select either of the following options 

                  A.      Allow access to only the following Web site services from the Internet and Remote Web Workplace

                  B.      Allow access to the entire Web site from the Internet

 

• On the Web Server Certificate screen & Internet E-mail screen, select Do not change and then click Next.

Click Finish.

You should not receive “Page cannot be displayed” Error

Troubleshooting Issues with Remote Web Workplace-Part 1

 

This is the first post in a series of posts that will follow in which I will discuss how you can troubleshoot issues with RWW. Remote web workplace is a one stop shop for users in SBS domain. Users can access OWA, companyweb or connect to any computer in the domain , provided they have appropriate permissions.

The RWW website is hosted in IIS and can be accessed from outside the domain. You can reach it with following URL http://domainname/remote . One can also use the servers IP address.

The default page looks like this:

 

We shall now discuss common some troubleshooting steps if you can not get to this page.

 

Scenario 1

Error “Server Error in '/Remote' Application”

If you get a runtime error

1. Check what version of ASP.NET you are using for Remote virtual directory. You can check the same in IIS console under the properties of the website.

2. Open a command prompt with admin rights

          Run cd Drive:\windows\microsoft.net\framework to change directory where asp.net version are stored .

          Run a Dir command and it will list all the versions of ASP.Net on the machine .you may see

                    v1.1.4322

                    v2.0.50727

          Choose the version your remote virtual directory uses . To do this type cd v and hit the tab   key to see different versions.and hit enter when you have the correct one.

                   Type aspnet_regiis –ir and hit enter

          This command Installs the version of ASP.NET associated with Aspnet_regiis.exe and only registers ASP.NET in IIS.

3. If you are still not able to get to the RWW page internally or externally try this

There may be missing permissions on the

"%windir%\Microsoft.Net\Framework\1.1.4322\Temporary ASP.Net Files" folder.

The default permissions on the folder are

• Administrators: Full Control
• Authenticated Users: Read & Execute, List Folder Contents, and Read
• Creator Owner: Special Permissions
• Local Service: Full Control
• Network Service: Full Control
• Server Operators: Modify, Read & Execute, List Folder Contents, Read, and Write
• System: Full Control.

Out of these local service , network service or server operators permission may be missing

 

Scenario 2:

If you get Access denied to 'C:\inetpub\wwwroot\web.config'.

Check permissions on the c:\inetpub\wwwroot and c:\inetpub\wwwroot\web.config
In most cases you will find that the Everyone group was missing. Add it back to the
directory with the standard read and execute, list folder contents, and read
permissions.You should be good to go.

 

Scenario 3:

Configuration error

• Repair ASP.NET version using step 1 above
• Replace the machine.config file from a working machine
• If this doesn’t work you should consult a seasoned technician or Microsoft support team, as you need to run Gacutil command thay may break SharePoint .

 

 

Scenario 4:

Debugging is not supported under current trust level settings.

• Check if web.config file is present in c:\inetpub\wwwroot\web.config.If you find it there , remove it. This file is not supposed to be here.

Scenario 5:

Object reference not set to an instance of an object.

• You may see encounter this error after ASP.NET updates .So go ahead and uninstall those updates .run iisreset.
• If this does not work you will have to run stsadm command

               stsadm -o upgrade –forceupgrade

 

• Check the version of WSS you are using .Open a command prompt with admin privileges and run
• cd /d %commonprogramfiles%\Microsoft Shared\Web Server Extensions\60\Bin for WSS 2.0

and

• cd /d %commonprogramfiles%\Microsoft Shared\Web Server Extensions\12\Bin for WSS 3.0
• If you receive an error while running the command refer: http://support.microsoft.com/kb/841216

These are some scenarios that you can encounter .

There will be more posts on troubleshooting RWW issues shortly.

Most Underrated and Underused features of a SBS server - Part 2

Folder Redirection

Windows provides the ability to redirect specific user folders to server locations, using a group policy extension called Folder Redirection. Folder Redirection allows users and administrators to redirect the path of a folder with critical data to a new location on the server. Users have the ability to work with documents on a server as if the documents were based on the local drive.

Set Up

Since Folder redirection works by applying group policies , there has to be a logical structure of AD. Once an administrator creates the group policy and links it to the appropriate AD object, he can designate which folders to redirect and where to store thos e on the server,following is the location of the GP

User Configuration\Windows Settings\Folder Redirection

When you go to the properties of any of the folders application data , desktop , My documents , Start Menu a similar screen as below will appear

Go through the options it gives you get here

You can redirect all folders to one location or choose the advanced option to have different location for various User Groups. You can also choose the folder location and provide the path below.
The %USERNAME% variable may be used as part of the redirection path, thus allowing the system to dynamically create a newly redirected folder for each user to whom the policy object applies. You can use only variables like %username% or %userprofile% , Other variables may not be available

What can you redirect ?

My Documents

My Pictures

Application Data

Desktop

Start Menu

If you have a SBS 2008 , folder redirection is easy as 1 2 3 . Just open the SBS console and it gives you ability to redirect folders for the users. SBS 2008 is a phenomenal server OS for small businesses and very easy to administer for novices.

How much easier can it get ? A UI to set up folder redirection. NO GPO settings , no folder permissions .

In both cases we need some specific permissions on remote  file share , if these are incorrect , you may face issues. For folder redirection to work properly, the destination shared folder NTFS and Share Permissions must be properly configured.  If redirecting a folder to a location that the end user should not change, i.e. the Start Menu or Locked Down Desktop the following permissions should be applied:

• Share Permissions:
  • Everyone – Full Control
  • Administrators – Full Control
  • System – Full Control
• NTFS Permissions:
  • Everyone – Read and Execute
  • Administrators – Full Control
  • System – Full Control

If Group Policy is configured to redirect to a location where the GPO will automatically create the destination folder, i.e. user’s individual Application Data, Desktop or My Documents folders the following permissions should be applied to the parent folder:

• Share Permissions:
  • Everyone – Full Control
  • Administrators – Full Control
  • System – Full Control
• NTFS Permissions:
  • Everyone - Create Folder/Append Data (This Folder Only)
  • Everyone - List Folder/Read Data (This Folder Only)
  • Everyone - Read Attributes (This Folder Only)
  • Everyone - Traverse Folder/Execute File (This Folder Only)
  • CREATOR OWNER - Full Control (Subfolders and Files Only)
  • System - Full Control (This Folder, Subfolders and Files)
  • Domain Admins - Full Control (This Folder, Subfolders and Files)

So let your users redirect important company information to a central share. But be aware

1. If you have too much data in the folder you want to redirect , and you are setting this up for the first time , it will take huge amount of time to move the data to the shared folder , thus delaying the logon.

2. If folder redirection is being set up for the first time , the clients will have to log out and log in minimum 3 times to start the folder redirection.

Exchange 2007 , unable to send email to specific domains

 

Issues of similar nature may rarely be an issue on server side . the purpose of the post is to discuss possible troubleshooting steps for server side issues.

Most important asset you have is this scenario is the Non delivery report generated in response to your email. I will tell you if the receiving domain rejected the email , or was it your exchange server that is unable to deliver. It will also mention a generic reason why the email was not delivered.

Following are the different causes for Remote delivery failure:

• Blacklisting

Remote severs will check if you domain is blacklisted for sending out spam.You can run a blacklist test from http://www.blacklistalert.org/ or http://www.mxtoolbox.com/blacklists.aspx . Someone may be using the open relay on your exchange to send out spam .

If you use a smart host , it is unlikely that the server will be blacklisted.

• Connection Filtering

The remote domain may have blocked your exchange domain name or IP address. They could have also blocked IP ranges which include your Ip address .You can relay mail through a smart host if available.

• Improper DNS resolution of Remote Server

This possibility will arise in case one of the Global DNS severs has a bad MX record for the remote domain and you are fortunate enough that your sever forwards a record to the Global DNS server that hosts the incorrect MX record.

Make sure the host file doesn’t contain any unnecessary entries. Check The DNS on your server to make sure a MX record or a DNS zone is configured for the remote domain. Remove the record if found and flush the DNS cache.

Enable verbose logging for the SMTP connector and check the Ip address of the remote domain.You can verify the actual MX record for the remote domain by using http://dnsstuff.com/

• Port 25 blocked at the remote site

Open a command prompt and telnet the remote site on port 25.

Run “TELNET Remote.domain.com 25”

You will get a SMTP banner if you are able to connect , which means that the port is open.

• Maximum Transmission Unit (MTU) and Black hole Routers

Beware of a Blackhole router in the SBS domain.

If the SBS server is sending traffic that must be fragmented, but no ICMP control packet reaches SBS to let it know, then the traffic will be dropped without intimation.

• PTR Record

If the PTR record does not point your server’s IP address to its properly registered name, certain organizations checking for this will drop your connection. They will do this to Avoid spam.

Unlike other records, PTR records are not hosted by your DNS registrar, nor are they hosted by you even if you manage your own DNS namespace.

Web sites you can use to check your PTR record include http://www.checkdns.net/quickcheck.aspx and http://dnsstuff.com/

• Sender ID

Make sure your SPF record is correctly configures.If you are unsure of an existing SPF record or need to create a new one for your domain, visit the Sender ID Framework SPF Record Wizard: http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard

These are most common issues and there may be other reason for this issue

Network router discovery in SBS 2008 , how Connect to internet wizard works in the background

There is a brand new SBS 2008 you are setting up. You need to run a few handy wizards from the SBS console. You will encounter “The connect to internet” wizard . I will try to highlight the major processes that happen in the background.

Before starting with that, the connect to internet wizard is a by-product of Microsoft decision to segregate the ICW (internet connection wizard) of the SBS 2003 fame into multiple singular wizards.

Once you launch the wizard and click next

1. It checks the number of network cards on the system.

2.  It will then check for the networks available.

 

A) If the DHCP Server service on the router is turned on, Windows SBS 2008 does the following:

• Uses the DHCP server subnet settings on the router to set up the DHCP Server service on Windows SBS 2008. The DHCP Server service is configured to hand out Class C addresses by default on the same network as the router, from .1 to .254.IP addresses from  .1 to .10 are reserved for routers, servers, printers etc.
• Throws up a warning that a DHCP server exists on the router and that the network will be configured so that DHCP on the SBS 2008 is authoritative.

         It will give three options

                >  Manage Router – load the page of the router. make the necessary changes.

                >  Postpone – Run the wizard another time.

                >   Continue – this will check the network again for DHCP servers.Choose this option if you have disabled the service on the router.

B) If the DHCP Server service on the router is turned off , Windows SBS 2008 does the following

• Server multicasts a ICMP Router Discovery Message on the multicast address 224.0.0.2. This is in accordance with RFP 1256 protocol. Routers that are RFC1256 compliant will respond to this request. The Router Solicitation can be sent to the all-routers IP multicast address, 224.0.0.2, which is the local IP broadcast address that IPv4 reserved. IPv4 multicast addresses in the range 224.0.0.0/24 (from 224.0.0.0 to 224.0.0.255) are reserved for the local subnet.
• Server uses the Simple Service Discovery Protocol (SSDP) Discovery Service to find routers that do not support RFC 1256.UPnP compliant devices advertise their presence in the local network via SSDP. The information sharing during this process is limited to basic information about the devices and their services, probably a UNC path , which can be used to gather more information.

Once a device is found , the server will ping the device to check if it responds .

Attempts to connect to the Internet through the device by making a DNS request to the root DNS server. Server sends 3 requests to 3 randomly chosen DNS root hint servers trying to resolve a public URL.

If the DNS Server has forwarders already configured, we will use the forwarders to do the DNS query instead of the Root Hints.

If a router is not discovered,it will prompt the user for the routers IP address. If the router is discovered, but the internet is not, wizard gives an opportunity to configure and test internet connection.If a router is found and  we can connect to the internet , a finish page will be displayed.

IPv6 router

If you disable DHCP service on a IPv6 router , stateless auto-configuration is enabled . SBS will configure the DHCP service with it’s own site local IP address and make all the configuration for you. 

Moving Exchange 2007 To new hardware

 

 

Moving Exchange 2007 To new hardware

No white papers available for migration

Task Specifications

o Each Exchange role needs to be moved Individually

o Roles on present server Mailbox , hub transport , Client access , UM

o Roles that need to be transferred Mailbox , hub transport , Client access

o domain doesn’t want to use UM on new server

Specific instructions :

o Mailboxes , GAL t o be moved to server

o Clients must be able t o connect to OWA and OL and use all features included.

o Task to be completed in ;Less than 10 hours

Steps Already Completed:

o Installed Exchange 2007 on target server.

Basic Steps

1. Check version of windows server and Exchange .At hand we have windows standard 2003 server x64 To check version go to Run and type WINVER This is the same information one will get when he goes to properties of my computer . Output looks like : 2. Check Installed Exchange roles on the server Open exchange management console and run the following command Get-exchangeserver | FL name , server role A simple value add here : The | fl refers to format list and similarly |fl refers to format list By specifying name , server role we can ask powershell to only give us only this \\\\\\information Try typing only Get-exchangeserver | FL and you will wonder there is so much \\\\\\information related to ur mailbox. This also shows the roles installed on the target server .

3. Backups are a must right before starting the migration. Moving Client Access Role To Target server According to Microsoft Technet “The migration process for Client Access servers is primarily a manual process because ///////you cannot programmatically migrate configuration settings from one Client Access \\\\\\\server to another.” The client access server stores the configuration in the following a) Active Directory à to store configuration information related to the Availability service, Exchange ActiveSync, and Outlook Web Access virtual directories. b) The Internet Information Services (IIS) metabase.xmlà information for Exchange ActiveSync, and for Autodiscover, and Exchange Web Services. c) Web.config & applicationhost.config files and the Windows registry à used to store configuration data related to Outlook Web Access, IMAP, POP3, the Availability service, Exchange ActiveSync, and information that is used by Exchange Setup.

4. Confirmed that no custom configurations have been made. Microsoft Suggests “ExportCASConfig.ps1 can be used to export virtual directory information for Outlook Web Access, Exchange ActiveSync, Unified Messaging, Web services, offline address books, POP3, and IMAP4 . “ o Reference à http://msexchangeteam.com/archive/2007/11/14/447534.aspx Ever wanted to export your CAS role settings? o Download location à http://msexchangeteam.com/files/12/attachments/entry447497.aspx

5. Ran the Script ExportCASConfig.ps1 on source server . Saved file to c:\ . Analyzed the file and found that no modifications or customizations have been made. Ran the script on Target server and compared to last one. Same settings on both servers. Two XML files can also be compared using Microsoft WinDiff (Windiff.exe), which is included with both Windows Server 2003 and Windows Server 2008 . Made copies of Web.config files for OWA .

Moving the HUB transport role to target server

As Hub transport server was already installed on target server , noted down the settings on source server for Exchange connectors (Send and receive ).

Following are the screen shots of the Properties of the Exchange connectors :

All Tabs for Default internet connector name default EXCHBACKUPS

o Properties of the Receive connector

Exchange Management console à Server Configuration à Hub Transport à Receive Connector

o Properties of the send connector

Exchange Management Console à Organization Configuration à Hub Transport à Send connector Tab

o Screen Shot for Accepted domain

Exchange Management console à Organization Configuration à Hub Transportà accepted domain

Ensured that we have same settings on Target server .

Moving Mailbox server role to new server

1. Moving The Offline Address Book generation to Target server Followed the same Steps as recommended by Microsoft To use the Exchange Management Console to move the OAB generation process to another server Start the Exchange Management Console. In the console tree, expand Organization Configuration, and then click Mailbox. In the result pane, click the Offline Address Book tab, and then select the OAB for which you want to move the generation to a new server. In the action pane, click Move. The Move Offline Address Book wizard appears. On the Move Offline Address Book page, click Browse to open the Select Mailbox Server dialog box. Select the server to which you want to move the OAB generation process, and then click OK. Click Move to move the OAB generation process to the new server. View the status of the move operation. The wizard will move the generation of your OAB to the new server and copy the existing files for the OAB to the new server. On the Completion page, confirm whether the OAB generation process was moved successfully. A status of Completed indicates that the wizard completed the task successfully. A status of Failed indicates that the task was not completed. If the task fails, review the summary for an explanation, and then click Back to make any configuration changes. Click Finish to complete the Move Offline Address Book wizard. Refer à http://technet.microsoft.com/en-us/library/bb123917(EXCHG.80).aspx A Screen shot of the process

2.Moving the Public folders to new server Before Moving any data disabled the Network scalability pack by disabling Receive side scaling & Offloading features on network cards as this will assist Data movement over the network . Refer à http://support.microsoft.com/kb/948496 http://support.microsoft.com/kb/951037 Added Target server as Public folder replica for source server and vice versa Ran the following Command to move the Public folders .\MoveAllReplicas.ps1 -Server TESTBACKUP -NewServer TEST-EXCH Saw that we have the replication working by 1. Running get-Publicfolderstatistics in exchange Powershell 2. Opened Queue viewer from Toolbox in exchange management console. we can see the Public folders moving from source to target

3.Moving mailboxes to source serve o Created new database location on target server o D:\exchange database o Changed location for log files to d:\exchange database \logs o Used move storage group task to move the log files o All files moved successfully to new location o Used the Move Mailbox task option from Exchange management console o o Moved all mailboxes successfully o All data including user data and log files have been moved to Target server o verified that all mailboxes connect to user o verified all settings for CAS server role o Under Server Configuration --> client access --> checked the configuration for all tabs Missing Information --> URL'S for OWA not there o added the URL's o External URL for Active sync missing o added that o Checked OWA , able to login but cannot send and receive emails o Internal email works fine o Firewall may still be pointing to Old server , After making the changes the email flow works fine .

Conclusion –> All roles and data migrated to target server .Exchange will be uninstalled from the source server in future .

Most underrated and underused features of windows server –Part1

 

In my career I have seen very few Customers running small to medium businesses utilizing the features available to then on a windows Server .I will discuss some of these Features that may interest you . Along with that I will provide steps to configure these .So here we go , Lets discuss DFS or DFSR .

you can get detailed information here http://technet.microsoft.com/en-us/library/cc781091(WS.10).aspx 

In very simple terms DFSR provides you with a much wanted functionality, to be able to keep data synchronized on multiple servers .You can have data/file shares That will be synchronized over the internet or intranet between 2 servers.This is like Sharepoint document libraries , Distinction without a difference , No , however same functionality in a much easier configuration.  

Follow the following steps to set up DFS in your domain . I have tried to add Screenshots to make it simple for novices . 

 

Resources in Test Environment

1. Windows 2008 server R2

Host name   win2008r2dfs1

IP address 66.228.2.52

Roles Installed File server

2. Windows 2008 Server R2

Host name  win2008r2dfs3

IP address  66.228.2.52

Roles Installed  File server

 

 

Preparation for Setup

1. Promoted Win2008r2dfs1 to domain

New domain name  DFSTESTREP.com

Installed DNS on the server & DFS on the server through the server management add roles wizard  

2. Promoted Win2008r2dfs3 in the DFSTESTREP.com as a ADC

Installed DNS on the ADC and replicated from DC

3. Installed certificate services

Go to Add roles in server management and check the box for AD certificate services and click next

Installing DFS

1. Click Start, point to All Programs, point to Administrative Tools, and then click Server Manager.
2. In the console tree of Server Manager, right-click the Files Services node, and then click Add Role Services.
3. Follow the steps in the Add Roles Services Wizard
4. Check boxes for DFS namespace and DFS replication , hit next

Creating a new Name space

1. The DFS installation will give an option to create a name space. We get the following if we choose to create a name space.

A snap shot of creating a namespace while Installing DFS

Click Next

2. Install a Domain based namespace. Enable Windows server 2008 mode only if all servers in domain are server 2008 and above

3. Selecting Folder target.

This is a folder that needs to be replicated via DFS. This folder should be shared.

A folder can be created before hand; the wizard gives us an opportunity to make a new shared folder.

4. More folders or sub folders can now be added to this name space

Click next a couple of times and the wizard will install DFS and create a namespace

We can also choose to create a namespace later .That can be done from the DFS console

Configuring DFS

Open the DFS console from administrative tools

Creating a Namespace from DFS console

1. In the console tree of the DFS Management snap-in, right-click the Namespaces node, and then click New Namespace.

Follow the steps as above to complete the wizard .

2. Adding a folder to the namespace .Click New folder on the action pane.

3. To start replication add another folder on a new location, this can be a new drive or a new server. Like before we get an option to create a new folder.

4. Adding the folder an WIN2008r2dfs3 which will replicate with the primary folder on WIN2008r2dfs1

If a folder is not create already, you get option to create a new shared folder

5. We need to create a replication group for DFS replication to work. Following are the screen shots of the process to create a replication group.

6. Provide appropriate name or leave it as default

7. Next screen shows us the shares that are created. Click Next

8. Choose the primary member. This server will be authoritative and will replicate all the data to replication partner.

Selecting the Topology

1. Since we have only two servers we can go for full mesh. Multiple DFS servers will call for customized topology for efficiency and bandwidth optimization.

2. Schedule can be configured at this screen. In test environment full bandwidth was provided and no replication schedule is set.

It can be done by choosing the “replicate during specified days and times” option.

3. Confirmation of the details of Replication group.

At this time any change can be made to the configuration without deleting it.

The replication group has been configured correctly

Following the same procedure we created 3 new namespaces and corresponding Replication group

Details of the name spaces

1. \\dfstestrep.com\a

Win2008r2dfs3

Folder Location à c:\a

Win2008r2dfs1

Folder Location à c:\dfsroots\a

2. \\dfstestrep\b

Win2008r2dfs3

Folder Location à c:\dfsroots\b

Win2008r2dfs1

Folder Location à c:\b

3. \\dfstestrep\ab

Win2008r2dfs3

Folder Location à c:\ab

Win2008r2dfs1

Folder Location à c:\DFSroots\ab

Configuring one way replication

In DFS management console, expand Replication

Make the appropriate selection

Under membership tab , select the member on which the replicated folder needs to be configured as read-only, right click and select ‘Make read-only’ in the right click menu.

This will facilitate one way replication. Since no changes can be made to the read only share, it will only pull information from the replicating partner.

Conclusion

We have set up 3 name spaces that are hosting /replicating 3 shares .All steps to reach this configuration have been covered previously .Following is the configuration .

1. One Way Replication from Win2008r2dfs3 to Win2008r2dfs1

Namespace à \\dfstestrep.com\a

Win2008r2dfs3 Folder Location à c:\a (Primary server)

Win2008r2dfs1 Folder Location à c:\dfsroots\a

Under replication, for this namespace, under Membership we can see two connections

Right click Win2008r2dfs1 and choose ‘Make read-only’

No changes can be made to folder ‘a’ on Win2008r2dfs1 as it has been changed to read only

Similar error will be generated

As soon as a change is made to folder ‘a’ on Win2008r2dfs3 , it will update on Win2008r2dfs1 via DFSR

2. One way Replication from Win2008r2dfs1 to Win2008r2dfs3

Namespace à \\dfstestrep.com\b

Win2008r2dfs1 Folder Location à c:\b (Primary server)

Win2008r2dfs3 Folder Location à c:\dfsroots\b

Under replication, for this namespace, under Membership we can see two connections

Right click Win2008r2dfs3 and choose ‘Make read-only’

No changes can be made to folder ‘b’ on Win2008r2dfs1 as it has been changed to read only

As soon as a change is made to folder ‘b’ on Win2008r2dfs1 , it will update on Win2008r2dfs3 via DFSR

3. Two Way Replication between Win2008r2dfs1 to Win2008r2dfs3

We only need to create a new namespace, add folders and set up a replication group following the earlier steps

Namespace à \\dfstestrep.com\ab

Win2008r2dfs3 Folder Location à c:\ab (Primary server)

Win2008r2dfs1 Folder Location à c:\dfsroots\ab