[ Windows | XP | 7 (seven) | 8 | 10 | ] - [ Server | 2003SBS | 2008SBS | 2011SBS | 2016 | WSUS ]
SBS 2011
SBS 2008 / SBS 2011 to virtualize or not to virtualize
Tools
Report Viewer 2008 SP1 Redistributable
SBS2008 | Windows Small Business Server (SBS) 2008 Best Practices Analyzer (BPA) (SBS2008)
SBS2008r2, SBS2011 | Windows Server Solutions Best Practices Analyzer 1.0
Servicepacks
Exchange 2010 sp3 | Description | Download | Exchange Team Blog
Hot & Fixes
Repair Windows Server Update Services
How to configure an authoritative time server in Windows Server | Configuring-Windows-Time-Service | 2008 R2 sync time external source | Registry entries | w32tm /resync /rediscover
How to recreate SBSmonitoring database | other technet post | Script to run renames current database and creates a new one.
Disable SSL v3 | ServerFault | KB Plesk |
External sites
SBS 2011 – IV. Tweaking the Server
SBS 2011 Setup Guide v1.13.0
Windows 10
Other links
http://blog.mpecsinc.ca/2010/12/sbs-2011-setup-guide-v100.html (recommended)
sbs 2003 to sbs 2011 migration
How to enable javascript in internet explorer
Getting Outlook to Autodiscover Office 365
While editing the Service Connection Point in Active Directory Sites and Services does work, it’s probably not the “approved” way to do things.
The support manager recommended that I instead use the Exchange Management Shell to entirely remove the Autodiscover Virtual Directory using Remove-AutodiscoverVirtualDirectory. Here’s how I did that:
1. Open an elevated command prompt and back up the IIS configuration (explained here):
%windir%\system32\inetsrv\appcmd.exe add backup "Before Removing Autodiscover"
2. Open an elevated Exchange Management Shell and retrieve the current autodiscover virtual directory:
>Get-AutodiscoverVirtualDirectory | fl Name, Server, InternalUrl, Identity
Copy the Identity value to the clipboard.
3. In the Exchange Management Shell, remove the autodiscover virtual directory:
Remove-AutodiscoverVirtualDirectory –Identity <identity value retrieved above>
Update December 4, 2014 Per a couple of comments, the identity string should be enclosed in quotation marks:
Remove-AutodiscoverVirtualDirectory –Identity "<identity value retrieved above>"
You will have to confirm by typing a “Y”.
4. Check that the autodiscover virtual directory is gone:
Get-AutodiscoverVirtualDirectory | fl Name, Server, InternalUrl, Identity
This should now return nothing.
5. Now, with Outlook running on a desktop, hold the Ctrl button, right-click on the Outlook icon in the system tray, and select Test E-mail AutoConfiguration. Enter your email address and password and click the Test button. The results should come from the Office 365 server.
Profilewizard
http://www.forensit.com/comparison.html
SBS Exchange
Exchange Server Updates: build numbers and release dates
Enable relaying for local machines
How to forward mail to publicfolder
Understanding Transport Pipeline
Understanding Exchange Server Intelligent Message Filter
Exchange 2013 Storage Configuration Options
SBS 2011 Store.exe allocating too much memory despite cache adjustment
Limiting Exchange 2010 Cache Size
SBS2011 Updates and WSUS
Update Services in SBS 2008 | Petri.co.il – BS 2011, updates, SBS console or WSUS? | Manage WSUS 3.0 SP2 Storage
SBS 2008 to “fix” managing WSUS after you have manually upset it
SBS 2011, updates, SBS console or WSUS?
Petri.co.il – SBS 2011 Updates, Console or WSUS? | Configuring WSUS Using the Windows SBS Console
SBS 2011 WSUS uninstall error 0x80070643
Microsoft social Windows Server | SBS2008 How To Manually Uninstall & Reinstall WSUS 3.0 |
Domain Functional level
What is the Impact of Upgrading the Domain or Forest Functional Level?
Understanding Active Directory Domain Services (AD DS) Functional Levels
SQL Databases Memory usage unlimited!?
http://blog.switchsystems.co.uk/2014/01/reducing-memory-usage-on-sbs-servers/
http://www.itquibbles.com/sql-sbsmonitoring-high-disk-usage/
http://www.bursky.net/index.php/2013/03/managing-iis-server-memory-usage/
http://koppihle3.blogspot.nl/2012/08/sbs2011-limiting-sql-memory-for-wsus.html
Discovered features
Outlook unexpectedly prompts for smart card authentication
source: http://support.microsoft.com/kb/2704959
NOTE: The following steps are for IIS 7. The steps for earlier versions of IIS are very similar.
- In Internet Information Services (IIS) Manager on your Microsoft Exchange Server, select the Autodiscover virtual directory.
- In the middle panel, double-click SSL Settings.
- Enable the Require SSLcheck box.
- Under Client certificates, select Ignore.
- In the Actions pane, click Apply.
- Repeat steps 1 through 5 for the EWS virtual directory.
…
Issues
Dcom errors
http://support.microsoft.com/kb/899965
http://technet.microsoft.com/en-us/library/cc726313(v=ws.10).aspx
http://www.wictorwilen.se/Post/Fix-the-SharePoint-DCOM-10016-error-on-Windows-Server-2008-R2.aspx
Volume shadow copy and backup system stops working
Potential issues after installing SharePoint Foundation 2010 SP1
Windows SBS 2011 – Known Post Installation Event Log Errors and Warnings
* Run – Sharepoint 2010 Products Configuration Wizard
* Review the “issues after installing SharePoint Foundation 2010 SP1”
You Must Manually Run PSCONFIG after Installing SharePoint 2010 Patches
Volume Shadow Copy Service error: Failed resolving account spsearch with status 1376.
Event ID: 8230 Source: VSS
– Problem was resolved by reconfiguring Sharepoint 2010. Go to start, Sharepoint 2010 and launch the Sharepoint 2010 Products Configuration. Follow the steps and all works fine again.
– Navigate to the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\VssAccessControl export the file just in case
then remove the offending account domainname\username. Just leave the NT Authority\Network Service account.
Petri.co.il – SBS2011 VSS warning 8230 spsearch error. No backup!
–
SBS 2011 : Installation Issues
How do i resolve Event ID: 8230 Source VSS with SBS 2011?
Database could not be accessed – Event 3760 (SharePoint 2010 Products)
Event ID Errors: 6398, 6482, and 6641 for Share Point
Small Business Server 2011 Sharepoint Foundation Event ID 70
SBS 2011 – SharePoint Foundation Event ID 6398 – Access Denied Every 30 Minutes
Backup Failing Small Business Server 2011
Google Searches
* https://www.google.com/search?q=sharepoint+foundation+3760+error
* https://www.google.com/search?q=vss+errpr+8230
* https://www.google.com/search?q=sharepoint+foundation+search+error+70
* https://www.google.com/search?q=vss+errpr+8230+spfarm+status+1376
* https://www.google.com/search?q=The+application-specific+permission+settings+do+not+grant+Local+Activation+permission+for+the+COM+Server+application+spfarm
WDS Service
ProxyDHCP error 4011 – http://trycatch.be/blogs/roggenk/archive/2010/06/28/proxydhcp-no-reply-to-request-on-port-4011-in-wds-windows-deployment-services.aspx
clear last PXE advertisement – http://www.windows-noob.com/forums/index.php?/topic/669-how-to-get-rid-of-abortpxe-com/
http://www.nedersoft.nl/index.php/tips-a-trucks/13-pxe/25-proxydhcp-no-reply-to-request-on-port-4011
SBS not showing users in the SBS Console or POP3 Connector
http://tc-itservices.com/microsoft/sbs-not-showing-users-in-the-sbs-console-or-pop3-connector/
1. Open Active Directory, Click View and then Advanced Features
3. Open up the user and go to the Attribute Editor tab, 4. Find msSBSCreationState and change the value to Created
GPO Tweaks
Disable Power Option restrictions
GPO – Computer-configuration – Policies – Admin Templates – System – Power Management – Sleep settings > Specify the System Sleep Timeout [Disabled]
Usefull setup information
POP3connector
Understanding the POP3 Connector
Bugging 10mb pop3 recieve limit
“you have to increase the message size also on FAX receive connector.”
Get-TransportConfig | ft MaxSendSize, MaxReceiveSize
Get-ReceiveConnector | ft name, MaxMessageSize
Get-SendConnector | ft name, MaxMessageSize
Get-mailbox | ft Name, MaxSendSize, MaxReceiveSize
Set-TransportConfig –MaxSendSize 20MB –MaxReceiveSize 20MB
Set-ReceiveConnector “Windows SBS Internet Receive Servername” –MaxMessageSize 20MB
Set-SendConnector “Windows SBS Internet Send Servername” –MaxMessageSize 20MB
Set-Mailbox “test” –MaxSendSize 10MB –MaxReceiveSize 10MB
SBS 2008: Introducing the POP3 Connector
How Do I Change Message Size Limits in SBS 2008/2011 Standard?
Changing Pop3 Connector message size in Small Business Server 2008
Bump
Read Receipt to distribution list – does not work
User cannot access the \\Contoso\Users … folder due to acces rights, \\192.168.1.1\Users … is accessable.
Delete the local/roaming user profile and relogon the user.
SSD Harddrives
http://technet.microsoft.com/en-us/library/ee832792.aspx
http://www.anandtech.com/show/3690/the-impact-of-spare-area-on-sandforce-more-capacity-at-no-performance-loss
https://wiki.archlinux.org/index.php/Solid_State_Drives
https://wiki.archlinux.org/index.php/SSD_Benchmarking
Changing Pop3 Connector message size in Small Business Server 2008
SSL Certificates
Technet – Managing Certificates
Installing a GoDaddy Standard SSL Certificate on SBS 2008
Active Directory Certificate Services Step-by-Step Guide
Create your own Self-signed SSL Certs Exchange 2007/2010
SBS 2011 Renew cert from commandline
Personal folders
Do not name the personal folder as an email address it will be added ta an automatic addressbook and it mixup the folder-emailaddress/personal foldername.
L2TP nat traversal
source: microsoft KB926179 | http://forums.anandtech.com/showthread.php?t=2086128
Ran in to this setting one of these up for a client. The reasoning behind why this solution is necessary sucks, but the solution is relatively easy.
Microsoft decided that after Windows XP SP2 (that includes Vista and 7), they were going to require VPN servers to be public-facing. Basically, they turned off the native NAT-T (NAT traversal) that had existed in these versions of Windows’ VPN software. Their justification is that VPNs should be perimiter-based. The justification is sound, but removing the capability to easily set it up otherwise is kind of shitty.
Anyway, there’s a registry key you need to create. It’s in a different place in Windows XP than in Windows Vista and 7. Here’s both locations:
In Windows XP:
HKLM\System\CurrentControlSet\services\IPSec
Create DWORD named AssumeUDPEncapsulationContextOnSendRule and set value to 2
Reboot system.
In Windows Vista/7:
HKLM\System\CurrentControlSet\services\PolicyAgent
Create DWORD named AssumeUDPEncapsulationContextOnSendRule and set value to 2
Reboot system
You’ll need to do this on every client you want to connect to this VPN.
Note: This is only the case for L2TP IPSec VPNs. The HTTPS VPNs and PPTP VPNs do not have this requirement.
Services
Eventlog error messages
PDFCreator as a Service
PDFCreator is a great tool for users you just need to quickly convert a document into pdf format.
Getting it to run properly as a service on Windows Server 2008 proves to be a bit of trouble.
Install PDFCreator in ‘Server installation’ mode. With version 0.98 I found that if data execution prevention is enabled,
PDFCreator needs to be added to the exception list (DEP hides a little bit under Control Panel – System – Advanced system settings – Advanced – Data Execution Prevention).
However, with version 1.0 and moving forward, I have found that this is not true which makes our setup easier!
Next we need to get srvany.exe from the Windows Server 2003 Resource Kit. I decided to put it in \Program Files\oldResourceKitTools.
This article explains how to use instsrv.exe to setup a custom service that uses srvany.exe to run what we want.
Trouble is “instsrv.exe” doesn’t work very well on Server 2008. Thankfully we can use “sc.exe” to create the service in a similar way.
However, before we create the service we have to decide what credentials to have the service run as.
Depending on your environment running as the local system (the default) may be sufficient.
If PDFCreator will need to save files anywhere other than the local system we’ll need to
choose either Network Service, or create a domain user for the service.
As I like to be able to control specific permissions I created a new domain user: “svc-pdfcreator”, with a strong password.
Armed with that information we can now create the service with the sc command:
C:\> sc create pdfcreator start= auto binPath= "C:\Program Files\oldResourceKitTools\srvany.exe" DisplayName= "PDFCreator" obj= DOMAIN\User password= password
We can double check that the service was created successfully by using sc query:
C:\>sc query pdfcreator
SERVICE_NAME: pdfcreator
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
Now we need to follow the registry editing instructions from KB137890 :
- Run Registry Editor (Regedt32.exe) and locate the following
subkey: “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\<My Service>”- From the Edit menu, click Add Key.
Type the following and click OK:Key Name: Parameters
Class :<leave blank>- Select the Parameters key.
- From the Edit menu, click Add Value.
Type the following and click OK:Value Name: Application
Data Type : REG_SZ
String : “<path>\<application.ext>where <path>\<application.ext>”
is the drive and full path to the application executable including the extension (i.e., C:\WinNT\Notepad.exe)- Close Registry Editor.
Almost done setting up the service. With version 0.98 I found that it was necessary to run PDFCreator.exe and PDFSpool.exe in “Server 2003 SP1” compatibility mode.
Once again, this appears to have been resolved with version 1.0+, so we don’t have to worry about compatibility settings!
But if you’re using a version prior to 1.0, go to the compatibility tab on the properties of each executable and
check “Run this program in compatibility mode for:” and select “Windows Server 2003 (Service Pack 1)”.
That’s it! Test the service either by running “net start pdfcreator” or from the services mmc snap-in. If all goes well it should start successfully.
This setup works well for the auto-save in PDFCreator, as we can setup the auto-save directory to be:
\\domain\staff\<REDMON_USER>\Documents\PDFCreator\
You may have to get creative with the auto-save path if your userdata paths aren’t uniform across the users that have access to the PDFCreator printer.
We could probably solve the issue by setting up a shared folder like:
\\server\PDFCreatorAutoSave\<REDMON_USER>
Wherever you decide to have PDFCreator save its output, make sure that the account the service runs as
has permissions to create and modify files and your users have at least read access.
Renew a self-signed SSL Certificate in SBS 2008 or SBS2011
If you have an expired SSL Certificate, you would want to renew it.
This is done in the “SBS Console” with the “Fix My Network Wizard (FNCW)”.
Running it will bring up potential network issues.
Note that it will always find some but you need to ignore them
and take care of the certificate only.
When the wizard displays it results. Select only “Self-issued certificate is expired”, de-select the other issues.
http://blog.the-it-blog.co.uk/2013/01/25/re-issuing-a-self-signed-certificate-for-exchange-sbs/
OWA Cert
To get the certificate in the SBS console to match the OWA certificate > I ran the Add a trusted certificate wizard > select I want to use a certificate that is already installed on the server > selected the newly created self-issued certificate. Now if I View Certificate Properties in the SBS console it matches the OWA certificate.
Create cert package from webpage
To update the install package SBSCertificate.cer file > on non-domain joined system > run IE as administrator > open OWA site > import cert into IE > in IE options > content tab > certificates > find certificate and export as SBSCertificate.cer > save into Certificate Distribution Package folder after renaming the old cer file.
Hotfixes
Mapped Drive Connection to Network Share May Be Lost | net config server /autodisconnect:-1
Back-up
wbadmin start backup -backupTarget:\\backuplocation\backupdirectory -allCritical -quiet -vssFull -systemState
Virtualisation
VMware option: (Edit settings, Options, General, Contiguration Parameters) SMBIOS.reflectHost=TRUE
HP ILO Reset admin password
LDAP Addresbook
EOF