Here is an article that describes, how to restore a Home computer on a Windows Home Server Network.
This article also includes restoring Windows 7 computer
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=e480bd27-1d40-4540-ad4b-a0d099be6366
Finally It is here the document that will help you configure Exchange 2007 to Send and Receive Email Using TLS
How to Use TLS Authentication in Exchange 2007 to Send and Receive Messages with Third-Party E-Mail
Read Only Domain Controller is an additional domain controller for a domain that hosts read-only partitions of the Active Directory database. An RODC is designed primarily to be deployed in a branch office environment. Branch offices typically have relatively few users, poor physical security, relatively poor network bandwidth to a hub site, and limited IT knowledge.
Prerequisites for Deploying an RODC
- The forest and domain functional level must be Windows Server 2003
- At least one writable domain controller running Windows Server 2008 for the same domain as the RODC
- The <DVD drive>:\sources\adprep\Adprep /rodcprep must have been run on the writeable domain controller
The default setting for the forest and domain functional Level in Small Business Server2008 is “Windows Server 2003” However in Essential Business Server 2008 the domain and forest functional level “Windows 2000”, so we must raise the forest and domain functional level in an Essential Business Server 2008 By following the following article http://support.microsoft.com/kb/322692 on the Management or Messaging Server and restart Active Directory Domain services on the server.
Small Business Server 2008 is a writable windows 2008 domain controller and so are management and messaging server in an Essential Business Server 2008. It is advisable to have RODC in same site in Active Directory site as one of the writeable domain controller in domain.
The default installation of Small Business Server 2008 and Essential Business Server 2008 does have the forest prepared for an Read Only Domain controller. The administrator must prepare the forest by running “Adprep /Rodcprep “ command on a writeable domain controller. Small Business Server 2008 is a primary domain controller and in an Essential Business Server 2008 we run the Adprep command on the Management or Messaging server.
Run the Adprep command with elevated permissions using the a windows 2008 media or Small Business Server 2008 Disc 1 and after the command has executed restart the Active Directory Domain Services.
Example: <DVD drive>:\ Sources\Adprep> Adprep /rodcprep
Once the prerequisites for deploying an RODC in domain and fulfilled, the administrator is ready to install their first RODC in their environment. There are two methods of installing a RODC in domain:
Method 1: Non-administrator user to run the RODC Setup
Method 2: Administrator user to run RODC Setup
__________________________________________________________________________________
Method 1: Non Administrator user to run the RODC Setup
__________________________________________________________________________________
In this method a Pre created Read-only Domain Controller Account is used to connect windows 2008 Server to domain and promote it to Read Only Domain Controller
Pre Create Read Only Domain Controller Account
-
Click Start, click Administrative Tools, and then click Active Directory Users and Computers in SBS 2008 or EBS 2008 domain controller.
-
Double-click the domain container, then you can either right-click the Domain Controllers container or click the Domain Controllers container, and then click Action.
-
Click Pre-create Read-only Domain Controller account, as shown in the following figure.
-
On the Welcome to the Active Directory Domain Services Installation Wizard page, if you want to modify the default the Password Replication Policy, select Use advanced mode installation, and then click Next.
-
On the Network Credentials page, under Specify the account credentials to use to perform the installation, click My current logged on credentials, as shown in the following figure, or click Alternate credentials, and then click Set. In the Windows Security dialog box, provide the user name and password for an account that can install the additional domain controller. To install an additional domain controller, you must be a member of the Enterprise Admins group or the Domain Admins group. When you are finished providing credentials, click Next.
-
-
On the Specify the Computer Name page, type the NetBIOS computer name of the server that will be the RODC.
-
On the Select a Site page, select a site from the list or select the option to install the domain controller in the site that corresponds to the IP address of the computer on which you are running the wizard, and then click Next.
-
On the Additional Domain Controller Options page, make the following selections, as shown in the following figure, and then click Next:
DNS server: This option is selected by default so that your domain controller can function as a DNS server. If you do not want the domain controller to be a DNS server, clear this check box. However, if you do not install the DNS server role on the RODC and the RODC is the only domain controller in the branch office, users in the branch office will not be able to perform name resolution when the WAN to the hub site is offline.
Global catalog: This option is selected by default. It adds the read-only directory partitions of the global catalog to the domain controller, and it enables global catalog search functionality. If you do not want the domain controller to be a global catalog server, clear this option. However, if you do not install a global catalog server in the branch office or enable universal group membership caching for the site that includes the RODC, users in the branch office will not be able to log on to the domain when the WAN to the hub site is offline.
Read-only domain controller. When you create an RODC account, this option is selected by default and you cannot clear it.
11. If you selected the Use advanced mode installation check box on the Welcome page, the Specify the Password Replication Policy page appears. By default, no account passwords are replicated to the RODC, and security-sensitive accounts (such as members of the Domain Admins group) are explicitly denied from ever having their passwords replicated to the RODC. To accept the default setting, click Next.
12. On the Delegation of RODC Installation and Administration page, type the name of the user or the group who will attach the server to the RODC account that you are creating, as shown in the following figure. You can type the name of only one security principal.(This user or group will also have local administrative rights on the RODC after the installation. If you do not specify a user or group, only members of the Domain Admins group or the Enterprise Admins group will be able to attach the server to the account.) Click Next
13. On the Summary page, review your selections. Click Back to change any selections, if necessary.To save the settings that you selected to an answer file that you can use to automate subsequent AD DS operations, click Export settings. Type a name for your answer file, and then click Save. When you are sure that your selections are accurate, click Next to create the RODC account.
14. On the Completing the Active Directory Domain Services Installation Wizard page, click Finish.
After you create the account for the RODC, the user or group to whom you delegated installation and administration of the RODC (in step 12 in the previous procedure) can run the Active Directory Domain Services Installation Wizard on the server that will become the RODC to complete the RODC installation. Make sure that the server is not joined to the domain before you start the wizard
Running RODC Setup
On the Server that has to be setup as an RODC logged in as the local Admin launch Active Directory Domain Services Installation Wizard.
1. Start Run “Dcpromo” this will launch the Active Directory Domain Services Installation Wizard Click on Next on this page and the following page
2. On the “Choose a Deployment Configuration” page, Select the “Existing Forest “ option and below verify that “Add a domain controller to an existing domain” option is selected (as shown below) Click on Next
3. On the “Network Credential” page Choose the Pre Create Read Only Domain Controller Account created in (Step 12 In the Pre Create Read Only Domain Controller Account ) Under “Alternate Credential” Enter in password for the user. Click on Next we get the Message as shown bellow
4.Click on Yes on the warning message
5. On “Select Site” select the site where the RODC will be placed Click on Next
6. On “Additional Domain Controller” page verify the option for Read-only Domain Controller(RODC) is selected Click Next
7.To use the default folders that are specified for the Active Directory database, the log files, and SYSVOL, click Next.
8. Type and then confirm a Directory Services Restore Mode password, and then click Next.
9. Confirm the information that appears on the Summary page, and then click Next to start the AD DS installation. You can select the Reboot on completion check box to make the rest of the installation complete automatically.
_______________________________________________________________________________
Method 2: Administrator user to run RODC Setup
_____________________________________________________________________
This method involves running the Active Directory Domain Services Installation Wizard as Domain administrator and join an additional domain controller(RODC) to the domain
1. Start Run “Dcpromo” this will launch the Active Directory Domain Services Installation Wizard Click on Next on this page and the following page
2. On the “Choose a Deployment Configuration” page, Select the “Existing Forest “ option and below verify that “Add a domain controller to an existing domain” option is selected (as shown below) Click on Next
3. On the “Network Credential” page Enter in a Domain Admin account Under “Alternate Credential” Enter in password for the admin user. Click on Next
4. On “Select Site” select the site where the RODC will be placed Click on Next
5. On “Additional Domain Controller” page verify the option for Read-only Domain Controller(RODC) is selected Click Next
6.To use the default folders that are specified for the Active Directory database, the log files, and SYSVOL, click Next.
7. Type and then confirm a Directory Services Restore Mode password, and then click Next.
8. Confirm the information that appears on the Summary page, and then click Next to start the AD DS installation. You can select the Reboot on completion check box to make the rest of the installation complete automatically.
Reference
http://technet.microsoft.com/en-us/library/cc771024(WS.10).aspx
After repairing or installing FAX on SBS 2008
When we try to add Fax account Under Tools in Windows Fax and Scan
Click on connect to Modem
we get the error
Cause
The error message is misleading
Even though the user maybe a member of the SBS Fax Administrators group.
This due to User Account Control
Resolution / workaround
Launch the Windows Fax and Scan as the administrator
we are able to complete the configuration (i.e. Run as Administrator)
The SBS 2008 Migration Checklist is now available on the Download Center. This checklist helps users follow the steps needed to migrate from SBS 2003 to SBS 2008. to be used with the document “Migrating to Windows Small Business Server 2008 from Windows Small Business Server 2003” also found on the Download Center.
Link to the SBS 2008 Migration checklist
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=f67148da-cba8-4222-8ae5-136a6597a340
We Can migrate to SBS 2008 using the same steps mentioned in my Article http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=b86e2af5-782b-4001-bf86-d872028a4619
We must verify that no trust relation exists on Windows 2000 Domain controller and there are no Windows NT domain controllers in the domain.
To achieve best results please have windows 2008 domain controller on single network card
For all those who wanted to migrate their SBS 2000 Server to new SBS 2008
Its finally here SBS 2000 Migration Guide is here
Migrating Microsoft Small Business Server 2000 to Windows Small Business Server 2008
Please let us know about your updates on same so that I can refine the document better for you
Symptoms
When open the IIS Manager 7.0, then select the server In the feature view right click on the .Net Trust Level open feature the drop down option is empty when we click on the drop down we get the error as follows
Cause:
<system.web>
<securityPolicy>
<trustLevel name="Full" policyFile="internal"/>
<trustLevel name="High" policyFile="web_hightrust.config"/>
<trustLevel name="Medium" policyFile="web_mediumtrust.config"/>
<trustLevel name="Low" policyFile="web_lowtrust.config"/>
<trustLevel name="Minimal" policyFile="web_minimaltrust.config"/>
</securityPolicy>
</system.web>
The above mentioned information from the Web Config File from the respective Asp.net Framework file
Resolution :
Verify the Different .Net framework version used by IIS
In the case consider the .Net framework Version to be 2.0.5077
For 32 bit IIS 7.0 or if 32bit mode is enabled on IIS 7.0
%Windir%/Microsoft .Net/Framework/v2.0.5077/Config
For 64Bit IIS 7.0
%Windir%/Microsoft .Net/Framework64/v2.0.5077/Config
Right Click and edit the Web Config File
An verify that the above mention value
<system.web>
<securityPolicy>
<trustLevel name="Full" policyFile="internal"/>
<trustLevel name="High" policyFile="web_hightrust.config"/>
<trustLevel name="Medium" policyFile="web_mediumtrust.config"/>
<trustLevel name="Low" policyFile="web_lowtrust.config"/>
<trustLevel name="Minimal" policyFile="web_minimaltrust.config"/>
</securityPolicy>
</system.web>
Is the above mentioned value missing ??
If yes replace the Web Config file from backup
Reference
http://msdn.microsoft.com/en-us/library/wyts434y.aspx
** in my case it was installing the Symantec Endpoint Protection 11 MR 4 installed on Windows 2008 Web server caused the concern
Small Business Server 2003 and Small Business Server 2008 have to be Primary domain controller in the domain Small Business Server product are an integrated product with Exchange SharePoint, and IIS installed on the same server along with Active directory
So whatever reason it might be we should not Dcpromo down Small Business Server as this will break the integration of the various installed application on Small Business Server
Hence Dcpromo down and re-promoting the same Small Business Server is not supported
If Dcpromo down has been run on the Small Business Server the only supported mean to promote it back as domain controller is to rebuild the server starting fresh
If you have and additional domain controller in the domain which is always recommended we could follow http://support.microsoft.com/?id=884453 to join Small Business Server 2003 to an existing active directory domain.
For Small Business Server 2008 http://technet.microsoft.com/en-us/library/cc546034.aspx should be followed
When we disjoin or remove a member server from an Essential business Server domain
1) Delete the computer object from Active directory users and computers mmc from the computers organizational unit.
2) In EBS console however we would still continue to see the member server with down arrow on it.
3) To remove this object from the EBS console open System center essential console
4) In SCE management console under the reporting Tab on left hand bottom corner click on the icon show in red in the picture below this will open the SCE administration tab
5)In the SCE administration Tab Click on Agent managed option in the left pane as shown in the picture below
6) In the center pane you should see the deleted member server object right and delete it from SCE
7) Close and reopen the EBS Console that member server is not there
Restart the Routing and remote access Service and rerun EBS preparation tool again
However
This is Warning can Safely be Ignored
Proceed and click on Finish as this does not effect the post migration functionality of EBS
1) Migrating exchange server to Windows Essential business Server
http://www.microsoft.com/downloads/details.aspx?FamilyID=fb0f9f7e-8769-4585-a85c-509165a3f93e&displaylang=en
2) Migrating SBS 2003 to SBS 2008 (migrate exchange public folders)
http://technet.microsoft.com/en-us/library/cc527516.aspx
Sometimes time after following the steps still no public folder is migrated to the new Exchange 2007
There three Possible reason for the same
1) Anonymous Access is unchecked on the old exchange server 2003
In the properties of the default virtual server click on the Access tab the click on the Authentication button
2) Exchange 2003 is configured to use a Smart host to send emails
in the Properties of the SMTP Connector
in properties of the virtual server, deliver tab Advance button
Once we have followed the 2 steps mentioned reinitiate replication of public folders give it some time to replicate
After some time you should be able to see public folder structure in Exchange 2007 sp1 console
History:
The Microsoft Terminal Services Client ActiveX control (also known as Microsoft RDP Client Control) Is ActiveX is component offered by the server This is a downloadable ActiveX control provides nearly the same functionality as the full Terminal Services Client, but is designed to deliver this functionality over the Web. The ActiveX control does not come installed as part of any Windows client system. Instead, clients obtain the control from web servers that offer terminal services. The configuration process that enables an IIS server to provide terminal services involves installing on the server a file containing the control. The server then delivers this file to any client system that needs it, and the client installs the control
When trying to browse remote web workplace hosted on a Small business Server 2008 we get the following error
VBScript: Remote Desktop Connection
The wizard cannot configure Remote Desktop Connection settings. Make sure that the client version of Remote Desktop Protocol (RDP) 6.0 or later is installed on this computer.
When we verify the version of mstsc .exe 6.0.6001.18000 however when we check the add-ons currently loaded in Internet Explorer 7 it show
Microsoft RDP client Control ActiveX control (Msrdp.ocx)
This is terminal services client add-on for Remote Desktop Protocol 5.0 as per the above mention error message we need Remote Desktop Protocol (RDP) 6.0 or later when we install Windows XP Service Pack 3 (SP3) The Microsoft Terminal Services Client ActiveX control is already includes this ActiveX control and installs it by using the Mstscax.dll file. By default, this ActiveX control is disabled in Windows XP Service Pack 3 (SP3).
if we disable Microsoft RDP client Control ActiveX control (Msrdp.ocx) add-on we get the error as follows:
VBScript: Remote Desktop Connection
The Microsoft Terminal Services Client ActiveX control (also known as Microsoft RDP Client Control) is either not available, or is not enabled. For more information about installing and enabling this ActiveX control, see the Microsoft TechNet Web site (http://go.microsoft.com/fwlink/?LinkId=103719).
do backup the favorites in Internet explorer
Reset the Internet Explorer Settings to defaults
Regsvr32 Mstscax.dll located in %Windir% \system32
Close all open all instances of Internet Explorer
Try browsing Remote Web Workplace now The Microsoft Terminal Services Client ActiveX control should be offered by the server install this ActiveX
Mounting backup file created by Windows 2008 Server (Wbadmin)
Windows Server 2008 backup has now improved we no longer backup to BKF file any more, we now backup to VHD file. This VHD file can now be mounted in virtual server as an additional disk to view the content of the back or we could Use Disk mount Utility to view the content. Today what we are going to talk about is how we can use an inbuilt windows 2008 utility to mount the VHD file created to view it content no more virtual server or disk mount utility. This inbuilt utility is known as NTDSUTIL
To begin we need to run command prompt with elevated permissions then let move to the root of the System drive run NTDSUTIL from NTDSUTIL invoke Snapshot then list all the backup snapshots that we have taken as shown in the picture below
Select the backup content you want to mount
Let say we want to mount the 1st one we can mount either by the backup snapshot number or by the Guid as shown in the pictures bellow
Once it is mounted you should get the following message as show in the picture above then open up windows explorer and you should see shortcut to the backup that you mounted by clicking on that shortcut you can view we copy the contents like files and folders as shown in the picture bellow
To mount another backup we need to dismount the existing snapshot as shown in the picture below
This way you can copy view replace backup taken from windows server 2008 WBADMIN snap-in without using any other extra utility
When Deploying a guest OS as Domain Controller
Issue with Active Directory or licensing Services installation on the guest
Cause : Hyper-V has a time sync IC which sync guest time with host every 5 seconds. You need to disable that in case you want to move guest time behind the host time (else it will sync it next time sync cycle). In case you are moving the guest ahead of host time then the time sync don’t change guest time (it gets synched gradually over a very long period of time). Under heavy load you may see time drift in the guest in case the time sync ic is disabled.
The Best Practice would be before Promoting a guest as DC
go into the setting for that virtual machine under management option
select Integration Services
under that uncheck the time Synchronization Option for the Vm that we are going to promote as Domain Controller
(note: point the domain controller to valid time source after the install )
