[Today's post comes to us courtesy of Rituraj Choudhary from Commercial Technical Support]

After Small Business Server 2011 Standard has been updated with Update Rollup 2, some users may not be able to log on to the Remote Web Access with the following error:

“Remote Web Access is not allowed for your user account. Contact the person who manages your server.”

In the "C:\Program Files\Windows Small Business Server\Logs\WebApp\RemoteAccess.log" file, you will see the following:

[12468] 120419.103511.7516: RemoteAccess: [Identity] CheckUserInGroup hit exceptions: System.Runtime.InteropServices.COMException (0x80005000): Unknown error (0x80005000)
   at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
   at System.DirectoryServices.DirectoryEntry.Bind()
   at System.DirectoryServices.DirectoryEntry.get_AdsObject()
   at System.DirectoryServices.PropertyValueCollection.PopulateList()
   at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
   at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
   at Microsoft.WindowsServerSolutions.Web.Security.SBSRoleProvider.IsGroup(String distinguishedName)
   at Microsoft.WindowsServerSolutions.Web.Security.SBSRoleProvider.CheckUserInGroup(String userDn, String groupDn, List`1 processedGroups)
[12468] 120508.103511.7526: RemoteAccess: [Identity] CheckUserInGroup user:CN=April Reagan,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=Contoso,DC=local. group:CN=Windows SBS Admin Tools Group,OU=Security Groups,OU=MyBusiness,DC=Contoso,DC=local
[12468] 120419.103511.8186:: RemoteAccess: [Identity] GetRolesForUser 'CONTOSO\AprilReagan': hasAccess=False, isAdmin=False, inLink=False, inAdminTools=False, allComputers=False

This happens due to the fact that some Active Directory User or Organizational Unit name contains a forward slash (‘/’) character. The current resolution is to remove the offending character (‘/’) from the name(s).

To find the offending user or OU, you may simply browse through the Active Directory Users and Computers console. If you are assisting someone, you may ask for a LDIFDE dump of the users and the Organizational Units as: 

   ldifde -f users.txt -d "dc=contoso,dc=local" -p subtree -r "(objectCategory=User)" -l "cn"
   ldifde -f org.txt -d "dc=contoso,dc=local" -p subtree -r "(objectCategory=organizationalUnit)" -l "ou"

(In the above examples, “dc=contoso,dc=local” is the distinguished name of the domain; change it as per your environment)

Once you get the output, look for the user or organizational unit names with character ‘/’ in their name. Remove the character and modify it conventionally. That should take care of this issue.

In the following example, getting rid of the ‘/’ from the name of “Test o/u” will fix the issue:

dn: OU=Domain Controllers,DC=Contoso,DC=local
changetype: add
ou: Domain Controllers

dn: OU=MyBusiness,DC=Contoso,DC=local
changetype: add
ou: MyBusiness
…
…
…
dn: OU=Test o/u,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=Contoso,DC=local
changetype: add
ou: Test o/u
…
…
…

Open Active Directory Users and Computers to rename the object and remove the ‘/’ character.

[Today’s post comes to us courtesy of Mohammed Sabir and Shammi Dua from Commercial Technical Support]

When migrating to Small Business Server 2011, you may experience Public Folder Replication failures and users unable to send mail to mail enabled Public Folders.

In an environment where Microsoft Exchange Server 2000 or Microsoft Exchange Server 2003 previously existed, and all those servers have been removed during migration, there is a chance that an Administrative Group (First Administrative Group or another custom Administrative Group) remains with a Servers container, but no servers inside it.

During Public Folder replication, when the Exchange 2010 Store Driver sees the empty Servers container in Active Directory, it expects a System Attendant object inside the container and when it is not found, the following error is logged in the events:

Source: MSExchange Store Driver
Event ID: 1020
Level: Error
Description:
The store driver couldn’t deliver the public folder replication message "Hierarchy (PublicFolder@contoso.com)" because the following error occurred: The Active Directory user wasn't found.

In addition to above behavior, you may experience issue wherein you cannot send email to mail enabled public folders and receive an NDR as follows:

“#554 5.2.0 STOREDRV.Deliver.Exception:ObjectNotFoundException; Failed to process message due to a permanent exception with message The Active Directory user wasn't found. ObjectNotFoundException: The Active Directory user wasn't found. ##”

Scenarios in which above behaviors can be seen:

1. You migrated from Small Business Server 2003 to Small Business Server 2011. After completing migration you uninstalled Exchange 2003 on Small Business Server 2003 and demoted the source Small Business Server 2003.
2. You have a Small Business Server 2008 environment which was initially migrated from Small Business Server 2003. This Small Business Server 2008 server is now used as a source for migrating to Small Business Server 2011. After completion of migration you uninstall Exchange 2007 and demote Small Business Server 2008.
3. You are migrating from Windows Server 2003 or Windows Server 2008 standard domain which has Exchange 2003 installed, to Small Business Server 2011. After completing migration you uninstall Exchange 2003.

In above scenarios, the Servers Container in Administrative Group (First Administrative Group or another custom Administrative Group from Exchange 2003) is left empty.

To resolve this issue, follow these steps:

Warning: If you use the ADSI Edit snap-in, the LDP utility, or any other LDAP version 3 client, and you incorrectly modify the attributes of Active Directory objects, you can cause serious problems. These problems may require you to reinstall the Windows Server Operating System or Microsoft Exchange or both. Microsoft cannot guarantee that problems that occur if you incorrectly modify Active Directory object attributes can be solved. Modify these attributes at your own risk.

1. Start the ADSI Edit tool. To do this, click Start , click Run , type adsiedit.msc , and then click OK
2. Expand Configuration Container [servername.domainname.com] , and then expand CN=Configuration,DC=CPANDL,DC=local
   (where CPANDL.local is your domain name) 
   
3. Expand CN=Services, expand CN=Microsoft Exchange, and then expand CN=CPANDL
   (where CPANDL is the name of your Exchange organization)
   
4. Expand CN=Administrative Groups, and then expand CN=first administrative group
   (where first administrative group belongs to Exchange 2003)
   
5. Expand CN=Servers
6. Verify there are no server objects listed under the Servers container
7. Right click on the empty CN=Servers Container and choose Delete, as represented in the screenshot.

[Today’s post comes to us courtesy of Marie McFadden from Engineering, Community and Online]

The Microsoft Support for Small Business experience provides small businesses with easy solutions for technology issues.

• With the small business online support experience, small businesses can fix a problem, learn how to use a product, or get help from Microsoft. 
• Benefits of the small business online support experience include integration with existing small and medium business marketing portals, an easy-to-use user interface, simplified guided walkthroughs and freedom for customers to choose their preferred support methods. 
• The small business online support experience runs across the top Microsoft products, services and scenarios for small business customers. 

To know more about the portal and its benefit, please visit http://smallbusiness.support.microsoft.com/en-us

[Today's post comes to us courtesy of Ashish Sukhija and Rituraj Choudhary from Commercial Technical Support]

In SBS Essentials the location of the log files is under C:\ProgramData\Microsoft\Windows Server\Logs. From a support perspective this can be very handy as you will always know where the log file will be located. We have compiled a list of important logs and their associated wizards below. Please note that there are a few wizards which refer to one or more logs. C:\ProgramData is hidden by default. Please use Folder Options in Windows Explorer to unhide it.

Log files on the Windows SBS 2011 Essentials Server:

	Alert viewer	ProviderRegistryService.2.log
	Server Settings	ProviderRegistryService.2.log

GETTING STARTED TASKS
Set up Server Backup	Dashboard.log
Set up Remote Web Access	Dashboard.log, SharedServiceHost-DomainManagerServiceConfig.log
Set options for sharing	Dashboard.log
Set up alert email notification	Dashboard.log
Set up Microsoft Office 365 Integration
COMMON TASKS
Add a user account	Dashboard.log
Add a shared folder	Dashboard.log

Deactivate User Account/ Activate User Account	SharedServiceHost-O365ProviderServiceConfig.log, SharedServiceHost-O365ProviderServiceConfig.#.log and Dashboard.log
Assign Office 365 account	SharedServiceHost-O365ProviderServiceConfig.log, SharedServiceHost-O365ProviderServiceConfig.2.log and Dashboard.log
Unassign Office 365 account	SharedServiceHost-O365ProviderServiceConfig.log, SharedServiceHost-O365ProviderServiceConfig.2.log and Dashboard.log
Add a user account	Dashboard.log
Set the password policy	Dashboard.log
Remove the user account	Dashboard.log
Change the user account password	Dashboard.log

View the server properties	ProviderRegistryService.2.log
Restore files or folders for the server	SharedServiceHost-AlertServiceConfig.2.log
Customize Backup of the server	SharedServiceHost-SystemServiceConfig.2.log
View alerts for the server	ProviderRegistryService.2.log
Additional client computer backup tasks	ProviderRegistryService.2.log

Move a folder	storageservice2.log, Dashboard.log
Add a folder	storageservice2.log, Dashboard.log
View the folder properties	storageservice2.log, Dashboard.log

Change the Office 365 administrator account	OIMGettingStartedWizard.log
Link a domain to Office 365	Dashboard.log
Uninstall Office 365 Integration Module	OIMUninstallWizard.log

Other log files:

Remote Web Access browsing	C:\ProgramData\Microsoft\Windows Server\Logs\WebApps\RemoteAccess.log
My Home Server app on Windows 7 Phone	C:\ProgramData\Microsoft\Windows Server\Logs\WebApps\MobileData.log
Active Directory Domain Setup Log	DCPromo_date_time.log

Few relevant log files on the Windows SBS 2011 Essentials Client:

The log files for the Vista and later clients are located in C:\ProgramData\Microsoft\Windows Server\Logs. The log files on Windows XP clients are present under C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Server\Logs.

Windows Small Business Server 2011 Launchpad	Launchpad.log
Backup	BackupLaunchpad.log
Opening the Dashboard from the client	DashboardClient.log
Presence of Essential Server and configures the local DNS services	Launchpad.log
Windows Firewall Configuration for Remote Desktops on Clients	RemoteDesktopClientConfig.log
Backup Launchpad	BackupLaunchpad.log
Added Scheduled Tasks	RunTask-AddScheduledTasks.log
Scheduled Backup Task	RunTask-Backup.log
Customer Experience Improvement Program	Run Task-SaveCEIPData.log
Windows Small Business Server 2011 Connector	ComputerConnector.log
Client Setup	ClientCore.msi.log, ClientDeploy.log

For non-Windows client computers, the following log files are referred:
1.    System.log
2.    Library/Logs/Windows Server.log
3.    Library/Logs/CrashReporter/LaunchPad-<nnn> (all of the LaunchPad-<nnn>.crash files)
4.    Library/Logs/DiagnosticReports/LaunchPad-<nnn> (all of the LaunchPad-<nnn>.crash files)

Windows Server Solutions Log Collector Tool is an efficient way to collect all of the logs and can be downloaded here.

[Today's post comes to us courtesy of Gagan Mehra from Commercial Technical Support]

Remote Web Access file sharing is the new feature added to the Small Business Server 2011 family. It allows users access shares and the files they contain on SBS server remotely. With file sharing in RWA you can:

• Upload and download files
• Create and delete folders underneath the shared folder
• Cut, copy and paste files
• Rename files and folder
• Drag and drop the files (requires browser add-on)

File Sharing - Share List Exclusion

RWA will display every share on the server unless the share meets one of the following criteria, in which case they will be hidden. This list is not user modifiable:

• Share name is null or empty
• Share type is not of type disk drive (0)
• Share name ends with a $
• Share is special
  • NETLOGON
  • SYSVOL
• Share directory does not exist
• Share is not created on an NTFS volume
• User does not have share-level permissions to share*

* Note: In SBS 2011 UR1+, RWA no longer checks user permissions and will display shares you do not have access to. You cannot open them, but you will see their names.

Remote Web Access file sharing provides a tree view feature with which you can see the files and folders inside a share without even accessing it.

Easy File Upload Tool

The easy file upload tool streamlines the process of uploading files to your SBS 2011 server . With the easy file upload tool, you can drag and drop files to upload them to the Shared Folders in a single batch.

You can install the Easy File Upload Tool by clicking the Upload button and then click Install the easy file upload tool option as seen below.

File Sharing Permissions

Shares which are visible on the Remote Web Access page can be controlled via Sharing and NTFS permissions. Share-level permissions allow you to see the share on the RWA but do not guarantee you have access to interact with it. In order to access the share, the user must have both share-level and NTFS-level permissions to it.

Note: Due to interaction between RWA and UAC, built-in administrative accounts do not work as expected. If you have a share that is restricted to a built-in admin only (i.e. Administrators), you will not be able to access the share, even while logged on as an administrator. If you need this functionality, create your own custom admin account and lock permissions down on the share to that account.

Note: Network Service account must have read access to the folder or the parent folder in order for documents to appear.

File Sharing Limitations

Uploads are restricted to 2 GBs.

Additional Information

http://blogs.technet.com/b/sbs/archive/2011/03/10/introduction-to-sbs-2011-remote-web-access-rwa.aspx

[Today's post comes to us courtesy of Ning Kuang from Sustained Engineering]

A new wiki has been released that answers FAQs around deploying Windows Small Business Server 2011 Premium Add-on.

For more information, please visit http://social.technet.microsoft.com/wiki/contents/articles/8592.sbs-2011-premium-add-on-faq-en-us.aspx