The Official SBS Blog

The official blog for Small Business Server (SBS) support and product group communications.

Recent Blog Posts
  • The Official SBS Blog

    Remote Web Access Is Not Allowed For Your User Account

    • 0 Comments

    [Today's post comes to us courtesy of Rituraj Choudhary from Commercial Technical Support]

    After Small Business Server 2011 Standard has been updated with Update Rollup 2, some users may not be able to log on to the Remote Web Access with the following error:

    “Remote Web Access is not allowed for your user account. Contact the person who manages your server.”

    image

    In the "C:\Program Files\Windows Small Business Server\Logs\WebApp\RemoteAccess.log" file, you will see the following:

    [12468] 120419.103511.7516: RemoteAccess: [Identity] CheckUserInGroup hit exceptions: System.Runtime.InteropServices.COMException (0x80005000): Unknown error (0x80005000)
       at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
       at System.DirectoryServices.DirectoryEntry.Bind()
       at System.DirectoryServices.DirectoryEntry.get_AdsObject()
       at System.DirectoryServices.PropertyValueCollection.PopulateList()
       at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
       at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
       at Microsoft.WindowsServerSolutions.Web.Security.SBSRoleProvider.IsGroup(String distinguishedName)
       at Microsoft.WindowsServerSolutions.Web.Security.SBSRoleProvider.CheckUserInGroup(String userDn, String groupDn, List`1 processedGroups)
    [12468] 120508.103511.7526: RemoteAccess: [Identity] CheckUserInGroup user:CN=April Reagan,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=Contoso,DC=local. group:CN=Windows SBS Admin Tools Group,OU=Security Groups,OU=MyBusiness,DC=Contoso,DC=local
    [12468] 120419.103511.8186:: RemoteAccess: [Identity] GetRolesForUser 'CONTOSO\AprilReagan': hasAccess=False, isAdmin=False, inLink=False, inAdminTools=False, allComputers=False

    This happens due to the fact that some Active Directory User or Organizational Unit name contains a forward slash (‘/’) character. The current resolution is to remove the offending character (‘/’) from the name(s).

    To find the offending user or OU, you may simply browse through the Active Directory Users and Computers console. If you are assisting someone, you may ask for a LDIFDE dump of the users and the Organizational Units as: 

       ldifde -f users.txt -d "dc=contoso,dc=local" -p subtree -r "(objectCategory=User)" -l "cn"
       ldifde -f org.txt -d "dc=contoso,dc=local" -p subtree -r "(objectCategory=organizationalUnit)" -l "ou"

    (In the above examples, “dc=contoso,dc=local” is the distinguished name of the domain; change it as per your environment)

    Once you get the output, look for the user or organizational unit names with character ‘/’ in their name. Remove the character and modify it conventionally. That should take care of this issue.

    In the following example, getting rid of the ‘/’ from the name of “Test o/u” will fix the issue:

    dn: OU=Domain Controllers,DC=Contoso,DC=local
    changetype: add
    ou: Domain Controllers

    dn: OU=MyBusiness,DC=Contoso,DC=local
    changetype: add
    ou: MyBusiness



    dn: OU=Test o/u,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=Contoso,DC=local
    changetype: add
    ou: Test o/u


    Open Active Directory Users and Computers to rename the object and remove the ‘/’ character.

    image

  • The Official SBS Blog

    Empty ‘CN=Servers’ Container Causing Issues with Public Folders on Small Business Server 2011

    • 1 Comments

    [Today’s post comes to us courtesy of Mohammed Sabir and Shammi Dua from Commercial Technical Support]

    When migrating to Small Business Server 2011, you may experience Public Folder Replication failures and users unable to send mail to mail enabled Public Folders.

    In an environment where Microsoft Exchange Server 2000 or Microsoft Exchange Server 2003 previously existed, and all those servers have been removed during migration, there is a chance that an Administrative Group (First Administrative Group or another custom Administrative Group) remains with a Servers container, but no servers inside it.

    image

    During Public Folder replication, when the Exchange 2010 Store Driver sees the empty Servers container in Active Directory, it expects a System Attendant object inside the container and when it is not found, the following error is logged in the events:

    Source: MSExchange Store Driver
    Event ID: 1020
    Level: Error
    Description:
    The store driver couldn’t deliver the public folder replication message "Hierarchy (PublicFolder@contoso.com)" because the following error occurred: The Active Directory user wasn't found.

    In addition to above behavior, you may experience issue wherein you cannot send email to mail enabled public folders and receive an NDR as follows:

    “#554 5.2.0 STOREDRV.Deliver.Exception:ObjectNotFoundException; Failed to process message due to a permanent exception with message The Active Directory user wasn't found. ObjectNotFoundException: The Active Directory user wasn't found. ##”

    Scenarios in which above behaviors can be seen:

    1. You migrated from Small Business Server 2003 to Small Business Server 2011. After completing migration you uninstalled Exchange 2003 on Small Business Server 2003 and demoted the source Small Business Server 2003.
    2. You have a Small Business Server 2008 environment which was initially migrated from Small Business Server 2003. This Small Business Server 2008 server is now used as a source for migrating to Small Business Server 2011. After completion of migration you uninstall Exchange 2007 and demote Small Business Server 2008.
    3. You are migrating from Windows Server 2003 or Windows Server 2008 standard domain which has Exchange 2003 installed, to Small Business Server 2011. After completing migration you uninstall Exchange 2003.

    In above scenarios, the Servers Container in Administrative Group (First Administrative Group or another custom Administrative Group from Exchange 2003) is left empty.

    To resolve this issue, follow these steps:

    Warning: If you use the ADSI Edit snap-in, the LDP utility, or any other LDAP version 3 client, and you incorrectly modify the attributes of Active Directory objects, you can cause serious problems. These problems may require you to reinstall the Windows Server Operating System or Microsoft Exchange or both. Microsoft cannot guarantee that problems that occur if you incorrectly modify Active Directory object attributes can be solved. Modify these attributes at your own risk.

    1. Start the ADSI Edit tool. To do this, click Start , click Run , type adsiedit.msc , and then click OK
    2. Expand Configuration Container [servername.domainname.com] , and then expand CN=Configuration,DC=CPANDL,DC=local
      (where CPANDL.local is your domain name) 
    3. Expand CN=Services, expand CN=Microsoft Exchange, and then expand CN=CPANDL
      (where CPANDL is the name of your Exchange organization)
    4. Expand CN=Administrative Groups, and then expand CN=first administrative group
      (where first administrative group belongs to Exchange 2003)
    5. Expand CN=Servers
    6. Verify there are no server objects listed under the Servers container
    7. Right click on the empty CN=Servers Container and choose Delete, as represented in the screenshot.

    image

  • The Official SBS Blog

    Introducing Microsoft Support For Small Business Portal: Helping Small Businesses Get Back To Business!

    • 1 Comments

    [Today’s post comes to us courtesy of Marie McFadden from Engineering, Community and Online]

    The Microsoft Support for Small Business experience provides small businesses with easy solutions for technology issues.

    • With the small business online support experience, small businesses can fix a problem, learn how to use a product, or get help from Microsoft. 
    • Benefits of the small business online support experience include integration with existing small and medium business marketing portals, an easy-to-use user interface, simplified guided walkthroughs and freedom for customers to choose their preferred support methods. 
    • The small business online support experience runs across the top Microsoft products, services and scenarios for small business customers. 

    To know more about the portal and its benefit, please visit http://smallbusiness.support.microsoft.com/en-us

  • The Official SBS Blog

    Key Small Business Server 2011 Essentials Log Files

    • 2 Comments

    [Today's post comes to us courtesy of Ashish Sukhija and Rituraj Choudhary from Commercial Technical Support]

    In SBS Essentials the location of the log files is under C:\ProgramData\Microsoft\Windows Server\Logs. From a support perspective this can be very handy as you will always know where the log file will be located. We have compiled a list of important logs and their associated wizards below. Please note that there are a few wizards which refer to one or more logs. C:\ProgramData is hidden by default. Please use Folder Options in Windows Explorer to unhide it.

    Log files on the Windows SBS 2011 Essentials Server:

    image Alert viewer ProviderRegistryService.2.log
    image Server Settings ProviderRegistryService.2.log

    image
    GETTING STARTED TASKS  
    Set up Server Backup

    Dashboard.log

    Set up Remote Web Access

    Dashboard.log, SharedServiceHost-DomainManagerServiceConfig.log

    Set options for sharing Dashboard.log
    Set up alert email notification Dashboard.log
    Set up Microsoft Office 365 Integration  
       
    COMMON TASKS  
    Add a user account Dashboard.log
    Add a shared folder Dashboard.log

    image
    Deactivate User Account/ Activate User Account SharedServiceHost-O365ProviderServiceConfig.log, SharedServiceHost-O365ProviderServiceConfig.#.log and Dashboard.log
    Assign Office 365 account SharedServiceHost-O365ProviderServiceConfig.log, SharedServiceHost-O365ProviderServiceConfig.2.log and Dashboard.log
    Unassign Office 365 account SharedServiceHost-O365ProviderServiceConfig.log, SharedServiceHost-O365ProviderServiceConfig.2.log and Dashboard.log
    Add a user account Dashboard.log
    Set the password policy Dashboard.log
    Remove the user account Dashboard.log
    Change the user account password Dashboard.log

    image
    View the server properties ProviderRegistryService.2.log
    Restore files or folders for the server SharedServiceHost-AlertServiceConfig.2.log
    Customize Backup of the server SharedServiceHost-SystemServiceConfig.2.log
    View alerts for the server ProviderRegistryService.2.log
    Additional client computer backup tasks ProviderRegistryService.2.log

    image
    Move a folder storageservice2.log, Dashboard.log
    Add a folder storageservice2.log, Dashboard.log
    View the folder properties storageservice2.log, Dashboard.log

    image

    Change the Office 365 administrator account OIMGettingStartedWizard.log
    Link a domain to Office 365 Dashboard.log
    Uninstall Office 365 Integration Module OIMUninstallWizard.log

    Other log files:

    Remote Web Access browsing C:\ProgramData\Microsoft\Windows Server\Logs\WebApps\RemoteAccess.log
    My Home Server app on Windows 7 Phone C:\ProgramData\Microsoft\Windows Server\Logs\WebApps\MobileData.log
    Active Directory Domain Setup Log DCPromo_date_time.log

    Few relevant log files on the Windows SBS 2011 Essentials Client:

    The log files for the Vista and later clients are located in C:\ProgramData\Microsoft\Windows Server\Logs. The log files on Windows XP clients are present under C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Server\Logs.

    Windows Small Business Server 2011 Launchpad Launchpad.log
    Backup BackupLaunchpad.log
    Opening the Dashboard from the client DashboardClient.log
    Presence of Essential Server and configures the local DNS services Launchpad.log
    Windows Firewall Configuration for Remote Desktops on Clients RemoteDesktopClientConfig.log
    Backup Launchpad BackupLaunchpad.log
    Added Scheduled Tasks RunTask-AddScheduledTasks.log
    Scheduled Backup Task RunTask-Backup.log
    Customer Experience Improvement Program Run Task-SaveCEIPData.log
    Windows Small Business Server 2011 Connector ComputerConnector.log
    Client Setup ClientCore.msi.log, ClientDeploy.log

    For non-Windows client computers, the following log files are referred:
    1.    System.log
    2.    Library/Logs/Windows Server.log
    3.    Library/Logs/CrashReporter/LaunchPad-<nnn> (all of the LaunchPad-<nnn>.crash files)
    4.    Library/Logs/DiagnosticReports/LaunchPad-<nnn> (all of the LaunchPad-<nnn>.crash files)

    Windows Server Solutions Log Collector Tool is an efficient way to collect all of the logs and can be downloaded here.

  • The Official SBS Blog

    Understanding Remote Web Access File Sharing

    • 6 Comments

    [Today's post comes to us courtesy of Gagan Mehra from Commercial Technical Support]

    Remote Web Access file sharing is the new feature added to the Small Business Server 2011 family. It allows users access shares and the files they contain on SBS server remotely. With file sharing in RWA you can:

    • Upload and download files
    • Create and delete folders underneath the shared folder
    • Cut, copy and paste files
    • Rename files and folder
    • Drag and drop the files (requires browser add-on)

    File Sharing - Share List Exclusion

    RWA will display every share on the server unless the share meets one of the following criteria, in which case they will be hidden. This list is not user modifiable:

    • Share name is null or empty
    • Share type is not of type disk drive (0)
    • Share name ends with a $
    • Share is special
      • NETLOGON
      • SYSVOL
    • Share directory does not exist
    • Share is not created on an NTFS volume
    • User does not have share-level permissions to share*

    * Note: In SBS 2011 UR1+, RWA no longer checks user permissions and will display shares you do not have access to. You cannot open them, but you will see their names.

    clip_image002


    Remote Web Access file sharing provides a tree view feature with which you can see the files and folders inside a share without even accessing it.

    clip_image004


    Easy File Upload Tool

    The easy file upload tool streamlines the process of uploading files to your SBS 2011 server . With the easy file upload tool, you can drag and drop files to upload them to the Shared Folders in a single batch.

    clip_image006


    You can install the Easy File Upload Tool by clicking the Upload button and then click Install the easy file upload tool option as seen below.

    clip_image008


    File Sharing Permissions

    Shares which are visible on the Remote Web Access page can be controlled via Sharing and NTFS permissions. Share-level permissions allow you to see the share on the RWA but do not guarantee you have access to interact with it. In order to access the share, the user must have both share-level and NTFS-level permissions to it.

    Note: Due to interaction between RWA and UAC, built-in administrative accounts do not work as expected. If you have a share that is restricted to a built-in admin only (i.e. Administrators), you will not be able to access the share, even while logged on as an administrator. If you need this functionality, create your own custom admin account and lock permissions down on the share to that account.

    Note: Network Service account must have read access to the folder or the parent folder in order for documents to appear.

    File Sharing Limitations

    Uploads are restricted to 2 GBs.

    Additional Information

    http://blogs.technet.com/b/sbs/archive/2011/03/10/introduction-to-sbs-2011-remote-web-access-rwa.aspx

  • The Official SBS Blog

    Windows Small Business Server 2011 Premium Add-on FAQ

    • 0 Comments

    [Today's post comes to us courtesy of Ning Kuang from Sustained Engineering]

    A new wiki has been released that answers FAQs around deploying Windows Small Business Server 2011 Premium Add-on.

    For more information, please visit http://social.technet.microsoft.com/wiki/contents/articles/8592.sbs-2011-premium-add-on-faq-en-us.aspx

Page 1 of 95 (568 items) 12345»