The Official SBS Blog

The official blog for Small Business Server (SBS) support and product group communications.
Search Form
  • Advanced search options...
Tags
SBS Related Links
SBS-Related Links
EPS Team Blogs
Disclaimer
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. This weblog does not represent the thoughts, intentions, plans or strategies of Microsoft. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm
Options

April, 2011

TechNet Blogs > The Official SBS Blog > April, 2011
Recent Blog Posts
Sort by: Most Recent | Most Views | Most Comments
Excerpt View | Full Post View
  • The Official SBS Blog

    Scheduled Task to Remove Old IIS Logs for WSUS has been Updated for SBS 2008 and SBS 2011 Standard

    Posted over 1 year ago
    by
    • 0 Comments

    [Today's post comes to us courtesy of John Bay from Commercial Technical Support]

    One of the problem areas in Small Business Server 2008 is the amount of disk space consumed by the WSUS IIS Log; files for reference see: Recovering Disk Space on the C: Drive in Small Business Server 2008. To help ease this problem, Small Business Server 2011 Standard has a scheduled task that will automatically remove any IIS logs associated with the WSUS Administration Website. The scheduled task is named WSUSLogCleaner and is located in the Task Scheduler Library under Microsoft > Windows > Windows Small Business Server 2011 Standard.

    The scheduled task runs a VBScript named WBSLogCleaner.VBS. This script takes an argument which is number of days of log files to keep.

    clip_image004

    By default, on Small Business Server 2011 Standard, this value is set to 100. The value can be reduced if necessary. The script will run every night and will remove any IIS log file associated with the WSUS administration website that is older than 100 days.

    Small Business Server 2008 Update Rollup 5 was released In January 2011. This update rollup installs and configures the same scheduled task as in SBS 2011 Standard. In SBS 2008, the scheduled task is configured by default to use an argument of 30 so it will only keep 30 days of log files.

    The script will log the results of the execution in the following file: c:\program files\windows small business server\logs\wsuslogcleaner_script.log

    In some cases, the script may be unable to locate the WSUS administration website. If this happens, the script will fail to cleanup any of the WSUS IIS log files and will log the following error in the wsuslogcleaner_script.log file:

    1/26/2011 3:13:09 PM Start deleting WSUS logs
    1/26/2011 3:13:09 PM Failed : Invalid index. (-2147352565)

    We have recently published a KB article with an updated version of the wsuslogcleaner script that corrects this problem. To resolve this issue, follow the steps from the following link to replace the old wsuslogcleaner script with the new version:

    http://support.microsoft.com/kb/2538579

  • The Official SBS Blog

    Windows Server Solutions BPA Checklist

    Posted over 1 year ago
    by
    • 4 Comments

    [Today's post comes to us courtesy of David Copeland from Commercial Technical Support]

    Earlier this month we published a post introducing the new Windows Server Solutions BPA, which is currently available for download.  Below is a list of the checks, broken down by each product supported, that the Windows Server Solutions Best Practices Analyzer (BPA) performs as of 4/25/2011.  We will publish updates to this list as new checks are added in the future:

    Small Business Server 2011 Standard Edition

    Checks the following service’s start mode:

    • DNS Client – DNSClientStartModeSection
    • DHCP Client – DHCPClientStartModeSection
    • IIS Admin Service – IISAdminStartModeSection
    • Remote Registry – RemoteRegistryStartModeSection
    • Remote Desktop Gateway – TSGatestartModeSection
    • Windows Update – AutoUpdatestartModeSection
    • Distributed Transaction Coordinator – DTCStartModeSection
    • Netlogon – NetlogonStartModeSection
    • DNS Server – DNSServerStartModeSection
    • Windows SBS Manager - SBSMgrstartModeSection

    Checks that the following services are started:

    • DNS Client – DNSClientStartedSection
    • Windows Update – AutoUpdatesStartedSection
    • DHCP Client – DHCPClientStartedSection
    • IIS Admin Service – IISAdminStartedSection
    • World Wide Web Publishing Service – W3SVCStartedSection
    • Remote Registry – RemoteRegStartedSection
    • Remote Desktop Gateway – TSGateStartedSection
    • Windows Time – W32TimeStartedSection
    • Distributed Transaction Coordinator – DTCStartedSection
    • Netlogon – NetlogonStartedSection
    • DNS Server – DNSServerStartedSection
    • Windows SBS Manager - SBSmgrStartedSection

    Checks the following service’s logon account:

    • DNS Client – DNSClientStartNameSection
    • Windows Update – AutoUpdatesStartNameSection
    • DHCP Client – DHCPClientStartNameSection
    • World Wide Web Publishing Service – W3SVCStartNameSection
    • Remote Desktop Gateway – TSGatewayStartNameSection
    • Windows Time – W32TimeStartNameSection
    • Distributed Transaction Coordinator – DTCStartNameSection
    • Netlogon – NetlogonStartNameSection
    • DNS Server – DNSServerStartNameSection
    • Windows SBS Manager - SBSMgrStartNameSection

    Other Checks:

    • SKUsFoundSection – Returns the Operating System Platform name
    • PingDefGtwySection – Checks to see if the server is not able to ping the default gateway
    • PingDefGtwyOKSection – Checks to see if the server is able to ping the default gateway
    • Check2IPsSection – Checks to see if there are multiple IP addresses on the network card
    • IPFilteringSection – Checks to see if IP Filtering is enabled
    • HyperVSection – Checks to see if the Hyper-V role is installed
    • IPv6Section – Check to see if IPv6 appears to be improperly disabled
    • KernelAuthEnabledSection – Check to see if Kernel Mode Authentication is enabled in the applicationhost.config for IIS
    Small Business Server 2011 Essentials

    Checks the following service’s start mode:

    • DNS Client – DNSClientStartModeSection
    • DHCP Client – DHCPClientStartModeSection
    • IIS Admin Service – IISAdminStartModeSection
    • World Wide Web Publishing Service – W3SVCStartModeSection
    • Remote Registry – RemoteRegistryStartModeSection
    • Remote Desktop Gateway – TSGatestartModeSection
    • Windows Time – W32TimestartModeSection
    • Windows Update – AutoUpdatestartModeSection
    • Distributed Transaction Coordinator – DTCStartModeSection
    • Netlogon – NetlogonStartModeSection
    • DNS Server - DNSServerStartModeSection

    Checks that the following services are started:

    • DNS Client – DNSClientStartedSection
    • Windows Update – AutoUpdatesStartedSectio
    • DHCP Client – DHCPClientStartedSection
    • IIS Admin Service – IISAdminStartedSection
    • World Wide Web Publishing Service – W3SVCStartedSection
    • Remote Registry – RemoteRegStartedSection
    • Remote Desktop Gateway – TSGateStartedSection
    • Windows Time – W32TimeStartedSection
    • Distributed Transaction Coordinator – DTCStartedSection
    • Netlogon – NetlogonStartedSection
    • DNS Server - DNSServerStartedSection

    Checks the following service’s logon account:

    • DNS Client – DNSClientStartNameSection
    • Windows Update – AutoUpdatesStartNameSection
    • DHCP Client – DHCPClientStartNameSection
    • IIS Admin Service – IISAdminStartNameSection
    • World Wide Web Publishing Service – W3SVCStartNameSection
    • Remote Desktop Gateway – TSGatewayStartNameSection
    • Windows Time – W32TimeStartNameSection
    • Distributed Transaction Coordinator – DTCStartNameSection
    • Netlogon – NetlogonStartNameSection
    • DNS Server - DNSServerStartNameSection

    Other Checks:

    • SKUsFoundSection – Returns the Operating System Platform name
    • PingDefGtwySection – Checks to see if the server is not able to ping the default gateway
    • PingDefGtwyOKSection – Checks to see if the server is able to ping the default gateway
    • Check2IPsSection – Checks to see if there are multiple IP addresses on the network card
    • IPFilteringSection – Checks to see if IP Filtering is enabled
    • HyperVSection – Checks to see if the Hyper-V role is installed
    Windows Storage Server 2008 R2 Essentials

    Checks the following service’s start mode:

    • DNS Client – DNSClientStartModeSection
    • DHCP Client – DHCPClientStartModeSection
    • IIS Admin Service – IISAdminStartModeSection
    • World Wide Web Publishing Service – W3SVCStartModeSection
    • Remote Registry – RemoteRegistryStartModeSection
    • Remote Desktop Gateway – TSGatestartModeSection
    • Windows Time – W32TimestartModeSection
    • Windows Update – AutoUpdatestartModeSection

    Checks that the following services are started:

    • DNS Client – DNSClientStartedSection
    • Windows Update – AutoUpdatesStartedSection
    • DHCP Client – DHCPClientStartedSection
    • IIS Admin Service – IISAdminStartedSection
    • World Wide Web Publishing Service – W3SVCStartedSection
    • Remote Registry – RemoteRegStartedSection
    • Remote Desktop Gateway – TSGateStartedSection
    • Windows Time - W32TimeStartedSection

    Checks the following service’s logon account:

    • DNS Client – DNSClientStartNameSection
    • Windows Update – AutoUpdatesStartNameSection
    • DHCP Client – DHCPClientStartNameSection
    • IIS Admin Service – IISAdminStartNameSection
    • World Wide Web Publishing Service – W3SVCStartNameSection
    • Remote Desktop Gateway – TSGatewayStartNameSection
    • Windows Time - W32TimeStartNameSection

    Other Checks:

    • PingDefGtwySection – Checks to see if the server is not able to ping the default gateway
    • PingDefGtwyOKSection – Checks to see if the server is able to ping the default gateway
    Windows MultiPoint Server 2011

    Checks the following service’s start mode:

    • Windows MultiPoint Server Host Service - WMSSvcStartModeSection

    Checks that the following services are started:

    • Windows MultiPoint Server Host Service – WMSSvcStartedSection
    • Remote Desktop Services - TermServiceStartedSection

    Checks the following service’s logon account:

    • Windows MultiPoint Server Host Service - WMSSvcStartNameSection

    Other Checks:

    • SRCShellAccountExistsSection – Verifies the SRCShell local account exist
  • The Official SBS Blog

    How to Obtain the Certificate Distribution Package in SBS 2011 Standard through Remote Web Access

    Posted over 1 year ago
    by
    • 0 Comments

    [Today’s post comes to us courtesy of Mohammed Sabir Chandwale, Moloy Tandon, and Shawn Sullivan from Commercial Technical Support]

    SBS 2011 Standard, just like SBS 2008, allows you to create a self-issued SSL certificate via the Internet Address Management Wizard so that you can communicate securely with the server without having to purchase a certificate. The client requirements for trusting this certificate have not changed since the last version; they must still obtain the certificate distribution package to install the signing CA cert in order to make a connection using Outlook Anywhere or Remote Desktop Gateway (see previous blog post). However, the distribution of the certificate package in SBS 2011 Standard has been made much easier as opposed to SBS 2008.

    Instead of relying on the administrator to send the certificate package to the external users, the users can now simply connect to Remote Web Access (formerly known as Remote Web Workplace) and download it for themselves using the new Shared Folders feature. To accomplish this, do the following:

    1. Log onto RWA.
      Note: The user must be a member of the Windows Remote Web Access Users group.  They will be if you have created the user from the SBS Console.
    2. On the home page, click on Shared Folders > Public. 

      image
    3. Expand Public, click Downloads, and check Install Certificate Package.zip. Click Download.

      image
    4. Choose any of the download formats and save the files on the client on the local disk.

      clip_image005
    5. Extract the package and launch InstallCertificate.exe . This will install the signing CA certificate on a computer running XP SP2 or later or a mobile device running Windows Mobile 6 through 6.5. To install the certificate on a Windows Phone 7 device, follow the steps in this post.
  • The Official SBS Blog

    Content, Content and More Content – Part 2

    Posted over 1 year ago
    by
    • 0 Comments

    [Today’s post comes to us courtesy of Michael Leworthy from Windows Server Marketing]

    In this blog we will focus on more download type resources available such as datasheets and guides.

    Highlights

    Windows Small Business Server 2011 Best Practices Analyzer

    Windows SBS 2011 Best Practices Analyzer (BPA) is a free diagnostic tool that is built on the Microsoft Baseline Configuration Analyzer (MBCA) technology. Windows SBS 2011 BPA scans a computer that is running Windows SBS 2011, and it compares the existing server settings to a predefined set of recommended best practices.

    Windows Small Business Server 2011 Standard Installation Guide

    This guide contains step-by-step instructions to install Windows SBS 2011 Standard and information about the Getting Started tasks that you must complete to configure your server.

    Datasheets & Presentations

    Want to learn more about SBS 2011 Standard and Essentials; why you should upgrade, what are the new features and how it compares to other products in the SMB space? You can learn this and more with the full set of datasheets now available for SBS 2011.

    Looking for Which Server to choose downloads?

    The new interactive Which Server To Choose ppt is now available for download. This will guide you with a few simple questions in understanding which server best suites which scenario.

  • The Official SBS Blog

    How to Determine the Number of Days Left for SBS 2011 Standard Migration

    Posted over 1 year ago
    by
    • 0 Comments

    [Today's post comes to us courtesy of Rod White from Commercial Technical Support]

    In order to determine the number of days left to complete your migration, SBS 2011 Migration Wizard Home page now displays a warning at the bottom of the page. In previous versions of Small Business Server, administrators had no obvious way of determining the number of days left during the 21 day migration period. As long as you're still within the migration process the information will be at the bottom of the "Migration Wizard Home" page. Once 21 days has been passed, the source server will begin its cycle of reboots until it is removed from the domain.

    To open the Migration Wizard:

    1. Double-click the Windows SBS Console icon on the desktop.
    2. On the Home Tab > Getting Started Tasks > select the "Migrate to Windows SBS" wizard.

    clip_image002

  • The Official SBS Blog

    How to Configure SBS 2011 Standard to Accept E-mail for Multiple Authoritative Domains

    Posted over 1 year ago
    by
    • 1 Comments

    [Today’s post comes to us courtesy of Moloy Tandon, Sabir Chandwale, and Shawn Sullivan from Commercial Technical Support]

    Think of a scenario where there is a business requirement in your company to have a separate email domain for a set of users. These users can belong to a different business unit within your organization for which you want to provision a different e-mail address, or could belong to a sister company managed by the same SBS 2011 Standard server. This blogpost will demonstrate the steps for accomplishing this, which breaks down into two parts:

    1. Create a new authoritative Accepted Domain.
      • This defines the second SMTP namespace that you will accept email for.
      • We will use an authoritative Accepted Domains because all recipient mailboxes reside inside the local organization and do not require external routing for delivery. For more information on Accepted Domains, visit the following link:
        http://technet.microsoft.com/en-us/library/bb124423.aspx
    2. Create a new Email Address Policy with a recipient filter.
      • Email Address Policies stamp the recipients with the email addresses that you configure.
      • In this scenario we want to apply addresses in the second namespace only to a subset of the recipients in the domain. We will show you how to use a recipient filter to accomplish this.

    There are certain things you must have in order before following this procedure. Make sure you have done the following:

    1. Complete the Internet Address Management Wizard.
      • If you do not choose partner DNS registrar in this wizard, then you will need to manually register all of the public DNS records that the wizard would have otherwise configured for you.  This includes the MX record for your first SMTP domain.
    2. Register another MX record in public DNS. This will be for the second SMTP domain you plan to host.
    3. Verify that you can send and receive email for your primary SMTP domain.
      • If this doesn’t work, it will need to be troubleshot beforehand to correct any issues that will prevent this process from being successful.
    4. Create some way of dividing the subset recipients from the rest of the domain so that you can target them in a filter.
      • We do two ways in the example below; using a custom OU and using a custom attribute.

     

    Creating the Accepted Domain

    Configure the accepted domain entry by following these steps:

    1. Launch the elevated Exchange Management Console.
    2. Expand the Organization Configuration node, click Hub Transport, click the Accepted Domains tab and choose New Accepted Domain…

      image
    3. On the New Accepted Domain page, type a name to identify the accepted domain entry. In the Accepted Domain field, type the SMTP domain name. Select Authoritative Domain. E-mail is delivered to a recipient in this Exchange organization. Click New.

      image

    Creating the Email Address Policy

    Next, we need to configure an e-mail address policy for the authoritative domain. You can either modify an existing policy, or create additional e-mail address policy for a filtered set of recipients to meet the objectives of your scenario.

    In this example, we will create additional e-mail address policy that will be used as the primary e-mail address for a filtered set of recipients whose properties identify a specific company affiliation under the Custom OU as shown in the below screen shot from Active Directory Users and Computers:

    image

    1. In the same Exchange Management Console, under Organization Configuration > Hub Transport, click the E-mail Address Policies and click New E-mail Address Policy.

      image
    2. Type a name for the e-mail address policy. Since the users that will be assigned this e-mail address policy are all in a specified organizational unit (OU), click Browse and select the OU where they reside. Select an option under Include these recipient types to determine to which recipient types this e-mail address policy will be applied. Click Next.

      image
    3. Select the condition that will be used to filter the recipients to which the policy is applied. In this example, we select Recipient is in a Company and then specify the text string that we used on the Company attribute for the desired users.


      image

    4. Click Next to enter the E-mail Addresses page. In the SMTP E-mail Address dialog box, select the option under E-mail address local part that determines how the recipient’s e-mail address alias will be generated.

      image
    5. Click the Select the accepted domain for the e-mail address option. Click Browse and select the accepted domain you just created.

      image
    6. The e-mail address entry is displayed in bold type to indicate that it’s now the primary, or reply to, address for the recipients to whom this e-mail address policy applies.

      image
    7. Click Next and choose to apply the policy immediately and then finish out the wizard.
Page 1 of 3 (13 items) 123