Welcome to TechNet Blogs Sign in | Join | Help

Marcus Hass' [MS] Blog

Interesting tidbits about Microsoft Infrastructure and other products. Occasional rants about travel, gaming and gadgets.
Small Business Server 2003 Upgrade from Hell

Last week, I decided to take a few vacation days and fly out to Ogden, Utah to help my wife’s old company upgrade from Small Business Server (SBS) 2000 to SBS 2003.  They are a small, 10 person operation that manufactures high end ski and board apparel (www.descente.net or www.ridedna.com).  The have a main office in downtown Ogden, a warehouse about 5 blocks away and a Canadian office in Vancouver.

 

The primary reason for the upgrade is that the president now resides in Canada, and his mailbox is back in Ogden.  OWA is great, but it times out and the Exchange 2000 version was not the best and fastest interface.  So, RPC/HTTP aka Outlook over the Internet is the perfect solution!  BTW, his laptop runs Windows XP Japanese as well as Office 2000/Outlook 2003 Japanese but when I sit down it almost looks like I can read Japanese because I have almost everything memorized, I was often asked by other employees if I spoke Japanese.

 

Anyway, SBS has always meant in my mind “super tight integration of Microsoft Infrastructure products and a super easy GUI for non-computer type people to manage their business”.  Of course another way of saying this is “I am going to hate using the SBS tools, please god give me normal MMC consoles”.  I also thought, “what a simple upgrade this is going to be, should I fly out or can I do it over VPN if someone sites there on the phone with me”.  Flying turned out to be a godsend.

 

First of all, support calls for Microsoft employees are not free.  We either have to pay, or we get 3 Quick Assist calls that we can give to people.  These are mainly meant to give to the guys that stop you and say, “Hey you work for Microsoft?  I have Windows 98’ and I can’t print to this HP LaserJet II, can you help?”  In this case, I needed all three Quick Assists and didn’t have any with me so I bummed a couple from coworkers.

 

Here are the highlights:

 

Support Call 1:

SBS upgrade halted, keeps insisting that “All domain controllers could not be contacted”.   Some braniac when the system was first installed decided to implement a second DC on some old hardware.  The hardware failed shortly after installation and AD was never cleaned up. 

 

I made sure that all the roles were seized by their primary DC (they were).  And I tried to delete the DC out of the domain, no luck.  I used NTDSUTIL, ADSI Edit, DNS srv records, everything was gone, but it still insisted that “All domain controllers could not be contacted”.

 

Support ended up finding a way around this little check in the upgrade process and we were able to continue with the upgrade.

 

Support Call 2:

ISA 2004 is included in on the Technologies disk of SBS 2004 Premium Edition.  They don’t’ advertise that, but I feel it is critical because the ISA 2004 GUI is worlds better than ISA 2000/Proxy Server 2.0.

 

During the install, ISA would bomb out with a .Net runtime error.  It appeared that ISA completed installing itself and the MSDE for ISA, but it never installed the rules for SBS.

Turns out that the SBS wrapper around ISA 2004 forces it to utilize some of the SBS Admin tools that get installed.  The Admin tools were never installed during the upgrade, and I never unselected them.  To me, there must be a bug in the upgrade process or they purposely defaulted them not to be installed.

 

After installing SBS admin tools, I reran ISA setup and it went through fine.

 

Support Call 3:

After a long debate with SSL certs because for some reason their old SSL cert didn’t correctly move over to the Windows 2003 certificate store, I had to have the cert authority reissue it. 

 

After reissue, I imported it into both IIS and used it for the web listener in ISA.  It is a cert from www.xramp.com that has a public cert authority at very reasonable prices.

After OWA, OMA, and EAS were working, I decided to tackle RPC/HTTP for the president and their warehouse.  By this time, I had flown back home and I built a Windows XP Virtual Server image and joined it to their domain to test RPC/HTTP.  I VPN’d in from my Virtual Server image, joined the domain and got standard MAPI over TCP/IP working, cool!  I disconnected the VPN, and setup the RPC/HTTP proxy settings on the client, and I new that the Outlook settings were correct and the certs were good, but it wouldn’t connect.  It kept prompting me for login credentials.

 

Support traced the problem to the “Proxy Authentication Settings” being set to NTLM Authentication, for SBS apparently it must use Basic Authentication.  The support tech also claimed that you can’t hit the “Check Name” button when you use RPC/HTTP, which I knew for a fact not to be an issue when you initially create the profile with TCP/IP.  I tested this, and there isn’t an issue if you create a profile when you have the full MAPI TCP/IP connection, and later add RPC/HTTP.

 

Summary:

I am disappointed that this wasn’t as smooth as an update as I expected.  Again, SBS is targeted at business of 100 or less people that probably don’t have a full time IT person, or have access to $295 per incident support from Microsoft.

 

In dealing with the SBS products, there seems to be a GUI that has simplified administrative tasks, but the underlying technology seems to still be hobbled together.  Many of the products are wrapped or functionality is hidden/taken away, and don’t appear to be engineered from the beginning to work together on a single server.  Overall, I highly recommend SBS 2003 especially since the premium edition includes ISA 2004.  But, I think that we need to have the SBS teams sit in early on Windows, Exchange/Office, ISA, and SQL engineering design sessions and architect those products to operate better together on a single box to give SBS the reliability and ease of updates it deserves.

Posted: Wednesday, November 02, 2005 9:32 PM by mhass

Comments

SBS said:

Just for the record...SBS is targeted at a company with 75 or less [not 100] and for a firm to hire a consultant.

You can install a server as a DIYer... migration and upgrading ...that's difficult even for the experts.

As a SBS owner... I've call PSS support several times. And called PSS. And paid and it's been worth it.

But there's a couple of best practices from the consultant crowd that I'd like to point out:

First off we don't recommend inplace upgrades as they leave behind mixtures of permissions between 2000 and 2003.

The issue of the other domain controller? That's not an SBS issue per se.

The best "upgrade" is to new hardware.

I agree with you but I disagree with you.. it's not the SBS teams that need to sit in at the other design sessions...but the other teams to come and sit in on SBS design sessions.

It's the parts that need to work together well on SBS...not SBS that needs to work better with the teams.

Migration and upgrading is not a SBS problem, it's a systemic problem with the entire product line. It is not easy to migrate/upgrade period. Most of the pros have done this before in a test setting before they do this for a real client.

And that's the other thing that should be pointed out... most small businesses don't do this on their own. In fact there's a specialized partner designation that indicates that the IT Pro has taken the time to 'brand himself'. It's called the Small Business Specialist.

The underlying technology isn't hobbled together...you just did a process that most of us don't recommend that you do, that's all.

Listened to marketing, didn't ya? :-)

Next time come out to the public SBS newsgroups first and we'd tell you that we wouldn't recommend this process in the real world.
# November 3, 2005 1:38 AM

mhass said:

While I agree that an upgrade is not recommended, many small business don't have a choice. They don't have a second server to upgrade to. How many small businesses are going to drop $2,000-$5,000 on a second server just for an upgrade.

We (Microsoft and MVP's) can't tell SBS owners we don't recommend an upgrade, especially in cost sensitive segments such as SBS. The real answer is to engineer the products better and anticipate upgrades on a single server, which is how SBS is marketed.

Unfortunately, the SBS group can't tell the Windows group, Exchange group, etc to come talk to SBS. SBS is such a small market when compared to the overall target of Windows, Exchange, etc that SBS doesn't have the clout to "tell" any of those product teams how and what to do. It needs to be an early engineering decision to remember to archtitect for SBS.
# November 3, 2005 9:30 AM

SBS said:

www.sbsmigration.com

You swing off that old box and swing back on

Notice that is not a Microsoft documented procedure.... again.. you need the migration story fixed at Microsoft.

We have more Exchange servers installed than big server land, we grow more firms, we employ more people in small firms,

The teams need to talk better period.

Patching... don't even get me started on how patching shows that for all the wins there, you need to still fix things.
# November 3, 2005 10:55 AM

Nick said:

So your first experience with SBS wasn’t great. Same for me. When I first got involved with the SBS product, I was coming from a medium environment, and there was a quite unexpected learning curve with how things happen on SBS (not to mention with Small Businesses in general). Since that time, I’ve had the opportunity to work on both sides of my current employer’s business (enterprise integration, and the SMB side), and they are really different worlds.

I think you’re right that we could see tighter integration on the SBS platform. But what we have today on SBS 2003 is just so much better than SBS 2000 (not to mention 4.5), that it’s just amazing, relatively speaking.

One thing you should consider, that I think Susan did a good job of pointing out, is that that SBS isn’t really a DIY-type product. Maybe there’s some marketing out there might lead you to believe it, but there are a world of SBS consultants that add-real value. And the good ones, are the ones who aren’t just deeply technical, but also understand some of the challenges of the “Small Business world”.

And maybe I’m beating a dead horse on this one, but SBS isn’t really some watered-down version of enterprise products. It’s a collection of enterprise products designed to run counter to all of Microsoft’s “best practice” whitepapers (all on one box!). So I can’t just throw a “desktop support” level person any issue that comes up at one of my customer sites. And I certainly can’t recommend a small-business owner do a DIY migration.

Should in-place upgrades work better? Yeah, maybe. But how often do you do an in-place upgrade on the Exchange 2000 server? Oh, never? So why should we be able to do in-place upgrades on an SBS server? Sure, it would be nice. But let’s wait and see how Vista evolves into a server product, and maybe we’ll get some neat improvements on the in-place upgrade issue, using the WIM imaging format.
# November 4, 2005 5:16 PM

Jerry said:

With SBS2k3 the best success if your domain name is the same is the moving train upgrade..ie different hardware and use tools to explort/import users and email. With the setup get a clean windows 2k4 install from the SBS cds (clean meaning zero errors, cancel the sbs portion of the setup so you can get windows clean). Once you get windows 2003 setup correctly and clean you can fire off the SBS setup and take the defaults (generally). It's VERY SIMPLE if you just allow the installer to do it's job.

The main bane of SBS is when us Back Office types jump on the box and don't realize the integration. You CAN use regular tools to manage the components but this may break some parts. At the end of the day re-running the SBS setup from add/remove pgms will often fix most common problems.

Support calls- Often the SBS comes with 2 support calls in the box. Check your purchase to see if your product qualifies.

I used to work on the SBS team in CLT.

# September 6, 2007 2:44 PM

Daniello said:

Did anyone try to install Windows 2003 SBS server in VMWare (Server) as a virtual server, and move it easily from hardware to hardware (ex. upgrading to a faster server hardware, more memoory, disk space, etc.)?

I had to work on an SBS upgrade and it's unnecessarily hard.

# January 9, 2008 4:13 PM

Peter said:

Just follow this guide next time http://go.microsoft.com/fwlink/?LinkId=16414

# November 5, 2008 5:22 PM

SBS2003 SP1 upgrade ISA 2004 CD, CEICW Wizard Cert. | keyongtech said:

PingBack from http://www.keyongtech.com/4206456-sbs2003-sp1-upgrade-isa-2004-a

# January 21, 2009 8:22 PM
Leave a Comment

(required) 

(required) 

(optional)

(required) 

  
Enter Code Here: Required

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Page view tracker