This post has been updated. Please see: http://blogs.technet.com/sbs/archive/2008/05/08/installing-a-self-signed-certificate-as-a-trusted-root-ca-in-windows-vista.aspx
====================================================
[Today's post comes to us courtesy of Wayne McIntyre]
In order for RPC over Http to work you must have a Trusted CA Root Certificate installed and configured. In a situation where you are using a self-signed cert you will need to install the certificate into the Trusted Root Certification Authorities store.
1. Connect to your OWA site by going to https://host.domainname.com/exchange
You should see a screen like the above due to the fact that your self-signed cert is not trusted.
2. Choose "Continue to this website (not recommended)".
You should then be presented with your OWA logon page.
3. Click on “Certificate Error” beside the address bar and select view certificates.
If you do not see the Install Certificate option close IE7 and then right click on IE7 and choose run as administrator and load the page again.
4. Once you have the install certificate button available, select "Install Certificate".
5. This will launch the Certificate Import Wizard. Make sure to Choose the option “Place all certificates in the following store” and select browse.
6. Select Trusted Root Certification Authorities and click Ok.
* In some cases you have to check show physical stores, then select “Local Computer” under Trusted Root Certification Authorities.
7. Click Finish on Completing the Certificate Import Wizard
8. Click yes on the security warning to install the certificate
9. If you want to verify the Certificate has been installed you can load the certificates snap in and you should see it under Certificates –Current User-Trusted Root Certification Authorities-Certificates.
Note: You can also copy it to the local computers certificate store so it applies for all users that use the machine.
If you install the certificate but then cannot see it please read the following KB article: http://support.microsoft.com/default.aspx?scid=kb;EN-US;932156
[Today's post comes to us courtesy of Justin Crosby and Rod White]
We recently received a call where a user needed to create a new MAPI (Outlook) profile. They called because they did not see the Mail shortcut in their Control Panel.
It turned out that the user was using the 64-bit version of Windows Vista. When you are using a 64-bit OS (Windows Vista or Windows Server 2008) there are actually 2 Control Panels, one for 64-bit items and one for 32-bit items. Microsoft Office 2003/2007 is a 32-bit application; therefore it’s Control Panel applet will be in the 32-bit Control Panel, this is necessary because the 64-bit version of explorer.exe cannot open the 32-bit .dll files that are required for this application. For more information on this and other applications that may be affected see http://support.microsoft.com/kb/895561.
To access the 32-bit Control Panel you must open the classic view of Control Panel and click on the “View 32-bit Control Panel Items” link as seen below:
Once the 32-bit Control Panel opened the user could then access his email profiles by clicking the Mail link.
You can also directly open Mail Setup by running “c:\Windows\SysWOW64\control.exe mlcfg32.cpl”
[Today's post comes to us courtesy of Becky Ochs]
We’re getting some great questions here at the SMB Summit. One of yesterday’s geeky questions of the day was, "Why are we are defaulting to use .local as the DNS extension for Windows SBS 2008? Isn’t that a problem for Macs?"
So here’s our logic for using .local and why we still make it flexible for you to choose your own internal domain extension . . .
- Historically, there have been issues with Mac OS X 10.2 and the use of .local that result in connectivity issues. However, the updated releases of the Mac OS no longer have the conflict with .local and there is a workaround to address the Mac OS X 10.3 and newer release.
- The default configuration of .local accommodates most folks for an installation, but if they really don’t like that default, they can easily specify the fully qualified domain name by using the Windows SBS Answer File Tool.
- When you specify domain information in the Answer File Tool, we recommend that you do not use a public TLD (eg .com). If you really want to do that, we won't prevent this, but keep in mind that this is an advanced configuration that will require you to do additional configuration of your networking on your own.
- We will not limit the number of labels in the DNS name to 2, so you can use a.b.c if you really want. However, it must have at least 1 label (i.e. you can’t just have a full DNS name of “contoso”, it must have 2 labels such as “contoso.local”)
And for those of you SBS 2003 folks out there who use Macs, here's a quick plug for the whitepaper that discusses how to add a Mac to an SBS 2003 network:
http://www.microsoft.com/downloads/thankyou.aspx?familyId=89ee677b-0ff6-4558-a54b-6070e2c8cd65&displayLang=en
[Today's post comes to us courtesy of Becky Ochs]
So you couldn’t make it to the SMB Summit 2008 in Las Colinas, TX? Well, maybe next year. For now, here are a few of my favorite features from yesterday’s Windows SBS 2008 focused partner readiness day.
The SBS Answer File Tool is awesome! Kudos to the SBS Deployment Dev Team! I’ve heard several times throughout the day that this tool will help partners to streamline their new server deployments. Partners can fully install a new server (including a box that has been preinstalled by an OEM) at their own office using the customer specific information and then take that server to the customer site to complete the configuration.
They cheered when they heard about the Move Data Folders wizard that will enable you to move the Windows SBS 2008 application data to a specified drive. This wizard works with a new installation, migration, or OEM preinstalled box. You can also script moving data using Windows PowerShell scripts. Very Cool!
Another of my personal favorites that I’ll call out from yesterday. . . Connect Computer, which is used to join new clients to an SBS domain, has been updated for this release. We’ve improved the user experience of this client side wizard. We still have our Web site access to this feature, but we’ve added the ability to run via a USB key as well. Oh, and did I also mention that you can now choose if your users are a local administrator or standard user on the client when we join it to the domain?
It was a day full of technical information about what’s new and what’s updated for the coming Windows SBS 2008 product. There was also great information from our partners who were talking about selling, deploying, and managing SBS.
Today, I’m going to check out what’s happening at the SBS Hands on Labs sponsored by HP and visit with more partners. Catch up with you later . . .
[Today's post comes to us courtesy of Aanal Bhatt]
Hello from Dallas, TX - about 30 of us from Redmond are here at SMB Summit at our first ever partner readiness event for both Small Business Server 2008 and Essential Business Server 2008.
I did the opening this morning with an Intro to SBS alongwith Becky Ochs, a program manager on the SBS development team to a room packed with 400+ partners. I highlighted how we've really listened to partner and customer feedback with this version and made some really cool changes - for example, the ability to buy single CALs, instead of the current 5 CAL pack; creating a strong LOB platform by moving Premium Edition to a separate box, and replacing Workgroup Edition with SQL Server Standard Edition; the ability to run TS in App Mode on this second server. Partners kept cheering and applauding at everyone of those & when asked what their top 1-2 favorite things in SBS 2008, we kept hearing over and over - 'its hard for me to say. i like so much about what's coming in this new version'.
Stay tuned for more on this - we're very excited to see so much partner excitement as we're unveiling this product for the first time to our partners!
On a side note, I just noticed that Wayne Small & Dean Calvert, 2 SBS MVPs from Australia have been upto some mischief, so the excitement is certainly not restricted just to Dallas, TX: check it out
Aanal Bhatt, Partner Marketing, Windows Essential Server Solutions
[Today's post comes to us courtesy of Chris Almida]
Great day for SBS 2008 at the SMB Summit! I had the opportunity to present and watch some of the great presenters from the Product Group demo some of the fantastic new features in SBS 2008 to the packed presentation hall here in Dallas. Topics covered so far include, setup, migration, networking, backup and the client experience. I have especially enjoyed hearing from the partners participating in the SBS 2008 TAP relating their real world experience of running SBS 2008 in production for the last 3 months. More to follow - keep tuned for posts from other on site bloggers!
[Today's post comes to us courtesy off Chris Puckett]
If you use the fax functionality in SBS 2003 or Windows Server 2003 to fax documents or attachments, there is an issue where a document or attachment may end up being sent to the wrong destination. A hotfix is available for this issue. For the details, see KB 933804.
933804: Documents are faxed to the wrong destination if several fax clients call the "FaxSendDocument" API at the same time in Windows Server 2003. http://support.microsoft.com/default.aspx?scid=kb;EN-US;933804
[Today's post comes to us courtesy of Justin Crosby and Chris Puckett]
If you are considering updating your Windows Vista machines to Service Pack 1 please review this KB article that explains reasons you may not see the update available for download on Windows Update and/or Automatic Updates: http://support.microsoft.com/default.aspx?scid=kb;EN-US;948343.
Pay close attention to Cause/Method 5. If you have one of the problem drivers be sure that you update your drivers before installing Windows Vista SP1.
If you are using WSUS to update your clients, Vista SP 1 has not been released to WSUS as a Service Pack at this time. Therefore, Vista computers updated via WSUS will not be offered Vista SP 1 at this time. Vista SP 1 will flow to WSUS servers as a service pack at a later date. However, there is a way to manually import Vista SP 1 into your WSUS server if you wish to push it out sooner. For the details on this, check out the WSUS blog. http://blogs.technet.com/wsus/archive/2008/03/24/deploying-vista-sp1-into-a-wsus-3-0-server-part-ii.aspx
This process applies to WSUS 3.0 RTM and SP1 servers only. WSUS 2.0 does not integrate with the Microsoft Update Catalog site, therefore the steps do not apply to that particular WSUS release. In this case, you have two options. One is to wait until Vista SP1 flows automatically at a later date or upgrade to WSUS 3.0 or 3.1.
Click the following link to watch an interview with Sean Daniel: http://edge.technet.com/Media/SBS-2008-PM-Interview-and-Demo/.
Sean Daniel has been a program manager for Small Business Server since SBS 2000. In this video he tells us a little bit about what's new in Small Business Server 2008 and shows us a demo of the SBS 2008 console. He also describes the backup wizard and he shows us how much backup has evolved in SBS 2008.
[Today's post comes to us courtesy of John Bay]
We wanted to make everyone aware of a minor issue we recently discovered during the testing of Vista Service Pack 1 and Windows Server 2008.
The remote web workplace has the ability to connect to the server console session. This is an optional checkbox exposed under the optional settings link.
If you use a Vista SP1 or a Windows Server 2008 system to connect to the SBS server, the log on to or resume the console session of the remote computer will no longer work correctly. You will get connected to the server but you will not be connected to the console session. You will instead be connected to a new RDP session. Vista Service Pack 1 and Windows Server 2008 include the new version 6.1 of the RDP client. This new RDP clients uses the /admin switch to connect to the server console session instead of the /console switch. The change in behavior of the console switch is documented in article 947723: Changes to remote administration in Windows Server 2008 http://support.microsoft.com/default.aspx?scid=kb;EN-US;947723 . This change causes our connect to the server console option to not work correctly.
If you wish to connect to the server console and your client machine is running Vista Service Pack 1 or Windows Server 2008, you must use one of the following workarounds:
- Use the Remote Web Workplace website and connect to the server or a client machine. Once you are logged on the server or the client run mstsc /console and connect back to the server again. This is assuming of course that the client is not running Vista SP1 or Windows Server 2008. If the client is running either of those OS’s, you must run mstsc /admin and connect to the server.
- If you have published the Terminal Server port to the Internet, you can connect directly to the SBS server console without using the remote web workplace. To accomplish this you would run mstsc /admin from the client and specify the external name or IP address of the SBS server.
As more and more people are installing SQL 2005 WE, we wanted to refresh and clarify a few points and concerns. These are most likely addressed here and there, scattered around the Internet, so hopefully we can provide a quick way of getting to all of them.
The first thing we want to address is the lack of in-place upgrades from SQL 2000 Standard to SQL 2005 Workgroup Edition, if you need an instance to be SQL 2005 WE, you will need to migrate it. This is a limitation of SQL 2005 WE.
The upgrade matrix for SQL products is found here: http://msdn2.microsoft.com/en-us/library/ms143393.aspx
In order to migrate your instances, you will need to consult the line of business vendor for proper migration steps (and to confirm support for SQL 2005 WE). From a technical perspective the steps are pretty straightforward, but there are always gotchas. Make sure you test the migration in your test environment before deploying in production.
High Level Overview of Migration Process:
- Backup the databases
- Record any logins under security and other relevant configurations
- Uninstall the instance you want to migrate to SQL 2005 WE
- Address the issues described in the following 2 KB articles:
- http://support.microsoft.com/default.aspx?scid=kb;EN-US;920899
- http://support.microsoft.com/default.aspx?scid=kb;EN-US;918767
- Install the new version of SQL 2005 WE using same instance name you just removed
- Re-attach databases
- Correct/add logins that we removed before and any other security needs for the LOB application
Please note that this overview is not designed as a comprehensive walk-through of the migration process. Your particular line-of-business application may require additional steps.
Migration of your SharePoint v2 (WSS v2) instance is described in this document: http://download.microsoft.com/download/4/0/8/40860507-c351-4308-a876-e1b83ee4e77a/sqlinstallsteps.htm
This document also discusses (with different levels of detail) the following topics:
Finally, you might want to use all of the SBS 2003 R2 features but still keep your SQL 2000 STD instance, for information on your downgrade rights please see the SBS 2003 SQL FAQ: http://www.microsoft.com/windowsserver2003/sbs/evaluation/faq/bizsolutions.mspx
[Today's post comes to us courtesy of Chris Puckett]
The differences between the 948496 update and the 936594 update are:
- 948496 disables TCPChimney in the registry and 936594 does not touch this setting.
- 948496 is a Critical update and 936594 is an Optional update.
Both updates disable the RSS and TCPA features of the Scalable Networking Pack in the registry.
FAQ:
Q: Do I need to install both 936594 and 948496 on my SBS 2003 server?
A: It is not necessary to install both updates. 948496 is sufficient. If you already have 936594 installed, it is okay to install 948496.
Q: Do I have to uninstall 936594 before installing 948496?
A: No.
Q: I am still experiencing the symptoms described in KB 948496 after installing the update. What should I do next?
A: If you still have any of the symptoms mentioned in KB 948496 after installing that update and rebooting the server, try the following:
- Update the network adapter drivers.
- If that does not help, try Method 2 in the workaround section of KB 948496.
- If that does not help, try disabling checksum offloading and rebooting the server. See KB 904946.
Q: Now that 948496 is out, what will happen to 936594?
A: The 936594 update will be removed from Microsoft Update as the 948496 update is more robust. The 936594 KB article will remain, but will be updated to recommend obtaining the 948496 update.
The Windows Essential Business Server has a home:
http://blogs.technet.com/EssentialBusinessServer/
[Today's post comes to us courtesy of Justin Crosby]
Today we are going to discuss an SBS "house cleaning" tip. If you have been running SBS 2003 for awhile you may be using a lot of disk space to store old IIS logs. This is especially true if your clients are heavy OWA, ActiveSync, RPC over HTTP, or SharePoint users. A recent customer of mine had files dating back to 2004 and was using almost 2 Gigabytes of hard drive space to store these old logs.
To reclaim this space all you need to do is to delete the old files. Please be sure to back them up before deleting, just in case you need the logs in the future. I usually try to keep a weeks worth of logs and delete everything older than that. The logs will be in folders underneath C:\Windows\System32\LogFiles\ by default. The two largest folders on a typical SBS server will be W3SVC1 for the default web site and W3SVC4 for SharePoint (CompanyWeb). If you have created additional web sites you will need to check those site's folders as well.
To check to see if logging is enabled, you will need to open up IIS Manager from Administrative Tools. From there right-click on a web site (Default Web Site for example) and choose Properties. Select the Web Site tab. You should see something similar to the following:
If Enable logging is checked, then logging is enabled. To control where the log is stored, by default the logs are stored in C:\Windows\System32\LogFiles\, click the Properties button. You will get the screen seen below:
Note: It is inadvisable to search your hard drive(s) for *.log and delete all that you find. Many programs actively use information stored in .log files, such as Exchange, and deleting the file may cause issues.