[Today’s post comes to us courtesy of Shawn Sullivan from Commercial Technical Support]
During the initial SBS integrated setup, Exchange is installed and activated for you through an automated task. If Exchange ever needs to be repaired using the steps from the SBS 2008 technet repair guide, a reactivation of the product may be required. Upon launching the Exchange 2007 Management Console, you will be presented with the following warning:
“The following servers in your organization are currently unlicensed.
If you have a product key, select the Enter Product Key action on the server work center action pane. If you do not have a product key, see http://go.microsoft.com/fwlink/?LinkId=63906 for information about how to license your Exchange 2007 servers.”
A hotfix has recently been released that will activate the Exchange 2007 installation running on SBS 2008. You can request and download the hotfix from the following link: http://support.microsoft.com/kb/975263
IMPORTANT: This hotfix is not meant to activate a manual installation of Exchange 2007 if SBS integrated setup initially failed to install it. This usually occurs in migration scenarios where Exchange setup encounters a fatal error condition with the existing environment. In this case, restore the source server’s system state data from the backup you took previous to beginning the migration, determine and fix the cause of the failure, then begin the migration over again. You can use the migration Keys to Success blogpost for more guidance.
[Today’s post comes to us courtesy of Mike Toot from the SBS Marketing Team]
Business computers are key pieces of equipment. They hold customer records, general ledgers, business contracts, half-finished sales proposals, tax records – the list is endless. When a computer fails the common reaction is to go and buy a replacement. The conversation goes like this:
Business Owner: My business computer crashed and I need a new one.
Computer seller: Not a problem. We can even move your applications and data to the new computer for you. When was your last backup?
Business Owner: Uh….
When was the last backup? Does the business even make backups? How easy is it to restore the backup? When a PC fails and there are no backups, a small business incurs the cost of the employee’s down time, plus the cost to recreate the data. This can easily run into hundreds of dollars for each day of down time, more if the PC held customer records or business financials. If there are no current backups for business computers, a hardware failure could easily shutter the doors for good.
One of the easiest ways to back up and protect your business is to use the backup and restore capabilities of today’s operating systems. Windows Small Business Server 2008 (SBS 2008) provides built-in protection for the server. By running a Backup Wizard and defining a backup target, SBS 2008 will then automatically back up critical business information, including Exchange mailboxes, SharePoint sites, user files, and network information. Backups can be made to removable media such as hard drives, to DVD, or to other shares on the network. SBS 2008 even supports a “bare metal” restore so that in case of a disaster the server can be on line again.
When you join computers to the domain, you can run the Redirect folders for user accounts to the server wizard from the SBS 2008 administration console to redirect your user’s “My Documents” folders to the server. This data can then be backed up according the the schedule you define in the Configure server backup wizard in the same console. By default this happens twice a day but can be scheduled to happen as often as once an hour.
Adding Windows 7 Professional, Enterprise, or Ultimate to the domain increases your ability to back up any or all information from the PC to another drive, a DVD drive or a network share. Windows 7 will back up files on whatever schedule you choose; just set it and forget it. This ensures that nightly backups of your computer’s information are kept on a different physical device, giving you the ability to restore your data. Here’s how you can add this level of protection to your network running SBS 2008.
First, open the Administrator Console on the server running SBS 2008. Click the Shared Folders and Web Sites tab, then click Add a new shared folder. This launches the New Share wizard.
On the Shared Folder Location page, create a folder on a volume with enough storage space for all the system images you will create. If you create the folder in the Users directory, this folder will be automatically backed up each night as part of the SBS 2008 backup process.
Click Next until you reach the SMB Permissions page. Select Administrators have Full Control, all other users and groups have only Read access. Click Next until you reach the Review Settings and Create Share page. Click Create, and when the wizard is finished click Close. Finally, because only one system image can be stored in a folder, you will need to create a folder for each computer you want to back up in the \\servername\backups directory.
For the next stage you need to set up the backups for each computer. Log on to the Windows 7 client at the desktop or using the Connect to a Computer feature on Remote Web Workplace. Click Start and then Control Panel. Click Back up your computer; the Backup Wizard starts. In the Back up or restore your files dialog click Set up computer backup. In the Set up backup page click Save on a network. Browse to the \\servername\backups\computername share you created. You will need to enter appropriate credentials for the computer backup. Use an account that is a member of the Administrators group so it will have read-write access to the share you created earlier. For more information on credentials, click the Which credentials should I enter? link.
When you have entered the information, click OK. On the Select where you want to save your backup page, click Next. On the What do you want to back up? Page, select Let Windows choose (recommended). This will back up data files, the user’s desktop files, and default Windows folders. It will also create a system image that can be restored at a later date. Click Next.
On the Review your backup settings page, you can go back and change any of the settings you have entered. You can also change the default backup schedule to daily, weekly, or monthly, as well as set the time for the backup to run. Consider staggering each computer’s backup time so that each computer’s backup has time to complete before the next one starts.
When SBS 2008 and Windows 7 are used together, you provide a belt-and-suspenders protection plan for computers on your network. When you follow the backup plan in this blog, you also create system images for each computer that are also backed up daily.
For small businesses it is now possible to back up ALL business information onto a removable hard drive every night, and back up all the servers and desktops for true disaster recovery should it ever be needed. Small business owners now have less reason to worry about the business and can – hopefully – get a little more sleep each night.
For more information on how SBS 2008 and Windows 7 are better together, visit the Microsoft Web site (http://www.microsoft.com/sbs/en/us/windows7.aspx).
For information on a trial version of SBS 2008, visit the Microsoft Web site (http://www.microsoft.com/sbs/en/us/trial-software.aspx).
For a test drive of Windows 7 Professional, visit the Microsoft Web site (http://www.microsoft.com/windows/business/windows-7-test-drive/).
[Today’s post comes to us courtesy of Chris Puckett]
When you try to install Exchange Server 2007 Service Pack 2 (SP2) on a server that is running Windows Small Business Server 2008, the installation process does not start, and you receive the following error message:
Error:
You must update your Windows Small Business Server 2008 settings both before and after you install Exchange Server 2007 Service Pack 2 (SP2). Before installing SP2 for Exchange Server 2007, read the detailed information at http://go.microsoft.com/fwlink/?LinkId=155135.
This problem occurs because the Exchange Best Practice Analyzer prevents Exchange Server 2007 SP2 from being installed on the server.
To resolve this, you can follow the link that is in the error message to manually install Exchange Server 2007 SP2 or you can use the Microsoft Exchange Server 2007 SP2 Installation Tool for Windows Small Business Server 2008.
For the link to download the tool and the steps to use it, please see KB 974271.
974271 Description of the Microsoft Exchange Server 2007 Service Pack 2 Installation Tool for Windows Small Business Server 2008
http://support.microsoft.com/default.aspx?scid=kb;EN-US;974271
Note: You will first need to update Windows Installer to version 4.5 before you can install this tool. For the link to this download, please see KB 972288
942288 Windows Installer 4.5 is available
http://support.microsoft.com/default.aspx?scid=kb;EN-US;942288
[Today’s post comes to us courtesy of Shawn Sullivan]
An issue experienced by our customers from time to time is when Outlook 2007 generates a certificate name mismatch error while trying to connect to SBS 2008. This is almost always caused by a configuration error in either public or private DNS where the wrong records are present for the type of certificate you have, or the records point to some other destination IP. The purpose of this post is to provide a few steps to help you resolve the issue.
A couple rules to follow when configuring DNS when it comes to Autodiscover and SBS:
- If you plan on using the SBS certificate generated by the Internet Management Address Wizard (IAMW), do not register an Autodiscover A record in either DNS on the SBS server or DNS at your internet registrar.
Important: Some DNS registrars will create a wildcard or “catch-all” record for your public zone that will resolve any prefix, including Autodiscover, to an IP address in the registrar’s public range. You may or may not receive a certificate warning from Outlook; however the connection will still fail. If this applies to you, contact your DNS registrar to have this changed.
- An SRV record should be used with the certificate generated by the IAMW. It will allow Outlook 2007 SP1 and later clients to contact your SBS server using the proper host name that will match the subject name on the certificate.
- You can register an Autodiscover A record only if you have purchased a wildcard or Unified Communications certificate or if you chose “autodiscover” as your domain prefix during the IAMW.
Note: In SBS 2008, the IAMW creates a zone for the public name of your domain in internal DNS along with a Host A record that points to the server’s internal IP. Unless you are hosting your own public DNS records, there should be no other public name records on the server itself.
Note: If you choose to allow a partner registrar to manage your domain for you during the IAMW, then the necessary DNS records, including the SRV record, will be created and updated for you automatically. More information on this process can be found in part 2 and 3 of our IAMW blog post.
Straying from these rules can cause the following scenarios to occur.
SCENARIO 1: You incorrectly have an Autodiscover Host A record registered and you are using the SBS certificate generated by the Internet Management Address Wizard (IAMW) when configuring your domain manually. This certificate does not support the use of an Autodiscover Host A record since does not register Autodiscover as a Subject Alternative Name. If the A record points to the public IP address of the SBS server, the domain name and suffix will match while the prefix will not match.
To resolve this, register a public SRV record that points the Autodiscover service to the public fully qualified domain name that you chose for your server during the IAMW. You can use KB 940881 as a guide to creating this record. Remove any Autodiscover Host A record that you have configured in either private or public DNS and/or verify that a wildcard record is not registered for your domain.
You can use nslookup to verify the SRV record for your domain:
C:\Users\admin>nslookup
> set type=srv
> _autodiscover._tcp.contoso.com
_autodiscover._tcp.contoso.com SRV service location:
priority = 1
weight = 10
port = 443
svr hostname = remote.contoso.com
remote.contoso.com internet address =x.x.x.x
SCENARIO 2: You have installed a trusted certificate on the SBS server that supports the use of an Autodiscover A record, such as a Unified Communications or wildcard certificate. You have an Autodiscover A record registered for the domain, but it points to the wrong public IP. If the server at that IP is publishing an SSL site, you will receive a certificate warning:
Clicking “View Certificate” reveals that this is a completely different certificate than what is installed on the SBS server.
To resolve this, you need to update the host A record to point to the correct IP. You can launch nslookup from any machine that can query both external and internal DNS to check the IP address that the autodiscover record points to:
C:\Users\admin>nslookup
> autodiscover.contoso.com
Name: autodiscover.contoso.com
Address: x.x.x.x
You should query both the SBS server and an external forwarder to and compare the results; it is possible that the public zone is registered in both places. Also make sure there is no conflicting wildcard record registered for you domain.
SCENARIO 3: This scenario can occur internally with domain joined clients. A problem communicating with the Autodiscover virtual directory on the SBS 2008 server causes the client to seek the service elsewhere using DNS, where the above two scenarios can then occur.
The client initially queries Active Directory and retrieves the proper URL, but there is a communication problem with the directory itself. A recent example experienced by a customer occurred when the Autodiscover virtual directory was incorrectly configured to require client certificates during authentication, triggering the failure. The client then resolved an Autodiscover record on the internet that should not have been registered, and they received the mismatch error.
Resolving the DNS configuration in this scenario is the same as in the above scenarios. Fixing the communication problem with the virtual directory will involve troubleshooting both IIS and Exchange to varying degrees of depth and may require the help of Microsoft Product Support Services.
One tool that you can use is the “Test E-mail AutoConfiguration” feature that is built into Outlook 2007. It will generate a debug log of each connection attempt and the result. To access it, right-click the Outlook icon in your notification area (it will only launch if you have an Outlook profile configured already).
Using this log, we can see exactly how Outlook attempts to locate and connect to the Autodiscover URL. In the example specified above, the correct URL that Outlook found in Active Directory returned 0x80072F0C (ERROR_INTERNET_CLIENT_AUTH_CERT_NEEDED). Then it failed back to check domain.com and autodiscover.domain.com for the service using SSL, which is where the certificate warning was received because an Autodiscover Host A record was registered publicly:
Special thanks to Susan Bradley for creating a new feed on Twitter for the blog. You can now follow http://twitter.com/SBSblog and receive tweets any time the blog is updated.
[Today’s post comes to us courtesy of Mark Stanfill]
The SBS Add a Trusted Certificate wizard may fail to display a certificate that is correctly installed in the certificate store if the subject field of the certificate is missing. This happens because some third-party certificate authorities (CAs) issue certificates with a blank subject. The Subject Alternative Name field is used to designate the fully qualified domain name (FQDN) of the certificate instead. This article documents how to manually install these types of certificates.
The behavior that you will see is that the certificate will be correctly installed in the computer’s personal certificate store, but will not show up in the Add a Trusted Certificate Wizard. In the example screenshots below, the external URL being published is remote.contoso.com.
Workaround
To use the certificate, you will need to manually assign it to the web site in IIS. The instructions below assume that the certificate Subject Alternative Name matches the Internet Domain Name on the Network\Connectivity tab of the Windows SBS Console. If the name does not match, first run the Internet Address Management Wizard (IAMW) by clicking on the Set up your Internet address link in the console. This will assign a self-signed certificate temporarily, but also makes other important configuration changes.
Use these steps to assign the certificate:
1. Log on to the SBS server as an administrator and launch the Internet Services Manager (IIS Manager) console.
2. Select the SBS SharePoint site and click on Bindings…
3. Select https and click Edit…
4. Select your certificate from the drop-down list under SSL certificate:. Click View… to verify that the certificate is correct based on the Subject Alternative Name field, issuer, etc.
5. Repeat steps 2-4 for the SBS Web Applications SSL binding on port 443.
6. Obtain the thumbprint of the newly installed certificate by opening an elevated Exchange Management Shell prompt and typing the command Get-ExchangeCertificate. The newly installed certificate should have no services assigned to it. Verify the thumbprint value from Exchange Management Shell against the properties of the actual certificate.
7. Copy the certificate thumbprint from step 6 and run the command
Enable-ExchangeCertificate -Thumbprint <THUMBRPINT> -Services "POP, IMAP, IIS, SMTP"
Where <THUMBRPINT> is the actual thumbprint. When prompted to overwrite the existing services, answer A for all.
8. Verify the Terminal Services Gateway certificate settings. Launch the TS Gateway Manager from START\All Programs\Administrative Tools\Terminal Services\TS Gateway Manager. Right-click on the SBS server name and choose Properties. On the SSL Certificate tab, click on Browse Certificates… and select the appropriate certificate.
Please visit Sean Daniel’s blog at the following link for information on what labs are available and how to get started:
http://sbs.seandaniel.com/2009/11/windows-sbs-2008-hands-on-labs.html
[Today's post comes to us courtesy of Shawn Sullivan]
In Exchange 2007, anti-spam processing is performed by a series of Transport Agents. All Exchange 2007 anti-spam Transport Agents, except for Attachment Filtering, are enabled during SBS Setup. Because Attachment Filtering is only available on the Edge Transport role, SBS 2008 gives you the option to install a 120 day trial version of Forefront Security for Exchange during setup, which provides this service as well as anti-virus processing. Out of the box, SBS 2008 offers strong protection against spam while minimizing false positives. However, it is open to customization as determined by the needs of your organization.
The following is an example of the Exchange PowerShell command Get-TransportAgent from a default installation of SBS 2008:
NOTE: The Transport Rule Agent, Journaling Agent, and the AD RMS Prelicensing Agent are configured by default but do not perform anti-spam processing.
SBS 2008 also configures Exchange to automatically update the anti-spam Transport Agents from Microsoft Update. New versions are published every two weeks. This process occurs independently of WSUS.
IMPORTANT: In order to download update definitions for anti-spam, you are required to have either an Exchange 2007 Enterprise CAL for each user mailbox or a Forefront Security for Exchange license. If you have not purchased a Forefront Security for Exchange license before the 120 trial period expires, your anti-spam agents will no longer be updated. You will be notified in both the Windows SBS console and the Forefront Security console when the trial has expired.
Get-AntispamUpdates
Anti-Spam Agents by Priority (First to Last)
Connection Filtering consists of the IP Allow List, Block List, and the online service provider for both. It is enabled by default, but the lists are blank. This is open for your customization. IP addresses that are explicitly allowed through this filter will bypass all subsequent anti-spam processing. Those that are blocked will be unable to submit email to the server.
To add entries to the IP Allow and IP Block List, expand Server Configuration > Hub Transport > Anti-Spam:
To add entries to the IP Allow and IP Block List Providers, expand Organization Configuration > Hub Transport > Anti-Spam:
For more information on adding providers, see http://technet.microsoft.com/en-us/library/bb124369.aspx
Content Filtering is responsible for stamping each email message that traverses the transport pipeline with a Spam Confidence Level (SCL ) value, which ranges from -1 (trusted internal servers) to 9 (highest probability of spam). By default, messages that have an SCL of 7 or greater are rejected, which will inform the sender of the failure through a 550 5.7.1 error upon submission. No custom words or exceptions are configured by default; however you may add these as needed. You may also change the SCL threshold and the action taken when it is met or exceeded:
Sender ID Filtering will query public DNS against every connecting SMTP server and check for the existence of a Sender Policy Framework (SPF) record. Essentially, SBS will use this record to compare the SMTP domain sent during MAIL FROM and the IP Address that the connecting SMTP server is using. If the IP address is not on the list of acceptable sending servers for the SMTP domain, the Sender ID Filter will stamp this failure on the message, which is then taken into consideration by the Sender Reputation Filter (see below):
For more information on the Sender Policy Framework, see http://www.microsoft.com/downloads/details.aspx?familyid=D8A174B1-697C-4AEA-9C92-2E70A013C30B&displaylang=en
To verify or create an SPF record for your domain, use the following http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/
Sender Filtering is set to block messages from blank senders by default. You may add individual senders or entire domains to this list as needed:
Recipient Filtering is set to block messages sent to recipients who are not in the Global Address List. Exchange will inform the sending SMTP server, upon the RCPT TO command, that the recipient is invalid. You may choose to add further recipients who are in the GAL to this list:
Sender Reputation Filtering (Protocol Analysis Agent) builds a confidence profile of each sending server based on the following tests:
- Passing or failing the Sender ID check
- Analysis of the EHLO/HELO statement for signs of forgery. This includes frequently changing domain names from the same IP, passing an IP address in the statement that does not match the connecting IP, or passing a domain name that appears to be in the same internal Exchange organization but is coming from a remote server.
- An SCL history of messages sent from a particular IP Address.
- A reverse DNS lookup is performed to determine if the PTR record for the connecting IP Address matches the domain name submitted during EHLO/HELO.
- An open relay test is performed by Exchange through the connecting SMTP server
All of this information is combined to form Sender Reputation assignment level from 0 (minimum) to 9 (maximum). By default, sending IP Addresses who meet or exceed 7 will be added to the IP Block list for 24 hours. If after 24 hours the sender is flagged at 7 or higher, they will again be added for another 24 hours.
Special consideration must be taken when your email is hosted at another location or processed by an SMTP gateway. The following post will explain the action you must take to prevent Sender ID/Sender Reputation from blocking the hosting IP addresses as they submit mail to your server: http://blogs.technet.com/sbs/archive/2008/11/24/how-to-setup-Anti-Spam-in-exchange-2007-when-using-a-mail-hosting-company.aspx
Forefront Security for Exchange Routing Agent details will be included in an upcoming blogpost.
How to Monitor Agent Activity
Dedicated logging for Transport Agent activity is kept in “%ProgramFiles%\Microsoft\Exchange Server\TransportRoles\Logs\AgentLog”. There is no GUI reporting provided by Exchange for the data contained in these logs. However, you can view them in Notepad, Excel, or if you are feeling adventurous you can try Log Parser:
http://msexchangeteam.com/archive/2007/11/28/447598.aspx
Junk Email and SCL Thresholds for Outlook
By default, the global SCL threshold for junk email for all Outlook users is 8 (NOTE: On SBS 2008, only Outlook 2000 SP3 and higher clients are allowed to connect to Exchange). However, any messages that receive a 7 or higher will be rejected by the Content Filter before they reach the mailbox. To display the current setting, use the Get-OrganizationConfig | fl SCLJunkThreshold command. To adjust this value between 0-9, use the Set-OrganizationConfig –SCLJunkThreshold <integer> command.
Individual SCL thresholds and actions can be configured at the per-mailbox level. Email that is not rejected, deleted, or quarantined by the Exchange Anti-Spam Agents can be further filtered by these settings. Options here are delete, reject, junk, or have the email quarantined. By default, this is not configured in SBS 2008 for any mailbox but is open for customization. Further information on adjusting these settings can be found here:
http://technet.microsoft.com/en-us/library/bb123559.aspx
NOTE: To enable Outlook to quarantine messages, you must specify a quarantine mailbox for the organization. Run the Set-ContentFilterConfig –QuarantineMailbox <MailboxEmailAddress> command from the Exchange PowerShell. It is advisable to create a dedicated mailbox for this function so you can impose a retention policy on it.
To display the current settings for all mailboxes, use Get-Mailbox | ft Name, *SCL*
Whitelists and Safelists for Senders and Domains
This can be configured at various points throughout Exchange. If the sending SMTP server’s IP address is not in the IP Allow List or listed as an internal SMTP server, it will be subject to Content Filtering, Sender-ID, and Sender-Reputation.
You can set individual whitelists on the Content and Sender ID filters. For Content Filtering, you can exclude individual senders (BypassedSenders) or entire domains (BypassedSenderDomains):
http://technet.microsoft.com/en-us/library/aa995952.aspx
For Sender ID, you can exclude entire domains (BypassedSenderDomain) and recipients (BypassedRecipients)
http://technet.microsoft.com/en-us/library/bb124506.aspx
NOTE: You cannot simply append entries to the whitelist in PowerShell. You must specify the entire list, separated by commas, in addition to the new entries.
You can also employ Safelist Aggregation to collectively pull individual Outlook safelist configuration from your user’s mailboxes for global use. This is an effective way to quickly obtain a detailed grassroots list of safe senders and reduce false positives. More information is here:
http://technet.microsoft.com/en-us/library/bb125168.aspx
[Today's post comes to us courtesy of Roderick White and Shawn Sullivan]
By design, user accounts that do not belong to the Windows SBS Fax Administrators group are not able to manage the SBS 2008 Fax queue from the Windows XP Fax Console. This is due to the enhanced fax security configuration in Windows 2008, which requires you to create a fax account through Windows Fax and Scan on Vista or Windows7 before managing the queue. This option is not available for Windows XP. However, users will still be able to send a fax from XP using applications such Notepad, Word, and Outlook.
You can expect the following behavior when opening the Windows XP Fax Console as a domain user:
- An “All fax printers are inaccessible” error is displayed at the bottom right.
- No options to manipulate fax are available from the Menu Bar.
- No faxes are displayed in the Incoming, Inbox, Outbox, or Sent Items folders.
- A connection error is shown under Tools > Fax Printer Status
You can verify that you still have the ability to send a fax by doing the following:
- Open notepad and type a test message.
- Select File > Print > Select <Fax on Server> and select Print
- Complete the Send Fax Wizard
- Verify at the remote site that the fax was received successfully.
- You can also open Windows Fax and Scan on SBS 2008, Vista, or Windows7 as Administrator after creating a fax account to verify the fax was sent. For more information on this, see http://technet.microsoft.com/en-us/library/dd346633(WS.10).aspx
We recommend that you do not change the default security configuration for SBS 2008 Fax Service. However, if decommissioning Windows XP is not an option and you require ability for users to manage and send faxes from the XP Fax Console, you can take the following action:
- Click Start > Administrative Tools > Fax Services Manager
- Right-click on the Fax(Local) select Properties
- Select the Security Tab, you will have two options:
- Select the Individual Domain User and give both Fax and Manage Fax Documents permission.
- Select the Windows SBS Fax Users group and add the Manage Fax Documents permission. User accounts created by the SBS 2008 console will be members of this group by default.
Note: User accounts that have Manage Fax Document permission will now have the same experience in the XP Fax console that they would in Windows Fax and Scan. Besides the ability to send fax, they will also see all unassigned faxes within the Inbox and see only faxes that they have sent in the Outbox and Sent Items.
[Today's post comes to us courtesy of John Bay, Richard Pulliam and Damian Leibaschoff]
When you connect to a share hosted on SBS 2003 from a Windows 7 client joined to the domain and you select “Restore previous versions” or the “Previous Versions” tab under properties of the share/folder, you get a view that shows snapshots with the incorrect time, with share names missing and that cannot be restored. if you open the contents of the snapshot you notice that you are actually viewing the CURRENT contents of the network share and NOT the stored contents of the shadow copy snapshot that is stored on the server.
This is the experience when opening the Previous Versions of a share:
And this is a sample when opening the properties of a folder inside the network share:
As mentioned before, Copy and Restore do not work as expected. Furthermore, opening the contents, shows a view of the current content.
Resolution
To correct this issue, you have to remove the following registry value from your SBS 2003 server:
Before editing the registry make sure you have a working system state backup of the server.
- On your SBS 2003 server, open REGEDIT and navigate to the following location:
HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\Parameters
- Right click on parameters and select Export.
- Once the export is completed, find the entry for DisableDownLevelTimewarp, select it and then delete it.
After deleting the mentioned key, re-test accessing the Previous Versions from your Windows 7 client. You should see the expected functionality of being able to access the existing shadow copy snapshots.
If you have XP clients, you need to make sure they have Service Pack 3 installed.
[Today's post comes to us courtesy of Damian Leibaschoff]
In the coming weeks you will notice that the SBS 2008 media will now include Windows Server 2008 Service Pack 2. This change will help improve the reliability of the newly deployed SBS servers, while at the same time, providing savings in terms of deployment time.
Other updates included with this release:
- OneCare for Small Business trial version is no longer included. Setup options and integration have been removed.
- Since the original launch of SBS 2008, the OneCare line of products has been replaced by Microsoft Security Essentials. This is a free download that is not designed for business environments, we will keep you posted on any future options for your SBS environment.
- New Migration Preparation Tool (SourceTool).
- In Join Domain (Migration) setup scenarios, the SBS 2008 setup will pause if it has detected that the Source Tool has not been completed successfully on the domain being joined.
The new Migration Preparation Tool (SourceTool)
This new tool is designed to be run on ANY type of source domain controller, not only SBS 2003. You should run this tool on the source domain controller that will be used in the migration. It is also mandatory to complete the installation and execution of the tool on the source domain for the SBS 2008 setup to continue past the pre-requirement checks. The tool itself still performs the same tasks as before, mainly these 4 tasks on the source domain (as needed based on the presence of SBS or not):
Installs update 943494 on the SBS 2003 server to extend the migration grace period from 7 to 21 days. Runs ADPREP to update the forest, domain, and group policy object access control entries. Changes Exchange 2003 from Mixed mode to Native mode. Adds the Authenticated Users group to the Pre-Windows 2000 security group. New to the Migration Preparation Tool is the ability to get updates from Microsoft during execution. We plan to add additional functionality to the tool so that it can perform health checks on the source server and domain. The additional functionality will be pushed down to the tool once it is installed by selecting the option to allow updates when launching it. We will notify the blog once new features are added.
Once all the tasks are completed, the source domain controller will be marked as ready for the migration.
The new Migration Preparation Tool can be found in the same place as before, on your SBS 2008 Standard DVD (DVD 1), under the \tools folder. An important change that needs to be noted is that the new tool has an installation package (SourceTool.MSI) while the existing one is a standalone executable. This MSI package needs to be installed on the source domain controller. The new tool must be used with the new media. The new tool will work with older media, but not the other way around. Furthermore, the new Migration Preparation Tool will be made available for download for easier access and use when only older media is present.
The main goal is to make sure that that the source domain is healthy for a successful migration. For more information regarding migrations, please read the following post <SBS 2008 Migrations from SBS 2003 – Keys to Success>
Installing the tool on the source domain controller:
<DVD #1>:\Tools
Running the tool:
Remember to always Select to “Download and install updates (recommended)”, these updates are ONLY for the Migration Preparation Tool and will include newer health checks in future updates.
Remember, this tool will now be mandatory when using the updated SBS media, so make a point of making that backup of the source server also a mandatory step.
This is the new text when running on a NON-SBS server.
How do you manage your small business through the currents of today? Between the current flu epidemic and the possibility of natural disasters occurring in your area; are you prepared for your workers to be out of the workplace, possibly for weeks? Windows Small Business Server with Remote Web Workplace can help.
This year we face a potential global workplace crisis as the Swine (H1N1) flu re-emerges. According to the Washington Post “Swine flu could infect half of the U.S. population this fall and winter…” As mentioned in the Huffington Post “Millions of businesses are developing contingency plans and continuity of operation plans to keep their businesses and operations going if and when critical employees are out…In just a few weeks, a significant number of American businesses could have their operations negatively affected by swine flu. “
We understand that small businesses are struggling with how to enable their employees to be productive especially when they are not able to physically be at the office. In this time of worldwide illness we see that many are looking to technology to create a collaborative working experience where employees can be productive no matter where they are or what device they have to engage with. Many of today’s business challenges can be greatly reduced with help from technology solutions like Windows Small Business Server with its Remote Web Workplace feature.
Remote Web Workplace (RWW) is essentially a web site page that provides a simple, single, secure entry point into your Small Business Server 2008 network. Authorized employees can connect to Remote Web Workplace using any device connected to the Internet. If you know how to surf the internet, you can use Remote Web Workplace. This means that employees can be productive from wherever they need to be not only at the office.
Is your small business prepared? Find out more about how Windows Small Business Server 2008 with Remote Web Workplace can help your business. If you’re interested, you can try SBS 2008 today for free by visiting our product site; find a Microsoft Small Business Specialist who can assist you with the planning & implementation of your Windows Small Business Server or join the SBS community on Facebook.
[Today's post comes to us courtesy of Dave Berkowitz]
We are nearing the point where Windows Server 2008 R2 is going to be unleashed on the world, providing a host of new capabilities that will help dial down costs and improve productivity.
One of the key features we’ve discussed in this blog is how Windows Server 2008 R2 and Windows 7 both offer features, primarily DirectAccess and BranchCache, for more effective and cost efficient management of remote workforces.
Most of us think of mobility as a large enterprise issue, which makes sense. After all, larger companies have the financial wherewithal to effectively plan, deploy and manage the infrastructure needed to provide employees with secure access to their email, files, company intranet or necessary applications.
But that doesn’t mean that mid-sized organizations don’t have the same or similar needs. In fact, the number of full-time employees performing their jobs remotely at least part of the time rose 39 percent from 2006 through 2008, or about 17.2 million employees, according to a recent WorldatWork study. Similarly, a majority of Microsoft Small Business Specialists said earlier this year that, despite economic conditions, they expected their SMB customers to actually increase their remote worker base this year, according to the 2009 Microsoft SMB Insight Report.
Unlike larger enterprise organizations, the challenge for small businesses is that they don’t always have the financial means, time or staffing to easily roll out a mobile solution. And the challenge for mid-sized businesses is that they don’t always have an extensive staff to quickly deploy and manage remote operations. Typically, it’s just one or two IT professionals who are over-tasked with putting out fires and running from desktop-to-desktop troubleshooting issues. Add remote access to the mix, and you’re talking a pretty incendiary situation.
Fortunately, Microsoft has a solution to address scenarios for small- and mid-sized businesses.
Drawing on Microsoft’s strength in helping customers implement technology that is familiar, easy to use and works well together, we released Windows Small Business Server (SBS) 2008, which is primarily for small businesses, and Windows Essential Business Server (EBS) 2008, which primarily serves mid-sized business. Think of these solutions as central hubs to help SMB employees connect to their information, calendars, and important business applications -- whether in the office, at a customer site, or on the soccer field. The great thing about these solutions is that we did all of the tough integration work that large enterprises often hire IT specialists to handle, so remote access is enabled as soon as you set up your server.
SBS 2008 and EBS 2008 are important parts of the Windows Server family, and we are fully committed to expanding the capabilities of these solutions to meet the needs of our SMB customers. In fact, we are currently hard at work building the next versions of Windows SBS and Windows EBS. We’ll have more on that at a later date.
The important thing to know today is that customers continue to benefit from these editions, which we released in November 2008. If you’re interested, you can try SBS 2008 today for free by visiting our product site or join the SBS community on Facebook. Similarly, you can try EBS 2008 today for free by visiting that product site or join the EBS community on Facebook.
[Today's post comes to us courtesy of Becky Lymberis]
Small business owners understand how challenging it can be to run a productive business where customers are satisfied and employees are enabled to deliver high quality service. Today’s business environment is competitive and staying ahead requires a renewed commitment to satisfying existing customers while delighting new ones. Many small business owners tell us they are working harder and longer than ever before, often sacrificing time with their family to keep their business healthy. They are always relieved to hear that there are affordable solutions that help them to increase the productivity of their business while enabling them to stay connected to everyone within their network (customers, employees and family). Windows Small Business Server 2008 (SBS) can be thought of as the central hub for the small business that helps them get connected to their information, calendars, and important business applications whether in the office, at a customer site, or on the soccer field. SBS gives people the flexibility to work from anywhere.
SBS 2008 was designed for the needs of small businesses. Many larger organizations have the skills and resources ($$$) to set up and integrate all the right things to enable their workers to have secure access to their email, files, company intranet or necessary applications. Small businesses have similar needs for remote access don’t but have the same level of resources as larger companies. Therefore we did all of the hard integration work in the SBS 2008 solution, so remote access is available immediately once your server is set up. We enable this through a really simple to use feature called Remote Web Workplace. Remote Web Workplace (RWW) is essentially a web site page that provides a simple, single, secure entry point into your Small Business Server 2008 network. Authorized employees can connect to Remote Web Workplace using any device connected to the Internet. If you know how to surf the internet, you can use Remote Web Workplace.
What does that mean for your business? With SBS 2008 Remote Web Workplace enabled you and your employees can be connected and productive even while out of the office. SBS 2008 works great with Windows phones, so you can share, update, change and manage your calendar and email, view and update proposals or documents from your mobile device. Remote workers can use the internet from any device to access business information and applications, including e-mail, shared folders and files. They can even remotely connect to their desktop computer at the office. With Remote Web Workplace, anyone who needs to be offsite can enjoy a productive experience similar to their office counterparts.
Setting your business up with the infrastructure to support remote working may become a necessary fact of life for many small businesses. Between storms, illness, telecommuting and travel there are plenty of times that your employees may be unable to get into the office. Looking toward the future consider this statistic – according to a recent WorldatWork study, the number of full-time employees performing their jobs remotely at least part of the time rose 39 percent from 2006 through 2008, that equals approximately 17.2 million employees! If you have Small Business Server 2008 with Remote Web Workplace, your employees can be away from the office and keep the business running by staying connected and productive.
Many small businesses are benefiting from a server, even those with as few as 2 to 3 PCs and SBS 2008 was designed specifically for businesses with 75 or fewer PCs or users. If you’re interested you can try SBS 2008 today for free by visiting our product site.
SBS 2008 software can be purchased through a variety of channels such as Microsoft Small Business Specialists, retailers, or preinstalled on a server. Full solutions with server hardware can be purchased through a local system builder or major OEM (Original Equipment Manufacturer) such as Dell or HP for as little as $1,299. You can visit our product site for more information on “How to Buy SBS 2008” or visit one of our partners directly.
Boost your productivity and responsiveness with Windows Small Business Server 2008,
whether you are out of the office, at home or on the road. Windows Small Business Server 2008 helps you stay plugged in and connected to your business.
We’d love to hear from you! Please join our community on Facebook.
[Today's post comes to us courtesy of Mark Stanfill, Justin Crosby, Damian Leibaschoff, and Charanjeet Singh]
While upgrading to Windows Server Update Services 3.0 Service Pack 2 (WSUS 3.0 SP2) on Windows Small Business Server 2008, you will be present with the WSUS Configuration Wizard. You should not need to make changes to any section of this wizard except for the Choose Languages section. Making a change to any other section of the wizard may break the SBS console to WSUS integration.
By default only the default operating system language is selected. You must manually select any other language you wish to support. If you are running a non- English version of SBS you MUST ALWAYS select English in addition to your native language. You must include English due to the fact that some updates are only released in English.
For example on a German (Deutsch) server:
After WSUS 3.0 SP2 installation, WSUS Server Configuration Wizard appears. The ‘Choose Languages’ (‘Sprachen auswählen’) page of the wizard only has the Server OS language (Deutsch/German) selected. You must also select English before clicking next.
Warning: Selecting a previously unused client language will download a significant amount of data and increase the size of the updates stored on disk. Do not select additional languages unless you have WSUS clients that require them.
If you made any addition changes in the WSUS configuration wizard and the SBS console gives an error please run the BPA to fix.
More Information
You must be a member of the WSUS Administrators group on the WSUS server to perform this procedure. The SBS administration account is a member of this group by default.
For more information about this see the WSUS 3.0 SP2 Release Notes.
This information in this article is also documented in the following Knowledge Base document: After upgrading to WSUS 3.0 SP2 on Small Business Server 2008 only the local operating system language is enabled.
