Category: SBS 2008

SBS 2008 migration, Exchange installed partially

The time has come for the first but definitely not the last post of 2010. I’ll kick off this year by writing a rather long and describing post about what seems to be a unique never the less strange problem when migrating a Small Business Server 2003 to 2008. Anyone that has done this migration know that when everything is done and the new SBS 2008 boots up to the actual desktop for the first time you want nothing but all green lights in the migration status report.

In this particular case it stated that Exchange Server 2007 did not install, which is not a good thing when it comes to SBS 2008. To my surprise I learnt that it was actually installed but only the hub transport role. The mailbox role and the client access role hadn’t been installed during the SBS 2008 installation/migration. Not good, indeed not good at all was my initial thought.

After trying to manually install the roles it instantly worked fine to install the mailbox role but the client access role kept on failing with the below error message.

Summary: 1 item(s). 0 succeeded, 1 failed.
Elapsed time: 00:00:13

Client Access Role
Failed

Error:
Exchange server "SERVERNAME
DEL:e576abbf-e823-43f2-8c4a-53ec5e551dbd" was not found. Please make sure you have typed it correctly.

So after doing some research it seems that the offline address book of the Exchange Server 2003 is the crook which has lead to the migration process not installing Exchange Server 2007 correctly on the SBS 2008. Simply deleting the offline address book was the only way I could get the client access role to install in the Exchange Server 2007 on the SBS 208 machine.

After everything eventually was installed it didn’t take long before I realized that SBS 2008 keeps OWA and TS Gateway web services in its own web site in IIS called SBS Applications which Exchange is unaware of. This meaning we still have a corrupt and not so useable Exchange OWA, ActiveSync etc as Exchange per default install the web services in the web site called Default web site.

After doing a manual move of most parts it kept on failing on the virtual directories for EWS, OBA and AutoDiscover with an error message indicating that they were already in the SBS Applications web site. After a look in the applicationHost.config (located in the %SYSTEMROOT%\System32\inetserv\config folder) file it turned out that these virtual directories were listed under SBS Applications instead of the Default Web Site, should they be there at all.

All was well after first uninstalling the client access role in the Exchange, manually deleting the lines corresponding to EWS, OAB and AutoDiscover in the applicationHost.config file and after installing the client access role again and finally running the powershell script provided by Microsoft at step3 on http://technet.microsoft.com/en-us/library/dd767439(WS.10).aspx the problem was fixed.

Whatever the problem with the address book was I guess we will never know. At least I hope this little post can help someone in a similar situation when migrating to SBS 2008.

When to troubleshoot blue screen crashes

The other day I got an email from a blog reader which contained the information of a successful analyze of a memory dump file which is generated when an infamous blue screen of death occur. The reader wanted me to give him the solution or point him in the direction of a solution. This got me into thinking. When is it worth putting time on doing blue screen analyzes?

The content of the crash dump is maybe not that relevant after all. What is more important is how often and when the blue screen of death occurs. If the crash occurred just once or very seldom and randomly I would say that it might not be worth finding out exactly what caused the crash. Keep in mind that a blue screen could indicate a hardware failure, although driver problems are the most common cause for crashes.

However if the crashes occur often or at when doing specific tasks you have all the reasons in the world to get to the bottom of the problem. In these cases I recommend following the guide for troubleshooting blue screen crashes.

An interesting thing to note about blue screens that start occurring after for instance upgrading the OS from Windows XP to Windows Vista or Windows 7 is that the new memory management in the later operating systems might reveal problems in the memory modules that did not show when using Windows XP.

Finally, whenever having problem with blue screens of death I would recommend upgrading the machine BIOS. Often there are compatibility and stability fixes which solves problems with hardware which might be causing you the problems you are experiencing.

Problem logging into computers using SBS 2008 RWW?

A few months ago I did some troubleshooting on Remote Web Workplace in Small Business Server 2008. The problem was with users being able to login to the RWW portal but when they tried to authenticate to their computer or Terminal Server via the Remote Web Workplace they just couldn’t login to the machines.

The simple solution to this problem was to activate Windows Authentication on the RPC virtual site of SBS Applications in the Internet Information Services Manager console.

The reason I am writing this is that some time ago I helped another user which experiences the same problem and if you ever encounter it you now know what to do to solve it.

HOW TO: Clean out Windows\Installer folder correctly

When disk space is running out on a system disk, may it be on a server or a client, there are certain things to clean out. One of them being the %SYSTEMDRIVE%\Windows\Installer folder. You cannot under any circumstances delete files from this folder manually as this not only may but most likely will break software that is installed using MSI files, or Windows Installer files.

The %SYSTEMDRIVE%\Windows\Installer folder is a cache for installation files and patches (MSP files) and removing those will cause you to not being able to repair or uninstall applications, and in some cases not removing patches or applying new patches to software. In the event when you actually did delete this cache you can rebuild the files you need manually by extracting the files from original installation media, from patch packages etc but this is a time consuming and not that easy task to accomplish.

But let me get to the point. If you do want to free disk space you can clean out the %SYSTEMDRIVE%\Windows\Installer folder by downloading Windows Installer Cleanup Utility (NOTE: This tool has been retired and is no longer available from Microsoft) and then running the command

msizap.exe G!

When running this, the installer and patch packages are enumerated and unreferenced packages are considered to be safe to delete and are thereby also deleted. Depending on the age of the system and the number of applications installed, this action can free a significant amount of disk space.

Run companyweb on port 443 in SBS 2008

In Small Business Server 2003 the standard port for companyweb was 444 but for Small Business Server 2008 this changed to port 987. A major problem in some cases is the fact that many companies are very restrictive when it comes to having ports open in their firewalls. This makes companyweb useless for many users. The solution is to put companyweb on the same port as the site SBS Web Applications, port 443 which is open in almost all firewalls out there.

This is achieved by running the below command from the directory \inetpub\adminscripts. Note though that you have to put in the ID of the SBS SharePoint site which can be found by marking “Sites” in IIS Manager.

cscript.exe adsutil.vbs set /w3svc/<IDFORSBSSHAREPOINT>/SecureBindings
":443:companyweb.contoso.com"

After running this command and restarting the web service the companyweb can be reached by browsing to the address https://companyweb.contoso.com. There might be some problems with for example page not displaying without adding default.aspx or browsing document libraries so do not forget to also change the alternate access mappings. This is done in SharePoint Central Administration > Operations > Global configuration > Alternate access mappings. Change the entry which points to the site with port 987 and instead enter the name as you did for companyweb.contosoe.com in the above command.

Mysterious error/warning in SBS 2008 BPA

When running the Best Practice Analyzer on a Small Business Server 2008 some time ago I received a critical error:

DNS A resource record points to incorrect IP address
The host (A) resource record points to the incorrect IP address 192.168.0.10192.168.0.17. The record should point to 192.168.0.10.

As we can see the two IP addresses have mysteriously become one. The first being the IP address of the SBS 2008 server and the second one being the RAS IP address. The BPA team gave the following answer:

That is an issue we are looking into, and it appears to be a possible issue with how the object processor is doing the DNS check.  At this point, a possible workaround (if you are having this show up in the Other Alerts of the SBS Console) would be to schedule a task to run at say 2:04am to do a “net stop remoteaccess ” then another task that runs at say 2:07 am to do a net start remoteaccess.  The SBS 2008 BPA by default should be scheduled to run at 2:05am when it is integrating in with the SBS console. If the second IP address listed is the IP address of the dial-in interface of RRAS then you should be able to ignore that error.

Gain access to Operations and Application Management in SharePoint in SBS2008

Some time ago I migrated a client’s Small Business Server 2003 to a Small Business Server 2008. When migrating their WSS 2.0 SharePoint from the old server to the new one I ran into some problems. I just could not get access to the Operations or Application management in SharePoint Central Administration, with the  below event logged.

Log Name:      Application
Source:        ASP.NET 2.0.50727.0
Date:          2009-02-26 13:23:42
Event ID:      1314
Task Category: Web Event
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      CONTOSOSRV02.Contoso.local
Description:

Event code: 4007
Event message: URL authorization failed for the request.
Event time: 2009-02-26 16:21:50
Event time (UTC): 2009-02-26 15:21:50
Event ID: 0087e3fc2a3440178e6a801602c514f7
Event sequence: 113
Event occurrence: 6
Event detail code: 0
 
Application information:
    Application domain: /LM/W3SVC/1899589246/ROOT-1-128801351457937683
    Trust level: WSS_Minimal
    Application Virtual Path: /
    Application Path: C:\inetpub\wwwroot\wss\VirtualDirectories\4721\
    Machine name: CONTOSOSRV02
 
Process information:
    Process ID: 7888
    Process name: w3wp.exe
    Account name: CONTOSO\Administrator
 
Request information:
    Request URL: http://contososrv02:4721/_admin/operations.aspx
    Request path: /_admin/operations.aspx
    User host address: ::1
    User: CONTOSO\tempadmin
    Is authenticated: True
    Authentication Type: Negotiate
    Thread account name: CONTOSO\tempadmin

After doing som troubleshooting I got everything working by editing the web.config file of the C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\TEMPLATE\ADMIN directory. I simply added the line below to the file, saved it and then I could access the Operations and Application Management of SharePoint Central Administration.

<allow roles="CONTOSO\WSS_ADMIN_WPG" />

Case closed!

Solution to have multiple SSL sites on port 443 in IIS

Today I faced a problem where I had to put different sites in IIS on the same SSL port which by default is 443. As you might know you cannot set more than one web site to use port 443 in the GUI of IIS Manager, and you can neither specify different host headers there. However you can put more than one web site on the SSL port by using the command line script as stated below. Run it from C:\inetpub\adminscripts but before you do, find out what the identifier for the site you want to enable SSL for is by clicking on “Web sites” in IIS Manager.

cscript.exe adsutil.vbs set /w3svc/1/SecureBindings
":443:intranet.contoso.com"

Make sure that the above command is put and run on one line and you are done. Please note that if you do not have a wildcard certificate installed (*.contoso.com) you will receive certificate warnings for one of the sites, as the certificate name will not match the host name.