Older Entries »

Filtering and Managing Event Alerts in SBS Reporting

By BoonTee,on January 17th,2012%

The SBS Teem have released a Powershell commandlet that will allow you to fine tune and manage the reporting and alerting functions in SBS 2008 and 2011. There are a number of alerts that can be safely ignored and yet persist in the event alert reports,which often cause anxiety and uneccesary concern. This commandlet will allow you to configure and specify which alerts to ignore,thus providing less noise to work through in order to see the important alerts more clearly.

The blog provides more information here –http://blogs.technet.com/b/sbs/archive/2012/01/16/managing-event-alerts-in-your-reports-an-sbs-monitoring-feature-enhancement.aspx

Leave a comment   Fixes,SBS 2008,SBS2011

Windows SBS Migration resources

By BoonTee,on June 25th,2011%

Microsoft have out out a page with all Microsoft Migration resources within a click’s reach here –http://technet.microsoft.com/en-us/sbs/gg981878

The page covers:

Migrate to Windows Small Business Server 2011 Standard

  • from Windows SBS 2003
  • from Windows SBS 2008
  • from Windows SBS 2011 Standard to new hardware

Migrate to Windows Small Business Server 2011 Essentials

  • from Windows SBS 2003
  • from Windows SBS 2011 Essentials to new hardware

Migrate Exchange Server mailboxes and mailbox data to the Cloud

  • Migrate All Mailboxes to the Cloud with a Simple Exchange Migration
  • Migrate a Subset of Mailboxes to the Cloud with a Staged Exchange Migration

Move Microsoft SharePoint Foundation 2010 databases to Windows Small Business Server 2011 Premium Add-on

Migrate to Windows Small Business Server 2008

  • from Windows SBS 2008 to new hardware

It also includes links to the Best Practices Analyzers and to the Forums and to the Windows SBS Blog.

Leave a comment   SBS 2008,SBS2011,Useful Links

What is in the SBS BPA?

By BoonTee,on June 22nd,2011%

The SBS Best Practices Analyzer (BPA) is a tool that collects information about your server and analyzes this information to produce a report on how you can configure the server to perform better. It is not a comprehensive 100% check of the entire system. It checkes your server against a specific set of configuration rules and reports when these rules are not properly followed.

A write up about the BPA can be found here –http://blogs.technet.com/b/sbs/archive/2011/04/08/introducing-the-windows-server-solutions-bpa.aspx

The following is a list of checks that the BPA does for SBS 2011 (from http://blogs.technet.com/b/sbs/archive/2011/04/25/windows-server-solutions-bpa-checklist.aspx)

Small Business Server 2011 Standard Edition

Checks the following service’s start mode:

  • DNS Client – DNSClientStartModeSection
  • DHCP Client – DHCPClientStartModeSection
  • IIS Admin Service – IISAdminStartModeSection
  • Remote Registry – RemoteRegistryStartModeSection
  • Remote Desktop Gateway – TSGatestartModeSection
  • Windows Update – AutoUpdatestartModeSection
  • Distributed Transaction Coordinator – DTCStartModeSection
  • Netlogon – NetlogonStartModeSection
  • DNS Server – DNSServerStartModeSection
  • Windows SBS Manager –SBSMgrstartModeSection

Checks that the following services are started:

  • DNS Client – DNSClientStartedSection
  • Windows Update – AutoUpdatesStartedSection
  • DHCP Client – DHCPClientStartedSection
  • IIS Admin Service – IISAdminStartedSection
  • World Wide Web Publishing Service – W3SVCStartedSection
  • Remote Registry – RemoteRegStartedSection
  • Remote Desktop Gateway – TSGateStartedSection
  • Windows Time – W32TimeStartedSection
  • Distributed Transaction Coordinator – DTCStartedSection
  • Netlogon – NetlogonStartedSection
  • DNS Server – DNSServerStartedSection
  • Windows SBS Manager –SBSmgrStartedSection

Checks the following service’s logon account:

  • DNS Client – DNSClientStartNameSection
  • Windows Update – AutoUpdatesStartNameSection
  • DHCP Client – DHCPClientStartNameSection
  • World Wide Web Publishing Service – W3SVCStartNameSection
  • Remote Desktop Gateway – TSGatewayStartNameSection
  • Windows Time – W32TimeStartNameSection
  • Distributed Transaction Coordinator – DTCStartNameSection
  • Netlogon – NetlogonStartNameSection
  • DNS Server – DNSServerStartNameSection
  • Windows SBS Manager –SBSMgrStartNameSection

Other Checks:

  • SKUsFoundSection – Returns the Operating System Platform name
  • PingDefGtwySection – Checks to see if the server is not able to ping the default gateway
  • PingDefGtwyOKSection – Checks to see if the server is able to ping the default gateway
  • Check2IPsSection – Checks to see if there are multiple IP addresses on the network card
  • IPFilteringSection – Checks to see if IP Filtering is enabled
  • HyperVSection – Checks to see if the Hyper-V role is installed
  • IPv6Section – Check to see if IPv6 appears to be improperly disabled
  • KernelAuthEnabledSection – Check to see if Kernel Mode Authentication is enabled in the applicationhost.config for IIS

Small Business Server 2011 Essentials

Checks the following service’s start mode:

  • DNS Client – DNSClientStartModeSection
  • DHCP Client – DHCPClientStartModeSection
  • IIS Admin Service – IISAdminStartModeSection
  • World Wide Web Publishing Service – W3SVCStartModeSection
  • Remote Registry – RemoteRegistryStartModeSection
  • Remote Desktop Gateway – TSGatestartModeSection
  • Windows Time – W32TimestartModeSection
  • Windows Update – AutoUpdatestartModeSection
  • Distributed Transaction Coordinator – DTCStartModeSection
  • Netlogon – NetlogonStartModeSection
  • DNS Server –DNSServerStartModeSection

Checks that the following services are started:

  • DNS Client – DNSClientStartedSection
  • Windows Update – AutoUpdatesStartedSection
  • DHCP Client – DHCPClientStartedSection
  • IIS Admin Service – IISAdminStartedSection
  • World Wide Web Publishing Service – W3SVCStartedSection
  • Remote Registry – RemoteRegStartedSection
  • Remote Desktop Gateway – TSGateStartedSection
  • Windows Time – W32TimeStartedSection
  • Distributed Transaction Coordinator – DTCStartedSection
  • Netlogon – NetlogonStartedSection
  • DNS Server –DNSServerStartedSection

Checks the following service’s logon account:

  • DNS Client – DNSClientStartNameSection
  • Windows Update – AutoUpdatesStartNameSection
  • DHCP Client – DHCPClientStartNameSection
  • IIS Admin Service – IISAdminStartNameSection
  • World Wide Web Publishing Service – W3SVCStartNameSection
  • Remote Desktop Gateway – TSGatewayStartNameSection
  • Windows Time – W32TimeStartNameSection
  • Distributed Transaction Coordinator – DTCStartNameSection
  • Netlogon – NetlogonStartNameSection
  • DNS Server –DNSServerStartNameSection

Other Checks:

  • SKUsFoundSection – Returns the Operating System Platform name
  • PingDefGtwySection – Checks to see if the server is not able to ping the default gateway
  • PingDefGtwyOKSection – Checks to see if the server is able to ping the default gateway
  • Check2IPsSection – Checks to see if there are multiple IP addresses on the network card
  • IPFilteringSection – Checks to see if IP Filtering is enabled
  • HyperVSection – Checks to see if the Hyper-V role is installed

Windows Storage Server 2008 R2 Essentials

Checks the following service’s start mode:

  • DNS Client – DNSClientStartModeSection
  • DHCP Client – DHCPClientStartModeSection
  • IIS Admin Service – IISAdminStartModeSection
  • World Wide Web Publishing Service – W3SVCStartModeSection
  • Remote Registry – RemoteRegistryStartModeSection
  • Remote Desktop Gateway – TSGatestartModeSection
  • Windows Time – W32TimestartModeSection
  • Windows Update – AutoUpdatestartModeSection

Checks that the following services are started:

  • DNS Client – DNSClientStartedSection
  • Windows Update – AutoUpdatesStartedSection
  • DHCP Client – DHCPClientStartedSection
  • IIS Admin Service – IISAdminStartedSection
  • World Wide Web Publishing Service – W3SVCStartedSection
  • Remote Registry – RemoteRegStartedSection
  • Remote Desktop Gateway – TSGateStartedSection
  • Windows Time –W32TimeStartedSection

Checks the following service’s logon account:

  • DNS Client – DNSClientStartNameSection
  • Windows Update – AutoUpdatesStartNameSection
  • DHCP Client – DHCPClientStartNameSection
  • IIS Admin Service – IISAdminStartNameSection
  • World Wide Web Publishing Service – W3SVCStartNameSection
  • Remote Desktop Gateway – TSGatewayStartNameSection
  • Windows Time –W32TimeStartNameSection

Other Checks:

  • PingDefGtwySection – Checks to see if the server is not able to ping the default gateway
  • PingDefGtwyOKSection – Checks to see if the server is able to ping the default gateway

Windows MultiPoint Server 2011

Checks the following service’s start mode:

  • Windows MultiPoint Server Host Service –WMSSvcStartModeSection

Checks that the following services are started:

  • Windows MultiPoint Server Host Service – WMSSvcStartedSection
  • Remote Desktop Services –TermServiceStartedSection

Checks the following service’s logon account:

  • Windows MultiPoint Server Host Service –WMSSvcStartNameSection

Other Checks:

  • SRCShellAccountExistsSection – Verifies the SRCShell local account exist

You can also find the BPA for all versions of SBS from here –www.sbsbpa.com

Leave a comment   Features,SBS 2003,SBS 2008,SBS2011,Useful Links

PowerShell Not Your Father’s Command Line

By BoonTee,on May 24th,2011%

There is a great 31 part blog post on PowerShell that is in developement (part 23 of 31 at this moment). Everything you wanted to know about PowerShell and some great scripts that can be used.

The main landing page for the blog is here –http://blogs.technet.com/b/matthewms/p/powershell.aspx

Here are the titles.

Part 1 of 31:Why PowerShell?
Part 2 of 31:The Basics on How to Read PowerShell
Part 3 of 31:Where Did All the Good Cmdlets Go?
Part 4 of 31:Who Ya Gonna Call For Help?
Part 5 of 31:What’s in it for Devs?
Part 6 of 31:A Cmdlet By Any Other Name Would Be An Alias
Part 7 of 31:Conjunction Function PowerShell What Are Functions?
Part 8 of 31:Won’t You Take Me To Functiontown?
Part 9 of 31:Another Side of PowerShell Profiles
Part 10 of 31:PowerShell Protecting You From Yourself
Part 11 of 31:PowerShell Providers and You!
Part 12 of 31:PowerShell and The Registry
Part 13 of 31:The Provider Active Directory Style
Part 14 of 31:Sorry I’m Not Home Right Now,Walking into IIS Webs…
Part 15 of 31:ISE,ISE Baby…
Part 16 of 31:PowerShell Take Me Out To The Grid
Part 17 of 31:Who Wants to Manage Active Directory?
Part 18 of 31:So You Deleted A User…On Purpose
Part 19 of 31:Small Business Server,PowerShell,and Me
Part 20 of 31:Hanging with Hyper-V
Part 21 of 31:Knock Knock PowerShell Calling!
Part 22 of 31:Good PowerShell Things Come in Nifty Packages
Part 23 of 31:HUGE Announcements,Disagreements,Best Practices and A Party…Oh My!
Part 24 of 31:PowerShell Did What!?!? How to Mitigate Risk!
Part 25 of 31:Did You Know PowerShell Can Talk VMware?
Part 26 of 31:Start Spreading the News…
Part 27 of 31:It Takes a Community to Raise a Language
Part 28 of 31:What is the .NET Framework?
Part 29 of 31:Demystifying MSDN and PowerShell static syntax
Part 30 of 31:PowerShell Likes the Pretty Blue Eyes of Azure Too
Part 31 of 31:That’s a Wrap and We are Not Done Yet!

Leave a comment   Exchange,HyperV,SBS 2003,SBS 2008,SBS2011,Server 2003,Server 2008,Useful Links,Windows 7,Windows Vista,Windows XP

SBS2008 and SBS2011 Log File locations

By BoonTee,on May 6th,2011%

The following is a list of locations for key log files stored in SBS2008 as posted here –http://blogs.technet.com/b/sbs/archive/2008/10/01/key-small-business-server-2008-log-files.aspx. This also applies to SBS2011.

C:\Program Files\Windows Small Business Server\Logs

Console.logSBS Console Log
CTIW.logLogs events of the “Connect to the Internet”wizard
DCPromo_yymmdd.xxxxxx.logDCPromo that ran during SBS install
DPCW.logLogs events of the “Set up your Internet address”wizard
ERRORLOG.TXTLogs any errors that occurred during SBS setup
ExtSchemaTask.logLogs result of SBS AD schema additions
FinishSetup.logLogs the completion of the SBS 2008 install
GPOTask.logLogs the creation of the SBS Group Policy objects
olsignupwiz.logLogs events of the “Set up your Microsoft Office Live Small Business Web site”wizard
pop3connectorinstall.logInstall log for the POP3 Connector
SBSHook.logLogs hooking of SBS install shell to Windows install and runonce modification
SBSSetup.logLogs all events that occurred during SBS setup
adduser.logLogs events of the “Add a new user account”wizard
addgroup.logLogs events of the “Add a new group”wizard
CreateUserRole.logLogs events of the “Add a new user role”wizard
CopyConnectComputer.logLogs events of the “Connect computers to your network”wizard
SBCW.logLogs events of the “Configure server backup”wizard
fncw.logLogs events of the “Fix My Network”wizard
AddMultipleUsers.logLogs events of the “Add multiple user accounts”wizard
FaxRoleInstallation.logInstall log for Fax
FaxCW.logLogs events of the “Configure the fax service”wizard
MoveData.logLogs events of the “Move Exchange Server Data”,“Move Windows SharePointServices Data”,“Move User’s Shared Data”,“Move User’s Redirected Documents Data”,and “Move Windows Update Repository Data”wizards 
CIMW.log Logs events of the “Configure a Smart Host for Internet e-mail”wizard
TrustedCert.logLogs events of the “Add a trusted certificate”wizard
VPNCW.logLogs events of the “Configure a virtual private network”wizard


C:\Program Files\Windows Small Business Server\Logs\MonitoringServiceLogs

Contains logs for  SBS Monitoring and it’s associated data collection tasks


C:\Program Files\Windows Small Business Server\Logs\pop3connector

Pop3service.logPOP3 Connector log


C:\Program Files\Windows Small Business Server\Logs\WebWorkplace

W3WP.logIIS worker process log for RWW
Leave a comment   SBS 2008,SBS2011

Logon Type Codes in the Security Logs

By BoonTee,on October 13th,2010%

With the prevalance of brute force security attempts,it is not uncommon to see EventID 529 appear often in the security logs. When a failed logon attempt is made on the network,the security logs note down the Logon Type among other information. I use this resource quite often –http://www.windowsecurity.com/articles/Logon-Types.html to work out what the codes actually mean.

 The above resource lists the various logon codes with explanations of what they are.

The most common codesI have seen are:

  • Logon Type 2 – Interactive –when someone attempts to logon to the server console.
  • Logon Type 3 – Network –when failed attempts are made inside the network to shared resources on the server. These errors coupled with IIS attempts could also mean attempts are being made on the SMTP service or HTTPS service. Unfortunately,no IP data is logged on these types of attempts. This has to be manually found from the SMTP or Web logs.
  • Logon Type 10 – RemoteInteractive –Attempted logins to Remote Desktop or Terminal Services. This is often accompanied by useful IP information,which can be used to isolate the offending attacker.

The other codes are described in the article.

One comment   SBS 2003,SBS 2008,Security,Server 2003,Server 2008

Move or transfer certificates to another server

By BoonTee,on September 9th,2010%

In a migration scenario,one of the key steps is to ensure that you keep your trusted SSL certificate. Self-issued certificates which were common in SBS2003 cannot be moved. However,you might need to retain the existing SBS2008 certificate when migrating to a new server.

To export a trusted certificate:

  1. On the Source Server,click Start,click Run,type mmc.exe,and then press ENTER.
  2. On the console,click File,and then click Add/Remove Snap-in.
  3. Click Add,choose Certificates from the list,click Add again,and then click OK.
  4. On the pop-up window,click Computer Account,click Finish,and then click OK.
  5. Expand Certificates,expand Personal,and then click Certificates.
  6. Right-click the certificate that is issued to your Web site (for example:remote.contoso.com),and then click All Tasks,and then click Export.
  7. In the Certificate Export Wizard,click Next.
  8. Ensure Yes,export the private key is selected,and then click Next.
  9. Ensure Include all certificates in the certificate path if possible and Export all extended properties are selected,and then click Next. Do not select Delete the private key if the export is successful.
  10. Type a password to protect the certificate file,and then click Next.
  11. Choose a location to save the .pfx file (for example,C:\trustedcert.pfx),and then click Next.
  12. Finish the wizard.

Transfer this .pfx file to the new server. To import the trusted certificate:

  1. On the Destination Server,click Start,type mmc.exe,and then press ENTER.
  2. On the console,click File,and then click Add/Remove Snap-in.
  3. Choose Certificates from the list,and then click Add.
  4. On the pop-up,select Computer Account,click Finish,and then click OK.
  5. Expand Certificates,expand Personal,and then click Certificates.
  6. Right-click Certificates,click All Tasks,and then click Import.
  7. On the Certificate Import Wizard Welcome page,click Next.
  8. Browse to the location of the saved .pfx file,and then click Next.
  9. Type the password that you typed in the Export procedure,ensure that Mark this key as exportable and Include all extended properties are selected,and then click Next.
  10. Ensure that the certificate will be imported to the Personal folder,and then click Next.
  11. Finish the wizard.

Once the trusted certificate has been imported to the new server,you can run the Add a Trusted Certificate wizard,and select the installed certificate.

For more information,refer to the following Technet article –http://technet.microsoft.com/en-us/library/cc527486(WS.10).aspx

Leave a comment   SBS 2008,Security

Small Business Server 2008 –Migration Resources

By BoonTee,on September 4th,2010%

I keep having to refer people to this site,so I might as well publish the link here.

http://social.technet.microsoft.com/wiki/contents/articles/small-business-server-2008-migration-resources.aspx

This is an excellent resource when considering your options for a SBS2003 to SBS2008 migration. And I would definitely recommend Jeff Middleton’s Swing Migration as it provides a relatively risk free migration path that doesn’t leave you in a crisis should a problem surface during the migration.

Leave a comment   SBS 2008,Useful Links

IT Security revisited

By BoonTee,on September 4th,2010%

I was just reminded of the 10 Immutable Laws of Security (http://technet.microsoft.com/en-us/library/cc722487.aspx)

Law #1:If a bad guy can persuade you to run his program on your computer,it’s not your computer anymore Continue reading IT Security revisited

Leave a comment   Online Tools,SBS 2003,SBS 2008,Security,Server 2003,Server 2008,Useful Links

Exchange 2007 stops receiving external emails

By BoonTee,on April 20th,2010%
On many of my early installations of SBS2008,I had the unfortunate situation of not allocating enough hard drive space on the C:drive. My opinion has always been to move data and other system information out of the C:drive to other drives,and keeping the C:drive to a reasonably small size. I though that size was 60GB. I was wrong. I would recommend setting the C:drive to at least 80GB or more.
 
However,if you do have a 60GB partition on the C:drive,one of the first signs of trouble is when the free space on C:drops below 2GB. Exchange 2007 stops receiving external emails. This is caused by a condition known as Back Pressure. This is described in more detail here –http://technet.microsoft.com/en-us/library/bb201658(EXCHG.80).aspx
 
The easiest way to remedy this situation is to immediately free up disk space. Fortunately,there are some great articles on how to do this.
Other things,which should have already been done via the SBS Console is moving the Exchange database,Windows Update Repository and Sharepoint database out of the C:drive. They can be found here.
 
 
Leave a comment   Exchange,SBS 2008,Useful Links
 
 Older Entries »