Category Archives: SBS 2008

Logon Type Codes in the Security Logs

With the prevalance of brute force security attempts, it is not uncommon to see EventID 529 appear often in the security logs. When a failed logon attempt is made on the network, the security logs note down the Logon Type among other information. I use this resource quite often – http://www.windowsecurity.com/articles/Logon-Types.html to work out what the codes actually mean.

 The above resource lists the various logon codes with explanations of what they are.

The most common codesI have seen are:

  • Logon Type 2 – Interactive – when someone attempts to logon to the server console.
  • Logon Type 3 – Network – when failed attempts are made inside the network to shared resources on the server. These errors coupled with IIS attempts could also mean attempts are being made on the SMTP service or HTTPS service. Unfortunately, no IP data is logged on these types of attempts. This has to be manually found from the SMTP or Web logs.
  • Logon Type 10 – RemoteInteractive – Attempted logins to Remote Desktop or Terminal Services. This is often accompanied by useful IP information, which can be used to isolate the offending attacker.

The other codes are described in the article.

Move or transfer certificates to another server

In a migration scenario, one of the key steps is to ensure that you keep your trusted SSL certificate. Self-issued certificates which were common in SBS2003 cannot be moved. However, you might need to retain the existing SBS2008 certificate when migrating to a new server.

To export a trusted certificate:

  1. On the Source Server, click Start, click Run, type mmc.exe, and then press ENTER.
  2. On the console, click File, and then click Add/Remove Snap-in.
  3. Click Add, choose Certificates from the list, click Add again, and then click OK.
  4. On the pop-up window, click Computer Account, click Finish, and then click OK.
  5. Expand Certificates, expand Personal, and then click Certificates.
  6. Right-click the certificate that is issued to your Web site (for example: remote.contoso.com), and then click All Tasks, and then click Export.
  7. In the Certificate Export Wizard, click Next.
  8. Ensure Yes, export the private key is selected, and then click Next.
  9. Ensure Include all certificates in the certificate path if possible and Export all extended properties are selected, and then click Next. Do not select Delete the private key if the export is successful.
  10. Type a password to protect the certificate file, and then click Next.
  11. Choose a location to save the .pfx file (for example, C:\trustedcert.pfx), and then click Next.
  12. Finish the wizard.

Transfer this .pfx file to the new server. To import the trusted certificate:

  1. On the Destination Server, click Start, type mmc.exe, and then press ENTER.
  2. On the console, click File, and then click Add/Remove Snap-in.
  3. Choose Certificates from the list, and then click Add.
  4. On the pop-up, select Computer Account, click Finish, and then click OK.
  5. Expand Certificates, expand Personal, and then click Certificates.
  6. Right-click Certificates, click All Tasks, and then click Import.
  7. On the Certificate Import Wizard Welcome page, click Next.
  8. Browse to the location of the saved .pfx file, and then click Next.
  9. Type the password that you typed in the Export procedure, ensure that Mark this key as exportable and Include all extended properties are selected, and then click Next.
  10. Ensure that the certificate will be imported to the Personal folder, and then click Next.
  11. Finish the wizard.

Once the trusted certificate has been imported to the new server, you can run the Add a Trusted Certificate wizard, and select the installed certificate.

For more information, refer to the following Technet article – http://technet.microsoft.com/en-us/library/cc527486(WS.10).aspx

Small Business Server 2008 – Migration Resources

I keep having to refer people to this site, so I might as well publish the link here.

http://social.technet.microsoft.com/wiki/contents/articles/small-business-server-2008-migration-resources.aspx

This is an excellent resource when considering your options for a SBS2003 to SBS2008 migration. And I would definitely recommend Jeff Middleton’s Swing Migration as it provides a relatively risk free migration path that doesn’t leave you in a crisis should a problem surface during the migration.

IT Security revisited

I was just reminded of the 10 Immutable Laws of Security (http://technet.microsoft.com/en-us/library/cc722487.aspx)

Law #1: If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore Continue reading IT Security revisited

Exchange 2007 stops receiving external emails

On many of my early installations of SBS2008, I had the unfortunate situation of not allocating enough hard drive space on the C: drive. My opinion has always been to move data and other system information out of the C: drive to other drives, and keeping the C: drive to a reasonably small size. I though that size was 60GB. I was wrong. I would recommend setting the C: drive to at least 80GB or more.
 
However, if you do have a 60GB partition on the C: drive, one of the first signs of trouble is when the free space on C: drops below 2GB. Exchange 2007 stops receiving external emails. This is caused by a condition known as Back Pressure. This is described in more detail here – http://technet.microsoft.com/en-us/library/bb201658(EXCHG.80).aspx
 
The easiest way to remedy this situation is to immediately free up disk space. Fortunately, there are some great articles on how to do this.
Other things, which should have already been done via the SBS Console is moving the Exchange database, Windows Update Repository and Sharepoint database out of the C: drive. They can be found here.
 
 

Adding network locations to Windows7 Libraries on a SBS Domain

With the plethora of Windows 7 laptops and PCs connecting to the SBS networks, one of the new features – Libraries – is causing some problems. The issue is the inability to add a network location to the libraries unless the network location is cached using offline files. This caused some problems for me and for some of my clients. Perfectly normal 80GB-160GB hard drives were running out of space, due to the large amount of network information being cached. This also caused some slow network connection issues as the offline files were cached and maintained.
 
For SBS2003, the solution is solved by installing Windows Search 4.0 on the server. It is an automatic update, or can be manually downloaded here – http://download.microsoft.com/download/2/5/0/250db18d-30b9-4129-b2ce-282bc2f65c1f/WindowsSearch-KB940157-Srv2K3-x86-enu.exe
 
The Microsoft Search 4.0 product page can be found here – http://www.microsoft.com/windows/products/winfamily/desktopsearch/default.mspx
 
For SBS2008, there was no option to install this, as it was not supported. There is another similar product from Microsoft called Microsoft Search Server Express, which works for Windows 2008 servers. DO NOT USE THIS on SBS2008, as it will cause issues, particularly with Sharepoint.
 
The solution for SBS2008 was provided in a recent blog by the SBS team – http://blogs.technet.com/sbs/archive/2010/04/05/find-items-faster-with-windows-search-and-libraries.aspx
Turns out that it was right under our noses all the time, but not switched on.

SBS2008 Repair Guides

There is an excellent technical guide on fixing up problems that might be encountered while running SBS2008. I recently used the information on one of these guides to fix up an Exchange issue.
 
 
Contents from the guide are:
  • Manage Windows Small Business Server 2008 applications
  • Repair access of administrator account to Windows SharePoint Services
  • Repair client deployment issues
  • Repair e-mail anti-spam software
  • Repair e-mail programs and Microsoft Exchange Server services
  • Repair folder redirection and shares
  • Repair Forefront Security for Exchange Server
  • Repair Microsoft Exchange Server roles in Windows Small Business Server 2008
  • Repair monitoring and reporting features in Windows Small Business Server 2008
  • Repair Office Live for Windows Small Business Server 2008
  • Repair Remote Web Workplace
  • Repair the Move Exchange Server Data task
  • Repair the POP3 Connector
  • Repair the Windows SBS 2008 Console
  • Repair Users and Groups features
  • Repair Windows Live OneCare
  • Repair Windows Server Backup
  • Repair Windows Server Update Services
  • Repair Windows SharePoint Services
  • Repair Windows SharePoint Services after moving the databases
  • Synchronize the DSRM Password with the Windows SBS 2008 Network Administrator Password
  • How to reinstall the Certification Authority role

Setting Message Size Limits in Exchange 2007

I received an email from a client a few days ago.
 
“Does the server have a limit on the size of emails it will accept? I seem to recall a 5mb limit.
Can I ask that we review this in the light of modern ways of doing things whereby we send large files, audio and video, via email?”

 
For many organizations, a limit is imposed on attachments in emails to “save bandwidth” since data is counted for broadband in Australia. I found an excellent blog which listed the various places to look at when making changes to enable attachments beyond the default 10MB limit which is set in SBS2008.
 
All these options are located in the Exchange Management Console.
 
1. Setting Organizational Limits. This affects the global settings. In an organization with multiple servers, this will affect all servers. Open up properties for Transport settings as shown. Change the settings as required.
 
2. Setting Receive Connector limit. This affects incoming messages received by the server. Change the desired Receive Connector properties.
     a. Default SBS – For internal client connections
     b. Windows SBS Internet Receive SBS – For incoming emails outside the network
 
3. Send Connector limit. This setting affects outgoing emails. Edit the settings for the Windows SBS Internet Send SBS connector.
 
4. Mailbox limit. Finally, if you really want to, you can set a user to have additional settings, different to the organizational limits. Note that this only affects internal messages. not external incoming or outgoing messages. Change the properties for the Message Size Restrictions (which is not set by default).

Auto Login to PC after restart

Sometimes, there are background processes and application that need the user to be logged on to the PC before they will run. On a domain PC, this is normally not possible. However, you can modify the registry to enable this. NOTE: the password will be clearly seen.
 
 
In regedit, navigate to HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
 
Add or modify the key, AutoAdminLogon (String) to 0
Enter in the user credentials in the three keys – DefaultDomainName, DefaultUserName, DefaultPassword.
 

Slow network logon

I came across two excellent troubleshooting articles to investigate why you might be experiencing slow network logons.