Category Archives: SBS 2011

Office 365 migrations

I just spent the weekend working performing some SBS to Office 365 migrations.

Here are some useful links that make the process a whole lot easier.

Export mailboxes to PST for Exchange 2010 (SBS 2011 Standard)

Export mailboxes to PST for Exchange 2007 (SBS 2008)

Import PST files to Office 365

Enabling Autodiscover for Outlook in SBS Exchange Environments

Getting Outlook 2007 and Outlook 2010 to work with Office 365

  • The following link lists the minimum requirements needed to quickly get your Outlook desktop client running with Office 365.
  • http://www.netdummy.net/office365-client-updates.html
  • With SBS 2011, it is necessary to remove the Service Connection Point (SCP)
    • Show SCP information: Get-ClientAccessServer | Select Name, AutoDiscoverServiceInternalUri
    • Remove SCP information: Set-ClientAccessServer -Identity “[Servername]” -AutoDiscoverServiceInternalUri $NULL

Importing LegacyDN information

Problems connecting Outlook to Office 365 

AND if you happen to still be using SBS 2003 (I certainly hope not!), you can use Exmerge or Outlook to output individual mailboxes to PST. Do it soon!

Windows 10 support on Windows Server Essentials and Small Business Server

The Essentials Server team have released a blog post to highlight which client versions are supported on currently supported Windows Server Essentials and Small Business Server 2011. The blog post can be read here – http://blogs.technet.com/b/sbs/archive/2015/07/23/client-connector-availability-with-windows-home-server-small-business-server-and-windows-server-essentials-for-supported-client-os.aspx

Basically, if you need to connect a Windows 10 client to Windows Server Essentials 2012 R2, which is probably the most common scenario, you will need to perform a manual client connector installation. A fix for the server is scheduled to be released on 17 November 2015.

Another common scenario would be the joining of the client connector for a Windows 10 client to Small Business Server 2011. In this case, 2 lines need to be added to the XML file on the server, which is located at C:\Program Files\Windows Small Business Server\Bin\WebApp\ClientDeployment\packageFiles\supportedOS.xml. Add the following 2 lines.

<OS Architecture="9" RequiredProductType="1" RequiredSuite="" ExcludedSuite="512" SPMinor="" SPMajor="" Build="10240" Minor="0" Major="10" Name="Windows 10, AMD64" id="9"/>
<OS Architecture="0" RequiredProductType="1" RequiredSuite="" ExcludedSuite="512" SPMinor="" SPMajor="" Build="10240" Minor="0" Major="10" Name="Windows 10, x86" id="10"/>

Exchange TLS & SSL Best Practices

For those using Exchange on-premises (including SBS 2011), here are some best practice recommendations from the Exchange Team.

http://blogs.technet.com/b/exchange/archive/2015/07/27/exchange-tls-amp-ssl-best-practices.aspx

In a nutshell,

  • Deploy supported operating systems, clients, browsers, and exchange versions
  • Test everything by disabling SSL 3.0 on Internet Explorer
  • Disable support for SSL 3.0 on the client
  • Disable support for SSL 3.0 on the server
  • Prioritize TLS 1.2 ciphers, and AES/3DES above others
  • Strongly consider disabling RC4 ciphers
  • Do NOT use MD5/MD2 certificate hashing anywhere in the chain
  • Use RSA-2048 when creating new certificate keys
  • When renewing or creating new requests, request SHA 256-bit or better
  • Know what your version of Exchange supports
  • Use tools to test and verify
  • Do NOT get confused by explicit TLS vs. implicit TLS
  • (For now) Wait to disable TLS 1.0 on the Exchange server

Windows 7, 8.1, 10, SBS and Essentials Client Conntector – What works, and what doesn’t

The Essentials Server team have just published a blog post which gives you an at-a-glance look at what features are supported and not supported with the six current (and recently past) SBS and Essentials SKUs.

Read the blog post here – http://blogs.technet.com/b/sbs/archive/2015/07/23/client-connector-availability-with-windows-home-server-small-business-server-and-windows-server-essentials-for-supported-client-os.aspx

Top Support Solutions for Windows Small Business Server 2011 Standard

Pointer to the SBS Team blog on the top issues faced and corresponding resolutions for SBS 2011. This is a useful reference – http://blogs.technet.com/b/sbs/archive/2014/02/18/top-support-solutions-for-windows-small-business-server-2011-standard.aspx

The links are repeated here in case the page disappears.

Active Directory and Directory Services

Client Computers issues    

Internet Information Services (IIS)

Licensing

Mail flow issues

Network and Web Connectivity

Reliability and Performance

Small Business Server (SBS) Components

Microsoft SQL Server

Installation and Migration

 

Migrating Email from SBS Exchange to Office 365

In the past few months, I have been working with some clients on moving their existing Small Business Server (SBS) systems over to the Microsoft cloud based Office 365 email system. There are a number of issues and possible gotchas in making this transition which will be discussed here. Note that this blog post is targeted to the small business community with existing SBS 2003, SBS 2008 or SBS 2011 deployments that are looking to move their email services to Office 365, while maintaining their existing network. We will not be considering Office365 migration method in this move as the costs and complexity of implementing this in a small business are prohibitive.

The pre-requisite when performing such a migration, is to plan and work out a migration path for email services. Questions to be considered are:

  1. Do we need to migrate all the old email data, or should some be archived?
  2. Are there old accounts that can be decommissioned?
  3. What distribution groups and contacts need to be migrated across?
  4. Are there any Send As and Send on Behalf of permissions that need to be addressed?
  5. Are there individual permissions on Calendars and Folders that need to be recreated?
  6. How will we move the old email data from Exchange on premises to Office 365?

Moving Email data from On-premises Exchange to Office 365

Central to the entire issue is retaining old emails and settings. There are a number of ways to move the data across to Office365.

  • Export-Import. This method involves exporting the current emails to PST and re-importing them into Office 365 once Outlook has been configured.
  • Migrationwiz.com is a fast and easy way to move mailboxes at a low cost.
  • Office365 Migration wizard. This is a built in tool from Microsoft to help in performing a migration from on-premises Exchange. It requires an Azure subscription and the installation of the Directory Sync tool and has some tough pre-requisites for SMBs. The process is detailed on technet here – http://technet.microsoft.com/en-us/library/jj573653.aspx

One main drawback from using any method that does not synchronize the Office 365 platform to your existing Active Directory is dealing with the issue of Auto-Complete or Suggested Contacts. After the migration, it is quite likely that replies on old emails or emails sent using the stored contact information in Auto-Complete or Suggested Contacts will result in a Undeliverable error as follows:

IMCEAEX-_O=MyDomain_OU=First+20Administrative+20Group_cn=Recipients_cn=bOldLastName@domain.com

#550 5.1.1 RESOLVER.ADR.ExRecipNotFound; not found ##

Create Users and Set up Domain in Office 365

In this step, you need to set up and recreate all the users, distribution groups, and domains to match what you have on-premises. In the public DNS, set the MX records to point to your on-premises Exchange until you are ready to receive emails at the Office 365 service. Ensure that the Autodiscover and other DNS services are set up properly.

Setting up the Outlook Profile

One of the main issues with setting up Outlook for Office 365 on an existing SBS domain is the existing autodiscover configuration set up for each user account. The following steps should be followed to ensure a simple, incident free set up of Outlook on Office 365.

  1. Log in to the PC as the user. The configuration is done per user.
  2. Update your PC with a the latest patches, especially Microsoft Office patches and Service Packs.
  3. Log in to the Office 365 portal using the users email address and assigned password.
  4. Install software and connect it to Office 365

  5. You will need to sign in to Office 365 again using the user’s credentials.

  6. The Office 365 setup application will note that manual steps will be required (which involves setting up the Outlook profile as detailed here).

  7. For Office 2007, the registry key is [HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]

    For Office 2010, the registry key is [HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\AutoDiscover]

    The six entries are all DWORD. (NOTE: all but one entry are set to 1)

    “PreferLocalXML”=dword:00000001

    “ExcludeHttpRedirect”=dword:00000000

    “ExcludeHttpsAutoDiscoverDomain”=dword:00000001

    “ExcludeHttpsRootDomain”=dword:00000001

    “ExcludeScpLookup”=dword:00000001

    “ExcludeSrvRecord”=dword:00000001

    They should be displayed among other entries like this.

  8. Download and run the two AgileIT tools from http://www.agileit.com/news/office-365-autodiscover-xml-tool-released/. Just enter the domain name and click OK.

  9. Now you can Add a new Outlook Profile from Control Panel-Mail (32-bit). You will see the existing Outlook Profile there, which can be kept as a backup, as you may need it later for export to PST purposes.

  10. The local autodiscover settings that have been configured earlier will kick in and set up the account. You will need to log in using the Office 365 credentials.

You can also add the on-premises Exchange profile to this new profile, if you are planning to export the old email data or manually transfer information over to the office 365 account.

With smaller sites, this is a quick and easy way to manage your Office 365 migration. With larger installations, the Office 365 migration wizard using Azure and Directory Sync may be a more efficient method. In the end, it is up to the business owner, with advice from the IT consultant, to work out which method is preferred.

UPDATE: There is a really good article on how to use Azure Active Directory to handle password sync between your local AD and the new Office 365 AD – www.infostream.cc/dirsync-aadsync

Http://Connect shows a 404 – File or directory not found error page

Http://connect is used in Small Business Server and Windows Server Essentials to configure and join client computers to the domain. There is a known issue with Trend Micro’s Worry Free Business Security suite version 7 and 8 which causes this issue.

The solution is to disable (NOT DELETE) the CGI-exe and ISAPI-dll modules on the SBS Client Deployment Applications Website in IIS.

  1. To do this, you need to start up the Internet Information Services (IIS) Manager. Note: There are 2 of these located in Administrative tools. Select the non-numbered (version 7) one.

  2. Expand to the SBS Client Deployment Applications Home and locate Handler Mappings.

  3. Double-Click Handler Mappings. Then locate CGI-exe. Right-Click and Edit Feature Permissisons.

     

  4. Remove the tick on Execute. You will now see CGI-exe and ISAPI-dll listed in the disabled section. Click OK.

     

  5. Return to the SBS Client Deployment Applications Home, right-click on the website, select Manage Web Site, and restart the site.

 

 

Error: Cannot connect the computer to the server because either another software installation is in progress, or, the computer has a restart pending.

I have been seeing quite a number of systems coming up with this error message when attempting to install the Client Connector Software for SBS 2011 Essentials.

“Error: Cannot connect the computer to the server because either another software installation is in progress, or, the computer has a restart pending. Either complete the installation process, or, restart the computer and try to connect again.”

The first thing to do is obvious – Reboot the computer. But then again, there would not be anything to blog if it were that easy. Obviously, that has been attempted and the error remains. Apparently, this is often caused by programs not cleaning up their installation settings.

The fix is fairly simple, if you can remember where the registry setting is.

Open up Regedit and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager. Rename the key named PendingFileRenameOperation to something else.

That should resolve the issue.

Fixing the Black Screen of Death (KSOD) on SBS 2011

This weekend, an IT reseller contacted me with a problem they had. After the RAID controlled failed on a SBS2011 Standard, they receovered the server from the SBS Backup using the Bare Metal Recovery (BMR) process. After the server was restored, they booted the system and encountered the Black Screen of Death (KSOD). This is a condition where the system boots up and nothing comes up on the screen except a black screen with a mouse pointer. Nothing else can be done to the server, and no amount of waiting will get this server to carry forward in the boot process.

It turns out that there is a known condition that causes this severe problem. In the migration process from SBS2003, the reseller installed the NTBackup Restore Utility for WIndows 7 and Windows Server 2008 R2 utility. This utility allows a user to read and restore a backup set created by the NTBACKUP utility in Windows Server 2003 on a 2008 R2 server. The problem occurs when the user does not uninstall this utility after they have finished restoring the backups. In this condition, all server 2008 R2 backups (yes, including those done in SBS 2011, or any backup that uses the WBEM engine) will be corrupt, and will cause this condition when performing a BMR restore.

The reason for this is that a specific folder is ommitted from the backups – c:\Windows\Registration – if this condition exists.

This condition is now noted in Update Rollup 3 for SBS 2011 – http://blogs.technet.com/b/sbs/archive/2012/06/13/update-rollup-3-for-wssg-bpa-is-now-available-via-microsoft-updates-along-with-its-installation-tool.aspx

The simple fix for this is as follows:

  1. Copy the contents of C:\Windows\Registration from a working SBS2011 server
  2. Boot into the Windows Repair/Recovery mode using SBS2011 Disc 1
  3. Open up a command prompt and browse to C:\Windows\Registration
  4. Copy the files (from a USB drive or something) over to the server

The server should now boot up.

 

Goodbye SBS, Hello WSE?

What’s in a name? What are we going to call this new operating system that takes over from SBS? Microsoft have called this Windows Server 2012 Essentials. Basically, it is following on from the same line as SBS 2011 Essentials. So what is in this product? Have a look here for the Windows Server 2012 Essentials FAQ – http://go.microsoft.com/fwlink/?Linkid=257790

Among the features are:

  • Operating system built on Windows Server 2012. The vast majority of features avaailable in Windows Server 2012 will be available here with some minor limitations, as has been previous implemented in SBS.
  • Users are limited to 25 as with SBS 2011 Essentials.
  • End-to-end Integrated Setup as with SBS Essentials to ensure a good out-of-the-box outcome.
  • The new Storage Spaces feature will allow flexibility in aggregating physical storage across a number of storage devices to create “RAID” like volumes. Think about the features of Drive Extender from Whindows Home Server v1.
  • Anywhere Access provides a refreshed Remote Web Access interface that will allow easier access to applications and data from almost any device.
  • With Direct Access, setting up a secure VPN becomes painless and almost transparent.
  • Health Monitoring continues on from SBS and provides the health status of the server and client computers.
  • Integration with cloud technologies becomes simpler with Add-ins and components designed to help set up a connection to on-premises Exchange server, or hosted solutions in the cloud like Office365.
  • Extensibility via Add-In modules continue on as with SBS Essentials and Windows Home Server to make the platform customisable and easier to manage.

What about the other flavours of Windows servers that were built on the same platform as SBS 2011 Essentials?

  • Windows Home Server 2011 will be the last version. This product will be integrated into the Windows Server 2011 Essentials line.
  • Windows Multipoint Server 2011. This product will be upgraded to a new version in line with Windows Server 2012. It will be similar to the relationship between the 2011 products.
  • Windows Storage Server 2008 R2 Essentials. At this time, there is no indication that the product will be continued in the same form. One can only hope that it is refreshed.

In the coming few posts, I will look at what this means for the small business community, and examine the various reactions from different industry groups. Stay tuned and subscribe to the RSS feed!