How to Make Terminal Servers in Application Sharing Mode Appear in Remote Web Workplace

Here is a bit of a gem. Now we can turn off port 3389 and get users to use RWW from port 443 in SBS2008 instead.
 
Thanks to the Technet guys!
 

Administrators will see all servers and workstations that are shown in the SBS Console’s Computer tab. However, standard users will only see workstations that they have been granted access to. This means that Terminal Servers in the domain will NOT be shown to standard users. To allow non-administrators to see Terminal Servers present in the network, follow these steps:

  1. Log on to SBS 2008 as an Administrator
  2. Open Registry Editor by typing “regedit” in the Start menu. In the Registry Editor, navigate to “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SmallBusinessServer
  3. Create a sub-key “RemoteUserPortal” under the key “SmallBusinessServer“, if it does not already exist
  4. Under the “RemoteUserPortal” key, create a new a Multi-String Value with the name”TsServerNames” (without the quotes; note the capitalization)
  5. Edit the “TsServerNames” value, add your TS servers name into the value data (one server per line), and then click OK to save them
  6. After completing the steps above, the servers you added into the registry will show to all RWW users in their computer selection list.

clip_image002

clip_image004

Note: Once this change is completed, ALL users will be able to view the TS Server from RWW.

Root Certificates and Windows Mobile

Had a wierd week just past. My HTC Touch Dual 850 phone suddely stopped working. The symptom began with Active Sync not working. I discovered that everytime I hit sync on the phone, Active Sync would terminate. Rebooting didn’t fix the problem. I cleared the phone settings and started again. Still no luck. I found further symptoms. When I opened IE on the phone, I could browse to various web pages. When I tried to open a https page, IE would also terminate. Further testing revealed that this worked fine when working with Vodafone, or when plugged into the PC. However, I could not do this on the Telstra network. After getting to level 3 support, I was asked to try removing the proxy setting. This worked.
 
BUT…..
I now got a new error message stating that my nice new thrid party certificate was not valid. OWA and outlook Anywhere worked fine, just not Active Sync on Windows Mobile 6. Finally…. after 5 days of messing about, which included a reimage of the phone ROM image, I solved the problem.
 
Earlier, I recommended that we can use RapidSSL from www.ssldirect.com as a trusted certificate on SS2008. When contacting SSL Direct with this problem, they said that their RapidSSL certificate was not certified to work with mobiles. This was very unusual, since it had been working fine up to this point. The RapidSSL certificate uses a certificate issued by Equifax Secure Global eBusiness CA-1. Whenever I installed the certificate on WM, the certificate would be installed as an intermediate certificate. There is no utility to install this as a root certificate. However, I found a Equifax Secure Global eBusiness CA-1 root certificate on SSL Direct, which installed itself as a root certificate, and apparently, this passes the intermediate requests on like a proxy. Installing this certificate fixed the problem, although I do not recall having to do this when it was working earlier. Something to note down for the future. In the meantime, be careful.
***Comment from Previous Blog site.
Tony Fahlstedt – 16 Dec., 2008 – Delete
Hi Boon,

I experienced pretty much the same thing with a Sony Ericsson p1i cell phone, that phone does have the same equitrac cert built in as HTC phones have, however not the correct version of it, so I downloaded this root cert and installed it, after that activesync worked no hassles.

http://langhofer.at/fileadmin/images/exchange/Equifax_Secure_Global_eBusiness_CA-1_DER.cer

Have not tried it with a HTC though, but I think it will work.

/Tony

Ntbackup Restore for Windows Server 2008 and Vista

For those who are missing “good old ntbackup”, there is a version for use with Windows 2008 and Vista that will allow restores from backups made using ntbackup in Windows XP and Windows Server 2003.
 
The utility requires that the Removable Storage Management Feature is enabled and can be downloaded here – http://www.microsoft.com/downloads/details.aspx?FamilyID=7da725e2-8b69-4c65-afa3-2a53107d54a7&DisplayLang=en

Configuring the iPhone for Exchange Sync

The iPhone is really easy to set up. I don’t particularly like the onscreen keyboard input or the lack of cut and paste (edit: fixed in OS v3.0), but it is really easy to set up a connection to Exchange.
 
All you need is:
email address – This is the email address of the user
domain – Leave this blank in most cases
username – the username for logging into the domain
password – the user’s password
 
Click next, and the iPhone will attempt to connect to the server automatically. In most SBS cases, this will fail, and the phone will request a servername.
 
servername – the FQDN for the domain where Exchange OWA is located. In many SBS2003 installations, this is typically mail.domain.com. On SBS2008, this will normally be remote.domain.com.
 
When you are done, the screen should look something like this.

Missing SYSVOL and NETLOGON during migration

I have had a crazy week so far. One of the issues that has bugged me this week was missing SYSVOL and NETLOGON shares and missing domain data after a new domain controller was added to the domain during migrations.

I first ran into this problem 3 years ago, when I was performing one of my first Swing migrations. I had shut down a server too soon, and as a result, the replica sets were incorrecty synchronized. In that case, I didn’t know what hit me. After I swung the DC back to the target new server, the entire AD crashed. There was no recovery, and I had to restore the server to it’s original state. When I reworked the Swing Migration weeks later, this error did not occur. I made a note on my Swing Migration worksheet, and did not come across this issue again . . . until Monday.

In the first case, I was trying to salvage the AD for a SBS2000 server which had lost the RAID and was barely functional. Just enough to get started. I quickly fixed up a Win2003 server and joined it to domain with the purpose of giving some backup to the AD in preparation for a Swing Migration.

Everything went according to plan, and the AD appeared to have transfered across. I did one last check according to my notes, which I have compiled over the past 4 years, and hit a snag which I had not seen for about 3 years. The SYSVOL and NETLOGON shares were not present on the new DC. Looking further, C:\WINDOWS\SYSVOL\sysvol\domain.name was empty. It should have 2 very important folders – Policies and Scripts. Without this, the AD would crash if the main DC were no longer operational.

In this instance, time was short, and I had to let this one go. We had to rebuild a new domain and reset all the workstations and data.

Today, as I was preparing a new SBS2008 server for migration, I found the same situation. The SBS2008 installation had completed and this new server was fully operational. Being paranoid, I checked, and there was the problem again!

After some searching, I finally found an old Microsoft Knowledge Base article KB290762 (http://support.microsoft.com/kb/290762/) – Using the BurFlags registry key to reinitialize File Replication Service replica sets.

I ran the Authoritative FRS restore procedure using the D4 flag on the old server.

  1. Click Start, and then click Run.
  2. In the Open box, type cmd and then press ENTER.
  3. In the Command box, type net stop ntfrs.
  4. Click Start, and then click Run.
  5. In the Open box, type regedit and then press ENTER.
  6. Locate the following subkey in the registry:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup
  7. In the right pane, double click BurFlags.
  8. In the Edit DWORD Value dialog box, type D4 and then click OK.
  9. Quit Registry Editor, and then switch to the Command box.
  10. In the Command box, type net start ntfrs.
  11. Quit the Command box.

Then I ran the nonauthoritative restore process using the D2 flag on the SBS2008 server.

  1. Click Start, and then click Run.
  2. In the Open box, type cmd and then press ENTER.
  3. In the Command box, type net stop ntfrs.
  4. Click Start, and then click Run.
  5. In the Open box, type regedit and then press ENTER.
  6. Locate the following subkey in the registry:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup
  7. In the right pane, double-click BurFlags.
  8. In the Edit DWORD Value dialog box, type D2 and then click OK.
  9. Quit Registry Editor, and then switch to the Command box.
  10. In the Command box, type net start ntfrs.
  11. Quit the Command box.

Bingo, the folders were recreated, and the shares appeared! An answer to a 3 year old question.

Disable DEP to install some pesky applications/drivers

I decided to wipe out my ACER laptop and rebuild it with Vista Business 64bit SP1. All went well and all the applications and back and running.

I suddenly realised that an integral part of my set up was to be able to use my Vodafone 3G mobile card. I downloaded the latest software off the Vodafone site. Then I plugged in the modem. Got a BSOD immediately. After the reboot, the modem appeared to be installed, but I could not get connected to the Vodafone network. I kept getting a RAS Error Code 633. Vodafone support was unable to help (Get your support guys up to date PLEASE! “It should work with Vista” is not a helpful response).

Anyway, after some searching, I discovered some discussion on Data Execution Prevention (DEP) in relation to installing the device. After uninstalling the Vodafone software and drivers, I disabled DEP with the following command.

bcdedit.exe /set {current} nx AlwaysOff

Then I installed the Vodafone software, rebooted, and plugged the modem in. No BSOD. Got the pleasant “Your device installed successfully” message.
Then I tested and was able to connect to the Vodafone network.

Rebooted once more, and then I re-enabled DEP.

bcdedit.exe /set {current} nx AlwaysOn

Tested the connection again. All OK 🙂

Word of WARNING: Do not disable DEP to install drivers unless you are sure the drivers are safe. Also, make sure you have a backup, unless you are prepared to lose data.

Remote Desktop Client 6.1 for XP SP2

The Remote Web Workplace component of SBS2008 requires Remote Desktop Client v6.1. This is installed with XP SP3 or Vista SP1. Until recently, users had to upgrade to XP SP3 to be able to use this. Microsoft have now released RDC v6.1 for XP SP2. You can download this here – http://www.microsoft.com/downloads/details.aspx?FamilyId=6E1EC93D-BDBD-4983-92F7-479E088570AD&displaylang=en

Migrating from Windows 2003 with Exchange 2003 to Small Business Server 2008

Finally, after some work, I have completed a document which maps out some issues regarding a migration from Windows Server 2003 with Exchange 2003 to Small BUsiness Server 2008. The document is to be read in conjuction with the following document on Migrating from SBS 2003 to SBS 2008 – http://go.microsoft.com/fwlink/?LinkId=117499

This document can be downloaded here – http://www.powerbiz.net.au/Migrating%20from%20Windows%202003%20and%20Exchange%202003%20to%20Small%20Business%20Server%202008.pdf

SBS 2008 Content Filter Updates

For the past month, I have received less than 10 emails in total. How did this happen? I used a combination of IMF Tune v4.1 for Exchange 2007 and TrendMicro Worry Free Business Security Advanced v5.1 beta with Anti Spam setting to medium.

This worked great until yesterday…. Then I started getting few spam messages continuing until today. I had a look to see if the Content Filtering Updates were happening and discovered a whole new world of working with what used to be called IMF in SBS 2003.

This is an excellent article which highlights the differences and how to make the necessary changes to update. http://www.exchangeinbox.com/article.aspx?i=123&t=5
However, I found that some of the steps had already been performed, probably by the tweaked version of Exchange 2007 that ships with SBS 2008.

The general steps are as follows:
1. Enable updates (should already be enabled in SBS2008). Go to Exchange Management Console – Server Configuration – Hub Transport. The action pane on the left shows either Enable Anti-spam updates or Disable Anti-spam updates. You can click and re click to toggle this. When enabling, set everything to Automatic.
2. Check to see that you have the latest update using the Exchange Management Shell. Use the command get-AntiSpamUpdates to check the installed version.
3. Go to Microsoft Updates to see if there is a newer version. You can also subscribe to the Exchange Server 2007 anti-spam RSS feed here – http://catalog.update.microsoft.com/v7/site/Search.aspx?q=exchange%20server%202007%20anti-spam

css.php
%d bloggers like this: