Quick Fix : Removing a disconnected network drive

August 5, 2011 by 14 Comments

A client of mine needed to move a Data folder from one of there servers, to another.

Easy enough right? Just Copy the data off ahead of time, like a seed copy, then on the day of the switchover just do another, to copy the changes. Robocopy is great for that and a great resource for Robocopy is here, stop sharing the source and start sharing the destination.

The complicating factor here, was that they access this folder via a mapped drive. Ordinarily not an issue, you can simply disconnect the drive, and remap to the new server. Except – you cannot do this if your mapped drive is showing disconnected.

At this client, all the mappings to this particular folder were showing disconnected – however the drive still worked. It was one of those issues we looked at and thought, huh, that is weird, oh well it still works so we will look at that tomorrow.

Tomorrow being that 8th day in the week.

So here i was on  Sunday evening, thinking ah, i hadn’t thought of that – how can i get this drive switchover completed with minimal disruption to the users?

Well firstly i had to solve the problem of not being able to remove the drive letter.

If you search on the internet you can find a large amount of posts from people suffering from this issue, occurring on both XP and Vista, and probably Win 7 as well.

Things like net use x: /delete or net use * /delete, were not working, and neither was simply right clicking the drive and saying disconnect.

I hit upon this article which shows the possible cause of the problem, and the solution. http://support.microsoft.com/kb/932463

“A mapped network drive appears to be disconnected after you install or upgrade to Symantec AntiVirus 10.0 or to Symantec Client Security 3.0 on a Windows Server 2003-based computer or on a Windows XP-based computer”

Well, this client did indeed use Symantec, so, cause identified, move on to the solution.

Quite simply, a registry edit.

Navigate to this path in the registry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2

You should see at the top, a number of entries like this:

1

Each entry that starts ##SERVERNAME is a mapped drive. Not much help from the DWORD values in the details pane to tell you which Drive Letter, but, after ##SERVERNAME is #Folder – so from that you can hopefully narrow down which entry relates to your ‘Disconnected Drive’

So now we have the solution, how to roll this out to 20 client machines with the least effort?

Enter this Article: http://support.microsoft.com/kb/310516 

Reading through this article we learn about how to use a .REG file to modify the registry and how to use a .REG file in conjunction with a BAT file.

You may be way ahead of me now, but for those that aren’t..

First, i exported the registry key and saved it. You can do that by Right Clicking the key, and clicking Export.

3

Then save it..

4

Now, open your file in notepad.

5

Insert a “-“ minus sign in front of HKEY

6

Save your file.

You now have a .REG file that will remove this drive mapping from your computer. To run the file just double click it,

If you find this just opens the file in Notepad again, right click the file, choose ‘open with’ and then choose Registry Editor.

7

Either way, you should be shown this prompt..

8

It may vary slightly from OS to OS, but essentially it is the same warning. You want to say YES at this point.

When you click Yes, the entries defined inside our .REG file are removed from the Registry. A reboot of the PC and the ‘Disconnected Drive’ is now gone!

Ok, i know what your thinking – how does this help us with 20 computers? Get 20 users to run it? NO!

Well, you could, but try getting a user to do anything even remotley dif… anything, and you hit resistance :p

As i mentioned above, the article http://support.microsoft.com/kb/310516 , not only shows us how to delete entries from the registry with a .REG file, it also tells us how to run .REG files silently within a BAT file.

So what i did was to put my .REG file on a server share that was open to all users.

I then wrote a BAT file to call that .REG and run it silently.

9

To save this as a ‘BAT’ file, choose file, then save as, set to all files, and type your file name.

10

I then added this as a logon script using a Group Policy Object. I am not going to cover how to setup a GPO as it is a little beyond the scope of this post.

So come Monday morning, all users logged on and had their Drive deleted, they were all told to reboot after logon.

I had also written a new BAT file to map their drive to the new location, and how many support calls did i get? ZERO!

 

Ok i got one, but that guy was on a mac Smile with tongue out

Filed under General, Quick Fix, Tips & Tricks Tagged with

Quick Fix : SBS 2011 Essentials RDP Timeouts (Remote Web Access)

August 4, 2011 by 7 Comments

If you are using RWA in SBS 2011 you may find that having connected to your Computer, then working on something else for a period of time, you go to switch back to your Computer and find you have been Disconnected! This can be a source of annoyance to those multi-tasking users we look after, and we don’t really want to give them any more reasons to be annoyed right?

5

Luckily it is relatively simple to increase the period of inactivity before a timeout occurs, likewise you can decrease it if you wish to as well.

The default for a disconnect is 60 Minutes.

To edit these settings, we first have to enable the Remote Desktop Gateway Manager tool.

Even though this ‘Role’ is installed into SBS by default, the management tool itself is hidden

You will need to open an Elevated Command Prompt, to do that, find the CMD.exe icon, right click and click on ‘Run As Administrator’

6

Next you need to enter:

dism /online /Enable-Feature:Gateway-UI

1

You will see the status of the Imaging Servicing and Maintenance tool, and after a few moments be returned to a CMD prompt.

Now you can open up the Management tool from your Administrative Tools menu.

2

Expand your Servername and then expand Policies. In the details pane, right click the policy ‘DOMAIN_CAP_DEFAULT’ and go to properties.

3

You can see clearly here the ‘Disconnect Session after Idle’ setting, and change the value to suit your needs.

4

When you have changed the setting click OK. Your settings will be active immediately but may not affect sessions that are already in progress.

To change the timeouts for the entire Remote Web Access site, you can follow Tim Barrett’s blog post for SBS 2008.

http://www.nogeekleftbehind.com/2009/10/02/changing-the-companyweb-timeout-in-sbs-2008/

Changing this setting will affect the timeouts for the RWA page, for accessing files and folders stored on the Server.

The article mentions ‘Companyweb’ for SBS 2008, but can be transferred for The Default Website on SBS 2011 Essentials to affect the RWA page.

Filed under General, Quick Fix, SBS E, Tips & Tricks Tagged with , , , ,

Installing SBS Essentials using an Answer File

August 2, 2011 by 5 Comments

sbsessA question came up on the SBS Essentials forum about how to install SBS Essentials with a domain name that ended in a suffix other than .local

The answer to that question was yes you can, but you need to use an Answer File.

Another question popped up about the layout of your disks, and the way SBS Essentials works with disks during installation.

As you may know SBS Essentials has a minimum requirement of a single 160gb hard disk for installation. If your system does not meet this requirement the install will fail.

The default install process will create a 60gb partition for Windows, and use the rest of your drive for a D drive (data). I think 60gb is woefully small, and i think most IT Pro’s would agree, however you do not have to stick with this, you can make use of an entire disk for C:, by using an Answer file.

There is an online resource here that explains the different values you can use with your Answer File.

Firstly, to build your answer file, you need to open Notepad, and save a text file as ‘cfg.ini’ You may need to save it with the file name in quotes, and with ‘all files’ selected.

1

Once you have this we can start to populate the file. But let’s review some of the things we can set through the answer file.

[WinPE]
Drivers
InstallDisk
WindowsPartitionId
PID
ConfigDisk
WindowsPartitionSize

Drivers

Here we can set a path to a folder that contains the drivers for the server. This is an option setting and should be self explanatory, you can only use the setting once to point the install to a driver folder, you can either use a known path to a drive letter, or a wild card.

[WinPE]
Drivers=x:\serverdrivers

[WinPE]
Drivers=_:\serverdrivers   (_:\ denotes a wildcard)

InstallDisk

Another optional setting. This setting relates to the Physical Disk ID of the drive on which you wish to install Windows. It might prove difficult to actually identify the drive ID you want to use, especially with a RAID configuration, however it should follow some logic somewhere, so if you have multiple disks, it would be OK to assume that the disk on Channel 0 – will be found by the install as Disk0 etc. For Raid Arrays the same would apply, Array0 would become Disk0.

This is based on my assumptions – for example you may not have a disk connected to channel 0, in that event the disk on the lowest numbered channel would become disk 0.

Just remember that the installation of SBS Essentials will WIPE ALL disks, so please do test this before you begin, and don’t come crying to me if it wipes something important!

[WinPE]
Drivers=x:\serverdrivers
InstallDisk=0

WindowsPartitionId

Another option setting for disk management. This can be used in conjunction with the InstallDisk parameter and specifies which partition to install Windows to, on the disk specified. There are considerations to make here depending on whether you are using an MBR based system, or a UEFI based system. I think mainly this parameter is used when you have a preconfigured disk – i have not used this setting in my testing so i don’t have any experience with it. I cant really see a situation where i would use it myself as i imagine i would be formatting an entire disk in most cases. You can get more information from the Online Help (which is where i am getting my information) This setting is also related to the ConfigDisk parameter.

[WinPE]
Drivers=x:\serverdrivers
InstallDisk=0
WindowsPartitionId=2

PID

This parameter is where you would enter your servers License Key if you have one, and if you want to. I have personally stopped entering License keys during setup, i prefer to wait until my server is up and running and configured, then take a backup prior to Activation. With a ‘trial’ period available it seems to make sense to save your activation until you are happy that the server is going into production and will not be re-installed.

(Note this PID is invalid and your install will fail if you try to use it)

[WinPE]
Drivers=x:\serverdrivers
InstallDisk=0
WindowsPartitionId=2
PID=1234-5678-9101-1121-3141

ConfigDisk

Optional parameter. This can be either a 0 or a 1. The online help explains this quite clearly. If it is missing, then all disks and partitions are deleted, and new partitions are created.

If it is set to 1, then all disks and partitions are deleted, and new partitions are created.

If we set to 0, then nothing is done to the disks, and the WindowsPartitionId parameter is used to determine where Windows will be installed on the available disks.

If you set this to 0 and omit the WindowsPartitionId parameter, then setup will ignore your answer file.

[WinPE]
Drivers=x:\serverdrivers
InstallDisk=0
WindowsPartitionId=2
PID=1234-5678-9101-1121-3141
ConfigDisk=0

WindowsPartitionSize

The last parameter used in the WinPE section. As the name suggests, here we set the value for the size of the Windows Partition. The value here is in MB. NOT GB. The valid range here is 20480 – 102400. You can also specify a value of MAX which will format the entire disk as the Windows Partition. If you don’t specify this parameter, then the default value of 61440 is used.

So with the above configured, we would have SBS Essentials installed to disk 0, Partition 2. With a 100GB partition for Windows. The WindowsPartitionID parameter is ignored as the ConfigDisk parameter is set to 0 – there fore the disk would have to be preconfigured.

[WinPE]
Drivers=x:\serverdrivers
InstallDisk=0
WindowsPartitionId=2
PID=1234-5678-9101-1121-3141
ConfigDisk=0
WindowsPartitionSize=102400

In order to get the answer file to format a drive, and configure a partition size of our choosing we must change the parameters.

[WinPE]
Drivers=x:\serverdrivers
InstallDisk=0
WindowsPartitionId=2
PID=1234-5678-9101-1121-3141
ConfigDisk=1
WindowsPartitionSize=102400

With this configuration the Answer File will install SBS Essentials to disk 0, but it will ignore the WindowsPartitionId parameter. ConfigDisk has been set to a value of 1, meaning it will format Disk 0 and create a partition of 100gb.

Example of an SBS Essentials Answer File

The last parameter you may see, is Processed. This parameter is added to the answer file after the disk configuration has been completed. This stops the server being stuck in an endless install loop of formatting the disks, and i guess it also allows the Installer to skip ahead to the next part of setup.

The only value that the installer will enter is True. Any other value will most likely be ignored, and function as though it does not say True. Since that results in the same behaviour, i.e. False.

If a value of True is detected and you boot into Setup, then the Answer file is ignored and you are presented with the options you would get if you were not using an Answer File.

3

If you have anything wrong in your answer file you will receive an error, and a log is create that will show you what has gone wrong.

4

You can click on the hyperlink ‘Installation Error Logs’ to view the setup log file and try to identify what is wrong with your answer file.

5

As you can see from the above, it has detected an invalid PID and the installation has failed.

In the second part of the answer file, we look at the Initial Configuration of the server. This includes the Locale to install to and the regional settings, the name of the company, server, and the domain name you want to use, and you also set the name of an administrator account, the password and that of a standard user account.

Again the information is available at the online help page.

[InitialConfiguration]
AcceptEula
AcceptOEMEula
CompanyName
Country
ServerName
DNSName
NetbiosName
Language
Locale
Keyboard
Settings
UserName
PlanTextPassword
StdUserName
StdUserPlainTextPassword

AcceptEula

Easy – do you, or do you not accept the end user license agreement. Let’s see how far you get if you set this to false!

Valid settings here are true or false.

[InitialConfiguration]
AcceptEula=True

AcceptOEMEula

This is another optional parameter, and one only used by OEM’s, same deal as above, True or False, with True being the only setting that will allow the install to continue. This is a separate License Agreement specific to your OEM hardware provider.

[InitialConfiguration]
AcceptEula=True
AcceptOEMEula=True

CompanyName

An easy one this – What is your company name? Up to 254 Characters.

[InitialConfiguration]
AcceptEula=True
AcceptOEMEula=True
CompanyName=CompuGlobalHyperMegaNet

Country

Your country abbreviated into a string. The only example given is for the USA, which surprisingly enough is US.

There doesn’t appear to be any additional help available for Country Codes.

[InitialConfiguration]
AcceptEula=True
AcceptOEMEula=True
CompanyName=CompuGlobalHyperMegaNet
Country=GB

ServerName

What do you want your server name to be? From the Online Help

The server name uniquely identifies the server on the network. Your server name must meet the following criteria:

  • Can be up to 15 characters long
  • Can contain letters, numbers and hyphens (-)
  • Must not start with a hyphen
  • Must not contain any spaces
  • Must not contain only numbers Example: ContosoServer

[InitialConfiguration]
AcceptEula=True
AcceptOEMEula=True
CompanyName=CompuGlobalHyperMegaNet
Country=GB
ServerName=CompuServer

DNSName

Your internal DNS domain name. When installing using the GUI, SBS Essentials will use a .local extension. The gui will base the prefix on your company name to start with, so if your company is SBS, then your domain name, prefix, would be SBS. This prefix can be changed in the GUI, however you cannot change the suffix (.local) If you want to install using a domain name other then you need to use the answer file, and this is the parameter to change. The same limitations are placed on domain names as in a standard Active Directory domain (AD) (More Here) and you should also consider the NetBIOS name limits as well (More Here). Another consideration is, how often will i have to type this? So keep it short if you can. I usually recommend using SBS, but in my example below i am using a different company name for a change.

[InitialConfiguration]
AcceptEula=True
AcceptOEMEula=True
CompanyName=CompuGlobalHyperMegaNet
Country=GB
ServerName=CompuServer
DNSName=COMPUGL.com

NetbiosName

We are still using NetBIOS names, despite it’s demise being heralded at each new dawn… ok that’s a little dramatic and it, seemingly, does still have a place in modern networks. Keep this under 15 characters are your good.

Match it with your domain prefix to keep things simple.

[InitialConfiguration]
AcceptEula=True
AcceptOEMEula=True
CompanyName=CompuGlobalHyperMegaNet
Country=GB
ServerName=CompuServer
DNSName=COMPUGL.com
NetbiosName=COMPUGL

Language

A straight forward setting, you would think. What language do you want to install in? Well, let me tell you, unless you set this to EN-US you wont get very far. I am in the process of investigating this with Microsoft, but don’t worry, it does seem to ignore this setting in favour of one of the other Regional settings. But i don’t know which one. I tried setting this to match many different language codes, found here, but each time i hit this error:

IMG_0956

If setup detects any errors in the [InitialConfiguration] part of your Answer File you will see the above. It is actually really useful, it doesn’t just error out, it actually gives you the chance to fix your Answer File and then retry. You can see above, one of my many attempts to get it to recognise the UK variant of English, that being, English.

[InitialConfiguration]
AcceptEula=True
AcceptOEMEula=True
CompanyName=CompuGlobalHyperMegaNet
Country=GB
ServerName=CompuServer
DNSName=COMPUGL.com
NetbiosName=COMPUGL
Language=en-US

Locale

Again, another regional setting. Default, and only published option is en-US, However i set mine to en-GB and it passed.

[InitialConfiguration]
AcceptEula=True
AcceptOEMEula=True
CompanyName=CompuGlobalHyperMegaNet
Country=GB
ServerName=CompuServer
DNSName=COMPUGL.com
NetbiosName=COMPUGL
Language=en-US
Locale=en-GB

If you do decide to use an Answer File to install, please check your time zone is correct when installation is complete.

Keyboard

Self explanatory, keyboard layout. We do have some published parameters here, and setting mine to English_United_Kingdom which is, 00000809 works.

[InitialConfiguration]
AcceptEula=True
AcceptOEMEula=True
CompanyName=CompuGlobalHyperMegaNet
Country=GB
ServerName=CompuServer
DNSName=COMPUGL.com
NetbiosName=COMPUGL
Language=en-US
Locale=en-GB
Keyboard=00000809

As i have explained i did have some issues with the Regional Settings of the Answer File, however i found that once i had installed with the above Regional Settings i got the result i wanted. I would assume then, that one of these settings takes precedence, over the Language setting.

CaptureCapture2

Settings

From the Online Help.. This parameter relates to your Automatic Updates setting.

  • All equals “Use recommended settings”
  • Updates equals “Install important updates only”
  • None equals “Do not check for updates”

[InitialConfiguration]
AcceptEula=True
AcceptOEMEula=True
CompanyName=CompuGlobalHyperMegaNet
Country=GB
ServerName=CompuServer
DNSName=COMPUGL.com
NetbiosName=COMPUGL
Language=en-US
Locale=en-GB
Keyboard=00000809
Settings=ALL

The last 4 parameters are straight forward. With the GUI Installation of SBS Essentials, you are prompted to create both an Administrator account, and also a Standard user account. The Password you enter here, is, clearly, in plain text. So please do make sure your answer file is kept secure, or that you use a default password for installation, and then change it when the installation is completed.

UserName

PlanTextPassword

StdUserName

StdUserPlainTextPassword

[InitialConfiguration]
AcceptEula=True
AcceptOEMEula=True
CompanyName=CompuGlobalHyperMegaNet
Country=GB
ServerName=CompuServer
DNSName=COMPUGL.com
NetbiosName=COMPUGL
Language=en-US
Locale=en-GB
Keyboard=00000809
Settings=ALL
UserName=HSimpson
PlainTextPassword=P@55word
StdUserName=SHomer
StdUserPlainTextPassword=MyP@ssw0rd

26

Information on using an Answer File was published to this page http://onlinehelp.microsoft.com/en-us/sbs2011essentials/answer-file-install-1.aspx and that has been the basis of where i got the information for this post. I found that the documentation did leave me with some questions which is why i wrote this post. Hopefully used in conjunction they will serve as a good reference for anyone wanting to use an Answer File to install SBS 2011 Essentials.

EDIT : 20/09/2011 Those clever chaps over at UsingWindowsHomeServer.com Managed to find a workaround to the issue of using an install disk smaller than 160gb, Despite my being told it was not possible in the RTM Build of SBS Essentials by Microsoft.. (I am not bitter or anything)  If you are in need of using a smaller install disk check out this link.

Filed under General, SBS E, Tips & Tricks Tagged with , , ,

How to Install SBS 2011 CALS

July 26, 2011 by 24 Comments

sbsstdsbsess

You Don’t!

Since SBS 2008 CALS are now based on Microsoft’s honour system, and they are no longer ‘installed’ and ‘activated’ when you buy them.

You just purchase the number of CALS you need, and keep them safe.

Small Business Server 2011 Standard, still ships with 5 CALs.

Even better, with SBS 2011 Essentials, there are no CALS to purchase. SBS Essentials, is a one off purchase. If you buy it today and have 4 users, you pay the same price as someone who has 10 users, or someone who has 25 users.

So, for Essentials think ‘all 25 CALS included’

(although on a technical licensing point of law, political correctness’ and outright Microsoft craziness – there is no such thing as a SBS Essentials CAL)

The Essentials OS is licensed for up to 25 users, but those ‘licenses’ are included in the fee you pay to purchase the software.

I know, i can see some of you at the back sneaking up your hands to ask..

“…i only have X amount of users, can i get a discount…”

No. Don’t be so cheap Smile with tongue out

Because of the unique way Essentials is ‘licensed’ those invisible CALs only allow you to access the Essentials box itself, so unlike it’s big brother, SBS Standard, if you purchase a standalone member server (not a PAO Server) you must also buy full Windows Server CALs. SBS Standard has a more traditional CAL model, so SBS Standard CALs grant access to ANY member server, regardless of whether it is a PAO or not.

SBS 2011 CAL

 

 

 

 

 

 

 

An SBS 2011 CAL

SBS 2011 Premium Add-on (PAO)

sbspao

With the Premium Add-on (PAO, or Kung PAO as Susan Bradley calls it) Licensing is the same, whether you are adding the PAO to Essentials or Standard (The PAO is available to both SBS Standard & Essentials)

When you purchase the PAO, it includes 5 PAO CALS which allows those 5 Clients to access the SQL Services of the PAO Server. (The SQL services are sometimes called the Premium Services)

If you don’t install the SQL component, then you don’t need to purchase any additional PAO CALS.

The CALS for SBS 2011 Standard or Essentials, allow you to access the Windows Server technologies of the PAO server, as long as you are not accessing the ‘Premium’ services, so you could install it as File and Print, Domain Controller, RDS Server etc., and you would not need any additional PAO CALS, or Standard CALS."

Just to add another level of complexity, if you did install the PAO server as an RDS Server, you would need to purchase RDS CALS.

Clear?

Well i hope you were taking notes because we now have a short test!

Licensing Examples

Scenario 1.

I have Windows SBS 2011 Essentials, 10 Users all requiring access to SQL Services.

What components/licensing do i need?

Scenario 2.

I have Windows SBS 2011 Essentials, 10 Users, 1 NON PAO Member Server.

What components/licensing do i need?

Scenario 3.

Windows SBS 2011 Standard, 10 Users (Total), 5 Users Require access to SQL

What components/licensing do i need?

Scenario 4.

I have Windows SBS 2011 Standard, 10 Users, 1 NON PAO Member Server,

What components/licensing do i need?

Answers

Scenario 1.

In this scenario you would have 1x Windows SBS 2011 Essentials Server, 1x PAO Server, and need to purchase 5 PAO CALs.

Scenario 2.

In this scenario you would have 1x Windows SBS 2011 Essentials Server, 1 Windows Server OS License (required for member server) and 10 Windows Server CALs

Scenario 3.

In this scenario you would have 1x Windows SBS 2011 Standard, 1x PAO Server and you would not need any additional PAO CALs

Scenario 4.

In this scenario you would have 1x Windows SBS 2011 Standard, 1x Windows Server OS License (required for member server) You would need to purchase an additional 5 SBS CALs

Thanks to Michael Leworthy of Microsoft for clarification on licensing points.

Filed under General, SBS E, SBS S, Tips & Tricks Tagged with , , , , ,

Setting up Remote Web Access on SBS 2011 Essentials Part 2

July 15, 2011 by 102 Comments

In the last part of this post, i went through how, and how not to setup RWA on SBS 2011.

I had problems with the GoDaddy process, so wanted to give eNom a try.

So i had just removed the domain from the RWA site, and i am starting afresh.

This time i am going to purchase the domain name through the wizard.

1

I want to use one of the supported providers..

2

I want to use eNom

3

This is the domain name i want to try…

4

Aha, it is available – great i want to register it, so i click on Register Now.

5

I am taken to eNom’s website..

6

I wont bore you with setting up an account, but i also chose their very kind offer of an SSL certificate as well!

7

(i can see here it is actually saying ‘transfer’ i believe this is related to something a little further along. At this point i did everything i was prompted to do, and did not change anything)

Purchase complete, and i am now back to the wizard. You need to enter the credentials you created when signing up with eNom and click next.

8

9

What’s that now? Invalid, surely not, i just purchased this domain with your wizard?

So it would seem, that at this point, something went wrong with eNom, as i review my emailed receipt and i was only charged for the SSL, not the domain. Weird!

OK i thought, no big deal.

I went to the site directly and registered the domain name manually. Restarted the wizard, of course this time i already owned the domain.

10

I am lazy, so i want to setup my domain automatically..

11

Hmm, i was expecting this to pickup the fact my domain was at eNom.. it didn’t. So i choose eNom and click Next.

12

Eh, what now?

Transfer? What Transfer? i just bought the domain.

I thought for a few moments, and figured, well it is a new domain, maybe it is not setup – so yeah ok, lets continue..

13

Now the interesting point, it shows my domain as co.uk – which obviously is not right.

14

This appears to be a problem with the wizard itself, not handling second level domains correctly.

This is an annoyance of course, however we can work around this.

So let’s review at this point.

We have purchased an SSL Certificate and a domain name.

I am restarting the wizard..

15

If you choose to manually setup the domain you will need to be able to edit the DNS records for your domain and point them to your router.

You will need at the very least to add an A record for ‘remote.yourdomain.com’ for the public IP of your router, and make sure that email is either being forwarded to another provider, or set MX records to go to your preferred email provider.

You may also need an A record for WWW to point your public website.

That is beyond the scope of todays debacle however..

17

You will need to confirm that you have setup your domain name manually, and then you can click next.

18

Now for the SSL, as we already purchased our SSL Cert, the options here are not straight forward.

We have purchased our certificate, but it is not ‘existing’.

Existing is for certificates already in place on the server. You need to select, i want to purchase..

20

Before you click next, you need to click Advanced. If you don’t then the Certificate Signing Request (CSR) will be for the domain shown – not the full name we want to use.

Click Advanced, then fill out the domain name as shown – we need to have our prefix as shown, and you can see below how the domain name for RWA will actually look..

21

Click on OK, and you are back to the previous page.. this time with the correct name for your CSR.

22

When you click Next you will be presented with your CSR. You can copy this or save it to a file for later use.

23

So i copy this info to my clipboard and go to the eNom site, login and head for SSL Certificates..

24

Click on the RapidSSL option..

25

You need to choose Outside Hosting, and i also chose the type of server i have..

26

27

Delete the text in the CSR field, and paste in your CSR.

28

Scroll down and click Submite Certificate.

29

At this point you may say something rude – if you dont have email already setup for your domain, as i didnt. Of course i was forgetting that the SSL authorisation procedure will require authorisation from the domain owner, which is usually done by email. I quickly had to go and setup email forwarding for this test domain to my actual email address..

30

I chose a suitable email address and submitted the details..

31

32

You are then returned to your Manage SSL home page, and the status is now Processing.

33

Switch over to your email client and keep an eye out for a SSL Certificate request type email..

IMG_0864

Scroll down and follow the link to approve..

You will be taken to a GeoTrust website and have to click on the Approve button.

IMG_0865

Your certificate will then be emailed to you as plain text, and it will look almost identical to your CSR.

IMG_0866

My advice here is to copy and paste this into a new text file and save it as SBS.cer

Now back to our Wizard.. we can now choose that we have our SSL information and click Next.

34

As i saved my certificate to a file, i can now browse to it, alternatively you can just paste that info into this box..

35

Click next, and we are all done!

36

Click Close to go back to the Server Settings\RWA page.

37

So what has all of this taught me?

I am afraid i can only so far draw a negative conclusion on this process.

I think Microsoft have to be applauded for the idea, and the theory is sound, however in practice i think this is a huge undertaking, and as always the more you try to cater for, the more variables you have to account for – the more places something can fall down.

I do not think a DIY’er (or off the shelf purchase of essentials) would have got through this without resorting to calling in an expert, giving up, or died of old age waiting for a non existent certificate to show up.. Smile with tongue out

Having said that, i am also confident that this can be resolved with feedback given to the right people.

So to end on a positive, soothing that people do not seem to be aware of yet – is that Microsoft are giving away a free domain name, AND, a free SSL certificate with SBS Essentials.

Yes, you heard me right!

So, how do i get one?

Just like this…

40

Choose a new domain name…

41

You want the free one!

42

You will need a Windows LIVE ID!!

43

44

Read and accept the license agreement…

45

Choose your prefix. All of the free domains will be domain.remotewebaccess.com

46

Click to check availability.. if it is available, click Set Up!

47

48

DONE!

49

Is it ironic that i am using firefox in this shot?

50

That is a number of ways the RWA wizard can work out for you!

As i said above, you have to applaud the idea, the execution at this time has been poor.

But on a plus, the freebie domain and SSL work perfectly, and who can argue with that price?

Filed under General, SBS E, Tips & Tricks Tagged with , , ,

SBS 2011 Standard Additional Accepted Email Domains (Multiple Accepted Domains)

July 14, 2011 by 18 Comments

My customer is expanding his business, and is going to add a specialist arm of his company in a particular field.

As such he has setup a new website for that particular department and wants some of his staff to have a new email address based on whether they work for that part of the company.

This is really very easy to setup using Email Address Policies, and i will show you how to do that in this blog post.

I did try to get the process a little more automated, and integration into the add user wizard would have been great, but so far i haven’t got that working, but i am hoping with a little prodding of the SBS Dev team, we may be able to find a way.

To follow me through this process, you will need:

A Server running SBS 2011 Standard.

Two domains configured to send email to the SBS Server.

Some user accounts to test with..

First of all what we will do is add our new domain name as an accepted domain in Exchange.

The process for this is very similar, if not identical to that of Exchange 2007.

From Start, go to All Programs, Expand Microsoft Exchange server 2010 and open up the Exchange Management Console (EMC).

1

When the exchange console opens, expand Microsoft Exchange On-Premises, expand Organization Configuration and select Hub Transport.

2

Switch to the ‘Accepted Domains’ tab.

3

This shows you the current accepted domains.

36

On the right hand side, select ‘New Accepted Domains’

4

Enter a name for your new domain, and enter the domain name itself. We will leave the server as the authoratative server for this domain, click New,

5

After a few seconds, the action will complete, and you will be shown the PowerShell command that would have performed this action from the exchange shell. Click Finish.

6

You can now see your additional domain added as an accepted domain.

7

If we now switch to recipient configuration, and the mailbox section, we can see our current mailbox users.

8

If we go to the properties of one of these accounts, we can see the current email addresses associated with that account.

9

We can see that no changes have been made to this account so far.

That’s good because it means existing users are not affected by what we have done.

We will have a look at existing users in a moment, but first let’s add a new user to the system.

Since i am listening to The Beatles at the moment, i am going to call this guy John Lennon. My Favourite Beatle happens to be George, but that isn’t relevant. Why then am i not calling him George Harrison, well i don’t know.

I am not covering the add user wizard here as other posts exist out there on how to do this. Plus it is in the books relating to SBS 2011.

So John, is a good guy and he’s working for my company’s new department.

But wait, as we can see here, he still has an SBSTIPS.co.uk address, not TITLEREQUIRED.com – that is good, that is what is expected.

10

Now, we need to edit his account.

Let’s open up ADUC (Active Directory Users & Computers) From Start, go to Administrative Tools, and you will see ADUC at the top.

Expand Yourdomain.local and keep expanding down until you find MyBusiness\Users\SBSUsers

11

Find John’s account, and go to the properties.

Switch to the ‘Organization’ tab, and enter ‘Titlerequired’ into the department field.

13

Click OK to save this change, and close ADUC.

Switch back to the EMC

Go back to the Organization Configuration, Hub Transport area, and go to the ‘Email Address Policies’ tab.

14

You can see we have 2 current policies. The Windows SBS Email Address Policy is set to make whatever domain name you entered in the Internet Address wizard the default for all users.

So we want to add a new Email Address Policy. On the right click, New Email Address Policy.

We need to enter a name, and also select the container where this policy should be applied, and also the type.

You can leave these as default values, but please do enter a name. Click Next.

15

Put a check in the box for ‘Recipient is in a Department’ under Step 1.

16

Under Step 2, select the hyperlinked word ‘specified’ and enter our department name value of Titlerequired.

17

You can then click Preview, and the policy will show you which users or recipient types it will affect. Hopefully we will only see Mr. Lennon’s name.

18

We do! That is great because it means whatever we are doing here will only affect that one account.

When you are happy click next.

On the email addresses page, click Add.

19

Here we choose how the new email address should look, i like to use first initial and surname, so i will select that.

The default is to add a new email address to the ‘default’ domain, since this is yourdomain.local the new address for John would be jlennon@sbs.local – we want to add this to our new accepted domain, so we must choose to specify the accepted domain.

Click the radio button for that option, and click Browse.

You will then see all the domains we have setup on our system.

20

Double Click the domain you want to use, and it will be added to your policy.

21

Click Ok.

You will now see your email address shown, using the variables that are used for whatever name format of address you chose. More on that here.

22

The table below is taken from the TechNet website and shows variables you can use.

23

Click Next.

You have the option to apply the new policy immediately, or at a scheduled time, or not to apply it all. We want to do it immediately, so click next.

24

You will see a summary page with some PowerShell commands listed. Click New to build and apply the policy.

25

The policy is built and applied successfully.

26

Lets switch back to our Recipient area, and check the email addresses our users now have.

We can see that our user still has his old address.

27

Switching back to the Policies area, we can see our new policy has a priority of 2, and the Windows SBS policy is set at 1.

28

We need to change it to priority 1. Select your new policy and on the right hand side, click Change Priority, and enter the number 1, Click OK to save.

29

It now jumps to the top of the list.

30

Now we need to reapply the policy. Right click the policy and click Apply. We get those same options as before, click on Next, and Apply.

31

24

Again you are shown some PowerShell, and you can click Finish to close the Apple Policy page.

Switching back to Recipient Configuration, you can now see that John has a new email address. (you may need to refresh the view)

32

IF we go into his account properties you can see he now has an email address for both SBSTIPS.co.uk and TITLEREQUIRED.com but that TITLEREQUIRED.com is his default address.

33

If we want to move an existing user to a new department, just edit their AD account to change their Department, and then reapply the policy.

34

You can see that the email address is added as an additional address.

35

And that is how to add an additional domain name and have it apply to only certain users.

If you want to have an additional domain apply to all users, but not as the default, then simply don’t narrow your Email Address Policy by using a department as in Step 1 and 2 above, and leave the policy at priority 2.

You can always use the Preview button to help confirm who will be affected by such a change.

If you want to change the default domain for all users, you should run the Internet Address Wizard and add your new domain here, then add your old domain as an accepted domain, and build a policy as described here to add that old domain as an additional address.

Filed under General, SBS S, Tips & Tricks Tagged with

HP ProBook 4525s SSD Vs HDD

July 7, 2011 by 1 Comment

I already posted this video via twitter but i wanted to follow up with a brief over view of what we were doing and demonstrate we dont just sit about the office timing computers to boot up. Well, most days we don’t, the rest of the time we are playing Halo.

Last week the MD of one of our biggest customers said ‘Im going on holiday, and when i come back i want a new laptop’ Of course we said, well thats fine but um, you might wanna buy one?

He then dissapeard off to some exclusive destination for Uber Rich Managing Directors, and left us to ponder what laptop to purchase for him.

We had a budget of £550.00 (+VAT) and looked through our suppliers list of laptops for that price. We decided that the list was totally uninspiring, and in actual fact the difference in quality between the lower range, £300 laptops to the £600 laptops was negligible.

Because of that, i thought, well, why don’t we get a more conservative laptop, and beef it up with an SSD HD?

My boss was aghast, “do you know how much they cost?” I replied that i did, but with a cheaper laptop, the overall cost would be the same and the performance would be increased.

He took some convincing, and with the help of Philip Elder and Tim Barrett, i was armed with enough ‘expert opinion’ to sway him to pay up.

So we settled on the HP ProBook 4525s.(Model XX800EA)

HP ProBook 4525s XX800 The specs of the laptop are as follows:

AMD Turion II 2.5ghz Dual Core (2mb Cache)
3GB Ram (DDR3 1333) (Max 8GB)
320GB 7200rpm SATA300 HD
15.6" LCD (16:9 WXGA 1366×768 LED)
Mobility Radeon HD 4250
Win 7 Pro x64
Plus all the usual USB & Network Interfaces, Card Reader and Webcam

We decided to install an Intel SSD following previous research and glowing recommendations, we settled on a 160GB 320 Series Intel SSD. We picked one of these up for under £200.00

The intel 320 Series SSD

Installing the drive was a little trickier than we had assumed it would be, unlike laptops we are accustomed to, these ProBooks have a totally solid base – with no vents or access to components. We had to strip the laptop down (after carefully reviewing the manual) by first removing some screws from the battery bay, then removing the keyboard bezel, then the keyboard, then the palm rest.

Installing the drive itself was easy and don’t be fooled by the black ‘bumper’ on the Intel drive it fits perfectly with that still attached. In fact if you take that off as we did, the drive will fall apart LOL.

We also used Acronis to image the HP shipped drive to the SSD drives (which was incredibly quick) before we installed the drive.

Intel SSD 320 Series 160gbIntel SSD & Standard HDD

We powered up the SSD laptop and followed the usual setup requirements, we roughly timed it at 9 minutes. We lost interest in timing the non SSD laptop.

The real test came when both laptops had been ‘configured’ to a point where we had a user account with a password, and we were no longer prompted to do any setup when powering on.

The video below shows the results of a cold boot, with more or less simultaneous power on.

HP Probook 4525s SSD vs 4525s SATA HDD

 

You can see that the SSD (On the Left) boots much quicker than the standard HDD, not only that, but once we type the password (we gave the HDD time to catch up) you will notice that the HP Security software logo in the top left on the screen is the last app to load at logon, this appears almost instantly on the SSD but takes some time to appear on the HDD.

Of course adding the SSD makes the laptop a little more expensive but we think it is a massive improvement, even considering we traded off 1GB of ram to go to a lower model laptop than those retailing at the £550 mark. 

A good test would be to fire it up against a £550.00 laptop, which if we had one we would do. However i imagine the SSD would still beat it without breaking sweat.

The real test of course will be when we present this laptop to the client, and gauge their reaction.

Filed under General, Tips & Tricks

Older posts

Newer posts