Small Business Server 2003 - Best Practices
May 26, 2004
Please note:* *Portions of this transcript have been edited for clarity
Introduction
Moderator: KenM (Microsoft)
Welcome to today's TechNet Chat. Our topic is Small Business Server 2003 - Best Practices.
Moderator: KenM (Microsoft)
I'll now have the hosts introduce themselves.
Host: DavidJ (Microsoft)
Hi, I'm David Jones, a Software Test Engineer on the SBS Product team for Networking and SQL.
Host: Alan (Microsoft)
Hi, I'm Alan, a program manager on the SBS team. I own the Remote Web Workplace, Windows SharePoint Services integration, and now <drum roll> fax services!
Host: Mir (Microsoft)
Hi, I'm Mir, a program manager with SBS in Redmond, WA. Welcome o his cha! :)
Host: Peter (Microsoft)
Q: This is Peter Gallagher. I am on the Small Business support team in Las Colinas, Texas. If you call for support, you might get me!!
Host: Sean (Microsoft)
My name is Sean Daniel and I'm the Program Manager for Backup & Restore as well as mobile devices.
Host: david (Microsoft)
Davidbel - Tester on he Sep and OEM area in Redmond, WA
Host: RebC (Microsoft)
Hi, my name is Rebecca and I support SBS; located in Charlotte, NC. Welcome all! : )
Host: Ray (Microsoft)
Hello, this is Ray Fong from MSFT PSS Support.
Host: Kim (Microsoft)
I'm Kim. Microsoft support engineer for 5 years. Former Cheesehead ;)
Moderator: KenM (Microsoft)
We will begin our chat, Small Business Server 2003 - Best Practices, in just a few minutes.
Host: MarkStan (Microsoft)
My name is Mark Stanfill and I am a technical lead on the SBS team in Texas.
Host: Matthew (Microsoft)
Hi I'm Matthew. I'm on the SBS product team.
Host: Chris (Microsoft)
This is Chris Ard. I was the PSS Beta Lead for SBS 2003.
Host: david (Microsoft)
Howdy from Texas! I'm David, a support professional on the SBS Support Team.
Moderator: KenM (Microsoft)
Ken McGrath here, TechNet/MSN Web and Communities Producer.
Start of Chat
Host: Mir (Microsoft)
Q: I have a customer on SBS4.5, with exchange 5.5. I know that I need to create a new SBS 2003 server and migrate the data. What is the easiest way to migrate all of the information over, is there a good tech doc on this?
A: Check out the 4.5 Migration doc at https://download.microsoft.com/download/6/f/a/6fa5ebc5-5a0f-4990-8833-ed24f4da4289/SBS_MigratingSBS45.doc
Host: Sean (Microsoft)
Q: SBS2003 backup appears to not support multiple tape backups because it passes a /UM switch to NTBackup will you modify this to allow the user to run the job without the /UM switch so that tape mount requests can be handled?
A: SBS backup will only support multiple tapes in the event of a tape changer being used. There is currently no way to remove the /um switch. Sorry.
Host: Charlie (Microsoft)
Q: Is there a patch or upgrade to SBS2003 to reconfigure the group policies properly for Windows XP Professional SP2 in terms of Windows Firewall settings, and so that new workstations added to SBS2003 will automatically get SP2?
A: We will provide a compatibility fix for XP SP2 once it releases for SBS 2003.
Host: david (Microsoft)
Q: david_ms - you work with Peter
A: Yes
Host: RebC (Microsoft)
Q: Is a user that has SBS2003 Professional allowed to obtain and install SQL Reporting services free of charge? If so what is the procedure. I have found a trial download, but not a full download?
A: With SBS 2000 or SBS 2003 Premium, you have a valid license for SQL Server. You can obtain SQL Reporting Services at the "How to Obtain Reporting Services" site: https://www.microsoft.com/sql/technologies/reporting/default.mspx.
Host: Charlie (Microsoft)
Q: When will ISA2004 be supplied with SBS2003?
A: We will provide an update with ISA 2004 for SBS 2003 soon. We haven't finalized our plans for when this will be available yet, but we know there's a lot of interest for it. Thanks.
Host: Charlie (Microsoft)
l provide a compatibility fix for XP SP2 once it releases for SBS 2003.
Host: Ray (Microsoft)
Q: How is licensing handled with W2K3 SBS in regards to too many connections, is the connection refused?
A: Yes, the connection is refused when you exceed the number of licenses installed at the server.
Host: Charlie (Microsoft)
oops - added a weird last sentence there
Host: Peter (Microsoft)
Q: Is it safe to install Exchange 2003 SP1 on SBS2003?
A: The individual service packs for Exchange/Windows/ISA, etc are supported on the SBS product. Make sure to read the release notes for SP1 for Exchange 2003, specifically regarding the login syntax of the username in OWA and Mobile Devices and OMA.
Host: Peter (Microsoft)
Here is the link to the rel notes: https://www.microsoft.com/technet/prodtechnol/exchange/2003/library/sp1rn.mspx
Host: Charlie (Microsoft)
Q: Are there any SBS 2000 CALS (20 pack) still available
A: You have to purchase SBS 2003 CALs, exercise your downgrade rights, and call your fulfillment center for media.
Host: Kim (Microsoft)
Q: Is there someone here who can answer questions on Migration from 2k SBS to 2k3 sbs?
A: There is a whitepaper on the migration at: https://www.microsoft.com/windowsserver2003/sbs/techinfo/productdoc/alpha.mspx. Do you have a specific issue with the migration?
Host: Mir (Microsoft)
Q: Is there an upgrade path for a NT4.0, SBS4.5 customer of mine? Or do they need to purchase it outright and start Software Advantage?
A: If your server is running NT 4.0 or SBS 4.5, you must complete a migration to a new server
Host: Charlie (Microsoft)
Q: With the standard installation of SBS2003 with IIS 6.0 and Sharepoint Services 2.0 a Sharepoint site can be created that is exposed to the Internet. Does the SBS2003 license allow this?
A: Yes. Every authenticated user that connects to the site will require a CAL, however. You can find a whitepaper that documents how to configure Sharepoint Services on SBS 2003 at https://www.microsoft.com/downloads/details.aspx?FamilyID=b51dcb25-0c63-4561-b981-9a3c860b9f15&DisplayLang=en
Host: Ray (Microsoft)
Q: I am seeing several SBS 2003 servers getting a high number of Critical Errors in the Security Event log with an Event ID: 673. How do I stop them?
A. Please contact PSS (1-800936-4900) for hotfix 824905.
Host: Mir (Microsoft)
Q: When a user reaches the 75 User limit and purchases the transition license to go beyond 75 Users will they still have access to the Server Manager and its associated Wizards, and will the Fax still work?
A: Yes, after running the SBS 2003 Transition Pack, you'll still have access to the SBS Server Management Console and the SBS tools.
Host: Chris (Microsoft)
Q: What about software upgrades from SBS4.5 to SBS2k3? Can an upgrade be purchased, or does it have to be a full purchase?
A: There is no direct upgrade from SBS 4.5 to SBS 2003. You will need to purchase the full version of SBS 2003 and then migrate using the migration whitepaper. https://www.microsoft.com/WindowsServer2003/sbs/upgrade/default.mspx
Host: Ray (Microsoft)
Q: How do I fix a CEICW that stops? Where is the best place to start?
A:. Every time CEICW run, it will generate a log called icwlog.txt which is located in Program Files\Microsoft Windows Small Business Server\Support. We can start from the error in the log.
Host: RebC (Microsoft)
Q: I cannot connect using VPN - get error 800 - any ideas?
A: Is there a CISCO router in the picture? Have a look at 319108 - Error Message: VPN Connection Error 800: Unable to Establish Connection https://support.microsoft.com/?id=319108. Also, if ISA is in the environment, make sure you are allowing VPN traffic.
Host: MarkStan (Microsoft)
Q: Is there a MS article on setting up the Pop3 connector for SBS 2003 that explains it thoughly?
A: There isn't a KB article, but the online help is fairly thorough. See the subject "Understanding the Microsoft Connector for POP3 Mailboxes" in the online help.
Host: RebC (Microsoft)
A: - con't: Make sure you are allowing VPN traffic, and that the router is able to pass port 1723 and GRE 47 traffic to the server.
Host: Kim (Microsoft)
Q: migration part 2: I was attempting to follow that same document that you referenced as I did the migration from 2k sbs to 2k3 sbs and kept getting the following error with the Account Migration wizard: The server is not operational: error code=8250
A: The most common issue with ADMT is DNS and connectivity. I would ensure that the DNS is configured exactly as the article says and kept getting the following error with the Account Migration wizard: The server is not operational: error...
Host: Charlie (Microsoft)
Q: What is the best practice for DHCP and Firewall activities in regards to having a Broadband Gateway/Router...a la DLINK or the like...let SBS Do it all or allow some to be done by the gateway?
A: Typically I'd recommend having the SBS server handle DHCP, because then the CEICW can validate scope options and the like. However, functionally there's no difference.
Host: Peter (Microsoft)
Q: Is there some kind of "standards" list for ways to setup an SBS2003 box, so that if I get hit by a truck, some other sbs'er can come in figure out what I did real fast? We don't seem to use the same nomenclature or taxonomy for things
A: That's a tough one. The various logs that setup creates can help to piece together the server's history. The CEICW creates a VBS script each time it is ran. You could look at that to check the different options that were selected during the CEICW. You could also include a DCDIAG and NETDIAG, which will contain the IP addressing information as well as other networking/domain controller related information.
Host: Peter (Microsoft)
I am not sure if that answers your question :)
Host: Chris (Microsoft)
Q: What is the best practice for DHCP and Firewall activities in regards to having a Broadband Gateway/Router...a la DLINK or the like...let SBS Do it all or allow some to be done by the gateway?
A: It depends on whether you are using 2 NICs in the SBS server or just 1. If you have dual NICs then you will definitely let the SBS server provide DHCP addresses to all the local client machines since the SBS server is the gateway. If you have only 1 NIC, then it will depend. You can allow either to handle DHCP, but it is important that you always have DNS configured on all clients to point to the SBS server. If you can specify the DNS options in the router/firewall, then it's fine to do it there, otherwise you should use the SBS server. If your clients are not pointed to the SBS server for DNS, you won't be able to resolve names like companyweb to get to your intranet site.
Host: Kim (Microsoft)
Q: What's the best way to add a new SB 2003 Server to an existing 2K Server Domain while keeping the 2K server?
A: SBS 2000 or 2003 needs to be the root of the domain. =You can join an SBS2003 box to an existing domain for ~2 weeks for migration purposes. The SBS2003 box must take all the FSMO rolls.
Host: Chris (Microsoft)
Q: SBS 2000 or 2003 needs to be the root of the domain. =You can join an SBS2003 box to an existing domain for ~2 weeks for migration purposes. The SBS2003 box must take all the FSMO rolls. (Is there a whitepaper or process for this?)
A: There is no Microsoft documentation on how to do this. It is strongly recommended that you perform a migration to SBS 2003 rather than trying to insert SBS 2003 into an existing domain.
Host: Kim (Microsoft)
A: There is no Microsoft documentation on how to do this. It is strongly recommended that you perform a migration to SBS 2003 rather than trying to insert SBS 2003 into an existing domain.
Host: Kim (Microsoft)
A: followup - I agree with Chris but if you must check this article:255504 Using Ntdsutil.exe to Seize or Transfer FSMO Roles to a Domain Controller https://support.microsoft.com/?id=255504
Host: Mir (Microsoft)
Q: Any info on event ID 8331 - the f:\titanium\dsa\src\lra\abv_dg\lservagent.cpp(4511) unexpected exception. I called to get the hot fix but I never received the e-mail -- for now reboot fixes problem.
A: I'd check out https://eventid.net/display.asp?eventid=8331&eventno=3416&source=MSExchangeAL&phase=1 for more info.
Host: Charlie (Microsoft)
Q: Any info on event ID 8331 - the f:\titanium\dsa\src\lra\abv_dg\lservagent.cpp(4511) unexpected exception. I called to get the hot fix but I never received the e-mail -- for now reboot fixes problem.
A: This fix is also now available in Exchange Server SP1. You can download and install that instead.
Moderator: KenM (Microsoft)
For those just joining, our topic is Small Business Server 2003 - Best Practices. We're about halfway into today's chat and will continue to take questions. Thanks all for participating.
Host: david (Microsoft)
Q: Can you install a sbs 2003 server at one office, then have a second (dc) at a remote office & have them connected with adsl?
A: Yes, you could have a replica DC (Windows Server 2003 Std Edition for example) at your remote office.. Check out the SBS FAQ for more information about having additional servers https://www.microsoft.com/windowsserver2003/sbs/techinfo/overview/generalfaq.mspx
Host: DavidJ (Microsoft)
Q: Migration - Perhaps there is more detailed information on how DNS needs to be configured to complete the migration wizard? Any luck in that?
A: The Migration whitepapers talk about the steps needed to configure DNS properly on both servers. Double-checking that this configuration is set as talked about in the whitepaper is normally the first place to start.
Host: DavidJ (Microsoft)
A: We're continuing to look at ways to make the documentation better and the process simpler for this too.
Host: Sean (Microsoft)
Q: is there any easy/quick way to backup "user accounts"?
A: Open NTBackup and choose to backup only the System State
Host: Peter (Microsoft)
arid Exchange 2003 SP1 forces OWA login to use domain\username instead of just username. Is there a way to remove that requirement? (My users will never understand that)
Host: Peter (Microsoft)
A: Thetrev68, the functionality is built into one of the authentication dll's in SP1 for Exchange. As an alternative, the users can type in user@domain.local for the username field (UPN syntax).
Host: Ray (Microsoft)
Q: Is running terminal server licensing server on SBS 2003 supported?
A: Yes, TS licensing server on SBS2003 is supported. However, remember SBS2003 itself can't be setup as TS Apps, only Remote Desktop (a.k.a TS Admin Mode) is available.
Host: Kim (Microsoft)
Q: Migration - Perhaps there is more detailed information on how DNS needs to be configured to complete the migration wizard? Any luck in that?
A: The biggest thing I see from the support side is DNS is not pointing at each other. DNS information on both Nics should point to them selves and then in the forwarders point to the other server.
Host: Peter (Microsoft)
Q: After installing SUS on SBS2003 and opening the SUS admin page just gives me a blank page. How can this be fixed?
A: I would start by applying Q831464 (GZIP corruption): https://support.microsoft.com/default.aspx?scid=kb;en-us;831464
Host: Mir (Microsoft)
Q: I am still looking for more information on error code 8250 for the migration wizard. any help?
A: There's info about the error codes in ADMT (Active Directory Migration Tool) help. You can install ADMT from SBS 2003 CD1\i386\admt.) If that doesn't answer your question, feel free to post it to the newsgroups and we can follow up from there. Sorry
Host: Mir (Microsoft)
I don't have ADMT handy right now.
Host: Charlie (Microsoft)
Q: Will SBS SP1 include exchange Sp1?
A: We are still finalizing our list of items included in SP1, but Exchange SP1 will most likely be included.
Host: Ray (Microsoft)
Q: is there any reason to make SBS the TS license server if you're using a std 2003 server for app mode?
A: You can install TS license server on the SBS itself, or the Std 2003 TS Apps sever. It really make no differences.
Host: RebC (Microsoft)
Q: When ISA 2004 is released and other updated products, such as Exchange 2003 sp1, will a visit to the Windows Update site include & upgrade these products or will there be a central repository for them?
A: We are continuing to look at different ways to offer updates. As of now, there is no central repository.
Host: Peter (Microsoft)
Q: Do I have to install Exchange updates manually or are there other methods?
A: The Exchange updates will need to be installed manually.
Host: Peter (Microsoft)
The latest version of MBSA should check Exchange as well.
Host: Mir (Microsoft)
Q: I've currently got a draft whitepaper ~80% complete for migrating from SBS 2000 to SBS 2003 via a temp DC role swing then back to new hardware. The method works. I'd like to know who in MS would like to review it, as in contact me please.
A: Jeff - please send your white paper my way (I think you have my e-mail address :)), and we can go from there
Host: david (Microsoft)
Q: I know that to make RWW work, I have to forward 4125 and 443; my question is "in what situation I have to forward the port 3389?", in other words, "what is port 3389 for?"
A: You should only need to forward TCP Port 3389 if you wanted to be able to Remote Desktop directly into the SBS server or possibly access a TS server that is being published internally directly.
Host: Charlie (Microsoft)
Q: when will SBS2k3 SP1 be available?
A: As soon as possible. :-) We have not set a release date yet.
Host: Kim (Microsoft)
Q: is web hosting supported on SBS 2003?
A: per the EULA you can host a web related to your business.. now if you are a school and have a few departments each webs - you can have multiple sites...
Host: Peter (Microsoft)
Q: Does Exchange SP1 also force oma to login as domain\username?
A: OMA will force domain\username. However the SBS SP1 may change that behavior back to just "username".
Host: DavidJ (Microsoft)
Q: If someone buys and installs ISA2004 on SBS2K3, will SBS SP1 fix the wizards it breaks?
A: Yes, it will fix the wizards installing ISA 2004 will break. SBS SP1 wizards will support configuring ISA 2004.
Host: Sean (Microsoft)
Q: RWW uses 443 & 4125, while RDP uses 3389, what 's the difference between them?
A: Opening port 3389 allows you to open the Remote Desktop client on any XP machine and connect directly to the server. If this is closed, the administrator will be requird to log into RWW and connect to the server desktop that way.
Host: Peter (Microsoft)
Q: ***CORECTION***
Host: Peter (Microsoft)
A: : Q: Does Exchange SP1 also force oma to login as domain\username?
A: By default, it should not change the login behavior on OMA, however if the authentication domain has been changed on the OMA virtual directory, the logon behavior may change as well SBS Standard be upgraded to SBS Premium?
Host: Peter (Microsoft)
A: Yes, you can upgrade from Standard to Premium.
Host: MarkStan (Microsoft)
Q: is there a way to rename a domain in SBS
A: Domain rename is not supported in SBS 2003.
Host: Mir (Microsoft)
Q: can SBS Standard be upgraded to SBS Premium?
A: You can buy the Product Upgrade SKU to upgrade from STD to PRE. Info is available at https://www.microsoft.com/windowsserver2003/sbs/howtobuy/pricing.mspx
Host: Mir (Microsoft)
Q: one more question and I'll hush- exchange migration best practice, migration wizard or ADMT move mailbox?
A: The recommended method for Exchange migration in SBS is using the Exchange Migration wizard.
Moderator: KenM (Microsoft)
We are going to have to wrap up this chat in about 5 min. We'll be working on the final answers for today.
Host: Alan (Microsoft)
Q: Can anyone suggest some resources for Implementing, Managing and Maintaining Sharepoint Services Sites? - i.e. Best Practices, structures, security, document management, etc.
A: Check out the administrator's guide: https://www.microsoft.com/downloads/details.aspx?FamilyID=a637eff6-8224-4b19-a6a4-3e33fa13d230&displaylang=en
Host: MarkStan (Microsoft)
Q: Does anyone know if there's a "chown"-like command that will allow me to take over ownership of a folder? Seems I created a folder I can't delete now
A: Through the GUI you can use the steps outlined in:268019 HOW TO: Take Ownership of Files https://support.microsoft.com/?id=268019. There's also a Resource Kit utility: 320046 HOW TO: Use the File Ownership Script Tool (Fileowners.pl) https://support.microsoft.com/default.aspx?scid=kb;en-us;320046
Moderator: KenM (Microsoft)
Thanks for joining us today and thanks for the questions. It's time for us to go now.
For further information on this topic please visit the following:
Newsgroups: microsoft.public.windows.server.sbs
SBS Transcripts: Read the archive
Website: Visit the SBS site.