SBS Configure E-mail and Internet Connection Wizard
October 26, 2004
Published: November 1, 2004
Please note: Portions of this transcript have been edited for clarity
Introduction
MSFT Don (Moderator):
Welcome to today’s chat. Our topic today is the SBS Configure E-mail and Internet Connection Wizard.
MSFT Don (Moderator):
We are pleased to welcome our experts for today. I will have them introduce themselves now.
Sean_MS (Expert):
My name is Sean, I'm a Program Manager on the Small Business Server product team responsible for Client Deployment & Mobile Devices.
Huseyin_MS (Expert):
I am Huseyin. I am a software design engineer with the Small Business Server networking team.
asoali_MS (Expert):
My name is Aso Ali, and I am a tester of email configuration in Internet Connection Wizard.
Adam [MSFT] (Expert):
I am Adam DePue, a developer in the Windows Small Business Server Networking Team.
Guy MSFT (Expert):
Hey there, I'm Guy. I'm on the product marketing team for SBS.
Lingan_MS (Expert):
I am Lingan. I am a program manager on the Small Business Server team.
Mir_MSFT (Expert):
Hi! I'm Mir Rosenberg. I'm a Program Manager with Windows Small Business Server in Redmond, WA.
Matthew_MSFT (Expert):
Hi, I'm Matt from the Small Business Server Test team.
DavidJ_MS (Expert):
Hi everyone, I'm David Jones, a tester on the SBS product team.
Wil_MS (Expert):
I'm Wil Campbell, a Software Design Engineer on the Windows Small Business Server team.
MSFT Don (Moderator):
And I'm your moderator, Don Spencer. I'm an editor for the Windows Platform SDK.
MSFT Don (Moderator):
Here's how a chat works: Participants are welcome to post their questions for our experts in the lower window during today’s chat. The answers will be posted in the upper window by our experts. We will try to answer as many questions as we can today.
Start of Chat
Sean_MS (Expert):
Q: When running the CEICW - I have inadvertently created several "webserver certificates" for the SBS 2003 server, I now show two or three certificates in my default certificate store - my question is, can I delete several of them or not?
A: You can delete any SBS certificates from the store on the client side. However, if you delete the one that IIS is using on the default Web site, your users will be prompted from that specific computer when browsing to the Web site via secure SSL connection. There is no need to keep old certificates in your store.
Huseyin_MS (Expert):
Q: Is there a document somewhere that details exactly what CEICW touches when it is run?
A: There is a link on the finish page of the wizard. Once you click that, you will see the text that explains details of the configuration done by CEICW.
Mir_MSFT (Expert):
Q: More depth required on the "what does CEICW do?" question. I am looking for all the underlying things that are touched, not just the summary at the end of the Wizard.
A: You can check the Windows Small Business Server 2003 Getting Started guide for more details on CEICW settings. You can also check the CEICW log under the \Microsoft Integration\Windows Small Business Server 2003 folder on your SBS box.
Huseyin_MS (Expert):
Q: More depth required on the "what does CEICW do?" question. I am looking for all the underlying things that are touched, not just the summary at the end of the Wizard.
A: Note that the summary at the end of the wizard (on the finish page) and the text you see when you click on the link are different. The latter is more detailed. Do you think even this text is not what you want?
Huseyin_MS (Expert):
Q: Huseyin_MS (Expert): No - the summary tells me what happened then. Looking for what is being done to the underlying system (i.e. - stuff that never gets done properly when people try to do it manually)
A: We do not have anything more detailed than that.
Matthew_MSFT (Expert):
Q: Is there any way to tell what specific actions are being performed by the CEICW? For example, how would I get a list of the attachment file types being blocked in Exchange?
A: If you go to the ICW directory (%Programdir%\Microsoft Windows Small Business Server\Networking\ICW), there is an HTML file called icwdetails.htm. This list out what ICW is doing to your network, firewall, IIS, and Exchange.
DavidJ_MS (Expert):
Q: Can you use the SBS Exchange server to host your own email when your Web site is hosted off site with you same extension? and are there any instructions to set it up ( transfer the mail to the correct ip address)
A: Yes, you sure can. You'll need to contact your ISP or whoever hosts your domain and have them set up what's called a "MX" record for your domain to the IP address of your SBS server. Once that is done, you can run the CEICW and give it your Internet domain name, like "mydomain.com", and you'll be set!
Guy MSFT (Expert):
Q: Will there be integration of ISA Server 2004 configuration in the CEICW?
A: Yes there will be integration. We have a set of FAQ for ISA 2004 in the SBS FAQ at: http://www.microsoft.com/windowsserver2003/sbs/techinfo/overview/generalfaq.mspx
Sean_MS (Expert):
Q: I want to configure e-mail as follows: user Mary has the e-mail address mary@company.sk, user Tom has the e-mail address tom@company.sk, and we need to have a common address for responding--for example, all@stonline.sk. Is it possible? I try all but I can’t.
A: The best way to do this is to create a user account called "all" and give that user a mailbox. Then give Tom and Mary access to this user’s mailbox to reply as all@stonline.sk. Thus, if Mary or Tom is out for a day, the other person can do the mailings for the day. This will reduce duplicate responses etc. The other way is to create a DL called "all", but then Tom wouldn't know if Mary already replied to the message. I would suggest creating a new user to do this as mentioned first.
Guy MSFT (Expert):
Q: Sean_MS and Guy_MS: Any plans to market SBS with the Windows Smartphone and Exchange 2003...the new Motorola MPx220 or Audiovox 5600?
A: I'm not sure we have anyone from the Windows Mobile team on the chat today. Both the devices that you mention are new to the market, but do work well with SBS. Our plans for promotion of Windows Mobile phones and SBS are being actively worked on. Stay tuned.
Huseyin_MS (Expert):
Q: When you first set up the SBS, it makes you run the connect to the Internet Wizard. Is there a way to do this when you already have a firewall and still have it complete properly?
A: Yes, you can select do not change my existing configuration for the firewall part through the wizard. The wizard will not change your firewall settings.
Guy MSFT (Expert):
Q: When you first set up the SBS, it makes you run the connect to the Internet Wizard. Is there a way to do this when you already have a firewall and still have it complete properly?
A: It depends. SBS 2003 supports the auto config of external firewalls if that device supports UPnP. Depending on the device, and the implementation of UPnP (many devices have it turned off by default), you should be good to go. If the device doesn't support UPnP, then you will have to configure it manually.
Matthew_MSFT (Expert):
Q: When you first set up the SBS, it makes you run the connect to the Internet Wizard. Is there a way to do this when you already have a firewall and still have it complete properly?
A: CEICW tightly integrates the firewall products that come with SBS. If you are installing a separate software firewall, then you will need to manually configure Web publishing and certificates on your Web site. You can choose to not configure the firewall component if you have SBS STD and choose to not install ISA if you have SBS Premium. The networking part and the email part will still be configured.
Lingan_MS (Expert):
Q: I have several SBS2K3 installs using the POP3 collector that will occasionally have the Queues hang up, and often the only thing that will clear them is a reboot of the server and a rerun of the CEICW. What is causing the problem?
A: Can you provide us with more details? Does it go away with a reboot or do you always have to run ICW? Is this with sending or receiving e-mail?
Sean_MS (Expert):
Q: Sean_ms: Would you define "mobile devices"?
A: A mobile device, as far as this chat is concerned, is a Microsoft Pocket PC Phone Edition, or a Microsoft Smart Phone. These are the best devices to use with SBS 2003 from an automated setup and connectivity point of view. The 2003 devices and higher are even better than the 2002 devices due to SBS's self signed certificate. However, a mobile device could also be considered any type of cellphone/PDA device, but for the context of this chat, we are speaking only of Microsoft versions.
Wil_MS (Expert):
Q: I am resending as I had an error message the first time, and/or nobody replied to my question. I am new to SBS2003 but experienced in SBS2000. In the latter, when you reran the ICW it used to disable custom filters. Does the 2003 version do the same?
A: Yes, it still disables custom packet filters when re-run. These can be re-enabled through the ISA snap-in.
Lingan_MS (Expert):
Q: Can we have a special mainbox in the next rev that would accept specific blocked file types like zip without dumping all blocked files into it like the current quarantine?
A: We will take this as a request for the next release.
DavidJ_MS (Expert):
Q: When an Exchange Server client on SBS chooses to archive after X period of time, where is the archive default?
A: Are you talking about the Auto-Archive and archive features of Outlook? It may depend on the version. Outlook Help has a bunch of information on where to find the archived stuff on the Outlook client itself.
Matthew_MSFT (Expert):
Q: Is the ISA snap-in only on the standard edition of SBS?
A: The ISA snap-in is only installed when ISA is installed. ISA can be optionally installed with SBS Premium.
Wil_MS (Expert):
Q: Is the ISA snap-in only on the standard edition of SBS?
A: To be more clear on my first answer, you can reenable the custom packet filters through the ISA snap-in only on SBS 2003 Premium with ISA installed. On SBS 2003 Standard, you can reenable through ICW or through the RRAS snap-in.
Mir_MSFT (Expert):
Q: More depth required on the "what does CEICW do?" question. I am looking for all the underlying things that are touched, not just the summary at the end of the Wizard.
A: You can check the SBS Getting Started Guide as I mentioned above, and you can also check the CEICW log, which is located under %sbsprogramdir%.
Dan_MS (Expert):
Q: Isa is only on the premium version, right?
A: Yes, ISA 2000 only comes with the Premium edition of SBS 2003.
Sean_MS (Expert):
Q: OK…on version 2003 of outlook and where does that information reside and is it a 'pst' file?
A: In Outlook 2003 when configured in an SBS 2003 network, the information in "Mailbox - User Name" resides on the server and is cached in a local store on the client (so it is still available in the case the server is not). Any data in "Archive Folders" or "Personal Folders" or any other folder that appears there is stored on the local client. Typically, these PST folders will live in "C:\Documents and Settings\username\Local Settings\Application Data\Microsoft\Outlook".
Matthew_MSFT (Expert):
Q: I'm getting an alert, "A large number of messages are pending in the e-mail server send queue" every morning around 3:00 a.m. Is this a valid issue? E-mail seems to be working okay.
A: You might want to check where the pending emails are going and if the destination addresses are valid. There might be a mail relay problem. There are many sites that check whether your server is a mail relay server. SBS by default turns relay off to external and non-authenticated users.
Guy MSFT (Expert):
Q: Will the next version of SBS have the 16GB store limit raised?
A: It's too soon to comment on future versions. We are looking at raising that limit, but can't confirm anything today. There are mitigating ways to get around the 16GB limit, and thanks for the feedback. The more we get, the better to support the case.
Guy MSFT (Expert):
Q: Guy - when SBS came out the concept of 16GB Store files was unthinkable in the SMB space considering hardware and email use at that time. Times HAVE CHANGED!
A: I understand, know that we are looking into it, but that we can't always do something in isolation. That 16GB limit is common to Exchange Server Standard Edition also.
Sean_MS (Expert):
Q: I want to limit the amount of memory that Exchange uses on my SBS 2003 server (it likes to take it all), I was wondering if running this tool would better optimize my environment: Microsoft Exchange Server Best Practices Analyzer Tool.
A: We are aware of this issue and working on it. Currently, we do not have a workaround to reduce the amount of RAM that Exchange uses.
Lingan_MS (Expert):
Q: Lingan_MS (Expert): All mail is down when the queues are clogged. A reboot does not clear it. A second may - I have always rerun CEICW rather than reboot. If I try to run CEICW rather than reboot - CEICW will not complete - then MUST reboot.
A: It appears that you may have a configuration that needs additional investigation. I'd like to refer you to the SBS newsgroup, given the short duration of this chat. Go to: http://www.microsoft.com/WindowsServer2003/sbs/community/newsgroups/dgbrowser/en-us/default.mspx?dg=microsoft.public.windows.server.sbs
Dan_MS (Expert):
Q: If you’re hosting your own email and have laptops that travel outside the office do you have to have 2 email setups? with exchange inside and the somebody@company.com as the second setup?
A: You don't need to have separate email accounts set up on the laptop. Configure Outlook on the laptop to use RPC/HTTP.
Guy MSFT (Expert):
Q: if you’re hosting your own email and have laptops that travel outside the office do you have to have 2 email setups? with Exchange inside and the somebody@company.com as the second setup?
A: Certainly not if you're using Outlook 2003 (which comes as part of SBS 2003). Outlook supports something called RPC over HTTP, which allows you to connect to your SBS server using a secure and encrypted session. It also doesn't require a VPN connection. If you can browse the web using IE on your notebook when you're out, then you get synchronize your email.
Wil_MS (Expert):
Q: More on the customer filters: Upgrading from 2000 to 2003 - I understand that packet filters get converted to rules (I think). Will the upgrade (to a Premium version from ISA on the 2000 version) successfully convert custom packet filters ...
A: SBS 2003 Premium includes ISA 2000, so there is no upgrade involved. In the future SBS release including ISA 2004, the existing packet filters will be translated to access rules.
Matthew_MSFT (Expert):
Q: More on the customer filters: Upgrading from 2000 to 2003 - I understand that packet filters get converted to rules (I think). Will the upgrade (to a Premium version from ISA on the 2000 version) successfully convert custom packet filters? ...
A: The ISA version on SBS2000 is the same ISA version on SBS2003 Premium (ISA2000). The upgrade should keep your packet filters intact. There are some new configurations that are done by CEICW in SBS2003, and we recommend you run CEICW after upgrading. This would disable your custom packet filters and you will need to reconfigure them.
Mir_MSFT (Expert):
Q: Can you guys name the tool to use the same initials as the tag line in the to-do list next time, when we say run the CEICW, no one knows what we are talking about. It says connect to internet on the to-do list, pretty please :>)
A: This is good feedback! Thanks for the suggestion! We'll consider it for our next release.
Lingan_MS (Expert):
Q: Will CEICW have any more analyzing tools melded with it? So that it displays more info when run consecutive times?
A: What specific information are you looking for?
Sean_MS (Expert):
Q: It doesn’t work, when I do another account POP3 in MS outlook in Mary’s or Tom’s computers and there make address for response it work until restart computer. After restarting, the primary account is EXCHANGE and the resp. addr. is tom@company.sk again.
A: This solution wasn't meant for using POP3, I was intending that another Exchange mailbox be created, and provide permissions this way. Using POP3 will have the same issues around if you've replied to it or not. However, having said that, you can set a DWORD registry key on the client in HKLM\Software\Microsoft\SmallBusinessServer\ClientSetup called "NoTransportOrder" and set the value to 1. This will prevent Exchange from being set as the default provider. I still suggest using Exchange though, it's much easier and will help in preventing duplicate responses from separate users.
DavidJ_MS (Expert):
Q: I am also interested in the vbs that blocks port scans automatically. Will the upgrade convert that and will it still run?
A: Anything that you could run with SBS 2000 (running ISA 2000) should still work with SBS 2003 Premium, running ISA 2000. Depending what the .vbs does, you may need to re-run it after running the CEICW, but moving to SBS 2003 alone should not affect it.
Wil_MS (Expert):
Q: Can you comment on the future deployment of RWW with 2 form authentication: RSA or cryptocard?
A: What is your specific question with regard to the supported forms of authentication?
Guy MSFT (Expert):
Q: Guy_ms: Yes, I understand that the 16GB is Exchange std limit...I heard that number was pulled from thin air... Any links to how the migration pack works?
A: We could go on for hours. Exchange does have an upgrade story to their Enterprise edition. SBS doesn't, we are working to fix. You do need to be a little careful on store size. The larger the store, the more susceptible to corruption you are. 16GB is a fair chunk of email to backup/restore at one time. You might want to break the Transition pack question into a separate one.
Sean_MS (Expert):
Q: If you use RPC over HTTP on the laptop, do you need to setup an OST?
A: Yes, you will need to set this up. although it will happen automatically if you check the box that says "Use Cached Exchange Mode" when configuring the account. No other configuration is needed (beyond setting up RPC over HTTP via the steps in the Remote Web Workplace).
Lingan_MS (Expert):
Q: Is it possible to have all users the same e-mail addresses?
A: Yes. You will have to create a separate mailbox for this and give all the users you want to share this address access to it.
Guy MSFT (Expert):
Q: The web services on Premium don’t contain RWW like Standard. Can this be 'corrected' in SP1?
A: I don't understand what you mean here. Both SBS Standard and Premium have the remote web workplace. Did I understand correctly?
DavidJ_MS (Expert):
Q: Guy: The CEICW doesn't contain the choice for enabling RWW when at the Web Services screen with Premium.
A: We are looking into ways to enable publishing Companyweb (which you mentioned you really meant) with SBS Premium, but it is currently not available.
Mir_MSFT (Expert):
Q: Guy: The CEICW doesn't contain the choice for enabling RWW when at the Web Services screen with Premium.
A: (CEICW --> Companyweb) You can check out the following white paper for this: http://www.microsoft.com/technet/prodtechnol/sbs/2003/deploy/stssbs03.mspx
Mir_MSFT (Expert):
Q: Mir: Thanks, but I meant the KB article in where you add some rules and packets in ISA for 444. That could be done by CEICW I would think ;-)
A: I see your point. Thanks for the feedback! We'll look into it. Feel free to follow up offline with me about this.
Wil_MS (Expert):
Q: Wil; Basically, are you aware that many smaller firms are now using more than just username and password for security...I know Microsoft uses smartcards for remote access....Is this being added to the next version of SBS wizards?
A: Support for other forms of authentication in RWW is under consideration for a future SBS release.
Huseyin_MS (Expert):
Q: Some of us support our clients almost exclusively remotely, it would be very handy to have an option to save the configuration to a floppy at the end of the wizard. So if it gets messed up we could just call the client and say put in the disk and click,
A: Each time through the wizard a script file is generated and saved in %sbsprogramdir%\networking\icw directory like config1.vbs, config2.vbs. You can run these scripts afterwards to restore the configuration (in case you changed something) without running the wizard.
Lingan_MS (Expert):
Q: I know it's not specifically a (CEICW) issue, but how about some logging (and a nice .xml) and a report for RWW access/use ?
A: Thanks, we will take that input for our next release.
DavidJ_MS (Expert):
Q: DavidJ: Thanks, you've got it right about the Companyweb. But would it be possible to do that in SP1?
A: We're continually looking at what to include for SBS 2003 SP1, and we will be looking at ways to do this for SBS 2003 SP1 as well.
Sean_MS (Expert):
Q: So where is possibility to set sharing the address by another users?
A: When you log into Outlook as the user you wish to grant permissions to, then go to Tools/Options and choose the Delegates tab. In here you can enable other people to view your mailbox. So in your case, you would log into Outlook as the "all" user, and add Mary and Tom as delegates to this account.
Huseyin_MS (Expert):
Q: Can you hear that phone conversation trying to walk the receptionist through running a script buried down in the bowels of SBS?
A: Currently, this is the only mechanism we have. It is easier than to walk someone through the wizard itself as you only need to launch the script. We will be looking into making it more discoverable.
Lingan_MS (Expert):
Q: The wizard is a great piece of work. Do you guys deserve a pat on the back?
A: Thank you. We are working on making it even better :D
Huseyin_MS (Expert):
Q: Currently, this is the only mechanism, another alternative for you to look at would be a button on the first screen of the CEICW to restore last known good configuration, that would do away with the floppy.
A: Thanks for the suggestion. We will definitely consider it.
Lingan_MS (Expert):
Q: Has anyone mentioned that configuring the POP3 connector for multiple domains is a pain?
A: We are working on improving this in the future.
Sean_MS (Expert):
Q: Is it possible to join global address list and Contacts?
A: If you create Contacts in the Active Directory, you can add these Contacts as members of Active Directory Distribution Lists.
Lingan_MS (Expert):
Q: In the newsgroups we get these very nice error numbers in the icwlog file when CEICW is not running properly. Is there somewhere a list where one can look up those errors?
A: Yes, that is a good suggestion. We will have something shortly.
Huseyin_MS (Expert):
Q: Will you please please pretty please, take out the option to configure the UPnP router? As this is not being done properly, certainly not on Standard on a few routers.
A: What specific problems are you having? Does the wizard complete successfully?
Huseyin_MS (Expert):
Q: Yes, the wizard completes, but no filters are configured to forward the ports.
A: Can you tell me the router brand/model and firmware info? Some routers do not display the UPnP port mappings in their UI even though they are configured correctly.
Huseyin_MS (Expert):
Q: Huseyin: I think we have corresponded about that a few months ago and I did follow up with Charlie. Some routers open up port 21 and 80 inbound each and every time when CEICW is run.
A: I do not exactly remember what my answer was but port 80 is supposed to be open if you are doing any web publishing like RWW/OWA/OMA, etc. Port 21 should be open only if you checked FTP.
Huseyin_MS (Expert):
Q: Send me an email grey@smallbizserver.com and I will follow up on it. I have one that behaves as you say, not displaying it, but another site I just did I had to manually enter them.
A: I will follow up with you. Thanks.
Sean_MS (Expert):
Q: is there anyway to import contacts from ACT into the global address list?
A: I do not believe you can import anything into the GAL.
Lingan_MS (Expert):
Q: What UPnP routers have been tested with the wizard?
A: We have tested with most of the popular brands. We have noticed that the UPnP implementation vary currently. We are working on making it easier to configure routers via UPnP.
Guy MSFT (Expert):
Q: Feature Request: How about an SBS special price on an ISA appliance...see network engines and HP...These are too big for the little folks. How about a baby ISA appliance similar to a pix 501?
A: Interesting, I'll go look and see what's up. I must admit that in the SBS space we typically see that the SB owner doesn't want to spend much more than $100 for an external FW.
Guy MSFT (Expert):
Q: Follow-up to feature request: I am referring to something in the licensing area similar to how you allow SBS to work with BCM.
A: I'm not sure I understand correctly. BCM is part of Office, and there is a special patch available from the SBS downloads section to make it work with SBS.
Guy MSFT (Expert):
Q: Guy: Look at it this way, get ISA out there cheaper and compete with the $300-$600 devices from WatchGuard and SonicWALL.
A: Point taken, I'll feed it back to the ISA team.
Lingan_MS (Expert):
Q: Ok, since I have a lot of information in ACT and we have SBS 2003, I would like to use Exchange Server/Outlook to have the users contact their clients. How would I transfer the information from ACT to Exchange where all can access the same info?
A: To date, we do not have a mechanism in SBS. However, you should follow up on the SBS newsgroup to get more information about this.
Huseyin_MS (Expert):
Q: Huseyin: even if you don't request FTP and web publishing, those ports are always opened on a specific router by CEICW. Have a look: Smallbizserver.Net > Network > Config of the UPnP Router by the CEICW wizard: http://www.smallbizserver.net/Default.aspx?
A: I do not think we have seen this problem with the routers we are testing here. I will follow up with you on this.
Mir_MSFT (Expert):
If you didn't get your question answered today or you'd like to ask some more, please post them to the SBS 2003 newsgroup at SBS 2003 http://www.microsoft.com/WindowsServer2003/sbs/community/newsgroups/dgbrowser/en-us/default.mspx?query=mir+rosenberg&dg=microsoft.public.windows.server.sbs&cat=&lang=en&cr=US&pt=&catlist=4266E773-9E5C-4E4C-BB4D-FCD46AD2AB58&dglist=&ptli. Thanks! :)
MSFT Don (Moderator):
If you would like further information on the SBS Configure E-mail and Internet Connection Wizard, check out the following links:
SBS FAQ:http://www.microsoft.com/windowsserver2003/sbs/techinfo/overview/generalfaq.mspx
Publishing a SharePoint site accessible to external users: http://www.microsoft.com/technet/prodtechnol/sbs/2003/deploy/stssbs03.mspx
SBS 2003 newsgroup: http://www.microsoft.com/WindowsServer2003/sbs/community/newsgroups/dgbrowser/en-us/default.mspx?query=mir+rosenberg&dg=microsoft.public.windows.server.sbs&cat=&lang=en&cr=US&pt=&catlist=4266E773-9E5C-4E4C-BB4D-FCD46AD2AB58&dglist=&ptli
SBS Community: http://www.microsoft.com/windowsserver2003/sbs/community/default.mspx
SBS documentation on Internet and e-mail: http://www.microsoft.com/windowsserver2003/sbs/techinfo/productdoc/feature.mspx
SBS Web site: http://www.microsoft.com/windowsserver2003/sbs/
MSFT Don (Moderator):
For a schedule of other chats that you might be interested in, go to http://www.microsoft.com/technet/community/chats/default.mspx.