Installation Instructions for Service Pack 1 for Windows Small Business Server 2003, Premium Technologies

  • Article

Updated: May 27, 2009

Applies To: Windows SBS 2003

This is Version 2 of this document, published May 2005.

Before you install these updates

How to install these updates

Perform the following steps to install the latest updates for Windows Small Business Server 2003 Premium Technologies. After completing Setup for each update, return to this page and continue with the next step.

Note

To install these updates, you must be logged on as an Administrator or as a member of the Domain Admins security group.

Note

If one or more of the listed updates is already installed, you can skip to the next step.

Step One: Install SQL Server 2000 Service Pack 4 (SP4)

Note

Perform this step if you installed SQL Server 2000 on a computer running Windows Small Business Server 2003.

  1. From the Autorun page of the Premium Technologies disc (D:\Setup.exe, where D is the letter of your CD drive), click Install SQL Server 2000 Service Pack 4.

Note

When you run SP4 Setup, if you receive a message that the Scm.exe file is in use, restart your server, and then begin installing SP4.

  1. On the Welcome page, click Next.

  2. On the Software License Agreement page, review the licensing agreement. To continue, you must accept the agreement.

  3. On the Instance Name page, accept the default of Default unless in the previous procedure you specified an instance name.

  4. On the Connect to Server page, accept the default of The Windows account name I use to log on to my computer with (Windows authentication) unless you specified a different authentication mode in the previous procedure.

  5. When the message that the SA Password is blank appears, it is recommended that you provide a strong password for this account. A strong password is between 6 and 127 characters, and uses uppercase and lowercase letters, numbers, and other characters, such as *, ?, and $.

  6. Review the Backward Compatibility Checklist message. If you must modify the SP4 security enhancements, select the appropriate options. For details about each option, click Help. Click Continue after you have reviewed the security enhancements.

  7. When the Error Reporting message appears, you can select Automatically send failed error reports to Microsoft.

  8. On the Start Copy Files page, click Next.

  9. When a message appears prompting you to back up your databases, click OK. It is highly recommended that you complete a backup after installing Premium Technologies.

  10. On the Setup Complete page, click Finish. Restart your computer if you are prompted to do so.

Note

If you receive the following error, you must restart your computer and then run the SQL Server 2000 Service Pack 4 Setup again:
"Error running script: sp3_serv_uni.sql(1) To exit the service pack installer, click OK."

  1. Ensure the MSSQLSERVER service is started. To do so, click Start, click Run, and then type Services.msc. If the MSSQLSERVER service is not started, right-click the service, and then click Start.

Step Two: Install SQL Server 2000 Service Pack 4 to the SHAREPOINT instance of SQL Server

Note

Perform this step only if you upgraded the SHAREPOINT instance to SQL Server 2000.

  1. From the Autorun page of the Premium Technologies disc (D:\Setup.exe, where D is the letter of your CD drive), click Install SQL Server 2000 Service Pack 4.

Note

When you run SP4 Setup, if you receive a message that the Scm.exe file is in use, restart your server, and then begin installing SP4.

  1. On the Welcome page, click Next.

  2. On the Software License Agreement page, review the licensing agreement. To continue, you must accept the agreement.

  3. On the Instance Name page, clear the Default check box if it is selected. In the Instance name box, select SHAREPOINT.

Note

If you receive one of the following error messages after selecting the SHAREPOINT instance in the Instance name box and clicking Next, you must upgrade the SHAREPOINT WMSDE instance to full SQL Server 2000, and then you must run the SQL Server 2000 Service Pack 4 Setup again:
"SHAREPOINT is not a SQL Server 2000 instance. Setup will now exit."
"SQL Server 2000 is not installed on this machine. Setup will now exit."

  1. On the Connect to Server page, accept the default of The Windows account name I use to log on to my computer with (Windows authentication) unless you specified a different authentication mode in the previous procedure.

  2. If you receive the Backward Compatibility Checklist message, and you must modify the SP4 security enhancements, select the appropriate options. For details about each option, click Help. Click Continue after you have reviewed the security enhancements.

  3. When the Error Reporting message appears, you can select Automatically send failed error reports to Microsoft.

  4. On the Start Copy Files page, click Next.

  5. When a message appears prompting you to back up your databases, click OK. It is highly recommended that you complete a backup after installing Premium Technologies.

  6. On the Setup Complete page, click Finish. Restart your computer if you are prompted to do so.

  7. Ensure the MSSQL$SHAREPOINT service is started. To do so, click Start, click Run, and then type Services.msc. If the MSSQL$SHAREPOINT service is not started, right-click the service, and then click Start.

  8. Open SQL Server Enterprise Manager (click Start, point to All Programs, point to Microsoft SQL Server, and then click Enterprise Manager), and register the SHAREPOINT instance of SQL Server. To do so, double-click Microsoft SQL Server, right-click SQL Server Group, and then click New SQL Server Registration. You must enter the server name as ServerName\SHAREPOINT. For the authentication mode, use Windows Authentication.

Note

If you encounter an error while trying to upgrade the instance of SHAREPOINT, ensure that the MSSQL$SHAREPOINT service is stopped. To do so, click Start, click Run, and then type Services.msc. If the service is not stopped, right-click the service name, and then click Stop. After the upgrade is complete, you must ensure that the service restarts.

Note

By default, MSDE 2000 SP4 is automatically applied to the instances of SQL Server 2000 Desktop Engine (MSDE) that were installed during Windows Small Business Server 2003 Setup, including the Monitoring (SBSMONITORING) MSDE instance, and the Windows SharePoint Services (SHAREPOINT) WMSDE instance. 

Additionally, if you have the Premium Edition of Windows SBS 2003, and you have installed ISA 2004, MSDE SP4 is automatically applied to the ISA Server 2004 Firewall (MSFW) MSDE instance. In addition, if you are running instances of SQL Server 2000, SQL Server SP4 is made available for you to install.

Step Three: Install ISA Server 2004

You can install Internet Security and Acceleration (ISA) Server 2004 as your firewall, which requires that your server have at least two network adapters (one to connect to the Internet and one to connect to the local network). You should then install Firewall Client on each client computer.

Important

To maintain the current authentication experience for your users, it is highly recommended that you save your existing certificate by exporting it before you begin to set up ISA Server 2004.

Important

During the ISA Server installation process, you will need to indicate that you are creating a new certificate. Later, you will import your saved certificate in order to maintain your current authentication experience for your users.

Important

Disable any real-time antivirus software that you have running, as it may cause problems while running Setup. Remember to restart you antivirus software after Setup is complete.

To export a certificate

  1. Click Start, click Run, and then type MMC.

  2. Click File, and then click Add/Remove Snap-in.

  3. Click Add.

  4. From the list that appears, select Certificates, and then click Add.

  5. Click Computer Account, and then click Next.

  6. Accept the default of Local Computer, and then click Finish.

  7. Click Close, and then click OK.

  8. Expand Certificates (Local Computer).

  9. Expand Personal.

  10. Expand Certificates.

  11. Maximize the snap-in window, and then write down the expiration date of the certificate that corresponds to your external domain. You will use this date to identify the certificate when you configure ISA Server later.

  12. Right-click the certificate corresponding to your external domain, point to All Tasks, then click Export.

  13. When the Certificate Export Wizard begins, click Next.

  14. Select Yes, export the private key, and then click Next.

  15. Accept the defaults on the Export File Format page, and then click Next.

  16. Enter a password, confirm the password, and then click Next.

  17. Enter a file name for the export file (it will have the extension .pfx), and then click Next.

  18. Write down the entire path and file name of the export file, and then click Finish.

  19. Click OK.

  20. Click File, and then click Exit to close the console.

  21. Click No to not save the console.

To install ISA Server 2004

  1. From the Autorun page of the Premium Technologies disc (D:\Setup.exe, where D is the letter of your CD drive), click Install Microsoft Internet Security and Acceleration (ISA) Server 2004.

Note

If Windows Small Business Server 2003 with Service Pack 1 came preinstalled on your server, your original equipment manufacturer (OEM) might have created a shortcut on the desktop for installing the Premium Technologies.

  1. On the Welcome page, click Next.

  2. When the End User License Agreement (EULA) page appears, review the licensing agreement. To continue, you must accept the agreement and click Next.

  3. When the Installation Path page appears, click Next to accept the default installation path.

  4. Click Finish to install and configure ISA Server 2004.

  5. After ISA Server Setup is complete, the Configure E-mail and Internet Connection Wizard appears. You must complete the wizard to properly configure your server to use ISA Server as your firewall. Click Next to begin.

  6. On the Connection Type page, even if you have previously run the wizard, you must select your connection type, and then continue through the wizard to the Firewall page.

  7. On the Firewall page, even if you have previously run the wizard, you must select Enable Firewall.

  8. On the Services Configuration page, select those services that you want to allow through the firewall. If you previously ran the wizard and defined custom services, you can open ICWdetails.htm from \Program Files\Microsoft Windows Small Business Server\Networking\ICW. Search for the section "Enable Basic Firewall and Remote Access" to see the list of firewall settings that were configured.

  9. On the Web Service Configuration page, select any services that you want to allow through the firewall.

  10. If you allowed access to Web services, the Web Server Certificate page appears.

    • If you have not previously run the wizard, select the type of certificate that you want to use.

    • If you have previously run the wizard, select Create a new Web server certificate, and then enter the same Web server name that was used in your previously existing certificate. Later, you will replace this new certificate with the one that you previously exported.

  11. On the Internet E-mail page, if you previously ran the wizard, select Do not change Internet e-mail configuration, and then complete the wizard.

Your server restarts after the wizard finishes.

If you previously exported your existing certificate, you must now import it and then configure ISA Server Management to use it. To do this, complete the following two procedures.

To import a trusted certificate

  1. Click Start, click Run, and then type MMC.

  2. Click File, and then click Add/Remove Snap-in.

  3. Click Add.

  4. From the list that appears, select Certificates, and then click Add.

  5. Click Computer Account, and then click Next.

  6. Accept the default Local Computer, and then click Finish.

  7. Click Close, and then click OK.

  8. Expand Certificates (Local Computer).

  9. Right-click the Personal folder, point to All Tasks, and then click Import.

  10. When the Certificate Import Wizard appears, click Next.

  11. On the File to Import page, click Browse.

  12. In the Files of Type drop-down box, select Personal Information Exchange (*.pfx,*.p12).

  13. Browse to or type the file name of the .pfx file that you exported previously, and then click Next.

  14. Enter the password you used to export the .pfx file, and then click Next.

  15. Verify that Place all certificates in the following store is selected, verify that the default store is Personal, and then click Next.

  16. Click Finish.

To specify the trusted certificate using ISA Server Management

  1. Click Start, point to All Programs, point to Microsoft ISA Server, and then click ISA Server Management.

  2. Expand the console tree and click Firewall Policy.

  3. Click the Toolbox tab in the details pane.

  4. Click the Web Listeners folder.

  5. Right-click SBS Web listener, and then click Properties.

  6. On the SBS Web listener Properties page, click the Preferences tab.

  7. Verify that the Enable SSL check box is selected.

  8. Click the Select button next to the certificate text box.

  9. You will see multiple certificates with the same name. Select the certificate that you just imported, and then click OK.

Note

You can identify the correct certificate by the expiration date that you wrote down when you exported it.

Note

Do not select the publishing.yourdomain.local certificate.

  1. Click OK to close the SBS Web listener Properties page.

  2. Click Apply to save your changes and to update the configuration.

Repeat this procedure for SBS CompanyWeb listener, if it exists in the Web Listeners folder.

To start the ISA Server 2004 installation wizard from the command line

Under normal circumstances, ISA Server 2004 is installed from the Premium Technologies disc by clicking the "Install Microsoft Internet Security and Acceleration Server 2004" link.

However, there are two reasons why you may need to start the ISA Server 2004 installation wizard from the command line:

  1. If the ISA Server 2004 installation fails because it could not read the product key from the registry, you can start the ISA Server 2004 installation wizard from the command line.

  2. If you want to reinstall ISA Server 2004 by using a configuration file that you saved previously, use the following syntax:

    Sbsisa2k4setup /IMPORTFILE "C:\importfile.xml"

    where C:\importfile.xml represents the configuration file.

You can find Sbsisa2k4setup.exe on the Premium Technologies disc, in the ISASetup folder.

Step Four: Install Firewall Client

After you install ISA Server 2004, you must install Firewall Client on each client computer in order to access the Internet.

To install Firewall Client, it is recommended that you create a shared folder for the Firewall Client installation files, and then follow the instructions later in this document to use the Set Up Client Applications Wizard to deploy Firewall Client to each client computer. After completing the installation of all Premium Technologies on your server, create a full backup.

To configure permissions for the Firewall Client shared folder

  1. Using Windows Explorer, browse to \Program Files\Microsoft ISA Server\Clients.

  2. Right-click the Clients shared folder. The properties dialog box for the shared folder appears.

  3. Click the Security tab, click Add, and then type Domain Users. Click Apply to accept the default permissions assigned.

To add Firewall Client for deployment to client computers

  1. Click Start, and then click Server Management.

  2. In the console tree, double-click Client Computers, and then in the details pane, click Set Up Client Applications.

  3. On the Available applications page, click Add. The Application Information dialog box appears.

  4. In the Application Name box, type Firewall Client, and then in the Location of setup executable for this application box, type \\ServerName\Mspclnt\Setup.exe /v"SERVER_NAME_OR_IP=ServerName ENABLE_AUTO_DETECT=0 REFRESH_WEB_PROXY=1 /qn" where ServerName is the name of your server. There are no spaces within the command except before /v, ENABLE, REFRESH, and /qn.

  5. Follow the instructions to complete the wizard.

  6. When prompted to assign the new application to client computers, click Yes. The Assign Applications Wizard appears.

  7. Follow the instructions to complete the wizard.

Note

The Set Up Client Applications Wizard only works with client computers running Microsoft® Windows® 2000 Professional and Microsoft® Windows® XP Professional. If you have a client computer running a different operating system, you must connect to the shared resource manually from the client computer. At the client computer, click Start, click Run, and then type \Servername\Mspclnt\Setup.exe. 

To check the name of your server, click **Start**, right-click **My Computer**, and then click **Properties**. The computer name is the first label before the period listed in the **Full computer name**, for example, *servername*.smallbusiness.local.

To deploy Firewall Client to the client computer

  1. Have the users log off and then log back on to the client computers. A shortcut to install Firewall Client appears on the desktop.

  2. Double-click the shortcut, and then complete the Firewall Client Wizard. Firewall Client will automatically be configured to connect to the ISA Server on the computer running Windows Small Business Server.

Important

After completing Setup for the Premium Technologies, it is highly recommended that you complete a backup of your server. To do so, use the Backup Configuration Wizard (click Start, click Server Management, and then click Backup).

Note

If you used the Set Up Client Applications Wizard to extend the list of applications that are available for deployment to client computers, the additional applications are removed from the list during upgrade to SP1. To resolve this issue, run the Set up Client Applications Wizard and add the client applications again.

Note

If you used the Monitoring Configuration Wizard to configure status reports or usage reports before applying Windows SBS SP1, ensure that the SQLAgent$SBSMONITORING service Startup Type is set to Automatic, and that the service is started. 

To do so, click **Start**, click **Run**, and then type **Services.msc**. Right-click **SQLAgent$SBSMONITORING**, and then click **Properties**. On the **General** tab, select **Automatic** for the **Startup Type**. If the **SQLAgent$SBSMONITORING** service is not started, click **Start**.

Information in this document, including URL and other Internet Web site references, is subject to change without notice and is provided for informational purposes only. The entire risk of the use or results from the use of this document remains with the user, and Microsoft Corporation makes no warranties, either express or implied. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

© 2005 Microsoft Corporation. All rights reserved.

Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.