Category Archives: SBS 2008

Removing SBS 2008 – Step 3: remove from domain / DCPROMO

 

The final step in removing your SBS server is to demote it as a domain controller using the DCPROMO tool.

DCPROMO will do a number of things in terms of removing the server’s ability to operate as an Active Directory server, however the main domain functional ‘operation’ (sorry pun!) you will see from other servers in the network is the moving of the ‘Flexible Single Master of Operation’ (FSMO) or now just ‘Operations Masters’ roles to another AD server.

You can control the transfer of the essential FSMO roles to a preferred AD server (if you have multiple) using the a script e.g. to transfer our roles to our UK/GB Infrastructure server GBINF01 the script is:

ntdsutil

roles

conn

connect to server gbinf01 q

Transfer infrastructure master

Transfer naming master

Transfer PDC

Transfer RID master

Transfer schema master

q

q

And checked with:

netdom /query fsmo

Schema master GBINF01.thefullcircle.local

Domain naming master GBINF01.thefullcircle.local

PDC GBINF01.thefullcircle.local

RID pool manager GBINF01.thefullcircle.local

Infrastructure master GBINF01.thefullcircle.local

The command completed successfully.

Of course if you just have one other AD server (not recommended as best practise but totally feasible and supported by Microsoft) you don’t need to manually control who gets the roles, and DCPROMO will just transfer the roles to the other server.

If you do have multiple servers (with multiple AD sites) then the next available local site server will get the roles.

clip_image001

Move those roles!

clip_image002

clip_image003

clip_image004

clip_image005

clip_image006

Summary review

clip_image007

Remove Active Directory Domain Services from this computer.

When the process is complete, this server will be a member of the domain thefullcircle.local

Remove DNS Delegation: Yes

clip_image008

Good bye domain services!

clip_image009

clip_image010

clip_image011

clip_image012

Checking the FSMO roles to confirm transfer:

C:>netdom query fsmo

Schema master GBINF01.thefullcircle.local

Domain naming master GBINF01.thefullcircle.local

PDC GBINF01.thefullcircle.local

RID pool manager GBINF01.thefullcircle.local

Infrastructure master GBINF01.thefullcircle.local

The command completed successfully.

You can log back onto your SBS server with either the local creds provided earlier, or with a domain account – it is still a domain member server.

Note this machine may no longer be licensed (certainly if an upgrade e.g. to SBS2011).

If the server was an OEM install you can leave what remains (demoted mostly broken SBS server) on the same hardware for whatever use you feel (within license limits – e.g. this is not a 2nd Exchange server!), but the chances are this is now an old and out of warranty bit of kit that is no longer production worthy anyway – reuse, renew, recycle responsibly (see http://blog.thefullcircle.com/2011/05/06/sort-it-out-and-learn-the-3rsreduce-reuse-recycle/).

Removing SBS 2008 – Step 2: ADCS

 

Active Directory Certificate Services removal..

Check the FSMO roles are on your SBS server..

clip_image001

(you don’t actually need the forward slash "/" after the netdom command anymore but that’s a personal hangup from the old LANMAN days.. 😉

As for any server role just remove the role from within Server Manager

clip_image002

(Note the red crosses – this is from a pretty sick SBS 2008 install that had been replaced by Server 2008 R2, SCE (WSUS), and various other Windows network services over a year prior)

Once you’ve started the role removal (after confirming an informational/reading) – head out for a walk / mow the grass / build a model aeroplane.. Basically – leave it some time as you could be watching the screen below longer than paint drying

clip_image003

Later in the process you should see ‘Verifying removal’ and then ‘Collecting removal results…’ – ours took almost an hour between the major application events:

Information        29/08/2011 08:57:51        CertificationAuthority        38        None

Log Name: Application

Source: Microsoft-Windows-CertificationAuthority

Date: 29/08/2011 08:57:51

Event ID: 38

Task Category: None

Level: Information

Keywords: Classic

User: SYSTEM

Computer: SBSSRV01.thefullcircle.local

Description:

Active Directory Certificate Services for thefullcircle-SBSSRV01-CA was stopped.

And

Warning        29/08/2011 09:43:15        ServerManager        1619        None

Log Name: Setup

Source: Microsoft-Windows-ServerManager

Date: 29/08/2011 09:43:15

Event ID: 1619

Task Category: None

Level: Warning

Keywords:

User: THEFULLCIRCLEAdministrator

Computer: SBSSRV01.thefullcircle.local

Description:

Removal succeeded. A restart is required.

Roles:

Active Directory Certificate Services

Warning: You must restart this server to finish the removal process.

When complete (if successful) you should get:

clip_image004

And once ‘closed’ the only option is to restart..

You do need to log back in again (recommend same account as started this process) for the server to finalise the removal of ADCS and report ‘Resuming Configuration’ per:

clip_image005

clip_image006

Also event

Information        29/08/2011 10:10:47        ServerManager        1618        None

Log Name: Setup

Source: Microsoft-Windows-ServerManager

Date: 29/08/2011 10:10:47

Event ID: 1618

Task Category: None

Level: Information

Keywords:

User: THEFULLCIRCLEAdministrator

Computer: SBSSRV01.thefullcircle.local

Description:

Removal succeeded.

Roles:

Active Directory Certificate Services

The following role services were removed:

Certification Authority

And then next to DCPROMO out of the domain!

Removing SBS 2008 – Step 1: Exchange 2007

recent migrations as part of SBS 2011 EAP, etc….

 

clip_image001

Screen clipping taken: 28/08/2011 23:26

Summary: 4 item(s). 0 succeeded, 1 failed.

Elapsed time: 00:01:16

Mailbox Role

Failed

Error:

Object is read only because it was created by a future version of Exchange: 0.10 (14.0.100.0). Current supported version is 0.1 (8.0.535.0).

Elapsed Time: 00:01:16

Client Access Role

Cancelled

Hub Transport Role

Cancelled

Remove Exchange Files

Cancelled

http://forums.msexchange.org/m_1800521706/mpage_1/key_/tm.htm

[PS] C:Windowssystem32>Remove-PublicFolderDatabase -Identity "SBSSRV01Second Storage GroupPublic Folder Database"

Confirm

Are you sure you want to perform this action?

Removing Public Folder Database "SBSSRV01Second Storage GroupPublic Folder

Database".

[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help

(default is "Y"):A

Confirm

You are attempting to remove the last public folder database in the

organization. If you remove this database, all of its contents will be lost and

only users running Outlook 2007 or later will be able to connect to your

Exchange organization. Are you sure that you want to delete the last public

folder database?

[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help

(default is "Y"):A

Remove-PublicFolderDatabase : Object is read only because it was created by a f

uture version of Exchange: 0.10 (14.0.100.0). Current supported version is 0.1

(8.0.535.0).

At line:1 char:28

+ Remove-PublicFolderDatabase <<<< -Identity "SBSSRV01Second Storage GroupPu

blic Folder Database"

+ CategoryInfo : NotSpecified: (0:Int32) [Remove-PublicFolderData

base], InvalidADObjectOperationException

+ FullyQualifiedErrorId : E2ABE251,Microsoft.Exchange.Management.SystemCon

figurationTasks.RemovePublicFolderDatabase

Summary: 2 item(s). 0 succeeded, 1 failed.

Elapsed time: 00:00:39

Mailbox Role

Failed

Error:

The public folder database "SBSSRV01Second Storage GroupPublic Folder Database" contains folder replicas. Before deleting the public folder database, remove the folders or move the replicas to another public folder database. For detailed instructions about how to remove a public folder database, see http://go.microsoft.com/fwlink/?linkid=81409.

Elapsed Time: 00:00:39

Remove Exchange Files

Cancelled

http://technet.microsoft.com/en-gb/library/aa998192(EXCHG.80).aspx

http://technet.microsoft.com/en-gb/library/aa997893(EXCHG.80).aspx

http://technet.microsoft.com/en-us/library/bb331970(EXCHG.80).aspx

http://technet.microsoft.com/en-us/library/bb201664(EXCHG.140).aspx

clip_image002

clip_image003

clip_image004

SBS 2011 (“7” Preview) migration from SBS 2008

So the much anticipated SBS 2008 R2 never was, but we got a lot more than an R2 refresh..
Indeed a whole new version, SBS v.Next codenamed SBS “7” which we can now talk about with its final name ‘Windows Small Business Server 2011 Standard’ AKA SBS 2011.  SBS 2011 is likely to be launched in December.. I’ve got a good idea when due to our involvement in the UK Early Adopter Program but can’t be specific due to NDA commitments.

SBS 2011 is the latest version of Microsoft’s on-premises small-business bundle, built around 64-bit version of Windows Server 2008 R2 core. SBS 2011 will include Exchange 2010 SP1, SharePoint 2010 Foundation and Windows Server Update Services 3.0. Microsoft will make available for an additional fee an add-on with SQL Server 2008 R2 Standard Edition for Small Business. Microsoft is touting as SBS 7’s biggest new feature its support for Office Web Apps, as a result of the inclusion of SharePoint 2010 in the bundle.

In addition to the new names, the Official SBS Blog also revealed the ERP (Estimated Retail Pricing) of the new offerings as well as pricing for the Premium Add-on – I’ll let you get that specific info from the official blog.  It also revealed that SBS 2011 Standard should be available in December 2010 and that the Essentials will be available in the H1-CY2011 time frame.  There are also links on the official blog page for datasheets on both servers, as well as a brochure with info on the SMB server family, AND a link to where you can download the previews if you’d like to get started evaluating one or both of them right away. 

I’d like to point out that one of the key new features in the SBS 2011 Standard Edition is the update to SharePoint 2010 Foundation which brings Office Web Apps (OWA) into the picture.  Of course, Essentials customers will likely leverage the BPOS/Office 365 applications which also include SharePoint, so they’ll have access to OWA as well.  This will be a key opportunity for our partners to bring collaboration to new customers, who have yet to experience the business impact that a collaboration solution can have, as well as extend and enhance the SharePoint platform for existing SBS/Server customers.

Small Business Server 7 Overview Interview: http://technet.microsoft.com/en-us/edge/small-business-server-7-overview-interview.aspx?query=1 Bjorn Levidow, Group Program Manager for SBS, tells us about some of the new enhancements in the next version

 

  1. Backup, Backup, Snapshot, and Backup!
  2. Install pre-reqs:
    1. Windows PowerShell 2.0 and WinRM 2.0 for Windows Server 2008 x64
    2. Microsoft Baseline Configuration Analyzer 2.0 (MBCA 2.0)
  3. Install and run the Migration Preparation Tool to check the schema and scan the source server for problems..
    image

    and if you do find an issue, correct it..
    image
    ..we’ll be needing Exchange SP3 then!

    image
    which may take a while… ours was 1hr 45mins!

  4. Review the Migration Guide
    image

  5. Create an answer file

SBS 2008 R2 release date..

The much touted and anticipated R2 version of Microsoft’s much loved Small Business Server 2008 package is now looking likely to be released 3rd-4th calendar quarter this year.
I was recently at a Microsoft event in the UK (http://wp.me/pcs3j-7G) and speaking with a very well respected Microsoft guy who knows a thing or two about SBS.. The educated feeling is that SBS 2008 R2 will be announced at the Microsoft Worldwide Partner Conference (WPC 2010) in Washington D.C. on July 11-15, 2010.
It is likely to be scheduled for Released to Manufacturer (RTM) a few months later, possibly in time for the European leg of Tech-Ed (back in Berlin for the next couple of years) around October-November.

So, a disapointment for those that thought (like I did) that the R2 release would be around 120 days post Windows Server 2008 R2 which was launched October 22nd along with Windows 7, but at least it is coming!, unlike EBS 2008 R2 which was shelved along with discontinuation of development of EBS see www.microsoft.com/ebs/en/us/faq.aspx#dis for more..

Update on this… of course, it wasnt announced at WPC 🙁  and SBS v.next is now codenamed SBS7…  My money is on a name of SBS 2011 to coincide with a 2011 release..  fingers crossed for an announcment at TechEd Europe..

Migrating away (up!) from SBS2008 – licensing alerts

Recently replied to an old EBS2008 TAP friend and good mucker re: his plans to migrate away from EBS2008 and thought this post might help someone out there…

I’ll start by saying – no we haven’t done this with EBS!

But concur I’d be cautious on licensing.  We did something similar with our own production environment with that other license limited server product.. SBS2008.

With SBS2008 upgrading the domain/forest, and schema to R2 didn’t appear to be an issue but transferring the FSMO roles was.  SBS was soon (e.g. 24hrs) sending alerts stating “The FSMO role does not comply with the license policy“ – I’m pretty sure eventually seizing them back!!??!!

e.g.

I found very little info on this last year, and in between adding R2 DC’s, Exchange 2010 (fun with mail routing), and adding SCE2010 Beta then RC into the network we ended up leaving the virtualised SBS2008 box in play – other priorities (customers!) have been more important.

Somewhat useless with helping find the cause – http://technet.microsoft.com/en-us/library/dd443466%28WS.10%29.aspx

very little info on it too –

http://www.google.co.uk/#hl=en&source=hp&q=The+FSMO+role+does+not+comply+with+the+license+policy&btnG=Google+Search&meta=&aq=f&oq=&fp=b432878984070c8a

Hope this helps, if just a little!

Training – Implementing and Administering Windows Small Business Server 2008

This week is another out of the office on Microsoft partner training – 4 days of SBS 2008…

Course code: 44CO120 – M6445 – Implementing and Administering Windows Small Business Server 2008

Where: QA Tabernacle Street, London, EC2A 4DT

Who: Mark Cresswell (mark.cresswell@qa.com)

44CO120 – M6445 – Implementing and Administering Windows Small Business Server 2008

Summary:
This four-day instructor-led course provides students with the knowledge and skills to plan, implement, and manage Windows Small Business Server 2008
This course is intended for technology consultants, system integrators, and in-house technology staff that serve small and medium- sized businesses

Prerequisites:
In addition to their professional experience, students who attend this training should have technical knowledge and skills equivalent to the following courses:
  Course 6420: Fundamentals of a Windows Sever 2008 Network and Applications Infrastructure
  Course 6424: Fundamentals of Windows Server 2008 Active Directory
  Course 5115: Installing and Configuring the Windows Vista Operating
  System
  Course 5116: Configuring Windows Vista Mobile Computing and Applications

Objectives:
Delegates will learn how to Install Microsoft Windows Small Business Server 2008.
Migrate to Microsoft Windows Small Business Server 2008.
Configure Windows Small Business Server 2008 using the Windows Small Business Server 2008 Console.
Manage users and groups in Windows Small Business Server 2008.
Manage messaging and collaboration in Windows Small Business Server 2008.
Manage and monitor Windows Small Business Server 2008.
Secure a Windows Small Business Server 2008 network.
Expand a Windows Small Business Server 2008 network

Top tips & links picked up during the course…

Microsoft SBS docs – http://tinyurl.com/sbs-docs

Known Post Installation Event Errors from SBS 2008 – http://support.microsoft.com/default.aspx/kb/957713

Microsoft blog guide to WSS3/MOSS alternate access mappings – http://tinyurl.com/wss-aam

more tiny urls..  /sbs-rsg,  /sbs-docs, /sbs-grp

Microsoft OEM site – http://oem.microsoft.com

Top 100 public SharePoint sites – http://www.wssdemo.com/Pages/topwebsites.aspx

Free Block List provider – http://www.spamhaus.org/zen
This is gold!  add zen.spamhaus.org to your Block List Providers and switch on connection filtering.
One caveat to note, every time an email is processed by your server it performs a lookup to zen.spamhaus.org – if they receive too many lookups they will suggest that you take up their paid service.  The threshold for this is huge (100,000 SMTP connections per day or 300,000 lookups), and you must not be using it commercially i.e. providing a managed service incorporating their service.

Why disable or rename the Administrator account… because it has a well-known SID! (… -500).

Use child domains for all external domain records just like the default remote.yourdomain.com so to get round duplicate maintainence of internal and external resources (and prevent confusion when vpn’d in!)

SBS default groups have an attribute that mark them as created by the SBS setup process or management console.. so be mindful if creating outside of the console!
Fool it by opening AD Users & Computers, open the attribute editor for the group and edit the msSBSCreatedState to ‘Created’

Roaming profiles – SBS has not been designed to support roaming profiles and Microsoft will not support issues with them (in this context), e.g. production of a SBS specific hotfix to address an issue.
Advised not to use roaming profiles bar controlled environments such as standard build, lack of local admins, quotas, group policy lockdown, etc.

Client migration – above half a dozen client machines consider using the User State Migration Toolkit (USMT) to script the process,  ROI should be worthwhile in configuration time vs time saved at the desktop.

Segway! – the BBC iPlayer program is a P2P service that shares out content, based on Ch4 4oD package – remove it!

Need to inject drivers into WinRE or WinPE boot environments..?  don’t be scared!  use drvload and PEImage, more on TechNet Edge – http://edge.technet.com/Media/WinRE-and-free-stuff-with-Sean-Kearney/

SSL certs for SBS – don’t buy single certs unless you have to.   Host headers and ssl is tricky, has to be a ucc cert or wildcard cert to support.
Default cert purchase from now on will be a wildcard cert, unless a bloody good reason (or lots of small ones… read $’s) not to!

Security cost triangle – you can have any two but not all 3!
low cost, usability, security

Relability and Performance monitor – what a gem!

migration to SBS2008..

My recommendation is to start with Philip Elder’s great posts at http://blog.mpecsinc.ca/
SBS 2008 deployment checklist – http://blog.mpecsinc.ca/2009/05/sbs-2008-setup-checklist-v111.html
SBS2003 to 2008 migration guide – http://blog.mpecsinc.ca/2009/06/sbs-2003-to-sbs-2008-migration-guide.html

Exchange & Circular Logging…
A potential for lots of debate, but I’d agree with Mark that whilst migrating mailboxes, if circluar logging is not enabled, enable it otherwise run the risk of filling up disks with log files!

Disable circular logging post event and let the Exchange aware backups submit the log clear down.  However, if the store data and logs are on the same spindle you may as well leave circular logging on as you get little or no recovery benefits.

How to remove the last legacy Exchange server from an organisation – http://technet.microsoft.com/en-us/library/bb288905.aspx (http://tinyurl.com/sbs-exmig)

Common mistakes when upgrading Exchange 2000/2003 to 2007 – http://support.microsoft.com/kb/555854/en-us

ipconfig /displaydns

Microsoft Desktop Optimization Pack
http://technet.microsoft.com/en-gb/windows/bb899442.aspx
Advanced Group Policy Management – http://technet.microsoft.com/en-us/library/cc749396(WS.10).aspx
Asset Inventory Service – http://www.microsoft.com/windows/enterprise/products/mdop/ais.aspx
Microsoft Diagnostics and Recovery Toolset (DaRT)
System Center Desktop Error Monitoring (DEM)
Microsoft Asset Inventory Service (AIS)