Monday, 21 April 2008

SBS 2003 R2 - Setup steps and resources - Revised V2.1.1

This is a revision of the original post: SBS 2K3 R2 - Setup steps and resources.

It has been updated to include some new functionality as well as some available feature additions that can be installed during the various stages of the setup.

  1. Install the base OS to the primary OS drive formatted leaving 10 GB unused on the drive during setup. All other drives/partitions should be left untouched at this time.
  2. Stop the continuing setup after the reboot by cancelling it.
  3. In between Phase 1 and Phase 2: Install relevant drivers, format the partitions and drives.
  4. Install the following Windows Server Tools:
  5. Move the Swap File over to the partition created out of the above 10 GB. This partition can be used for the ISA URLCache as well.
  6. Verify all devices are recognized and happy.
  7. Run Phase 2 setup via the Setup icon on the desktop.
  8. We set the MSDE Engine, Users Shared Folders, Client Applications, and Sent Faxes to the same drive/partition.

  9. After the final SBS reboot, enter the Domain Admin account into the DHCP Manager's properties.
  10. Finish the install by completing the ToDo tasks.
    • OPTION: Install Access Based Enumeration for greater folder security. Enable ABE by share as opposed to globally.
    • OPTION: During the CEICW add the following attachment extensions to the Exchange exclusion list: .htm .html
    • OPTION: Revise your user template Quotas as appropriate by right clicking your data drive --> Properties --> Quota --> Quota Entries and change the template volume.
    • OPTION: Download and install .NET 2.0 in preparation for SyncToy.
      • OPTION: Download and install the Microsoft copy utility: SyncToy 1.4.
  11. Install the Premium Technologies with SQL Server 2005 Workgroup Edition followed by ISA 2004 SP1.
  12. Install ISA 2004 via the Premium Technologies CD
    • The CEICW will fail on the initial ISA install. ISA SP2 or later will fix that.
    • Note that during the ISA CEICW one will need to recheck any extra settings at the Web Services Configuration step as it tends to pull them back.
    • Make sure that the Create Certificate is also left at the setting it chooses.
  13. Install the components and updates from the R2 Technologies CD.
  14. Install IE7 for Windows Server 2003 (download link).
  15. Complete the Post Exchange SP2 Must Dos (previous blog post).
  16. Enable Exchange settings: "Display routing groups" and "Display administrative groups" by righ clicking on the Exchange "First Organization" --> Properties and tick both. Apply & OK.
  17. If there are no pre-Exchange 2000 servers on the domain switch to "Native Mode" while in the above Properties.
  18. Look at the client email Mailbox size limits. We tend to set the limit to 1GB out of the box.
    • Under Advanced Management: MySBSDomain (Exchange) --> Administrative Groups --> first administrative group --> Servers --> MySBSServer -->First Storage Group --> Right click Mailbox Store (MySBSServer) and Properties --> Limits Tab.
  19. Update the Exchange registry settings for the Greylist problem that Exchange seems to be having: Exchange may not be retrying! (previous blog post)
  20. Impliment Recipient Filtering to protect against a Reverse NDR Spam Attack (previous blog post) and avoid an SMTP Queue Length error in the inbox.
  21. Install WSS 3.x in side-by-side mode (official SBS blog post on the matter). Why? Because the WSS 3.x and Outlook two way functionality may be required for WSS hosted calendars, or the Recycle Bin may be for those who "accidentally" delete files.
  22. Install WSUS 3.x afterwards (previous blog post on WSUS 3.x install experience).
    • Note that WSUS v2 should be synchronized before installing WSUS v3.
  23. At the command prompt, run the appropriate osql commands to tame SQL's memory usage (previous blog post explanation).
  24. RipCurl the SBS R2 box for Vista and Office 2007 compatibility (previous blog post).
    • ISA SP3 to follow the RipCurl Patch for ISA
  25. Uncheck "Shutdown worker processes after being idle for (time in minutes)" under the Performance Tab for the DefaultAppPool in IIS.
    • This reduces the first visit to Companyweb browser stall in the morning.
  26. Setup any Software installs via Group Policy (previous blog post) making sure to modify the permissions on \ClientApps\.
  27. Create and setup any custom Domain or OU level Group Policy Objects.
    • We remove a domain user's ability to remotely shutdown any system as one example.
  28. OPTION: (May not be needed if you plan to use WSS v3 as principle) Upgrade the Companyweb SharePoint MSDE instance to SQL 2005 (smallbizserver.net article) and enable Full Text Search.
  29. OPTION: Backup the server using your preferred backup method. Ours is StorageCraft's ShadowProtect. Crash the drives. Restore from backup and then deliver.
  30. OPTION: Enable users ability to change their password while working in Outlook Web access (OWA) (previous blog post).
    In the case of the R2 Tech CD, verify that the Service Packs are still current before installing. If not, download and install the most current Service Pack.

    Post Updates:
    • 2008-01-18: Added steps 4a, 4b, and 4c above to download and install the appropriate support tools.
    • 2008-02-15: Added the step to implement Recipient Filtering in Exchange to avoid SMTP Queue Length errors and protect against a Reverse NDR Spam Attack.
    • 2008-03-24: Added IE 7 for Server 2003 download link and install recommendation. Also added the link to SyncToy 1.4 to download and install.
    • 2008-04-19: Added the need to apply a SQL 2005 post SP2 Hotfix
    • 2008-04-21: DHCP credentials required, SQL SP2 references, ISA not installing on more than 4 cores, and IIS setting for Companyweb.
    • 2008-08-11: Added the note that WSUS v2 should be synchronized prior to WSUS v3 being installed.
    • 2009-08-26: Added the option to allow users to change their password in OWA.
    Philip Elder
    MPECS Inc.
    Microsoft Small Business Specialists

    *All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

    2 comments:

    FostWare said...

    I have usually configured SBS servers as:-

    C:(SYSTEM) NTFS 30GB
    D:(SWAP) FAT32 (RAM *3)
    E:(STORAGE) NTFS (the rest)

    although larger sites get
    E:(EXCHANGE) NTFS 64GB
    F:(STORAGE) NTFS (Separate RAID set)

    As putting swap mid head-stroke between data and system made sense.

    Philip E. said...

    Frostware,

    Wow ... talk about totally missing the boat on that point by me! ;)

    As soon as I read your comment, the FreeBSD and OpenBSD drive configurations I have done over and over again jumped into my immediate memory: Both OSs recommend exactly that: Put the swap partition in the middle for the fastest access time!

    I am still a bit leary giving Exchange its own paritioning given some of the catastrophic RAID array failure situations we have dealt with.

    With ShadowProtect in place, those concerns are pretty much mitigated, so, we will look at your suggestions further.

    Thanks for the comment!

    Philip