Tuesday, 31 July 2012

SMB Solution Sets Going Forward

This is a tweak of a post on Spiceworks - SBS End of Life.

***

SBS meets a specific market and did so quite well. As Tyler has mentioned it was relatively straightforward to get up and running and when done correctly ran for years requiring basic SBS specific maintenance.

Yes, we have lost the SBS pricing. But, as far as we can tell at this point the increase to the small business to have AD and Exchange in-house will only be marginally more. For those requiring SQL the step up will be a lot more.

The other side of that coin is that SBS brought together, IMNSHO, probably one of the strongest communities to back not only SBS but a whole host of SMB oriented products under one umbrella.

While the loss of SBS may seem like a huge shock for many, in the end it is only change and change is something we should all be used to working in the IT industry.

The cost comparisons between on-premises and Cloud based solutions are only now beginning in the SMB arena. As Cloud matures we will begin to see the real costs associated with Cloud based solutions versus their on-premises siblings and thus provide our clients with a well researched solution set that they can choose from.

Going forward we will have something in SMB that SBS did not provide us: Flexibility.

We can now design a full Microsoft solution stack based solution and CAL it up using the Core CAL Suite or even the Enterprise CAL Suite with the option to run with individual product CALs if the client so chooses.

There are a lot of awesome new products coming down the pipe that will be attractive to SMB that SBS did not give us.

  • Lync is definitely one of them.
  • Built-in Clustering technology now freely available in Windows Server 2012 STANDARD makes for some very lucrative highly available options that SMB may not have had before.
  • DirectAccess is another feature that SMB will find it difficult to be without _once they have it_!
    • Search will always be the on-premises Killer-App that Cloud cannot provide across diverse platforms.

We are on the edge of a truly amazing time.

The on-premises solution set is growing in ways we could only have dreamed of when SBS 2003 was released almost 10 years ago!

Tie that into the many Cloud based products that are mature and backed by geo-redundant and privacy respecting vendors and we have an out-of-the-park home run.

My .25 (2bits) for today. :)

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Monday, 30 July 2012

One Little Feature Where In-House/On-Premises Kills Cloud

This is a tweaked post that was made to the Yahoo SBS2K forum.

***

This is how in-house based Search works when set up properly:

  • Server side:
    • Windows Server 2008 RTM/R2+ hosts files.
    • Win2K8 RTM/R2 set up with Search and indexes file shares.
  • Client side (Win7+):
    • Library created and called whatever (we use SharedFolders)
    • Shared Folders on above server(s) added to library.
      • Use Index Options to add additional folders.
    • Outlook 2010 set up and updated on client.
    • Can add as many mailboxes as allowed by admin.
  • Search process:
    • Click START
    • Type "Cloud or not - comparison ... " (SBS2K topic for this post)
      • As an example, this thread would start showing up in the results for e-mail hosted in Outlook.
      • Now, if we were also shipping Excel/Word/PP/Publisher files back and forth those would show up in the search results under FOLDERS.

And now the clincher?

  • Type "Philip" in the search field and the following results:
    • Any e-mail to/from name
    • Any contacts with that name.
    • Any Word/Excel/PP/Publisher file title with name
    • _ANY_ Word/Excel/PP/Publisher file with name IN it

That's the biggest advantage an in-house solution has over Cloud. Period.

Search is the one killer-app that saves users gobs of time in a year. That translates to a lot of $$$ for the company in efficiencies gained.

As a result, our in-house/on-premises solutions become a lot more attractive. :)

IMNSHO, working remotely via RemoteApp or OWA feels wrong. I can't search for things as quick as I can when working from a connected desktop. If there is a need to search one needs to jump between OWA and SharePoint Online in order to find it. That is a huge drawback.

Now, with Server 2012 we get DirectAccess. Guess what?

SEARCH ANYWHERE!

In-house just took a _giant_ leap forward. :D

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Sunday, 29 July 2012

How To Clean Up AD/DNS/Replication Links After A Failed SBS Destination OS Install or DCPromo

UPDATE: We moved the NTDSUtil step to the front of the pack.

Whenever we run into problems with getting the destination server online, for whatever reason, we have the option to do the following:

  • Restore the System State.
    • This means running the SourceTool again.
  • Restore the Server
    • Restore from ShadowProtect or other backup.
    • Caveat is that any incoming mail since the backup could be lost.
  • Clean up the Source Server
    • Clean DNS
    • Clean AD Sites & Services
    • Verify Global Catalogue
    • Seize FSMO Roles

Please keep in mind that these instructions are specific to situations where our destination has not made it far enough to install Exchange and its connectors on the Source SBS 2003 server.

We need to run the NTDSUtil step first:

We moved the NTDSUtil step to the fore as there are a few additional underlying bits that the utility removes that may help in the next SBS 2011 Standard OS run.

Our second step is in Active Directory Sites & Services

  • Remove the replication links for both servers
  • Source Server:
    • Delete NTDS Settings
    • Delete the Server Container
  • NOTE:

In Active Directory Users and Computers

  • Remove the Destination SBS 2011 from the Domain Controllers container

In DNS Forward Lookup Zones and Reverse Lookup Zones

  • Remove all references to the Destination Server in _msdcs.domain.local
    • DNS A Records
    • DNS N (Name Server tab)
    • IP Address
  • Remove all references to the Destination Server in Domain.Local
    • DNS A Records
    • DNS N (Name Server tab)
    • IP Address
  • Remove all references to the Destination Server in 192.168.99.x Subnet
    • DNS A
    • DNS N (Name Server tab)
    • IP Address

Once all references in AD and DNS have been removed we need to verify that our source is still a Global Catalogue server. This is done in AD Sites & Services.

Then, we reverse the FSMO Role transfer that happens early in the SBS 2011 OS install and configuration process.

We can verify the FSMO Role locations at the command prompt:

  • netdom query fsmo [Enter]

Once we have completed our clean-up steps we are ready to make our SBS 2011 Standard OS install run attempt.

If errors were due to a Schema Mismatch error then we check the AD version here:

  • Registry: HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\<Schema Version>
    • Windows 2000 RTM with all Service packs = Schema version 13
    • Windows Server 2003 RTM with all Service packs = Schema version 30
    • Windows Server 2003 R2 RTM with all Service packs = Schema version 31
    • Windows Server 2008 RTM with all Service packs = Schema version 44
    • Windows Server 2008 R2 RTM with all Service packs = Schema version 47
    • Windows Server 2012 RC = Schema version 56

Our particular Schema version when working with SBS 2011 Standard after the SourcePrep Tool is run successfully is 47.

NOTE: The above steps are destructive! Please have a backup and make sure to verify what is being deleted _before_ the object is deleted!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Saturday, 28 July 2012

SBS 2003: Wants to ChkDsk on Reboot So Disable Disk Check

The SBS 2003 R2 Premium server we are migrating way from this weekend is not well. It is well enough to boot okay but it wants to ChkDsk the backup drive every time it boots.

fsutil dirty query D: [Enter]

When we query the status of the backup drive as above it comes up NOT Dirty. Yet, the server insists on checking it on a boot.

So, we disable the auto check for that volume:

chkntfs /x d: [Enter}

We can then move on with this box without having to try and catch the ChkDsk process before it starts or waiting and waiting and waiting until it finishes – if it ever does.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Friday, 27 July 2012

The ONLY Place To Snapshot A DC VM is in the Lab Right?

And that is only to work through all of the KBs that follow in this blog post to gain AD recovery skills right?

On one of the lists we are a part of there is an active discussion going on about having a second DC on a smaller network for "redundancy" purposes.

When it comes to an SBS Standard based network there are some caveats for that second DC whether it is virtual or physical:

As we have learned in our past recovery situations that second DC can actually be a hindrance instead of a help when there is a need to restore Small Business Server Standard.

Virtual DCs

Now, when everything is virtualized one may be tempted to snapshot a DC prior to making any changes to provide a "fall-back" if things go sideways.

Some things to consider via the mentioned KB:

  • DC should remain running continuously.
  • Do not pause the DC VM for long periods of time.
    • Problems may happen.
  • System State backups are critical but have a shelf life.
    • In multi-DC environments daily DC System State backups of at least two (2) DCs should be the norm.

When a DC is recovered back from a snapshot the following KB may be applicable:

Now, take all of the above and read the following:

The point we are making?

It's okay to have a DC or three in a virtual lab that are used to break and tear apart then step back using a snapshot to then run through the above processes to figure out the recovery path of a restored-from-snapshot DC VM.

However, in a production environment, whether it be our own or our client's location, DC VM snapshots should _never_ be used. Period.

A good backup, that is one that has been fully recovered to bare metal and/or hypervisor, along with a System State backup, are the only way to go. Then, being familiar with the above processes and caveats to having multiple DCs in a production environment is a must.

WS Backup & StorageCraft ShadowProtect

All of our current, as of Windows Server 2008 R2, smaller client networks with the exception of those running on Hyper-V failover clusters (Win2K8 R2) are running a single DC.

In most cases that DC is Small Business Server 2008/2011 Standard.

Why?

Because we test our client's backups on a quarterly basis as part of our ongoing services we provide them.

Test restoring our client's systems on a regular basis gives us full confidence in our ability to restore their single SBS/DC using ShadowProtect and in some cases the native Windows Server Backup.

Introducing a second DC into the mix, in the case of SBS networks, brings about caveats that we need not deal with (see first blog post link) especially when times may be stressful already.

The key to being confident in a single DC environment is in the backup solution set.

To repeat: Confidence in our backup solution is the key to our deploying a single DC solution.

If we are not versed in restoring the backups we deploy at our client sites, at that on a regular basis, then how can we have the confidence to recommend a single DC solution to our clients? If we don't restore our client's backups how will we be aware of what is needed if things really go sideways and a restore is required?

We _are_ confident in our backup solutions built upon Windows Server Backup and now especially on StorageCraft's ShadowProtect Version 4. SP v4 has proven that once again we will be deploying ShadowProtect at all of our client sites as the Hyper-V restore throughput problems we saw in the past are no more.

ShadowProtect's Hardware Independent Restore feature is also a must for P2V and V2V restore situations even between Hypervisor versions.

In the end, it is our preference to keep a single DC in our small to medium solution sets. KISS is our preference. And, a single DC with no snapshots taken follows that line of simplicity. Plus, recovery becomes that much simpler.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Wednesday, 25 July 2012

Quick Software Installed Poll to Text Command

Hat Tip: Fellow MVP David Nickason

Here is a command to run in an elevated command prompt to get a comprehensive list of installed software products on a machine:

  • wmic /output:WMIInstall.txt product get name,version

Here is a sample output from our Windows 8 client:

Name                                                              Version        
Microsoft Lync 2010 Attendee                                      4.0.7577.4098  
Microsoft Application Error Reporting                             12.0.6015.5000 
Microsoft Office Professional Plus 2010                           14.0.6029.1000 
Microsoft Office OneNote MUI (English) 2010                       14.0.6029.1000 
Microsoft Office InfoPath MUI (English) 2010                      14.0.6029.1000 
Microsoft Office Access MUI (English) 2010                        14.0.6029.1000 
Microsoft Office Shared Setup Metadata MUI (English) 2010         14.0.6029.1000 
Microsoft Office Excel MUI (English) 2010                         14.0.6029.1000 
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010  14.0.6029.1000 
Microsoft Office Access Setup Metadata MUI (English) 2010         14.0.6029.1000 
Microsoft Office PowerPoint MUI (English) 2010                    14.0.6029.1000 
Microsoft Office Publisher MUI (English) 2010                     14.0.6029.1000 
Microsoft Office Outlook MUI (English) 2010                       14.0.6029.1000 
Microsoft Office Office 64-bit Components 2010                    14.0.6029.1000 
Microsoft Office Shared 64-bit MUI (English) 2010                 14.0.6029.1000 
Microsoft Office Groove MUI (English) 2010                        14.0.6029.1000 
Microsoft Office Word MUI (English) 2010                          14.0.6029.1000 
Microsoft Office Proofing (English) 2010                          14.0.6029.1000 
Microsoft Office Shared MUI (English) 2010                        14.0.6029.1000 
Microsoft Office Proof (English) 2010                             14.0.6029.1000 
Microsoft Office Proof (Spanish) 2010                             14.0.6029.1000 
Microsoft Office Proof (French) 2010                              14.0.6029.1000 
Windows Live Essentials                                           15.4.3502.0922 
Windows Live Writer                                               15.4.3502.0922 
Zune Language Pack (NLD)                                          04.08.2345.00  
Intel(R) Processor ID Utility                                     4.50.0000      
Zune Language Pack (PTG)                                          04.08.2345.00  
Zune Language Pack (PLK)                                          04.08.2345.00  
Zune Language Pack (FRA)                                          04.08.2345.00  
Zune Language Pack (KOR)                                          04.08.2345.00  
Cisco AnyConnect VPN Client                                       2.5.2014       
Windows Live SOXE Definitions                                     15.4.3502.0922 
Windows Live Communications Platform                              15.4.3502.0922 
Zune Language Pack (FIN)                                          04.08.2345.00  
Windows Live UX Platform Language Pack                            15.4.3508.1109 
LogMeIn Rescue Technician Console                                 7.0.1148       
Java(TM) 6 Update 33                                              6.0.330        
Java(TM) 6 Update 31 (64-bit)                                     6.0.310        
Java(TM) 7 Update 5 (64-bit)                                      7.0.50         
Windows Live Writer                                               15.4.3502.0922 
Zune Language Pack (RUS)                                          04.08.2345.00  
Zune Language Pack (HUN)                                          04.08.2345.00  
Zune Language Pack (NOR)                                          04.08.2345.00  
Windows Live PIMT Platform                                        15.4.3508.1109 
D3DX10                                                            15.4.2368.0902 
Zune Language Pack (DAN)                                          04.08.2345.00  
Zune Language Pack (PTB)                                          04.08.2345.00  
Zune Language Pack (CHT)                                          04.08.2345.00  
Zune Language Pack (CHS)                                          04.08.2345.00  
Zune Language Pack (ELL)                                          04.08.2345.00  
Zune Language Pack (JPN)                                          04.08.2345.00  
Zune Language Pack (IND)                                          04.08.2345.00  
Microsoft IntelliPoint 8.2                                        8.20.468.0     
MSVCRT                                                            15.4.2862.0708 
Zune Language Pack (DEU)                                          04.08.2345.00  
Zune Language Pack (ITA)                                          04.08.2345.00  
Zune Language Pack (CSY)                                          04.08.2345.00  
Zune Language Pack (MSL)                                          04.08.2345.00  
Zune                                                              04.08.2345.00  
Windows Live Language Selector                                    15.4.3555.0308 
Microsoft IntelliType Pro 8.2                                     8.20.469.0     
Windows Mobile Device Updater Component                           04.08.2345.00  
Windows Live Writer                                               15.4.3502.0922 
Microsoft Silverlight                                             5.1.10411.0    
Zune Language Pack (SVE)                                          04.08.2345.00  
Zune Language Pack (ESP)                                          04.08.2345.00  
Windows Live UX Platform                                          15.4.3502.0922 
Windows Live Writer Resources                                     15.4.3502.0922 
Windows Live Installer                                            15.4.3502.0922 
Windows Live SOXE                                                 15.4.3502.0922 
Java Auto Updater                                                 2.0.7.1        

This is one to get familiar with!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Monday, 23 July 2012

SBS Migration Guide and SBS Setup Guide Updated

We have added quite a few steps to both our Migration Guide and our Setup Guide.

Please do use these guides for your own SBS 2011 Standard setup and migration processes!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

SBS 2011 Setup Guide v1.13.0

This list is the guide that we use to set up our SBS 2011 boxes or VMs in a consistent manner. As with earlier versions of SBS, this version too will require a number of post OS install tweaks and configuration steps.

The following assumes that the server manufacturer’s prep disk was used to update the BIOS, motherboard firmware, RAID controller firmware, backplane firmware, and any other device’s onboard firmware prior to installing the SBS 2008 OS. The firmware update step is an absolutely critical one for the stability of the server.

Note that we do not input the Product Key into the OS until we are ready to put the server into production or are on the edge of finishing up a migration.

The SBS 2011 Setup Steps
  1. When installing into a VM set the time.
    • MPECS Inc. Blog: Hyper-V- Preparing A High Load VM For Time Skew
    • Standalone: When virtualizing SBS on a standalone server set the host to poll pool.ntp.org for the correct time. Configure the host’s firewall to allow NTP polling on the local subnet. Then set the SBS VM to poll the host’s IP or hostname for time using the above settings.
    • Clustered: Have the standalone DC polling pool.ntp.org and set as the authoritative time source for the domain. Have SBS and other VMs poll the standalone DC for their time using the above settings.
  2. Install the manufacturer’s drivers.
      1. RAID including RAID monitoring/status software.
      2. Chipset.
      3. Video.
      4. NIC (Do not team). Unplug or disable any extra NICs for now.
      5. Management suites from the hardware manufacturers will be installed later on in this process.
      6. We do not install System Center Essentials that is provided by Intel on our Intel based SBS 2008 servers.
    1. Desktop
        1. Set the desktop resolution for the monitor attached.
          • Keep in mind that some remote management modules such as Dell’s DRAC may not work if the monitor’s resolution is set too high.
        2. Enable desktop icons:
          1. Click Start –> type: Desktop Icons [Enter].
            • image
      1. GUI Customization
          1. Windows Explorer.
            • Extensions, Show hidden . . .
            • image
            • image
          2. Start Menu.
          3. Notification Area.
          4. Add a Desktop Toolbar to the Task Bar .
            • image
          5. Internet Explorer.
            1. Add http://download.microsoft.com to Trusted Sites.
          6. Task Manager Process Column Customization.
            • PID, memory usage, maximum memory usage, I/O Bytes (3)
        1. Partitioning
            • NEW: RAID 5 with 4x 15K SAS Spindles (four drives) is now our default RAID setup for small clients.
              • For our 8-15 seat clients we will configure 5 15K SAS spindles in RAID 5 plus a hot spare depending on their I/O requirements.
              • With the advent of the 300GB and 600GB Intel 320 Series SSDs we are looking to SSD going forward for those clients that require ultra-high performing storage systems.
              • For clients with around 15 seats or more we are starting to configure a standalone 1U server for virtualization or Hyper-V Cluster directly attached to a Promise VTrak RAID Subsystem (VTE310sD or VTE610sD) for maximum storage flexibility.
            • Name after the amount of storage is the drive label.
              • ~900GB Usable (4x 300GB 15K SAS)
              • C: 150GB SS-SBS (Rename to SBS server name)
              • S: 1.5x RAM xxGB SwapFile (Min. 10GB RAM * 1.5 with wiggle room)
                • 32GB SwapFile
                • SBS 2011 swap file configuration out of the box:
                  •  image
              • L: 718GB WorkingStorage
            • Note: Exchange 2010 has been designed from the ground up to utilize more RAM. Adding more RAM for Exchange performance would be our priority before adding more spindles to the RAID 10 set.
            • Also, we do not install SATA hard drives of any kind into server settings anymore. In our experience they are too problematic in RAID arrays no matter which manufacturer made them. 
            • MPECS Inc. Blog: SAS versus SATA and Hardware RAID versus Software RAID.
          • Move the optical drive letter to Z:.
          • Move the Swap File (Reboot).
          • SBS 2011: Do _not_ Copy and paste this services shutdown batch file onto the desktop (previous blog post).
            • The Exchange 2010 team has addressed the issues of having Exchange installed on a DC with this version. Exchange 2007 had shutdown timing issues thus the long shutdown times.
          • Install and configure Print Services Role: SBS 2008 Terminal Services and HP Printer Drivers (previous blog post).
            • image
          • Windows Native Tools Management Console modifications
            1. Add the Group Policy Management Console
            2. Add the Print Management snap-In (after adding the Print Server Role).
            3. Add the Share and Storage Management snap-in.
            4. Add the File Server Resource Manager snap-in.
            5. Add the Remote Desktop Services Manager snap-in.
            6. Add the Windows Server Backup snap-in.
              • image
          • Configure an authoritative time source for the SBS OS.
            1. Blog Post: Hyper-V- Preparing A High Load VM For Time Skew
              • This is the best methodology to date for setting up a VM’s Windows Time Service.
            2. Blog Post: SBS 2008 Physical And Hyper-V – Set Up the Domain Time Structure.
              • The default time.windows.com is not a reliable source.
            3. TechNet: Synchronize the Source Server time with an external time source for Windows SBS 2008 migration.
            4. Once the commands have run, an error message or two may show in the Event Logs soon to be replaced by a successful connection to the authoritative time source.
            5. Note Oliver Sommer’s comments in the above article.
          • Enable ShadowCopies on the WorkingStorage partition and set a schedule. We use before hours, coffee, lunch, coffee, and after hours for the schedule.
          • DHCP IPv4 Properties (DNS updates & credentials)
            • image
            • Enable Name Protection and set the credentials.
          • DHCP additional exclusions for printers (x.1-10 if not present) and servers (x.250-254).
          • DNS Settings for Scavenging at 7 days and AD integrated zones.
          • Verify NIC Binding Order Settings: Blog Post: Slow Network Speeds with SBS 2008 and 2011: NIC Binding Order
          • Create a 10GB Soft Quota (File Server Resource Manager).
          • Enable firewall logging and pop-ups: SBS 2008 Windows Firewall with Advanced Security troubleshooting (previous blog post).
            1. Customize the firewall setup for QuickBooks.
              1. QuickBooks Connection Diagnostic Tool Post (Previous blog post).
            2. Customize the firewall setup for Simply Accounting (Previous blog post).
          • Create the default Company Shared Folder with required NTFS and share permissions on the L: WorkingStorage partition.
              • Share Name: Company.
              • Quota: 10GB Soft.
              • Enable Access-based Enumeration.
              • NTFS Permissions:
                • Domain Admins = FULL.
                • Domain Users = Modify.
                • Leave default machine based permissions.
              • Share Permissions:
                • Everyone = FULL.
            • Create the ClientApps (previous blog post on GP and the ClientApps folder) on the L: WorkingStorage partition.
                • Share Name: ClientApps.
                • Quota: None.
                • Enable Access-based Enumeration. Subfolders can have custom permissions at a later date to exclude users or groups and thus hide those subfolders at a later date.
                • NTFS Permissions:
                  • Domain Admins = FULL
                  • Domain Users = FULL
                  • Domain Controllers = FULL
                  • Domain Computers = FULL
                • Share Permissions:
                  • Everyone = FULL
              • Make changes to the WSUS Setup:
                • WSUS Classifications: Enable all.
                • WSUS Sync Schedule: Increase synchronization frequency schedule depending on what products are installed on the server.
              • Getting Started Tasks – Out of Order
                1. Configure and take a backup now.
                2. Times: 12:30, 17:30, 23:30.
                  • Make sure that the backup times and the Volume Shadow Copy snapshots do not happen at the same time.
                3. Backup Now by right clicking on the configured backup and running it.
                4. Backup in between each batch of updates.

              • Windows Server 2008 R2 Service Packs
                1. Download and install the latest Windows Server 2008 R2 Service Pack (Bing Search)
                  1. Be aware that the install process may take a while.
                  2. image
              • Exchange 2010 Updates
              • Server Updates via WSUS/MU.
                • Update to the latest SBS Update Rollup first.
                • Run updates according to the following product groups:
                • Windows Server 2008 Standard R2
                  • Run OS Updates at around 10-15 per reboot cycle.
                  • Run OS Security Updates at around 5-10 per reboot cycle.
                • Exchange SP1/2/3 or Exchange Rollup RU1/2/3/etc 
                • .NET
                  • If .NET v1 is present update first.
                  • Do .NET v2 and v2.x updates one at a time.
                  • Do .NET v3 and v3.x updates one at a time.
                  • Do .NET v4 and v4.x updates one at a time.
                  • Reboot between each cycle as requested.
                • SQL
                  • Start with 2005 versions.
                  • Next to 2008 versions.
                  • Next to 2008 R2 versions.
                • WSUS, and others.
                • SharePoint Foundation Updates should be run separately.
              • Create a new User Role in the SBS Console.
                • Name: Standard User – Restricted.
                • Remove all Group Memberships.
                • Add the Domain Users security group only.
                • Remove OWA permission.
                • No RWW or VPN.
                • Verify permissions in the User Role after it is created.
                • This role is used for the local admin account deployed via Group Policy later in this guide.
              • Create and configure the Group Policy Central Store (Previous blog post).
              • OPTION: Raise both Domain and Forest Functional level to 2008 R2
                • This is accomplished in AD Domains and Trusts.
                • image
              • Group Policy Configurations (previous blog post):
                1. Windows Computer Policy:
                  1. Firewall Exceptions:
                    1. Enable Remote Event Log Management (previous blog post).
                    2. Remote Volume Management
                    3. Remote Desktop Protocol and RemoteFX Protocol
                  2. Set limits to the RDP setup on the server and clients (previous blog post).
                  3. Local Policies: User Rights Assignment.
                  4. Local Policies: Security Options.
                    • Enable UAC by default in Group Policy (previous blog post).
                    • NOTE: The UAC structure can be split up between Computers, SBSComputers, and SBSServers GPOs so that domain/local admin accounts only get prompted on servers.
                  5. Remote Connectivity: Restrict certain RDP related settings (previous blog post).
                2. Windows SBSUsers Policy:
                  1. Configure Screensaver Management. Our default is 45 minutes with logon.scr as the default SS. Password is always required.
                    • 2010-10-18: For Windows 7 we now use scrnsave.scr as the basis for all screensavers which is a blank screen.
                  2. Mapped Network Drive (M: = \\SS-SBS\Company) via Group Policy Preferences
                  3. Set the Companyweb as the default site in IE.
                  4. Add the RWW and OWA URLs to IE’s Favourites.
                3. Windows SBSComputers Policy:
                  1. Deploy a restricted domain user to _all_ system’s Local Admin Group.
                    1. Create a new user using the Standard User – Restricted Role.
                    2. Deploy to workstation’s Local Admin Group via Group Policy Preferences.
                    3. Remove the user’s mailbox (previous blog post).
                4. Windows Printer Deployment Policy:
                  1. Deploy printers to XP Professional x86 (previous blog post).
                  2. Deploy printers to Windows Vista using the Printer Management snap-in.
                5. Windows SBSComputers XP Pro Policy:
                  1. Deploy Windows Defender to Windows XP Professional (Optional).
              • Install the server hardware manufacturer’s management software suite.
              • Set the SBS Domain Password Polices (60-75 days, 10-12 characters minimum with complexity).
                • Note that all user’s passwords will reset to request a new password!
              • Enable Folder Redirection to SBS.
                • Changing the security settings in the default GPO for redirection will show FR as not enabled in the SBS Console.
                • We remove the Exclusive Access setting on any folders redirected to remove complications when it comes time to migrate the client to a new server.
              • OR: Enable Folder Redirection to an separate server (previous blog post).
              • Remove the Public share in the SBS Console.
              • Self-issued certificate: copy the package to the Network Admin\SBS folder in the Company shared drive. (We create a Network Admin folder in the Company Shared Folder at all client sites).
              • If using a GoDaddy certificate, make sure to install the GoDaddy Intermediate certificates (download page) into the Intermediate Certification Authorities store individually to avoid any issues later.
                1. Install the gd_cross_intermediate.crt first
                2. Install the gd_intermediate.crt second
                3. Disable All Uses for GoDaddy Class 2 root certificate in Trusted Root Certification Authorities if present.
                  • Check for this one after installing the actual certificate at step 5.
                4. Restart the IISAdmin service.
                5. Install the GoDaddy certificate using the wizard.
              • Move the relevant data folders to the L: partition. We move all but the Exchange databases.
                  1. WSS (SharePoint) Data.
                  2. Users’ Shared Folders.
                    1. Re-enable Access-based Enumeration
                  3. Users’ Redirected Folders Data.
                    1. Re-enable Access-based Enumeration
                  4. WSUS Update Repository Data.
                1. SBS Console Getting Started Tasks.
                    1. Connect to the Internet.
                    2. Customer Feedback options.
                    3. Set up your Internet address.
                    4. Configure a Smart Host for Internet e-mail.
                    5. Add a trusted certificate.
                    6. Configure server backup: Earlier in this checklist.
                    7. Add new users (use the multiple wizard under users if there are a lot of users to add).
                    8. Connect computers: http://connect.
                    9. Share Printers via Group Policy for Windows Vista and PushPrinterConnections.exe for Windows XP Pro SP3 (both links are previous blog posts).
                  1. Configure the Reports e-mail addresses.
                  2. Configure Workstations on the domain.
                  3. Official SBS Blog: How to Configure SBS 2011 Standard to Accept E-mail for Multiple Authoritative Domains
                  4. E-mail Enable the SharePoint Foundation Companyweb site (Official SBS Blog Post).  Then:
                  5. Enable an MFP or Copier to Scan To E-mail Destined To A Companyweb SharePoint Library (previous blog post).
                    1. Run the following in an elevated Exchange Management Shell to increase the allowed attachment size (100MB is our default):
                      1. Set-ReceiveConnector "Copier Send to E-mail" -MaxMessageSize 100MB
                    2. Make sure to verify the largest file size setting in SharePoint.
                      1. Aimless Ramblings: Large Files in SBS 2008’s Companyweb
                  6. OPTION: If using Exchange 2010 AntiSpam set up a library on Companyweb called Spam.
                    1. E-mail enable the library with spam@companyweb
                    2. Set Exchange AntiSpam to REDIRECT instead of DELETE to spam@companyweb
                  7. Change the Default Message Size Limits for outgoing and inbound messages in the Exchange Management Shell:
                    1. Set-TransportConfig –MaxSendSize 25MB –MaxReceiveSize 25MB
                    2. Set-ReceiveConnector “Windows SBS Internet Receive ServerName” –MaxMessageSize 25MB
                    3. Set-SendConnector “Windows SBS Internet Send ServerName” –MaxMessageSize 25MB
                    4. Check the status for each connector:
                      • Get-TransportConfig | ft name, MaxSendSize, MaxReceiveSize
                      • Get-ReceiveConnector | ft name, MaxMessageSize
                      • Get-SendConnector | ft name, MaxMessageSize
                      • Get-mailbox | ft name, MaxSendSize, MaxReceiveSize
                    5. Hat Tip: LAN-Tech: Quickie: changing message size limits on SBS STD 2008 and 2011
                  8. Enable Single Item Recovery in Exchange Server 2010 – Exchange Team Blog.
                  9. Enable and configure Windows Search Services on SBS 2008 or a Windows Server 2008 RTM/R2 file server and Libraries on Windows 7 (Official SBS Blog post).
                    1. Install the Search Service (On SBS 2011 it may already be installed).
                      1. If so: Click Start –> type Search.
                      2. Click Indexing Options in the results.
                        • imageimage
                      3. Verify that all company shared folders are being indexed.
                    2. Add the Company folder share (or Public folder share) to Windows 7 Libraries.
                    3. Click start and start typing and watch those network files results flow!
                  10. Fix the networking settings for Add-On Congestion Control Provider, Receive Window Auto-Tuning Level, Receive-Side Scaling State, Task Offload (previous blog post).
                    • SBS 2008 related … tentative at this point.
                  11. Download, install, and run the SBS 2011 Best Practices Analyzer.
                    • The BPA will pick up a lot of the little things that need to be configured such as advanced OS networking features that should be disabled and others.
                    • The SBS 2011 BPA requires the Microsoft Baseline Configuration Analyzer 2.0.
                  12. Change the initial domain administrator’s password if using an Answer File (remember to reset the DHCP credentials, and any Event Log event fired Task too).
                    • Note that if the admin account has not been logged off since changing the Password Policies, a log off and log on again will require a password change anyway.
                  13. Input the PID and Activate.
                  14. Control the Microsoft##SSEE WSUS Database’s memory Usage
                  15. Configure Custom Views and e-mail Task triggers for Event IDs (SBS Native Tools Management):
                  16. OPTIONS:
                  17. Customize the SBS Console Reports.
                  18. Run a backup. Crash the server. Restore the Backup. Deliver.

                  One thing to keep in mind when it comes to checklists is that they are never meant to be a replacement for the materials they summarize!

                  It is very important to understand why the various steps need to be accomplished, how those steps can change over time due to changes in the operating system, the hardware configurations underneath the OS, and the technician’s own growth in experience and understanding.

                  The “why” leads to an ability to understand how things are going wrong when they do. Note that we are saying, “when” and not “if” things go wrong.

                  Troubleshooting

                  Post OS Setup

                  Philip Elder
                  MPECS Inc.
                  Microsoft Small Business Specialists
                  Co-Author: SBS 2008 Blueprint Book

                  *Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

                  Windows Live Writer

                  SBS 2003 to SBS 2011 Migration Guide – v1.4.0

                  It is important to note that this Migration Guide is closely tied into our SBS 2011 Setup Guide which can be found here:

                  The official Microsoft migration document can be found here:

                  Microsoft now has an official migration Web site for SBS!

                  image

                  If installing SBS 2011 into a VM setup then keeping that VM’s time accurate is important.

                  SBS 2003 to SBS 2011 Migration Steps
                  These preparatory steps still apply:

                  A couple of very important things to note:

                  • Have a backup of the SBS 2003 box and System State BEFORE beginning the migration process!
                  • You will need the SBS install disk 2 with the Exchange65 folder for the Exchange uninstall step!

                  We use both NTBackup to create a system state backup as well as ShadowProtect to create a full server image before initiating any changes on the production network.

                  In the case of ShadowProtect, we will have it on the SBS 2003 box at least a couple of days before the migration process starts to get a base full backup and set an incremental schedule as well. Then, when it comes time to begin the migration we can run incremental backups during the process which are very short in duration.

                  Preparation for Migration

                  It is important to be prepared for the coming migration. One of the steps we need to be prepared is to have all of the up to date drivers and firmware downloaded before running the migration process. It is important to make sure that the server hardware’s firmware is up to date before putting the server into production.

                  Updates
                  • Server Hardware
                    • RAID Controller firmware.
                    • Server Board firmware.
                    • RAID and server board drivers.
                    • Hardware management software.
                  • Server OS and Server Apps
                    • Download the most recent service packs for OS, Exchange, SharePoint, etc.
                  • Printers and Copiers
                    • X86 (32-bit) and x64 (64-bit) Printer Drivers
                      • WHQL certified drivers are preferred if possible.
                      • Used to deliver the printers to the workstations via Group Policy.
                      • If XP is still around have the PushPrinterConnections.exe utility handy.
                  • LoB Applications
                    • Updates for the LoBs and their MySQL, SQL, or other database backend are good to run at this time.
                    • Have Simply or QuickBooks downloaded as they are large.
                  DHCP

                  Itemize the DHCP reservations on the source server if they are not already documented somewhere. If the reservations are going to be restructured then make sure to have the MAC addresses on hand for each device.

                  • Device MAC: ____________________ Description: ____________________
                  • Device MAC: ____________________ Description: ____________________
                  • Device MAC: ____________________ Description: ____________________
                  • Device MAC: ____________________ Description: ____________________
                  SSL

                  Run a full export of the third party trusted certificate (SSL) that is being used and password protect it. Have it handy to import into the destination server when the time comes.

                  PHASE 1: SBS 2003 Preparation Steps

                  1. SBS 2003 with 2 NICS and/or ISA.
                    • Uninstall ISA and run CEICW
                    • Install firewall appliance or gateway.
                    • Set NIC1 Gateway to the new device.
                      • IP: 192.168.40.254
                      • Subnet: 255.255.255.0
                      • Gateway: 192.168.40.1 (gateway device)
                      • DNS1: 192.168.40.254 (self)
                      • DNS2: Blank
                    • Disable NIC2 and run CEICW.
                    • Verify that the DNS Server service is working as expected. A reboot may be required.
                  2. If SBS 2011 will be using an existing RWW URL that is protected by a third party certificate, make sure to export that certificate from SBS 2003 with the key and import it using the wizard on SBS 2011 at the appropriate time.
                    • OPTION: Have the certificate issuer’s site logon information on hand to use for a rekey of the certificate using the SBS 2011 Third Party Trusted Certificate wizard.
                  3. Make sure that the up to date Windows Server 2003 Resource Kit Tools (download) and Service Pack 2 Support Tools (download) are installed on SBS 2003.
                  4. Verify Active Directory Forest and Domain levels are set to Windows Server 2003 native.
                  5. Reset the Active Directory Restore Mode password (MS KB322672).
                    • image
                  6. Verify that Exchange 2003 is running in Native Mode (Step 17 on the SBS 2003 Setup Checklist).
                    • Also make sure the Exchange Management Console is showing the routing groups in step 16 of the above list.
                  7. Verify that Exchange 2003 has Service Pack 2 installed and functioning as expected.
                  8. Verify that the default SBS SMTP Connector is installed.
                    • Also check for any additional connectors installed as they will interfere with the replication of Public Folders.
                  9. Remove any SmallBusiness SMTP Connector Forwarding.
                    • image
                  10. Verify and record any custom Send As setups for Exchange users. They will need to be manually set up on the new SBS 2011 server.
                  11. Verify Windows Server 2003 Service Pack 2 is installed.
                    • The SBS 2003 BPA will help with the post SP2 fixes if any were missed.
                  12. Verify that SBS 2003 has Small Business Server 2003 Service Pack 1.
                    • image
                    • HKLM\Software\Microsoft\SmallBusinessServer\ServicePackNumber
                  13. The following are run from the command prompt to test Active Directory health:
                    1. DCDiag
                      • DCDiag [Enter]
                      • DCDiag /test:DNS
                      • DCDiag /? (List of switches)
                    1. NetDiag
                    2. RepAdmin
                      • RepAdmin /viewlist *
                      • RepAdmin /SyncAll
                      • RepAdmin /KCC
                    1. NetDom /query FSMO
                  14. Verify that the SBS 2003 CA is clean before starting.
                    1. Microsoft KB 889250: How to decommission a Windows enterprise certification authority and how to remove all related objects from Windows Server 2003 and from Windows Server 2000
                      1. Step 6 (We had to empty all folders before our last migration ran successfully on 2012-0723).
                      2. Bad on left (our source) good on right (client product SBS 2003):
                      3. image
                      4. All folders on the right were actually empty. This is a server we set up about three years ago. The server on the right was a contract job.
                  15. The following can be done to test the health of the Exchange databases at the command prompt and with the stores dismounted (remember to backup):
                  16. Exchange mailbox prep.
                    1. Possible Error: SBS Migration Error- Exchange – The token supplied to the function is invalid 80090308
                      • image
                    2. Have everyone empty their Deleted Items folder.
                    3. Get everyone to run an Archive process in their Outlook to remove older and not necessarily needed content.
                    4. Verify the Replication Message Priority setting for all Public Folders: Urgent 
                      • image
                    5. Verify the Replication interval setting for the root Public Folder Store: Always run
                      • image
                  17. Download and run the Microsoft IT Environment Health Scanner (download page).
                  18. Run the server time setup step.
                    1. w32tm /config /syncfromflags:domhier /reliable:no /update [Enter]
                    2. net stop w32time && net start w32time [Enter]
                      • Standalone Hyper-V or VMware: Configure the host to poll pool.ntp.org and allow the guests to poll the host through the firewall for time.
                  19. Verify that the default Administrator (500 Account) has the Primary Group set to Domain Users.
                  20. Run the SBS 2003 Best Practices Analyzer and follow its recommended steps.
                  21. Backup SBS 2003 completely.
                    • TIME:________
                  22. Backup the SBS 2003 system state with NTBackup.
                    • TIME:________
                    • image
                    • Note that the System State backup in the above image was run from within NTBackup on the source server.
                  23. Run the VPN Wizard to disable VPN PPTP services on the source server.
                  24. Download and install the Microsoft Baseline Configuration Analyzer 2.0
                  25. Run the Source Prep Tool
                    • Insert the SBS 2011 DVD and run SourceTool.exe from the Tools folder.
                    • A copy of this folder can be placed on the source server if using a USB flash drive to install the SBS 2011 OS.
                    • Note that a reboot is required.
                    • TIME:________
                  26. Disable the Update Services (WSUS) on SBS 2003 before installing SBS 2011 in Migration Mode.

                  PHASE 2: SBS 2011 Migration Mode OS Install

                  1. Multi-NIC servers: Disable all NICs in the BIOS except #1.
                  2. We set up an 8GB or 16GB USB flash drive to be bootable using the NTFS file system (previous blog post).
                    • The SBS OS image file is well over 6GB in size.
                    • We also drop the necessary drivers and server management tools in a folder called Drivers on the flash drive.
                  3. Set up the Answer File in Migration Mode with the requisite information.
                    • SBSAfg.exe is in its own folder under the TOOLS folder on the SBS 2011 DVD.
                    • We make two copies of the XML file:
                      • 11-06-17-ClientName-SBSAnswerFile.XML
                      • SBSAnswerFile.XML (goes on the flash drive)
                    • We also create a PDF from within the Answer File Generator.
                    • The SBSAnswerFile.XML can be saved to a small VHD if running the migration virtually for a lab test or going into a virtual production environment.
                  4. Begin the SBS 2011 install in Migration Mode (SBS 2011 Setup Guide).
                    • Note that the migration project will jump in and out of the SBS 2011 Guide’s various setup steps.
                    • Setup the SBS 2011 RAID 10 array and configure the OS partition.
                      • Five or more 15K spindle option: RAID 5 on hardware RAID plus battery backup.
                      • A small 5 or so seat firm with low I/O requirements will run fine on RAID 5 with four 15K SAS spindles.
                    • Plug the USB flash drive into the server.
                    • Note that on some Tier 1 servers the USB flash drive will need to be plugged in once past the SBS 2011 EULA stage.
                    • Use the Load Driver dialogue to verify that the server hardware is reading the USB Flash drive with the Answer File.
                    • Depending on the hardware manufacturer, make sure to have the latest RAID controller on hand to install. We put it into a folder on the Answer File USB flash drive to keep things simple.
                  5. Verify the time during the SBS 2011 OS setup process especially if installing in a VM (previous blog post).
                  6. SBS 2011 Migration Mode status will show on SBS 2003:
                    1. ADUC: SBS 2011 will show up in the Domain Controllers OU.
                    2. DNS:
                      • SBS 2011 will show up in _msdcs.SBSDomain.local with its new GUID.
                      • SBS 2011 will show up as a Name Server in SBSDomain.local and 192.168.40.0/24 Subnet (whatever subnet being used).
                    3. DSSite.msc: SBS 2011 will show up after the above DCPromo reboot.
                      • Note that the replication links can take anywhere up to 15-20 minutes to show up in DSSite.msc.
                  7. SBS 2011 should eventually come up with the Green Check of a successful install.

                  image

                   

                  Before clicking the Migrate to Windows SBS link in the Getting Started Tasks we need to work on our SBS 2011 server to bring its configuration up to production quality. Things like finishing off the disk configuration, driver installs, and more are covered in our SBS 2011 Setup Guide.image

                  PHASE 3: Preliminary SBS 2011 OS And Services Checks

                  1. Verify that the Exchange services are up and running (an ongoing thing).
                  2. Set up the SBS Backup and take a backup of the freshly installed SBS 2011 OS.
                    • Make sure to have all disks for the backup rotation handy so that they can be done at the same time due to a bug in the destination wizard.
                  3. Work through the SBS 2011 Setup Guide up to the Getting Started Tasks – Out of Order.
                    • Set any DHCP Reservations in place once the SBS Native Tools Console has been configured.
                    • Keep taking backups on both servers after each portion of the migration is completed.
                  4. Back up both servers.
                    • SBS 2003 Time: _____
                    • SBS 2011 Time: _____

                  PHASE 4: SBS 2003 to SBS 2011 Migration Wizard Steps

                  1. On the source server edit the SBS 2003 Folder Redirection Policy to point to the destination server.
                    • \\NewSBS\RedirectedFolders
                      • image
                    • IMPORTANT:
                      • SBS 2003 while a DC will maintain the 21 day period before SBCore starts shutting the server down.
                      • SBS 2003 DCPromod to a domain member server will only have 7 days to complete the redirected data move.
                      • Folder redirection caveat and settings suggestion: SBS 2003 to SBS 2008 Migrations – Folder Redirection Caveat (previous blog post)
                  2. Log onto SBS 2011 with the existing 500 Admin account and create the new SBS 2011 account using the SBS 2011 Console.

                    • We like famous or not so famous generals for the necessary admin accounts created on our SBS domains.
                    • Note the absence of the UAC while logged in with the old 500 Admin account.
                    • What happens when the SBS Migration Wizard is opened while logged on with the original SBS 2003 domain admin account:
                    • image
                  3. Log off SBS 2011 and log back on with the new SBS 2011 Domain Admin account.
                  4. Note that the GUI customization steps in our SBS 2011 Setup Guide will need to be run for this new account. 
                  5. Make sure to change the DHCP service’s credentials to the new Domain Admin account and password.
                  6. Update the Serial Number for the Domain.Local SOA in the DNS Forward Lookup Zone.
                    • image
                    • We use the full year plus month: 2011050000 (May 2011) to tell us when DNS was modified in any way. Note that the serial has already been bumped up a number of times since this particular DNS SOA was changed.
                  7. Export the Public Folders to PST via an Outlook client connected to the existing SBS 2003 as a precautionary measure.

                  8. Run the Migration Wizard from the SBS Console.

                    1. Move the Data folders.
                      1. SharePoint Foundation Data.
                      2. Users’ Shared Folders.
                      3. Users’ Redirected Folders Data.
                      4. WSUS Update Repository Data.
                        • Enable Access-based Enumeration on the Users Shared Folders and Users Redirected Folders after moving them.
                    2. Connect to the Internet.
                      • Check off the appropriate step in the Getting Started Tasks section in the SBS 2011 Setup Checklist.
                    3. Configure the Internet Address.
                      • Check off the appropriate step in the Getting Started Tasks section in the SBS 2011 Setup Checklist.
                    4. Migrate Network Settings
                      1. Migrate DNS Forwarders.
                      2. Migrate the Mobile Users Group.
                      3. Using the SBS Native Tools Management Console import the SSL certificate PFX exported from the source server earlier in this guide.
                    5. Migrate Exchange mailboxes and settings
                      1. Remove the SmallBusiness SMTP Connector
                        • If the SBS Console was open during the SBS 2011 Migration Mode install the ESM node may not show the new Connectors. Click on DOMAIN (Exchange) then click the Refresh button to bring up all of the new settings.
                          • image
                        • SmallBusiness SMTP Connector on the Source Server.
                          • image
                      2. POP3 Connectors
                        • This is a manual process. A screenshot of the existing list can be used as a checklist.
                        • Account removal is done now on the source SBS 2003 server.
                        • Adding the mail accounts to the SBS 2011 POP3 Connector is indicated later in this guide.
                      3. Migrate the Exchange Server public folders (TechNet).
                        • Right click on Public Folder Store (Source-SBS) and Move All Replicas.
                          • image
                        • On the Destination Server in an elevated Exchange PowerShell:
                          • Get-PublicFolderStatistics –Server DestinationSBS [Enter]
                        • If the Public Folder Store is quite large, change the limits on the destination server.
                        • Note that this process may take some time and caution should be taken so as to not move on before the folders have replicated.
                        • Run the above PS command a few times and the number of items on each PF should increase.
                        • On the Source server: Public Folder Instances in ESM will eventually be empty.
                      4. OPTION: Public Folder Migration Extra Steps
                        1. If replication happens but then looks to be stuck:
                          1. Right click on the Public Folder Store (Source) and Resend Changes…
                            • image
                          2. Change the logging level for Public Folders:
                            • image
                      5. Move the Offline Address Book.
                        1. Move OAB to SBS 2011.
                          1. On Destination: ESM –> Org Config –> Mailbox –> OAB Tab.
                          2. Click Move near the bottom of he Actions list.
                            • image
                          3. Select the destination server under the Browse button and click Move.
                        2. Enable Web-based Distribution in Exchange 2010.
                          • image
                        3. Set the Offline Address Book for the Mailbox Database
                          1. Destination: ESM –> Org Config –> Mailbox –> Database Management.
                          2. Right click the Mailbox Database and Properties.
                            • image
                      6. Move the mailboxes to SBS 2011.
                          • Done from the Exchange 2010 Console on SBS 2011.
                          • NOTE: Verify the largest mailbox size on SBS 2003 and set Standard User Role mailbox size and defaults in Exchange 2010 accordingly!
                          • LARGEST MAILBOX: ______________
                        1. ESM –> Recip Config –> Mailbox –> Click Recipient Type Details header to sort.
                          • image
                        2. SHFT + Click to highlight all Legacy Mailboxes.
                        3. Click New Local Move Request under Actions.
                          • image
                          • We use 10 messages as the default setting for corrupt messages.
                        4. MOVE STATUS: ESM –> Recip Config –> Move Request.
                        5. Post Move: ESM –> Recip Config –> Move Request.
                        6. ESM –> Recip Config –> Move Request.
                        7. Highlight all Completed moves and right click and Clear Move Request.
                          • image
                        8. OPTION: Enable Circular Logging on the destination server.
                          • Have a look at the mailboxes on the Source SBS 2003 server. The new SBS 2011 created domain admin account starts logging into each one. The move progresses from there.
                          • It can take a long time before anything seemingly happens. Please be patient.
                    6. Some important considerations for this point in the migration:
                      1. Port forwarding can be changed for SMTP to the new SBS server once the mailboxes are moved.
                      2. Obtaining a third party trusted certificate before this stage would be a good idea so that remote users do not deal with the need to import the self-issued SBS 2011 certificate. Use the SBS 2011 wizard to generate the CSR if required, or to import the certificate exported from the source server previously.
                      3. Official SBS Blog: How to Configure SBS 2011 Standard to Accept E-mail for Multiple Authoritative Domains.
                        • We will try and publish a blog post covering our own methodology for this process.
                    7. Remove legacy Group Policy objects and logon settings.
                      1. Remove old logon scripts including the SBS_Login_Script.bat file.
                        • %windir%\sysvol\sysvol\SBSDomain.local\Scripts
                      2. Remove the batch file from all users in ADUC.
                        1. Select all domain Users and right click on any highlighted user account and click on Properties.
                          • image
                        2. Profile Tab
                        3. Check Logon Script and leave blank.
                        4. Apply and OK. All users will no longer have the batch file associated with them.
                      3. Remove old GPOs from SBS 2003:
                        • Click the Details tab to see the Created/Modified date for the GPOs before deleting.
                          • image
                          • Delete can be done in bulk by CTRL+Click on the following GPOs listed under the Contents tab in the Group Policy Objects folder.
                        • Small Business Server – Windows Vista Policy (RipCurl Policy)
                        • Small Business Server Auditing Policy
                        • Small Business Server Client Computer
                        • Small Business Server Domain Password Policy ***
                        • Small Business Server Internet Connection Firewall
                        • Small Business Server Lockout Policy
                        • Small Business Server Remote Assistance Policy
                        • Small Business Server Update Services Client Computer Policy
                        • Small Business Server Update Services Common Settings Policy
                        • Small Business Server Update Services Server Computer Policy
                        • Small Business Server Windows Firewall
                      4. NOTE: Password Policies are set in the SBS Console later on in our SBS 2011 Setup Guide. When set, _all_ user accounts will receive a request to change their password.
                      5. Remove the SBS 2003 WMI Filters:
                        • PostSP2
                        • PreSP2
                        • Vista (RipCurl Filter)
                    8. Migrate users’ shared data
                      • We use the Company shared folder created in the SBS 2011 Setup Guide to store all user data. Access-based Enumeration is set up to maintain control over which users can see what folders in that share.
                      • We use BeyondCompare for our data migration purposes. RoboCopy is another option.
                    9. Migrate the Companyweb internal Web site.
                      1. Option 1 (Microsoft method):
                        • Run the Prescan tool.
                        • Migrate the entire Companyweb site by detaching the databases on SBS 2003 and reattaching them on SBS 2011 .
                        • This method is pretty straightforward in that it preserves all of the existing data structures.
                        • Create a DNS CNAME for OldCompanyweb that points to SBS 2011 FQDN.
                        • Update the existing Companyweb CNAME to point to the new SBS 2011 .
                        • Remember to edit the DNS CNAME record for Companyweb to point to SBS 2011 .
                      2. Option 2 (direct data copy):
                        • SharePoint list data that is Outlook integrated can be moved into new SharePoint libraries.
                        • If versioning is not required, then opening the existing document libraries in Explorer View enables us to copy the data straight across.
                    10. Migrate fax data.
                    11. Migrate users and groups.
                      1. Migrate Security Groups and Distribution Lists.
                        • C:\Program Files\Windows Small Business Server\bin\GroupConverter.exe
                        • image
                      2. Run the Change User Role Wizard.
                        • Map to Standard User.
                        • Note: To view the user accounts that were migrated from the Source Server, in the Users list view, click the Display all the user accounts in the Active Directory check box.
                      3. Delete the following legacy AD accounts:
                        • STS Worker
                        • SBSBackup
                        • IUSR_SBS
                        • IWAM_SBS
                      4. Map appropriate RWW RDP user permissions to domain workstations.
                      5. OPTION: POP3 Connector setup the user account’s POP3 e-mail to their mailbox.
                    12. Enable Folder Redirection and Quotas in the SBS 2011 Console.
                      • Select all users for the policy.
                      • We redirect Documents and Desktop by default.
                      • We will disable exclusivity for the user and set it to move back to the local system. This causes FR to appear off in the SBS Console though.
                      • GPUpdate /force on both source and destination.
                      • Verify GPO settings on source before DCPromoing the source server. Manually initiating AD replication would be a good idea too.
                    13. Migrate SQL Server Data.
                    14. Migrate Terminal Services Licensing.
                    15. Finish the Migration.
                      1. Update the Recipient Update Services on SBS 2003.
                        1. Recipient Update Service (SBSDOMAIN)
                          1. Click the Browse button, put SBS 2011’s name for the Exchange field and click the Check Names button before clicking OK.
                        2. Recipient Update Service (Enterprise Configuration)
                          1. Exchange: SBS 2011
                      2. Delete the Routing Group Connectors
                        1. Delete: SBSNew-SBSOLD
                        2. Delete: SBSOld-SBSNew
                          • image
                      3. Uninstall Exchange 2003 (previous blog post) from the source server.
                        • Add/Remove Programs –> Small Business Server –> Change/Remove.
                        • Remove: Exchange Server
                        • SBS CD 2 will be required for this uninstall.
                      4. Manually Remove Exchange if the above blows up. (Previous blog post)
                    16. Use ADSI Edit to clean up the CN=Servers container.
                      1. Official SBS Blog: Empty ‘CN=Servers’ Container Causing Issues with Public Folders on Small Business Server 2011
                    17. Change the edge device’s publishing rules:
                      1. SMTP to destination.
                      2. HTTPS to destination.
                      3. Create and publish HTTPS port 987 and point it to the destination server.
                      4. PPTP 1723 is an option for VPN if needed.
                      5. Delete inbound RDP proxy port 4125 and SharePoint 444.
                    18. DCPromo SBS 2003 to remove the DC role.
                      • REMINDER: SBS 2003 will start to reboot 7 days from the introduction of the SBS 2011 box when a domain member server only!
                      • If Certificate Services has been installed on the source SBS 2003 box previously it will need to be uninstalled before the DCPromo process will run.
                      • NOTE: If the DCPromo fails due to NETLOGON time-out, BACK UP in the wizard and start it again. It will run successfully the second time.
                      • A reboot will be required.
                    19. Run a final image of the source SBS 2003 box.
                    20. Disjoin SBS 2003 from the SBS 2011 domain.
                      • The generic WORKGROUP works here.
                    21. Delete the original SBS 2003 Folder Redirection Policy.
                      • If it is seemingly missing, click on Refresh in the GPMC to bring it up.
                      • For comparison (in our case since we enabled both above):
                        • Old policy will refer only to the Documents folder.
                        • New policy will refer to Documents and Desktop.
                        • We can check the time stamp for each GPO for clarification as well.
                    22. Give the built-in Administrator group the right to logon as batch.
                      • image
                    23. Clean up any references to the old SBS 2003 server on the SBS 2011 server:
                      • ADUC: Delete from SBSComputers OU.
                        • Yes to the “…other objects” message.
                      • DNS: Remove ALL references to SBSOld NS and DNS A in all zones.
                      • DNS: Remove ALL references to SBSOld’s IP Addresses in all zones.
                      • Active Directory Sites and Services: Remove the old SBS 2003 server reference.
                      • Remove SBSOld from All Computers in WSUS Console.
                      • Remove SBSOld from the Security Filtering under the Scope tab of the Update Services Server Computers Policy GPO.
                        • image
                    24. Download, install, and run the Windows Small Business Server 2011 Best Practices Analyzer.
                    25. Verify user quotas for the Standard User Role.
                      • Exchange Mailbox
                      • Redirected Folders
                      • NOTE: Any changes made to the Standard User Role will affect any user that has that role.

                  PHASE 5: Continue the SBS 2011 Setup.

                    1. Complete setup from the Getting Started Tasks – Out of Order – Backup Now step and up from the SBS 2011 Setup Guide.

                  Troubleshooting

                  Some of the various problems we can run into running a migration from SBS 2003 to SBS 2011.

                  Philip Elder
                  MPECS Inc.
                  Microsoft Small Business Specialists
                  Co-Author: SBS 2008 Blueprint Book

                  *Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

                  Windows Live Writer