Small Business Server | The time I've wasted on technology...

SBS 2008 – Move Exchange Server Data – Failure: Cannot use SBS Wizard

Exchange Server, Microsoft, Small Business Server 2 Responses »

Apr 142012

The other day I received a notification that one of my clients were running out of space on their SAS RAID Array which contained their Exchange 2007 mailbox data store database. While I have every plan to increase the size of this partition, I still have to temporarily fix things so we don’t run out of space. Technically, to put a temporary fix on this, I had to move the Exchange Server Data to another partition on the server which had plenty of space. Typically, this is very easy on Microsoft Small Business Server 2008. However, in this specific scenario we were getting an error when trying to run the wizard to move the data:

“You cannot use the Windows SBS Console to move the Exchange Server data. – You may have used the Exchange Server Management Console to perform advanced configuration tasks. For information about how to reconfigure move your data using the Exchange Server Management Console, see the documentation for Microsoft Exchange Server”

After receiving this error I went ahead and looked for the logs pertaining to the move wizards. The error log mentioned that configuration was altered from the default (which is acceptable since we have done some modifications to our Exchange config), and I also believe this is occurred due to both our “First Storage Group” and “Second Storage Group” already being hosted on different logical partitions. From what I have read, you cannot modify your Exchange configuration too heavily, nor have your different storage groups on different partitions for the wizard to work.

Since this happened, we have to move the Exchange data manually using the Exchange Management Console. These instructions will work for both Microsoft Windows Small Business Server 2008, and also Microsoft Exchange 2007 running on a standard Microsoft Windows Server (only if your not using any replication to other Exchange Servers). Please note that during this move, all move functions will require the database to be dismounted from the information store. Only Exchange 2010 (or later) supports live moving.

Instructions to move the Exchange database (First Storage Group – Mailbox Database):

Important: Always back up your server before doing heavy operations like this in case something goes wrong. To back Microsoft Exchange up, you have to have backup software that is “Exchange Aware” and can properly back it up.

1) Launch the Microsoft Exchange Management Console and locate the Database Management information – You should be able to find the Exchange Management console in your start menu. When opening it should prompt for a UAC (run as Administrator) privileges, grant it. If it does not prompt you to run as Administrator, right click on “Exchange Management Console” and select “Run as Administrator”. Once you have opened the console, expand “Server Configuration” and “Mailbox”.

Server Configuration -> Mailbox

2) Move Storage Group Path -First we need to move the “Storage Group Path” for the “First Storage Group” (which contains our Exchange Mailboxes). This will move the files that are related to logs, transaction files, etc… To do this, right click on “First Storage Group”, and select “Move Storage Group Path…”. Follow the wizard. Inside of the wizard, you will choose the new location in both the “Log files path” and “System files path”. Finally after you have specified the location, it will dismount the database and perform the move function.

Move Storage Group Path Wizard

3) Move Database Path – Now we need to move the actual database path of the “Mailbox Database”. This will actually move the Exchange mailboxes on our server to a new location. To do this, right click on “Mailbox Database” and select “Move database path…”. Follow the wizard. Inside of the wizard, you will choose the new location for the “Database file path”. Finally after you have specified the location, it will dismount the database and perform the move function.

Move Database Path Wizard

4) Move Public Folders (If desired) – If you desire, you can also move your “Public Folders” by performing the same steps for the “Second Storage Group” and the “Public Folder Database”. In my case, our public folders are very small, so I didn’t bother.

You have now moved your Exchange 2007 mailbox database.

Microsoft Small Business Server 2008 – An internal transport certififcate will expire soon.

Exchange Server, Small Business Server 1 Response »

Mar 112012

For the past 2 weeks I’ve been receiving notifications reporting that one of my clients SBS 2008 environments is about to have some Exchange certificates expire. Below is an example of the event log:

Source: MSExchangeTransport
Category: TransportService
Event ID: 12017
User (If Applicable): N/A
Computer: server.domain.local Event Description: An internal transport certificate will expire soon. Thumbprint:ZOMGZOMGZOMGZAOMGZOMGZOMGZOM, hours remaining: 46 Event Log Name: Application Event Log Type: warning Event Log Date Time: 2012-03-08 13:15:36

Now upon initial research, apparently we were supposed to just be able to run the “Fix My Network” wizard inside of the SBS Console. Running this during the warnings, and after the certificate actually expired did absolutely nothing. The wizard was unable to detect the certificate had expired. It did report something to do with issues with an SMTP connector, however everything was working, and when trying to fix that, the wizard errored out and could not complete. I also read another article that running the “Setup my internet address” my fix the issue, but however it did not.

I decided to take a look at all the certificates currently install and also in use. To view the certificates installed, go to “Start”, then “Run”, type in “mmc.exe” and hit OK. Click on “File”, then “Add/Remove Snap-in”. Inside of this window, highlight “Certificates” and move to the right (hit the button with the arrow). Another window should open, select “Computer Account”, and follow through with the wizard. Once the certificates open, expand “Personal” and “Certificates” underneath it.

In my environment I noticed that there were two certificates that were identical, only difference being expiration. I had a feeling that the proper certificate existed on the server, however for some reason it was using an older one that it should not be. Keep in mind, this specific server was migrated from another (SBS 2008 to SBS 2008 Migration to new hardware).

To confirm they were identical, I opened up a Exchange Shell (find it in the start menu, and right click and “Run As Administrator”). I typed in “Get-ExchangeCertificate | FL”. The output confirmed that the certificates were the same and performed the same function.

ONLY PERFORM THIS if exchange is using the wrong certificate and you have two certificates which are the same, only with different expiration dates. If you do not, you are experiencing another problem and these instruction either won’t help you, or make your problem worse.

I decided to switch Exchange over to the new certificate:

1) Get the thumbprint of the newer certificate, it will be provided when you run “Get-ExchangeCertificate | FL”. Make sure the services and information match the certificate that is about to expire.

2) With the Exchange Shell still open type in “Enable-ExchangeCertificate thumbprint -Services SMTP,POP,IMAP” (sub in the thumbprint where it says thumbprint).

3) It will ask you to confirm, click ok.

4) Delete the old certificate, but make sure you back it up first. Export the old expiring certificate using the Certificate view inside of mmc.exe (what we did above). Export it (with extended data) so it can easily be re-imported if any issues occur. If you do need to restore it, inside of the Certificate view in mmc.exe, simply right click, re-import, and use the “Enable-ExchangeCertificate” (shown above) to re-activate it.

Hope this helps!

Slow saving when saving Microsoft Office 2007 and 2010 Documents (Word, Excel, etc…)

Microsoft, Small Business Server 3 Responses »

Sep 162010

For some time I have had clients reporting issues when saving files using Word, Excel, PowerPoint, and other Microsoft Office applications on network locations (which includes “FolderRedirection” for the “Desktop” and “My Documents” which is included in Windows Small Business Server 2008).

Over the last couple months I have spent quite a bit of time using Google to try and find out why this is happening. Tonight I told myself I NEED to find a proper fix.

After trying numerous search strings, I started to read articles that pointed towards disabling SMB2 (SMB version 2). I would be interested in trying this approach on a typical Windows Server 2008 box, however most of my clients run SBS 2008 and I’ve seen no feedback on whether or not this will cause issues when performing this fix. Also, I have no idea what type of impact it will have on other applications. Generally I just didn’t feel comfortable doing this.

Spending another hour searching, and trying more search strings, I finally came across this KB article 2292752 posted by Microsoft (http://support.microsoft.com/kb/2292752).

The KB article states that this is related to a Network Driver included inside of Windows 7, and that an alternative patch that was designed for a different type of issue also fixes this issue. This patch can be found at http://support.microsoft.com/kb/981711.

Make sure that when filling out your e-mail to download the hotfix that you download the appropriate fix (x86 vs. x64 vs. Itanium).

Please note: This fix comes with Microsoft “This has not been fully tested stamp”. We also take no responsibility in you performing this fix.

I downloaded the fix, and installed it on one of the computers that was experiencing the issue. After installing this I no longer experienced the “Save As” function, or “Save” function take forever with Office 2007/2010 apps. I will post a comment later after user testing has been completed to confirm this fully resolves the issue.

Installing BES Express on Small Business Server 2008

Mobile Computing, Small Business Server, Wireless 1 Response »

Sep 052010

One of the most annoying things I’ve had to deal with is installing BES Express on SBS 2008. Way back earlier in 2010, I was mostly dealing with the 5.0.1x release. There were soo many bugs, so many issues, registry hacks, SQL queries that had to be run, it was just ugly!

One word of advice, always download the latest version of the software. Do not take ANY shortcuts on installing it. Either use the video tutorial that RIM has on their BlackBerry site, or use the guide from http://www.smallbizserver.net/Articles/tabid/266/Id/343/How-to-install-BlackBerry-Enterprise-Server-Express-on-a-SBS-2008.aspx

I don’t know how much is fixed, however after installing a 5.0.2 this weekend it worked flawlessly after the first install (keep in mind I always use “Blackberry Administration Service Authentication” instead of Windows Authentication because of an old known issue).

SBS 2008 to SBS 2008 Migration

Small Business Server 1 Response »

Sep 052010

I’ve done a bunch of these migrations in the past, and I’ve noticed two main issues that I’m sure a lot of you have also come across. I decided to whip up a post here to go over them, and how to deal with them. I know it’s happening to other people because of how many searches bring in to my blog for people looking for this stuff.

Access denied when copying network shares from source server to destination server

When you get to the point of copying data over from the source server to destination server, using the robocopy command that is listed inside of the migration document; comes up with “Access is Denied”. To resolve this issue, you need to make sure that on both shares configured on the source server and destination server, that you have to add the share permissions to provide “Administrators”, and your Administrator account added and allowed full access. I’m not too sure, but it may also be wise to add “Administrators” and your Administrator account to the actual file security permissions as well (full access). After doing this you should be able to copy everything over perfectly.

Lack of documentation on moving “RedirectedFolders” from source server to destination server

There are typically two things I want to cover in this. The first is actually how to move them. Please note that you do NOT need to use robocopy, manually copy, or do anything to actually move them. When you update the group policy on SBS and change the location from the source server to the destination server, the workstations will automatically move their “RedirectedFolders” on their first login after the GPO has been replicated. To force a replication of the GPO, login and issue “gpupdate” from the command prompt.

The second issue (which I always come across) is when doing a migration; it mentions that the first step is to move the location of your data (ie. RedirectedFolders, UserShares, WSUS updates, etc…). In most of my installations we have a dedicated C drive for SBS and OS, and use a second array (D Drive) for all data. I’ve noticed that during these migrations, folders for each user’s “RedirectedFolders” are not automatically created on the destination server. This is very important because these folders have their own security permissions that you DON’T want to mess with. In my cases, when I update the GPO to the new location, when the folders SHOULD move, they don’t because the users don’t have security access to create \\destinationserver\RedirectedFolders\$username. What I’ve had to do is use RoboCopy to copy the user folders from “UserShares” (most of my clients don’t use the UserShares, so they are empty) to the RedirectedFolders share just to create a bunch of blank directories with the appropriate security permissions. After doing this the workstations could then move the data upon logon and all is good!

Install Exchange 2007 SP2 on SBS 2008

Exchange Server, Small Business Server No Responses »

Aug 312010

For those of you who have tried installing Exchange SP2 on SBS 2008 but have had it fail during its initial steps, this blog post is for you!

Microsoft has created a tool that you can download and install which permits you to install Exchange SP2 on SBS 2008.

For more information on the procedure and to download the tool please see:

http://support.microsoft.com/kb/974271/

I cannot stress enough on the importance of a backup in case things go wrong. I have performed this at numerous client locations, most successful; however in one instance while SP2 was installing, the update failed and totally removed Exchange from SBS 2008. This was unrecoverable and a full restore from a backup would have been needed (thankfully this was the configuration of a new server so we just restarted the implementation).

PS – If your company is looking for IT Solutions, Services, and Support!

Active Directory, Internet, Linux, Microsoft, Mobile Computing, Small Business Server, Stephen Wagner, VMware, Windows Mobile No Responses »

Jul 282010

Be sure to check out my companies site!

We provide Small, Medium, and Large businesses with all different types of Solutions, Services, and even support!

http://www.digitallyaccurate.com

Push applications remotely using Windows Small Business Server 2008 (or Active Directory)

Active Directory, Internet, Microsoft, Security, Small Business Server 2 Responses »

Apr 222010

Recently with the new vulnerabilities with Java, I needed to push the latest Java update remotely to all of my clients currently using my companies “Managed Services”.

The upgrade was being scheduled for certain dates per location, however as of Tuesday morning I noticed that some computers were being hit with some of the newer vulnerabilities recently discovered.

This all of a sudden changed the priority from “high priority” to “emergency”. I needed a quick and efficient means of pushing this update to computers at client sites.

Active Directory allows system administrators to push, allow, or make available software installations to users. This is all controlled inside of Active Directory Group Policy Management.

To push the latest Java update to all computers on a network, I had to perform the steps below:

1. Download the “Offline Installation” of Java from the Java website. Open the file, do not proceed to continue the installation. (You will simply hit cancel after you extract the MSI and other files needed).

2. Open a explorer and browse to C:\Users\%USERNAME%\AppData\LocalLow\Sun\Java\jre1.6.0_20. After navigating to this location copy “Data1.cab”, “jre1.6.0_20.msi”, and “sp1033.MST” to a new folder (I chose a folder on my desktop).

3. Log into the remote server, create a file share (for example NetInstall), and configure users read access only.

4. Copy the folder you created on your desktop to the new file share on the server. Remember to use a naming scheme for the applications you wish to push so that they all make sense and can be organized.

5. On the server, go to Start -> Administrative Tools -> Group Policy Management

6. Either create a new GPO, or use an existing on that you have configured. If you are unfamiliar with this, it may be worth while doing some online research on GPOs. In my case I right clicked, and chose edit on the “Windows SBS Client Policy” GPO on SBS 2008.

7. Expand Computer Configuration, policies, Software Settings, Software installation. Right click on “Software Installation” and select new package. Follow the instructions.

8. When choosing the location of the .msi file, PLEASE make sure that you browse to it using your UNC network path. This location has to be somewhere where all the computers have access to. (I.E. don’t use C:\Folder\file.msi, you would rather use \\servername\sharename\programname\file.msi).

At this point you have now configured the server to force install Java on all the computers that apply to that GPO. This is perfect to make sure that all your clients are running the latest versions of free software available. It will also help with managing vulnerabilities with aging software, etc…

Please note: If this doesn’t work right away it is because the client workstations need to refresh their GPO. After the GPO is refreshed on the client workstation side, the system should install the package on next reboot.

There are some other neat things you can do with GPOs, and pushing applications on your network, however I’m not covering it in this document. For example instead of using “Computer Configuration”, you could use “User Configuration”, and instead of forcing applications you could actually make applications available for install through “Add/Remove Programs” for users to install.

Please always make sure that any applications you use are properly paid for and/or licensed.