Your IT, our business


Skip Navigation Links
Home
About Us
IT Support
Training
Consultancy
Hardware Sales
Authoring
Software Licensing
Case Studies
Blog


Case Studies

Friends International
Network Upgrade

Kensington Group
Relocation

Infobasis
Testing & Documentation

Oxford Tutorial College
Network Upgrade

ITEX
Training Partnership

Microsoft Press
Technical Authoring

Contact Us
Discuss the consultancy options that best work for you.

C7 Solutions Team Blog

 

Latest News
C7 Solutions and the Top 10 Microsoft Blogs
Brian Reid from C7 Solutions publishes to the Industry Insiders blog at Microsoft which has recently been named in the top 10 Microsoft blogs by Redmondmag.com.

Systems training is available at prices less than the UK at our partner offices in the UK Channel Islands. Enjoy the sun, the beautiful beaches and excellent technical training from C7 Solutions.


Microsoft Certified Partner

Microsoft Small Business Specialist

Monday, May 11, 2009

Remote Web Workplace in Essential Business Server 2008 Always Prompts for Password and Never Logs In

There is a published problem with EBS 2008 where Outlook prompts for a password all the time when connected over HTTP/RPC (Outlook Anywhere) - see the Microsoft EBS Team Blog. We have found that the same problem is also exposed in the Remote Web Workplace when trying to connect over Remote Desktop to your PC or to the servers.

The problem is that the authentication for the Remote Desktop is broken because Outlook has failed to connect based on the published issue mentioned above. The failure of Outlooks authentication breaks the DefaultAppPool is IIS. Recycling the application pool fixes the issue - but only for a short while. It breaks again at the next failed Outlook login. And because the breaks in authentication are due to Outlook it is difficult to see why Remote Desktop ceases to operate.

But apply the same fixes from the above blog and Remote Desktop begins to work and stays working.

To fix, run the following four commands from an elevated command prompt on the messaging server:

  • %windir%\System32\inetsrv\appcmd.exe unlock config -section:system.webServer/security/authentication/windowsAuthentication
  • %windir%\System32\inetsrv\appcmd.exe set config "Default Web Site/ews" -section:windowsAuthentication -useKernelMode:False /commit:apphost
  • %windir%\System32\inetsrv\appcmd.exe set config "Default Web Site/AutoDiscover" -section:windowsAuthentication -useKernelMode:False /commit:apphost
  • %windir%\System32\inetsrv\appcmd.exe set config "Default Web Site/OAB" -section:windowsAuthentication -useKernelMode:False /commit:apphost

The above commands are probably wrapped for reading on your screen - each bullet point is a single command to be entered as one line. Instructions for making changes via the GUI can be seen on the above blog post.

Labels: , , , , ,

permalink posted by Brian Reid : 3:16 PM 0 comments

Monday, March 30, 2009

Log On To Restrictions in Essential Business Server

Thirty days after installing Essential Business Server 2008 your licence restrictions take effect. This means that users are shown as unlicenced in the EBS Management Console will only be able to log into licenced devices (as shown in the EBS Management Console as well). Only licenced users will be able to log into any computer on the network (unless group policy restrictions so limit them).

The licencing enforcement is implemented by the Log On To restriction on the user account. This restriction (on the Account tab of the users object in Active Directory Users and Computers administration program) lists the workstations, by NetBIOS name, that the user can log into and all unlicenced users will have a list of device licenced machines. All licenced users will be set to allow them to log into any workstation. This list is reset at a regular basis each day, but if you are approaching 30 days since installation get your user and device licences correct, don't miss anyone or any shared device off the list or they will not be able to login or the shared computer will not be accessable to any of the unlicenced users.

Labels: , ,

permalink posted by Brian Reid : 12:40 PM 0 comments

Saturday, March 21, 2009

SBS 2008 SharePoint Install Breaks Default SBS Web Site

A recent installation of a second SharePoint site on Small Business Server 2008 broke the Remote Web Workplace site for access from the internet. Intranet access to the site worked fine, but from the internet where the http request to the site is redirected to https had stopped working.

Opening up IIS 7 Manager and checking the bindings of the SBS Web Applications site showed that the site had two http bindings and a https binding. The https binding was for * under IP Addresses and port 443. Clicking the Edit button on this binding showed that the certificate was not correct. This was the reason the site was not working, as a https site requires a certificate.

So I selected the correct certificate and clicked OK. And got the following error:

A specified logon session does not exist. It may already have been terminated. (Exception from HRESULT: 0x80070520)

The reason is that the installation of the SharePoint site, and the installation of the certificate to support that site broke the binding for the TS Gateway role on the Windows 2008 machine. The broken binding on the SBS Web Applications site was because of this broken TS Gateway configuration and to fix the above error in IIS required fixing the TS Gateway issue. Note that at no point in the configuration of the SharePoint application was the TS Gatway role configuration changed - the installation of another certificate on the server broke the TS Gatway which broke the Remote Web Workplace SBS Web Applications site.

Opening Server Manager and navigating to the Roles/Terminal Services/TS Gateway/Servername area showed a message in the middle pane of the Server Manager saying that configuration of the TS Gateway was not complete. Clicking this link brought up the TS Gateway SSL Certificate page of the Properties dialog. Click Browse Certificates and select the correct certificate. In SBS 2008 this will be the Remote Web Workplace certificate. Click OK to close the dialog and you will now be able to check the https binding on the SBS Web Applications website. The error will now not occur, and the https binding will be bound to the correct certificate.

If you are not running SBS 2008 then the above is possible, just it is more likely to be a problem with the Default Web Site bindinging instead.

Additionally, I noticed after I had written the above that this error also occurs if you delete the certificate used by the TS Gateway from the IIS box and as well as breaking TS Gateway (which would be expected) it also breaks the "Add a trusted certificate" wizard in the SBS Server Console. The Add a trusted certificate wizard crashes when started with just a failed application message and nothing in the event log. To fix make sure the SBS Web Application IIS site is bound to a valid digital certificate.

Labels: , , , , , , , ,

permalink posted by Brian Reid : 9:55 AM 0 comments

Friday, February 27, 2009

Account Rename and Essential Business Server 2008 Installation Failure

The error "cannot find the specified active directory object: winnt://<server>/<user>,user" and "program file folder creation or environment variables setting did not finish successfully" appears during the installation of Essential Business Server 2008 on the Security Server if a group policy exists in your current environment that renames the local administrator account name.

The GPO setting under "Windows Settings\Security Settings\Security Options" called "Accounts:Rename administrator account" that enforces this must be turned off for the domain, because at the time of the EBS installation the security server is located in the Computers container.

Unfortunatly, by the time this error occurs you can do nothing about it apart from format the hard disks and reinstall the server!!!

Labels: , ,

permalink posted by Brian Reid : 2:23 PM 1 comments

Running Schema Upgrade Tool When You Have No DVD Drive on Infrastructure Master

The Essential Business Server installation steps for the Management Server might require you to insert the Prerequisite Planning Tools DVD into the Infrastructure Master to run schemaupgradetool.exe. What if you do not have a DVD drive on the current infrastructure master?

Then copy over the network the SCHEMAUPGRADETOOL.EXE, MMSNETWORKINGNATIVE.DLL and the entire ADPREP folder. Then run SCHEMAUPGRADETOOL from the command line on the infrastructure master.

This takes no paramaters to run, and takes a few seconds to start up. Though when I ran it on a Windows Server 2003 SP2 infrastructure master it popped up an empty dialog box with an OK button and nothing else - this though seems to indicate success and the Management Server installation can now continue.

Labels: , ,

permalink posted by Brian Reid : 9:42 AM 0 comments

Wednesday, January 28, 2009

SBS and WEBS 2008 Backup Fails to Backup Exchange Server

The following errors are reported in the Event Log Windows Logs/Application when you run the built-in backup that is part of Small Business Server 2008 (SBS) or Windows Essential Business Server 2008 (WEBS):

Event ID 565 - Consistency check for component StorageGroup-GUID\'Microsoft Exchange Server\Microsoft Information Store\SERVER' failed. Application 'Exchange' will not be avaliable in the backup done at time 'date time'

The Event Viewer log at Application and Services Logs/Microsoft/Windows/Backup/Operational shows that everything completed fine but the Windows Server Backup administrative tool says backup completed with warnings. Double-clicking the backup record shows:

Application will not be available for recovery from this backup. Consistency
check failed for component Microsoft Exchange Server\Microsoft Information
Store\Server-Name\Store-GUID

This seems to be related to having enabled Local Continous Replication (LCR) on the Exchange mailbox database. This is unfortunate as LCR is such a useful tool in recovery for Exchange Servers that I would want to enable it as a matter of course, and spec my SBS servers to have enough disk space to store LCR copies. Note that the actual Exchange databases and log files are backed up as part of the volume backup, just not as part of the application aware backup and that might result in invalid restores as the volume level backup is not Exchange aware.

Please Microsoft, will you make the VSS backup for Exchange 2007 that is included in SBS and WEBS LCR aware. Thanks.

Labels: , , , ,

permalink posted by Brian Reid : 2:05 PM 0 comments

Tuesday, November 25, 2008

Windows 2008, IIS 7.0, 64 bit Server, Terminal Services Web Application and Access Databases

This is a long list of pre-requisites, but for your information they do not work together.

  1. If you have a web site that uses Access as its data storage and you migrate that site to an x64 Windows machine then access to the Access MDB file ceases with the following error: "'Microsoft.Jet.OLEDB.4.0' provider is not registered on the local machine".
  2. On IIS 6.0 you need to set the entire web server to 32 bit mode, but on Windows 2008/IIS 7.0 you can set each application pool to 32 or 64 bit. This is a property found under Advanced Settings for the application pool. To gain access to Access MDB files the application pool needs to run in 32 bit mode.
  3. If you have TSWeb installed, then you also have installed the RPC/HTTP proxy component.
  4. If you have the RPC/HTTP proxy component installed any 32 bit application pool will fail upon starting - Error 5139 for Microsoft-Windows-WAS.

So to use Access databases in a legacy web application migrated to Windows 2008, 64 bit, with TSWeb also installed either uninstall TSWeb (and RPC/HTTP proxy), or use a different server, or rewrite the web application to use SQL Express. Supposedly this will be fixed in the first service pack for Windows 2008.

There - it only took 6 hours to work that one out!

Labels: , , , , , , , ,

permalink posted by Brian Reid : 7:47 PM 0 comments

Monday, June 23, 2008

SSTP (SSL VPN) on SBS 2008 RC0

Updated 31st March 2008: Please see http://www.c7solutions.com/blog/2009/03/configuring-sstp-vpn-on-small-business_31.aspx as this new article replaces the below, as the below refers to a pre-release version of SBS 2008. The working instructions for configuring SSTP on SBS 2008 is much more complicated than the steps below.

SSL based VPN's are great. In short it is VPN without firewall or NAT issues (both of which you get with PPTP and IPSec VPN's). But the current release of SBS 2008 (RC0) does not enable SSTP VPN's by default. It uses RRAS, so SSTP is possible, but it is not as easy as it first looks!
  1. Ensure that you have run the connecting to the internet wizard, and that you are using a third party certificate (as there are less steps if you do this).
  2. Enable remote access from the SBS Console > Network > Connectivity page.
  3. Add some SSTP ports to the VPN in the Routing And Remote Access management program. Right-click Ports and choose Properties and enable SSTP for remote access inbound connections. Leave PPTP enabled as Windows XP does not support SSTP VPN tunnels (only Vista SP1 does at this time).
  4. View the properties of your certificate and note down the Thumbprint value.
  5. Ensure that this certificate is associated with 0.0.0.0:443 and [::]:443: certificate bindings on the server. Type "netsh http show ssl" from elevated command prompt to get this information. You typically get four entries with IP:port being the first line of each. Check for IP:port reading "0.0.0.0:443" and [::]:443 as this shows the IPv4
    and IPv6 mappings for SSL certificates on the server. Ignore the :8172 and :987 entries (these are for IIS Management Service and companyweb).
  6. For both "0.0.0.0:443" and [::]:443 make a note of the Certificate Hash. It needs to be the same for both and the same as the earlier Thumbprint value (ignore any spaces).If not see
    http://blogs.technet.com/rrasblog/archive/2007/11/08/configuring-iis-on-the-sstp-server-implications-and-how-to-resolve.aspx for instructions on resetting this, noting that you need to ensure that the correct certificate is bound to the SBS Web Applications website on the SBS 2008 server (in IIS manager).
  7. Install the "Certificate Authority Web Enrollment" role service to Active Directory Certificate Services snapin within Server Manager. This adds a virtual directory to the default website in IIS called CertEnroll which contains the certificate revocation list for the certificate you are using. Only do this if you are using the built in default issued certificate. If you are using certificates from a third party then you need to ensure you can reach
    their CRL publishing site without issue - see the certificate details for information on the CRL publishing site location.
  8. Expand the Certificate Authority on your server and right-click Revocated Certificates. Under tasks choose Publish. This updates the CRL with the new publishing location that SSTP needs to connected to. Again, use a third party certificate to make this easy!
  9. On a Vista SP1 client create a new VPN connection and in properties > networking ensure that the Type of VPN is set to SSTP (for normal use set this to Auto, and it will find the best (starting with PPTP), but for testing set it specifically to SSTP). Also ensure that the name of the server you are connecting to is the same name that the certificate uses for the certificate common name.
  10. Connect the VPN and all should work.

Labels: , , , , , ,

permalink posted by Brian Reid : 9:34 AM 0 comments

Monday, June 16, 2008

Hyper-V Not Booting From ISO Images

I got error 0xc00000e9 when attempting to boot into a new guest Hyper-V image, using an ISO image as my boot CD. Using the real CD in the host worked fine.

So I downloaded the ISO again and all was well this time - must have been a dodgy download - now to go play with Windows Small Business Server 2008.

Labels: , , , ,

permalink posted by Brian Reid : 6:08 PM 0 comments

Archive

March 2005 July 2005 February 2006 May 2006 November 2006 March 2007 May 2007 June 2007 August 2007 April 2008 May 2008 June 2008 September 2008 October 2008 November 2008 January 2009 February 2009 March 2009 April 2009 May 2009 June 2009 July 2009