Navigation
Install the app
How to install the app on iOS
Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
More options
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
Additional Configuration Notes
Setup
Additional Configuration Notes
by
markdmac
Posted
(Edited
)
Having completed a number of SBS 2008 installations, I have been working on completing a comprehensive list of additional tasks one should perform both before and after the SBS migration. Below is my ever expanding list of steps I feel are necessary to "really make the installation complete."
[!]BEFORE INSTALLATION[/!]
[ul square]
[li][blue]Check GPOs before anything else.[/blue][/li]
This one is really important. If the existing AD is messed up you will have problems with the migration promoting the new SBS to a DC.
[ol A][li]In the Active Directory Users and Computers snap-in, edit the Default Domain Controllers Policy on the Domain Controllers Organizational Unit.[/li]
[li]Double-click Computer Configuration, click Windows Settings, click Security Settings, click Local Policies, and then click User Rights Assignment.[/li]
[li]Under Enable Computer and User Accounts to be trusted for Delegation, add the appropriate account or group.[/li]
[li]Open a command prompt, and type:
gpupdate /force
[/li] [/ol]
[li][blue]If Installing SBS on Hyper-V[/blue][/li]
[ol A]
[li]Use the Wizard to create the answer file.[/li]
[li]Install PowerISO on the HyperV server.[/li]
[li]Use PowerISO to create a new Floppy Drive image (IMG file)[/li]
[li]Rename the IMG file to a VFD file. [/li]
[li]Mount the VFD file via HyperV VM settings.
[/li]
[/ol]
[!]AFTER INSTALLATION[/!]
[li][blue]Configure domain to allow Windows 7 computers to join domain via http://connect.[/blue]
This functionality was first added with Rollup 3. You should install whatever the latest rollup is. At the time of this update, Rollup 4 is the latest.
Install SBS 2008 Rollup 4
http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB979454
[/li]
[li][blue]Install Exchange 2007 SP2 & SP3[/blue][/li]
I prefer to install Exchange SP2 and then install SP3. Installing SP2 requires you to first create a registry key.
[ol A][li]Click Start, click Run, type regedit in the Open box, and then click OK.[/li]
[li]Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\Software\Microsoft\SmallBusinessServer\Exchange
Note If the Exchange subkey does not exist, you must create it. To do this, follow these steps:
[ul][li]Right-click SmallBusinessServer, point to New on the Edit menu, and then click Key.[/li]
[li]Type Exchange and then press ENTER.[/li][/ul][/li]
[li]After you select the Exchange subkey that is specified in step 2, point to New on the Edit menu, and then click DWORD(32) Value.[/li]
[li]Type E12SP2READY, and then press ENTER.[/li]
[li]Right-click E12SP2READY, and then click Modify.[/li]
[li]In the Value data box, type 1, and then click OK.[/li]
[li]On the File menu, click Exit to exit Registry Editor.[/li]
[li] Download and install Windows Installer 4.5
http://go.microsoft.com/fwlink/?LinkId=151819[/li]
[li] You can now install Exchange 2007 SP2[/li]
[li] You can now install Exchange 2007 SP3
[/li][/ol]
[li][blue]Fix access to Companyweb from the server[/blue][/li]
[ol A][li]Click Start, click Run, type regedit in the Open box, and then click OK.[/li]
[li]Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\[/li]
[li]After you select the Exchange subkey that is specified in step 2, point to New on the Edit menu, and then click DWORD(32) Value.[/li]
[li]Type DisableLoopbackCheck, and then press ENTER.[/li]
[li]Right-click DisableLoopbackCheck, and then click Modify.[/li]
[li]In the Value data box, type 1, and then click OK.[/li]
[li]On the File menu, click Exit to exit Registry Editor.[/li]
[li]Open an elevated command prompt and type IISRESET
[/li][/ol]
[li][blue]Make AutoDiscovery Work With Only a Single Host Certificate[/blue][/li]
[ol A][li]Create a new SRV record in DNS for _autodiscover[/li]
Service: _autodiscover
Name: @
Protocol: _tcp
Priority: 0
Weight: 0
Port: 443
Target: [red]remote.domainname.com[/red]
[li]Run the following commands in the Exchange Management Shell[/li]
Modify the parts in [red]red[/red].
Set-ClientAccessServer -Identity [red]SERVERNAME[/red] -AutoDiscoverServiceInternalUri https://[red]remote.domainname.com[/red]/Autodiscover/Autodiscover.xml
Set-WebServicesVirtualDirectory -Identity "[red]SERVERNAME[/red]\EWS (SBS Web Applications)" -InternalURL https://[red]remote.domainname.com[/red]/EWS/Exchange.asmx -BasicAuthentication:$true
Set-OABVirtualDirectory -Identity "[red]SERVERNAME[/red]\OAB (SBS Web Applications)" -InternalURL https://[red]remote.domainname.com[/red]/OAB
Enable-OutlookAnywhere -Server [red]SERVERNAME[/red] -ExternalHostname "[red]remote.domainname.com[/red]" -ClientAuthenticationMethod "Basic"-SSLOffloading:$False
Set-ActiveSyncVirtualDirectory -Identity "[red]SERVERNAME[/red]\Microsoft-Server-ActiveSync (SBS Web Applications)" -ExternalURL https://[red]remote.domainname.com[/red]/Microsoft-Server-Activesync
Run all of the tests on this site
https://www.testexchangeconnectivity.com/
If any fail, troubleshoot.
[/ol]
[li][blue]Move the Transport Queue off the C Drive[/blue][/li]
Move-TransportDatabase.ps1 -QueueDatabasePath: [red]<destination path>[/red]
[li][blue]Set Max Send/Receive Size, Max Attachment Size[/blue][/li]
Set-TransportConfig -MaxRecipientEnvelopeLimit 15MB -MaxReceiveSize 15MB -MaxSendSize 15MB
[li][blue]Setup Connection Manager For VPN Access[/blue][/li]
This is perhaps the Grand Daddy of all the tweaks. SBS 2003 used to do this for you but 2008 does not. In fact, Microsoft royally messed this up by only including the binaries for creating an x64 VPN client. It is however entirely possible to create the 32 bit clients if you copy 2 DLLs over from a 32 bit 2003 server.
You can download the needed binaries along with my complete solution for implementing the Connection Manager Administration Kit (CMAK) from http://dl.dropbox.com/u/2705670/CMAK.zip
[/ul]
Help me to continue to share files via dropbox like this by using this referral link to get your own (free) drop box.
http://www.dropbox.com/referrals/NTI3MDU2NzA5
[!]If you have found this FAQ to be helpful, please don't forget to vote on this FAQ.[/!]
[!]BEFORE INSTALLATION[/!]
[ul square]
[li][blue]Check GPOs before anything else.[/blue][/li]
This one is really important. If the existing AD is messed up you will have problems with the migration promoting the new SBS to a DC.
[ol A][li]In the Active Directory Users and Computers snap-in, edit the Default Domain Controllers Policy on the Domain Controllers Organizational Unit.[/li]
[li]Double-click Computer Configuration, click Windows Settings, click Security Settings, click Local Policies, and then click User Rights Assignment.[/li]
[li]Under Enable Computer and User Accounts to be trusted for Delegation, add the appropriate account or group.[/li]
[li]Open a command prompt, and type:
gpupdate /force
[/li] [/ol]
[li][blue]If Installing SBS on Hyper-V[/blue][/li]
[ol A]
[li]Use the Wizard to create the answer file.[/li]
[li]Install PowerISO on the HyperV server.[/li]
[li]Use PowerISO to create a new Floppy Drive image (IMG file)[/li]
[li]Rename the IMG file to a VFD file. [/li]
[li]Mount the VFD file via HyperV VM settings.
[/li]
[/ol]
[!]AFTER INSTALLATION[/!]
[li][blue]Configure domain to allow Windows 7 computers to join domain via http://connect.[/blue]
This functionality was first added with Rollup 3. You should install whatever the latest rollup is. At the time of this update, Rollup 4 is the latest.
Install SBS 2008 Rollup 4
http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB979454
[/li]
[li][blue]Install Exchange 2007 SP2 & SP3[/blue][/li]
I prefer to install Exchange SP2 and then install SP3. Installing SP2 requires you to first create a registry key.
[ol A][li]Click Start, click Run, type regedit in the Open box, and then click OK.[/li]
[li]Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\Software\Microsoft\SmallBusinessServer\Exchange
Note If the Exchange subkey does not exist, you must create it. To do this, follow these steps:
[ul][li]Right-click SmallBusinessServer, point to New on the Edit menu, and then click Key.[/li]
[li]Type Exchange and then press ENTER.[/li][/ul][/li]
[li]After you select the Exchange subkey that is specified in step 2, point to New on the Edit menu, and then click DWORD(32) Value.[/li]
[li]Type E12SP2READY, and then press ENTER.[/li]
[li]Right-click E12SP2READY, and then click Modify.[/li]
[li]In the Value data box, type 1, and then click OK.[/li]
[li]On the File menu, click Exit to exit Registry Editor.[/li]
[li] Download and install Windows Installer 4.5
http://go.microsoft.com/fwlink/?LinkId=151819[/li]
[li] You can now install Exchange 2007 SP2[/li]
[li] You can now install Exchange 2007 SP3
[/li][/ol]
[li][blue]Fix access to Companyweb from the server[/blue][/li]
[ol A][li]Click Start, click Run, type regedit in the Open box, and then click OK.[/li]
[li]Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\[/li]
[li]After you select the Exchange subkey that is specified in step 2, point to New on the Edit menu, and then click DWORD(32) Value.[/li]
[li]Type DisableLoopbackCheck, and then press ENTER.[/li]
[li]Right-click DisableLoopbackCheck, and then click Modify.[/li]
[li]In the Value data box, type 1, and then click OK.[/li]
[li]On the File menu, click Exit to exit Registry Editor.[/li]
[li]Open an elevated command prompt and type IISRESET
[/li][/ol]
[li][blue]Make AutoDiscovery Work With Only a Single Host Certificate[/blue][/li]
[ol A][li]Create a new SRV record in DNS for _autodiscover[/li]
Service: _autodiscover
Name: @
Protocol: _tcp
Priority: 0
Weight: 0
Port: 443
Target: [red]remote.domainname.com[/red]
[li]Run the following commands in the Exchange Management Shell[/li]
Modify the parts in [red]red[/red].
Set-ClientAccessServer -Identity [red]SERVERNAME[/red] -AutoDiscoverServiceInternalUri https://[red]remote.domainname.com[/red]/Autodiscover/Autodiscover.xml
Set-WebServicesVirtualDirectory -Identity "[red]SERVERNAME[/red]\EWS (SBS Web Applications)" -InternalURL https://[red]remote.domainname.com[/red]/EWS/Exchange.asmx -BasicAuthentication:$true
Set-OABVirtualDirectory -Identity "[red]SERVERNAME[/red]\OAB (SBS Web Applications)" -InternalURL https://[red]remote.domainname.com[/red]/OAB
Enable-OutlookAnywhere -Server [red]SERVERNAME[/red] -ExternalHostname "[red]remote.domainname.com[/red]" -ClientAuthenticationMethod "Basic"-SSLOffloading:$False
Set-ActiveSyncVirtualDirectory -Identity "[red]SERVERNAME[/red]\Microsoft-Server-ActiveSync (SBS Web Applications)" -ExternalURL https://[red]remote.domainname.com[/red]/Microsoft-Server-Activesync
Run all of the tests on this site
https://www.testexchangeconnectivity.com/
If any fail, troubleshoot.
[/ol]
[li][blue]Move the Transport Queue off the C Drive[/blue][/li]
Move-TransportDatabase.ps1 -QueueDatabasePath: [red]<destination path>[/red]
[li][blue]Set Max Send/Receive Size, Max Attachment Size[/blue][/li]
Set-TransportConfig -MaxRecipientEnvelopeLimit 15MB -MaxReceiveSize 15MB -MaxSendSize 15MB
[li][blue]Setup Connection Manager For VPN Access[/blue][/li]
This is perhaps the Grand Daddy of all the tweaks. SBS 2003 used to do this for you but 2008 does not. In fact, Microsoft royally messed this up by only including the binaries for creating an x64 VPN client. It is however entirely possible to create the 32 bit clients if you copy 2 DLLs over from a 32 bit 2003 server.
You can download the needed binaries along with my complete solution for implementing the Connection Manager Administration Kit (CMAK) from http://dl.dropbox.com/u/2705670/CMAK.zip
[/ul]
Help me to continue to share files via dropbox like this by using this referral link to get your own (free) drop box.
http://www.dropbox.com/referrals/NTI3MDU2NzA5
[!]If you have found this FAQ to be helpful, please don't forget to vote on this FAQ.[/!]
Please Note: 1 is Bad, 10 is Good :-)
Part and Inventory Search
-
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.