Solved

SBS 2008 is behaving poorly

Posted on 2010-08-24
47
1,026 Views
Last Modified: 2012-05-10
Hello experts,

First of all - i know this question may sounds a bit general, since we don't have lot's of info, so accept my apology for that.

A new customer has contacted us and said that his Exch 2007 OWA has stopped working.
At first glance, it seems that there's a problem with the IIS, which doesn't open any local website, but i assume there's more to it.
The event logs are FULL of red events, i don't even see the point in publishing them here, because there are sp many --different-  ones regarding all kind of matters.

When we tried to run the the internet address wizard (Set up your internet address) from the Windows SBS console, we're receiving an error that the wizard has stopped working on the 2nd task (Exchange e-mail setup), and the whole SBS console is closed.

It's important to add that the server was without Antivirus for more than 3 months..
The steps we took so far:
1. Backup and clear the event logs, all of them.
2. cmd --> IISRESET

We're trying to avoid re-installation of  the server if it's not absolutely necessary.

How would you approach such a poor situation? I would appreciate a detailed answer as possible with action items, since we're almost out-of-time with this so called customer..

Big Thx in advance,
Nir  
0
Comment
Question by:IT_Group1
  • 24
  • 23
47 Comments
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33509687
2 things:
a) Check DNS
Go to start > run > cmd
dcdiag /v /e /TEST:DNS > c:\dcdiag.txt
Upload the file here.

b) use BPA to uncover errors
start > programs > Best Practices Analyzer
Run a Scan
Go through the results and follow recommendations.

If SBS stabilizes we can look at OWA after that.

Question:
a) How did this problem start ?

thanks

0
 

Author Comment

by:IT_Group1
ID: 33509741

Sunnyc7, thanks for the swift reply!

Here's the dcdiag DNS log:

Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   * Verifying that the local machine SRV2008, is a Directory Server.
   Home Server = SRV2008

   * Connecting to directory service on server SRV2008.

   * Identified AD Forest.
   Collecting AD specific global data
   * Collecting site info.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=shaniode,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded
   Iterating through the sites
   Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=shaniode,DC=local
   Getting ISTG and options for the site
   * Identifying all servers.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=shaniode,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers
   Getting information for the server CN=NTDS Settings,CN=SRV2008,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=shaniode,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   * Identifying all NC cross-refs.

   * Found 1 DC(s). Testing 1 of them.

   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\SRV2008

      Starting test: Connectivity

         * Active Directory LDAP Services Check
         Determining IP4 connectivity
         Determining IP6 connectivity
         * Active Directory RPC Services Check
         ......................... SRV2008 passed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site-Name\SRV2008

      Test omitted by user request: Advertising

      Test omitted by user request: CheckSecurityError

      Test omitted by user request: CutoffServers

      Test omitted by user request: FrsEvent

      Test omitted by user request: DFSREvent

      Test omitted by user request: SysVolCheck

      Test omitted by user request: KccEvent

      Test omitted by user request: KnowsOfRoleHolders

      Test omitted by user request: MachineAccount

      Test omitted by user request: NCSecDesc

      Test omitted by user request: NetLogons

      Test omitted by user request: ObjectsReplicated

      Test omitted by user request: OutboundSecureChannels

      Test omitted by user request: Replications

      Test omitted by user request: RidManager

      Test omitted by user request: Services

      Test omitted by user request: SystemLog

      Test omitted by user request: Topology

      Test omitted by user request: VerifyEnterpriseReferences

      Test omitted by user request: VerifyReferences

      Test omitted by user request: VerifyReplicas

   
      Starting test: DNS

         

         DNS Tests are running and not hung. Please wait a few minutes...

         See DNS test in enterprise tests section for results
         ......................... SRV2008 passed test DNS

   
   Running partition tests on : ForestDnsZones

      Test omitted by user request: CheckSDRefDom

      Test omitted by user request: CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Test omitted by user request: CheckSDRefDom

      Test omitted by user request: CrossRefValidation

   
   Running partition tests on : Schema

      Test omitted by user request: CheckSDRefDom

      Test omitted by user request: CrossRefValidation

   
   Running partition tests on : Configuration

      Test omitted by user request: CheckSDRefDom

      Test omitted by user request: CrossRefValidation

   
   Running partition tests on : shaniode

      Test omitted by user request: CheckSDRefDom

      Test omitted by user request: CrossRefValidation

   
   Running enterprise tests on : shaniode.local

      Starting test: DNS

         Test results for domain controllers:

           
            DC: SRV2008.shaniode.local

            Domain: shaniode.local

           

                 
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
                 
               TEST: Basic (Basc)
                  Microsoftr Windows Serverr 2008 Standard FE  (Service Pack level: 1.0)

                   is supported

                  NETLOGON service is running

                  kdc service is running

                  DNSCACHE service is running

                  DNS service is running

                  DC is a DNS server

                  Network adapters information:

                  Adapter

                  [00000009] Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Client):

                 

                     MAC address is 00:26:B9:5B:17:66
                     IP Address is static
                     IP address: 10.0.0.1, fe80::da24:e13f:c782:e293, fe80::7dcc:b165:f07b:d1c4
                     DNS servers:

                        10.0.0.1 (srv2008.shaniode.local.) [Valid]
                  The A host record(s) for this DC was found
                  Warning: The AAAA record for this DC was not found
                  [Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.) - shaniode.local]
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found primary
                  Root zone on this DC/DNS server was not found
                 
               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders are not configured on this DNS server
                  Root hint Information:
                     Name: a.root-servers.net. IP: 198.41.0.4 [Valid]
                     Name: a.root-servers.net. IP: 2001:503:ba3e::2:30 [Invalid (unreachable)]
                     Error: Root hints list has invalid root hint server:

                     a.root-servers.net. (2001:503:ba3e::2:30)

                     Name: b.root-servers.net. IP: 128.9.0.107 [Valid]
                     Name: b.root-servers.net. IP: 192.228.79.201 [Valid]
                     Name: c.root-servers.net. IP: 192.33.4.12 [Valid]
                     Name: d.root-servers.net. IP: 128.8.10.90 [Valid]
                     Name: e.root-servers.net. IP: 192.203.230.10 [Valid]
                     Name: f.root-servers.net. IP: 192.5.5.241 [Valid]
                     Name: f.root-servers.net. IP: 2001:500:2f::f [Invalid (unreachable)]
                     Error: Root hints list has invalid root hint server:

                     f.root-servers.net. (2001:500:2f::f)

                     Name: g.root-servers.net. IP: 192.112.36.4 [Valid]
                     Name: h.root-servers.net. IP: 128.63.2.53 [Valid]
                     Name: h.root-servers.net. IP: 2001:500:1::803f:235 [Invalid (unreachable)]
                     Error: Root hints list has invalid root hint server:

                     h.root-servers.net. (2001:500:1::803f:235)

                     Name: i.root-servers.net. IP: 192.36.148.17 [Valid]
                     Name: i.root-servers.net. IP: 2001:7fe::53 [Invalid (unreachable)]
                     Error: Root hints list has invalid root hint server:

                     i.root-servers.net. (2001:7fe::53)

                     Name: j.root-servers.net. IP: 192.58.128.30 [Valid]
                     Name: k.root-servers.net. IP: 193.0.14.129 [Valid]
                     Name: l.root-servers.net. IP: 198.32.64.12 [Valid]
                     Name: l.root-servers.net. IP: 199.7.83.42 [Valid]
                     Name: m.root-servers.net. IP: 202.12.27.33 [Valid]
                 
               TEST: Delegations (Del)
                  Delegation information for the zone: shaniode.local.
                     Delegated domain name: _msdcs.shaniode.local.
                        DNS server: srv2008.shaniode.local. IP:10.0.0.1 [Valid]
                 
               TEST: Dynamic update (Dyn)
                  Test record _dcdiag_test_record added successfully in zone shaniode.local
                  Test record _dcdiag_test_record deleted successfully in zone shaniode.local
                 
               TEST: Records registration (RReg)
                  Network Adapter

                  [00000009] Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Client):

                 

                     Matching CNAME record found at DNS server 10.0.0.1:
                     33a81fd6-2a21-4363-8282-80527822b989._msdcs.shaniode.local

                     Matching A record found at DNS server 10.0.0.1:
                     SRV2008.shaniode.local

                     Warning:
                     Missing AAAA record at DNS server 10.0.0.1:
                     SRV2008.shaniode.local
                     [Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.)]
                     
                     Matching  SRV record found at DNS server 10.0.0.1:
                     _ldap._tcp.shaniode.local

                     Matching  SRV record found at DNS server 10.0.0.1:
                     _ldap._tcp.0c99369f-d446-43a8-854d-e847426b5f13.domains._msdcs.shaniode.local

                     Matching  SRV record found at DNS server 10.0.0.1:
                     _kerberos._tcp.dc._msdcs.shaniode.local

                     Matching  SRV record found at DNS server 10.0.0.1:
                     _ldap._tcp.dc._msdcs.shaniode.local

                     Matching  SRV record found at DNS server 10.0.0.1:
                     _kerberos._tcp.shaniode.local

                     Matching  SRV record found at DNS server 10.0.0.1:
                     _kerberos._udp.shaniode.local

                     Matching  SRV record found at DNS server 10.0.0.1:
                     _kpasswd._tcp.shaniode.local

                     Matching  SRV record found at DNS server 10.0.0.1:
                     _ldap._tcp.Default-First-Site-Name._sites.shaniode.local

                     Matching  SRV record found at DNS server 10.0.0.1:
                     _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.shaniode.local

                     Matching  SRV record found at DNS server 10.0.0.1:
                     _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.shaniode.local

                     Matching  SRV record found at DNS server 10.0.0.1:
                     _kerberos._tcp.Default-First-Site-Name._sites.shaniode.local

                     Matching  SRV record found at DNS server 10.0.0.1:
                     _ldap._tcp.gc._msdcs.shaniode.local

                     Matching A record found at DNS server 10.0.0.1:
                     gc._msdcs.shaniode.local

                     Warning:
                     Missing AAAA record at DNS server 10.0.0.1:
                     gc._msdcs.shaniode.local
                     [Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.)]
                     
                     Matching  SRV record found at DNS server 10.0.0.1:
                     _gc._tcp.Default-First-Site-Name._sites.shaniode.local

                     Matching  SRV record found at DNS server 10.0.0.1:
                     _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.shaniode.local

                     Matching  SRV record found at DNS server 10.0.0.1:
                     _ldap._tcp.pdc._msdcs.shaniode.local

               Warning: Record Registrations not found in some network adapters

         
         Summary of test results for DNS servers used by the above domain

         controllers:

         

            DNS server: 2001:500:1::803f:235 (h.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::803f:235               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
            DNS server: 2001:500:2f::f (f.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
            DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
            DNS server: 2001:7fe::53 (i.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fe::53               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
            DNS server: 10.0.0.1 (srv2008.shaniode.local.)

               All tests passed on this DNS server

               Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
               DNS delegation for the domain  _msdcs.shaniode.local. is operational on IP 10.0.0.1

               
            DNS server: 128.63.2.53 (h.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 128.8.10.90 (d.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 128.9.0.107 (b.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 192.112.36.4 (g.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 192.203.230.10 (e.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 192.228.79.201 (b.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 192.33.4.12 (c.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 192.36.148.17 (i.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 192.5.5.241 (f.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 192.58.128.30 (j.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 193.0.14.129 (k.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 198.32.64.12 (l.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 198.41.0.4 (a.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 199.7.83.42 (l.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 202.12.27.33 (m.root-servers.net.)

               All tests passed on this DNS server

               
         Summary of DNS test results:

         
                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: shaniode.local

               SRV2008                      PASS WARN FAIL PASS PASS WARN n/a  
         
         ......................... shaniode.local failed test DNS

      Test omitted by user request: LocatorCheck

      Test omitted by user request: Intersite

Currently i'm running the BPA, will report back asap.
As for how the problem started - your guess is good as mine..

Cheers
0
 

Author Comment

by:IT_Group1
ID: 33509885
BTW, one of the recommendations from the BPA is:
"The BackConnectionHostNames key should include the value remote.shaniode.co.il. To resolve this issue, open Registry Editor, and then locate and click  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\BackConnectionHostNames. Right-click BackConnectionHostNames, and then click Modify. In the Value data box, type remote.shaniode.co.il, and then click OK."

The BackConnectionHostNames folder\key doesn't exists. Should i create it?

thx
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33509958
Yes we will do that later, lets fix the DNS a little bit

Can you find out your ISP's DNS from your firewall / router and add it to DNS forwarders

start > run > dnsmgmt.msc
Right Click on SRV2008
Go to properties
Forwarders Tab
Add the entries of your ISP's DNS there

Restart DNS

try
dcdiag /v /e /TEST:DNS > c:\dcdiag2.txt

---

Are there any other recommendations
Like TCP Chimney / Task Offloading etc ?
0
 

Author Comment

by:IT_Group1
ID: 33510104
Done.
Here's the new log:

Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   * Verifying that the local machine SRV2008, is a Directory Server.
   Home Server = SRV2008

   * Connecting to directory service on server SRV2008.

   * Identified AD Forest.
   Collecting AD specific global data
   * Collecting site info.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=shaniode,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded
   Iterating through the sites
   Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=shaniode,DC=local
   Getting ISTG and options for the site
   * Identifying all servers.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=shaniode,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers
   Getting information for the server CN=NTDS Settings,CN=SRV2008,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=shaniode,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   * Identifying all NC cross-refs.

   * Found 1 DC(s). Testing 1 of them.

   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\SRV2008

      Starting test: Connectivity

         * Active Directory LDAP Services Check
         Determining IP4 connectivity
         Determining IP6 connectivity
         * Active Directory RPC Services Check
         ......................... SRV2008 passed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site-Name\SRV2008

      Test omitted by user request: Advertising

      Test omitted by user request: CheckSecurityError

      Test omitted by user request: CutoffServers

      Test omitted by user request: FrsEvent

      Test omitted by user request: DFSREvent

      Test omitted by user request: SysVolCheck

      Test omitted by user request: KccEvent

      Test omitted by user request: KnowsOfRoleHolders

      Test omitted by user request: MachineAccount

      Test omitted by user request: NCSecDesc

      Test omitted by user request: NetLogons

      Test omitted by user request: ObjectsReplicated

      Test omitted by user request: OutboundSecureChannels

      Test omitted by user request: Replications

      Test omitted by user request: RidManager

      Test omitted by user request: Services

      Test omitted by user request: SystemLog

      Test omitted by user request: Topology

      Test omitted by user request: VerifyEnterpriseReferences

      Test omitted by user request: VerifyReferences

      Test omitted by user request: VerifyReplicas

   
      Starting test: DNS

         

         DNS Tests are running and not hung. Please wait a few minutes...

         See DNS test in enterprise tests section for results
         ......................... SRV2008 passed test DNS

   
   Running partition tests on : ForestDnsZones

      Test omitted by user request: CheckSDRefDom

      Test omitted by user request: CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Test omitted by user request: CheckSDRefDom

      Test omitted by user request: CrossRefValidation

   
   Running partition tests on : Schema

      Test omitted by user request: CheckSDRefDom

      Test omitted by user request: CrossRefValidation

   
   Running partition tests on : Configuration

      Test omitted by user request: CheckSDRefDom

      Test omitted by user request: CrossRefValidation

   
   Running partition tests on : shaniode

      Test omitted by user request: CheckSDRefDom

      Test omitted by user request: CrossRefValidation

   
   Running enterprise tests on : shaniode.local

      Starting test: DNS

         Test results for domain controllers:

           
            DC: SRV2008.shaniode.local

            Domain: shaniode.local

           

                 
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
                 
               TEST: Basic (Basc)
                  Microsoftr Windows Serverr 2008 Standard FE  (Service Pack level: 1.0)

                   is supported

                  NETLOGON service is running

                  kdc service is running

                  DNSCACHE service is running

                  DNS service is running

                  DC is a DNS server

                  Network adapters information:

                  Adapter

                  [00000009] Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Client):

                 

                     MAC address is 00:26:B9:5B:17:66
                     IP Address is static
                     IP address: 10.0.0.1, fe80::da24:e13f:c782:e293, fe80::7dcc:b165:f07b:d1c4
                     DNS servers:

                        10.0.0.1 (srv2008.shaniode.local.) [Valid]
                  The A host record(s) for this DC was found
                  Warning: The AAAA record for this DC was not found
                  [Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.) - shaniode.local]
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found primary
                  Root zone on this DC/DNS server was not found
                 
               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders Information:
                     192.115.106.31 (<name unavailable>) [Valid]
                 
               TEST: Delegations (Del)
                  Delegation information for the zone: shaniode.local.
                     Delegated domain name: _msdcs.shaniode.local.
                        DNS server: srv2008.shaniode.local. IP:10.0.0.1 [Valid]
                 
               TEST: Dynamic update (Dyn)
                  Test record _dcdiag_test_record added successfully in zone shaniode.local
                  Test record _dcdiag_test_record deleted successfully in zone shaniode.local
                 
               TEST: Records registration (RReg)
                  Network Adapter

                  [00000009] Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Client):

                 

                     Matching CNAME record found at DNS server 10.0.0.1:
                     33a81fd6-2a21-4363-8282-80527822b989._msdcs.shaniode.local

                     Matching A record found at DNS server 10.0.0.1:
                     SRV2008.shaniode.local

                     Warning:
                     Missing AAAA record at DNS server 10.0.0.1:
                     SRV2008.shaniode.local
                     [Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.)]
                     
                     Matching  SRV record found at DNS server 10.0.0.1:
                     _ldap._tcp.shaniode.local

                     Matching  SRV record found at DNS server 10.0.0.1:
                     _ldap._tcp.0c99369f-d446-43a8-854d-e847426b5f13.domains._msdcs.shaniode.local

                     Matching  SRV record found at DNS server 10.0.0.1:
                     _kerberos._tcp.dc._msdcs.shaniode.local

                     Matching  SRV record found at DNS server 10.0.0.1:
                     _ldap._tcp.dc._msdcs.shaniode.local

                     Matching  SRV record found at DNS server 10.0.0.1:
                     _kerberos._tcp.shaniode.local

                     Matching  SRV record found at DNS server 10.0.0.1:
                     _kerberos._udp.shaniode.local

                     Matching  SRV record found at DNS server 10.0.0.1:
                     _kpasswd._tcp.shaniode.local

                     Matching  SRV record found at DNS server 10.0.0.1:
                     _ldap._tcp.Default-First-Site-Name._sites.shaniode.local

                     Matching  SRV record found at DNS server 10.0.0.1:
                     _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.shaniode.local

                     Matching  SRV record found at DNS server 10.0.0.1:
                     _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.shaniode.local

                     Matching  SRV record found at DNS server 10.0.0.1:
                     _kerberos._tcp.Default-First-Site-Name._sites.shaniode.local

                     Matching  SRV record found at DNS server 10.0.0.1:
                     _ldap._tcp.gc._msdcs.shaniode.local

                     Matching A record found at DNS server 10.0.0.1:
                     gc._msdcs.shaniode.local

                     Warning:
                     Missing AAAA record at DNS server 10.0.0.1:
                     gc._msdcs.shaniode.local
                     [Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.)]
                     
                     Matching  SRV record found at DNS server 10.0.0.1:
                     _gc._tcp.Default-First-Site-Name._sites.shaniode.local

                     Matching  SRV record found at DNS server 10.0.0.1:
                     _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.shaniode.local

                     Matching  SRV record found at DNS server 10.0.0.1:
                     _ldap._tcp.pdc._msdcs.shaniode.local

               Warning: Record Registrations not found in some network adapters

         
         Summary of test results for DNS servers used by the above domain

         controllers:

         

            DNS server: 10.0.0.1 (srv2008.shaniode.local.)

               All tests passed on this DNS server

               Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
               DNS delegation for the domain  _msdcs.shaniode.local. is operational on IP 10.0.0.1

               
            DNS server: 192.115.106.31 (<name unavailable>)

               All tests passed on this DNS server

               
         Summary of DNS test results:

         
                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: shaniode.local

               SRV2008                      PASS WARN PASS PASS PASS WARN n/a  
         
         ......................... shaniode.local passed test DNS

      Test omitted by user request: LocatorCheck

      Test omitted by user request: Intersite


As for other BPA recommendations, there were many:
- The server SRV2008 is running Exchange Server 2007 with Service Pack 1; however, Service Pack 2 for Exchange Server 2007 is available

- Add-On Congestion Control Provider is set to ctcp. To disable Add-On Congestion Control Provider, click Start, and in the Search box type "command." in the results, right-click Command Prompt, and then click Run as administrator. At the command prompt, run the following command: netsh int tcp set global congestion=none

- The CNAME resource record for the Connect alias should point to the fully qualified domain name of the computer that is running Windows SBS 2008.

- Receive Window Auto-Tuning Level is set to normal. To disable Receive Window Auto-Tuning Level, click Start, and in the Search box type "command." in the results, right-click Command Prompt, and then click Run as administrator. At the command prompt, run the following command: netsh int tcp set global autotuning=disabled

- Receive-Side Scaling State is set to enabled. To disable Receive-Side Scaling, click Start, and in the Search box type "command." in the results, right-click Command Prompt, and then click Run as administrator. At the command prompt, run the following command: netsh int tcp set global rss=disabled

- The BackConnectionHostNames key should include the value remote.shaniode.co.il. To resolve this issue, open Registry Editor, and then locate and click  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\BackConnectionHostNames. Right-click BackConnectionHostNames, and then click Modify. In the Value data box, type remote.shaniode.co.il, and then click OK.

- Service Pack 2 for Windows Server 2008 is not installed on this server.

- Task Offload is set to enabled. To disable Task Offload, click Start, and in the Search box type "command." in the results, right-click Command Prompt, and then click Run as administrator. At the command prompt, run the the following command: netsh int ip set global taskoffload=disabled

- The registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\BackConnectionHostNames does not exist. To resolve this issue, open Registry Editor, and then locate and click HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\. Right-click MSV1_0, point to New, and then click Multi-String Value. Type BackConnectionHostNames, and then press ENTER.

- The Companyweb value does not exist in the BackConnectionHostNames registry key. To resolve this issue, open Registry Editor, and then locate and click HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\BackConnectionHostNames. Right-click BackConnectionHostNames, and then click Modify, In the Value data box, type Companyweb, and then click OK.

- The DNS parameter MaxCacheTTL is not set. For more information, see ”Windows Server 2008 DNS Servers may fail to resolve queries for some top-level domains” in the Microsoft Knowledge Base at http://go.microsoft.com/fwlink/?LinkId=152402.

- Two or more network adapter cards are detected on this server.  This is not a supported configuration. Windows SBS 2008 supports only one network adapter.

- The user account nirs does not have the attributes that are necessary for it to display in the Windows SBS Console.

 - The user account DCS_SRV2008 does not have the attributes that are necessary for it to display in the Windows SBS Console.

some of the errors were duplicated 2-4 times.
Most of the errors already been taken care of:
       - Exchange Server 2007 Service Pack 3        -  Downloading

-  netsh int tcp set global congestion=none          Done

-  netsh int tcp set global autotuning=disabled          Done      

- netsh int tcp set global rss=disabled          Done      

- netsh int ip set global taskoffload=disabled          Done      

- Service Pack 2 for Windows Server 2008           Downloading      

- MaxCacheTTL          Has been raised to 172800 seconds      

Cheers
0
 

Author Comment

by:IT_Group1
ID: 33513760
sunnyc7, was it too much info :) ?
I can sum it up i you like.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33513845
hey.
Sorry for not posting. Been tied-up @ office with some stuff.

will check and post back.

thanks for the reminder.
0
 

Author Comment

by:IT_Group1
ID: 33514217
Thx mate.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33514247
ok.
Read through your post

a) DNS
BASC issue.
Make sure IPv6 is enabled

b) Two or more network adapter cards are detected on this server.  This is not a supported configuration. Windows SBS 2008 supports only one network adapter.
>> 2 NIC cards are not supported in SBS at all.
You have to disable one - that is not on the local subnet - that is not the DNS.
Are you using SBS with RRAS for VPN for remote users ?
You can do this separately on firewall.

c) You made the changes for TCP Chimney / Task Offloading etc.
That's good.

d) Exchange 2007 SP3
I will send you a link to installation instructions.
0
 

Author Comment

by:IT_Group1
ID: 33514249
BTW, in the meantime, when i try to install Exch 2k7 SP3, i keep getting this on the client access role and the MBX role prerequisites:

Summary: 4 item(s). 2 succeeded, 2 failed.
Elapsed time: 00:00:24

Organization Prerequisites
Completed
Elapsed Time: 00:00:11

Hub Transport Role Prerequisites
Completed
Elapsed Time: 00:00:04

Client Access Role Prerequisites
Failed
Error:
Unable to read data from the Metabase. Ensure that Microsoft Internet Information Services is installed.
Recommended Action: http://go.microsoft.com/fwlink/?linkid=30939&l=en&v=ExBPA.12&id=a4a4d339-4009-4fb7-b842-ca2ba79f13f0
Elapsed Time: 00:00:04

Mailbox Role Prerequisites
Failed
Error:
Unable to read data from the Metabase. Ensure that Microsoft Internet Information Services is installed.
Recommended Action: http://go.microsoft.com/fwlink/?linkid=30939&l=en&v=ExBPA.12&id=a4a4d339-4009-4fb7-b842-ca2ba79f13f0
Elapsed Time: 00:00:04

 
Thx
 
0
 

Author Comment

by:IT_Group1
ID: 33514296
a) DNS
BASC issue.
Make sure IPv6 is enabled - it was enabled.

b) Two or more network adapter cards are detected on this server.  This is not a supported configuration. Windows SBS 2008 supports only one network adapter.
>> 2 NIC cards are not supported in SBS at all.
You have to disable one - that is not on the local subnet - that is not the DNS.
Are you using SBS with RRAS for VPN for remote users ?
You can do this separately on firewall. - 1 is now disabled.

c) You made the changes for TCP Chimney / Task Offloading etc.
That's good.

d) Exchange 2007 SP3
I will send you a link to installation instructions. - looking forward for that. Is it safe to install 2008 sp2 in the meantime?

thx
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33514668
Lets go back to the original issue

Exch 2007 OWA has stopped working.
>> is it resolved ?
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33514688
Let me know if OWA is working ?
0
 

Author Comment

by:IT_Group1
ID: 33514696
Nope. All the IIS sites are returning error:
Service Unavailable


HTTP Error 503. The service is unavailable.
And in addition the Exch 2k7 sp3 is stopping with similar error:
Unable to read data from the Metabase. Ensure that Microsoft Internet Information Services is installed.
 
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33514721
see if all exchange services are running
did you change any IIS default site bindings ?

Are all services running under local system account or network service ?
let me know.
0
 

Author Comment

by:IT_Group1
ID: 33514723
Maybe we should reinstall the IIS by removing the roles add add them back?
Is it ok to do so in SBS?
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33514737
I'd go with recreating OWA

from SBS what do you get when you do this ?

https://localhost/owa

0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33514761
Screenshot guide on how to REMOVE
and recreate the OWA virtual directory

http://exchangeshare.wordpress.com/2008/07/16/how-to-recreate-owa-virtual-directory-exchange-2007/
0
 

Author Comment

by:IT_Group1
ID: 33514770
All exchange services are running. All under local system account  except MS exch transport which runs as network service.

https://localhost/owa gives you that:
HTTP 500 internal server error.
0
 

Author Comment

by:IT_Group1
ID: 33514791
Other internal websites are not running as well (Trendmicro for example)
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33514805
IIS Admin Service running ?
Can you restart it.

Right click and see if it is hung ?
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33514814
IIS is not running or its stuck
If you right click on IIS Admin service all options would be greyed out.

Rather than kill the process and restart > you can restart the SBS box
0
 

Author Comment

by:IT_Group1
ID: 33514825
It's running and doesnt hung when restarted
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:IT_Group1
ID: 33514834
Sunnyc, gotta go to help the kids. Is it possible that we finish it tomorrow?
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33514852
sure.
Can you restart the SBS box and see how it goes from there.
0
 

Author Comment

by:IT_Group1
ID: 33514854
BTW, when opening Exchange management console this message appears:

--------------------------------------------------------
Microsoft Exchange Error
--------------------------------------------------------
The following error(s) were reported while loading topology information:
Get-ActiveSyncVirtualDirectory
Failed
Error:
Unable to create Internet Information Services (IIS) directory entry. Error message is: Class not registered
. HResult = -2147221164.
Class not registered
.
Directory Path: IIS://SRV2008.shaniode.local/W3SVC/3/ROOT/Microsoft-Server-ActiveSync
Detail:
server name: SRV2008.shaniode.local
local machine name: SRV2008
local machine fqdn: SRV2008.shaniode.local
Class not registered
 
 

Get-OabVirtualDirectory
Failed
Error:
Unable to create Internet Information Services (IIS) directory entry. Error message is: Class not registered
. HResult = -2147221164.
Class not registered
.
Directory Path: IIS://SRV2008.shaniode.local/W3SVC/3/ROOT/OAB
Detail:
server name: SRV2008.shaniode.local
local machine name: SRV2008
local machine fqdn: SRV2008.shaniode.local
Class not registered
 
 

Get-OWAVirtualDirectory
Failed
Error:
Unable to create Internet Information Services (IIS) directory entry. Error message is: Class not registered
. HResult = -2147221164.
Class not registered
.
Directory Path: IIS://SRV2008.shaniode.local/W3SVC/3/ROOT/owa
Detail:
server name: SRV2008.shaniode.local
local machine name: SRV2008
local machine fqdn: SRV2008.shaniode.local
Class not registered
 
 
--------------------------------------------------------
OK
--------------------------------------------------------
 
0
 

Author Comment

by:IT_Group1
ID: 33514879
It's been restarted 2 times in the past hour. Nothing changes.
HUGH thx for your prompts replys, we shall nailed it tomorrow. I'm almost sure the IIS is responsible for most of this mass.
thx again and good night (at least here)
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33514890
Good night @
I am sure @ IIS

I will post back if I figure out something about the IIS errors.
0
 

Author Comment

by:IT_Group1
ID: 33518765
Hi sunnyc7, I'm here. When you've got the time I'll be more than happy to proceed with those darn IIS issues.

Thx
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33519858
Just woke up. Give me about an hr. or so to head to office.

Let me know where your IIS is.
My guess > IIS is not binding to default port 80.

Can you try this

start > programs > Best Practices Analyzer

run a scan and let me know how that goes.

thanks
0
 

Author Comment

by:IT_Group1
ID: 33520150
Good morning,

Same errors as before, only the new one is:

The server is in a journal wrap condition. For more information, see the Knowledge Base article "Troubleshooting journal_wrap errors on Sysvol and DFS replica sets" at http://go.microsoft.com/fwlink/?LinkId=143372.

The old errors are:

- The server SRV2008 is running Exchange Server 2007 with  Service Pack 1; however, Service Pack 2 for Exchange Server 2007 is  available

- The  CNAME resource record for the Connect alias should point to the fully  qualified domain name of the computer that is running Windows SBS 2008.

- The BackConnectionHostNames key  should include the value remote.shaniode.co.il. To resolve this issue,  open Registry Editor, and then locate and click   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\BackConnectionHostNames.  Right-click BackConnectionHostNames, and then click Modify. In the  Value data box, type remote.shaniode.co.il, and then click OK.

- The registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\BackConnectionHostNames does not exist. To resolve this issue, open Registry Editor, and then locate and click HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\.  Right-click MSV1_0, point to New, and then click Multi-String Value.  Type BackConnectionHostNames, and then press ENTER.

- The  Companyweb value does not exist in the BackConnectionHostNames registry  key. To resolve this issue, open Registry Editor, and then locate and  click HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\BackConnectionHostNames. Right-click BackConnectionHostNames, and then click Modify, In the Value data box, type Companyweb, and then click OK.

- The user account nirs does not have the attributes that are necessary for it to display in the Windows SBS Console.

 - The user account DCS_SRV2008 does not have the attributes that are necessary for it to display in the Windows SBS Console.


Thx
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33520287
Can you check your IIS site bindings

start > run > inetmgr
expand default website

See the bindings for OWA virtual directory
Can you send me a screenshot of that.

thanks
0
 

Author Comment

by:IT_Group1
ID: 33520402
The default bindings for the default website is 80.
The OWA is located under SBS Webs applications, attached is the screenshot of the bindings.

Thx

Owa-Bindings.JPG
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33520478
Can you check if HTTP SSL service is running.

and then try browsing here
https://localhost/owa

OWA is located under SBS web Apps for SBS 2008. That's fine.

thanks
0
 

Author Comment

by:IT_Group1
ID: 33520522
I'm not seeing this service..
Sunnyc, do you think it's the right direction? since ALL websites are not responding, including non-SSL ones.

Thanks
0
 
LVL 28

Accepted Solution

by:
sunnyc7 earned 500 total points
ID: 33520857
IIS is not working at all.
@ that's my guess.

Reinstalling IIS is a REAL bad idea for SBS.
check this blog.
We will have to figure out some other way to make this work.

http://simultaneouspancakes.com/Lessons/2007/08/03/reinstall-iis-on-sbs-bad-idea/
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33520912
Can you check one thing
Open Server manager > roles
Check if SMTP Server role is installed ?

If it is - uninstall that.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33521525
secure socket layer tunnelling protocol

Where are you with this issue.
0
 

Author Comment

by:IT_Group1
ID: 33521965
Sunny, sorry for the delay, can we keep working on in in a couple of hours?
Thx!
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33521971
sure. no worries.
0
 

Author Comment

by:IT_Group1
ID: 33524731
sunnyc7 - i'm back.
I'll go over your suggested steps and report asap.
0
 

Author Comment

by:IT_Group1
ID: 33524913
Dear sunnyc7 , as for the client request, I have to postpone this issue.
I thank you VERY MUCH for the enourmous effort, and will grant you the points for the solution.
Keep up the good work buddy!
Cheers
Nir
0
 

Author Closing Comment

by:IT_Group1
ID: 33524919
sunnyc7 is the man.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33524935
Thanks for the points :)
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33524942
I feel weird knowing that one Exchange Server is running somewhere without IIS 7 working properly...
0
 

Author Comment

by:IT_Group1
ID: 33524991
Don't scratch your head too much for that; a so-called sys admin who let a brand new SBS 2k8 get to this state, probably deserves that.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33525070
:))
0

Featured Post

Want to promote your upcoming event?

Are you going to an event? Are you going to be exhibiting at a tradeshow? Talking at a conference? Using a promotional banner in your email signature ensures that your organization’s most important contacts stay in the know and can potentially spread the word about the event.

Join & Write a Comment

Easy CSR creation in Exchange 2007,2010 and 2013
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
This video discusses moving either the default database or any database to a new volume.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now