Solved

SBS 2008 Woes

Posted on 2010-09-03
8
746 Views
Last Modified: 2012-05-10
Hi All,

Hoping someone can help.
Small network 5 users tops.
HP Proliant ML AMD Opteron Quad Core 1354 2.2GHz, 4GB Ram, 64Bit Windows SBS2008 Premium.
At all times CPU Usage sits at around 50% - 80%, physical Ram sits at around 90% 105 processes running. Store.exe using most Ram at 308MB w3wp.exe using 201MB and so on.
I have stopped the AV and restricted the SQL and Exchange RAM but its out of control, the user interface is so sluggish its barely usable!

Secondary issue, cannot access https://localhost/certsrv to create an exchange cert as all users are getting security prompts regarding the name on the cert.  I get 404 error path could not be found, IIS points to c:\windows\system32\certsrv\en-us\default.aspx but error path points to c:\program files\windows small business server\bin\webapp\certsrv which doesnt exist.

Please can someone help!

Thanks
Sparky
0
Comment
Question by:sparky1977
8 Comments
 
LVL 10

Expert Comment

by:tmoore1962
ID: 33598546
IF you have SBS you should be able to create the cert by running the Remote Web workplace wizard.  Follow onscreen instructions to create and distribute the cert.
0
 
LVL 1

Author Comment

by:sparky1977
ID: 33598733
thats fine but the internal and external domains are different, internal is domain.local, external is domain.co.uk i need to add both and the wizard does not let me do so.
0
 
LVL 1

Author Comment

by:sparky1977
ID: 33598968
I would just like to add that i dont want a 3rd party cert, i need to create a cert with remote.domain.local, autodiscover.domain.local, server.domain.local, remote.domain.co.uk, autodiscover.domain.co.uk and mail.domain.co.uk but i cant find a way to do this.
Normally for exchange you just create your request and off you go with certsrv but that does not appear to be the case in SBS2008.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 2

Accepted Solution

by:
dgenerosa earned 500 total points
ID: 33599064
As far as the performance goes remember you are running at the bare minimum for RAM. See http://www.microsoft.com/sbs/en/us/system-requirements.aspx 

We run our SBS2008 deployments on 8GB minimum and usually 16GB for most.

I know 4GB seems like a lot (especially considering it was the maximum you could through at an SBS2003 box), but we have found that SBS2008 really needs the RAM.

Until you upgrade the RAM I would not expect better performance.

As far as the cert goes, SBS documentation strongly suggests using the self signed cert temporarily (i.e while you get  a real cert from a CA).

You do not need to use the wizard to have multiple certs.  You can use IIS directly to add a certs to the services that require them.  I strongly suggest using a cert from a CA because users of RWW and OWA will be bogged down by the security warnings even if you match the the domains internally and externally with multiple certs.  They will still get warnings that the cert is not from a trusted provider.  We use thawte (now owned by symantec).

 
0
 
LVL 1

Author Comment

by:sparky1977
ID: 33599381
Hi, i understand your thoughts, however a small company such as theirs cannot justify the cost of a 3rd party CA just to make the messages go away, there are only two people who use the RWW and OWA anyway. What i dont get is that this was so simple in 2003 yet such a pain in 2008. Its not multiple certs i need, its a cert with all permutations of the servers names, hence the internal errors in Outlook with Cert warnings, if i change the setup again to reflect the internal name it goes away but RWW breaks and vice versa.
0
 
LVL 4

Expert Comment

by:evilsi
ID: 33603111
Hi,

This is quite common,

Firstly the ceretificate created when using the wizard should be the outside FQDN  of the server (exp: remote.mydomain.com). This will mean the outside cert will work properly for outlook anywhere once you have installed the root certificate on the client machines (unless they are domain pc's in which case its done automatically)
Then you may get the cert mismatch error when using outlook 2007 internally. If you do see this article. http://blogs.technet.com/b/sbs/archive/2010/01/05/troubleshooting-certificate-mismatch-warnings-in-outlook-2007-clients-on-small-business-server-2008.aspx 

When you have completed this you can then start to add specific certificates for RWW etc.. Do this through http://servername/certsrv

That should be it. Hope this helps.

Si.
0
 
LVL 1

Author Comment

by:sparky1977
ID: 34229643
Hi all,

Adding Ram did the trick on the performance issue.
The cert issue was solved here...

http://www.shudnow.net/2007/08/10/outlook-2007-certificate-error/

Thanks for all your help!!
0
 
LVL 1

Author Closing Comment

by:sparky1977
ID: 34229653
Solution was partially correct wrt the performance but not the cert, i found the cert solution elsewhere.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To effectively work with Diskpart on a Server Core, it is necessary to write some small batch script's, because you can't execute diskpart in a remote powershell session. To get startet, place the Diskpart batch script's into a share on your loca…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question