Solved

SBS 2008 Woes

Posted on 2010-09-03
8
750 Views
Last Modified: 2012-05-10
Hi All,

Hoping someone can help.
Small network 5 users tops.
HP Proliant ML AMD Opteron Quad Core 1354 2.2GHz, 4GB Ram, 64Bit Windows SBS2008 Premium.
At all times CPU Usage sits at around 50% - 80%, physical Ram sits at around 90% 105 processes running. Store.exe using most Ram at 308MB w3wp.exe using 201MB and so on.
I have stopped the AV and restricted the SQL and Exchange RAM but its out of control, the user interface is so sluggish its barely usable!

Secondary issue, cannot access https://localhost/certsrv to create an exchange cert as all users are getting security prompts regarding the name on the cert.  I get 404 error path could not be found, IIS points to c:\windows\system32\certsrv\en-us\default.aspx but error path points to c:\program files\windows small business server\bin\webapp\certsrv which doesnt exist.

Please can someone help!

Thanks
Sparky
0
Comment
Question by:sparky1977
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 10

Expert Comment

by:tmoore1962
ID: 33598546
IF you have SBS you should be able to create the cert by running the Remote Web workplace wizard.  Follow onscreen instructions to create and distribute the cert.
0
 
LVL 1

Author Comment

by:sparky1977
ID: 33598733
thats fine but the internal and external domains are different, internal is domain.local, external is domain.co.uk i need to add both and the wizard does not let me do so.
0
 
LVL 1

Author Comment

by:sparky1977
ID: 33598968
I would just like to add that i dont want a 3rd party cert, i need to create a cert with remote.domain.local, autodiscover.domain.local, server.domain.local, remote.domain.co.uk, autodiscover.domain.co.uk and mail.domain.co.uk but i cant find a way to do this.
Normally for exchange you just create your request and off you go with certsrv but that does not appear to be the case in SBS2008.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 2

Accepted Solution

by:
dgenerosa earned 500 total points
ID: 33599064
As far as the performance goes remember you are running at the bare minimum for RAM. See http://www.microsoft.com/sbs/en/us/system-requirements.aspx 

We run our SBS2008 deployments on 8GB minimum and usually 16GB for most.

I know 4GB seems like a lot (especially considering it was the maximum you could through at an SBS2003 box), but we have found that SBS2008 really needs the RAM.

Until you upgrade the RAM I would not expect better performance.

As far as the cert goes, SBS documentation strongly suggests using the self signed cert temporarily (i.e while you get  a real cert from a CA).

You do not need to use the wizard to have multiple certs.  You can use IIS directly to add a certs to the services that require them.  I strongly suggest using a cert from a CA because users of RWW and OWA will be bogged down by the security warnings even if you match the the domains internally and externally with multiple certs.  They will still get warnings that the cert is not from a trusted provider.  We use thawte (now owned by symantec).

 
0
 
LVL 1

Author Comment

by:sparky1977
ID: 33599381
Hi, i understand your thoughts, however a small company such as theirs cannot justify the cost of a 3rd party CA just to make the messages go away, there are only two people who use the RWW and OWA anyway. What i dont get is that this was so simple in 2003 yet such a pain in 2008. Its not multiple certs i need, its a cert with all permutations of the servers names, hence the internal errors in Outlook with Cert warnings, if i change the setup again to reflect the internal name it goes away but RWW breaks and vice versa.
0
 
LVL 4

Expert Comment

by:evilsi
ID: 33603111
Hi,

This is quite common,

Firstly the ceretificate created when using the wizard should be the outside FQDN  of the server (exp: remote.mydomain.com). This will mean the outside cert will work properly for outlook anywhere once you have installed the root certificate on the client machines (unless they are domain pc's in which case its done automatically)
Then you may get the cert mismatch error when using outlook 2007 internally. If you do see this article. http://blogs.technet.com/b/sbs/archive/2010/01/05/troubleshooting-certificate-mismatch-warnings-in-outlook-2007-clients-on-small-business-server-2008.aspx 

When you have completed this you can then start to add specific certificates for RWW etc.. Do this through http://servername/certsrv

That should be it. Hope this helps.

Si.
0
 
LVL 1

Author Comment

by:sparky1977
ID: 34229643
Hi all,

Adding Ram did the trick on the performance issue.
The cert issue was solved here...

http://www.shudnow.net/2007/08/10/outlook-2007-certificate-error/

Thanks for all your help!!
0
 
LVL 1

Author Closing Comment

by:sparky1977
ID: 34229653
Solution was partially correct wrt the performance but not the cert, i found the cert solution elsewhere.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question