Solved

SBS 2008 Woes

Posted on 2010-09-03
8
742 Views
Last Modified: 2012-05-10
Hi All,

Hoping someone can help.
Small network 5 users tops.
HP Proliant ML AMD Opteron Quad Core 1354 2.2GHz, 4GB Ram, 64Bit Windows SBS2008 Premium.
At all times CPU Usage sits at around 50% - 80%, physical Ram sits at around 90% 105 processes running. Store.exe using most Ram at 308MB w3wp.exe using 201MB and so on.
I have stopped the AV and restricted the SQL and Exchange RAM but its out of control, the user interface is so sluggish its barely usable!

Secondary issue, cannot access https://localhost/certsrv to create an exchange cert as all users are getting security prompts regarding the name on the cert.  I get 404 error path could not be found, IIS points to c:\windows\system32\certsrv\en-us\default.aspx but error path points to c:\program files\windows small business server\bin\webapp\certsrv which doesnt exist.

Please can someone help!

Thanks
Sparky
0
Comment
Question by:sparky1977
8 Comments
 
LVL 10

Expert Comment

by:tmoore1962
Comment Utility
IF you have SBS you should be able to create the cert by running the Remote Web workplace wizard.  Follow onscreen instructions to create and distribute the cert.
0
 
LVL 1

Author Comment

by:sparky1977
Comment Utility
thats fine but the internal and external domains are different, internal is domain.local, external is domain.co.uk i need to add both and the wizard does not let me do so.
0
 
LVL 1

Author Comment

by:sparky1977
Comment Utility
I would just like to add that i dont want a 3rd party cert, i need to create a cert with remote.domain.local, autodiscover.domain.local, server.domain.local, remote.domain.co.uk, autodiscover.domain.co.uk and mail.domain.co.uk but i cant find a way to do this.
Normally for exchange you just create your request and off you go with certsrv but that does not appear to be the case in SBS2008.
0
 
LVL 2

Accepted Solution

by:
dgenerosa earned 500 total points
Comment Utility
As far as the performance goes remember you are running at the bare minimum for RAM. See http://www.microsoft.com/sbs/en/us/system-requirements.aspx

We run our SBS2008 deployments on 8GB minimum and usually 16GB for most.

I know 4GB seems like a lot (especially considering it was the maximum you could through at an SBS2003 box), but we have found that SBS2008 really needs the RAM.

Until you upgrade the RAM I would not expect better performance.

As far as the cert goes, SBS documentation strongly suggests using the self signed cert temporarily (i.e while you get  a real cert from a CA).

You do not need to use the wizard to have multiple certs.  You can use IIS directly to add a certs to the services that require them.  I strongly suggest using a cert from a CA because users of RWW and OWA will be bogged down by the security warnings even if you match the the domains internally and externally with multiple certs.  They will still get warnings that the cert is not from a trusted provider.  We use thawte (now owned by symantec).

 
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 1

Author Comment

by:sparky1977
Comment Utility
Hi, i understand your thoughts, however a small company such as theirs cannot justify the cost of a 3rd party CA just to make the messages go away, there are only two people who use the RWW and OWA anyway. What i dont get is that this was so simple in 2003 yet such a pain in 2008. Its not multiple certs i need, its a cert with all permutations of the servers names, hence the internal errors in Outlook with Cert warnings, if i change the setup again to reflect the internal name it goes away but RWW breaks and vice versa.
0
 
LVL 4

Expert Comment

by:evilsi
Comment Utility
Hi,

This is quite common,

Firstly the ceretificate created when using the wizard should be the outside FQDN  of the server (exp: remote.mydomain.com). This will mean the outside cert will work properly for outlook anywhere once you have installed the root certificate on the client machines (unless they are domain pc's in which case its done automatically)
Then you may get the cert mismatch error when using outlook 2007 internally. If you do see this article. http://blogs.technet.com/b/sbs/archive/2010/01/05/troubleshooting-certificate-mismatch-warnings-in-outlook-2007-clients-on-small-business-server-2008.aspx

When you have completed this you can then start to add specific certificates for RWW etc.. Do this through http://servername/certsrv

That should be it. Hope this helps.

Si.
0
 
LVL 1

Author Comment

by:sparky1977
Comment Utility
Hi all,

Adding Ram did the trick on the performance issue.
The cert issue was solved here...

http://www.shudnow.net/2007/08/10/outlook-2007-certificate-error/

Thanks for all your help!!
0
 
LVL 1

Author Closing Comment

by:sparky1977
Comment Utility
Solution was partially correct wrt the performance but not the cert, i found the cert solution elsewhere.
0

Featured Post

How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

Join & Write a Comment

Recently, I was asked to look into SCCM 2007 by my employer, having a degree of experience of earlier versions of SMS and some previous SCCM knowledge I didn't expect the procedure to involve to much time. I read a number of guides concerning it…
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now