Enter Network Password keeps popping up

Hello,

Are you loggin-in to Windows with a domain account or a local account? Sounds as if you are logging-in with a local account. If not, change your password on the computer by pressing control, alt, delete.

Is the PC joined to the domain?

Assuming you are using a domain account, it sounds like the "trust" between PC and server has been lost. Usually the best thing to do in that situation is to disjoin the domain, and rejoin. I recomend in the process slightly changing the PC name.

Rob Will, that sounds like it.

We just upgraded our servers from 2003 to 2008 SBS.  Wokrstation PCs / Servers all recent / high end hardware.  Just servers were old (now new quad core xeons).

I have been getting all sorts of strange behaviour - from mapped network drives being forgotton to my outlook having problems to slow performance sometimes browsing.

I will give it a go and let you know.

I would try one PC and see if it makes a difference.

Wow,

now I have a bigger (interesting) problem.  I can't re-join the domain.

I get this error when attempting to join the domain...

"An attempt to resolve the DNS name of the domain controller in the domain being joined has failed.  Please verify this client is configured to reach a DNS server that can resolve DNS names in the target domain...."

Our new SBS server is/should be the DNS server.

Brilliant !

Silly me I had my DNS set to a fixed IP (being the router not the SBS server).  I will restart and let you know.

That could also explain the password prompt issue.
The PC's must point ONLY to the SBS for DNS. Evan adding a router or ISP as an alternate can cause name resolution issues. The ISP is added only as a forwarder.
The SBS should also be the DHCP server.

Agreed. SBS will do all the DNS, DHCP, forwarding, etc. on the server side. If you need to do statics, I would set it as DHCP still, and just do a DHCP reservation, because than you know when you change the scope on the server, it will update on those machines as well.

Hi All, thanks for the awesome tips.  ButI still have problems.  
I have upgraded the points for this question (to be shared).

But first in response:
* I don't need statics - but thanks for the idea.
* Yes agreed - setting DNS to my router was bad - meant dns resolution went outside my domain first and would never really look back inside fro my servers.

Problem 1
-------------
When I open DNS Manager on SBS and expand the tree to
     DNS \ MySBSServer \ Forward Lookup Zones \ myDomain.local
I can't see my PC listed with an A recrod (but I see all teh other PCs) - why?

Problem 2
-------------
Outlook pops up a "connect to sites" prompt asking for a user name and password.  
And this keeps popping up no matter what I do

 

Still struggling...

But I did a bit of research and found this link - I am wondering if I need a CNAME link for my server to its own IP address.  I will give it a go - to see what happens.

Better still can anyone provide feedback on my DNS config below (I have replaced all PC names with meaningless names for my own security).

 

For my own records... I looked at this link...
* https://www.experts-exchange.com/questions/25123398/outlook-connecting-to-sites.html 

I dont have a cname record for my server in dns, but rather a Host (a). Also set that to a static.

jaredr80 thanks for the feedback.
I also have the a record (see 3rd last entry on screen shot above.
But I appreciate knowing that I don'tneed the CName.

You do not need a CName record. CNames are aliases.
Your DNS looks fine though some of the PC's may need to be cleaned up. You can manually remove those or set up DNS scavenging which will gradually clean them up over the next wee. (best bet)
http://msmvps.com/blogs/bradley/archive/2009/10/09/dns-scavenging.aspx
Also follow the DHCP tweaks as well. Which will register PC's in DNS automatically.
When complete I would run the "Fix my Network Wizard" in the SBS management console.

Your answers have been spot on!  

RobWill: Nice link in last response.  That whole SBS Diva site looks interesting!

One of my records in the screen shot above was wrong and a prime example of where scavenging could be useful.  I set up DHCP as suggested and ticked "Scavenge stale resource records" and set the "no-refresh" to 7 days and the "refresh" interval to 14 days.  I am thinking that with our small company this should be less of an issue moving forward.

Also as suggested by the link I ticked "Enable DNS dynamic updates".  I hope there are no negative impacts in doing this???

I will give the "Fix my network wizard" a go soon.

Regarding my Problem 1
---------------------------------
This one fixed itself after I uploaded SP3 for Exchange 2007 and rebooting SBS.  
FYI - It did this before I applied the changes suggested by RobWill.

Regarding my Problem 2 - "connect to sites"
---------------------------------
This one was fixed (I think) by completely uninstalling Outlook 2007 32 bit on my PC and installing Outlook 2010 64 bit.  Also upgrading Exchange 2007 to SP3 may have helped.
See this link on how I resolved this: https://www.experts-exchange.com/questions/27380564/Exchange-2007-error-550-5-1-1-RESOLVER-ADR-ExRecipNotFound-not-found.html 

 

According to this M$ KB article you should have no problems enabling DNS Dynamic Updates.

[b]"The DNS update functionality enables DNS client computers to register and to dynamically update their resource records with a DNS server whenever changes occur. If you use this functionality, you can reduce the requirement for manual administration of zone records, especially for clients that frequently move and use Dynamic Host Configuration Protocol (DHCP) to obtain an IP address."[/b]

http://support.microsoft.com/kb/816592
(It's for Windows Server 2003, but applies to all modern windows servers)

Rob,  Thanks.

I ran it and got this... (see screen shot).

...which may be the solution to another question I am running in E-E here - https://www.experts-exchange.com/questions/27381325/Delivery-has-failed-to-these-recipients-ExRecipNotFound-error-Using-Outlook-2010-Can't-send-email-to-some-email-addresses-of-people-in-same-domain-Exchange-2007-SBS-2010.html?anchorAnswerId=36917691#a36917691 

NOTE: I have SMTP port 25 mapped to my SBS server.  I also have HTTPS port 443 mapped to my SBS server.

If you can provide any tips of the results it would be much appreciated...

 

Hmmm, a bit slow today - I just clicked next...

here are the results.  Any help on these would be appreciated.  Are any of these serious?

 
 
 

I will run the internet address wizard in a minute...

Re forwarders / root hints - this is how it was setup.  Is it wrong?

 

No. That is correct, I am going to assume you are in Australia, since your forwarding servers are a bit different than ours in the states.

OK I am running the Internet address wizard.

NOTE: I am a bit owrried about this wizard - I really thing the guy that set up my SBS server has already run it correctly.

refer to images below...

Page 1 - My domain name is hosted by a domain name company - I log in to their web console and map A and MX records to my server.  so I preume I chose "I want to manage the domain name myself".

Page 2 - What do I enter in Domain name and extension?  
(is it something like "xxx.local" where xxx is going to be my internal domain)?

 
 

Correct, you want to set it as you manage your domain. the domain would be for example: domain.com.

Under advanced settings you will set mail or remote, or whatever you want so people can access RWW & OWA.

If you believe it's setup and working correctly, than you should make final decision whether or not to run it.

So page 2 should be somethign like xxx.local or inhouse.com.  If this is the case I know we already have set up the internal domain.  Also the bulk of our services are working (eg I can send a receiev emails now).  There are just a few concise problems - like - I can't send emails to one of my co-workers (well actually one of their email addresses works - long story - see here https://www.experts-exchange.com/questions/27381325/Delivery-has-failed-to-these-recipients-ExRecipNotFound-error-Using-Outlook-2010-Can't-send-email-to-some-email-addresses-of-people-in-same-domain-Exchange-2007-SBS-2010.html?cid=239&anchorAnswerId=36917897#a36917897 ).

I just noticed that it says the "Internet Address Management Wizard" is "Not Configured".
All the same, is there some way I can check my settings without running this wizard?

Also, thank you for all the help so far

Doesn't hurt to rerun the wizard
>>""I want to manage the domain name myself".
Correct

Domain name and extension is your public domain name such as MyDomain.com.au  If already run make sure you do not change this.
The default prefix will be "remote" (i.e. remote.MyDomain.com.au  If you want to change this click advanced as outlined in step 7 of the link I provided. The prefix, your public Host (A) record, and the certificate must all use the same prefix. If you already have a host (A) record set up you may which to change it to that.

enigmasolutions I am more than happy to help as much as you need, and not meaning to be rude but if you need assistance with each step of each service perhaps you are not the best one to be managing the server or you should get more training on the product. It's a bit like wanting to fix your brakes and you have the car dealer on the phone and saying; "I've got the wheel of, now what?". It just concerns me that down the road when the server encounters a problem you may not be prepared.

Also OWA is setup and it works

Sounds to me like the server may have been manually configured without using the wizards which ultimately ALWAYS leads to problems.

Agreed. SBS relies on the wizards to function correctly. There is a lot done in the backend that SBS does, that the average user never needs to do on an SBS system.

Rob, yep I think you are right about that.

Also, you are correct - it is not really my game.  I am an application programmer - I wrote this program www.esuite.com.au.  Anyway I employed a guy who had all the Microsoft certificates and after 20 hours he had to go on to another job.  Meanwhile I have a couple of staff that need emails etc.  So I am a little stuck.

When looking at your DNS console capture earlier I was only looking for internal DNS issues. I see the external Domain is not configured which would further indicate the "set up your internet address wizard' was not run.

I appreciate you predicament, as as mentioned I don't mean to be critical. We all do what we have to do and we all have our areas of specialty.

By the way one of the worst things you can have happen is to get a brilliant server technician that is not familiar with SBS set it up. They tend to know too much and bypass the wizards. Every SBS "Expert" here will embarrassingly admit they made a mess of their first SBS because they felt they didn't have to use the wizards.

Yes, I completely agree.

So, Rob or Jared, are you in a position to help me "audit & cleaning up" this install via RDC?  And if so how can I engage your services?  I suspect that we are pretty close - but then again we may be far off too.

Your thoughts?

A) Technically we are not allowed to accept compensation and do so.
B) Setting up/changing anything network related is best done from the console, because you WILL loose remote connectivity, but SHOULD regain after a couple of minutes.

No problem to continue with questions. Not suggesting you can't, but was just saying for long term benefit you should find someone or "brush up" a bit on the O/S.

Agreed. Also, we are all a bit far from eachother to do console work, as RobWill suggested. I would recommend finding someone in your area.  Also, you do have great access to EE, where there are people who are more than happy to help, as well as thousands of guides out there to assist you with mostly everything. I would also go through the SBS console, and make sure that ALL wizards are run correctly, that your firewall either hardware or software it configured correctly, that your DNS provider has the correct info, as well as running BPA to clear out additional errors. SBS is suppose to be a server that is self-reliant on itself. It should just work, with limited support needed to it. I have seen some SBS systems up for over a full year (not completely recommended, but it happens)

Ok, well we continue.

In the longer term I will look for a local expert.  Can I do that through E-E? (I never thought to go to E-E for that).

BTW, If either of you ever come to Australia, then look me up, I will take you to a nice restaurant in Sydney.

A lot on Experts on EE, provide service outside of EE. Check out their profiles.

Wayne Small is a brilliant SBS MVP in Sydney. He may not be able to help you but I am sure he could recommend someone. His public profile:
https://mvp.support.microsoft.com/profile=406D02BF-56D9-4E73-A1B0-6B12E8F39F40

Oh wow thank you.  I will definately get in touch with him.

All the same I wouldn't mind just getting to the point where to the best of my knowledge everythign as relatively stable.

So if you are ok to continue - this is where I am up to...

Everything is basically working except:
a) there is some funny behaviour sending emails (not major - eg I can send/receive emails to external) - see my other post in E-E.
b) Our application can't see our server when run in our office but via an external link (I will cover this later)

But first thing - I want to run this wizard.  But I want to make sure I get it right.  Is there soem way to check the settings made manually?

Actually,  thinking about it.  I wouldn't mind stopping after running the wizard.  It is 4am here.  Then tomorrow I will contatc Wayne.

Let us know if you need any additional help! It would also be best if you open a new topic, then more experts can take a look at it!

Jared

No problem to continue. I am going out on a service call. Not deserting you but will be offline for a while.

The wizard sets DNS, IIS, Exchange, Sharepoint, and much more, and in dozens of locations in each service. You really can't check it all. That is why you need the wizards, it's not possible to manually configure.

The BPA will advise of most of the issues, but again as your earlier post, the suggested fix (in the diagnostic itself) is to run the wizard. Even if you change the public domain name it should fix it. I just recomend verifying what it should be before you run it.
It will be the same as your e-mail address after the '@' symbol.

Before anything though, to confirm; The SBS is now your DHCP server and DNS is properly configured with server and client NIC's pointing only to the SBS for DNS.
DNS is the backbone of a Windows domain.

Once the wizard is run, issues with the BPA resolved you can test Exchange from:
https://www.testexchangeconnectivity.com/

Gosh, that is interesting.

Well I am confident that DHCP and DNS are set up correctly.  Same for external records at the domain name hosting company.

So all I need to do is this (to run the wizard) ...


 

FYI - Once I have run this Wizard (assuming the whole thing doesn't crash in a heap) I plan to stop and close this question.

either way - I am definately going to get in touch with Wayne.

That is correct all you need to do is run the wizard. I would be very hopeful. It will clean up a lot of issues. As well as with scavenging, within the next week, all should be well.

Remote is the default. If you accept that you need a host (A) record for your public domain name pointing remote.esuite.com.au and then am MX record pointing to that host record. Some folk prefer to change to something like mail. xxx.xxx or you may already have a public host record and or certificate you want to use. Keep in mind it, the certificate and host record must all be the same.

Wayne is one of the top SBS people in the world, and a very nice guy. I am sure he will at least point you in the right direction.

well there is one catch... I can't bbe 100% sure which domain was entered.  
I have two:
* esol.com.au      (this one is old)
* esuite.com.au.

And I can't be 100% sure which one was used by the guy who set it up.

Anyway, so perhaps this means the end of the road for today.

Guys, thank you for all your help.

I would place 80% odds on it being esuite.com.au.  But not willing to chance it.

So I guess your recomendation now might be to not go further withotu help.

You can actually use both, but the second has to be manually added later.

Testing from here it appears there are host records for both and neither has a certificate. I would run the wizard using the primary domain name. If you need the other we can add/clean up later.

However I am curious. You say OWA works. If so it must be a different prefix or domain as it needs a certificate.

owa currently works via web browser only (need certificate if I want it working in outlook).  

We have actually plase an order for this - due soon.

I can provide the url for web mail (but not sure I should here).

It seems the server is set up for both domains and you can access with https://mail. <either domain name>/owa.
It is using the server's self signed certificate rather than a purchased one. OWA you cn bypass the certificate error. RWA/RWW you cannot.

thats correct

so, I presume it is safe to hiit that button on the wizard with the following settings on the Advanced Settings dialog

Domain Prefix = remote

Do not user a domain prefix = NOT ticked

I would use "mail" rather than remote since you already have the external domain host record for it set up

In sorting out the primary domain suffix used. Try going to all programs | Microsoft Exchange server | Exchange management console | Organization configuration | Hub transport | General | what is the domain name used in the "specify the FQDN this connector with provide...."
Don't change this, but it is the current primary external domain, which you should use in the wizard.

Is Exchange working now? If so you may want to wait on all of this, but it sounds like it is not. It should resolve the key issues. However if using the second domain as well we may have to add that back in.

evidence mounts to support getting local hlep.

I ran the wizard (via RDC on my PC) and got this:

Also at the same time I gto a Security Alert on my PC.

 

Perhaps it might be time to pause this exercise.

Your thoughts

the security alert could be a co-incidence.  I have a few windwos open.  Also my PC has been wanting to restart for ages (Windows updates).

As mentioned best to do from the console. Running the wizard updates the SBS self signed certificate which may account for the certificate error, but Exchange failing is a totally different issue.
I would run the BPA next to see what it suggests as existing errors.
But fine to stop for now if you like. I to have to head out as I said earlier.

OK one last question (excuse my ignorannce) ... what does BPA stand for?

No problem.
Best Practices Anyalyzer:
http://www.microsoft.com/download/en/details.aspx?id=6231

Rob and Jarred,

It has been an interesting experience to say the least.

I am very greatful to you both for the amazing help.

Now it is time to take a break.

Should I leave this question open - just in case I get really stuck and can't contact Wayne?

You are very welcome. Glad to try to assist.
No problem to leave the question open.
--Rob

It's completely up to me. You can always get a response from another expert if you open up a new topic.

Well I will leave it open for a few days.  

If only in case some other poor soul comes along a reads the whole transscript - then it may help if there is a resolution at the bottom, one way or another.

Anway bye for now and THANK YOU for your help !

Signing out...

Hi all,

FYI - VERY INTERESTING FACTORS AFFECTED US... (read on)...

Thank you all for your amazing support!!!

I finally got my server up and running.  But gosh there were some interesting things to learn along the way.  Unfortunatley, the guy that set up the server hasn't added his comments.

Two nasty external factors also had a sever impact as follows:
* My router seems to have a nasty bug in it
* First of all during the install my ISP decided that we had exceeded their measly 20GB of data allowance and promptly throttled my internet - thanks Optus...

The router bug (NOW THIS IS INTERESTING): About 7 years ago I was using Netgear FVS 318 routers, and they all had this strange problem where if you mucked around with the TCP/IP port mappings (eg adding/deleting/editing) then the router would randomly forget one of the port mappings.  To solve the problem you simply had to clear out all the entries and re-enter them.  Guess what!  This Netgear bug is still around in their latest DG834 routers.  Basically my port 25 was being blocked by my router.  Now I only found this recently, and my email was working a week ago, so it is perhaps not relevant.  Anyway I just thought I would thow it in - perhaps it was causing me grief during the setup too.

Anway thank you all for your great support.

Guys,

Thank you so much for all your help.

I cannot believe the generosity of your time given.

Thank you.

Glad to assist. Sounds like you had lots of problems.
Cheers!
--Rob