I inherited a mess from another tech: he installed Small Business Server 2011 Standard for a customer, then decided not to use ANY WIZARDS when setting things up. Naturally this turned into a gigantic disaster and the customer is very upset. Being a senior tech, I have been called in to try to remediate (I just wish someone had thought to ask me about it before charging ahead with no plan).
Most of my experience is with SBS 2003, which I implemented plenty of times with great success. SBS 2011 looks similar, but I'm sure there are plenty of changes I haven't learned about.
So... I am hoping some of you might have some suggestions for me.
Below is a rough outline of the problem, and following that I have some ideas for remediation. There really are only one or two things I am stumped on.
This was a migration from a previous domain, but since the other tech kept no notes, I have no idea if the previous server was SBS or something vanilla.
Internet Connection Wizard was not run, so I assume the following services were either manually configured or ignored:
Exchange - Email is flowing, so that was probably set up manually via the firewall.
Outlook Web Access - Not available from extranet
SharePoint - Not available from extranet
Remote Web Workplace - Not available from extranet, but get this: original tech configured the SonicWall firewall to map static RDP ports to each workstation. So users would be using their RDC client to connect to remote.customer.com:3389 for PC1, remote.customer.com:3390 for PC2, etc.
Server side backups - Not configured
Folder redirection - Not configured or else misconfigured (someone came in after the install and tried to fix the GPO directly)
Users were created via Exchange and Active Directory, not using the Add User Wizard
Workstations were disjoined from old domain and joined directly to SBS 2011 AD; they did not use the Add Computer Wizard or ConnectComputer.
All workstations are running Windows XP Pro SP3, running different versions of MS Office (2003 - 2010). One workstation was replaced with a Windows 7 machine.
Computer and AD accounts were created in the correct OU (or moved there afterward). The SBS2011 server is in the "Domain Controllers" OU.
Profiles were manually migrated on workstations; mailboxes were saved as PST files and re-imported via Outlook.
After the migration, there were a ton of issues, many of them not documented. Various techs came onsite to try to fix things, and this involved trying to get remote email (I assume Outlook Anywhere) to work, various workstations going to sleep, folder redirection, etc. A SharePoint patch brought the server to its knees because they didn't know you had to run the PSConfig wizard to finalize the upgrade. During this time they thought one of the problems was IPv6, so they hacked the registry to remove it from the TCP/IP stack (using a Microsoft procedure).
So my first question is, is this a salvageable site? One of my co-workers thinks it is a do-over, given all the non-standard configuration and undocumented changes. But I am hoping I could remediate it, as long as it's not too disruptive. Besides, a do-over would really annoy the customer.
Internet Connection Wizard:
In my experience (at least with SBS 2003), this can simply be re-run to publish the services, set DNS, SSL, RRAS, etc. What I'd like to do is implement OWA and RWW at least, with Outlook Anywhere and VPN as an option. Is there any risk to re-running this wizard?
Users not added via wizard:
According to this blog post (http://blogs.technet.com/b/sbs/archive/2008/09/22/why-are-some-of-my-users-not-displaying-in-the-sbs-console.aspx
) I can run the "Change user role for user accounts" wizard and this will re-process each account with the correct policies and permissions. Is this wizard disruptive? Would it, for example, screw up their mailbox / Outlook profile?
Computers not added via wizards:
Here I am a little uncertain. I read here (http://onlinehelp.microsoft.com/en-us/sbs2011essentials/server-network-changes-1.aspx
) about the changes the wizard makes to the workstation OS. Is there any way to rerun this for computers that were already (manually) joined to the domain?
I am also concerned about changes that might have been made to GPO by other techs. Is there a way to reset GPOs, or is there documentation on what the default GPO settings are?
So far the Health Monitor is not showing any serious problems in the logs.
I have not run the Small Business Server 2011 Best Practices Wizard to see what it says.