SBS 2011 install is a mess

Hi All,

I inherited a mess from another tech: he installed Small Business Server 2011 Standard for a customer, then decided not to use ANY WIZARDS when setting things up.  Naturally this turned into a gigantic disaster and the customer is very upset.  Being a senior tech, I have been called in to try to remediate (I just wish someone had thought to ask me about it before charging ahead with no plan).  

Most of my experience is with SBS 2003, which I implemented plenty of times with great success.  SBS 2011 looks similar, but I'm sure there are plenty of changes I haven't learned about.

So... I am hoping some of you might have some suggestions for me.

Below is a rough outline of the problem, and following that I have some ideas for remediation.  There really are only one or two things I am stumped on.


This was a migration from a previous domain, but since the other tech kept no notes, I have no idea if the previous server was SBS or something vanilla.  

Internet Connection Wizard was not run, so I assume the following services were either manually configured or ignored:
Exchange - Email is flowing, so that was probably set up manually via the firewall.

Outlook Web Access - Not available from extranet
SharePoint - Not available from extranet
Remote Web Workplace - Not available from extranet, but get this: original tech configured the SonicWall firewall to map static RDP ports to each workstation. So users would be using their RDC client to connect to for PC1, for PC2, etc.
Server side backups - Not configured
Folder redirection - Not configured or else misconfigured (someone came in after the install and tried to fix the GPO directly)

Users were created via Exchange and Active Directory, not using the Add User Wizard

Workstations were disjoined from old domain and joined directly to SBS 2011 AD; they did not use the Add Computer Wizard or ConnectComputer.  

All workstations are running Windows XP Pro SP3, running different versions of MS Office (2003 - 2010).  One workstation was replaced with a Windows 7 machine.

Computer and AD accounts were created in the correct OU (or moved there afterward).  The SBS2011 server is in the "Domain Controllers" OU.

Profiles were manually migrated on workstations; mailboxes were saved as PST files and re-imported via Outlook.  

After the migration, there were a ton of issues, many of them not documented.  Various techs came onsite to try to fix things, and this involved trying to get remote email (I assume Outlook Anywhere) to work, various workstations going to sleep, folder redirection, etc.  A SharePoint patch brought the server to its knees because they didn't know you had to run the PSConfig wizard to finalize the upgrade.  During this time they thought one of the problems was IPv6, so they hacked the registry to remove it from the TCP/IP stack (using a Microsoft procedure).  


So my first question is, is this a salvageable site?  One of my co-workers thinks it is a do-over, given all the non-standard configuration and undocumented changes.  But I am hoping I could remediate it, as long as it's not too disruptive.  Besides, a do-over would really annoy the customer.

Internet Connection Wizard: In my experience (at least with SBS 2003), this can simply be re-run to publish the services, set DNS, SSL, RRAS, etc.  What I'd like to do is implement OWA and RWW at least, with Outlook Anywhere and VPN as an option. Is there any risk to re-running this wizard?

Users not added via wizard: According to this blog post ( I can run the "Change user role for user accounts" wizard and this will re-process each account with the correct policies and permissions.  Is this wizard disruptive?  Would it, for example, screw up their mailbox / Outlook profile?  

Computers not added via wizards: Here I am a little uncertain.  I read here ( about the changes the wizard makes to the workstation OS. Is there any way to rerun this for computers that were already (manually) joined to the domain?  

I am also concerned about changes that might have been made to GPO by other techs.  Is there a way to reset GPOs, or is there documentation on what the default GPO settings are?

So far the Health Monitor is not showing any serious problems in the logs.  

I have not run the Small Business Server 2011 Best Practices Wizard to see what it says.
LVL 11
Greg BurnsSQL / SharePoint EngineerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Boyd (HiTechCoach) Trimmell, Microsoft Access MVPDesigner and DeveloperCommented:
<<omputers not added via wizards: Here I am a little uncertain.  I read here ( about the changes the wizard makes to the workstation OS. Is there any way to rerun this for computers that were already (manually) joined to the domain?  >>

Sure. First remove them from the domain. reboot. Join the domain using the wizard.

The way I see it is id this:
If it takes more than an few hours to get everything corrected on the SBS box, then I would start over.
Greg BurnsSQL / SharePoint EngineerAuthor Commented:
Thanks for the quick reply.  If I disjoin, then rejoin using the ConnectComputer, will that reuse the existing AD User profile or give the user a new one?  I'm trying to avoid having to re-migrate the user's stuff, such as docs/settings, outlook profile, mapped drives, etc.
Boyd (HiTechCoach) Trimmell, Microsoft Access MVPDesigner and DeveloperCommented:
Before I remove the workstation form the domain I use the Windows Easy Transfer Wizard to export all the data from the profiles.  I then remove the computer from the domain.  I delete all the old user profiles or at least rename the folders. After rejoining the domain I log on as each user to create the profile. Now you can run the Windows Easy Transfer wizard to restore the profile. Use the advanced option to map the old users to the new users.  I find this method always works. There may be other simpler ways but I know this way works.

FWIW: I regularly use the Windows Easy Transfer Wizard to move users between PCs.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

Wow. Well I can definitely say this is one of the worst I have seen in a while! As stated above by TheHiTechCoach, you can very well re-join those computers using the wizard, though this is only one very small part of the puzzle.

As you already know as described above-SBS relies and thrives off of the wizards. This however doesn't seem to be a migration type of situation, just based on the fact that the migration wizard for SBS, would not have allowed this to move forward as such. It will automatically configure a great deal of stuff for, which was not done here. I have seen SBS systems many times before where techs did not use the wizards and it always has long term implications.

My recommendation, which may ultimately save you and your company a lot of hardship and fighting to make it work OK would be to scrap and re-do. If what you state above is correct, there is more that is wrong than what is right. Many things like OWA, should just be available via the Internet, even if there is a cert installed correctly. It seems as though there are deeper IIS, Exchange, and AD issues, that never quite went correctly.

My 2 cents for the situation, and though it may not be what you want to the long run I feel you may be better off.

Greg BurnsSQL / SharePoint EngineerAuthor Commented:
All right, thanks.  I will try that method.  

Do you see any gotcha's with the other proposed fixes I mentioned?
I think it is definitely worth a shot to attempt to fix the system. SBS 2008 and above has some really powerful wizards to attempt to fix SBS systems. In the SBS console under Network, Connectivity, there is a Fix My Network that and see what that can resolve. That will most likely come up with a lot of issues if what is stated above is correct.

Best of luck!

Boyd (HiTechCoach) Trimmell, Microsoft Access MVPDesigner and DeveloperCommented:
From what you have described there were tech that did not know and/or understand SBS server and how it is different from Windows Sever.   It may be time to call in an SBS MVP.  

Also check out he SBS Diva:
Just as a note the connect computer wizard is not going to be the make or break of the system TBH. See the link below and scroll all the way to the bottom, that shows what the SBS 2008 wizard does; not very different from the SBS 2011 wizard.

Greg BurnsSQL / SharePoint EngineerAuthor Commented:
Thanks all for your responses.  I should be back onsite soon and I'll try your suggestions.
Greg BurnsSQL / SharePoint EngineerAuthor Commented:
Thanks all, <br />I haven't been back to the site yet, but I thought I'd award you the points anyway.  If I do run into any issues I'll open a new question.  Thanks again.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.