SBS 2011 install is a mess
Hi All,
I inherited a mess from another tech: he installed Small Business Server 2011 Standard for a customer, then decided not to use ANY WIZARDS when setting things up. Naturally this turned into a gigantic disaster and the customer is very upset. Being a senior tech, I have been called in to try to remediate (I just wish someone had thought to ask me about it before charging ahead with no plan).
Most of my experience is with SBS 2003, which I implemented plenty of times with great success. SBS 2011 looks similar, but I'm sure there are plenty of changes I haven't learned about.
So... I am hoping some of you might have some suggestions for me.
Below is a rough outline of the problem, and following that I have some ideas for remediation. There really are only one or two things I am stumped on.
--------------------------
This was a migration from a previous domain, but since the other tech kept no notes, I have no idea if the previous server was SBS or something vanilla.
Internet Connection Wizard was not run, so I assume the following services were either manually configured or ignored:
Users were created via Exchange and Active Directory, not using the Add User Wizard
Workstations were disjoined from old domain and joined directly to SBS 2011 AD; they did not use the Add Computer Wizard or ConnectComputer.
All workstations are running Windows XP Pro SP3, running different versions of MS Office (2003 - 2010). One workstation was replaced with a Windows 7 machine.
Computer and AD accounts were created in the correct OU (or moved there afterward). The SBS2011 server is in the "Domain Controllers" OU.
Profiles were manually migrated on workstations; mailboxes were saved as PST files and re-imported via Outlook.
After the migration, there were a ton of issues, many of them not documented. Various techs came onsite to try to fix things, and this involved trying to get remote email (I assume Outlook Anywhere) to work, various workstations going to sleep, folder redirection, etc. A SharePoint patch brought the server to its knees because they didn't know you had to run the PSConfig wizard to finalize the upgrade. During this time they thought one of the problems was IPv6, so they hacked the registry to remove it from the TCP/IP stack (using a Microsoft procedure).
--------------------------
So my first question is, is this a salvageable site? One of my co-workers thinks it is a do-over, given all the non-standard configuration and undocumented changes. But I am hoping I could remediate it, as long as it's not too disruptive. Besides, a do-over would really annoy the customer.
Internet Connection Wizard: In my experience (at least with SBS 2003), this can simply be re-run to publish the services, set DNS, SSL, RRAS, etc. What I'd like to do is implement OWA and RWW at least, with Outlook Anywhere and VPN as an option. Is there any risk to re-running this wizard?
Users not added via wizard: According to this blog post (http://blogs.technet.com/b/sbs/archive/2008/09/22/why-are-some-of-my-users-not-displaying-in-the-sbs-console.aspx) I can run the "Change user role for user accounts" wizard and this will re-process each account with the correct policies and permissions. Is this wizard disruptive? Would it, for example, screw up their mailbox / Outlook profile?
Computers not added via wizards: Here I am a little uncertain. I read here (http://onlinehelp.microsoft.com/en-us/sbs2011essentials/server-network-changes-1.aspx) about the changes the wizard makes to the workstation OS. Is there any way to rerun this for computers that were already (manually) joined to the domain?
I am also concerned about changes that might have been made to GPO by other techs. Is there a way to reset GPOs, or is there documentation on what the default GPO settings are?
So far the Health Monitor is not showing any serious problems in the logs.
I have not run the Small Business Server 2011 Best Practices Wizard to see what it says.
I inherited a mess from another tech: he installed Small Business Server 2011 Standard for a customer, then decided not to use ANY WIZARDS when setting things up. Naturally this turned into a gigantic disaster and the customer is very upset. Being a senior tech, I have been called in to try to remediate (I just wish someone had thought to ask me about it before charging ahead with no plan).
Most of my experience is with SBS 2003, which I implemented plenty of times with great success. SBS 2011 looks similar, but I'm sure there are plenty of changes I haven't learned about.
So... I am hoping some of you might have some suggestions for me.
Below is a rough outline of the problem, and following that I have some ideas for remediation. There really are only one or two things I am stumped on.
--------------------------
This was a migration from a previous domain, but since the other tech kept no notes, I have no idea if the previous server was SBS or something vanilla.
Internet Connection Wizard was not run, so I assume the following services were either manually configured or ignored:
Exchange - Email is flowing, so that was probably set up manually via the firewall.
Outlook Web Access - Not available from extranet
SharePoint - Not available from extranet
Remote Web Workplace - Not available from extranet, but get this: original tech configured the SonicWall firewall to map static RDP ports to each workstation. So users would be using their RDC client to connect to remote.customer.com:3389 for PC1, remote.customer.com:3390 for PC2, etc.
Server side backups - Not configured
Folder redirection - Not configured or else misconfigured (someone came in after the install and tried to fix the GPO directly)
Users were created via Exchange and Active Directory, not using the Add User Wizard
Workstations were disjoined from old domain and joined directly to SBS 2011 AD; they did not use the Add Computer Wizard or ConnectComputer.
All workstations are running Windows XP Pro SP3, running different versions of MS Office (2003 - 2010). One workstation was replaced with a Windows 7 machine.
Computer and AD accounts were created in the correct OU (or moved there afterward). The SBS2011 server is in the "Domain Controllers" OU.
Profiles were manually migrated on workstations; mailboxes were saved as PST files and re-imported via Outlook.
After the migration, there were a ton of issues, many of them not documented. Various techs came onsite to try to fix things, and this involved trying to get remote email (I assume Outlook Anywhere) to work, various workstations going to sleep, folder redirection, etc. A SharePoint patch brought the server to its knees because they didn't know you had to run the PSConfig wizard to finalize the upgrade. During this time they thought one of the problems was IPv6, so they hacked the registry to remove it from the TCP/IP stack (using a Microsoft procedure).
--------------------------
So my first question is, is this a salvageable site? One of my co-workers thinks it is a do-over, given all the non-standard configuration and undocumented changes. But I am hoping I could remediate it, as long as it's not too disruptive. Besides, a do-over would really annoy the customer.
Internet Connection Wizard: In my experience (at least with SBS 2003), this can simply be re-run to publish the services, set DNS, SSL, RRAS, etc. What I'd like to do is implement OWA and RWW at least, with Outlook Anywhere and VPN as an option. Is there any risk to re-running this wizard?
Users not added via wizard: According to this blog post (http://blogs.technet.com/b/sbs/archive/2008/09/22/why-are-some-of-my-users-not-displaying-in-the-sbs-console.aspx) I can run the "Change user role for user accounts" wizard and this will re-process each account with the correct policies and permissions. Is this wizard disruptive? Would it, for example, screw up their mailbox / Outlook profile?
Computers not added via wizards: Here I am a little uncertain. I read here (http://onlinehelp.microsoft.com/en-us/sbs2011essentials/server-network-changes-1.aspx) about the changes the wizard makes to the workstation OS. Is there any way to rerun this for computers that were already (manually) joined to the domain?
I am also concerned about changes that might have been made to GPO by other techs. Is there a way to reset GPOs, or is there documentation on what the default GPO settings are?
So far the Health Monitor is not showing any serious problems in the logs.
I have not run the Small Business Server 2011 Best Practices Wizard to see what it says.
ASKER
@TheHiTechCoach:
Thanks for the quick reply. If I disjoin, then rejoin using the ConnectComputer, will that reuse the existing AD User profile or give the user a new one? I'm trying to avoid having to re-migrate the user's stuff, such as docs/settings, outlook profile, mapped drives, etc.
Thanks for the quick reply. If I disjoin, then rejoin using the ConnectComputer, will that reuse the existing AD User profile or give the user a new one? I'm trying to avoid having to re-migrate the user's stuff, such as docs/settings, outlook profile, mapped drives, etc.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Wow. Well I can definitely say this is one of the worst I have seen in a while! As stated above by TheHiTechCoach, you can very well re-join those computers using the wizard, though this is only one very small part of the puzzle.
As you already know as described above-SBS relies and thrives off of the wizards. This however doesn't seem to be a migration type of situation, just based on the fact that the migration wizard for SBS, would not have allowed this to move forward as such. It will automatically configure a great deal of stuff for, which was not done here. I have seen SBS systems many times before where techs did not use the wizards and it always has long term implications.
My recommendation, which may ultimately save you and your company a lot of hardship and fighting to make it work OK would be to scrap and re-do. If what you state above is correct, there is more that is wrong than what is right. Many things like OWA, should just be available via the Internet, even if there is a cert installed correctly. It seems as though there are deeper IIS, Exchange, and AD issues, that never quite went correctly.
My 2 cents for the situation, and though it may not be what you want to hear...in the long run I feel you may be better off.
-Jared
As you already know as described above-SBS relies and thrives off of the wizards. This however doesn't seem to be a migration type of situation, just based on the fact that the migration wizard for SBS, would not have allowed this to move forward as such. It will automatically configure a great deal of stuff for, which was not done here. I have seen SBS systems many times before where techs did not use the wizards and it always has long term implications.
My recommendation, which may ultimately save you and your company a lot of hardship and fighting to make it work OK would be to scrap and re-do. If what you state above is correct, there is more that is wrong than what is right. Many things like OWA, should just be available via the Internet, even if there is a cert installed correctly. It seems as though there are deeper IIS, Exchange, and AD issues, that never quite went correctly.
My 2 cents for the situation, and though it may not be what you want to hear...in the long run I feel you may be better off.
-Jared
ASKER
@TheHiTechCoach:
All right, thanks. I will try that method.
Do you see any gotcha's with the other proposed fixes I mentioned?
All right, thanks. I will try that method.
Do you see any gotcha's with the other proposed fixes I mentioned?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
From what you have described there were tech that did not know and/or understand SBS server and how it is different from Windows Sever. It may be time to call in an SBS MVP.
Also check out he SBS Diva: http://www.thirdtier.net/
Also check out he SBS Diva: http://www.thirdtier.net/
Just as a note the connect computer wizard is not going to be the make or break of the system TBH. See the link below and scroll all the way to the bottom, that shows what the SBS 2008 wizard does; not very different from the SBS 2011 wizard.
http://www.petri.co.il/forums/showthread.php?t=54061
-Jared
http://www.petri.co.il/forums/showthread.php?t=54061
-Jared
ASKER
Thanks all for your responses. I should be back onsite soon and I'll try your suggestions.
ASKER
Thanks all, <br />I haven't been back to the site yet, but I thought I'd award you the points anyway. If I do run into any issues I'll open a new question. Thanks again.
Sure. First remove them from the domain. reboot. Join the domain using the wizard.
The way I see it is id this:
If it takes more than an few hours to get everything corrected on the SBS box, then I would start over.