Solved

SBS 2011 install is a mess

Posted on 2012-04-10
10
1,843 Views
Last Modified: 2013-12-02
Hi All,

I inherited a mess from another tech: he installed Small Business Server 2011 Standard for a customer, then decided not to use ANY WIZARDS when setting things up.  Naturally this turned into a gigantic disaster and the customer is very upset.  Being a senior tech, I have been called in to try to remediate (I just wish someone had thought to ask me about it before charging ahead with no plan).  

Most of my experience is with SBS 2003, which I implemented plenty of times with great success.  SBS 2011 looks similar, but I'm sure there are plenty of changes I haven't learned about.

So... I am hoping some of you might have some suggestions for me.

Below is a rough outline of the problem, and following that I have some ideas for remediation.  There really are only one or two things I am stumped on.

--------------------------------

This was a migration from a previous domain, but since the other tech kept no notes, I have no idea if the previous server was SBS or something vanilla.  

Internet Connection Wizard was not run, so I assume the following services were either manually configured or ignored:
Exchange - Email is flowing, so that was probably set up manually via the firewall.

Outlook Web Access - Not available from extranet
SharePoint - Not available from extranet
Remote Web Workplace - Not available from extranet, but get this: original tech configured the SonicWall firewall to map static RDP ports to each workstation. So users would be using their RDC client to connect to remote.customer.com:3389 for PC1, remote.customer.com:3390 for PC2, etc.
Server side backups - Not configured
Folder redirection - Not configured or else misconfigured (someone came in after the install and tried to fix the GPO directly)

Users were created via Exchange and Active Directory, not using the Add User Wizard

Workstations were disjoined from old domain and joined directly to SBS 2011 AD; they did not use the Add Computer Wizard or ConnectComputer.  

All workstations are running Windows XP Pro SP3, running different versions of MS Office (2003 - 2010).  One workstation was replaced with a Windows 7 machine.

Computer and AD accounts were created in the correct OU (or moved there afterward).  The SBS2011 server is in the "Domain Controllers" OU.

Profiles were manually migrated on workstations; mailboxes were saved as PST files and re-imported via Outlook.  

After the migration, there were a ton of issues, many of them not documented.  Various techs came onsite to try to fix things, and this involved trying to get remote email (I assume Outlook Anywhere) to work, various workstations going to sleep, folder redirection, etc.  A SharePoint patch brought the server to its knees because they didn't know you had to run the PSConfig wizard to finalize the upgrade.  During this time they thought one of the problems was IPv6, so they hacked the registry to remove it from the TCP/IP stack (using a Microsoft procedure).  


--------------------------------

So my first question is, is this a salvageable site?  One of my co-workers thinks it is a do-over, given all the non-standard configuration and undocumented changes.  But I am hoping I could remediate it, as long as it's not too disruptive.  Besides, a do-over would really annoy the customer.

Internet Connection Wizard: In my experience (at least with SBS 2003), this can simply be re-run to publish the services, set DNS, SSL, RRAS, etc.  What I'd like to do is implement OWA and RWW at least, with Outlook Anywhere and VPN as an option. Is there any risk to re-running this wizard?

Users not added via wizard: According to this blog post (http://blogs.technet.com/b/sbs/archive/2008/09/22/why-are-some-of-my-users-not-displaying-in-the-sbs-console.aspx) I can run the "Change user role for user accounts" wizard and this will re-process each account with the correct policies and permissions.  Is this wizard disruptive?  Would it, for example, screw up their mailbox / Outlook profile?  

Computers not added via wizards: Here I am a little uncertain.  I read here (http://onlinehelp.microsoft.com/en-us/sbs2011essentials/server-network-changes-1.aspx) about the changes the wizard makes to the workstation OS. Is there any way to rerun this for computers that were already (manually) joined to the domain?  

I am also concerned about changes that might have been made to GPO by other techs.  Is there a way to reset GPOs, or is there documentation on what the default GPO settings are?

So far the Health Monitor is not showing any serious problems in the logs.  

I have not run the Small Business Server 2011 Best Practices Wizard to see what it says.
0
Comment
Question by:Greg Burns
  • 4
  • 3
  • 3
10 Comments
 
LVL 21
ID: 37830739
<<omputers not added via wizards: Here I am a little uncertain.  I read here (http://onlinehelp.microsoft.com/en-us/sbs2011essentials/server-network-changes-1.aspx) about the changes the wizard makes to the workstation OS. Is there any way to rerun this for computers that were already (manually) joined to the domain?  >>

Sure. First remove them from the domain. reboot. Join the domain using the wizard.

The way I see it is id this:
If it takes more than an few hours to get everything corrected on the SBS box, then I would start over.
0
 
LVL 8

Author Comment

by:Greg Burns
ID: 37830744
@TheHiTechCoach:
Thanks for the quick reply.  If I disjoin, then rejoin using the ConnectComputer, will that reuse the existing AD User profile or give the user a new one?  I'm trying to avoid having to re-migrate the user's stuff, such as docs/settings, outlook profile, mapped drives, etc.
0
 
LVL 21

Accepted Solution

by:
Boyd (HiTechCoach) Trimmell, Microsoft Access MVP earned 250 total points
ID: 37830785
Before I remove the workstation form the domain I use the Windows Easy Transfer Wizard to export all the data from the profiles.  I then remove the computer from the domain.  I delete all the old user profiles or at least rename the folders. After rejoining the domain I log on as each user to create the profile. Now you can run the Windows Easy Transfer wizard to restore the profile. Use the advanced option to map the old users to the new users.  I find this method always works. There may be other simpler ways but I know this way works.

FWIW: I regularly use the Windows Easy Transfer Wizard to move users between PCs.
0
 
LVL 6

Expert Comment

by:jaredr80
ID: 37830792
Wow. Well I can definitely say this is one of the worst I have seen in a while! As stated above by TheHiTechCoach, you can very well re-join those computers using the wizard, though this is only one very small part of the puzzle.

As you already know as described above-SBS relies and thrives off of the wizards. This however doesn't seem to be a migration type of situation, just based on the fact that the migration wizard for SBS, would not have allowed this to move forward as such. It will automatically configure a great deal of stuff for, which was not done here. I have seen SBS systems many times before where techs did not use the wizards and it always has long term implications.

My recommendation, which may ultimately save you and your company a lot of hardship and fighting to make it work OK would be to scrap and re-do. If what you state above is correct, there is more that is wrong than what is right. Many things like OWA, should just be available via the Internet, even if there is a cert installed correctly. It seems as though there are deeper IIS, Exchange, and AD issues, that never quite went correctly.

My 2 cents for the situation, and though it may not be what you want to hear...in the long run I feel you may be better off.

-Jared
0
 
LVL 8

Author Comment

by:Greg Burns
ID: 37830793
@TheHiTechCoach:
All right, thanks.  I will try that method.  

Do you see any gotcha's with the other proposed fixes I mentioned?
0
 
LVL 6

Assisted Solution

by:jaredr80
jaredr80 earned 250 total points
ID: 37830797
I think it is definitely worth a shot to attempt to fix the system. SBS 2008 and above has some really powerful wizards to attempt to fix SBS systems. In the SBS console under Network, Connectivity, there is a Fix My Network wizard...run that and see what that can resolve. That will most likely come up with a lot of issues if what is stated above is correct.

Best of luck!

-Jared
0
 
LVL 21
ID: 37830804
From what you have described there were tech that did not know and/or understand SBS server and how it is different from Windows Sever.   It may be time to call in an SBS MVP.  

Also check out he SBS Diva: http://www.thirdtier.net/
0
 
LVL 6

Expert Comment

by:jaredr80
ID: 37830806
Just as a note the connect computer wizard is not going to be the make or break of the system TBH. See the link below and scroll all the way to the bottom, that shows what the SBS 2008 wizard does; not very different from the SBS 2011 wizard.

http://www.petri.co.il/forums/showthread.php?t=54061

-Jared
0
 
LVL 8

Author Comment

by:Greg Burns
ID: 37831131
Thanks all for your responses.  I should be back onsite soon and I'll try your suggestions.
0
 
LVL 8

Author Closing Comment

by:Greg Burns
ID: 37855838
Thanks all, <br />I haven't been back to the site yet, but I thought I'd award you the points anyway.  If I do run into any issues I'll open a new question.  Thanks again.
0

Join & Write a Comment

The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now