Solved

SBS 2011 install is a mess

Posted on 2012-04-10
10
1,852 Views
Last Modified: 2013-12-02
Hi All,

I inherited a mess from another tech: he installed Small Business Server 2011 Standard for a customer, then decided not to use ANY WIZARDS when setting things up.  Naturally this turned into a gigantic disaster and the customer is very upset.  Being a senior tech, I have been called in to try to remediate (I just wish someone had thought to ask me about it before charging ahead with no plan).  

Most of my experience is with SBS 2003, which I implemented plenty of times with great success.  SBS 2011 looks similar, but I'm sure there are plenty of changes I haven't learned about.

So... I am hoping some of you might have some suggestions for me.

Below is a rough outline of the problem, and following that I have some ideas for remediation.  There really are only one or two things I am stumped on.

--------------------------------

This was a migration from a previous domain, but since the other tech kept no notes, I have no idea if the previous server was SBS or something vanilla.  

Internet Connection Wizard was not run, so I assume the following services were either manually configured or ignored:
Exchange - Email is flowing, so that was probably set up manually via the firewall.

Outlook Web Access - Not available from extranet
SharePoint - Not available from extranet
Remote Web Workplace - Not available from extranet, but get this: original tech configured the SonicWall firewall to map static RDP ports to each workstation. So users would be using their RDC client to connect to remote.customer.com:3389 for PC1, remote.customer.com:3390 for PC2, etc.
Server side backups - Not configured
Folder redirection - Not configured or else misconfigured (someone came in after the install and tried to fix the GPO directly)

Users were created via Exchange and Active Directory, not using the Add User Wizard

Workstations were disjoined from old domain and joined directly to SBS 2011 AD; they did not use the Add Computer Wizard or ConnectComputer.  

All workstations are running Windows XP Pro SP3, running different versions of MS Office (2003 - 2010).  One workstation was replaced with a Windows 7 machine.

Computer and AD accounts were created in the correct OU (or moved there afterward).  The SBS2011 server is in the "Domain Controllers" OU.

Profiles were manually migrated on workstations; mailboxes were saved as PST files and re-imported via Outlook.  

After the migration, there were a ton of issues, many of them not documented.  Various techs came onsite to try to fix things, and this involved trying to get remote email (I assume Outlook Anywhere) to work, various workstations going to sleep, folder redirection, etc.  A SharePoint patch brought the server to its knees because they didn't know you had to run the PSConfig wizard to finalize the upgrade.  During this time they thought one of the problems was IPv6, so they hacked the registry to remove it from the TCP/IP stack (using a Microsoft procedure).  


--------------------------------

So my first question is, is this a salvageable site?  One of my co-workers thinks it is a do-over, given all the non-standard configuration and undocumented changes.  But I am hoping I could remediate it, as long as it's not too disruptive.  Besides, a do-over would really annoy the customer.

Internet Connection Wizard: In my experience (at least with SBS 2003), this can simply be re-run to publish the services, set DNS, SSL, RRAS, etc.  What I'd like to do is implement OWA and RWW at least, with Outlook Anywhere and VPN as an option. Is there any risk to re-running this wizard?

Users not added via wizard: According to this blog post (http://blogs.technet.com/b/sbs/archive/2008/09/22/why-are-some-of-my-users-not-displaying-in-the-sbs-console.aspx) I can run the "Change user role for user accounts" wizard and this will re-process each account with the correct policies and permissions.  Is this wizard disruptive?  Would it, for example, screw up their mailbox / Outlook profile?  

Computers not added via wizards: Here I am a little uncertain.  I read here (http://onlinehelp.microsoft.com/en-us/sbs2011essentials/server-network-changes-1.aspx) about the changes the wizard makes to the workstation OS. Is there any way to rerun this for computers that were already (manually) joined to the domain?  

I am also concerned about changes that might have been made to GPO by other techs.  Is there a way to reset GPOs, or is there documentation on what the default GPO settings are?

So far the Health Monitor is not showing any serious problems in the logs.  

I have not run the Small Business Server 2011 Best Practices Wizard to see what it says.
0
Comment
Question by:Greg Burns
  • 4
  • 3
  • 3
10 Comments
 
LVL 21
ID: 37830739
<<omputers not added via wizards: Here I am a little uncertain.  I read here (http://onlinehelp.microsoft.com/en-us/sbs2011essentials/server-network-changes-1.aspx) about the changes the wizard makes to the workstation OS. Is there any way to rerun this for computers that were already (manually) joined to the domain?  >>

Sure. First remove them from the domain. reboot. Join the domain using the wizard.

The way I see it is id this:
If it takes more than an few hours to get everything corrected on the SBS box, then I would start over.
0
 
LVL 10

Author Comment

by:Greg Burns
ID: 37830744
@TheHiTechCoach:
Thanks for the quick reply.  If I disjoin, then rejoin using the ConnectComputer, will that reuse the existing AD User profile or give the user a new one?  I'm trying to avoid having to re-migrate the user's stuff, such as docs/settings, outlook profile, mapped drives, etc.
0
 
LVL 21

Accepted Solution

by:
Boyd (HiTechCoach) Trimmell, Microsoft Access MVP earned 250 total points
ID: 37830785
Before I remove the workstation form the domain I use the Windows Easy Transfer Wizard to export all the data from the profiles.  I then remove the computer from the domain.  I delete all the old user profiles or at least rename the folders. After rejoining the domain I log on as each user to create the profile. Now you can run the Windows Easy Transfer wizard to restore the profile. Use the advanced option to map the old users to the new users.  I find this method always works. There may be other simpler ways but I know this way works.

FWIW: I regularly use the Windows Easy Transfer Wizard to move users between PCs.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 6

Expert Comment

by:jaredr80
ID: 37830792
Wow. Well I can definitely say this is one of the worst I have seen in a while! As stated above by TheHiTechCoach, you can very well re-join those computers using the wizard, though this is only one very small part of the puzzle.

As you already know as described above-SBS relies and thrives off of the wizards. This however doesn't seem to be a migration type of situation, just based on the fact that the migration wizard for SBS, would not have allowed this to move forward as such. It will automatically configure a great deal of stuff for, which was not done here. I have seen SBS systems many times before where techs did not use the wizards and it always has long term implications.

My recommendation, which may ultimately save you and your company a lot of hardship and fighting to make it work OK would be to scrap and re-do. If what you state above is correct, there is more that is wrong than what is right. Many things like OWA, should just be available via the Internet, even if there is a cert installed correctly. It seems as though there are deeper IIS, Exchange, and AD issues, that never quite went correctly.

My 2 cents for the situation, and though it may not be what you want to hear...in the long run I feel you may be better off.

-Jared
0
 
LVL 10

Author Comment

by:Greg Burns
ID: 37830793
@TheHiTechCoach:
All right, thanks.  I will try that method.  

Do you see any gotcha's with the other proposed fixes I mentioned?
0
 
LVL 6

Assisted Solution

by:jaredr80
jaredr80 earned 250 total points
ID: 37830797
I think it is definitely worth a shot to attempt to fix the system. SBS 2008 and above has some really powerful wizards to attempt to fix SBS systems. In the SBS console under Network, Connectivity, there is a Fix My Network wizard...run that and see what that can resolve. That will most likely come up with a lot of issues if what is stated above is correct.

Best of luck!

-Jared
0
 
LVL 21
ID: 37830804
From what you have described there were tech that did not know and/or understand SBS server and how it is different from Windows Sever.   It may be time to call in an SBS MVP.  

Also check out he SBS Diva: http://www.thirdtier.net/
0
 
LVL 6

Expert Comment

by:jaredr80
ID: 37830806
Just as a note the connect computer wizard is not going to be the make or break of the system TBH. See the link below and scroll all the way to the bottom, that shows what the SBS 2008 wizard does; not very different from the SBS 2011 wizard.

http://www.petri.co.il/forums/showthread.php?t=54061

-Jared
0
 
LVL 10

Author Comment

by:Greg Burns
ID: 37831131
Thanks all for your responses.  I should be back onsite soon and I'll try your suggestions.
0
 
LVL 10

Author Closing Comment

by:Greg Burns
ID: 37855838
Thanks all, <br />I haven't been back to the site yet, but I thought I'd award you the points anyway.  If I do run into any issues I'll open a new question.  Thanks again.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question