>

SBS 2008 / SBS 2011 to virtualize or not to virtualize

Because virtualization becomes more and more common use and with Microsoft Hyper-V included in Windows Server at no additional costs and most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 2011 installation and never get the full benefits of the hardware. It is worth considering to virtualize the SBS 2008 or 2011 server and run one or maybe two or more virtual servers beside it on the same hardware.

In this blog post I will put together some facts, tips and considerations you should look after before you start virtualizing a SBS 2008 or 2011 server. Of course a lot of this information can also be used for virtualizing non SBS servers.

Enable Hyper-V role on a SBS 2008 or 2011 server
So if you just want to add just one other server, why not install SBS 2008 or 2011 on the physical hardware and just enable the Hyper-V role?

The answer is really simple, because it is not supported!! Enabling the Hyper-V role on a SBS 2008 or 2011 server will break stuff, for some additional information read here: http://blogs.technet.com/b/sbs/archive/2009/08/07/you-cannot-install-the-hyper-v-role-on-the-sbs-2008-primary-server.aspx

Hyper-V Host
So as we cannot enable the Hyper-V role on a SBS 2008 or 2011 server we need to install a Windows Server version on the physical hardware to function as a Host for the Virtual Machines. It is recommended that the Hyper-V Host will only hold the Hyper-V role and not to include any other roles or tasks. Only exception maybe for some management or backup tasks.

The Windows Server version we will choose is a real important decision, so let’s see what choices we have:
Hyper-V is included within Windows Server since version 2008 this was a version 1.0 and has a lot of limitations. I would not recommend using Windows Server 2008 to host the virtual machines. So I will limit to choice between the different server versions based on Windows Server 2008 R2 and Windows Server 2012.

SBS 2011 Premium Add-on
When you already bought SBS 2011, you might have bought the SBS 2011 Premium Add-on (PAO) in addition. The SBS 2011 PAO includes a Windows Server 2008 R2 standard and SQL 2008 R2 license. With Windows Server 2008 R2 Standard you have the right to install the software on a physical machine and install one Virtual Machine with the same license. This is called virtualization rights (1+1), you may do this only when you do not install any other role on the Host installation other than the Hyper-V role. When you install another role you will lose this right and need to buy a separate license for the virtual installation.

This said the SBS 2011 PAO will be a perfect consideration to use for your Host installation and run SBS 2011 and a second Virtual Machine for SQL server and / or a LOB application or even a Remote Desktop Session Host (Terminal) Server.

Memory
So the SBS 2011 PAO looks like an ideal solution, but one limitation is worth naming. Windows Server 2008 R2 standard has a 32GB memory limitation, this might be a problem when running SBS 2011 standard and also have a memory consuming SQL / LOB application. SBS 2011 standard itself with especially Exchange 2010 is a very memory consuming product, if you also need to run a loaded SQL / LOB application server beside this 32 GB might not be enough.
The Windows Server 2008 R2 Host installation needs about 2 – 4 GB, a SBS 2011 Standard for 25 – 50 users will need at least 20 – 24 GB, so this only leaves 6 – 10 GB for your SQL / LOB application server, this might be a problem. So keep this in mind if you are a growing organization and see the limit coming it is not possible to just insert more memory in your server, Windows Server 2008 R2 standard has a hard limit of 32 GB memory.

Windows Server 2008 R2 Enterprise or Datacenter
If memory could be an issue you might consider Windows Server 2008 R2 Enterprise or Datacenter, they both have a memory limit of 2 TB, this is a significant improvement. Also if you need to run more than one additional Virtual Machine you might consider both, Windows Server 2008 R2 Enterprise has an 1 to 4 virtualization right and Windows Server 2008 R2 Datacenter even 1 to unlimited. So with both version you will be far more flexible, but will cost considerably more than a standard or PAO version. Because also Windows Server 2012 is available at this moment I would not recommend these option only if you already own a license for these products it might be worth considering.

Hyper-V Server
If you do not have the SBS 2011 PAO or already have a Windows Server 2008 R2 license the free Hyper-V server might be worth considering. The free Hyper-V Server is a stripped Windows Server version with only the Hyper-V role included, there aren’t any other roles included.
The Hyper-V Server 2008 R2 has a memory limit of 1 TB and the Hyper-V Server 2012 has even a memory limit of 4 TB. There are no limitations between the Hyper-V server and the full blown versions of Windows Server, only thing is there is no graphical user interface (gui) on the Hyper-V Server. There is a small configuration menu to do some basic tasks but furthermore you need to configure and administer the server via a command window or via a remote management console.

For additional information about the Hyper-V Server look here: http://technet.microsoft.com/en-us/library/hh923062.aspx

Windows Server 2012
If you are not comfortable with a non gui server or have no ability to remotely manage the server and also not have any license available the best option would be to go for a Windows Server 2012 edition. There are only 2 version applicable, the Standard and the Datacenter version, only difference between both versions are the Virtualization rights. Windows Server 2012 Standard has an 1 to 2 virtualization right and Datacenter even 1 to unlimited. Both version have a memory limit of 4 TB so no limitation anymore on the standard version.

Client Access Licenses
If you need one or two Virtual Machines beside the SBS 2008 or 2011 the Windows Server 2012 Standard is an ideal solution.
One thing to keep in mind is that when the Virtual Machines also are installed with Windows Server 2012, the SBS 2011 client access license (CALs) are not covered. SBS CALs cover for all servers in your SBS domain but up to the same version as is the base operating system (OS) of your SBS version. So with SBS 2008 this is Windows Server 2008 and for SBS 2011 this is Windows Server 2008 R2, if you install a newer version of Windows Server you need to buy separate CALs.

Overview
Enough considerations on which OS you could install on the physical hardware as Hyper-V Host. You have to keep in mind there is not one best choice available it all depends on your situation, do you already have licenses that can be used, are you comfortable using a server installation without a gui, how many Virtual Machines do you need to run, etc, etc. To make some choices easier here a little table with the different versions:

Version Memory Limit Virtualization rights
Windows Server 2008 R2 Standard (SBS 2011 PAO) 32 GB 1 + 1
Windows Server 2008 R2 Enterprise 2 TB 1 + 4
Windows Server 2008 R2 Datacenter 2 TB 1 + unlimited
Hyper-V Server 2008 R2 1 TB None
Hyper-V Server 2012 4 TB None
Windows Server 2012 Standard 4 TB 1 + 2
Windows Server 2012 Datacenter 4 TB 1 + unlimited

 
Because licensing is complex material I would recommend you contact your distributor or reseller if you have any doubt about the solution you would like to choose and verify if it fits your company.
If you want to read more about virtualization and licensing I would suggest reading this excellent post: http://www.aidanfinn.com/?p=13090

 
Let’s continue with some other considerations if you could or could not virtualize the SBS 2008 or 2011 server.

SBS Backup
With SBS 2008 Microsoft introduced a wizard for configuring a backup, SBS Backup it is based on the Windows Backup but has its own configuration and monitoring options via the SBS console. It is easy to use and has no additional costs, you can configure backup to multiple disks, only thing is it only uses USB disks.

Problem is Hyper-V does not support USB redirection so you cannot attach the USB disks to a Virtual Machine and use them for SBS Backup. Of course there are some workarounds possible to attach an USB disk to a Virtual Machine, see this blog post http://blog.ronnypot.nl/?p=721 for some information, but this is probably not a supported workaround.
You can also create VHD files and attach them to the Virtual Machine and use them for SBS backup, but these VHD files are not attached and detached automatic and are not stored offline by default. You have to consider if this is a good alternative for you. Another option would be not using the wizards and interface but create command scripts using the command version (wbadmin.exe) of Windows Backup.

So if you want to use SBS Backup the way it is intended with USB disks, virtualization is not a good option.

USB redirection
As said there is no USB redirection with Hyper-V, this is for USB hard disks, but also for all other USB hardware, so no USB printers, scanners, drivers, dongles or what so ever.

Hardware
As there is no USB redirection it also is not possible to redirect some other hardware like, Fax boards, other pci cards, hardware dongles, etc.

So if you have any specific hardware that needs to be connected to a Virtual Machine you have to make sure this is possible, but in most cases this might be a configuration where virtualization is not an option.

Conclusion
The question to virtualize or not to virtualize cannot be simply answered with just a true or false, it all depends on many factors, decisions and considerations. Hope the information given in this blog will help you making the decision if you would virtualize your SBS 2008 or 2011 server or not.

 

Posted in Blog, Hyper-V, SBS 2008, SBS 2011, Windows 2008R2, Windows 2012 at February 8th, 2013. 1 Comment.

Windows Management Framework 3.0 with Small Business Server and Exchange servers (Updated)

Last week microsoft released Windows Management Framework (WMF) 3.0 which includes Powershell 3.0 (KB2506146 for Windows 2008 SP2 and KB2506143 for Windows Server 2008 R2) as an optional Windows update. So everyone can approve and install the update via Windows update, WSUS or any other updating mechanism you are using.

But installing this update on a Small Business Server (SBS) 2008 and 2011 or on an Exchange Server 2007 and 2010 will give all kind of trouble.

Symptoms for an Exchange Server:
Installation of Exchange update rollups will fail one of the errors is: error code of 80070643.

The Exchange Team wrote this blog about this issue. It states: “Windows Management Framework 3.0 (specifically PowerShell 3.0) is not yet supported on any version of Exchange except Exchange Server 2013. If you install Windows Management Framework 3.0 on a server running Exchange 2007 or Exchange 2010, you will encounter problems, such as Rollups that will not install, or the Exchange Management Shell may not run properly.”

Symptoms for a Small Business Server:
When running some SBS wizards like the Fix My Network wizard it will end up with errors about access denied for the Exchange Management Shell.
Also other kind of problems may occur with the Exchange and / or SharePoint 2010 Management Shell and as written for Exchange Servers installation of Exchange update rollups may fail.

On the Small Business Server Blog there is a post on these issues.

Recommendation for both Exchange and Small Business Servers is to NOT install the Windows Management Framework 3.0 update at this time. If you already installed the update and encoutered the previously described problems, uninstall the update. Your server should be fine when it comes back online after a restart.

Update:
There is another problem reported in the Small Business Technet forum uninstallation of the also removes a registry key that gives problems to the event log. This is the key that is deleted: “HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ WINEVT \ Channels \ ForwardedEvents”

Anytime later in the same post there is a mention that the updates are removed from Microsoft Update:

As a result of these regressions and feedback from customers and experts like you, we have expired the WMF 3.0 Update for all platforms (Windows 7, Server 2008, and Server 2008 R2) as of 5:07 pm PDT.

2506143 Windows Management Framework 3.0 for Windows 7 (KB2506143)
Windows Management Framework 3.0 for Windows 7 for x64-based Systems (KB2506143)
Windows Management Framework 3.0 for Windows Server 2008 R2 for x64-based Systems (KB2506143)

2506146 Windows Management Framework 3.0 for Windows Server 2008 (KB2506146)
Windows Management Framework 3.0 for Windows Server 2008 for x64-based Systems (KB2506146)

We’re engaged in an internal post-mortem to identify and resolve the issuesthat led to these updates being released that resulted in the regressions.

We work hard to ensure updates always release with an exceptionally high quality bar. That bar was not met for these updates and we’re working to ensure we can prevent this from happening again. Thank you for your feedback through this and other channels – and please keep providing helpful feedback so we can continue to improve.

doug neal
Microsoft Update (MU)

Windows Server 2012, the end of Windows Small Business Server Standard

Today Microsoft announced the Windows Server 2012 editions, they have simplified the licensing. There are coming dramatic changes and there will only be four editions, Datacenter, Standard, Essentials and Foundation. For more details see this post on the official site and the licensing datasheet.

There is also a FAQ with most common questions answered. Specific I would point to Q33 because this will sign the end of an era Windows Small Business Server.

Q33: Will there be a next version of Windows Small Business Server 2011 Standard?

No. Windows Small Business Server 2011 Standard, which includes Exchange Server and Windows server component products, will be the final such Windows Server offering. This change is in response to small business market trends and behavior. The small business computing trends are moving in the direction of cloud computing for applications and services such as email, online back-up and line-of-business tools.

The Small Business Server Essentials product introduced with version 2011 with a connection to Office 365 will be kept but renamed to Windows Server 2012 Essentials, so it also will lose the product name SBS. Here is the official announcement on the SBS Blog.

So as expected Microsoft is changing their complete focus with Windows Server 2012 to cloud optimized solutions and the Windows Small Server doesn’t fit in this picture anymore.

Posted in Blog, SBS 2011, Windows Server 2012 at July 5th, 2012. 3 Comments.

Can’t connect to the remote computer because the Remote Desktop Gateway server is temporarily unavailable error via SBS 2011 RWA

When you try to connect to your SBS server via Remote Web Access you get the following error:

“Your computer can’t connect to the remote computer because the Remote Desktop Gateway server is temporarily unavailable. Try reconnection later or contact your network administrator for assistance.”

In this case it happened because there was installed a third party web application. This application needed to run as a 32-bit application. So the DefaultAppPool in Internet Information Server (IIS) was set to Enable 32-Bit Applications to True.

Solution: Start Administrative Tools, Internet Information Server Manager, choose Application Pools and select DefaultAppPool and choose Advanced Settings… on the right menu.

To get the Remote Web Access working again you need to change the Enable 32-Bit Applications setting to Disabled again.

Please note, this would probably destroy your web application, so before changing the setting contact you third party web application supplier to make sure there is a solution available or you have to move the application to another server.

Posted in Blog, SBS 2011 at February 6th, 2012. 3 Comments.

SBS Migration before you start

Because I get and see a lot of questions on the forums about migrations, how to’s but also about failures and people who don’t have backups to start over. So in this article I would put down some information what you could do to get your migration to a good end. Of course there is no one hundred percent guarantee, but there are some basics you should do that will help to bring it to a good end. I am writing this for a SBS migration but the steps can be used for most migration paths, SBS – SBS, Windows Server – SBS, SBS – Windows Server, Windows Server – Windows Server but also for Exchange migrations. It would be wise to read all information before you start your migration.

Backup

First thing before you even start should be to make sure you have a good backup. Make sure you have tested your server backup, so might something go wrong during migration you always can go back to the original situation. It sounds like something you should take for granted, but you would not be the first one that starts the migration and something went wrong and would go for recovery and then they came to the conclusion there wasn’t a good backup at all. So always test it before you start!

If your original server is a SBS 2003 server you can use the built in backup solution, see this document how to use it: Backing Up and Restoring Windows Small Business Server 2003.

Getting familiar with the migration process

Second before you even start with the migration would be getting yourself familiar with the migration process. What migration you are going to do (there are more guides available) you should at least read through the complete guide so you know what you can expect. Better would be to do a test migration, make a copy of your original server (backup or image) to another physical or virtual machine in a separated network environment and complete the migration process. Than you know exactly what you can expect during the migration. If you do not get a good feeling by the process just do it over and over again or get yourself some help by another it professional before you start the migration for real.

If you are not familiar with SBS 2011 there is a lot of online material (video’s, click thru’s, hands-on labs, etc) that can help you getting familiar with the configuration: Link 1, Link 2

Check the health of your source server

Next thing to do is to make sure your source (original) server is in a clean state and configured correctly. If the source server has already got problems before you start the migration, this will certainly end up in problems or failures.

What you at least should do, make sure your server is up to date with updates, service packs, fixes, etc. Run the best practice or health analyzers for your product(s), it will give you all kind of information about what is configured wrong. Run tools like dcdiag.exe and netdiag.exe to check your server configuration. Check your servers even logs for warning en error messages.
Make sure you fix all problems before you start the migration!

Beside the information given in the migration guides, these articles will give you some good advice about preparing your source server:

Setup phase

When your server is completely healthy, configured right, read all information in the previous steps and you are prepared. Make sure you follow your migration guide step by step and only continue when you are absolute sure you’ve completed the step entirely. Take your time; no one will notice anything from the migration until you are going to move data.

There are still some issues you could run into during the setup phase:

One of the problems that could give a failure is there is a time or time zone difference between the source and destination server. Make sure the time on the destination server is setup correctly in the bios.
Do not choose to install updates during the installation, this would take a lot of extra time and can give all kind of troubles during the installation / migration. It is best practice to install updates after you completed the installation.

Also see this article for some other known issues: SBS Team keys to success part 2 the setup phase.
When you run into a “Cannot connect to the domain” error message in the early stage of the installation there are still some steps you could do, see this article.

Now the actual installation can start, please not that this will take a couple of hours, so when the blue progress bar appears you could leave the server alone for a while.

Post Setup phase

When installation went successful you will see a screen Installation Finished, Run the Migration Wizard to continue migrating to Windows SBS. But if you ran into any problem, error or something else goes wrong, don’t just continue; make sure you completely understand what your problem is. Look at the SBS Team keys to success part 3 post setup and common failures for some known issues and resolutions. If your error is not there and you have no clue, ask some professional or try some community forum like: SBS Technet Forum or Expert Exchange they might have a solution. Otherwise it would be good to start over because continue with errors will in most cases end up in a bigger unresolvable problem.

Guides:

Here you will find some links to additional useful information and migration guides:

For a different migration approach with support you also take a look at SBS migration.

For a lot of SBS 2011 information also take a look at my SBS 2011 index file with a lot of installation and configuration and all kind of other information.

.

Posted in Blog, SBS 2008, SBS 2011 at January 12th, 2012. 5 Comments.

SBS 2011 Migration preparation tool: Error is found in DNS Zone domain.local

When running the Windows Small Business Server 2011 Standard Migration Preparation Tool it errors out with: “Error is found in DNS Zone domain.local”.

Description: In DNS zone domain.local, your local server is not in the name server records. Migration will fail without fixing this issue. Go to http://support.microsoft.com/kb/2578426 for more details.

When you just follow the link proposed you will find some possible solution for checking if the dns zone is set to Type: Active Directory-Integrated and that Dynamic updates is set to Secure only. Also to make sure on the Name Servers tab the source server is listed with correct name and / or ip address.

All those settings were correct but the error keeps occuring. After some more research I found this thread with the same issue, solution for this thread was contacting microsoft support who complete rebuild the dns zone. With this information I had seen a minor difference with other SBS dns servers.

In this customers DNS server when you take a look within the domain.local forward zone there was no _msdcs entry. There was a _msdcs.domain.local zone, so everything was like this picture accept the record within the red circle was missing.

After noticing that the solution is as follows:

1. First delete the _msdcs.domain.local dns zone (of course it would be wise to start with making a good backup, but this should have been done before you even start with running the migration preparation tool)
2. Create a new primary forward dns zone, _msdcs.domain.local
3. Open a command prompt and run ipconfig /registerdns
4. Last restart the net logon service. After restaring the net logon service all the _msdcs.domain.local and the _mcdcs record are automatically recreated.

Re-run the migration preparation tool and the error was gone.

Update: There has now been a official SBS Team post on this issue, read here for additional information.

Posted in Blog, SBS 2011 at October 20th, 2011. 17 Comments.

How to: disable or change the 4 digit pin code that is enabled after mobile device connects to the Exchange 2010 within SBS 2011

After you have configured your mobile device to receive its business e-mail via ActiveSync from your SBS 2011 Exchange 2010 server, it is asking for a 4 digit pin code. This is because the default configuration on the SBS 2011 Exchange Server is to require a password for ActiveSync devices when they are going to synchronize with your server.

To disable or change this feature open Exchange Management Console, go to Organization Configuration, Client Access and choose the Exchange ActiveSync Mailbox Policies. Do properties on the Default policy and select the Passwords tab.

To completely disable the password remove the check at Require password. Of course you can also change the settings to your own requirements.

You can also create separate Mailbox policies with different settings, so you can set other policies for different users. When you create a new policy and want to attach it to a user, go to Recipient Configuration, Mailbox, do properties for the Mailbox user you want to change the policy.

Select the Mailbox Features tab, select Exchange ActiveSync and choose properties, now you can browse to select the other policy you have created.

Some additional information about what settings you can control with the ActiveSync policy are listed over here: Understanding Exchange ActiveSync Mailbox Policies

Please note not all features are supported with all kinds of mobile clients, so before you configure the settings make sure the settings are supported with your type of mobile devices.

Posted in Blog, Exchange 2010, Howto, SBS 2011 at October 11th, 2011. 7 Comments.

Administrator does not have Exchange administrator rights

I came to this answering questions on the Small Business Server technet forum

When you are creating a new user account via the SBS Console, the creation of the e-mail address fails with the following warning: “Administrator Adminname does not have Exchange administrative rights.”

And when the wizard finished there was no mailbox created. When you go to the Exchange management console you can create mailboxes without any problem.

Solution: This problem occurs when the SBS Administrator account has it’s primary group set to Domain Admins, when you change it back to “Domain Users” the problem does not occur anymore. The primary group can be set by using Active directory users and computers go to the properties of the admin user and than to the Member of tab, select the Domain users group and tick Set Primary Group.

Posted in Blog, SBS 2011 at August 8th, 2011. 3 Comments.

Event ID 10016, DistributedCOM: The application-specific permission settings do not grant Local Activation permission for the COM Server application (2)

I have posted about this issue before, this was about this CLSID {61738644-F196-11D0-9953-00C04FD919C1}, click here to read.

Beside that error, probably after a recent update I have seen this similar error:

The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{000C101C-0000-0000-C000-000000000046}
and APPID
{000C101C-0000-0000-C000-000000000046}
to the user domain\spfarm SID (S-1-5-21-1813126608-4190571182-3204100927-3160) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

The big difference with the other error is when you go to the Dcom config, security the option are all greyed out. So you need to do some additional steps:

Open registry editor (run regedit.exe), browse to Hkey_classes_root\AppID\{000C101C-0000-0000-C000-000000000046} right click and choose permissions.

Choose Advanced

Go to the Owner tab, select the Administrators (Domain\Administrators) group under Change owner to and select the replace owner on subcontainers and objects. Choose OK to close the window. You will return to the permissions window.

Select Administrators (Domain\Administrators) and set Allow Full Control permissions.

After you have done the above settings you go to Administrative Tools – Component Services. Expand Component Services, Computers, My Computer, DCOM Config. Scroll way down till you find the {000C101C-0000-0000-C000-000000000046} icon, right click and choose properties.

Go to the security tab, select customize at Launch and Activation Permissions and choose Edit…

Select the SharePoint Farm Account and set the Local Activation right.

Posted in Blog, SBS 2011 at July 25th, 2011. 20 Comments.

SBS 2011 migration preparation tool must be member Domain Admins, Enterprise Admins, or Schema Admins error

When running the Windows Small Business Server 2011 Standard Migration Preparation Tool, keeps coming with the following popup error:

To prepare the source server for migration, you must be a member of all of the following security groups: Enterprise Admins, Schema Admins, and Domain Admins. For additional information, see the article at http://go.microsoft.com/fwlink/?LinkId=190413

But despite the account is member of all the given security groups, it won’t continue and keeps giving this message.

Solution: The message will also keeps popping up when one of the three groups is configured as the primary group. Change the primary group via Active directory users and computers to Domain Users.

Posted in Blog, SBS 2011 at July 8th, 2011. 22 Comments.
Sharing Buttons by Linksku