>

Event ID 10016, DistributedCOM: The application-specific permission settings do not grant Local Activation permission for the COM Server application (2)

I have posted about this issue before, this was about this CLSID {61738644-F196-11D0-9953-00C04FD919C1}, click here to read.

Beside that error, probably after a recent update I have seen this similar error:

The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{000C101C-0000-0000-C000-000000000046}
and APPID
{000C101C-0000-0000-C000-000000000046}
to the user domain\spfarm SID (S-1-5-21-1813126608-4190571182-3204100927-3160) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

The big difference with the other error is when you go to the Dcom config, security the option are all greyed out. So you need to do some additional steps:

Open registry editor (run regedit.exe), browse to Hkey_classes_root\AppID\{000C101C-0000-0000-C000-000000000046} right click and choose permissions.

Choose Advanced

Go to the Owner tab, select the Administrators (Domain\Administrators) group under Change owner to and select the replace owner on subcontainers and objects. Choose OK to close the window. You will return to the permissions window.

Select Administrators (Domain\Administrators) and set Allow Full Control permissions.

After you have done the above settings you go to Administrative Tools – Component Services. Expand Component Services, Computers, My Computer, DCOM Config. Scroll way down till you find the {000C101C-0000-0000-C000-000000000046} icon, right click and choose properties.

Go to the security tab, select customize at Launch and Activation Permissions and choose Edit…

Select the SharePoint Farm Account and set the Local Activation right.

Posted in Blog, SBS 2011 at July 25th, 2011. 20 Comments.

Windows Small Business Server 2011 installation and configuration – Part 16 Configuring “Configure a virtual private network (VPN)”

Go directly to SBS 2011 index file. With links to all articles from this serie.

After we have finished with Part 15 Configuring “Software update settings” we go to the Network page of the SBS console and choose for the connectivity tab.

In this part we are going to setup virtual private network (VPN) so people can connect to your network from a remote location / connection and access the network as if they are connected in the local office. First we are going to configure the server and further on how to configure a connection from a windows 7 workstation.

Server configuration:

On the right connectivity task bar we choose “Configure a virtual private network”.

The configuration of the server is really easy, choose Allow users to connect to the server by using a VPN.

And the server part is ready. Only thing that could happen is the wizard cannot automatic configure your router. If you choose View Warning Details.

You see that the only thing you have to do is open port 1723 on your router and let it through to your SBS server.

Workstation configuration:

How to setup a VPN connection from a windows 7 workstation, go to the Network and Sharing Center.

Choose Set up a new connection or network, a new wizard will start.

Choose Connect to a workplace (set up dial-up or VPN connection to your workplace.)

Now we choose Use my Internet connection (VPN) Connect using a virtual private network (VPN) connection through the internet.

Now we are going to setup the internet address, this is the fqdn or ip address the vpn connection must connect to. At destination name give a logical name for this connection.

The three other options on the screen are really straight forward, choose use a smart card if smart card logon is configured. Allow other people to use this connection if all people who use this computer may use this vpn connection and don’t connect now if you will not connect the vpn connection directly after configuration is finished.

Give in your user name, password and domain name. My opinion is never use the remember this password, because if anyone takes your workstation they can simply connect to your network.

Setup is finished, you can now choose Connect now to connect your vpn connection.

When you connect and haven’t checked the remember the password option you will get this username and password windows and you just have to enter your password.

And the connection is made, you are now able to access your network as if you were connected on the local area network.

Some additional information:

You can see if your VPN connection is connected, by choosing this icon on the right bottom part of your taskbar. You can also right click the connection to disconnect it.

If you got this Error 812: The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the Administrator of the RAS server and notify them of this error.

Probably the user does not have the right to make a vpn connection. Go to the properties of this user.

And go to the Remote Access part, make sure the “User can access virtual private network” option is enabled.

Additional information: Here is a really good article that describes the whole VPN setup (it is for 2008 but this is almost the same in SBS 2011)

Go back to Part 15 Configuring “Software update settings”

Posted in Blog, Howto, SBS 2011 at March 18th, 2011. 38 Comments.

Windows Small Business Server 2011 installation and configuration – Part 15 Configuring “Software update settings”

Go directly to SBS 2011 index file. With links to all articles from this serie.

After we have finished with Part 14 Configuring “Add a new report” we go to the security page of the SBS console and choose for the updates tab.

Here you see an overview of the windows updates if there are updates pending for approval or errors you can see them over here. Also By default Optional Updates are not installed automatically.

Right click an update and choose if you want to deploy or decline the selected update.

If you choose approve you get this warning message, to continue click OK.

And another message that it could take 4 till 24 hours before the update will be deployed to the computers on your network.

After you approved or declined all updates we are going to take a look on the software update settings. On the right taskbar choose “Change the software update settings”

On the Server Updates part, choose the update level you would set for your servers. Think carefully before you set this setting to high and approve every update automatically. If it may go wrong it concerns your server.

On the Client Updates part, you choose the same setting as on server updates but this time for client computers.

On the Schedule part you choose separate for server and client if you would install the updates automatic during a schedule or only notify the new updates are available.
Note!! Is you choose for automatic installation and an update requires a restart the client or server will automatically restart at that time. So think twice before you set this for a server computer.

On the Included Computer part, you can add or remove if a server or client computer must be part of the software update group. If you have some very important client computers that may never restart automatically. You can select the client computer and choose Modify…

And change the update group, so if you leave the settings for server not to automatically install and restart change the Update Group to the Server Computers. The selected client will now perform updates according to the Server Computers settings.

Go back to Part 14 Configuring “Add a new report”
Continue to Part 16 Configuring “Configure a virtual private network (VPN)”

Posted in Blog, Howto, SBS 2011 at March 10th, 2011. 6 Comments.

Windows Small Business Server 2011 installation and configuration – Part 14 Configuring “Add a new report”

Go directly to SBS 2011 index file. With links to all articles from this serie.

After we have finished with Part 13 Configuring “Connect a computer to your network” we go back to the SBS console and go to the Reports section to setup reporting.

By default there are 2 reports created, 1 daily summary and 1 detailed weekly. You can change these reports as you like. For now we are going to create a new report. So choose “Add a new report” on the right Network Report Tasks section.

On the General part we give the report a name and description.

On the Content part we choose what content we want in our report.

In the E-Mail Option part we can choose if we want to e-mail the report and to who. You can choose to send it even to an e-mail address outside your organization.

On the schedule part we can choose to generate the report daily or weekly and at what time.

When finished choose OK.

Now when you select your report you have a few option on the right My report Tasks pain.

View Report properties, you can change the properties set before.

Generate report, the report is generated immediately and the results are displayed in the section below.

Generated and e-mail report, the same as previous only the report is e-mailed to the recipient(s) you have configured in your report.

View archives, you can select to view older reports.

This is a part of a summary report, where you can easy see if there are errors on your server. You see a Details option for the items you selected in your report.

And this is how a detailed report for Backup and E-Mail Usage and Mailbox Sizes look like.

So you can make as many reports and send them to different people, this could be very useful.

Go back to Part 13 Configuring “Connect a computer to your network”
Coninue to Part 15 Configuring “Software update settings”

Posted in Blog, Howto, SBS 2011 at March 2nd, 2011. 7 Comments.

Windows Small Business Server 2011 installation and configuration – Part 11 Configuring “Add a new user role”

Go directly to SBS 2011 index file. With links to all articles from this serie.

After we are finished with Part 10 Configuring “Add a new group” we go to the “Users and Groups” page of the SBS console and then the Users Roles tab.

A user role is a sort of template set of rights, group member ship and some default settings. You can use the roles to control rights, membership and settings for a group of user accounts. Also as template for creation of new user accounts so the account will have a default set of rights, membership and settings.

By default there are 3 user roles configured, Standard User, Network Administrator and Standard User with administration links. You can change or create user roles as you like.

We are going to create a new user role, choose “Add a new user role” in the task pane.

Give the user role a logical name and description. Then you have to choose if you would like to base the new role on an existing role or start from scratch.
Check “The user role appears as an option in the Add New User Account Wizard and in the Add Multiple New User Accounts Wizard” if you would like to use the new user role or uncheck if you will not give the new user role free for now.
Check “The user role is the default in the Add New User Account Wizard and in the Add Multiple New User Accounts Wizard” If you would like this role default for creation of new users.

Choose Add to add the security and distribution groups user who get this role must be member of.

Now we can choose to enforce a mailbox quota and the size of the quota or to turn off the mailbox quota. Also we can configure if members may access Outlook Web Access.

Here we can configure if these users may or may not have Remote Web Access or Virtual private network (VPN) access.

Configure if the users may or may not have Quota on Shared Folders. Also you can enable folder redirection to the server, when enabled, the local (my) documents and desktop folder will be synchronized to the server. You can choose to put a Quota on this folder as well.

The new user role was added successfully. You can now choose to directly create (multiple) new user accounts. For now we choose finish, Add a new user account will follow in the next part.

Go back to Part 10 Configuring “Add a new group”
Continue with Part 12 Configuring “Add a new user account”

Posted in Blog, Howto, SBS 2011 at February 10th, 2011. No Comments.

Windows Small Business Server 2011 installation and configuration – Part 10 Configuring “Add a new group”

Go directly to SBS 2011 index file. With links to all articles from this serie.

After we are finished with Part 9 Configuring “Add a new shared folder” we go to the “Users and Groups” page of the SBS console and then the Groups tab.

In the next parts we are going to create User Groups, Roles and Accounts. My advice is to start with the creation of User Groups because these groups can be used with the creation of User Roles. User Roles are a set of rights, membership and settings that can be attached to User Accounts.

Choose “Add a new group” on the tasks pane.

The wizard starts with an overview about what we are going to do.

Give the group a logical name and description. Then decide if the group is a Distribution group (used to send an e-mail message to all user accounts that belong to this group) or a Security group (used to set security and access right to files, folders and/or applications). It’s also possible to mail-enable the security group so this can also be user to send email to all members.

Add immediately user accounts as members of the group.

The new group has been created.

Now we return to the SBS Console. If you would like to change some settings, you can choose in the (right) Tasks pain.

Choose Edit group properties.

On the General part, you can change the group name or description. Also you can choose Add… to add new group members.

On the E-mail part, you can enable or disable (in case of a Security group) and set or change a e-mail address for the group and set the option receive or not receive e-mails from people outside of your organization. In the case of a security group you also have the possibility to archive the e-mail in a public folder.

Go back to Part 9 Configuring “Add a new shared folder”
Continue with Part 11 Configuring “Add a new user role”

Posted in Blog, Howto, SBS 2011 at February 7th, 2011. No Comments.

Installation error Exchange 2007 on Windows 2008 R2

Exchange 2007 (no-SP, SP1 and SP2) isn’t supported on Windows 2008 R2, but since SP3 it is. As my installation disc / iso only contains Exchange 2007 SP1 I had to install first this iso and then directly update it to SP3.

Installations looks to go well. But first got a warning on the hub transport: “Setup cannot detect an SMTP or Send connector with an address space of ‘*’.”.

This warning could be ignored, the only thing we have to do after installation is create a SMTP connector, more information about this read here.

But at the end of the installation the Mailbox Role Failed with error: “An error occurred. The error code was 3221684229. The message was Access is denied..”

Solution:
To get the Mailbox Role installed we have to set the compatibility mode from the exchange setup.exe to Windows Server 2008 (Service Pack 1) and run the setup again and add the Mailbox Role.

Now installation goes fine.

After you finished the installation please update Exchange 2007 directly to SP3.

Posted in Blog, Exchange 2007, Windows 2008R2 at February 3rd, 2011. 1 Comment.

Windows Small Business Server 2011 installation and configuration – Part 9 Configuring “Add a new shared folder”

Go directly to SBS 2011 index file. With links to all articles from this serie.

After we are finished with Part 8 Configuring “POP3 connector” we go to the “Shared Folders and Web Sites” page of the SBS console and the Shared Folders tab.

Choose “Add a new shared folder” on the tasks pane.

Now we are going to select a folder we would like to share, choose Browse.

Browse to the folder you would like to share. If you have not created a folder yet, you can create one with Make New Folder.

After we selected the folder, you can choose to do or do not change the NTFS permissions. If you already set them you can skip these by choosing No. I have not set the permissions so we choose for Yes, change NTFS permissions and choose Edit Permissions…

By default the file permissions are set to Administrator and System have Full Control access, Users only Read & Execute and Creator Owner may create files and folders. This means everyone can create files and folders but only change the ones created by them. Others can only read those files, so we gave the Users group Modify rights so everyone can change files and folders.

Now we are going to give the share a name, in this case we haven’t installed NFS so we are not able to set this. Just give the share an appropriate name, if you add a $ sign at the end of the share name it will be a hidden share and not visible if someone browse the network.

Here we are able to set some additional features, so choose Advanced…

On the User Limits tab we can limit the number of users that can access the share, default value is maximum allowed. The other option we can set is access-based enumeration, this is a really nice option, when this is enabled users only see folders if they have access permissions.

On the Caching tab you can set if and how files are available for offline caching.

Now we are going to configure the share permissions. Just keep in mind that when you set the share permissions to only read access, you only have read access on the files and folders, no matter what you have configured (modify or owner) over there.
If the default options don’t fit, you can choose Users and groups have custom share permissions: and choose Permissions…

By default the share permissions are set to Read, if people must modify files and folders you have to check Change.

You can apply quota settings to the share, there are six default quota policies defined. But you can create or edit these as you like, you have to do this via the File Server Resource Manager.

This is a nice feature you can apply a file screen to a share and block typical files. So if you have a data only share you can choose to block executable files for security reasons. There are five default file screens available, you can create or edit these screens via the File Server Resource Manager.

If you have configured a DFS namespace you can publish the share to the DFS namespace.

An overview of the options you have chosen, choose Create to create the share.

You have successfully created a network share.

Go back to Part 8 Configuring “POP3 connector”
Continue with Part 10 Configuring “Add a new group”

Posted in Blog, Howto, SBS 2011 at February 1st, 2011. 2 Comments.

Windows Small Business Server 2011 installation and configuration – Part 8 Configuring “POP3 connector”

Go directly to SBS 2011 index file. With links to all articles from this serie.

After we are finished with Part 7 “Configuring Server Backup” we go to the “Network” page of the SBS console and the connectivity tab.

Right click on POP3 Connector and choose view POP3 Connector properties.

Here we choose Add… to add a the POP3 mail account(s)

Enter all information from you POP3 mail account. At the Windows Small Business Server e-mail account you choose a SBS account where the pop mail has to be delivered.
Because you have to choose an account here to deliver it is just like SBS 2008 POP3 connector not possible to use a catch all address and deliver directly to the e-mail addresses used in the header.

On the scheduling option you can configure the retrieve e-mail time, you cannot set a value lower than 5 minutes.
If you would like to force an immediate connection you can click Retrieve now.

Issue I ran into:

After I configured the POP3 connector and tried retrieving e-mail the mail disappeared from my isp but it didn’t come into my Exchange mailbox.
Some research led met to the C:\Program Files\Windows Small Business Server\Logs\pop3connector\ pop3service.log file. The following failure information was found:

[t 0] 01/22/11, 17:16:21: (SMTP) [RX] 550 5.7.1 Message rejected as spam by Content Filtering.
[t 0] 01/22/11, 17:16:21: Failure hrResult (0x800ccc69) trying to deliver message id 1:
[t 0] 01/22/11, 17:16:21: SMTPRESPONSE: * * * !Failed! * * *
[t 0] 01/22/11, 17:16:21: * * * * * *
[t 0] 01/22/11, 17:16:21: * * * 0x800ccc69 * * *
[t 0] 01/22/11, 17:16:21: Command: [SMTP_DOT]
[t 0] 01/22/11, 17:16:21: Completed: Yes.
[t 0] 01/22/11, 17:16:21: IxpResult:
[t 0] 01/22/11, 17:16:21: —> —> —> hrResult: 0x800ccc69
[t 0] 01/22/11, 17:16:21: pszResponse: 550 5.7.1 Message rejected as spam by Content Filtering.
[t 0] 01/22/11, 17:16:21: uiServerError: 550
[t 0] 01/22/11, 17:16:21: dwSocketError: 0
[t 0] 01/22/11, 17:16:21: pwszProblem:
[t 0] 01/22/11, 17:16:21: 550 is an ignorable error; will continue as if it were successful.
[t 0] 01/22/11, 17:16:21: Message saved to “C:\Program Files\Windows Small Business Server\Data\badmail\550\{908DEBAB-55D1-4048-AF50-558D65567607}”.
[t 0] 01/22/11, 17:16:21: (SMTP) [TX] QUIT

Read More…

Posted in Blog, Howto, SBS 2011 at January 27th, 2011. 47 Comments.

Windows Small Business Server 2011 installation and configuration – Part 7 configuring “Configure Server Backup”

Go directly to SBS 2011 index file. With links to all articles from this serie.

After we are finished with Part 6 configuring “Move server storage (data) to other partition(s)” and moved all data to another partition. We go back to “Home” page of the SBS console and choose for “Configure Server Backup”.

The wizard start with some information about what we are going to do.

In this screen you will see your attached external disk drives. Because I have installed SBS 2011 in a Hyper-V virtual machine I have to check “Show all valid internal and external backup destinations” so I can use a special created disk for backup purposes.

Advice is to use a minimum of 2 or better more disks for your backup, so you can always keep minimal one disk away from the server or better out of the office for something happens with the server or building.

Note that the disk you choose will be formatted and can only be used for backup storage and nothing else. If you use SCSI vhd files you can evenly hotswap the virtual drives from your SBS 2011 virtual machine.

If you use your SBS 2011 as a virtual machine you can also attach your usb disk connected to your host, read here how to attach your usb disk.

Give your disk a meaningful label. You will see here all disk you checked in the previous window.

Choose the partitions you would like to backup.

Choose your backup schedule, you can create it the way you like.

An overview of your selections.

You get a warning because now your disks will be formatted and all data on the disks is lost.

Depending on the size, type and number of the disks it could take some time.

Your server backup is now configured.

You can find the backup job under Backup and Server Storage and then the tab Backup.

This is also the place where you can change the backup job, schedule, selected partitions, remove or add backup disks and restore a backup job.
I would write something about restoring a backup job later.

For how to do a full server restore click here.

Go back to Part 6 configuring “Move server storage (data) to other partition(s)”
Continue with Part 8 Configure “POP3 connector”

Posted in Blog, Howto, SBS 2011 at January 22nd, 2011. 16 Comments.
Sharing Buttons by Linksku