Sunday, December 13, 2009
Sunday, April 5, 2009
What’s new in Windows Server 2008
Active Directory Domain Services (formerly known as Active Directory) and Identity Management in Windows Server 2008 now cover several different services:
Active Directory Domain Services (AD DS)
Active Directory Federation Services (AD FS)
Active Directory Lightweight Directory Services (AD LDS)
Active Directory Rights Management Services (AD RMS).
Active Directory Certificate Services (AD CS)
Each service represents a Server Role, a new concept in Windows Server 2008.
There have been a lot of new features and functions added to the Active Directory in Windows Server 2008.
In this article I will focus on the Active Directory Domain Services (AD DS) in Windows Server 2008, which includes several enhancements and new features compared to Windows Server 2003.
Here is a short overview of the main changes and new Domain Services functionality, which I will focus on in this article:
Active Directory Domain Services - Read-Only Domain Controllers
Active Directory Domain Services - Restartable Active Directory Domain Services
Active Directory Domain Services - Fine-Grained Password Policies
Active Directory Domain Services
The Domain Services functionality has been carried forward and updated in Windows Server 2008, along with an improved setup wizard (Server Manager). This also provides new management options for AD DS features such as Read-Only Domain Controllers (RODCs).
The Active Directory Read-Only Domain Controller (RODC) is a new type of domain controller in Windows Server 2008. With an RODC, organizations can easily deploy a domain controller in locations where physical security cannot be guaranteed.
The RODC’s main purpose is to improve security in branch offices. In branch offices it is often hard to get the physical security needed for an IT infrastructure, especially for Domain Controllers that contain sensitive data. Often a DC can be found under a desk in the office. If someone gets physical access to the DC, it is not hard to manipulate the system and get access to the data. The RODC solves these issues.
The essentials of RODC are:
Read-Only Domain Controller
Administrative Role Separation
Credential Caching
Read-Only DNS
Read-Only Domain Controller
RODC holds a non-writable and read-only copy of the Active Directory database with all objects and attributes. RODC only supports uni-directional replication of Active Directory changes, which means that the RODC always replicates directly with the Domain Controllers in the HUB site.
Administrative Role Separation
You can delegate local administrator permissions for the RODC server to any user in Active Directory. The delegated user account will now be able to log onto the server and do server maintenance tasks, without having any AD DS permissions and the user does not have access to other Domain Controllers in Active Directory, this way security is not compromised for the domain.
Credential Caching
Active Directory Domain Services (AD DS)
Active Directory Federation Services (AD FS)
Active Directory Lightweight Directory Services (AD LDS)
Active Directory Rights Management Services (AD RMS).
Active Directory Certificate Services (AD CS)
Each service represents a Server Role, a new concept in Windows Server 2008.
There have been a lot of new features and functions added to the Active Directory in Windows Server 2008.
In this article I will focus on the Active Directory Domain Services (AD DS) in Windows Server 2008, which includes several enhancements and new features compared to Windows Server 2003.
Here is a short overview of the main changes and new Domain Services functionality, which I will focus on in this article:
Active Directory Domain Services - Read-Only Domain Controllers
Active Directory Domain Services - Restartable Active Directory Domain Services
Active Directory Domain Services - Fine-Grained Password Policies
Active Directory Domain Services
The Domain Services functionality has been carried forward and updated in Windows Server 2008, along with an improved setup wizard (Server Manager). This also provides new management options for AD DS features such as Read-Only Domain Controllers (RODCs).
The Active Directory Read-Only Domain Controller (RODC) is a new type of domain controller in Windows Server 2008. With an RODC, organizations can easily deploy a domain controller in locations where physical security cannot be guaranteed.
The RODC’s main purpose is to improve security in branch offices. In branch offices it is often hard to get the physical security needed for an IT infrastructure, especially for Domain Controllers that contain sensitive data. Often a DC can be found under a desk in the office. If someone gets physical access to the DC, it is not hard to manipulate the system and get access to the data. The RODC solves these issues.
The essentials of RODC are:
Read-Only Domain Controller
Administrative Role Separation
Credential Caching
Read-Only DNS
Read-Only Domain Controller
RODC holds a non-writable and read-only copy of the Active Directory database with all objects and attributes. RODC only supports uni-directional replication of Active Directory changes, which means that the RODC always replicates directly with the Domain Controllers in the HUB site.
Administrative Role Separation
You can delegate local administrator permissions for the RODC server to any user in Active Directory. The delegated user account will now be able to log onto the server and do server maintenance tasks, without having any AD DS permissions and the user does not have access to other Domain Controllers in Active Directory, this way security is not compromised for the domain.
Credential Caching
Sunday, March 1, 2009
What is difference between role and features in windows server 2008?
Roles as major functions of the server and Features as smaller add-on packages. Whether it is a role or a feature, these are all Microsoft Windows 2008 add-ons, not 3rd party applications.
Here are some examples of each:
Roles
Windows AD/DC Server,
DNS,
DHCP,
File,
Print,
NAP,
Terminal Server,
IIS,
WDS,
WSS
Features
.NET,
Bitlocker Encryption,
BITS,
Remote Assistance,
SMTP Server,
SNMP,
telnet server & client,
failover,
NLB,
TFTP,
Windows Server Backup,
WINS,
Powershell
Here are some examples of each:
Roles
Windows AD/DC Server,
DNS,
DHCP,
File,
Print,
NAP,
Terminal Server,
IIS,
WDS,
WSS
Features
.NET,
Bitlocker Encryption,
BITS,
Remote Assistance,
SMTP Server,
SNMP,
telnet server & client,
failover,
NLB,
TFTP,
Windows Server Backup,
WINS,
Powershell
Saturday, January 24, 2009
Troubleshooting some common SBS 2003 issues
Subject: Process (store.exe) Alert on ServerName
Alert on ServerName at date time
The store.exe process is allocating more memory than usual.
Check to see if you are having problems with e-mail. If so, stop and then restart the Microsoft Exchange Information Store service. You can disable this alert or change its threshold by using the Change Alert Notifications task in the Server Management Monitoring and Reporting taskpad.
It seems to me that first thing is first, lets determine how much memory store.exe is actually consuming. Also, I would like to know if it really is actually causing a problem in performance. If it is, it may explain why the server appears sluggish to some users.
Determining how much memory store.exe is using now, is not hard of course. Personally, I usually grab Sysinternals process explorer for this, cause it gives me more and better info than the default task manager app, I might grab it later, for now I only want a memory usage overview.
Alert on ServerName at date time
The store.exe process is allocating more memory than usual.
Check to see if you are having problems with e-mail. If so, stop and then restart the Microsoft Exchange Information Store service. You can disable this alert or change its threshold by using the Change Alert Notifications task in the Server Management Monitoring and Reporting taskpad.
It seems to me that first thing is first, lets determine how much memory store.exe is actually consuming. Also, I would like to know if it really is actually causing a problem in performance. If it is, it may explain why the server appears sluggish to some users.
Determining how much memory store.exe is using now, is not hard of course. Personally, I usually grab Sysinternals process explorer for this, cause it gives me more and better info than the default task manager app, I might grab it later, for now I only want a memory usage overview.
Tuesday, January 20, 2009
memory dump file options for Windows Server 2003, Windows XP, and Windows 2000
configure Microsoft Windows Server 2003, Microsoft Windows XP, and Microsoft Windows 2000 to write debugging information to three different file formats (also known as memory dump files) when your computer stops unexpectedly as a result of a Stop error (also known as a "blue screen," system crash, or bug check). You can also configure Windows not to write debugging information to a memory dump file.
Windows can generate any one of the following memory dump file types:
* Complete memory dump
* Kernel memory dump
* Small memory dump (64 KB)
Complete memory dump
A complete memory dump records all the contents of system memory when your computer stops unexpectedly. A complete memory dump may contain data from processes that were running when the memory dump was collected.
If you select the Complete memory dump option, you must have a paging file on the boot volume that is sufficient to hold all the physical RAM plus 1 megabyte (MB).
If a second problem occurs and another complete memory dump (or kernel memory dump) file is created, the previous file is overwritten.
Note The Complete memory dump option is not available on computers that are running a 32-bit operating system and that have 2 gigabytes (GB) or more of RAM.
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
274598 (http://support.microsoft.com/kb/274598/ ) Complete memory dumps are not available on computers that have 2 or more gigabytes of RAM
Back to the top
Kernel memory dump
A kernel memory dump records only the kernel memory. This speeds up the process of recording information in a log when your computer stops unexpectedly. Depending on the RAM in your computer, you must have between 150MB and up to 2GB of pagefile space available based on server load and the amount of physical RAM available for page file space on the boot volume.
This dump file does not include unallocated memory or any memory that is allocated to User-mode programs. It includes only memory that is allocated to the kernel and hardware abstraction layer (HAL) in Windows 2000 and later, and memory allocated to Kernel-mode drivers and other Kernel-mode programs. For most purposes, this dump file is the most useful. It is significantly smaller than the complete memory dump file, but it omits only those parts of memory that are unlikely to have been involved in the problem.
If a second problem occurs and another kernel memory dump file (or a complete memory dump file) is created, the previous file is overwritten.
Back to the top
Small memory dump
A small memory dump records the smallest set of useful information that may help identify why your computer stopped unexpectedly. This option requires a paging file of at least 2 MB on the boot volume and specifies that Windows 2000 and later create a new file every time your computer stops unexpectedly. A history of these files is stored in a folder.
This dump file type includes the following information:
* The Stop message and its parameters and other data
* A list of loaded drivers
* The processor context (PRCB) for the processor that stopped
* The process information and kernel context (EPROCESS) for the process that stopped
* The process information and kernel context (ETHREAD) for the thread that stopped
* The Kernel-mode call stack for the thread that stopped
This kind of dump file can be useful when space is limited. However, because of the limited information included, errors that were not directly caused by the thread that was running at the time of the problem may not be discovered by an analysis of this file.
If a second problem occurs and a second small memory dump file is created, the previous file is preserved. Each additional file is given a distinct name. The date is encoded in the file name. For example, Mini022900-01.dmp is the first memory dump generated on February 29, 2000. A list of all small memory dump files is kept in the %SystemRoot%\Minidump folder.
Back to the top
Configure the dump type
To configure startup and recovery options (including the dump type), follow these steps.
Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.
1. Click Start, point to Settings, and then click Control Panel.
2. Double-click System.
3. On the Advanced tab, click Startup and Recovery.
Back to the top
Tools for the various dump types
You can load complete memory dumps and kernel memory dumps with standard symbolic debuggers, such as I386kd.exe. I386kd.exe is included with the Windows 2000 Support CD-ROM.
Load small memory dumps by using Dumpchk.exe. Dumpchk.exe is included with the Support Tools for Windows 2000 and Windows XP. You can also use Dumpchk.exe to verify that a memory dump file has been created correctly.
For more information about how to use Dumpchk.exe in Windows XP, click the following article number to view the article in the Microsoft Knowledge Base:
315271 (http://support.microsoft.com/kb/315271/ ) How to use Dumpchk.exe to check a memory dump file
For more information about how to use Dumpchk.exe in Windows 2000, click the following article number to view the article in the Microsoft Knowledge Base:
156280 (http://support.microsoft.com/kb/156280/ ) How to use Dumpchk.exe to check a memory dump file
For more information about Windows debugging tools, visit the following Microsoft Web site:
http://www.microsoft.com/whdc/devtools/debugging/default.mspx (http://www.microsoft.com/whdc/devtools/debugging/default.mspx)
Back to the top
Definitions
* Boot volume: The volume that contains the Windows operating system and its support files. The boot volume can be, but does not have to be, the same as the system volume.
* System volume: The volume that contains the hardware-specific files that you must have to load Windows. The system volume can be, but does not have to be, the same as the boot volume. The Boot.ini, Ntdetect.com, and Ntbootdd.sys files are examples of files that are located on the system volume.
Back to the top
Registry values for startup and recovery
The following registry value is used:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\CrashControl
CrashDumpEnabled REG_DWORD 0x0 = None
CrashDumpEnabled REG_DWORD 0x1 = Complete memory dump
CrashDumpEnabled REG_DWORD 0x2 = Kernel memory dump
CrashDumpEnabled REG_DWORD 0x3 = Small memory dump (64KB)
Additional registry values for CrashControl:
0x0 = Disabled
0x1 = Enabled
AutoReboot REG_DWORD 0x1
DumpFile REG_EXPAND_SZ %SystemRoot%\Memory.dmp
LogEvent REG_DWORD 0x1
MinidumpDir REG_EXPAND_SZ %SystemRoot%\Minidump
Overwrite REG_DWORD 0x1
SendAlert REG_DWORD 0x1
Back to the top
Test to make sure that a dump file can be created
For more information about how to configure your computer to generate a dump file for testing purposes, click the following article number to view the article in the Microsoft Knowledge Base:
244139 (http://support.microsoft.com/kb/244139/ ) Windows feature lets you generate a memory dump file by using the keyboard
Back to the top
Default dump type options
* Windows 2000 Professional: Small memory dump (64 KB)
* Windows 2000 Server: Complete memory dump
* Windows 2000 Advanced Server: Complete memory dump
* Windows XP (Professional and Home Edition): Small memory dump (64 KB)
* Windows Server 2003 (All Editions): Complete memory dump
Back to the top
Maximum paging file size
Maximum paging file size is limited as follows:
Collapse this tableExpand this table
x86 x64 IA-64
Maximum size of a paging file 4 gigabytes 16 terabytes 32 terabytes
Maximum number of paging files 16 16 16
Total paging file size 64 gigabytes 256 terabytes 512 terabytes
Note When the Physical Address Extension (PAE) option is enabled for an x86-based processor, you can set the paging file size to a maximum of 16 terabytes (TB). However, we recommend that you set the paging file size to 1.5 times the installed physical memory.
Back to the top
Technical support for x64-based versions of Microsoft Windows
Your hardware manufacturer provides technical support and assistance for x64-based versions of Windows. Your hardware manufacturer provides support because an x64-based version of Windows was included with your hardware. Your hardware manufacturer might have customized the installation of Windows with unique components. Unique components might include specific device drivers or might include optional settings to maximize the performance of the hardware. Microsoft will provide reasonable-effort assistance if you need technical help with your x64-based version of Windows. However, you might have to contact your manufacturer directly. Your manufacturer is best qualified to support the software that your manufacturer installed on the hardware.
For product information about Microsoft Windows XP Professional x64 Edition, visit the following Microsoft Web site:
http://www.microsoft.com/windowsxp/64bit/default.mspx (http://www.microsoft.com/windowsxp/64bit/default.mspx)
For product information about x64-based versions of Microsoft Windows Server 2003, visit the following Microsoft Web site:
http://www.microsoft.com/windowsserver2003/64bit/x64/editions.mspx
Windows can generate any one of the following memory dump file types:
* Complete memory dump
* Kernel memory dump
* Small memory dump (64 KB)
Complete memory dump
A complete memory dump records all the contents of system memory when your computer stops unexpectedly. A complete memory dump may contain data from processes that were running when the memory dump was collected.
If you select the Complete memory dump option, you must have a paging file on the boot volume that is sufficient to hold all the physical RAM plus 1 megabyte (MB).
If a second problem occurs and another complete memory dump (or kernel memory dump) file is created, the previous file is overwritten.
Note The Complete memory dump option is not available on computers that are running a 32-bit operating system and that have 2 gigabytes (GB) or more of RAM.
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
274598 (http://support.microsoft.com/kb/274598/ ) Complete memory dumps are not available on computers that have 2 or more gigabytes of RAM
Back to the top
Kernel memory dump
A kernel memory dump records only the kernel memory. This speeds up the process of recording information in a log when your computer stops unexpectedly. Depending on the RAM in your computer, you must have between 150MB and up to 2GB of pagefile space available based on server load and the amount of physical RAM available for page file space on the boot volume.
This dump file does not include unallocated memory or any memory that is allocated to User-mode programs. It includes only memory that is allocated to the kernel and hardware abstraction layer (HAL) in Windows 2000 and later, and memory allocated to Kernel-mode drivers and other Kernel-mode programs. For most purposes, this dump file is the most useful. It is significantly smaller than the complete memory dump file, but it omits only those parts of memory that are unlikely to have been involved in the problem.
If a second problem occurs and another kernel memory dump file (or a complete memory dump file) is created, the previous file is overwritten.
Back to the top
Small memory dump
A small memory dump records the smallest set of useful information that may help identify why your computer stopped unexpectedly. This option requires a paging file of at least 2 MB on the boot volume and specifies that Windows 2000 and later create a new file every time your computer stops unexpectedly. A history of these files is stored in a folder.
This dump file type includes the following information:
* The Stop message and its parameters and other data
* A list of loaded drivers
* The processor context (PRCB) for the processor that stopped
* The process information and kernel context (EPROCESS) for the process that stopped
* The process information and kernel context (ETHREAD) for the thread that stopped
* The Kernel-mode call stack for the thread that stopped
This kind of dump file can be useful when space is limited. However, because of the limited information included, errors that were not directly caused by the thread that was running at the time of the problem may not be discovered by an analysis of this file.
If a second problem occurs and a second small memory dump file is created, the previous file is preserved. Each additional file is given a distinct name. The date is encoded in the file name. For example, Mini022900-01.dmp is the first memory dump generated on February 29, 2000. A list of all small memory dump files is kept in the %SystemRoot%\Minidump folder.
Back to the top
Configure the dump type
To configure startup and recovery options (including the dump type), follow these steps.
Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.
1. Click Start, point to Settings, and then click Control Panel.
2. Double-click System.
3. On the Advanced tab, click Startup and Recovery.
Back to the top
Tools for the various dump types
You can load complete memory dumps and kernel memory dumps with standard symbolic debuggers, such as I386kd.exe. I386kd.exe is included with the Windows 2000 Support CD-ROM.
Load small memory dumps by using Dumpchk.exe. Dumpchk.exe is included with the Support Tools for Windows 2000 and Windows XP. You can also use Dumpchk.exe to verify that a memory dump file has been created correctly.
For more information about how to use Dumpchk.exe in Windows XP, click the following article number to view the article in the Microsoft Knowledge Base:
315271 (http://support.microsoft.com/kb/315271/ ) How to use Dumpchk.exe to check a memory dump file
For more information about how to use Dumpchk.exe in Windows 2000, click the following article number to view the article in the Microsoft Knowledge Base:
156280 (http://support.microsoft.com/kb/156280/ ) How to use Dumpchk.exe to check a memory dump file
For more information about Windows debugging tools, visit the following Microsoft Web site:
http://www.microsoft.com/whdc/devtools/debugging/default.mspx (http://www.microsoft.com/whdc/devtools/debugging/default.mspx)
Back to the top
Definitions
* Boot volume: The volume that contains the Windows operating system and its support files. The boot volume can be, but does not have to be, the same as the system volume.
* System volume: The volume that contains the hardware-specific files that you must have to load Windows. The system volume can be, but does not have to be, the same as the boot volume. The Boot.ini, Ntdetect.com, and Ntbootdd.sys files are examples of files that are located on the system volume.
Back to the top
Registry values for startup and recovery
The following registry value is used:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\CrashControl
CrashDumpEnabled REG_DWORD 0x0 = None
CrashDumpEnabled REG_DWORD 0x1 = Complete memory dump
CrashDumpEnabled REG_DWORD 0x2 = Kernel memory dump
CrashDumpEnabled REG_DWORD 0x3 = Small memory dump (64KB)
Additional registry values for CrashControl:
0x0 = Disabled
0x1 = Enabled
AutoReboot REG_DWORD 0x1
DumpFile REG_EXPAND_SZ %SystemRoot%\Memory.dmp
LogEvent REG_DWORD 0x1
MinidumpDir REG_EXPAND_SZ %SystemRoot%\Minidump
Overwrite REG_DWORD 0x1
SendAlert REG_DWORD 0x1
Back to the top
Test to make sure that a dump file can be created
For more information about how to configure your computer to generate a dump file for testing purposes, click the following article number to view the article in the Microsoft Knowledge Base:
244139 (http://support.microsoft.com/kb/244139/ ) Windows feature lets you generate a memory dump file by using the keyboard
Back to the top
Default dump type options
* Windows 2000 Professional: Small memory dump (64 KB)
* Windows 2000 Server: Complete memory dump
* Windows 2000 Advanced Server: Complete memory dump
* Windows XP (Professional and Home Edition): Small memory dump (64 KB)
* Windows Server 2003 (All Editions): Complete memory dump
Back to the top
Maximum paging file size
Maximum paging file size is limited as follows:
Collapse this tableExpand this table
x86 x64 IA-64
Maximum size of a paging file 4 gigabytes 16 terabytes 32 terabytes
Maximum number of paging files 16 16 16
Total paging file size 64 gigabytes 256 terabytes 512 terabytes
Note When the Physical Address Extension (PAE) option is enabled for an x86-based processor, you can set the paging file size to a maximum of 16 terabytes (TB). However, we recommend that you set the paging file size to 1.5 times the installed physical memory.
Back to the top
Technical support for x64-based versions of Microsoft Windows
Your hardware manufacturer provides technical support and assistance for x64-based versions of Windows. Your hardware manufacturer provides support because an x64-based version of Windows was included with your hardware. Your hardware manufacturer might have customized the installation of Windows with unique components. Unique components might include specific device drivers or might include optional settings to maximize the performance of the hardware. Microsoft will provide reasonable-effort assistance if you need technical help with your x64-based version of Windows. However, you might have to contact your manufacturer directly. Your manufacturer is best qualified to support the software that your manufacturer installed on the hardware.
For product information about Microsoft Windows XP Professional x64 Edition, visit the following Microsoft Web site:
http://www.microsoft.com/windowsxp/64bit/default.mspx (http://www.microsoft.com/windowsxp/64bit/default.mspx)
For product information about x64-based versions of Microsoft Windows Server 2003, visit the following Microsoft Web site:
http://www.microsoft.com/windowsserver2003/64bit/x64/editions.mspx
How to Troubleshoot Memory Leaks in IIS
how to use Performance Monitor to determine if an Internet Information Server (IIS) 4.0 or Internet Information Services (IIS) 5.0 process is leaking memory. Although this article outlines steps that are specific to IIS, the steps apply to any process that is running on Microsoft Windows NT 4.0 and Microsoft Windows 2000.
A memory leak occurs when the memory usage of an IIS process (Inetinfo.exe or Mtx.exe for IIS 4.0, Inetinfo.exe or Dllhost.exe for IIS 5.0) continues to grow steadily over a long time, or when memory usage of IIS grows until IIS runs out of memory. On heavy-use sites, a growth in memory over the first 24 hours of use is not uncommon. IIS caches a lot of data and the Time To Live (TTL) on the cache is 24 hours.
You can generally confirm whether a memory leak exists through a Performance Monitor log that demonstrates the growth of the leak.
Note Because Task Manager can only display real-time memory use of a process (instead of logging it over a period of time), it is not a valid indicator of a memory leak. Ideally, the performance log is started shortly after the server is restarted, and it is run long enough to show that the leak exists.
How to Generate a Performance Monitor Log for IIS 4.0
1. Click Start, point to Programs, select Administrative Tools, and then click Performance Monitor.
2. On the View menu, click Log.
3. On the Edit menu, select Add to log to open the Add to Log dialog box. (You can also click + on the toolbar).
4. Hold down the CTRL key and select each of the following objects:
* Active Server Pages
* Internet Information Services Global
* Memory
* Process
* Processor
* Thread
* Web Service
5. Click Add, and then click Done.
6. On the Options menu, click Log. Provide an appropriate file name, and then verify that the format is .log under Save as Type.
7. For Update Time, provide an interval that is between the time that it takes to show the leak and the time when the computer will run out of hard disk space. If the leak takes several days to occur, a longer interval of 10-15 minutes is appropriate; if it only takes a few hours, a shorter interval is appropriate. Note that for Windows NT, generating a Performance Monitor log requires an active logon to the computer, so you can use a mapped drive or UNC path for the log file output. Generation of the log file stops when one of the following occurs:
* The log is stopped.
* Available hard disk space is exhausted.
* The log file size reaches 2 GB.
* The server stops responding because of the memory leak.
8. After you click Start Log, Performance Monitor starts to log data. While the log is running, you can view the size of the log that is being generated in the lower right corner of Performance Monitor.
9. After sufficient time has passed for the leak to occur, click Log on the Options menu, and then click Stop Log.
How to Generate a Performance Monitor Log for IIS 5.0
1. Click Start, point to Programs, select Administrative Tools, and then click Performance.
2. Expand Performance Logs and Alerts.
3. Right-click Counter Logs, and then click New Log Settings.
4. Provide a name for the new log file.
5. On the General tab, click Add.
6. Click both All Counters and All Instances.
7. In the Performance Object list, click Active Server Pages. Verify that All Counters is enabled. Note that All Instances is not available. Click Add.
8. Repeat this process for the following objects:
* Internet Information Services Global
* Memory
* Process
* Processor
* Thread
* Service
If you do this correctly, each counter is listed as \\computername\counterobject\* on the General tab.
9. Set the sample data interval that is between the time that it takes to show the leak and the time when the computer will run out of hard disk space. If the leak takes several days to occur, a longer interval of 10-15 minutes is appropriate; if it only takes several hours, a shorter interval is appropriate. Make sure to pay attention to the unit of the interval (seconds, minutes, hours, or days).
10. On the Log Files tab, change the location of the log if you have to. Leave all other options on this tab at the default values.
11. If you must generate the log file without anyone being logged on to the server, set a start and stop time for the log file on the Schedule tab. (This option does not exist on Windows NT 4.0).
12. Click OK to return to the Performance Microsoft Management Console (MMC) snap-in.
13. If you have to, in the right pane of the MMC snap-in, right-click the log file name that you created, and then click Start. If the icon is green, the log is running. If it is red, it is stopped.
How to Open and View the Performance Monitor Log for IIS 4.0
1. Click Start, point to Programs, select Administrative Tools, and then click Performance Monitor.
2. On the Options menu, click Data From.
3. Click Log File, and then click the Edit (...) button to open the Open Input Log File dialog box.
4. Select the Performance Monitor log that you want, and then click Open.
5. In the Data From dialog box, click OK.
6. On the Edit menu, click Add to Chart (or click the + toolbar button).
7. In the Object list, click Memory. In the Counter list, click Available Bytes.
8. In the Object list, click Process. In the Counter list, hold down the CTRL key, and then click Private Bytes, Virtual Bytes, and Working Set. In the Instance list, click the appropriate process name (Inetinfo.exe or Mtx.exe), and then click Add. If you have to, repeat this process for each instance of Mtx.exe.
9. Click Done after you add the counters to the chart.
How to Open and View the Performance Monitor Log for IIS 5.0
1. Click Start, point to Programs, select Administrative Tools, and then click Performance.
2. Under Console Root, click System Monitor.
3. In the right pane, right-click in the chart area, and then click Properties.
4. On the Source tab, click Log file. Locate and select the Performance Monitor log that you want.
5. Click Open to return to the Source tab.
6. Click the Data tab, and then click Add.
7. In the Performance object list, click Memory. Under Select counters from list, click Available Bytes, and then click Add.
8. In the Performance object list, click Process. Under Select counters from list, hold down the CTRL key, and then click Private Bytes, Virtual Bytes, and Working set. Under Select instances from list, select the process that you suspect is leaking memory (Inetinfo.exe or Dllhost.exe). If you have to, repeat this process for each instance of Dllhost.exe.
9. Click Close to return to the Data tab.
10. Click OK to display the data.
How to Confirm a Memory Leak With a Performance Monitor Log
A memory leak is confirmed if you see the following in the Performance Monitor log:
* The Available Bytes counter under the Memory object drops over time and does not eventually level off.
* Under typical conditions, the Process object counters for a process (Private Bytes and Virtual Bytes) are basically parallel. If one of these counters for a process is not consistent with the other, a memory leak may exist.
Note that troubleshooting a memory leak is a repetitive process that frequently requires isolating suspected applications down to the individual processes to determine the application that is the source of the leak. For additional information about how to isolate applications to individual processes for troubleshooting, click the following article numbers to view the articles in the Microsoft Knowledge Base:
281434 (http://support.microsoft.com/kb/281434/EN-US/ ) How to Isolate a DLL Into a Separate Process By Using Microsoft Transaction Server (MTS)
281335 (http://support.microsoft.com/kb/281335/EN-US/ ) How to Isolate a DLL Into a Separate Process By Using Component Services
After you have confirmed the memory leak and, if necessary, isolated the leak to an individual process, contact Microsoft Product Support Services for more help. Having a Performance Monitor log available decreases the troubleshooting time.
A memory leak occurs when the memory usage of an IIS process (Inetinfo.exe or Mtx.exe for IIS 4.0, Inetinfo.exe or Dllhost.exe for IIS 5.0) continues to grow steadily over a long time, or when memory usage of IIS grows until IIS runs out of memory. On heavy-use sites, a growth in memory over the first 24 hours of use is not uncommon. IIS caches a lot of data and the Time To Live (TTL) on the cache is 24 hours.
You can generally confirm whether a memory leak exists through a Performance Monitor log that demonstrates the growth of the leak.
Note Because Task Manager can only display real-time memory use of a process (instead of logging it over a period of time), it is not a valid indicator of a memory leak. Ideally, the performance log is started shortly after the server is restarted, and it is run long enough to show that the leak exists.
How to Generate a Performance Monitor Log for IIS 4.0
1. Click Start, point to Programs, select Administrative Tools, and then click Performance Monitor.
2. On the View menu, click Log.
3. On the Edit menu, select Add to log to open the Add to Log dialog box. (You can also click + on the toolbar).
4. Hold down the CTRL key and select each of the following objects:
* Active Server Pages
* Internet Information Services Global
* Memory
* Process
* Processor
* Thread
* Web Service
5. Click Add, and then click Done.
6. On the Options menu, click Log. Provide an appropriate file name, and then verify that the format is .log under Save as Type.
7. For Update Time, provide an interval that is between the time that it takes to show the leak and the time when the computer will run out of hard disk space. If the leak takes several days to occur, a longer interval of 10-15 minutes is appropriate; if it only takes a few hours, a shorter interval is appropriate. Note that for Windows NT, generating a Performance Monitor log requires an active logon to the computer, so you can use a mapped drive or UNC path for the log file output. Generation of the log file stops when one of the following occurs:
* The log is stopped.
* Available hard disk space is exhausted.
* The log file size reaches 2 GB.
* The server stops responding because of the memory leak.
8. After you click Start Log, Performance Monitor starts to log data. While the log is running, you can view the size of the log that is being generated in the lower right corner of Performance Monitor.
9. After sufficient time has passed for the leak to occur, click Log on the Options menu, and then click Stop Log.
How to Generate a Performance Monitor Log for IIS 5.0
1. Click Start, point to Programs, select Administrative Tools, and then click Performance.
2. Expand Performance Logs and Alerts.
3. Right-click Counter Logs, and then click New Log Settings.
4. Provide a name for the new log file.
5. On the General tab, click Add.
6. Click both All Counters and All Instances.
7. In the Performance Object list, click Active Server Pages. Verify that All Counters is enabled. Note that All Instances is not available. Click Add.
8. Repeat this process for the following objects:
* Internet Information Services Global
* Memory
* Process
* Processor
* Thread
* Service
If you do this correctly, each counter is listed as \\computername\counterobject\* on the General tab.
9. Set the sample data interval that is between the time that it takes to show the leak and the time when the computer will run out of hard disk space. If the leak takes several days to occur, a longer interval of 10-15 minutes is appropriate; if it only takes several hours, a shorter interval is appropriate. Make sure to pay attention to the unit of the interval (seconds, minutes, hours, or days).
10. On the Log Files tab, change the location of the log if you have to. Leave all other options on this tab at the default values.
11. If you must generate the log file without anyone being logged on to the server, set a start and stop time for the log file on the Schedule tab. (This option does not exist on Windows NT 4.0).
12. Click OK to return to the Performance Microsoft Management Console (MMC) snap-in.
13. If you have to, in the right pane of the MMC snap-in, right-click the log file name that you created, and then click Start. If the icon is green, the log is running. If it is red, it is stopped.
How to Open and View the Performance Monitor Log for IIS 4.0
1. Click Start, point to Programs, select Administrative Tools, and then click Performance Monitor.
2. On the Options menu, click Data From.
3. Click Log File, and then click the Edit (...) button to open the Open Input Log File dialog box.
4. Select the Performance Monitor log that you want, and then click Open.
5. In the Data From dialog box, click OK.
6. On the Edit menu, click Add to Chart (or click the + toolbar button).
7. In the Object list, click Memory. In the Counter list, click Available Bytes.
8. In the Object list, click Process. In the Counter list, hold down the CTRL key, and then click Private Bytes, Virtual Bytes, and Working Set. In the Instance list, click the appropriate process name (Inetinfo.exe or Mtx.exe), and then click Add. If you have to, repeat this process for each instance of Mtx.exe.
9. Click Done after you add the counters to the chart.
How to Open and View the Performance Monitor Log for IIS 5.0
1. Click Start, point to Programs, select Administrative Tools, and then click Performance.
2. Under Console Root, click System Monitor.
3. In the right pane, right-click in the chart area, and then click Properties.
4. On the Source tab, click Log file. Locate and select the Performance Monitor log that you want.
5. Click Open to return to the Source tab.
6. Click the Data tab, and then click Add.
7. In the Performance object list, click Memory. Under Select counters from list, click Available Bytes, and then click Add.
8. In the Performance object list, click Process. Under Select counters from list, hold down the CTRL key, and then click Private Bytes, Virtual Bytes, and Working set. Under Select instances from list, select the process that you suspect is leaking memory (Inetinfo.exe or Dllhost.exe). If you have to, repeat this process for each instance of Dllhost.exe.
9. Click Close to return to the Data tab.
10. Click OK to display the data.
How to Confirm a Memory Leak With a Performance Monitor Log
A memory leak is confirmed if you see the following in the Performance Monitor log:
* The Available Bytes counter under the Memory object drops over time and does not eventually level off.
* Under typical conditions, the Process object counters for a process (Private Bytes and Virtual Bytes) are basically parallel. If one of these counters for a process is not consistent with the other, a memory leak may exist.
Note that troubleshooting a memory leak is a repetitive process that frequently requires isolating suspected applications down to the individual processes to determine the application that is the source of the leak. For additional information about how to isolate applications to individual processes for troubleshooting, click the following article numbers to view the articles in the Microsoft Knowledge Base:
281434 (http://support.microsoft.com/kb/281434/EN-US/ ) How to Isolate a DLL Into a Separate Process By Using Microsoft Transaction Server (MTS)
281335 (http://support.microsoft.com/kb/281335/EN-US/ ) How to Isolate a DLL Into a Separate Process By Using Component Services
After you have confirmed the memory leak and, if necessary, isolated the leak to an individual process, contact Microsoft Product Support Services for more help. Having a Performance Monitor log available decreases the troubleshooting time.
How to use Memory Pool Monitor (Poolmon.exe) to troubleshoot kernel mode memory leaks
Poolmon displays data that the operating system collects about memory allocations from the system paged and nonpaged kernel pools and about the memory pools used for Terminal Services sessions. The data is grouped by pool allocation tag. This information can be used by Microsoft Technical Support to find kernel mode memory leaks.
A memory leak is caused by an application or by a process that allocates memory for use but that does not free the memory when the application or process finishes. Therefore, available memory is completely used over time. Frequently, this condition causes the system to stop functioning correctly.
In this case, the following events may be logged in the System log:
Event ID: 2020
Source: Srv
Description: The server was unable to allocate from the system paged pool because the pool was empty.
Event ID: 2019
Source: Srv
Description: The server was unable to allocate from the system nonpaged pool because the pool was empty.
The first section that follows describes how to enable tag mode for using Poolmon. The second section describes how to gather the information for troubleshooting by using Poolmon.
Back to the top
Enabling Tag Mode
Before running PoolMon, you must enable pool tagging and then restart your computer. The pool tagging feature collects and calculates statistics about pool memory sorted by the tag value of the memory allocation.
Note It is not necessary to enable pool tagging in Windows Server 2003 as it is enabled by default.
To enable pool tagging on a Windows NT 4.0-based, Windows 2000-based, or Windows XP-based computer, use one of the following methods:
Method 1: Edit the Registry
To change the registry value that enables tag mode for Poolmon.exe, follow these steps.
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 (http://support.microsoft.com/kb/322756/ ) How to back up and restore the registry in Windows
1. Run Registry Editor.
2. Locate the following key in the registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager
3. Write down the value of GlobalFlag, or save the Session Manager key.
4. Double-click the GlobalFlag value in the right pane.
5. Change the value to 0x00000400 hexadecimal.
Note When you add the global flag value 0x00000400, it only shows up as being 0x400 after it is added. It is important to add all of the leading zeros or some of the Poolmon information will not display on the output screen.
6. Restart the computer.
Note When you are finished debugging, change the GlobalFlag value back to the original value that you were instructed to write down in step 3.
Method 2: Use the Gflags.exe Utility
You can also use the Global Flags Editor (Gflags.exe) utility to enable pool tagging. Gflags.exe is available in the Windows NT 4.0 Resource Kit and in the \Support\Tools folder of Windows 2000, Windows XP, and Windows Server 2003 CD-ROMs.
Note Because pool tagging is permanently enabled in Windows Server 2003, the Enable Pool Tagging check box in the Global Flags dialog box is dimmed and commands to enable or disable pool tagging fail.
To make the change by using Gflags.exe, follow these steps:
1. Click Start, click Run, type gflags.exe, and then click OK.
2. Select Enable Pool Tagging.
3. Click Apply, and then click OK.
4. Restart the computer.
Note When you are finished debugging, repeat the above steps to disable pool tagging.
Back to the top
Using Poolmon to Collect Information
PoolMon displays pool tag information within a command window. Use the arrow keys or the PAGE UP and PAGE DOWN keys to display all the tag information returned by the tool.
Poolmon.exe is available in the Windows NT 4.0 Resource Kit and in the \Support\Tools folder of Windows 2000, Windows XP, and Windows Server 2003 CD-ROMs.
Use the following steps to copy and store the tag information. Repeat these steps for two hours at 15 minute intervals. Append each update to the end of the Notepad file.
1. Click Start, point to Settings, click Control Panel, and then double-click Console.
Note For Windows 2000 you must perform the following steps:
1. Click Start, click Run, type cmd, and then click OK.
2. Right-click the title bar, and then click Properties.
2. Click the Options tab, click QuickEdit Mode, and then click Insert Mode.
3. Click the Layout tab, change the Screen Buffer Size value to 99, and then click OK.
4. Click Start, point to Programs, and then click Command Prompt.
5. Locate Poolmon.exe in the Support\Debug\platform folder on the Windows NT 4.0 CD. Change to the drive and folder where Poolmon.exe is located. On the Windows 2000 CD Poolmon.exe is in the Support.CAB file. Support.CAB is located under the \Support\Tools folder.
6. Type Poolmon.exe.
7. Press P until Poolmon displays the second column "type" and shows the value paged.
8. Press B to sort the columns from largest to smallest.
9. Select the whole screen contents, and then press ENTER.
10. Click Start, point to Programs, point to Accessories, and then click Notepad.
11. On the Edit menu, click Paste.
12. Repeat step 7 to look for the value nonpaged.
13. Repeat steps 8 - 11 to paste.
Poolmon.exe also has a few command keys that sort the output for you. Press the letter indicated below to perform the operation. It takes a few seconds for each command to work. Here is a list of a few of the commands:
P - Sorts tag list by Paged, Non-Paged, or mixed. Note that P cycles through each one.
B - Sorts tags by max byte usage.
M - Sorts tags by max byte allocation.
T - Sort tags alphabetically by tag name.
E - Display Paged, Non-paged total across bottom. Cycles through.
A - Sorts tags by allocation size.
F - Sorts tags by "frees".
S - Sorts tags by the differences of allocs and frees.
E - Display Paged, Non-paged total across bottom. Cycles through.
Q - Quit.
A memory leak is caused by an application or by a process that allocates memory for use but that does not free the memory when the application or process finishes. Therefore, available memory is completely used over time. Frequently, this condition causes the system to stop functioning correctly.
In this case, the following events may be logged in the System log:
Event ID: 2020
Source: Srv
Description: The server was unable to allocate from the system paged pool because the pool was empty.
Event ID: 2019
Source: Srv
Description: The server was unable to allocate from the system nonpaged pool because the pool was empty.
The first section that follows describes how to enable tag mode for using Poolmon. The second section describes how to gather the information for troubleshooting by using Poolmon.
Back to the top
Enabling Tag Mode
Before running PoolMon, you must enable pool tagging and then restart your computer. The pool tagging feature collects and calculates statistics about pool memory sorted by the tag value of the memory allocation.
Note It is not necessary to enable pool tagging in Windows Server 2003 as it is enabled by default.
To enable pool tagging on a Windows NT 4.0-based, Windows 2000-based, or Windows XP-based computer, use one of the following methods:
Method 1: Edit the Registry
To change the registry value that enables tag mode for Poolmon.exe, follow these steps.
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 (http://support.microsoft.com/kb/322756/ ) How to back up and restore the registry in Windows
1. Run Registry Editor.
2. Locate the following key in the registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager
3. Write down the value of GlobalFlag, or save the Session Manager key.
4. Double-click the GlobalFlag value in the right pane.
5. Change the value to 0x00000400 hexadecimal.
Note When you add the global flag value 0x00000400, it only shows up as being 0x400 after it is added. It is important to add all of the leading zeros or some of the Poolmon information will not display on the output screen.
6. Restart the computer.
Note When you are finished debugging, change the GlobalFlag value back to the original value that you were instructed to write down in step 3.
Method 2: Use the Gflags.exe Utility
You can also use the Global Flags Editor (Gflags.exe) utility to enable pool tagging. Gflags.exe is available in the Windows NT 4.0 Resource Kit and in the \Support\Tools folder of Windows 2000, Windows XP, and Windows Server 2003 CD-ROMs.
Note Because pool tagging is permanently enabled in Windows Server 2003, the Enable Pool Tagging check box in the Global Flags dialog box is dimmed and commands to enable or disable pool tagging fail.
To make the change by using Gflags.exe, follow these steps:
1. Click Start, click Run, type gflags.exe, and then click OK.
2. Select Enable Pool Tagging.
3. Click Apply, and then click OK.
4. Restart the computer.
Note When you are finished debugging, repeat the above steps to disable pool tagging.
Back to the top
Using Poolmon to Collect Information
PoolMon displays pool tag information within a command window. Use the arrow keys or the PAGE UP and PAGE DOWN keys to display all the tag information returned by the tool.
Poolmon.exe is available in the Windows NT 4.0 Resource Kit and in the \Support\Tools folder of Windows 2000, Windows XP, and Windows Server 2003 CD-ROMs.
Use the following steps to copy and store the tag information. Repeat these steps for two hours at 15 minute intervals. Append each update to the end of the Notepad file.
1. Click Start, point to Settings, click Control Panel, and then double-click Console.
Note For Windows 2000 you must perform the following steps:
1. Click Start, click Run, type cmd, and then click OK.
2. Right-click the title bar, and then click Properties.
2. Click the Options tab, click QuickEdit Mode, and then click Insert Mode.
3. Click the Layout tab, change the Screen Buffer Size value to 99, and then click OK.
4. Click Start, point to Programs, and then click Command Prompt.
5. Locate Poolmon.exe in the Support\Debug\platform folder on the Windows NT 4.0 CD. Change to the drive and folder where Poolmon.exe is located. On the Windows 2000 CD Poolmon.exe is in the Support.CAB file. Support.CAB is located under the \Support\Tools folder.
6. Type Poolmon.exe.
7. Press P until Poolmon displays the second column "type" and shows the value paged.
8. Press B to sort the columns from largest to smallest.
9. Select the whole screen contents, and then press ENTER.
10. Click Start, point to Programs, point to Accessories, and then click Notepad.
11. On the Edit menu, click Paste.
12. Repeat step 7 to look for the value nonpaged.
13. Repeat steps 8 - 11 to paste.
Poolmon.exe also has a few command keys that sort the output for you. Press the letter indicated below to perform the operation. It takes a few seconds for each command to work. Here is a list of a few of the commands:
P - Sorts tag list by Paged, Non-Paged, or mixed. Note that P cycles through each one.
B - Sorts tags by max byte usage.
M - Sorts tags by max byte allocation.
T - Sort tags alphabetically by tag name.
E - Display Paged, Non-paged total across bottom. Cycles through.
A - Sorts tags by allocation size.
F - Sorts tags by "frees".
S - Sorts tags by the differences of allocs and frees.
E - Display Paged, Non-paged total across bottom. Cycles through.
Q - Quit.
Troubleshooting Windows Server Setup
Troubleshooting Server Setup
Setup initialization error: Source \SQL2000_SP3a\x86\Setup\Sqlspre.ini.
Cause: You may receive this error when you try to install SQL Server 2000 Service Pack 3. It occurs when the Service Pack 3 Setup program tries to copy Setupsql.ini to the %Temp% folder, but cannot overwrite a pre-existing version of the file that is marked as read-only.
Solution: Browse to the %Temp% folder on your system drive, and either delete the pre-existing version of setupsql.ini or remove the read-only attribute. Then run SQL Server 2000 Service Pack 3 Setup again.
Troubleshooting Users and Groups
E-mail cannot be received or sent.
Cause: A user account has reached the assigned Exchange mailbox size limit.
Solution: Save e-mail messages in a local folder on the client computer. If this problem occurs often, consider increasing the mailbox size for the user account.
Files cannot be saved to shared folders on the server.
Cause: The user account has reached the assigned disk quota limit.
Solution: Save files in a local folder on the client computer. If this problem occurs often, consider increasing the disk quota for the user account.
Password cannot be changed.
Cause: The user account password does not comply with a password policy configured by the administrator.
Solution: Create a new password that complies with the password policies configured by the administrator.
User cannot connect remotely to a computer running Windows XP Professional.
Cause: The user does not have permissions to log on by using Remote Desktop.
Solution: Assign the user permissions to use Remote Desktop.
Note
To complete the following procedure, you must be logged on as a member of the Domain Admins security group.
To assign user permissions to use Remote Desktop
1.
On a computer running Windows Small Business Server 2003, click Start, and then click Server Management.
2.
In the console tree, click Users.
3.
In the details pane, right-click the user account that requires permissions to log on to Terminal Services, and then click Change User Properties.
4.
On the User Properties page, click the Terminal Services Profile tab.
5.
Check the Allow to log on to Terminal Server check box.
Cause: The client computer running Windows XP Professional is not configured to allow Terminal Services connections.
Solution: Configure the client computer running Windows XP Professional to use Remote Desktop.
Note
To complete the following procedure, you must be logged on as a member of the Domain Admins security group.
To configure the client computer running Windows XP Professional to use Remote Desktop
1.
On the client computer, click Start, point to Settings, click Control Panel, and then click System.
2.
On the Remote tab, under Remote Desktop, click Select Remote Users.
3.
In the Remote Desktop Users dialog box, click Add.
4.
In the Select Users dialog box, click Locations to specify the search location.
5.
To specify the types of objects that you want to search for, click Object Types.
6.
In Enter the object names to select, type the names of the objects that you want to search for.
7.
Click Check Names.
8.
When the name is located, click OK. The name appears in the list of users in the Remote Desktop Users dialog box.
User account is locked out.
Cause: There may be too many failed logon attempts.
Solution: Unlock the user account.
Note
To complete the following procedure, you must be logged on as a member of the Domain Admins security group.
To unlock a user account
1.
On a computer running Windows Small Business Server 2003, click Start, and then click Server Management.
2.
In the console tree, click Users.
3.
In the details pane, right-click the user account that is locked out, and then click Properties.
4.
On the User Properties page, click the Account tab.
5.
Clear the Account is locked out check box to unlock the account.
Application with service account fails.
Cause: Service account passwords have been changed but automatic logon properties have not been updated to use the new passwords. Windows Small Business Server does not automatically propagate password changes to all applications that use the service account.
Solution: Update the service accounts and passwords used with a particular application by running Windows Small Business Server Setup again.
New user cannot log on or access e-mail.
Cause: A new user attempts to log on or access network resources immediately after the account is created and before Active Directory has had time to update. A delay can occur between the time a user account is created and when Active Directory recognizes the user account.
Solution: Wait fifteen minutes and try again.
Windows Small Business Server 2003 displays a GUID instead of a user name for an e-mail address.
Cause: This problem can occur if a user account name contains Unicode characters.
Solution: Use the Active Directory Users and Computers snap-in to change the SMTP e-mail address for the account.
To change the SMTP e-mail address for a user account
1.
Click Start, and then click Server Management.
2.
In the console tree, double-click Advanced Management, double-click Active Directory Users and Computers, double-click your server name, and then locate the account in either the Builtin or Users folder.
3.
Right-click the account, click Properties, and then click the E-mail Addresses tab.
4.
Under E-mail addresses, select the SMTP e-mail address to be changed, and then click Edit.
5.
In the E-mail address text box, replace the GUID with the correct e-mail alias, and then click OK.
6.
Click the Exchange General tab.
7.
In the Alias text box, replace the GUID with the correct e-mail alias, and then click OK twice to save your settings.
Troubleshooting Client Computers
I received the error, "This Service Pack requires the machine to be on AC Power before setup starts…" when I install Service Pack 2 for Windows XP.
The Setup program for Windows XP Service Pack 2 (SP2) requires that your computer uses AC power. If the battery power runs out during installation, the update cannot be completed. If this occurs, you might not be able to restore the operating system to its previous state.
Solution: To resolve this issue, connect your computer to an AC power source, such as an electrical outlet, and then run Setup.
For more information about this issue, see Article 883609, "This Service Pack requires the machine to be on AC Power before setup starts," at the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkID=70662).
After migrating user profiles, users cannot access redirected folders.
Cause: If you made user profiles private, administrative credentials were removed from user folders on the client computer. Users need these credentials to access folders that are redirected to the server. After you migrate private user profiles (which include redirected folders), users may be unable to access their folders.
Solution: Manually restore access to user folders on the client computer.
To restore access to user folders on the client computer
1.
Log on to the client computer.
2.
Click Start, click Control Panel, and then click Performance and Maintenance.
3.
Click Administrative Tools, and then double-click Event Viewer.
4.
Under Event Viewer (Local), double-click Application.
5.
Search for an event with the type listed as Error and the source listed as Folder Redirection, and double-click that event.
6.
Note the source and destination directory listed in the event description.
Note
To complete the next part of this procedure, you must be logged on as a member of the Domain Admins security group.
1. Click Start, right-click My Computer, click Explore, and then browse to the user folder in the location you noted in step 6.
2. Right-click the folder, click Sharing and Security, click the Permissions tab, and verify that the user's name does not appear.
If the folder is empty, delete it.
Note
To perform the next part of this procedure, the user whose profile you are redirecting must be a member of the Local Admins security group on the client computer.
1. Click Start, right-click My Computer, click Explore, and then browse to the user folder in the location you noted in step 5 of the first procedure.
2. Right-click the folder, and then click Sharing and Security.
3. On the Security tab, click Advanced.
4. On the Owner tab, click the user name in the Change owner to box, and then select the Replace owner on subcontainers and objects check box.
5. Click Apply.
6. On the Permissions tab, verify that the user whose profile you want to redirect appears in the list under Permission entries. If the user's name does not appear, click Add, type the user name under Enter the object name to select, and then click Check Names.
7. Click OK.
8. Click Apply, and then click OK. The Permission Entry page appears.
9. Select the Full Control check box, and then click OK.
10. Click OK, and then click OK again.
11. Log off, and then log back on to the client computer.
I received an error stating that Client Setup cannot migrate private user settings.
Cause: This error occurs when one or more of the subfolders in a user's profile have been made private. This means that permissions giving other users access to the folders have been removed.
Solution: Manually configure the client computer to remove the restrictions that are preventing the migration.
If the client computer is running Windows XP Professional, make sure that the profile that did not migrate is configured as a "public" profile.
To configure the user profile as a "public" profile
1.
Click Start, and then click My Computer.
2.
Double-click the drive where Windows is installed (usually drive C:, unless you have more than one drive on your computer).
3.
Double-click the Documents and Settings folder.
4.
Right-click the user folder that did not migrate, and then click Sharing and Security.
5.
Select the Make this Folder Private check box, and then click OK.
6.
If this setting does not appear in the Properties dialog box, perform step 6, and then follow the instructions for client computers running Windows 2000 Professional.
7.
On the View tab, under Advanced settings, make sure Use simple file sharing (Recommended) is selected, and then click OK.
If the client computer is running Windows 2000 Professional, log on to the client computer as the user with the profile that did not migrate, and then grant the Administrators group full control over the profile folder and all subfolders.
To grant the Administrators group full control of the profile folder and all subfolders
1.
Click Start, and then click My Computer.
2.
Double-click the drive where Windows is installed (usually drive C:, unless you have more than one drive on your computer).
3.
Double-click the Documents and Settings folder.
4.
Right-click the user folder that did not migrate, click Properties, and then click the Security tab.
5.
Click Add, type Administrators in the text box, and then click OK.
6.
Under Group or user names, click the Administrators tab, select Allow for the Full Control permission, and then click OK.
7.
Repeat steps 4 through 6 for all subfolders in the user profile.
8.
Repeat steps 4 through 7 for each user folder that did not migrate.
9.
While you are logged on with the user profile that did not migrate, give the user ownership of all files in his or her profile.
To give the user ownership of all files in the user profile
1.
Right-click the user folder to be migrated, click Properties, and then click the Security tab.
2.
Click Advanced, and then click the Owner tab.
3.
In the Change owner to box, select the user that you are giving ownership to, and then click OK.
4.
Select the Replace owner on subcontainers and objects check box, and then click OK twice to save your settings.
5.
Run Client Setup again.
Note
Perform these steps for each user profile listed in the error message.
Note
If you are running Windows 2000 Professional with Service Pack 2, you must upgrade to any later version of the service pack.
Applications are missing after upgrading to Windows Small Business Server 2003.
Cause: If applications other than those available by default were installed on client computers, they will not be upgraded.
Solution: You must reinstall these applications on the computer running Windows Small Business Server 2003 and then reinstall them on client computers after the upgrade is complete. Command lines used to install these applications are stored in the registry in the following location:
HKLM\SOFTWARE\Microsoft\SmallBusinessServer\clientsetup\sbs2k_archive\Client Applications\
Caution
Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer.
After the upgrade is complete, start the Client Setup Applications Wizard and use the command lines to reinstall the applications.
To start the Client Setup Applications Wizard
1.
Click Start, and then click Server Management.
2.
In the console tree, click Client Computers. In the details pane, click Set Up Client Applications.
3.
Follow the instructions in the wizard to add client applications.
Older versions of Microsoft Office do not run on client computers that have an Office 2003 application installed.
Cause: Older versions of Office conflict with Office 2003.
Solution: To run older versions of Office, you must uninstall all versions of Office on the client computer, and then reinstall the version you want to use.
To uninstall older versions of Office from the client computer
1.
Click Start, and then click Control Panel.
2.
Click Add or Remove Programs, click each version of Office installed on the client computer, and then click Remove.
After uninstalling all versions of Office, reinstall the version that you want to use on the client computer.
The initial logon process is slow after joining the Windows Small Business Server domain.
Cause: Redirection for My Documents folder has been enabled, and a large amount of data in the My Documents folder on the client computer is synchronizing with the server.
Solution: No action is required. After the initial logon, only changes to the My Documents folder are synchronized. Synchronization does not take as long as the initial logon.
Files in the local My Documents folder are not synchronizing with the server.
Cause: Disk quotas have been exceeded.
Solution: Reduce the size of the user's My Documents folder by deleting unnecessary files or compressing files. Or, increase the quota amount.
To increase disk quotas
1.
On a computer running Windows Small Business Server 2003, click Start, and then click My Computer.
2.
Right-click the volume for which you want to modify quota values, and then click Properties.
3.
On the Quota tab, click Quota Entries.
4.
Click the entries for the users whose options you want to modify, and on the Quota menu, click Properties.
5.
In the Quota Settings dialog box, do one of the following:
* To track disk space usage without limiting disk space, click Do not limit disk usage.
* To limit disk space, click Limit disk space to. Type a numeric value, and select a disk space limit unit from the drop-down list. You can use decimal values, for example, 20.5 megabytes (MB).
Note
If the volume is not formatted with the NTFS file system, or if you are not a member of the Administrators group, the Quota tab is not displayed in the volume's Properties dialog box.
I received an error stating that Client Setup cannot migrate private user settings.
Cause: This error occurs when one or more of the subfolders in a user's profile have been made private. This means that permissions giving other users access to the folders have been removed.
Solution: Manually configure the client computer to remove the restrictions that are preventing the migration.
If the client computer is running Windows XP Professional, make sure that simple file sharing is enabled on the computer, and then follow the steps outlined in the error message.
To enable simple file sharing on a client computer running Windows XP Professional
1.
Click Start, and then click Control Panel.
2.
Double-click Folder Options.
3.
On the View tab, under Advanced settings, make sure Use simple file sharing (Recommended) is selected, and then click OK.
If the client computer is running Windows 2000 Professional, log on to the client computer as the user with the profile that did not migrate, and then grant the Administrators group full control over the profile folder and all subfolders.
To grant the Administrators group full control of the profile folder and all subfolders
1.
Click Start, and then click My Computer.
2.
Double-click the drive where Windows is installed (usually drive C:, unless you have more than one drive on your computer).
3.
Double-click the Documents and Settings folder.
4.
Right-click the user folder that did not migrate, click Properties, and then click the Security tab.
5.
Click Add, type Administrators in the text box, and then click OK.
6.
Under Group or user names, click the Administrators tab, select Allow for the Full Control permission, and then click OK.
7.
Repeat steps 4 through 6 for all subfolders in the user profile.
8.
Repeat steps 4 through 7 for each user folder that did not migrate.
9.
While you are logged on with the user profile that did not migrate, give the user ownership of all files in his or her profile.
To give the user ownership of all files in the user profile
1.
Right-click the user folder to be migrated, click Properties, and then click the Security tab.
2.
Click Advanced, and then click the Owner tab.
3.
In the Change owner to box, select the user that you are giving ownership to, and then click OK.
4.
Select the Replace owner on subcontainers and objects check box, and then click OK twice to save your settings.
5.
Run Client Setup again.
Note
Perform these steps for each user profile listed in the error message.
Note
If you are running Windows 2000 Professional with Service Pack 2, you must upgrade to any later version of the service pack.
Troubleshooting Windows Vista on your Network
The following are known issues for troubleshooting Windows Vista. They are listed in "Using Windows Vista and Outlook 2007 in a Windows Small Business Server 2003 Network " at the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkID=77626).
Troubleshooting Windows Vista Client Setup
Not all applications that are selected in the Windows Small Business Server Client Setup tools are installed on Windows Vista
I received an error stating that Client Setup does not configure client computers that are running this version of Windows
The logon screen shows "Other User" when the computer restarts after joining the Windows Small Business Server domain during client setup
I receive an error about multiple network adapters when I use Connect Computer to join a client to the domain, even though there is only one network adapter
Troubleshooting upgrades of Windows XP to Windows Vista
While upgrading Windows XP to Windows Vista, I receive a compatibility warning saying that the current ActiveSync version does not work with Windows Vista
The Group Policy settings for Windows Vista Firewall are not applied after I upgrade a client computer from Windows XP to Windows Vista
The CompanyWeb link that is listed in my computer’s network locations after I upgrade a client computer from Windows XP to Windows Vista is broken
The "Connect to Small Business Server" shortcut does not work after I upgrade a client computer from Windows XP to Windows Vista
I can no longer send a fax after I upgrade a client computer from Windows XP to Windows Vista
Troubleshooting E-mail in Windows Vista
Outlook cannot synchronize with the Exchange mailbox on the server
Troubleshooting Remote Connections in Windows Vista
I received an error stating that "Automation server can not create object" when trying to offer Remote Assistance to a client computer
I cannot deploy Connection Manager using the Setup Configuration Wizard on computers
I get an error message about a self-signed certificate when I browse to Remote Web Workplace from a computer that is running Windows Vista and that is not joined to the Windows Small Business Server domain
Troubleshooting Printers and Faxes
I see the shared printer in Windows Vista, even though I deleted the shared printer from the server
I deployed a printer to my x64 client computer, but the printer does not appear in the Printers list
I changed the name of the shared printer, but the original printer still appears on my computer that is running Windows Vista
I deployed a printer on Windows Vista but it does not appear in the printer folder
I get an error message saying "To use the shared printer, you need to install a printer driver on this computer …"
I cannot send faxes by using Microsoft Outlook on a 64-bit edition of Windows Vista
I can no longer send fax after upgrading from Windows XP to Windows Vista Enterprise
Miscellaneous
When I try to install the ISA Server 2004 hotfix on the server, I receive an error stating that Windows Installer cannot install the upgrade patch because the program to be upgraded may be missing
The list of user profiles on a client computer says "None"
The Windows Firewall settings list some applications twice, and one of the duplicated listings has its check box selected and is grayed out
Troubleshooting Mobile Devices
ActiveSync cannot be installed when a mobile device is connected to the client computer.
Cause: If a mobile device is connected to the client computer, ActiveSync cannot be completely installed.
Solution: Disconnect the mobile device from the client computer, log off, log on again, and then reinstall ActiveSync.
For more information, open Help and Support and search for "To connect a mobile device by using a cradle or cable."
Pocket PC 2003 is not automatically configured to synchronize with the server.
Cause: The server is configured to connect to the Internet using a dialup connection instead of a broadband connection.
Solution: Configure the Pocket PC 2003 using the instructions that came with your device, and manually configure it to synchronize with the server. You must also disable Secure Sockets Layer (SSL) on the mobile device.
Note
Before beginning the following procedure, obtain the server's fully qualified internal computer name and NetBios domain name.
To disable SSL on the mobile device
1.
Click Start, and then open ActiveSync.
2.
Click Tools, and then click Options.
3.
Click the Server tab, and then clear the This server uses an SSL connection check box.
Important
Disabling SSL means that you will send user name and password information over the network. Ensure that you have enabled Wired Equivalent Privacy (WEP) encryption on your wireless LAN.
After running the Get Connected Wizard and selecting "Synchronize with this desktop computer," my mobile device is not synching with my Inbox, calendar or contacts.
Cause: This problem can occur if any of the following conditions are true:
* The server is not connected to the Internet.
* The server is connected to the Internet using a dial-up connection.
* The user has configured ActiveSync to synchronize the mobile device with the server.
Solution: Manually configure ActiveSync to synchronize with the desktop computer.
To manually configure ActiveSync to synchronize with the desktop computer
1.
Plug the mobile device into the cradle.
2.
On the desktop computer, click Start, click All Programs, and then click Microsoft ActiveSync.
3.
Click Tools, and then click Options.
4.
On the Sync Options tab, clear the Enable synchronize with a server check box.
5.
When prompted to remove all synchronized data using ActiveSync, click OK.
6.
Select the Inbox, Calendar and Contacts check boxes, and then click OK.
The device then synchronizes with the desktop computer.
Note
The Routing and Remote Access (RRAS) Wizard configures mobile devices to synchronize with the server by default. Each time you run the RRAS Wizard, you must use the preceding steps to configure mobile devices to synchronize with the desktop computer.
Using a hardware router prevents synchronization when the mobile device is cradled.
Cause: If the server is configured with a single network card and a hardware firewall, routers that have built-in IP spoofing protection do not allow internal client computers to connect to the external domain.
Solution: Consult with your hardware provider for updated firmware for your specific device. As an alternative, you can add a DNS zone to bypass IP spoofing by some hardware routers.
To add a DNS zone
1.
Click Start, click Run, and then type dnsmgmt.msc. The DNS Management Console appears.
2.
Double-click your server name in the console tree.
3.
In the details pane, right-click Forward Lookup Zone, and then click New Zone. The New Zone Wizard appears. Click Next.
4.
On the Zone Type page, select Primary Zone, clear the Store the zone in Active Directory (available only if DNS Server is a domain controller) check box, and then click Next.
5.
On the Zone Name page, in the Zone Name box, type the fully qualified domain name of your external domain (for example, www.externaldomainname.com), and then click Next.
6.
On the Zone Files page, click Next.
7.
On the Dynamic Update page, select Do not allow dynamic updates, and then click Next.
8.
Click Finish to close the New Zone Wizard.
9.
Right-click the new zone in the DNS Management Console details pane, and then click New Host (A). The New Host dialog box appears.
10.
Leave the Name field empty. In the IP address box, type the Server Local Area IP address, and then click Add Host.
11.
Click OK, and then click Done to close the New Host dialog box.
The initial synchronization of the mobile device failed.
Cause: ActiveSync cannot create Microsoft Office Outlook 2003 profiles. If the user starts ActiveSync before running Outlook 2003, the user receives an error message stating that the profile cannot be found.
Solution: Connect the mobile device by using the cradle or cable, open Outlook, and then reconnect the mobile device.
The user cannot browse the Internet when the mobile device is connected using the cradle or cable (applies only if Internet Security and Acceleration Server 2000 is installed).
Cause: If you connect the mobile device by using a cradle or cable, you are considered anonymous when browsing the Internet. If ISA Server is installed on the computer running Windows Small Business Server 2003, anonymous browsing is not allowed.
Solution: Follow the instructions for Microsoft Pocket PC Phone Edition 2002, Microsoft Pocket PC Phone Edition 2003, or Microsoft SmartPhone 2003, and then follow the instructions to configure ActiveSync settings.
To configure connection settings for Microsoft Pocket PC 2003 or Microsoft Pocket PC Phone Edition 2003
1.
On the mobile device, click Start, and then click Settings.
2.
On the Connections tab, click Connections.
3.
Click Set up my proxy server.
4.
On the Proxy settings tab, check the This network connects to the Internet box, and then check the This network uses a proxy server to connect to the Internet box.
5.
Type the proxy server name, and then click Advanced.
6.
In the Port box, type 8080.
7.
Click OK, and then click OK again.
To configure connection settings for Microsoft SmartPhone 2003
1.
On the mobile device, select Start, select Settings, and then select Date connections.
2.
Select Menu, select Edit Connections, and then select Proxy Connections.
3.
Select Menu, and then select Add.
4.
In the Connects From box, select Work. In the Connects To box, select The Internet.
5.
In the Proxy (name:port) box, type the server name and port, using the following format:
6.
ServerName :8080
7.
Type your user name and password, and then select Done.
To configure connection settings for Microsoft Pocket PC Phone Edition 2002
1.
On the mobile device, click Start, and then click Settings.
2.
On the Connections tab, click Connections.
3.
Under Work Settings, click Modify.
4.
On the Proxy settings tab, check the This network connects to the Internet box, and then check the This network uses a proxy server to connect to the Internet box.
5.
Type the proxy server name, and then click Advanced.
6.
In the Port box, type 8080.
7.
Click OK, and then click OK again.
To configure ActiveSync settings
1.
On the client computer, click Start, point to All Programs, and then click Microsoft ActiveSync.
2.
On the Tools menu, click Options, and then click the Rules tab.
3.
In the Connection box (under Pass Through), click the down arrow, and then click Work.
The first time that you use the device to browse the Internet, you are prompted for a user name and password. Type a user name that is a member of the Windows Small Business Server Internet Users group, and save the password so that ActiveSync can synchronize with the server.
Note
If you still cannot browse the Internet, see the person responsible for your network to ensure that you have the correct permissions.
A connection cannot be established between the mobile device and the client computer.
Cause: There is a universal serial bus (USB) connection error.
Solution: Upgrade to the latest version of ActiveSync. If the user is already using the latest version, remove the mobile device from the cradle (or disconnect the cable), turn the device off and then back on, and then reconnect it.
The mobile device cannot be synchronized when connected using a cradle or cable.
Cause: The Pass Through option is not configured correctly in ActiveSync.
Solution: Configure the Pass Through option.
To configure the Pass Through option
1.
On the client computer, click Start, point to All Programs, and then click Microsoft ActiveSync.
2.
On the Tools menu, click Options, and then click the Rules tab.
3.
In the Connection box (under Pass Through), click the down arrow, and then click Internet.
For more information, see Microsoft ActiveSync Help. To open ActiveSync Help, click Start, point to All Programs, click Microsoft ActiveSync, and then click Help.
Outlook Mobile Access with Secure Sockets Layer (SSL) does not work on a SmartPhone 2002, PocketPC 2002, or Wireless Application Protocol (WAP) 2.0 phone.
Cause: Some of these devices are not supported using the Windows Small Business Server unsigned certificate.
Solution: Purchase a signed certificate from a trusted certification authority (CA) for the server to support these devices.
Other considerations for troubleshooting mobile devices.
If you continue to have a problem using your mobile device, consider the following questions:
* Does your mobile device have sufficient signal strength?
* Can you browse to other internal or external Web sites?
* Have you tried turning off the device and then turning it back on?
* Does your mobile device synchronize when connected to the server?
* Have you allowed access to the Outlook Mobile Access Web service from the Internet using the Configure E-mail and Internet Connection Wizard?
* Are you using an external router? Are ports 80 and 443 open and pointed to the server?
* Have you tried reconfiguring your mobile device?
To reconfigure your mobile device
1.
On the client computer, click Start, point to All Programs, and then click Microsoft ActiveSync.
2.
Connect the mobile device to the client computer by using the cradle or cable included with the device.
3.
Click Start, and then click All Programs.
4.
Click Small Business Server Tools, and then click Configure Mobile Device.
The device will be reconfigured with the original Windows Small Business Server settings, and users will be able to synchronize with the server within a few seconds.
Note
The mobile device configuration program is at the following location:
Program Files/Windows Small Business Server/Clients/SBSMobConfig.exe
For more information, open Help and Support and search for "To allow access to Web services on the server.
Troubleshooting E-mail
I cannot see my deleted mailbox item when I try to recover it by using the Recover Deleted Items option on the Tools menu in Outlook.
Cause: You may not have selected the folder or the parent folder from where the item was permanently deleted.
Solution: If you are recovering a permanently deleted mail item, ensure that you select the folder from which the mail was deleted. For example, if you have a subfolder in your Inbox named Meeting Minutes, you must select the Meeting Minutes folder before you choose the Recover Deleted Items option on the Tools menu.
If you are recovering a deleted folder, ensure that you select the parent folder of the deleted folder. For example, if you permanently deleted a subfolder named Meeting Minutes from your Inbox, you must select the Inbox folder before you choose the Recover Deleted Items option on the Tools menu.
Note
You cannot recover a permanently deleted item if the retention time for permanently deleted items has elapsed. The default retention time is 30 days. An administrator can run the Backup Configuration Wizard to change the retention time or to turn it off.
The Recover Deleted Items option is disabled on a Windows XP-based client computer.
Cause: There are two possible causes. First, you may be using Outlook over the Internet (which is also called "RPC over HTTP") to check your e-mail. Second, you may have manually joined the Windows XP-based client computer t o the Windows Small Business Server network. If you did, then you bypassed Windows Small Business Server Client Setup, which enables the Recover Deleted Items option in Outlook.
Solution: You must manually enable the Recover Deleted Items option.
Note
You must log in as an Administrator of the client computer to complete the following procedure.
To manually enable the Recover Deleted Items option
1.
On the client computer, exit Outlook.
2.
Click Start, click Run, and then in the Open text box, type regedit.
Caution
Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer.
3.
Browse to HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Exchange\ Client\ Options.
4.
From the Edit menu, click New, and then click DWORD Value.
5.
Type the name DumpsterAlwaysOn.
Note
Do not type any spaces in the name.
6.
Double-click DumpsterAlwaysOn, and then in the Value Data field, type 1.
7.
Restart Outlook.
I have more than one e-mail domain name, and the E-mail Domain page of the Configure E-mail and Internet Connection Wizard allows me to enter only one of the domain names.
Cause: The Configure E-mail and Internet Connection Wizard can configure reply-to addresses for only one e-mail domain on the E-mail Domain page.
Solution: Use one of the e-mail domain names when you run the wizard. Then, you can create a custom recipient policy in Exchange Server 2003 for a second e-mail domain. The custom recipient policy creates the appropriate e-mail addresses for users in the second e-mail domain.
For more information, search for "Create a New Recipient Policy" in Exchange server Help. To access Exchange server Help, click Start, click Server Management, and then press F1.
Unsolicited e-mail is being delivered to Exchange server mailboxes.
Cause: Connection filtering is not configured on your Exchange server.
Solution: Exchange 2003 supports connection filtering based on block lists, which are lists that can be queried by your Exchange server to identify verified spam sources. Connection filtering uses external services that list known sources of unsolicited e-mail, dial-up user account lists, and servers open for relay based on IP addresses on block lists that they maintain. Connection filtering complements third-party content filter products. You can also configure connection filtering without using a block list provider by creating global accept and deny lists of SMTP addresses from which you want to globally accept or deny all e-mail.
To configure connection filtering, you must first create and configure a connection filtering rule, and then apply it your SMTP virtual server. For more information, search for "Configure Connection Filtering" in Exchange server Help. To access Exchange server Help, click Start, click Server Management, and then press F1.
Troubleshooting Monitoring
I have received an alert notification that a user account is under attack.
Cause: A user has repeatedly tried to log on due to losing or forgetting the user account password. This alert occurs when the number of failed logons for a specific user exceeds the Account Lockout Threshold.
Solution: Reset the user account password.
Note
To complete the following procedure, you must be logged on as a member of the Domain Admins security group.
To reset a user's password
1.
Click Start, and then click Server Management.
2.
In the console tree, click Users.
3.
In the details pane, select a user account, and then click Change Password.
4.
Type and confirm the new password.
5.
Select or clear the User must change password at next logon check box, and then click OK.
Cause: An actual attack has occurred. This alert occurs when the number of failed logons for a specific user exceeds the Account Lockout Threshold.
Solution: You need to do the following if you suspect the account is under attack:
* Unplug the Internet cable from your server or router if you are certain that your network has been attacked. Open Event Viewer and view the audit logon events in the Security Events log to determine if an attack has occurred.
To open Event Viewer
1.
Click Start, and then click Server Management.
2.
In the console tree, click Monitoring.
3.
In the details pane, click View Event Logs.
* View the event log to try and determine the IP address from which the attack is originating. Contact your Internet service provider (ISP) to report or block it.
* Check for any unknown user accounts by using the Manage Users snap-in in Server Management.
* Reset the user's password.
* Reset the administrator password.
* Disable the user account until the threat of the network attack passes.
Note
To complete the following procedure, you must be logged on as a member of the Domain Admins security group.
To disable a user account
1.
Click Start, and then click Server Management.
2.
In the console tree, click Users.
3.
In the details pane, select a user account, and then click Disable Account.
Note
Disable accounts are not removed, but you cannot use them to log on or to access network resources.
* Consider setting strong password policies.
Note
To complete the following procedure, you must be logged on as a member of the Domain Admins security group.
To configure password policies
1.
Click Start, and then click Server Management.
2.
In the console tree, click Users.
3.
In the details pane, click Configure Password Policies.
4.
Select the check boxes to configure the policies you want, select when you want the policies to become effective, and then click OK.
If you are still setting up the network and thus do not want the policies to be effective yet, you can choose to make them effective in a few days.
Note
This action changes the password policies used in your entire network. Enabling or changing password policies requires all users to change their passwords the next time they log on to the network.
For more information about keeping your network secure, visit the Microsoft Security and Privacy Web site (http://go.microsoft.com/fwlink/?LinkID=102).
Usage information for Internet activity cannot be viewed in the server usage reports.
Cause: You might be using a router as a firewall to access the Internet. If so, usage information for Internet activity cannot be included in the report because Windows Small Business Server 2003 is unable to monitor firewall statistics for third-party devices.
Solution: Install a second network adapter on the computer running Windows Small Business Server 2003, and then enable the Routing and Remote Access service as the firewall on the server by using the Configure E-mail and Internet Connection Wizard.
Cause: You might be using the Internet Security and Acceleration (ISA) Server firewall to access the Internet. Windows Small Business Server 2003 is unable to monitor firewall statistics for ISA Server.
Solution: Configure ISA Server for monitoring and reporting. For more information about configuring ISA Server for monitoring and reporting, search for "Configure monitoring and reporting" in the ISA Server Help. To access ISA Server Help, click Start, click Server Management, and then press F1.
I am not receiving server performance or usage reports in Outlook Express.
Cause: By default, Outlook Express blocks certain file attachments in e-mail to prevent you from opening potentially harmful attachments. As a result, you may not be able to open server performance or usage reports.
Solution: Configure Outlook Express to allow attachments.
To configure Outlook Express to allow attachments
1.
Open Outlook Express.
2.
On the Tools menu, click Options.
3.
On the Security tab, clear the Do not allow attachments to be saved or opened that could potentially be a virus check box, and then click OK.
Note
E-mail attachments can contain viruses. It is recommended that you open files sent by a reliable source only and that you use antivirus software to scan files received in e-mail.
Server performance or usage report does not contain all selected log files.
Cause: If a selected log file has not changed since the last time it was attached to a server performance or usage report, or if no new files exist for applications that generate multiple log files (such as Internet Information Services), the server performance or usage report will not contain attachments for those selections.
Solution: No action is required. To review the latest version of a selected log file, open the file attachment from the previously delivered server performance or usage report.
Services set to start automatically stop running.
Cause: When configured to start automatically, a small number of services may stop running if they are not performing any tasks. When this happens, these services are reported in the server performance report as not running. This is known to occur with the following services:
* Fax
* Performance Logs and Alerts
* Removable Storage
Solution: The noted services are designed to stop running when they are not being used. If you do not want these services to be reported in the server performance report when they are not running, you can change the Startup type for the service to Manual.
To change the startup type for a service to Manual
1.
Click Start, and then click Server Management.
2.
In the console tree, click Monitoring and Reporting, and then click View Services.
3.
In the details pane, right-click the service that you want to change, and then click Properties.
4.
For Startup type, select Manual, and then click OK.
For more information, open Help and Support and search for "Monitoring overview."
Monitoring alerts are not being delivered.
Cause: After a Health Monitor configuration is imported using the Import Health Monitor Configuration Wizard, imported actions may not run as expected. This problem can occur when settings for imported actions remain associated with the computer from which they were exported. For example, the SMTP server specified for e-mail actions could be inaccurate, or an inaccurate file path could be specified for script actions.
Solution: Review the settings for the imported actions and make changes as necessary.
To view the imported actions
1.
Click Start, point to Administrative Tools, and then click Health Monitor.
2.
In the console tree, click Actions.
3.
In the details pane, right-click an action, and then click Properties.
4.
Review the settings on each tab, and modify as necessary.
5.
Repeat steps 3 and 4 for each action.
For more information, open Help and Support, and then search for "To update settings for an imported Health Monitor configuration."
Troubleshooting Backup and Restore
The server locks down, reporting Event ID 21192 and the error message, "The ISA Server Web filter was unable to connect to MSDE database...."
Cause: If your server is running Internet Security and Acceleration (ISA) Server, then at midnight ISA Server creates a new MSDE instance to store the next day's logging information for the Web and proxy traffic. If a backup is also a scheduled to begin at midnight, there is a conflict between the ISA Server MSDE instance and the backup process, and this conflict causes the server to lock down.
Solution: To exit the lockdown, restart the Microsoft Firewall service.
To restart the Microsoft Firewall service
1.
Click Start, point to Administrative Tools, and then click Services.
2.
In the list of services, right-click the Microsoft Firewall service, and then click Properties.
3.
Ensure that the Startup type is set to Automatic.
4.
In Services status, click Start, and then click OK.
To prevent this issue in the future, schedule the server backup to start at either 11:30 P.M. or 12:30 A.M. This ensures that there is no conflict between the ISA Server MSDE instance and the backup process.
To modify the Backup schedule settings
1.
Click Start, and then click Server Management.
2.
In the Admin Console, in Standard Management, click Backup.
3.
In the details pane, click Modify the Backup Schedule. The Backup Configuration Wizard starts.
4.
On the Define Backup Schedule page, in the Start Backup at list box, choose either 11:30 P.M. or 12:30 A.M. or later.
Quarantined virus files are not backed up, and your backup reports a failed status.
Cause: If the quarantine folder for your antivirus software is saved to a volume that is protected by a previous version of Volume Shadow Copy service, then the shadow copy captures the quarantine folder. As a result, the shadow copy includes viruses.
Solution: You can either use the antivirus software to move the quarantine folder to a volume that is not protected by Volume Shadow Copy service or configure the anti-virus application to delete infected files instead of having them quarantined.
For more information about resolving this issue, if you are using TREND Micro, Inc. antivirus software on your server, see Article 888035, “Quarantined virus files are skipped and your backup reports a failed status on your Windows Small Business Server 2003-based computer” at the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkID=70319).
I do not have a backup copy of the mailbox database on my server.
Cause: You have not configured a back up solution for your mailbox database.
Solution: Use the recovery storage group feature in Exchange Server 2003 to create a backup copy of the Exchange mailbox database on the server. You can do this while the original database is still running and serving client computers. For information about how to create a backup copy of the Exchange mailbox database on the server, see "Using Microsoft Exchange Server 2003 Recovery Storage Groups" at the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkID=70663).
The NTBackup log is blank.
Cause: NTBackup.exe is being manually ended from the Task Manager, or NTBackup.exe encountered an error during launch.
Solution: Run NTBackup manually, and load the Small Business Backup Script.
To run NTBackup manually and load the script
1.
Click Start, click Run, type ntbackup, and then press Enter. The Backup or Restore Wizard launches.
2.
On the Welcome to the Backup or Restore Wizard page, click Advanced Mode.
3.
Click the Backup tab.
4.
From the Job menu, choose Load Selections.
5.
In the File Name box type %sbsprogramdir%\backup.
6.
Click Small Business Backup Script.bks to select, and click Open.
7.
On the Backup tab, click Start Backup.
If the backup succeeds, run the Windows Small Business Server Backup Configuration Wizard from the Backup taskpad in Server Management. If the problem persists, click Start, click Server Management, click the Information Center link, and then click either Community Website or Technical Support to get information about the problem.
If the backup fails, consult the error message for further information about the problem.
Backup fails, reporting "'Script.bks' file not found."
Cause: The Exchange Information Store is not running.
Solution: Start the Exchange Information Store.
To start the Exchange Information Store
1.
Click Start, click Run, and then type Services.msc.
2.
In the details pane, right-click Microsoft Exchange Information Store, and then click Start.
Cause:
* A folder explicitly marked to be included in the backup is not on the system.
* The Small Business Backup Script has been deleted or is corrupted.
* The UNC path you are backing up to does not exist or is inaccessible.
Solution: Re-run the Backup Configuration Wizard from the Backup snap-in in Server Management, accepting the defaults to reset.
Redirection of My Documents failed.
Cause: Certain files cannot be made available offline. Files with the following extensions cannot be made available offline:
* .db*
* .ldb
* .mdb
* .mde
* .mdw
* .pst
* .slm
When you have configured users' My Documents folders to be redirected to the server, files with these extensions are saved to the server only, and they are not saved at logon or logoff to the client computer.
The following error message appears if you try to synchronize these types of files:
"Warnings occurred while Windows was synchronizing your data. Results: Offline files.Unable to make file name available offline. Files of this type cannot be made available offline."
For more information about this issue, see article 252509, "Error Message: Files of This Type Cannot Be Made Available Offline," in the Microsoft Knowledge Base.
Solution: If you have a file that cannot be made available offline and you want to avoid seeing this message at logoff and logon, you can perform one of the following actions:
* Move the files that cannot be made available offline out of the My Documents folder and in to a shared folder on the server.
* Disable offline files.
In both of these instances, a file that cannot be made available offline will be unavailable if the server becomes unavailable. However, it will be included in the backup of the server by default. If you disable offline folders, none of your files, regardless of whether they can be made available offline, will be available if the server becomes unavailable.
To disable offline files
1.
In Windows Explorer, click Tools, and then click Folder Options.
2.
On the Offline Files tab, clear the Enable Offline Files check box.
Volume Shadow Copy Services fails, reporting error number 800xxxxx.
There are several causes for Volume Shadow Copy Services failure. They are listed in order of probability:
* Low disk space on a drive with Volume Shadow Copies Services enabled.
* The disk is highly fragmented.
* SQL Server 2000 is installed and one or more databases have a recovery model that is not set to Simple. Windows Small Business Server 2003 Backup can back up a database only if its recovery model is set to Simple.
* An Event Log is larger than 64 megabytes (MB).
* Directory Service Access auditing is enabled.
Use the information in the following sections to determine which of these issues is causing Volume Shadow Copy Services to fail and to correct the failure.
Cause: Low disk space on a drive with Volume Shadow Copies Services enabled.
Solution: Increase the space available on the system drive and on the drive with previous versions (Volume Shadow Copy Services) enabled.
To verify that a drive with Volume Shadow Copies Services enabled has low disk space
1.
Click Start, and then click My Computer.
2.
Click the Shadow Copies tab.
3.
Click the volume that has Shadow Copies enabled, and then click Settings.
4.
In the Storage Area dialog box, click Details, and compare the Used and Maximum Size columns to determine whether disk space is low.
Cause: The disk is highly fragmented.
Solution: Defragment all system hard disks.
Cause: SQL Server 2000 is installed and one or more databases have a recovery model that is not set to Simple. Windows Small Business Server 2003 Backup cannot back up this type of database.
Solution: Set the SQL Server 2000 database recovery model to Simple.
To set the SQL Server 2000 database recovery model to Simple
1.
Open SQL Server Enterprise Manager.
2.
Double-click Microsoft SQL Servers, double-click SQL Server Group, (Local), and then double-click Databases.
3.
Right click each database, choose Properties, and then on the Options tab, under Recovery, set the model to Simple.
For more information about SQL Server database recovery models, see SQL Server Help and search for "recovery model."
Cause: An Event Log is larger than 64 MB.
Solution: Reduce the size of the Event Log to a maximum of 64 MB.
Note
To complete the following procedure, you must be logged on as a member of the Domain Admins security group.
To reduce the size of the Event Log
1.
Click Start, click Administrative Tools, and then click Event Viewer.
2.
In the console tree, click any Event Log that is larger than 64 MB.
3.
On the Action menu, click Properties.
4.
On the General tab, in Maximum log size, specify a log size of 64000 kilobytes or less.
5.
To put the new setting in effect, click Clear Log.
If you want to retain the information currently in the log, click Yes when a message appears asking if you want to save the original log before clearing it, and then click OK.
Cause: Directory Service Access auditing is enabled.
Solution: Disable Directory Service access auditing.
To verify that Directory Service Access auditing is enabled
1.
Click Start, click Run, and then type rsop.msc.
2.
In the details pane, double-click Computer Configuration, double-click Windows Settings, double-click Security Settings, double-click Local Policies, and then double-click Audit Policy.
3.
In the Computer Setting column, verify that it reads either Success or Failure.
If Directory Service Access is not enabled, the entry in the Computer Setting column will read No auditing.
To disable Directory Service access auditing
1.
Click Start, and then click Server Management.
2.
In the console tree, click Advanced Management, and then click Group Policy Management.
3.
Navigate to /Forest/Domains/your domain/Domain Controllers, and then right-click Small Business Server Auditing Policy.
4.
Click Edit to open Group Policy Object Editor.
5.
In Group Policy Object editor, navigate to Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy.
6.
Double-click Audit directory service access.
7.
Clear the Success and Failure boxes if they are checked.
8.
Click Start, click Command Prompt, and then type gpupdate /Force to refresh the policy setting.
Portions of a file are not backed up.
Cause: The destination of the backup has previous versions (Volume Shadow Copy Services) enabled on it, and the allocated space for previous versions does not have enough room for the entire backup file.
Solution: Either disable previous versions (Volume Shadow Copy Services) by using the Backup Configuration Wizard or choose another destination for the backup.
Note
Backing up to a volume on which previous versions are enabled will drastically reduce the number of previous versions from which users can restore.
Backup fails, reporting "A fixed drive is not a valid drive."
Cause: A timeout occured while writing the backup file to the destination.
Solutions:
* If you are backing up to a network share, ensure the UNC path you are backing up to is always accessible.
* Ensure the drivers for the media of the backup destination are up to date. Contact the manufacturer for information about updating your drivers.
* Ensure there is no excessive activity on the device you are backing up to.
Cause: The drive you are backing up to is low on disk space.
Solution: Ensure the disk to which you are backing up has adequate disk space to hold the backup.
Backup fails, reporting "Tape media not found."
Cause: No tape is in the drive.
Solution: Put a tape in the drive.
Cause: The system does not recognize the tape drive.
Solutions:
* Ensure the tape in the drive is a tape that works with the drive.
* If the tape drive is external, ensure the power of the tape drive is on.
* Ensure that the system is detecting the tape drive.
To ensure that the system is detecting the tape drive
1.
Click Start, click Administrative Tools, and then click Computer Management.
2.
In the left pane, click Device Manager.
3.
Navigate to the tape drive and double-click it to view Device status.
4.
If the device is not working properly, click Troubleshoot to fix the problem.
* Ensure the drivers for the media of the backup destination are up to date. Contact the manufacturer for information about updating your drivers.
* Be sure the tape drive is compatible with Windows Small Business Server 2003. Consult the Windows Catalog Web site (http://go.microsoft.com/fwlink/?LinkID=16906).
Backup fails, reporting error number 8007422.
Cause: Windows Management Instrumentation needs to be started in order for Windows Small Business Server Backup to determine success or failure.
Solution: Start Windows Management Instrumentation.
To start Windows Management Instrumentation
1.
Click Start, click Run, and then type Services.msc.
2.
In the details pane, right-click Windows Management Instrumentation, and then click Start.
If the problem persists, click Start, click Server Management, click the Information Center link, and then click either Community Website or Technical Support to get information about the problem.
Backup fails, reporting "End of media encountered."
Cause: The backup does not fit on the media to which you are backing up.
Solutions:
* Reduce the size of the backup by excluding folders from the backup using the Backup Configuration Wizard.
* Purchase a backup device with larger capacity.
Cause: The destination of the backup is a hard drive formatted with the FAT file system. Drives formatted with FAT support a file size of up to 4 GB. If your backup is larger than 4 GB, it exceeds the size of the destination hard drive.
Solution: Convert the drive to the NTFS file system using convert.exe. For information about using convert.exe, see article 214579, "How to Use Convert.exe to Convert a Partition to the NTFS File System," in the Microsoft Knowledge Base.
Cause: The backup does not fit on the hard drive to which you are backing up.
Solution: Increase the amount of space available on the drive for the backup.
Backup fails, reporting "An inconsistency was encountered."
Cause: You are backing up to a UNC path on the local computer that is currently being backed up.
Solution: Use the Backup Configuration Wizard to change the destination of the backup to another location. Alternately, you can use the wizard to exclude the UNC path from the backup.
Users cannot restore files because the Previous Versions tab in the My Documents Properties dialog box is missing.
Cause: If storage allocation has been enabled for deleted files, and the location to which My Documents is redirected has recently been changed, then the regularly scheduled snapshot has not occurred.
Solution: No action is required. The Previous Versions tab will appear after the next regularly scheduled snapshot occurs. By default, snapshots are scheduled to occur at 7:00 A.M. and at noon.
Note
If you have not run Client Setup on your client computer, you might need to manually install the Shadow Copy client. To manually install the Shadow Copy client, from the client computer click Start, click Run, and then type:
\\server\ClientApps\ShadowCopy\SHADOWCOPYCLIENT.MSI
Troubleshooting Internet Access
I want to switch from using my existing DHCP server, such as a router device, to using Windows Small Business Server 2003 as my DHCP server.
Cause: You must disable the existing DHCP server, install the DHCP Server service on your computer running Windows Small Business Server 2003, and then configure the DHCP scope for your network.
Solution: Using Windows Small Business Server 2003 as your DHCP server ensures that your DHCP settings are properly configured for the local network. Not all DHCP scope options for the Windows Small Business Server network can be configured for the DHCP service of all router devices.
For information about how to install and configure DHCP on your Windows Small Business Server network, open Help and Support and search for "Installing a DHCP server."
I need to modify the phone number used by my dial-up connection to connect to the Internet.
Cause: If you use a dial-up connection to connect to the Internet, the dialing is handled by the firewall on your computer running Windows Small Business Server 2003. As a result, to change the phone number used by the dial-up connection to the Internet, you must modify the connection information in the firewall settings for your computer running Windows Small Business Server 2003.
Solution: The easiest way to change the phone number used by your dial-up connection is to run the Configure E-mail and Internet Connection Wizard and add a new dial-up connection.
Note
If you do not want to modify settings defined in the last run of the wizard for a specific component, select the option to not make changes for that component. You can then bypass the associated pages for that component.
Note
Running the Configure E-mail and Internet Connection Wizard does not require the computer running Windows Small Business Server to restart. However, users will experience a temporary loss of connectivity to the Internet while necessary services are restarted.
I am having problems connecting to the server from a client computer.
Cause: The network adapter on the client computer might be configured with a static IP address. Since the server performs network services that are dependent on the IP address of the local network adapter, using a statically assigned IP address on a client computer may result in connectivity issues with these services.
Solution: Configure the client computer to use DHCP to acquire an IP address. You must use an IP address that is within the scope of your existing firewall device.
If a router provides the DHCP service, you must configure the service for your network. For more information, see Appendix C in Getting Started.
I need to change the IP address of the network adapter that connects to the Internet from dynamically assigned to statically assigned (or vice versa).
Cause: The DHCP server at your Internet service provider (ISP) has switched from using a dynamic IP address to using a static IP address.
Solution: Reconfigure the network connection.
To reconfigure the network connection
1.
On a computer running Windows Small Business Server 2003, click Start, point to Control Panel, point to Network Connections, and then click the network connection you want to reconfigure.
2.
Double-click Internet Protocol (TCP/IP), and then modify how the IP address is assigned to the network connection.
Important
If you are using a router to connect to the Internet, you must use a static IP address for the external interface (the interface that connects to your ISP) of the router. For more information, see the router manufacturer's documentation.
Troubleshooting Your Intranet
The user is prompted for credentials when trying to access the internal Web site.
Cause: The internal Web site is based on Windows SharePoint Services. To use this site, users must be members of a Windows SharePoint Services site group. A user who is prompted for credentials does not have a site group membership.
Solution: Create user accounts based on Windows Small Business Server templates. User accounts based on these templates have permission to access the internal Web site because the templates are members of the site groups by default.
For more information, open Help and Support, and search for the topic "To add a user account."
Documents on the internal Web site cannot be saved or edited.
Cause: The client computer might be running a version of Microsoft Office that is earlier than Office XP.
Solution: Upgrade the application on the client computer to Office XP or later so that the user can save or edit documents on the internal Web site.
Search is not available on the internal Web site.
Cause: The computer running Windows Small Business Server might be running Microsoft SQL Server Data Engine (MSDE). MSDE does not support full text searches.
Solution: Upgrade MSDE to SQL Server 2000 or later and add full text search components. Evaluation and Not for Resale versions of SQL Server cannot be used to upgrade MSDE.
The logon page for Remote Web Workplace appears in search engine results on the Internet.
Cause: Components of the Internet called "Web robots" automatically search and catalog documents and pages that are published to Web sites by following hyperlinks on the various pages that have been published. You may experience this problem if you are not running Windows SBS 2003 with Service Pack 1 or Windows SBS 2003 R2.
Solution: Either install Service Pack 1 for Windows SBS 2003 or upgrade your server to Windows SBS 2003 R2. By default, both of these prevent Web robots from cataloging Web sites on your server, including WWWRoot and Remote Web Workplace.
For more information about Web robots, see the Web site (http://go.microsoft.com/fwlink/?LinkId=25134).
Troubleshooting Shared Network resources
Faxes are not being received.
Cause: If no fax errors appear in the event log and you have an external modem and the fax service is running, the modem may need to be reset.
Solution: Unplug the modem, and plug it back in to reset it.
No option to route faxes to the document library ("Route to Document Library") is visible in the Fax Configuration Wizard or the Fax Admin console.
Cause: You uninstalled and then reinstalled Fax Services using Add/Remove Windows components in Control Panel.
Solution: Uninstall Fax Services using Add/Remove Windows components in Control Panel, and then reinstall the services using the Install option in Windows Small Business Server 2003 Setup.
Note
There is no option to "Reinstall" the Fax Services in Windows Small Business Server 2003 Setup.
To uninstall and then reinstall Fax Services
1.
Click Start, point to Control Panel, click Add or Remove Programs, and then click Add/Remove Windows Components.
2.
In the Windows Components Wizard, clear the Fax Services check box.
3.
Click Finish to close the wizard.
4.
In the Add or Remove Programs dialog box, under Currently installed programs, click Microsoft Windows Small Business Server 2003, and then click Change/Remove.
5.
Follow the instructions until you reach the Component Selection page.
6.
To install Fax, under Action for the Fax Services, click the drop-down list, and then change the action to Install.
7.
Click Next to continue. Follow the instructions for completing Setup.
Users are unable to log on to the server following a virus scan
Cause: You may encounter this issue if a virus is detected in an e-mail message while running a virus scan or while using real-time virus scanning on a computer running Windows Small Business Server 2003. In some scenarios, services and applications do not function properly. Event log messages are logged for affected services.
Solution: Consider excluding some folders (such as e-mail and fax queues, and SQL databases) from real-time virus scanning. If the antivirus software has a "quarantine" feature, consider turning it off. For information about how to do this, visit the Web site of your antivirus software provider, or consult the online Help or user manual that came with the antivirus software.
Consult your antivirus software provider to determine whether they offer an update for the problem.
Note
A quarantine state indicates that at least one virus was found and that your system may be infected. Make sure you have the latest virus signature installed on the server, and then perform a thorough scan for viruses. If quarantine happens repeatedly, ensure that all computers on the network have antivirus software running.
Services or applications do not function properly after a virus scan
Cause: You may encounter this issue if a virus is detected in an e-mail message while running a virus scan or when using real-time virus scanning on a computer running Windows Small Business Server 2003. In some scenarios, services and applications do not function properly. Event log messages are logged for affected services.
Solution: Consider excluding some folders (such as e-mail and fax queues, and SQL databases) from real-time virus scanning. If the antivirus software has a "quarantine" feature, consider turning it off. For information about how to do this, visit the Web site of your antivirus software provider, or consult the online Help or user manual that came with the antivirus software.
Consult your antivirus software provider to determine whether they offer an update for the problem.
Note
A quarantine state indicates that at least one virus was found and that your system may be infected. Make sure you have the latest virus signature installed on the server, and then perform a thorough scan for viruses. If quarantine happens repeatedly, ensure that all computers on the network have antivirus software running.
Troubleshooting Remote Connections
Users receive a security alert when they try to connect to a secure Web site on the computer running Windows Small Business Server 2003.
Cause: This commonly appears after using the Configure E-mail and Internet Connection Wizard to create an unsigned certificate for the company Web sites. Because the certificate was issued by Windows Small Business Server rather than by a trusted certification authority, the server itself is not being authenticated as the server that you want to connect to.
Solutions:
* The session is still encrypted, so it is not possible for others to view information that you are sending. Users can click Yes to accept the unsigned certificate. If your company requires a higher level of security, consider purchasing a signed certificate from a trusted certification authority.
* If the Web site is being accessed from a private computer from which the site will be accessed repeatedly in the future, users can click View certificate to install the certificate into the certificate store of the client computer.
Important
For security reasons, users should not install the certificate if they are accessing the secure Web site from a public computer, such as an Internet kiosk.
Sound cannot be disabled on remote desktop connections through the Remote Web Workplace.
Cause: The Hear sounds from the remote computer on this computer option on the computer selection page cannot be disabled until the Remote Web Workplace Web site is added to the trusted sites zone in Internet Explorer. By default, sound will be played.
Solution: Add the Remote Web Workplace to the trusted sites zone in Internet Explorer.
To add the Remote Web Workplace to the trusted sites zone in Internet Explorer
1.
Click Start, and then click Internet Explorer.
2.
On the Tools menu, click Internet Options.
3.
On the Security tab, click Trusted sites, and then click Sites.
4.
Under Add this Web site to the zone, type the URL for the Remote Web Workplace, and then click Add.
5.
Click OK, and then click OK again.
Using Remote Web Workplace to connect a remote computer to a client computer results in an error message before the connection is established.
Note
The client computer you are connecting to must be running Microsoft Windows XP or later.
Cause: The client computer may not be turned on.
Solution: Verify that the client computer is powered on and connected to the Windows Small Business Server network.
Cause: Remote Desktop connections may not be enabled on the client computer.
Solution: Verify that Remote Desktop is enabled on the computer you are connecting to.
Note
To complete the following procedure, you must be logged on as a member of the Domain Admins security group.
To enable Remote Desktop
1.
Click Start, click Control Panel, click Performance and Maintenance, and then click System.
2.
On the Remote tab, select the Allow users to connect remotely to this computer check box.
3.
Ensure that you have the proper permissions to connect to your computer remotely, and then click OK. You must be an administrator or a member of the Remote Desktop Users group to connect remotely to your computer.
Verify that Remote Desktop is enabled by creating a Remote Desktop connection from another computer on the Windows Small Business Server network, and then attempting to connect to your computer. To start Remote Desktop, click Start, point to All Programs, point to Accessories, point to Communications, and then click Remote Desktop Connection.
If you are running any firewall software on the client computer, ensure that it is not blocking access to port 3389 (the port specific to Remote Desktop Connections). For more information, see the firewall manufacturer's documentation.
Cause: The remote computer may have reached the maximum number of allowed connections.
Solution: Verify that the computer you are connecting to has not reached the maximum number of allowed connections. If you are connecting to a computer running Windows XP Professional, only one user can be connected at a time. If you are connecting to an application sharing server, connections are determined by the number of client access licenses (CALs) purchased by your company. For more information, see your administrator.
Cause: Firewall settings may be blocking port 4125.
Solution: Verify that port 4125 (the port specific to the Remote Web Workplace) is open to the Internet on the computer running Windows Small Business Server. If you ran the Configure E-mail and Internet Connection Wizard, and chose to publish the Remote Web Workplace, this is configured automatically on the server. If you have a router or firewall device that does not support UPnP, you must manually configure this device to accept Internet traffic through port 4125. For more information, see the device manufacturer's documentation.
If the computer running Windows Small Business Server is running Microsoft Internet Security and Acceleration (ISA) Server, run the Configure E-mail and Internet Connection Wizard, choose to publish the Remote Web Workplace, and ISA Server will be automatically configured to allow Remote Desktop connections.
If you are connecting from a remote computer that accesses the Internet through ISA Server, the person responsible for ISA Server must create a protocol rule allowing outbound traffic through port 4125. You must also install ISA Firewall Client on the remote computer.
Verify that your Internet service provider (ISP) is not blocking Internet traffic through port 4125.
A client computer does not appear in the Computers list after you click Connect to my computer at work.
Cause: The client computer has not been joined to the Windows Small Business Server domain.
Solution: Join the client computer to the Windows Small Business Server domain.
To join the client computer to the Windows Small Business Server domain
1.
Open Internet Explorer, and type the following URL in the address bar:
https://servername/connectcomputer (where servername is the name of the computer running Windows Small Business Server 2003).
2.
Click Connect to the network now, and follow the instructions in the Network Configuration Wizard to join the client computer to the Windows Small Business Server domain.
Cause: The client computer is not running Windows XP Professional or later.
Solution: Verify that the client computer is running Windows XP Professional or later.
Cause: You are attempting to access the Remote Web Workplace from the computer you are logged on to.
Solution: Access the Remote Web Workplace from another computer.
Note
Computers running server operating systems do not appear in the list of computers you can connect to. Application sharing servers are available through the Connect to my company’s application-sharing server link.
Links appear in and disappear from the Remote Web Workplace.
Cause: Remote Web Workplace links are dynamic, and are based on Windows Small Business Server network features that are available from the Internet. Links may also be manually disabled by your network administrator for security reasons, and they may not appear if you are accessing the Remote Web Workplace from a public or shared computer that is using an earlier browser.
Solution: This behavior is by design. If a link that you regularly use disappears, contact your administrator, upgrade the browser on the public or shared computer to the latest version, or access the Remote Web Workplace from a computer that is not public or shared.
Remote Web Workplace features are inaccessible with my Web browser.
Cause: Some browsers do not support technology required by the Remote Web Workplace. This technology may include the use of unsigned certificates, ActiveX Controls (which are required for Remote Desktop sessions), and Windows Integrated Authentication (which is required for accessing Monitoring links and your company's internal Web site).
Solution: Upgrade to the latest version of the Web browser and ensure the browser supports the noted technologies.
The connection to the Remote Web Workplace is frequently interrupted or lost.
Cause: The Remote Web Workplace contains a built-in timeout feature for security reasons. When your session has been inactive for a specified period of time, you are logged off automatically. The Remote Web Workplace will timeout after 20 minutes of inactivity by default if you use the site from a public or shared computer. If the computer is not public or shared, the timeout is 120 minutes by default.
Solution: If you would prefer the 120-minute timeout, you can access the Remote Web Workplace from a computer that is not public or shared, and clear the I'm using a public or shared computer check box on the logon page.
If you need more time, contact your network administrator. The timeout values for the Remote Web Workplace can be manually configured. However, seriously consider the security implications of a longer timeout.
Cause: If you run a backup program or antivirus scan while remote users are connected to the network, Remote Web Workplace remote desktop sessions may be disconnected. If this occurs, the error message "An Internal Error has occurred" appears, and users are returned to the Remote Web Workplace computer selection page or log on page. At this point, users can log back on to the remote computer and resume work.
Solution: A supported fix is available from Microsoft. For more information, see Knowledge Base article 821438 at the Microsoft Product Support Services Web site (http://go.microsoft.com/fwlink/?LinkId=19635).
Note
As a best practice, backups and antivirus scans should be scheduled for times when users are least likely to be logged on to a remote session.
Cause: Certain Internet connection types, such as dial-up and PPoE connections, may be subject to timeouts due to inactivity.
Solution: This is by design. Contact your Internet service provider if you require a longer timeout period.
Cause: Intermittent drops in connectivity may result from wireless or faulty network connections.
Solution: Ensure that network hardware is not resetting. See your hardware vendors documentation.
The company name on the logon page is incorrect or has changed.
Cause: The name on the logon page of the Remote Web Workplace is the company name that was specified during Windows Small Business Server Setup.
Solution: You can change this name by editing the following registry entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ RegisteredOrganization
Caution
Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer.
Note
Only names of 50 characters or less are supported.
The link in the Remote Web Workplace introductory e-mail does not work.
Cause: Some e-mail programs, such as Outlook Web Access, may block links as a security precaution. Additionally, the Web site address may not be registered or immediately available.
Solution: Type the address into your Web browser's address bar, or try the link later or from a different computer. If the site still does not appear, contact your network administrator.
Troubleshooting Client Computer Licensing
Users are unable to log on to the network or access network resources
Cause: If Small Business Server 2003 cannot validate the number of installed client access licenses (CALs), the number of available licenses will be reset to five. This can occur if Active Directory is unavailable or if the license store becomes corrupt. When this happens, you will receive an error message that will also be logged to the System event log. The following error is also recorded in the Application event log:
"No license was available for user Domain\Username using product Productname. Use Licensing from the Administrative Tools folder to ensure that you have sufficient licenses."
Solution: To correct this problem, restore the CALs from a valid license store using the Restore License Wizard, or from System backup using the Backup or Restore Wizard. Alternately, you can use the Add License Wizard to reissue them.
Note
To complete the following procedures, you must be logged on as a member of the Domain Admins security group.
To restore CALs using the Restore License Wizard
1.
Click Start, point to Administrative Tools, and then click Licensing.
Details about the currently installed CALs appear in the details pane.
2.
Click Restore Licenses.
3.
Follow the instructions to specify the file name and location of the backup file from which you want to restore the CALs.
To restore CALs using the Backup or Restore Wizard
1.
Insert the correct tape into the tape drive, or connect the removable hard drive to the system
2.
Open the Backup or Restore Wizard. To do this, click Start, click Run, type ntbackup, and then click OK.
If the Backup or Restore Wizard does not recognize the backup media, the Recognizable Media Found dialog box appears. Select Allow Backup Utility.
3.
On the Backup or Restore page, select Restore files and settings.
4.
On the What to Restore page, under Items to restore, select the files or folders that you want to restore, and then click Next.
5.
On the Completing the Backup or Restore Wizard page, review the settings. If you want to change the location to which the backup is restored or how the existing files that you are backing up are handled, click Advanced.
1. On the Where to Restore page, you can change the location to which your files are restored, or you can choose to have your files restored to a single folder.
2. On the How to Restore page, you can choose what to do with the versions of the files that already exist on your computer.
3. On the Advanced Restore Options page, if you chose to restore to the original location on the Where to restore page, ensure that the Restore junction points, but not the folders and the file data they reference check box is selected. If you chose to save to a different location, ensure that the check box is not selected.
Note
Do recover files through a Remote Desktop session.
To reissue CALs to the same server
1.
Click Start, point to Administrative Tools, and then click Licensing.
Details about the currently installed CALs appear in the details pane.
2.
In the details pane, click Add Client Licenses to open the Add License Wizard, and then follow the wizard instructions.
3.
On the Contact Method page, select whether you will use the Internet or the telephone to reissue licenses.
4.
After completing the wizard, refresh the Licensing console to verify the successful reissue of the CALs.
Setup initialization error: Source \SQL2000_SP3a\x86\Setup\Sqlspre.ini.
Cause: You may receive this error when you try to install SQL Server 2000 Service Pack 3. It occurs when the Service Pack 3 Setup program tries to copy Setupsql.ini to the %Temp% folder, but cannot overwrite a pre-existing version of the file that is marked as read-only.
Solution: Browse to the %Temp% folder on your system drive, and either delete the pre-existing version of setupsql.ini or remove the read-only attribute. Then run SQL Server 2000 Service Pack 3 Setup again.
Troubleshooting Users and Groups
E-mail cannot be received or sent.
Cause: A user account has reached the assigned Exchange mailbox size limit.
Solution: Save e-mail messages in a local folder on the client computer. If this problem occurs often, consider increasing the mailbox size for the user account.
Files cannot be saved to shared folders on the server.
Cause: The user account has reached the assigned disk quota limit.
Solution: Save files in a local folder on the client computer. If this problem occurs often, consider increasing the disk quota for the user account.
Password cannot be changed.
Cause: The user account password does not comply with a password policy configured by the administrator.
Solution: Create a new password that complies with the password policies configured by the administrator.
User cannot connect remotely to a computer running Windows XP Professional.
Cause: The user does not have permissions to log on by using Remote Desktop.
Solution: Assign the user permissions to use Remote Desktop.
Note
To complete the following procedure, you must be logged on as a member of the Domain Admins security group.
To assign user permissions to use Remote Desktop
1.
On a computer running Windows Small Business Server 2003, click Start, and then click Server Management.
2.
In the console tree, click Users.
3.
In the details pane, right-click the user account that requires permissions to log on to Terminal Services, and then click Change User Properties.
4.
On the User Properties page, click the Terminal Services Profile tab.
5.
Check the Allow to log on to Terminal Server check box.
Cause: The client computer running Windows XP Professional is not configured to allow Terminal Services connections.
Solution: Configure the client computer running Windows XP Professional to use Remote Desktop.
Note
To complete the following procedure, you must be logged on as a member of the Domain Admins security group.
To configure the client computer running Windows XP Professional to use Remote Desktop
1.
On the client computer, click Start, point to Settings, click Control Panel, and then click System.
2.
On the Remote tab, under Remote Desktop, click Select Remote Users.
3.
In the Remote Desktop Users dialog box, click Add.
4.
In the Select Users dialog box, click Locations to specify the search location.
5.
To specify the types of objects that you want to search for, click Object Types.
6.
In Enter the object names to select, type the names of the objects that you want to search for.
7.
Click Check Names.
8.
When the name is located, click OK. The name appears in the list of users in the Remote Desktop Users dialog box.
User account is locked out.
Cause: There may be too many failed logon attempts.
Solution: Unlock the user account.
Note
To complete the following procedure, you must be logged on as a member of the Domain Admins security group.
To unlock a user account
1.
On a computer running Windows Small Business Server 2003, click Start, and then click Server Management.
2.
In the console tree, click Users.
3.
In the details pane, right-click the user account that is locked out, and then click Properties.
4.
On the User Properties page, click the Account tab.
5.
Clear the Account is locked out check box to unlock the account.
Application with service account fails.
Cause: Service account passwords have been changed but automatic logon properties have not been updated to use the new passwords. Windows Small Business Server does not automatically propagate password changes to all applications that use the service account.
Solution: Update the service accounts and passwords used with a particular application by running Windows Small Business Server Setup again.
New user cannot log on or access e-mail.
Cause: A new user attempts to log on or access network resources immediately after the account is created and before Active Directory has had time to update. A delay can occur between the time a user account is created and when Active Directory recognizes the user account.
Solution: Wait fifteen minutes and try again.
Windows Small Business Server 2003 displays a GUID instead of a user name for an e-mail address.
Cause: This problem can occur if a user account name contains Unicode characters.
Solution: Use the Active Directory Users and Computers snap-in to change the SMTP e-mail address for the account.
To change the SMTP e-mail address for a user account
1.
Click Start, and then click Server Management.
2.
In the console tree, double-click Advanced Management, double-click Active Directory Users and Computers, double-click your server name, and then locate the account in either the Builtin or Users folder.
3.
Right-click the account, click Properties, and then click the E-mail Addresses tab.
4.
Under E-mail addresses, select the SMTP e-mail address to be changed, and then click Edit.
5.
In the E-mail address text box, replace the GUID with the correct e-mail alias, and then click OK.
6.
Click the Exchange General tab.
7.
In the Alias text box, replace the GUID with the correct e-mail alias, and then click OK twice to save your settings.
Troubleshooting Client Computers
I received the error, "This Service Pack requires the machine to be on AC Power before setup starts…" when I install Service Pack 2 for Windows XP.
The Setup program for Windows XP Service Pack 2 (SP2) requires that your computer uses AC power. If the battery power runs out during installation, the update cannot be completed. If this occurs, you might not be able to restore the operating system to its previous state.
Solution: To resolve this issue, connect your computer to an AC power source, such as an electrical outlet, and then run Setup.
For more information about this issue, see Article 883609, "This Service Pack requires the machine to be on AC Power before setup starts," at the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkID=70662).
After migrating user profiles, users cannot access redirected folders.
Cause: If you made user profiles private, administrative credentials were removed from user folders on the client computer. Users need these credentials to access folders that are redirected to the server. After you migrate private user profiles (which include redirected folders), users may be unable to access their folders.
Solution: Manually restore access to user folders on the client computer.
To restore access to user folders on the client computer
1.
Log on to the client computer.
2.
Click Start, click Control Panel, and then click Performance and Maintenance.
3.
Click Administrative Tools, and then double-click Event Viewer.
4.
Under Event Viewer (Local), double-click Application.
5.
Search for an event with the type listed as Error and the source listed as Folder Redirection, and double-click that event.
6.
Note the source and destination directory listed in the event description.
Note
To complete the next part of this procedure, you must be logged on as a member of the Domain Admins security group.
1. Click Start, right-click My Computer, click Explore, and then browse to the user folder in the location you noted in step 6.
2. Right-click the folder, click Sharing and Security, click the Permissions tab, and verify that the user's name does not appear.
If the folder is empty, delete it.
Note
To perform the next part of this procedure, the user whose profile you are redirecting must be a member of the Local Admins security group on the client computer.
1. Click Start, right-click My Computer, click Explore, and then browse to the user folder in the location you noted in step 5 of the first procedure.
2. Right-click the folder, and then click Sharing and Security.
3. On the Security tab, click Advanced.
4. On the Owner tab, click the user name in the Change owner to box, and then select the Replace owner on subcontainers and objects check box.
5. Click Apply.
6. On the Permissions tab, verify that the user whose profile you want to redirect appears in the list under Permission entries. If the user's name does not appear, click Add, type the user name under Enter the object name to select, and then click Check Names.
7. Click OK.
8. Click Apply, and then click OK. The Permission Entry page appears.
9. Select the Full Control check box, and then click OK.
10. Click OK, and then click OK again.
11. Log off, and then log back on to the client computer.
I received an error stating that Client Setup cannot migrate private user settings.
Cause: This error occurs when one or more of the subfolders in a user's profile have been made private. This means that permissions giving other users access to the folders have been removed.
Solution: Manually configure the client computer to remove the restrictions that are preventing the migration.
If the client computer is running Windows XP Professional, make sure that the profile that did not migrate is configured as a "public" profile.
To configure the user profile as a "public" profile
1.
Click Start, and then click My Computer.
2.
Double-click the drive where Windows is installed (usually drive C:, unless you have more than one drive on your computer).
3.
Double-click the Documents and Settings folder.
4.
Right-click the user folder that did not migrate, and then click Sharing and Security.
5.
Select the Make this Folder Private check box, and then click OK.
6.
If this setting does not appear in the Properties dialog box, perform step 6, and then follow the instructions for client computers running Windows 2000 Professional.
7.
On the View tab, under Advanced settings, make sure Use simple file sharing (Recommended) is selected, and then click OK.
If the client computer is running Windows 2000 Professional, log on to the client computer as the user with the profile that did not migrate, and then grant the Administrators group full control over the profile folder and all subfolders.
To grant the Administrators group full control of the profile folder and all subfolders
1.
Click Start, and then click My Computer.
2.
Double-click the drive where Windows is installed (usually drive C:, unless you have more than one drive on your computer).
3.
Double-click the Documents and Settings folder.
4.
Right-click the user folder that did not migrate, click Properties, and then click the Security tab.
5.
Click Add, type Administrators in the text box, and then click OK.
6.
Under Group or user names, click the Administrators tab, select Allow for the Full Control permission, and then click OK.
7.
Repeat steps 4 through 6 for all subfolders in the user profile.
8.
Repeat steps 4 through 7 for each user folder that did not migrate.
9.
While you are logged on with the user profile that did not migrate, give the user ownership of all files in his or her profile.
To give the user ownership of all files in the user profile
1.
Right-click the user folder to be migrated, click Properties, and then click the Security tab.
2.
Click Advanced, and then click the Owner tab.
3.
In the Change owner to box, select the user that you are giving ownership to, and then click OK.
4.
Select the Replace owner on subcontainers and objects check box, and then click OK twice to save your settings.
5.
Run Client Setup again.
Note
Perform these steps for each user profile listed in the error message.
Note
If you are running Windows 2000 Professional with Service Pack 2, you must upgrade to any later version of the service pack.
Applications are missing after upgrading to Windows Small Business Server 2003.
Cause: If applications other than those available by default were installed on client computers, they will not be upgraded.
Solution: You must reinstall these applications on the computer running Windows Small Business Server 2003 and then reinstall them on client computers after the upgrade is complete. Command lines used to install these applications are stored in the registry in the following location:
HKLM\SOFTWARE\Microsoft\SmallBusinessServer\clientsetup\sbs2k_archive\Client Applications\
Caution
Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer.
After the upgrade is complete, start the Client Setup Applications Wizard and use the command lines to reinstall the applications.
To start the Client Setup Applications Wizard
1.
Click Start, and then click Server Management.
2.
In the console tree, click Client Computers. In the details pane, click Set Up Client Applications.
3.
Follow the instructions in the wizard to add client applications.
Older versions of Microsoft Office do not run on client computers that have an Office 2003 application installed.
Cause: Older versions of Office conflict with Office 2003.
Solution: To run older versions of Office, you must uninstall all versions of Office on the client computer, and then reinstall the version you want to use.
To uninstall older versions of Office from the client computer
1.
Click Start, and then click Control Panel.
2.
Click Add or Remove Programs, click each version of Office installed on the client computer, and then click Remove.
After uninstalling all versions of Office, reinstall the version that you want to use on the client computer.
The initial logon process is slow after joining the Windows Small Business Server domain.
Cause: Redirection for My Documents folder has been enabled, and a large amount of data in the My Documents folder on the client computer is synchronizing with the server.
Solution: No action is required. After the initial logon, only changes to the My Documents folder are synchronized. Synchronization does not take as long as the initial logon.
Files in the local My Documents folder are not synchronizing with the server.
Cause: Disk quotas have been exceeded.
Solution: Reduce the size of the user's My Documents folder by deleting unnecessary files or compressing files. Or, increase the quota amount.
To increase disk quotas
1.
On a computer running Windows Small Business Server 2003, click Start, and then click My Computer.
2.
Right-click the volume for which you want to modify quota values, and then click Properties.
3.
On the Quota tab, click Quota Entries.
4.
Click the entries for the users whose options you want to modify, and on the Quota menu, click Properties.
5.
In the Quota Settings dialog box, do one of the following:
* To track disk space usage without limiting disk space, click Do not limit disk usage.
* To limit disk space, click Limit disk space to. Type a numeric value, and select a disk space limit unit from the drop-down list. You can use decimal values, for example, 20.5 megabytes (MB).
Note
If the volume is not formatted with the NTFS file system, or if you are not a member of the Administrators group, the Quota tab is not displayed in the volume's Properties dialog box.
I received an error stating that Client Setup cannot migrate private user settings.
Cause: This error occurs when one or more of the subfolders in a user's profile have been made private. This means that permissions giving other users access to the folders have been removed.
Solution: Manually configure the client computer to remove the restrictions that are preventing the migration.
If the client computer is running Windows XP Professional, make sure that simple file sharing is enabled on the computer, and then follow the steps outlined in the error message.
To enable simple file sharing on a client computer running Windows XP Professional
1.
Click Start, and then click Control Panel.
2.
Double-click Folder Options.
3.
On the View tab, under Advanced settings, make sure Use simple file sharing (Recommended) is selected, and then click OK.
If the client computer is running Windows 2000 Professional, log on to the client computer as the user with the profile that did not migrate, and then grant the Administrators group full control over the profile folder and all subfolders.
To grant the Administrators group full control of the profile folder and all subfolders
1.
Click Start, and then click My Computer.
2.
Double-click the drive where Windows is installed (usually drive C:, unless you have more than one drive on your computer).
3.
Double-click the Documents and Settings folder.
4.
Right-click the user folder that did not migrate, click Properties, and then click the Security tab.
5.
Click Add, type Administrators in the text box, and then click OK.
6.
Under Group or user names, click the Administrators tab, select Allow for the Full Control permission, and then click OK.
7.
Repeat steps 4 through 6 for all subfolders in the user profile.
8.
Repeat steps 4 through 7 for each user folder that did not migrate.
9.
While you are logged on with the user profile that did not migrate, give the user ownership of all files in his or her profile.
To give the user ownership of all files in the user profile
1.
Right-click the user folder to be migrated, click Properties, and then click the Security tab.
2.
Click Advanced, and then click the Owner tab.
3.
In the Change owner to box, select the user that you are giving ownership to, and then click OK.
4.
Select the Replace owner on subcontainers and objects check box, and then click OK twice to save your settings.
5.
Run Client Setup again.
Note
Perform these steps for each user profile listed in the error message.
Note
If you are running Windows 2000 Professional with Service Pack 2, you must upgrade to any later version of the service pack.
Troubleshooting Windows Vista on your Network
The following are known issues for troubleshooting Windows Vista. They are listed in "Using Windows Vista and Outlook 2007 in a Windows Small Business Server 2003 Network " at the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkID=77626).
Troubleshooting Windows Vista Client Setup
Not all applications that are selected in the Windows Small Business Server Client Setup tools are installed on Windows Vista
I received an error stating that Client Setup does not configure client computers that are running this version of Windows
The logon screen shows "Other User" when the computer restarts after joining the Windows Small Business Server domain during client setup
I receive an error about multiple network adapters when I use Connect Computer to join a client to the domain, even though there is only one network adapter
Troubleshooting upgrades of Windows XP to Windows Vista
While upgrading Windows XP to Windows Vista, I receive a compatibility warning saying that the current ActiveSync version does not work with Windows Vista
The Group Policy settings for Windows Vista Firewall are not applied after I upgrade a client computer from Windows XP to Windows Vista
The CompanyWeb link that is listed in my computer’s network locations after I upgrade a client computer from Windows XP to Windows Vista is broken
The "Connect to Small Business Server" shortcut does not work after I upgrade a client computer from Windows XP to Windows Vista
I can no longer send a fax after I upgrade a client computer from Windows XP to Windows Vista
Troubleshooting E-mail in Windows Vista
Outlook cannot synchronize with the Exchange mailbox on the server
Troubleshooting Remote Connections in Windows Vista
I received an error stating that "Automation server can not create object" when trying to offer Remote Assistance to a client computer
I cannot deploy Connection Manager using the Setup Configuration Wizard on computers
I get an error message about a self-signed certificate when I browse to Remote Web Workplace from a computer that is running Windows Vista and that is not joined to the Windows Small Business Server domain
Troubleshooting Printers and Faxes
I see the shared printer in Windows Vista, even though I deleted the shared printer from the server
I deployed a printer to my x64 client computer, but the printer does not appear in the Printers list
I changed the name of the shared printer, but the original printer still appears on my computer that is running Windows Vista
I deployed a printer on Windows Vista but it does not appear in the printer folder
I get an error message saying "To use the shared printer, you need to install a printer driver on this computer …"
I cannot send faxes by using Microsoft Outlook on a 64-bit edition of Windows Vista
I can no longer send fax after upgrading from Windows XP to Windows Vista Enterprise
Miscellaneous
When I try to install the ISA Server 2004 hotfix on the server, I receive an error stating that Windows Installer cannot install the upgrade patch because the program to be upgraded may be missing
The list of user profiles on a client computer says "None"
The Windows Firewall settings list some applications twice, and one of the duplicated listings has its check box selected and is grayed out
Troubleshooting Mobile Devices
ActiveSync cannot be installed when a mobile device is connected to the client computer.
Cause: If a mobile device is connected to the client computer, ActiveSync cannot be completely installed.
Solution: Disconnect the mobile device from the client computer, log off, log on again, and then reinstall ActiveSync.
For more information, open Help and Support and search for "To connect a mobile device by using a cradle or cable."
Pocket PC 2003 is not automatically configured to synchronize with the server.
Cause: The server is configured to connect to the Internet using a dialup connection instead of a broadband connection.
Solution: Configure the Pocket PC 2003 using the instructions that came with your device, and manually configure it to synchronize with the server. You must also disable Secure Sockets Layer (SSL) on the mobile device.
Note
Before beginning the following procedure, obtain the server's fully qualified internal computer name and NetBios domain name.
To disable SSL on the mobile device
1.
Click Start, and then open ActiveSync.
2.
Click Tools, and then click Options.
3.
Click the Server tab, and then clear the This server uses an SSL connection check box.
Important
Disabling SSL means that you will send user name and password information over the network. Ensure that you have enabled Wired Equivalent Privacy (WEP) encryption on your wireless LAN.
After running the Get Connected Wizard and selecting "Synchronize with this desktop computer," my mobile device is not synching with my Inbox, calendar or contacts.
Cause: This problem can occur if any of the following conditions are true:
* The server is not connected to the Internet.
* The server is connected to the Internet using a dial-up connection.
* The user has configured ActiveSync to synchronize the mobile device with the server.
Solution: Manually configure ActiveSync to synchronize with the desktop computer.
To manually configure ActiveSync to synchronize with the desktop computer
1.
Plug the mobile device into the cradle.
2.
On the desktop computer, click Start, click All Programs, and then click Microsoft ActiveSync.
3.
Click Tools, and then click Options.
4.
On the Sync Options tab, clear the Enable synchronize with a server check box.
5.
When prompted to remove all synchronized data using ActiveSync, click OK.
6.
Select the Inbox, Calendar and Contacts check boxes, and then click OK.
The device then synchronizes with the desktop computer.
Note
The Routing and Remote Access (RRAS) Wizard configures mobile devices to synchronize with the server by default. Each time you run the RRAS Wizard, you must use the preceding steps to configure mobile devices to synchronize with the desktop computer.
Using a hardware router prevents synchronization when the mobile device is cradled.
Cause: If the server is configured with a single network card and a hardware firewall, routers that have built-in IP spoofing protection do not allow internal client computers to connect to the external domain.
Solution: Consult with your hardware provider for updated firmware for your specific device. As an alternative, you can add a DNS zone to bypass IP spoofing by some hardware routers.
To add a DNS zone
1.
Click Start, click Run, and then type dnsmgmt.msc. The DNS Management Console appears.
2.
Double-click your server name in the console tree.
3.
In the details pane, right-click Forward Lookup Zone, and then click New Zone. The New Zone Wizard appears. Click Next.
4.
On the Zone Type page, select Primary Zone, clear the Store the zone in Active Directory (available only if DNS Server is a domain controller) check box, and then click Next.
5.
On the Zone Name page, in the Zone Name box, type the fully qualified domain name of your external domain (for example, www.externaldomainname.com), and then click Next.
6.
On the Zone Files page, click Next.
7.
On the Dynamic Update page, select Do not allow dynamic updates, and then click Next.
8.
Click Finish to close the New Zone Wizard.
9.
Right-click the new zone in the DNS Management Console details pane, and then click New Host (A). The New Host dialog box appears.
10.
Leave the Name field empty. In the IP address box, type the Server Local Area IP address, and then click Add Host.
11.
Click OK, and then click Done to close the New Host dialog box.
The initial synchronization of the mobile device failed.
Cause: ActiveSync cannot create Microsoft Office Outlook 2003 profiles. If the user starts ActiveSync before running Outlook 2003, the user receives an error message stating that the profile cannot be found.
Solution: Connect the mobile device by using the cradle or cable, open Outlook, and then reconnect the mobile device.
The user cannot browse the Internet when the mobile device is connected using the cradle or cable (applies only if Internet Security and Acceleration Server 2000 is installed).
Cause: If you connect the mobile device by using a cradle or cable, you are considered anonymous when browsing the Internet. If ISA Server is installed on the computer running Windows Small Business Server 2003, anonymous browsing is not allowed.
Solution: Follow the instructions for Microsoft Pocket PC Phone Edition 2002, Microsoft Pocket PC Phone Edition 2003, or Microsoft SmartPhone 2003, and then follow the instructions to configure ActiveSync settings.
To configure connection settings for Microsoft Pocket PC 2003 or Microsoft Pocket PC Phone Edition 2003
1.
On the mobile device, click Start, and then click Settings.
2.
On the Connections tab, click Connections.
3.
Click Set up my proxy server.
4.
On the Proxy settings tab, check the This network connects to the Internet box, and then check the This network uses a proxy server to connect to the Internet box.
5.
Type the proxy server name, and then click Advanced.
6.
In the Port box, type 8080.
7.
Click OK, and then click OK again.
To configure connection settings for Microsoft SmartPhone 2003
1.
On the mobile device, select Start, select Settings, and then select Date connections.
2.
Select Menu, select Edit Connections, and then select Proxy Connections.
3.
Select Menu, and then select Add.
4.
In the Connects From box, select Work. In the Connects To box, select The Internet.
5.
In the Proxy (name:port) box, type the server name and port, using the following format:
6.
ServerName :8080
7.
Type your user name and password, and then select Done.
To configure connection settings for Microsoft Pocket PC Phone Edition 2002
1.
On the mobile device, click Start, and then click Settings.
2.
On the Connections tab, click Connections.
3.
Under Work Settings, click Modify.
4.
On the Proxy settings tab, check the This network connects to the Internet box, and then check the This network uses a proxy server to connect to the Internet box.
5.
Type the proxy server name, and then click Advanced.
6.
In the Port box, type 8080.
7.
Click OK, and then click OK again.
To configure ActiveSync settings
1.
On the client computer, click Start, point to All Programs, and then click Microsoft ActiveSync.
2.
On the Tools menu, click Options, and then click the Rules tab.
3.
In the Connection box (under Pass Through), click the down arrow, and then click Work.
The first time that you use the device to browse the Internet, you are prompted for a user name and password. Type a user name that is a member of the Windows Small Business Server Internet Users group, and save the password so that ActiveSync can synchronize with the server.
Note
If you still cannot browse the Internet, see the person responsible for your network to ensure that you have the correct permissions.
A connection cannot be established between the mobile device and the client computer.
Cause: There is a universal serial bus (USB) connection error.
Solution: Upgrade to the latest version of ActiveSync. If the user is already using the latest version, remove the mobile device from the cradle (or disconnect the cable), turn the device off and then back on, and then reconnect it.
The mobile device cannot be synchronized when connected using a cradle or cable.
Cause: The Pass Through option is not configured correctly in ActiveSync.
Solution: Configure the Pass Through option.
To configure the Pass Through option
1.
On the client computer, click Start, point to All Programs, and then click Microsoft ActiveSync.
2.
On the Tools menu, click Options, and then click the Rules tab.
3.
In the Connection box (under Pass Through), click the down arrow, and then click Internet.
For more information, see Microsoft ActiveSync Help. To open ActiveSync Help, click Start, point to All Programs, click Microsoft ActiveSync, and then click Help.
Outlook Mobile Access with Secure Sockets Layer (SSL) does not work on a SmartPhone 2002, PocketPC 2002, or Wireless Application Protocol (WAP) 2.0 phone.
Cause: Some of these devices are not supported using the Windows Small Business Server unsigned certificate.
Solution: Purchase a signed certificate from a trusted certification authority (CA) for the server to support these devices.
Other considerations for troubleshooting mobile devices.
If you continue to have a problem using your mobile device, consider the following questions:
* Does your mobile device have sufficient signal strength?
* Can you browse to other internal or external Web sites?
* Have you tried turning off the device and then turning it back on?
* Does your mobile device synchronize when connected to the server?
* Have you allowed access to the Outlook Mobile Access Web service from the Internet using the Configure E-mail and Internet Connection Wizard?
* Are you using an external router? Are ports 80 and 443 open and pointed to the server?
* Have you tried reconfiguring your mobile device?
To reconfigure your mobile device
1.
On the client computer, click Start, point to All Programs, and then click Microsoft ActiveSync.
2.
Connect the mobile device to the client computer by using the cradle or cable included with the device.
3.
Click Start, and then click All Programs.
4.
Click Small Business Server Tools, and then click Configure Mobile Device.
The device will be reconfigured with the original Windows Small Business Server settings, and users will be able to synchronize with the server within a few seconds.
Note
The mobile device configuration program is at the following location:
Program Files/Windows Small Business Server/Clients/SBSMobConfig.exe
For more information, open Help and Support and search for "To allow access to Web services on the server.
Troubleshooting E-mail
I cannot see my deleted mailbox item when I try to recover it by using the Recover Deleted Items option on the Tools menu in Outlook.
Cause: You may not have selected the folder or the parent folder from where the item was permanently deleted.
Solution: If you are recovering a permanently deleted mail item, ensure that you select the folder from which the mail was deleted. For example, if you have a subfolder in your Inbox named Meeting Minutes, you must select the Meeting Minutes folder before you choose the Recover Deleted Items option on the Tools menu.
If you are recovering a deleted folder, ensure that you select the parent folder of the deleted folder. For example, if you permanently deleted a subfolder named Meeting Minutes from your Inbox, you must select the Inbox folder before you choose the Recover Deleted Items option on the Tools menu.
Note
You cannot recover a permanently deleted item if the retention time for permanently deleted items has elapsed. The default retention time is 30 days. An administrator can run the Backup Configuration Wizard to change the retention time or to turn it off.
The Recover Deleted Items option is disabled on a Windows XP-based client computer.
Cause: There are two possible causes. First, you may be using Outlook over the Internet (which is also called "RPC over HTTP") to check your e-mail. Second, you may have manually joined the Windows XP-based client computer t o the Windows Small Business Server network. If you did, then you bypassed Windows Small Business Server Client Setup, which enables the Recover Deleted Items option in Outlook.
Solution: You must manually enable the Recover Deleted Items option.
Note
You must log in as an Administrator of the client computer to complete the following procedure.
To manually enable the Recover Deleted Items option
1.
On the client computer, exit Outlook.
2.
Click Start, click Run, and then in the Open text box, type regedit.
Caution
Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer.
3.
Browse to HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Exchange\ Client\ Options.
4.
From the Edit menu, click New, and then click DWORD Value.
5.
Type the name DumpsterAlwaysOn.
Note
Do not type any spaces in the name.
6.
Double-click DumpsterAlwaysOn, and then in the Value Data field, type 1.
7.
Restart Outlook.
I have more than one e-mail domain name, and the E-mail Domain page of the Configure E-mail and Internet Connection Wizard allows me to enter only one of the domain names.
Cause: The Configure E-mail and Internet Connection Wizard can configure reply-to addresses for only one e-mail domain on the E-mail Domain page.
Solution: Use one of the e-mail domain names when you run the wizard. Then, you can create a custom recipient policy in Exchange Server 2003 for a second e-mail domain. The custom recipient policy creates the appropriate e-mail addresses for users in the second e-mail domain.
For more information, search for "Create a New Recipient Policy" in Exchange server Help. To access Exchange server Help, click Start, click Server Management, and then press F1.
Unsolicited e-mail is being delivered to Exchange server mailboxes.
Cause: Connection filtering is not configured on your Exchange server.
Solution: Exchange 2003 supports connection filtering based on block lists, which are lists that can be queried by your Exchange server to identify verified spam sources. Connection filtering uses external services that list known sources of unsolicited e-mail, dial-up user account lists, and servers open for relay based on IP addresses on block lists that they maintain. Connection filtering complements third-party content filter products. You can also configure connection filtering without using a block list provider by creating global accept and deny lists of SMTP addresses from which you want to globally accept or deny all e-mail.
To configure connection filtering, you must first create and configure a connection filtering rule, and then apply it your SMTP virtual server. For more information, search for "Configure Connection Filtering" in Exchange server Help. To access Exchange server Help, click Start, click Server Management, and then press F1.
Troubleshooting Monitoring
I have received an alert notification that a user account is under attack.
Cause: A user has repeatedly tried to log on due to losing or forgetting the user account password. This alert occurs when the number of failed logons for a specific user exceeds the Account Lockout Threshold.
Solution: Reset the user account password.
Note
To complete the following procedure, you must be logged on as a member of the Domain Admins security group.
To reset a user's password
1.
Click Start, and then click Server Management.
2.
In the console tree, click Users.
3.
In the details pane, select a user account, and then click Change Password.
4.
Type and confirm the new password.
5.
Select or clear the User must change password at next logon check box, and then click OK.
Cause: An actual attack has occurred. This alert occurs when the number of failed logons for a specific user exceeds the Account Lockout Threshold.
Solution: You need to do the following if you suspect the account is under attack:
* Unplug the Internet cable from your server or router if you are certain that your network has been attacked. Open Event Viewer and view the audit logon events in the Security Events log to determine if an attack has occurred.
To open Event Viewer
1.
Click Start, and then click Server Management.
2.
In the console tree, click Monitoring.
3.
In the details pane, click View Event Logs.
* View the event log to try and determine the IP address from which the attack is originating. Contact your Internet service provider (ISP) to report or block it.
* Check for any unknown user accounts by using the Manage Users snap-in in Server Management.
* Reset the user's password.
* Reset the administrator password.
* Disable the user account until the threat of the network attack passes.
Note
To complete the following procedure, you must be logged on as a member of the Domain Admins security group.
To disable a user account
1.
Click Start, and then click Server Management.
2.
In the console tree, click Users.
3.
In the details pane, select a user account, and then click Disable Account.
Note
Disable accounts are not removed, but you cannot use them to log on or to access network resources.
* Consider setting strong password policies.
Note
To complete the following procedure, you must be logged on as a member of the Domain Admins security group.
To configure password policies
1.
Click Start, and then click Server Management.
2.
In the console tree, click Users.
3.
In the details pane, click Configure Password Policies.
4.
Select the check boxes to configure the policies you want, select when you want the policies to become effective, and then click OK.
If you are still setting up the network and thus do not want the policies to be effective yet, you can choose to make them effective in a few days.
Note
This action changes the password policies used in your entire network. Enabling or changing password policies requires all users to change their passwords the next time they log on to the network.
For more information about keeping your network secure, visit the Microsoft Security and Privacy Web site (http://go.microsoft.com/fwlink/?LinkID=102).
Usage information for Internet activity cannot be viewed in the server usage reports.
Cause: You might be using a router as a firewall to access the Internet. If so, usage information for Internet activity cannot be included in the report because Windows Small Business Server 2003 is unable to monitor firewall statistics for third-party devices.
Solution: Install a second network adapter on the computer running Windows Small Business Server 2003, and then enable the Routing and Remote Access service as the firewall on the server by using the Configure E-mail and Internet Connection Wizard.
Cause: You might be using the Internet Security and Acceleration (ISA) Server firewall to access the Internet. Windows Small Business Server 2003 is unable to monitor firewall statistics for ISA Server.
Solution: Configure ISA Server for monitoring and reporting. For more information about configuring ISA Server for monitoring and reporting, search for "Configure monitoring and reporting" in the ISA Server Help. To access ISA Server Help, click Start, click Server Management, and then press F1.
I am not receiving server performance or usage reports in Outlook Express.
Cause: By default, Outlook Express blocks certain file attachments in e-mail to prevent you from opening potentially harmful attachments. As a result, you may not be able to open server performance or usage reports.
Solution: Configure Outlook Express to allow attachments.
To configure Outlook Express to allow attachments
1.
Open Outlook Express.
2.
On the Tools menu, click Options.
3.
On the Security tab, clear the Do not allow attachments to be saved or opened that could potentially be a virus check box, and then click OK.
Note
E-mail attachments can contain viruses. It is recommended that you open files sent by a reliable source only and that you use antivirus software to scan files received in e-mail.
Server performance or usage report does not contain all selected log files.
Cause: If a selected log file has not changed since the last time it was attached to a server performance or usage report, or if no new files exist for applications that generate multiple log files (such as Internet Information Services), the server performance or usage report will not contain attachments for those selections.
Solution: No action is required. To review the latest version of a selected log file, open the file attachment from the previously delivered server performance or usage report.
Services set to start automatically stop running.
Cause: When configured to start automatically, a small number of services may stop running if they are not performing any tasks. When this happens, these services are reported in the server performance report as not running. This is known to occur with the following services:
* Fax
* Performance Logs and Alerts
* Removable Storage
Solution: The noted services are designed to stop running when they are not being used. If you do not want these services to be reported in the server performance report when they are not running, you can change the Startup type for the service to Manual.
To change the startup type for a service to Manual
1.
Click Start, and then click Server Management.
2.
In the console tree, click Monitoring and Reporting, and then click View Services.
3.
In the details pane, right-click the service that you want to change, and then click Properties.
4.
For Startup type, select Manual, and then click OK.
For more information, open Help and Support and search for "Monitoring overview."
Monitoring alerts are not being delivered.
Cause: After a Health Monitor configuration is imported using the Import Health Monitor Configuration Wizard, imported actions may not run as expected. This problem can occur when settings for imported actions remain associated with the computer from which they were exported. For example, the SMTP server specified for e-mail actions could be inaccurate, or an inaccurate file path could be specified for script actions.
Solution: Review the settings for the imported actions and make changes as necessary.
To view the imported actions
1.
Click Start, point to Administrative Tools, and then click Health Monitor.
2.
In the console tree, click Actions.
3.
In the details pane, right-click an action, and then click Properties.
4.
Review the settings on each tab, and modify as necessary.
5.
Repeat steps 3 and 4 for each action.
For more information, open Help and Support, and then search for "To update settings for an imported Health Monitor configuration."
Troubleshooting Backup and Restore
The server locks down, reporting Event ID 21192 and the error message, "The ISA Server Web filter was unable to connect to MSDE database...."
Cause: If your server is running Internet Security and Acceleration (ISA) Server, then at midnight ISA Server creates a new MSDE instance to store the next day's logging information for the Web and proxy traffic. If a backup is also a scheduled to begin at midnight, there is a conflict between the ISA Server MSDE instance and the backup process, and this conflict causes the server to lock down.
Solution: To exit the lockdown, restart the Microsoft Firewall service.
To restart the Microsoft Firewall service
1.
Click Start, point to Administrative Tools, and then click Services.
2.
In the list of services, right-click the Microsoft Firewall service, and then click Properties.
3.
Ensure that the Startup type is set to Automatic.
4.
In Services status, click Start, and then click OK.
To prevent this issue in the future, schedule the server backup to start at either 11:30 P.M. or 12:30 A.M. This ensures that there is no conflict between the ISA Server MSDE instance and the backup process.
To modify the Backup schedule settings
1.
Click Start, and then click Server Management.
2.
In the Admin Console, in Standard Management, click Backup.
3.
In the details pane, click Modify the Backup Schedule. The Backup Configuration Wizard starts.
4.
On the Define Backup Schedule page, in the Start Backup at list box, choose either 11:30 P.M. or 12:30 A.M. or later.
Quarantined virus files are not backed up, and your backup reports a failed status.
Cause: If the quarantine folder for your antivirus software is saved to a volume that is protected by a previous version of Volume Shadow Copy service, then the shadow copy captures the quarantine folder. As a result, the shadow copy includes viruses.
Solution: You can either use the antivirus software to move the quarantine folder to a volume that is not protected by Volume Shadow Copy service or configure the anti-virus application to delete infected files instead of having them quarantined.
For more information about resolving this issue, if you are using TREND Micro, Inc. antivirus software on your server, see Article 888035, “Quarantined virus files are skipped and your backup reports a failed status on your Windows Small Business Server 2003-based computer” at the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkID=70319).
I do not have a backup copy of the mailbox database on my server.
Cause: You have not configured a back up solution for your mailbox database.
Solution: Use the recovery storage group feature in Exchange Server 2003 to create a backup copy of the Exchange mailbox database on the server. You can do this while the original database is still running and serving client computers. For information about how to create a backup copy of the Exchange mailbox database on the server, see "Using Microsoft Exchange Server 2003 Recovery Storage Groups" at the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkID=70663).
The NTBackup log is blank.
Cause: NTBackup.exe is being manually ended from the Task Manager, or NTBackup.exe encountered an error during launch.
Solution: Run NTBackup manually, and load the Small Business Backup Script.
To run NTBackup manually and load the script
1.
Click Start, click Run, type ntbackup, and then press Enter. The Backup or Restore Wizard launches.
2.
On the Welcome to the Backup or Restore Wizard page, click Advanced Mode.
3.
Click the Backup tab.
4.
From the Job menu, choose Load Selections.
5.
In the File Name box type %sbsprogramdir%\backup.
6.
Click Small Business Backup Script.bks to select, and click Open.
7.
On the Backup tab, click Start Backup.
If the backup succeeds, run the Windows Small Business Server Backup Configuration Wizard from the Backup taskpad in Server Management. If the problem persists, click Start, click Server Management, click the Information Center link, and then click either Community Website or Technical Support to get information about the problem.
If the backup fails, consult the error message for further information about the problem.
Backup fails, reporting "'Script.bks' file not found."
Cause: The Exchange Information Store is not running.
Solution: Start the Exchange Information Store.
To start the Exchange Information Store
1.
Click Start, click Run, and then type Services.msc.
2.
In the details pane, right-click Microsoft Exchange Information Store, and then click Start.
Cause:
* A folder explicitly marked to be included in the backup is not on the system.
* The Small Business Backup Script has been deleted or is corrupted.
* The UNC path you are backing up to does not exist or is inaccessible.
Solution: Re-run the Backup Configuration Wizard from the Backup snap-in in Server Management, accepting the defaults to reset.
Redirection of My Documents failed.
Cause: Certain files cannot be made available offline. Files with the following extensions cannot be made available offline:
* .db*
* .ldb
* .mdb
* .mde
* .mdw
* .pst
* .slm
When you have configured users' My Documents folders to be redirected to the server, files with these extensions are saved to the server only, and they are not saved at logon or logoff to the client computer.
The following error message appears if you try to synchronize these types of files:
"Warnings occurred while Windows was synchronizing your data. Results: Offline files.Unable to make file name available offline. Files of this type cannot be made available offline."
For more information about this issue, see article 252509, "Error Message: Files of This Type Cannot Be Made Available Offline," in the Microsoft Knowledge Base.
Solution: If you have a file that cannot be made available offline and you want to avoid seeing this message at logoff and logon, you can perform one of the following actions:
* Move the files that cannot be made available offline out of the My Documents folder and in to a shared folder on the server.
* Disable offline files.
In both of these instances, a file that cannot be made available offline will be unavailable if the server becomes unavailable. However, it will be included in the backup of the server by default. If you disable offline folders, none of your files, regardless of whether they can be made available offline, will be available if the server becomes unavailable.
To disable offline files
1.
In Windows Explorer, click Tools, and then click Folder Options.
2.
On the Offline Files tab, clear the Enable Offline Files check box.
Volume Shadow Copy Services fails, reporting error number 800xxxxx.
There are several causes for Volume Shadow Copy Services failure. They are listed in order of probability:
* Low disk space on a drive with Volume Shadow Copies Services enabled.
* The disk is highly fragmented.
* SQL Server 2000 is installed and one or more databases have a recovery model that is not set to Simple. Windows Small Business Server 2003 Backup can back up a database only if its recovery model is set to Simple.
* An Event Log is larger than 64 megabytes (MB).
* Directory Service Access auditing is enabled.
Use the information in the following sections to determine which of these issues is causing Volume Shadow Copy Services to fail and to correct the failure.
Cause: Low disk space on a drive with Volume Shadow Copies Services enabled.
Solution: Increase the space available on the system drive and on the drive with previous versions (Volume Shadow Copy Services) enabled.
To verify that a drive with Volume Shadow Copies Services enabled has low disk space
1.
Click Start, and then click My Computer.
2.
Click the Shadow Copies tab.
3.
Click the volume that has Shadow Copies enabled, and then click Settings.
4.
In the Storage Area dialog box, click Details, and compare the Used and Maximum Size columns to determine whether disk space is low.
Cause: The disk is highly fragmented.
Solution: Defragment all system hard disks.
Cause: SQL Server 2000 is installed and one or more databases have a recovery model that is not set to Simple. Windows Small Business Server 2003 Backup cannot back up this type of database.
Solution: Set the SQL Server 2000 database recovery model to Simple.
To set the SQL Server 2000 database recovery model to Simple
1.
Open SQL Server Enterprise Manager.
2.
Double-click Microsoft SQL Servers, double-click SQL Server Group, (Local), and then double-click Databases.
3.
Right click each database, choose Properties, and then on the Options tab, under Recovery, set the model to Simple.
For more information about SQL Server database recovery models, see SQL Server Help and search for "recovery model."
Cause: An Event Log is larger than 64 MB.
Solution: Reduce the size of the Event Log to a maximum of 64 MB.
Note
To complete the following procedure, you must be logged on as a member of the Domain Admins security group.
To reduce the size of the Event Log
1.
Click Start, click Administrative Tools, and then click Event Viewer.
2.
In the console tree, click any Event Log that is larger than 64 MB.
3.
On the Action menu, click Properties.
4.
On the General tab, in Maximum log size, specify a log size of 64000 kilobytes or less.
5.
To put the new setting in effect, click Clear Log.
If you want to retain the information currently in the log, click Yes when a message appears asking if you want to save the original log before clearing it, and then click OK.
Cause: Directory Service Access auditing is enabled.
Solution: Disable Directory Service access auditing.
To verify that Directory Service Access auditing is enabled
1.
Click Start, click Run, and then type rsop.msc.
2.
In the details pane, double-click Computer Configuration, double-click Windows Settings, double-click Security Settings, double-click Local Policies, and then double-click Audit Policy.
3.
In the Computer Setting column, verify that it reads either Success or Failure.
If Directory Service Access is not enabled, the entry in the Computer Setting column will read No auditing.
To disable Directory Service access auditing
1.
Click Start, and then click Server Management.
2.
In the console tree, click Advanced Management, and then click Group Policy Management.
3.
Navigate to /Forest/Domains/your domain/Domain Controllers, and then right-click Small Business Server Auditing Policy.
4.
Click Edit to open Group Policy Object Editor.
5.
In Group Policy Object editor, navigate to Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy.
6.
Double-click Audit directory service access.
7.
Clear the Success and Failure boxes if they are checked.
8.
Click Start, click Command Prompt, and then type gpupdate /Force to refresh the policy setting.
Portions of a file are not backed up.
Cause: The destination of the backup has previous versions (Volume Shadow Copy Services) enabled on it, and the allocated space for previous versions does not have enough room for the entire backup file.
Solution: Either disable previous versions (Volume Shadow Copy Services) by using the Backup Configuration Wizard or choose another destination for the backup.
Note
Backing up to a volume on which previous versions are enabled will drastically reduce the number of previous versions from which users can restore.
Backup fails, reporting "A fixed drive is not a valid drive."
Cause: A timeout occured while writing the backup file to the destination.
Solutions:
* If you are backing up to a network share, ensure the UNC path you are backing up to is always accessible.
* Ensure the drivers for the media of the backup destination are up to date. Contact the manufacturer for information about updating your drivers.
* Ensure there is no excessive activity on the device you are backing up to.
Cause: The drive you are backing up to is low on disk space.
Solution: Ensure the disk to which you are backing up has adequate disk space to hold the backup.
Backup fails, reporting "Tape media not found."
Cause: No tape is in the drive.
Solution: Put a tape in the drive.
Cause: The system does not recognize the tape drive.
Solutions:
* Ensure the tape in the drive is a tape that works with the drive.
* If the tape drive is external, ensure the power of the tape drive is on.
* Ensure that the system is detecting the tape drive.
To ensure that the system is detecting the tape drive
1.
Click Start, click Administrative Tools, and then click Computer Management.
2.
In the left pane, click Device Manager.
3.
Navigate to the tape drive and double-click it to view Device status.
4.
If the device is not working properly, click Troubleshoot to fix the problem.
* Ensure the drivers for the media of the backup destination are up to date. Contact the manufacturer for information about updating your drivers.
* Be sure the tape drive is compatible with Windows Small Business Server 2003. Consult the Windows Catalog Web site (http://go.microsoft.com/fwlink/?LinkID=16906).
Backup fails, reporting error number 8007422.
Cause: Windows Management Instrumentation needs to be started in order for Windows Small Business Server Backup to determine success or failure.
Solution: Start Windows Management Instrumentation.
To start Windows Management Instrumentation
1.
Click Start, click Run, and then type Services.msc.
2.
In the details pane, right-click Windows Management Instrumentation, and then click Start.
If the problem persists, click Start, click Server Management, click the Information Center link, and then click either Community Website or Technical Support to get information about the problem.
Backup fails, reporting "End of media encountered."
Cause: The backup does not fit on the media to which you are backing up.
Solutions:
* Reduce the size of the backup by excluding folders from the backup using the Backup Configuration Wizard.
* Purchase a backup device with larger capacity.
Cause: The destination of the backup is a hard drive formatted with the FAT file system. Drives formatted with FAT support a file size of up to 4 GB. If your backup is larger than 4 GB, it exceeds the size of the destination hard drive.
Solution: Convert the drive to the NTFS file system using convert.exe. For information about using convert.exe, see article 214579, "How to Use Convert.exe to Convert a Partition to the NTFS File System," in the Microsoft Knowledge Base.
Cause: The backup does not fit on the hard drive to which you are backing up.
Solution: Increase the amount of space available on the drive for the backup.
Backup fails, reporting "An inconsistency was encountered."
Cause: You are backing up to a UNC path on the local computer that is currently being backed up.
Solution: Use the Backup Configuration Wizard to change the destination of the backup to another location. Alternately, you can use the wizard to exclude the UNC path from the backup.
Users cannot restore files because the Previous Versions tab in the My Documents Properties dialog box is missing.
Cause: If storage allocation has been enabled for deleted files, and the location to which My Documents is redirected has recently been changed, then the regularly scheduled snapshot has not occurred.
Solution: No action is required. The Previous Versions tab will appear after the next regularly scheduled snapshot occurs. By default, snapshots are scheduled to occur at 7:00 A.M. and at noon.
Note
If you have not run Client Setup on your client computer, you might need to manually install the Shadow Copy client. To manually install the Shadow Copy client, from the client computer click Start, click Run, and then type:
\\server\ClientApps\ShadowCopy\SHADOWCOPYCLIENT.MSI
Troubleshooting Internet Access
I want to switch from using my existing DHCP server, such as a router device, to using Windows Small Business Server 2003 as my DHCP server.
Cause: You must disable the existing DHCP server, install the DHCP Server service on your computer running Windows Small Business Server 2003, and then configure the DHCP scope for your network.
Solution: Using Windows Small Business Server 2003 as your DHCP server ensures that your DHCP settings are properly configured for the local network. Not all DHCP scope options for the Windows Small Business Server network can be configured for the DHCP service of all router devices.
For information about how to install and configure DHCP on your Windows Small Business Server network, open Help and Support and search for "Installing a DHCP server."
I need to modify the phone number used by my dial-up connection to connect to the Internet.
Cause: If you use a dial-up connection to connect to the Internet, the dialing is handled by the firewall on your computer running Windows Small Business Server 2003. As a result, to change the phone number used by the dial-up connection to the Internet, you must modify the connection information in the firewall settings for your computer running Windows Small Business Server 2003.
Solution: The easiest way to change the phone number used by your dial-up connection is to run the Configure E-mail and Internet Connection Wizard and add a new dial-up connection.
Note
If you do not want to modify settings defined in the last run of the wizard for a specific component, select the option to not make changes for that component. You can then bypass the associated pages for that component.
Note
Running the Configure E-mail and Internet Connection Wizard does not require the computer running Windows Small Business Server to restart. However, users will experience a temporary loss of connectivity to the Internet while necessary services are restarted.
I am having problems connecting to the server from a client computer.
Cause: The network adapter on the client computer might be configured with a static IP address. Since the server performs network services that are dependent on the IP address of the local network adapter, using a statically assigned IP address on a client computer may result in connectivity issues with these services.
Solution: Configure the client computer to use DHCP to acquire an IP address. You must use an IP address that is within the scope of your existing firewall device.
If a router provides the DHCP service, you must configure the service for your network. For more information, see Appendix C in Getting Started.
I need to change the IP address of the network adapter that connects to the Internet from dynamically assigned to statically assigned (or vice versa).
Cause: The DHCP server at your Internet service provider (ISP) has switched from using a dynamic IP address to using a static IP address.
Solution: Reconfigure the network connection.
To reconfigure the network connection
1.
On a computer running Windows Small Business Server 2003, click Start, point to Control Panel, point to Network Connections, and then click the network connection you want to reconfigure.
2.
Double-click Internet Protocol (TCP/IP), and then modify how the IP address is assigned to the network connection.
Important
If you are using a router to connect to the Internet, you must use a static IP address for the external interface (the interface that connects to your ISP) of the router. For more information, see the router manufacturer's documentation.
Troubleshooting Your Intranet
The user is prompted for credentials when trying to access the internal Web site.
Cause: The internal Web site is based on Windows SharePoint Services. To use this site, users must be members of a Windows SharePoint Services site group. A user who is prompted for credentials does not have a site group membership.
Solution: Create user accounts based on Windows Small Business Server templates. User accounts based on these templates have permission to access the internal Web site because the templates are members of the site groups by default.
For more information, open Help and Support, and search for the topic "To add a user account."
Documents on the internal Web site cannot be saved or edited.
Cause: The client computer might be running a version of Microsoft Office that is earlier than Office XP.
Solution: Upgrade the application on the client computer to Office XP or later so that the user can save or edit documents on the internal Web site.
Search is not available on the internal Web site.
Cause: The computer running Windows Small Business Server might be running Microsoft SQL Server Data Engine (MSDE). MSDE does not support full text searches.
Solution: Upgrade MSDE to SQL Server 2000 or later and add full text search components. Evaluation and Not for Resale versions of SQL Server cannot be used to upgrade MSDE.
The logon page for Remote Web Workplace appears in search engine results on the Internet.
Cause: Components of the Internet called "Web robots" automatically search and catalog documents and pages that are published to Web sites by following hyperlinks on the various pages that have been published. You may experience this problem if you are not running Windows SBS 2003 with Service Pack 1 or Windows SBS 2003 R2.
Solution: Either install Service Pack 1 for Windows SBS 2003 or upgrade your server to Windows SBS 2003 R2. By default, both of these prevent Web robots from cataloging Web sites on your server, including WWWRoot and Remote Web Workplace.
For more information about Web robots, see the Web site (http://go.microsoft.com/fwlink/?LinkId=25134).
Troubleshooting Shared Network resources
Faxes are not being received.
Cause: If no fax errors appear in the event log and you have an external modem and the fax service is running, the modem may need to be reset.
Solution: Unplug the modem, and plug it back in to reset it.
No option to route faxes to the document library ("Route to Document Library") is visible in the Fax Configuration Wizard or the Fax Admin console.
Cause: You uninstalled and then reinstalled Fax Services using Add/Remove Windows components in Control Panel.
Solution: Uninstall Fax Services using Add/Remove Windows components in Control Panel, and then reinstall the services using the Install option in Windows Small Business Server 2003 Setup.
Note
There is no option to "Reinstall" the Fax Services in Windows Small Business Server 2003 Setup.
To uninstall and then reinstall Fax Services
1.
Click Start, point to Control Panel, click Add or Remove Programs, and then click Add/Remove Windows Components.
2.
In the Windows Components Wizard, clear the Fax Services check box.
3.
Click Finish to close the wizard.
4.
In the Add or Remove Programs dialog box, under Currently installed programs, click Microsoft Windows Small Business Server 2003, and then click Change/Remove.
5.
Follow the instructions until you reach the Component Selection page.
6.
To install Fax, under Action for the Fax Services, click the drop-down list, and then change the action to Install.
7.
Click Next to continue. Follow the instructions for completing Setup.
Users are unable to log on to the server following a virus scan
Cause: You may encounter this issue if a virus is detected in an e-mail message while running a virus scan or while using real-time virus scanning on a computer running Windows Small Business Server 2003. In some scenarios, services and applications do not function properly. Event log messages are logged for affected services.
Solution: Consider excluding some folders (such as e-mail and fax queues, and SQL databases) from real-time virus scanning. If the antivirus software has a "quarantine" feature, consider turning it off. For information about how to do this, visit the Web site of your antivirus software provider, or consult the online Help or user manual that came with the antivirus software.
Consult your antivirus software provider to determine whether they offer an update for the problem.
Note
A quarantine state indicates that at least one virus was found and that your system may be infected. Make sure you have the latest virus signature installed on the server, and then perform a thorough scan for viruses. If quarantine happens repeatedly, ensure that all computers on the network have antivirus software running.
Services or applications do not function properly after a virus scan
Cause: You may encounter this issue if a virus is detected in an e-mail message while running a virus scan or when using real-time virus scanning on a computer running Windows Small Business Server 2003. In some scenarios, services and applications do not function properly. Event log messages are logged for affected services.
Solution: Consider excluding some folders (such as e-mail and fax queues, and SQL databases) from real-time virus scanning. If the antivirus software has a "quarantine" feature, consider turning it off. For information about how to do this, visit the Web site of your antivirus software provider, or consult the online Help or user manual that came with the antivirus software.
Consult your antivirus software provider to determine whether they offer an update for the problem.
Note
A quarantine state indicates that at least one virus was found and that your system may be infected. Make sure you have the latest virus signature installed on the server, and then perform a thorough scan for viruses. If quarantine happens repeatedly, ensure that all computers on the network have antivirus software running.
Troubleshooting Remote Connections
Users receive a security alert when they try to connect to a secure Web site on the computer running Windows Small Business Server 2003.
Cause: This commonly appears after using the Configure E-mail and Internet Connection Wizard to create an unsigned certificate for the company Web sites. Because the certificate was issued by Windows Small Business Server rather than by a trusted certification authority, the server itself is not being authenticated as the server that you want to connect to.
Solutions:
* The session is still encrypted, so it is not possible for others to view information that you are sending. Users can click Yes to accept the unsigned certificate. If your company requires a higher level of security, consider purchasing a signed certificate from a trusted certification authority.
* If the Web site is being accessed from a private computer from which the site will be accessed repeatedly in the future, users can click View certificate to install the certificate into the certificate store of the client computer.
Important
For security reasons, users should not install the certificate if they are accessing the secure Web site from a public computer, such as an Internet kiosk.
Sound cannot be disabled on remote desktop connections through the Remote Web Workplace.
Cause: The Hear sounds from the remote computer on this computer option on the computer selection page cannot be disabled until the Remote Web Workplace Web site is added to the trusted sites zone in Internet Explorer. By default, sound will be played.
Solution: Add the Remote Web Workplace to the trusted sites zone in Internet Explorer.
To add the Remote Web Workplace to the trusted sites zone in Internet Explorer
1.
Click Start, and then click Internet Explorer.
2.
On the Tools menu, click Internet Options.
3.
On the Security tab, click Trusted sites, and then click Sites.
4.
Under Add this Web site to the zone, type the URL for the Remote Web Workplace, and then click Add.
5.
Click OK, and then click OK again.
Using Remote Web Workplace to connect a remote computer to a client computer results in an error message before the connection is established.
Note
The client computer you are connecting to must be running Microsoft Windows XP or later.
Cause: The client computer may not be turned on.
Solution: Verify that the client computer is powered on and connected to the Windows Small Business Server network.
Cause: Remote Desktop connections may not be enabled on the client computer.
Solution: Verify that Remote Desktop is enabled on the computer you are connecting to.
Note
To complete the following procedure, you must be logged on as a member of the Domain Admins security group.
To enable Remote Desktop
1.
Click Start, click Control Panel, click Performance and Maintenance, and then click System.
2.
On the Remote tab, select the Allow users to connect remotely to this computer check box.
3.
Ensure that you have the proper permissions to connect to your computer remotely, and then click OK. You must be an administrator or a member of the Remote Desktop Users group to connect remotely to your computer.
Verify that Remote Desktop is enabled by creating a Remote Desktop connection from another computer on the Windows Small Business Server network, and then attempting to connect to your computer. To start Remote Desktop, click Start, point to All Programs, point to Accessories, point to Communications, and then click Remote Desktop Connection.
If you are running any firewall software on the client computer, ensure that it is not blocking access to port 3389 (the port specific to Remote Desktop Connections). For more information, see the firewall manufacturer's documentation.
Cause: The remote computer may have reached the maximum number of allowed connections.
Solution: Verify that the computer you are connecting to has not reached the maximum number of allowed connections. If you are connecting to a computer running Windows XP Professional, only one user can be connected at a time. If you are connecting to an application sharing server, connections are determined by the number of client access licenses (CALs) purchased by your company. For more information, see your administrator.
Cause: Firewall settings may be blocking port 4125.
Solution: Verify that port 4125 (the port specific to the Remote Web Workplace) is open to the Internet on the computer running Windows Small Business Server. If you ran the Configure E-mail and Internet Connection Wizard, and chose to publish the Remote Web Workplace, this is configured automatically on the server. If you have a router or firewall device that does not support UPnP, you must manually configure this device to accept Internet traffic through port 4125. For more information, see the device manufacturer's documentation.
If the computer running Windows Small Business Server is running Microsoft Internet Security and Acceleration (ISA) Server, run the Configure E-mail and Internet Connection Wizard, choose to publish the Remote Web Workplace, and ISA Server will be automatically configured to allow Remote Desktop connections.
If you are connecting from a remote computer that accesses the Internet through ISA Server, the person responsible for ISA Server must create a protocol rule allowing outbound traffic through port 4125. You must also install ISA Firewall Client on the remote computer.
Verify that your Internet service provider (ISP) is not blocking Internet traffic through port 4125.
A client computer does not appear in the Computers list after you click Connect to my computer at work.
Cause: The client computer has not been joined to the Windows Small Business Server domain.
Solution: Join the client computer to the Windows Small Business Server domain.
To join the client computer to the Windows Small Business Server domain
1.
Open Internet Explorer, and type the following URL in the address bar:
https://servername/connectcomputer (where servername is the name of the computer running Windows Small Business Server 2003).
2.
Click Connect to the network now, and follow the instructions in the Network Configuration Wizard to join the client computer to the Windows Small Business Server domain.
Cause: The client computer is not running Windows XP Professional or later.
Solution: Verify that the client computer is running Windows XP Professional or later.
Cause: You are attempting to access the Remote Web Workplace from the computer you are logged on to.
Solution: Access the Remote Web Workplace from another computer.
Note
Computers running server operating systems do not appear in the list of computers you can connect to. Application sharing servers are available through the Connect to my company’s application-sharing server link.
Links appear in and disappear from the Remote Web Workplace.
Cause: Remote Web Workplace links are dynamic, and are based on Windows Small Business Server network features that are available from the Internet. Links may also be manually disabled by your network administrator for security reasons, and they may not appear if you are accessing the Remote Web Workplace from a public or shared computer that is using an earlier browser.
Solution: This behavior is by design. If a link that you regularly use disappears, contact your administrator, upgrade the browser on the public or shared computer to the latest version, or access the Remote Web Workplace from a computer that is not public or shared.
Remote Web Workplace features are inaccessible with my Web browser.
Cause: Some browsers do not support technology required by the Remote Web Workplace. This technology may include the use of unsigned certificates, ActiveX Controls (which are required for Remote Desktop sessions), and Windows Integrated Authentication (which is required for accessing Monitoring links and your company's internal Web site).
Solution: Upgrade to the latest version of the Web browser and ensure the browser supports the noted technologies.
The connection to the Remote Web Workplace is frequently interrupted or lost.
Cause: The Remote Web Workplace contains a built-in timeout feature for security reasons. When your session has been inactive for a specified period of time, you are logged off automatically. The Remote Web Workplace will timeout after 20 minutes of inactivity by default if you use the site from a public or shared computer. If the computer is not public or shared, the timeout is 120 minutes by default.
Solution: If you would prefer the 120-minute timeout, you can access the Remote Web Workplace from a computer that is not public or shared, and clear the I'm using a public or shared computer check box on the logon page.
If you need more time, contact your network administrator. The timeout values for the Remote Web Workplace can be manually configured. However, seriously consider the security implications of a longer timeout.
Cause: If you run a backup program or antivirus scan while remote users are connected to the network, Remote Web Workplace remote desktop sessions may be disconnected. If this occurs, the error message "An Internal Error has occurred" appears, and users are returned to the Remote Web Workplace computer selection page or log on page. At this point, users can log back on to the remote computer and resume work.
Solution: A supported fix is available from Microsoft. For more information, see Knowledge Base article 821438 at the Microsoft Product Support Services Web site (http://go.microsoft.com/fwlink/?LinkId=19635).
Note
As a best practice, backups and antivirus scans should be scheduled for times when users are least likely to be logged on to a remote session.
Cause: Certain Internet connection types, such as dial-up and PPoE connections, may be subject to timeouts due to inactivity.
Solution: This is by design. Contact your Internet service provider if you require a longer timeout period.
Cause: Intermittent drops in connectivity may result from wireless or faulty network connections.
Solution: Ensure that network hardware is not resetting. See your hardware vendors documentation.
The company name on the logon page is incorrect or has changed.
Cause: The name on the logon page of the Remote Web Workplace is the company name that was specified during Windows Small Business Server Setup.
Solution: You can change this name by editing the following registry entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ RegisteredOrganization
Caution
Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer.
Note
Only names of 50 characters or less are supported.
The link in the Remote Web Workplace introductory e-mail does not work.
Cause: Some e-mail programs, such as Outlook Web Access, may block links as a security precaution. Additionally, the Web site address may not be registered or immediately available.
Solution: Type the address into your Web browser's address bar, or try the link later or from a different computer. If the site still does not appear, contact your network administrator.
Troubleshooting Client Computer Licensing
Users are unable to log on to the network or access network resources
Cause: If Small Business Server 2003 cannot validate the number of installed client access licenses (CALs), the number of available licenses will be reset to five. This can occur if Active Directory is unavailable or if the license store becomes corrupt. When this happens, you will receive an error message that will also be logged to the System event log. The following error is also recorded in the Application event log:
"No license was available for user Domain\Username using product Productname. Use Licensing from the Administrative Tools folder to ensure that you have sufficient licenses."
Solution: To correct this problem, restore the CALs from a valid license store using the Restore License Wizard, or from System backup using the Backup or Restore Wizard. Alternately, you can use the Add License Wizard to reissue them.
Note
To complete the following procedures, you must be logged on as a member of the Domain Admins security group.
To restore CALs using the Restore License Wizard
1.
Click Start, point to Administrative Tools, and then click Licensing.
Details about the currently installed CALs appear in the details pane.
2.
Click Restore Licenses.
3.
Follow the instructions to specify the file name and location of the backup file from which you want to restore the CALs.
To restore CALs using the Backup or Restore Wizard
1.
Insert the correct tape into the tape drive, or connect the removable hard drive to the system
2.
Open the Backup or Restore Wizard. To do this, click Start, click Run, type ntbackup, and then click OK.
If the Backup or Restore Wizard does not recognize the backup media, the Recognizable Media Found dialog box appears. Select Allow Backup Utility.
3.
On the Backup or Restore page, select Restore files and settings.
4.
On the What to Restore page, under Items to restore, select the files or folders that you want to restore, and then click Next.
5.
On the Completing the Backup or Restore Wizard page, review the settings. If you want to change the location to which the backup is restored or how the existing files that you are backing up are handled, click Advanced.
1. On the Where to Restore page, you can change the location to which your files are restored, or you can choose to have your files restored to a single folder.
2. On the How to Restore page, you can choose what to do with the versions of the files that already exist on your computer.
3. On the Advanced Restore Options page, if you chose to restore to the original location on the Where to restore page, ensure that the Restore junction points, but not the folders and the file data they reference check box is selected. If you chose to save to a different location, ensure that the check box is not selected.
Note
Do recover files through a Remote Desktop session.
To reissue CALs to the same server
1.
Click Start, point to Administrative Tools, and then click Licensing.
Details about the currently installed CALs appear in the details pane.
2.
In the details pane, click Add Client Licenses to open the Add License Wizard, and then follow the wizard instructions.
3.
On the Contact Method page, select whether you will use the Internet or the telephone to reissue licenses.
4.
After completing the wizard, refresh the Licensing console to verify the successful reissue of the CALs.
Subscribe to:
Posts (Atom)
Posts
