×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Setup

Additional Configuration Notes by markdmac
Posted: 27 Sep 10 (Edited 12 Jan 11)

Having completed a number of SBS 2008 installations, I have been working on completing a comprehensive list of additional tasks one should perform both before and after the SBS migration.  Below is my ever expanding list of steps I feel are necessary to "really make the installation complete."


          BEFORE INSTALLATION
  • Check GPOs before anything else.

  •    This one is really important.  If the existing AD is messed up you will have problems with the migration promoting the new SBS to a DC.
      
    1. In the Active Directory Users and Computers snap-in, edit the Default Domain Controllers Policy on the Domain Controllers Organizational Unit.
    2. Double-click Computer Configuration, click Windows Settings, click Security Settings, click Local Policies, and then click User Rights Assignment.
    3. Under Enable Computer and User Accounts to be trusted for Delegation, add the appropriate account or group.
    4. Open a command prompt, and type:
      gpupdate /force
       
  • If Installing SBS on Hyper-V
    1. Use the Wizard to create the answer file.
    2. Install PowerISO on the HyperV server.
    3. Use PowerISO to create a new Floppy Drive image (IMG file)
    4. Rename the IMG file to a VFD file.
    5. Mount the VFD file via HyperV VM settings.
       
    AFTER INSTALLATION

  • Configure domain to allow Windows 7 computers to join domain via http://connect.  
    This functionality was first added with Rollup 3.  You should install whatever the latest rollup is.  At the time of this update, Rollup 4 is the latest.
    Install SBS 2008 Rollup 4
    http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB979454  
     
  • Install Exchange 2007 SP2 & SP3

  • I prefer to install Exchange SP2 and then install SP3.  Installing SP2 requires you to first create a registry key.
    1. Click Start, click Run, type regedit in the Open box, and then click OK.
    2. Locate and then click the following registry subkey:
      HKEY_LOCAL_MACHINE\Software\Microsoft\SmallBusinessServer\Exchange
      Note If the Exchange subkey does not exist, you must create it. To do this, follow these steps:
      • Right-click SmallBusinessServer, point to New on the Edit menu, and then click Key.
      • Type Exchange and then press ENTER.
    3. After you select the Exchange subkey that is specified in step 2, point to New on the Edit menu, and then click DWORD(32) Value.
    4. Type E12SP2READY, and then press ENTER.
    5. Right-click E12SP2READY, and then click Modify.
    6. In the Value data box, type 1, and then click OK.
    7. On the File menu, click Exit to exit Registry Editor.
    8. Download and install Windows Installer 4.5
      http://go.microsoft.com/fwlink/?LinkId=151819
    9. You can now install Exchange 2007 SP2
    10. You can now install Exchange 2007 SP3
       
  • Fix access to Companyweb from the server
    1. Click Start, click Run, type regedit in the Open box, and then click OK.
    2. Locate and then click the following registry subkey:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\
    3. After you select the Exchange subkey that is specified in step 2, point to New on the Edit menu, and then click DWORD(32) Value.
    4. Type DisableLoopbackCheck, and then press ENTER.
    5. Right-click DisableLoopbackCheck, and then click Modify.
    6. In the Value data box, type 1, and then click OK.
    7. On the File menu, click Exit to exit Registry Editor.
    8. Open an elevated command prompt and type IISRESET

  • Make AutoDiscovery Work With Only a Single Host Certificate
    1. Create a new SRV record in DNS for _autodiscover

    2.      Service: _autodiscover
           Name: @
           Protocol: _tcp
           Priority: 0
           Weight: 0
           Port: 443
           Target: remote.domainname.com

    3. Run the following commands in the Exchange Management Shell

    4. Modify the parts in red.
      Set-ClientAccessServer -Identity SERVERNAME -AutoDiscoverServiceInternalUri https://remote.domainname.com/Autodiscover/Autodiscover.xml
       
      Set-WebServicesVirtualDirectory -Identity "SERVERNAME\EWS (SBS Web Applications)" -InternalURL https://remote.domainname.com/EWS/Exchange.asmx -BasicAuthentication:$true
       
      Set-OABVirtualDirectory -Identity "SERVERNAME\OAB (SBS Web Applications)" -InternalURL https://remote.domainname.com/OAB
       
      Enable-OutlookAnywhere -Server SERVERNAME -ExternalHostname "remote.domainname.com" -ClientAuthenticationMethod "Basic"-SSLOffloading:$False
       
      Set-ActiveSyncVirtualDirectory -Identity "SERVERNAME\Microsoft-Server-ActiveSync (SBS Web Applications)" -ExternalURL https://remote.domainname.com/Microsoft-Server-Activesync
       
      Run all of the tests on this site
      https://www.testexchangeconnectivity.com/
       
      If any fail, troubleshoot.

  • Move the Transport Queue off the C Drive

  • Move-TransportDatabase.ps1 -QueueDatabasePath: <destination path>

  • Set Max Send/Receive Size, Max Attachment Size

  • Set-TransportConfig -MaxRecipientEnvelopeLimit  15MB -MaxReceiveSize 15MB -MaxSendSize 15MB


  • Setup Connection Manager For VPN Access

  • This is perhaps the Grand Daddy of all the tweaks.  SBS 2003 used to do this for you but 2008 does not.  In fact, Microsoft royally messed this up by only including the binaries for creating an x64 VPN client.  It is however entirely possible to create the 32 bit clients if you copy 2 DLLs over from a 32 bit 2003 server.
    You can download the needed binaries along with my complete solution for implementing the Connection Manager Administration Kit (CMAK) from http://dl.dropbox.com/u/2705670/CMAK.zip

Help me to continue to share files via dropbox like this by using this referral link to get your own (free) drop box.
http://www.dropbox.com/referrals/NTI3MDU2NzA5

If you have found this FAQ to be helpful, please don't forget to vote on this FAQ.

Back to Microsoft: Windows servers FAQ Index
Back to Microsoft: Windows servers Forum

My Archive

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close