Archive for SBS

Shrink ShareWebDB Log File on SBS 2008

There’s a well known issue on SBS 2008 servers where the SharePoint Config Log file continues to expand. This SQL log file can rapidly grow in size, eating up valuable disk space on your system C: drive.

I first blogged about this back in December 2008 (view blog).

I posted a second blog post 4 years late in December 2012 (view blog) which provided the recommended Microsoft fix (KB 2000544) to truncate the log file, creating a batch command file and an associated SQL command file to truncate this log file.

I only have a few SBS 2008 servers still installed out in the field. But recently I discovered that there is another similar SQL log file that can grow in size: ShareWebDB_log.ldf file.

On this particular server, the ShareWebDB log file had grown to over 200GB in size. Ouch! Ouch! Ouch!

image

The solution is to mimic the two files created for the SharePoint log file solution, but have it truncate the ShareWebDB log file instead.

STEP 1: Create the SQL command file

Download the SQL file from my web site (logshrink2.sql.txt), save it to the root of your C: drive, and then rename it to logshrink2.sql

declare @ConfigDB varchar(255);
declare @ConfigDBLog varchar(255);
declare @ConfigDBCmd varchar(255);
select @ConfigDB =  name from sys.databases where name like ‘ShareWebDb%’;
set @ConfigDBCmd = ‘BACKUP database [‘ + RTRIM(@ConfigDB) + ‘] to disk=”C:\windows\temp\before2.bkf”’;
execute(@ConfigDBCmd);
set @ConfigDBCmd = ‘use [‘ + RTRIM(@COnfigDB) + ‘]’;
execute(@ConfigDBCmd);
set @ConfigDBCmd = ‘BACKUP LOG [‘ + RTRIM(@ConfigDB) + ‘] WITH TRUNCATE_ONLY’;
execute(@ConfigDBCmd);
set @ConfigDBCmd = ‘use [‘ + RTRIM(@COnfigDB) + ‘]’;
execute(@ConfigDBCmd);
select @ConfigDBLog =  name from sys.database_files where name like ‘ShareWebDb_log’;
set @ConfigDBCmd = ‘use [‘ +  RTRIM(@ConfigDB) + ‘] DBCC SHRINKFILE([‘ + RTRIM(@ConfigDB) + ‘_log],1)’;
execute(@ConfigDBCmd);
set @ConfigDBCmd = ‘BACKUP database [‘ + RTRIM(@ConfigDB) + ‘] to disk=”C:\windows\temp\after2.bkf”’;
execute(@ConfigDBCmd);
go

STEP 2: Create the DOS batch command file

Next, download the DOS batch command file from my web site (logshrink2.cmd.txt), save it to the root of your C: drive, and then rename it to logshrink2.cmd

dir c:\windows\sysmsi\ssee\mssql.2005\mssql\ShareWebDb* /s
pause
sqlcmd -S \\.\pipe\mssql$microsoft##ssee\sql\query -E -i c:\logshrink2.sql
pause
dir c:\windows\sysmsi\ssee\mssql.2005\mssql\ShareWebDb* /s
pause

STEP 3: Run the command file with administrator rights

Finally, open up File Explorer, right click on the logshrink2.cmd file, and click to “Run as administrator”

RESULT: Here is a screen shot of running this on the server with a 200GB log file:

image

Security Patch MS16-072 Breaks GPO on SBS 2008, SBS 2011, and Windows Server 2008/2008R2

Microsoft recently released security hotfix MS16-072 last week. This patch attempts to improve GPO security. But as my fellow MVP’s Susan Bradley and Wayne Small have discovered, this new security update can actually break certain GPO based processes, such as WSUS.

Note: Microsoft has not released a fix to this, nor are we expecting them to do so. But the blog posts below offer instructions for manually fixing this issue.

Here are the two blog posts that Wayne Small posted on his site, identifying the problem and suggested work arounds:

Susan Bradley forwarded the following post from Group Policy Central which includes a PowerShell script and further instructions from Microsoft to manually fix this problem.

SBS 2011, Windows Server Backup, and VSSAdmin List Writers Issue

One of my customers runs a SBS 2011 server with Exchange 2010. I consider it a very clean server. Suddenly, after three years, I had issues with the Windows Server Backup.

Opening the WSB console, I would get the message Reading Data, please wait….

I knew that the first thing I should check was the VSS writers. When I tried to run vssadmin list writers from an admin level command prompt,  I would get the message: Waiting for responses. These may be delayed if a shadow copy is being prepared.

Rebooting the server didn’t help.

I tried the wbadmin delete catalog command, but that didn’t help.

I then found this blog post from ServerFault.com which provided instructions for stopping specific services, reregistering VSS related DLL’s, and then restarting service. Eventually this solution worked for me!

Here’s a look at each of the looking at each of these three parts of the solution:

Step 1 – Stop specific services

You can run these commands one at a time from a command line prompt, or put them into a  batch file and run them:

net stop “System Event Notification Service”
net stop “Background Intelligent Transfer Service”
net stop “COM+ Event System”
net stop “Microsoft Software Shadow Copy Provider”
net stop “Volume Shadow Copy”
net stop VSS
net stop SWPRV

Note #1: Stopping the COM+ Event System will also cause several other dependent services to be stopped. Take a note of these dependent services so you can make sure they are restarted later on

Note #2: When I ran these commands, the COM+ Event System service did not successfully stop — it will have a status of  “Stopping…”. But it needs to be successfully stopped for the rest of the solution to work. If this happens to you, here’s how to stop it:

    • Open up another command prompt window
    • Type: sc queryex eventsystem and press Enter
    • Note the associated PID# for this service. Let’s say the PID# is 408
    • Next type:  taskkill /pid 408 /F  and press enter’’

Step 2 – Reregister DLLs

Now copy the following commands into a batch file and run it from the command line

regsvr32 /s ATL.DLL
regsvr32 /s comsvcs.DLL
regsvr32 /s credui.DLL
regsvr32 /s CRYPTNET.DLL
regsvr32 /s CRYPTUI.DLL
regsvr32 /s dhcpqec.DLL
regsvr32 /s dssenh.DLL
regsvr32 /s eapqec.DLL
regsvr32 /s esscli.DLL
regsvr32 /s FastProx.DLL
regsvr32 /s FirewallAPI.DLL
regsvr32 /s kmsvc.DLL
regsvr32 /s lsmproxy.DLL
regsvr32 /s MSCTF.DLL
regsvr32 /s msi.DLL
regsvr32 /s msxml3.DLL
regsvr32 /s ncprov.DLL
regsvr32 /s ole32.DLL
regsvr32 /s OLEACC.DLL
regsvr32 /s OLEAUT32.DLL
regsvr32 /s PROPSYS.DLL
regsvr32 /s QAgent.DLL
regsvr32 /s qagentrt.DLL
regsvr32 /s QUtil.DLL
regsvr32 /s raschap.DLL
regsvr32 /s RASQEC.DLL
regsvr32 /s rastls.DLL
regsvr32 /s repdrvfs.DLL
regsvr32 /s RPCRT4.DLL
regsvr32 /s rsaenh.DLL
regsvr32 /s SHELL32.DLL
regsvr32 /s shsvcs.DLL
regsvr32 /s /i swprv.DLL
regsvr32 /s tschannel.DLL
regsvr32 /s USERENV.DLL
regsvr32 /s vss_ps.DLL
regsvr32 /s wbemcons.DLL
regsvr32 /s wbemcore.DLL
regsvr32 /s wbemess.DLL
regsvr32 /s wbemsvc.DLL
regsvr32 /s WINHTTP.DLL
regsvr32 /s WINTRUST.DLL
regsvr32 /s wmiprvsd.DLL
regsvr32 /s wmisvc.DLL
regsvr32 /s wmiutils.DLL
regsvr32 /s wuaueng.DLL

Step 3 – Scan these DLL’s

Next, we will check the integrity of the following three DLLs

sfc /SCANFILE=%windir%\system32\catsrv.DLL
sfc /SCANFILE=%windir%\system32\catsrvut.DLL
sfc /SCANFILE=%windir%\system32\CLBCatQ.DLL

Step 4 – Restart Services

Finally, let’s restart the services we stopped

net start “COM+ Event System”
net start “System Event Notification Service”
net start “Background Intelligent Transfer Service”
net start “Microsoft Software Shadow Copy Provider”
net start “Volume Shadow Copy”

Step 5 – Rerun VSSADMIN

Go ahead and try to rerun the vssadmin list writers command and see if it works.

Setup BlackBerry Priv for Exchange Email

I have a customer that still uses Blackberry phone with their SBS 2011 server with Exchange 2010. Their previous BlackBerry 10 connected up with no problems to Exchange and ActiveSync several years ago. The owner recently replaced his BB10 with a newer BB Priv.

When he went to configure his new phone to Exchange, however, it was asking him to install a SSL security certificate, which the previous phone did not require.

Listed below are the steps we took to get his phone connected to Exchange.

Two things to note before we begin:

  • The person with the phone needs to setup up an alternate email (such as GMail) on the phone before proceeding. The reason will become obvious below.
  • You need access to the SBS/Exchange server to export the SSL certificate, and then email the exported certificate file to the user

So, let’s get started

Part 1 – From the SBS/Exchange Server, create an exported PFX certificate file

  1. From the server, open up MMC from an administrator level command prompt
  2. Select to load the Certificates snap-in to the local Computer account.
    (Note: if you do not know how to do this process, see this Microsoft article for detail instructions)
  3. Drill down Certificates –> Personal –> Certificates and locate your SSL certificate from the middle pane
    image
  4. Right click on the certificate, then select All Tasks –> Export
  5. Click Next –> Click Yes, export Private Key –> verify PFX format is selected
    image
  6. Enter a password when prompted (keep it short – very short, like ‘abc’)
  7. Click browse to assign a filename and select a location to save the exported file

Part 2 – Send PFX file to user’s alternate mail account

  1. Now, you need to email the PFX certificate file you just created to the user, sending it as an attachment to the user’s alternate email account on his or her phone.
  2. How you do this is up to you – I’m sure you can figure out this step.

Part 3 – User creates Exchange account and installs SSL certificate on the phone

The following instructions are general in nature, and not specific, because I did not do these steps myself. My customer was able to do it, with just a couple of corrections that I was able to walk him through by phone.

  1. First, user should open up the Gmail (or other) account on their phone, locate the email you sent them, and select to save (download) the attachment to the phone. Just download the file, do not try to install it.
  2. Now let’s start creating the Exchange account.
  3. Select Settings –> Accounts –> Add Accounts –> Exchange
  4. Enter your email address and password.
  5. Phone will go out and check things, and should come back asking for more server information.
  6. For your username: enter DOMAINNAME\USERNAME
  7. When prompted, select to install a certificate, and located the file you saved.
  8. For the server name/address, enter the URL you would use to access your OWA account – such as remote.servername.com or mail.servername.com.
  9. Select SSL/TLS (Accept all certificates)

At this point, it should start setting up your email account. Good luck!

Windows 10 and SBS 2008 Remote Web Workplace RWW

Customer calls me today. One of his employees has Windows 10 at home, but is unable to remote into the SBS 2008 network at the office to access his office computer.

The error message looks something like this:

VBScript Remote Desktop Connection: The wizard cannot configure Remote Desktop Connection settings.  Make sure that the client version of Remote Desktop Protocol (RDP) 6.0 or later is installed on this computer.

Thanks to a post on the Microsoft forum, the resolution is fairly easy. It requires access to the server, but does not require rebooting the server.

Note: On the Windows 10 side, you need to make sure you are using Internet Explorer 11 (IE11) and not the new Microsoft Edge browser.

From the SBS server:

  • Navigate to this folder “C:\Program Files\Windows Small Business Server\Bin\webapp\Remote”
  • Locate and make a backup copy of the file tsweb.aspx
  • Edit tsweb.aspx and comment out the highlighted lined as shown below. (Note: to comment out a line, simply insert a single quote mark)
    BEFORE
    image 
    AFTER
    image
  • Open up Services (Start –> Run –> services.msc)
  • Locate Terminal Services and click to restart it.
    image 
  • It may prompt you that it must also restart an associated service, which you should approve.
  • That’s all that needs to be done on the server

From the home Windows 10 computer:

  • Open up Internet Explorer 11
  • Go to the URL you use to remote into the SBS 2008 server (e.g.., https://remote.domain.com/remote)
  • Add the URL to Compatibility Settings (IE > Tools > Compatibility Settings > Add > Close)
  • Add the URL you are using to Trusted Sites (IE > Tools > Internet Options > Security > Trusted Sites)
  • Then close and restart IE 11

Give it a try!

Client Connector Status of Windows 10 and Server Essentials 2012 R2

IMPORTANT NOTE:  The client connector to connect Windows 10 to Windows Server Essentials 2012 R2 is currently being tested and is not yet available.

Once this updated connector is released, a link to download it manually will be posted. Doing a manual download is a known issue that is expected to be resolved in the October 2015 timeframe.

Over the years Microsoft has released a family of server platforms for the home and small business environments – including Small Business Server (SBS), Windows Home Server (WHS), and Server Essentials.

One of the key parts to these products is the “client connector” which is run from a client workstation to properly connect it to the server, include it in the dashboard, setup appropriate security, and, where appropriate, configure the workstation for daily backup.

In advance of the release of Windows 10, the Microsoft support team has released a blog post with a matrix identifying the availability and any restrictions for the client connector for each server platform, against each supported client operating system (Windows 7, 8, 8.1, and 10).

Client Connector availability with Windows Home Server, Small Business Server and Windows Server Essentials for Supported Client OS

Support for Windows Server 2003 ends today

The end of an era occurs today when Microsoft officially drops extended support for Windows Server 2003.

This means that Microsoft will no longer issue security updates for any version of Windows Server 2003, which includes Small Business Server 2003, and Windows Home Server.

image

SBS and Essentials External Backup Drives Compatibility List

I recently encountered an issue with an external drive connected to a SBS 2011 server. The backup had errored and the issue was with the external drive.

Finally, I was reminded about the Technet blog post on Windows Small Business Server – External Backup Drives Compatibility List. The post has two parts:

  • Guidelines on proper formatting requirements of the external drive, with an explanation of why 512 Bytes sectors are required.
  • List of external drives for a variety of vendors, with a rating table that indicates if it works on the various versions of SBS and Essentials 2012/R2.

The post also documents a simple command that you can use to check the sector size of your external drive. Be sure to do it from an elevated command prompt. The command is:

fsutil fsinfo ntfsinfo X:

Here’s an example of the results:

image

The shared protection point operation failed with error 0x81000101

This is the first time that I’ve seen this error on any Windows server I manage. This is an SBS 2008 server that has been in production for 6 years. The error was associated with a failed Windows backup of this server last night.

Full error message: Creation of the shared protection point timed out. Detailed Error: The shared protection point operation failed with error 0x81000101.

image

A quick web search led me to this blog post by David J Steele who encountered the same issue. The solution changes the default timeout from 10 minutes to 20 minutes.

Although his process is correct, there is one error in the information he posted. The value for the registry key should be 1200000 (5 zeroes) and not 12000000 (6 zeroes).

Here are the correct instructions:

  • Run regedit.exe on the server
  • Navigate to HKLM –> Software –> Microsoft –> windows NT –> CurrentVersion –> SPP
  • Create a new registry key (type DWORD) with the name “CreateTimeout”
  • Modify the value of the key to decimal 1200000. Be sure to click the radio box for Decimal before entering the value.

image

.Net Updates will break client backups

Microsoft released today (May 13, 2014) a security update for the .Net Framework (KB2960358).

However, after applying this update, client backups on SBS 2011 Essentials, WHS 2011, Server Storage Essentials 2008, and 2012 Essentials will fail.

Microsoft has already released updates to fix this problem:

  • KB2934957 for Windows 2012 Essentials
  • KB2934950 for Windows 2011 Essentials, WHS 2011, WSSE 2008*
    * Please note, before applying this fix, there is a pre-requisite that the server has the appropriate Rollup 4 update applied.