Archive for Essentials

Renew SSL Certificate for 2012 R2 Essentials

These are the steps I recently followed to renew a third party (GoDaddy) SSL certificate on a 2012 R2 Essentials server. Although these steps have been documented many, many times over the years, it doesn’t hurt to review the process and make sure it works properly.

The overall process has three major parts to it:

  • Generate SSL request on the server
  • Request and rekey the certificate on GoDaddy’s site and download new certificate
  • Install the intermediate cert and your domain SSL cert on the server

Part One – Server

  • Open up the Essentials dashboard, click on Quick Status from the left column of the screen, then click Anywhere Access from the middle column, and finally click “Click to configure Anywhere Access” from the right column of the screen.
    image
  • In the next window ( Settings – Anywhere Access) click on the Configure… button. Please note, there’s a red X in my screen shot. That’s because my SSL certificate is about to expire. However, DO NOT click on the “Repair…” button. Just click on the “Configure…” button
    image
  • In the next windows (Set up Anywhere Access) make sure that you UNcheck the option labeled “Skip Domain name setup. I have already set up my domain”
    image

            image

  • In the next window, select “Import a new trusted SSL certificate”
    image
  • In the next window, first verify your domain name to be registered, which should already be correct as we are renewing an existing SSL certificate. Then click to enable the option “I want to purchase a trusted SSL certificate for this domain”
    image
  • The next screen is the important one. It should display for you automatically the certificate request that you will need. If you need to , open up Notepad and then copy everything inside the box, starting with “—-BEGIN NEW CERTIFICATE” all the way to the very end.

    image

If you wish, leave this window open while you go to Part Two and request the new certificate from GoDaddy

Part Two – GoDaddy

  • Open up a browser, go to GoDaddy’s web site, login, and go to your registered SSL for your domain and select to purchase/renew it. I’m not including screen shots of this process. Go Daddy will generate an email to verify you are the owner of this certificate.
  • Once that is done and approved you can proceed on the GoDaddy site to rekey your certificate. It will ask you to copy/paste in the certificate request info we just generate (that starts with “—-BEGIN NEW CERTIFICATE REQUEST…”
  • After you paste and submit this information, GoDaddy will generate another email to you with the link to download the certificate and instructions for installing it.
  • When you are at the screen to download your certificate, you must select what Server type you will be using this on. From the drop down, select IIS. Then download the generated zip file. If you are not doing this step from the server, then you will need to copy the zip file over to the server.
  • Unzip the zip file on the server. You will have two files, one with a  .p7b suffix and the other with a .crt suffix
    image

Part Three – Server

Before we go back to the Essentials  dashboard that we left open, we first need to go to MMC and insert the new p7b intermediate file from GoDaddy.

  • The steps to do this is provided by GoDaddy (click here). In short:
    • Run C, add the Certificates add-in, select Computer Account, select Local Computer.
    • Once Certificates is added, drill down to Certificates > Intermediate Certification Authorities, right click and select All Tasks > Import.
      image
    • Click to browse, change the file extension in the browse window to “all files”, then locate the .p7b file that came from the zip file, and load it. Once done, you can close MMC.
  • Now we return to the Essentials dashboard that we left open. If it’s still sitting on the “Generate a certificate request’ window, go ahead and click Next.
  • On the next window (“A trusted SSL certificate is in progress…”), click on the first option: “I have the trusted SSL certificate…” and click Next
    image
  • On the next screen (Import the trusted certificate), click to Browse, change the file extension again to “all files” then locate the file ending with .crt that you unzipped, and click Next.
    image
  • Wait while the new certificate is installed. You will get a green check window indicating that the domain is set up. You have one final step – to add this to Anywhere Access
    image
  • On the next screen, you can select to enable VPN access and/or Remote Web Access. I only select Remote Web Access, as I use my network firewall/router box for VPN connectivity.
    image
  • Go ahead and select what you need, and you will be all done. You will also see that the red X we saw earlier should now have disappeared, since the SSL certificate is now up to date.
    image
    image

Windows 10 Workstation Shows Offline Status and No Backups from 2012 R2 Essentials Dashboard

It’s been well documented that updates for Windows 10 (such as the 1607 Anniversary update) will cause issues with interfacing to the 2012 R2 Essentials Server. Two things in particular:

  • Workstations will have a status of Offline on the Essentials Dashboard
  • More importantly, client workstation backups are not up to date

Until now, the process that I had taken to resolve this on each workstation was as follows:

  • Drop workstation to Workgroup
  • Login as local administrator (not domain)
  • Run http://{servername}/connect
  • Use domain admin login and password to proceed, when prompted
  • Approve (acknowledge) you want to use the domain admin login
  • Complete rejoining to the server
  • Reboot workstation and login as domain user

Well, now, it comes to pass that we can make this process a bit faster, as we can eliminate the first two steps (dropping workstation to a workgroup, and logging in with the local admin account).

So here’s how the steps now look, while remaining logged in as the current domain user account:

  • Run http://{servername}/connect
  • Use domain admin login and password to proceed, when prompted
  • Approve (acknowledge) you want to use the domain admin login
  • Complete rejoining to the server
  • It’s possible to just logoff and log back in as the current domain user. However, I still like to reboot the workstation just to make sure all is fine.

Error Occurred During Port Configuration – Access is Denied

2015-12-02_15-44-12 XEROX 7830Customer is running Windows Server 2012 R2 Essentials, and just had a Xerox WorkCentre 8530 delivered to their office.

Working with the local Xerox printer tech, we got the driver installed on the server and tested printing.

But he wanted to show me some things under the “Configure Port” option, but when we tried to do so, we got the following error message:

An error occurred during port configuration. Access is denied.

I was stumped, as I knew we were logged on as an administrator. I even tried using Print Management service.

I then found a helpful step-by-step solution to this problem over on the GeeksOnTech website. Their post includes screen shots, but here is a summary of the steps:

  1. Open up Devices & Printers
  2. Highlight the printer you want to change, then click on Print Server Properties from the menu bar
  3. On the next window, click the Ports tab, and then at the bottom of that same window click Change Port Settings
  4. Now select your printer, and then click Configure Port…

Hope this helps!

Client Connector Status of Windows 10 and Server Essentials 2012 R2

IMPORTANT NOTE:  The client connector to connect Windows 10 to Windows Server Essentials 2012 R2 is currently being tested and is not yet available.

Once this updated connector is released, a link to download it manually will be posted. Doing a manual download is a known issue that is expected to be resolved in the October 2015 timeframe.

Over the years Microsoft has released a family of server platforms for the home and small business environments – including Small Business Server (SBS), Windows Home Server (WHS), and Server Essentials.

One of the key parts to these products is the “client connector” which is run from a client workstation to properly connect it to the server, include it in the dashboard, setup appropriate security, and, where appropriate, configure the workstation for daily backup.

In advance of the release of Windows 10, the Microsoft support team has released a blog post with a matrix identifying the availability and any restrictions for the client connector for each server platform, against each supported client operating system (Windows 7, 8, 8.1, and 10).

Client Connector availability with Windows Home Server, Small Business Server and Windows Server Essentials for Supported Client OS

Will there be a Windows Server Essentials 2016?

imageWindows 10 for desktops and mobile devices is just around the corner.

That would be July 29th if you’ve been on vacation! –>

And … the next version of Windows Server will be Windows Server 2016.

The current version is Windows Server 2012, which includes a specific (post-SBS) version called Windows Server 2012 R2 Essentials.

So, it is only fair to have people ask: “Will there be also be a Windows Server 2016 Essentials (W2016E for short) released?”image

The following public Technet article mentions W2016E by name. So it would be a reasonable conclusion to think that they are planning on a W2016E version.

But — given that Server 2016 will not be rolled out until next year, things can always change.

http://blogs.technet.com/b/sbs/archive/2015/07/23/client-connector-availability-with-windows-home-server-small-business-server-and-windows-server-essentials-for-supported-client-os.aspx

image

Samsung 850 EVO SSD crashes Windows 2012 R2 Server

I have personally used Samsung’s 850 SSD drives in a few workstations, and they appear to work great.

However, there are several recent posts of Windows 2012 R2 and 2012 R2 Essentials servers crashing. The common denominator? Samsung’s 850 EVO SSD drives.

One person wrote that a 2012 R2 Essentials server will produce 100% crashes. Any other 2012 R2 server will crash if the write cache is disabled, which happens when a server is promoted to a DC. Hopefully, it’s a firmware issue with those drives that Samsung can address. Also, the Samsung 840 SSD drives appear to work just fine, and does NOT cause similar crashes.

Here are some links for your further reading pleasure that identify the issues at hand:

https://social.technet.microsoft.com/Forums/windowsserver/en-US/81c6d52f-578c-44c8-a6ec-18c03a818295/cant-promote-server-2012-r2-to-domain-controller-get-error-0xc000021a?forum=winserverDS

https://social.technet.microsoft.com/Forums/windowsserver/en-US/ebc71806-37ab-49c4-9218-9964b30d958a/0xc000021a-during-server-2012-r2-essentials-setup?forum=winserveressentials

http://community.spiceworks.com/topic/869314-warning-do-not-use-samsung-850-evo-ssd-with-windows-server-2012-r2

SBS and Essentials External Backup Drives Compatibility List

I recently encountered an issue with an external drive connected to a SBS 2011 server. The backup had errored and the issue was with the external drive.

Finally, I was reminded about the Technet blog post on Windows Small Business Server – External Backup Drives Compatibility List. The post has two parts:

  • Guidelines on proper formatting requirements of the external drive, with an explanation of why 512 Bytes sectors are required.
  • List of external drives for a variety of vendors, with a rating table that indicates if it works on the various versions of SBS and Essentials 2012/R2.

The post also documents a simple command that you can use to check the sector size of your external drive. Be sure to do it from an elevated command prompt. The command is:

fsutil fsinfo ntfsinfo X:

Here’s an example of the results:

image

Update on Essentials O365 Wizard Issue

Earlier I posted about a situation where the O365 Integration Wizard that is built into the 2012 R2 Essentials Server would fail when trying to set it up the first time.

https://kwsupport.com/2015/05/2012-r2-essentials-fails-to-integrate-with-o365/

Today, the Windows Essentials and SBS support team posted a revised blog saying that the problem with the PCNS.zip file had been resolved.

image

http://blogs.technet.com/b/sbs/archive/2015/05/29/windows-server-2012-essentials-r2-essentials-may-fail-to-integrate-with-microsoft-office-365.aspx

The revision eliminates the need to download the correct PCNS.zip file. Apparently there’s no hotfix or update to be downloaded. They fixed it on their end so that when you run the O365 wizard it will download the correct zip file.

How to Configure a Custom Domain Suffix when Installing Windows 2012 R2 Essentials

For as long as I can remember, Microsoft’s Small Business Server (SBS) and Essentials Server would default to using .local for the internal domain suffix during installation. So, if your company name was Contoso, it would create Contoso.local as your internal domain.

And for me, using .local worked great all these years. The customer would still use .com (such as Contoso.com) for their public web site and for their email address. Contoso.local was strictly for internal DNS purposes.

But SSL Certificate authorities have announced that they will not issue new UCC/SAN SSL certificates that contain non-public local Intranet domain suffixes (such as .local) or IP addresses.

See detail announcements from these vendors: GoDaddy   DigiCert  

So … the question was raised recently within my Microsoft MVP group: how does one install Windows Server 2012R2 Essentials with a custom internal domain suffix, since by default Essentials uses .local?

My good MVP friend, Robert Pearman, took the time to post a solution today on his blog site. He gives step by step instructions, along with screen shots:

http://titlerequired.com/2015/06/27/install-windows-server-essentials-with-a-custom-domain-suffix/

Here is a quick summary of the steps:

  • Perform the pre-install of Essentials 2012 R2
  • When the Essentials Configuration Wizard (ECW) starts up, click CANCEL.
  • From System Properties, change the name of your server
  • Now add Active Directory Domain Services as a server role (Systems Manager > Manage > Add Roles and Features) and use all the defaults.
  • Then run the Post Deployment task and promote the server to a domain controller.
    • Select to create a new forest and enter your root domain name.
    • Note: many now suggest using a subdomain of your public domain name. So if your public domain is Contoso.com, you might use Corp.Contoso.com)
    • After the pre-requisite check, use the defaults to complete the install of the server role.
    • After the server has rebooted, login as the domain admin, and the ECW will start up again.

2012 R2 Essentials Fails to Integrate with O365

I have an existing client with a Windows 2012 R2 Essential server. I was migrating their email from a GoDaddy POP3/IMAP host over to Office 365. This was going to be my first opportunity to try out the O365 Integration Wizard that comes with the 2012 R2 Essentials dashboard.

image

On May 23rd I set up their Office 365 accounts, setup the DNS records on GoDaddy, and then migrated their email to Office 365, all which went smoothly.

On May 26th I attempted to run the O365 Integration Wizard. After entering the O365 admin account and login info, it errors with this message: “There was an issue configuring the integration. Make sure the computer is connected to the internet and then try again.”

image

I did a lot of web searches, and finally located several posts from people indicating that the error may be related to a corrupt or invalid PCNS.zip file:
https://social.technet.microsoft.com/Forums/en-US/dba06f4f-1011-4de3-946b-2a39718c2cc0/windows-server-2012-essentials-r2-and-office-365-integration?forum=winserveressentials#eb76b50e-6304-48b0-afef-b5fd79978ebf

What’s PCNS? It stands for Microsoft’s Password Change Notification Service which synchronizes user passwords in an enterprise environment.

I confirmed that this was the error by looking at the SharedServiceHost-EmailProvider Config.log file located at C:\Program Data\Microsoft\Windows Server\Logs folder.

The suggested fix was to rename the existing PCNS folder and PCNS.zip file, then download a different PCNS.zip file, and then rerun the wizard. Initially it did not work for me, because I was manually unzipping the corrected PCNS.zip file before running the O365 Wizard. Finally it dawned on me to just download the zip file, and sure enough, the O365 Wizard unzipped it, and we finally had success!

image