Archive for SBS 2008
SBS 2008 and Dell Rack-mount Servers
Posted by: | CommentsYesterday I finally ran into my first failed SBS 2008 install, not one I had picked up from someone else, but one of my own where I’ve managed the source server for years and did all the prep work myself. It was both a good thing and a bad thing: good because we got to finally troubleshoot one where we knew the entire environment up front so we could immediately eliminate several potential causes, bad because we were on a really limited migration timetable for this particular customer and we’ve ended up losing more than just a day on the project.
But the interesting thing about this migration is why it failed, and the blame lies right at the feet of Dell. Short story: the Dell PowerEdge R310 server does not allow you to individually disable the on-board NICs in BIOS. In BIOS, you can choose to disable both NICs, but the individual integrated NIC options include “Enabled,” “Enabled with PXE,” and “Enabled with iSCSI.” No “Disabled” option at all.
I’ll be perfectly honest, this was not a scenario I tested when working on the migration documentation with Microsoft and researching for the SBS 2008 Unleashed book. Since the SBS 2008 requirements list a single NIC only, that’s all the testing that I did. So when I went through with the migration install yesterday, I knew I was taking a bit of a chance, but hoped that since I only had one NIC connected to the network it wouldn’t be a problem.
Well, it was.
During the setup, the SBS portion of the install tried to do a WMI query against DNS for the existing domain. The query succeeded on the connected NIC, but the installer performed the query again on the disconnected NIC and failed. That failure led to the dreaded cascading failure of Exchange and everything else that followed. We were able to get the source server back online quickly since we followed best practices and took a System State Backup immediately prior to launching the SBS 2008 installer on the destination server, but then we faced the dilemma of how to proceed. After discussing the issue with a Microsoft contact, we thought the setup might complete if we connected both NICs to the network, but the better option is to disable the unused NIC in BIOS and do the migration setup the way it’s supposed to be done.
After a 3.5 hour call with Dell, it basically cannot be done on the R310. Apparently someone decided that an all or nothing configuration on the NICs on that particular server was the better solution than letting each NIC be individually disabled as done on every other Dell server I’ve worked with for a decade. The issue has been escalated with the engineering team, but we don’t yet know if there will be a fix or how long it will take to get one if it can be done.
Bottom line, I cannot recommend installation of SBS 2008 on a Dell PowerEdge R310 server until (or if) Dell resolves the issue of disabling the NICs individually in BIOS. I can almost guarantee that a migration setup will fail on this platform, but I don’t know if a clean install will have a similar issue or not. If anyone has successfully installed SBS 2008 on an R310 server, I’d love to hear from you. Since this is a relatively new model from Dell, however, I may well be one of the first to attempt this particular configuration. And I hope that our pain can save someone else from the same…
Automating the WSUS 3.0 Cleanup Process
Posted by: | CommentsWhile I’ve not been a huge fan of WSUS in the past, it’s been growing on me over the last year or so. Specifically, I’ve been really pleased with how WSUS 3.0 and SBS have been integrated (well, so long as you don’t hit a problem with the integration, which can then lead to a LOT of work to recover or repair or reinstall, but that’s a different post for a different day). But there are still challenges to keeping WSUS in check and keeping it from having unintended impacts on those same SBS servers.
Fortunately, most of the commonly-encountered problems with WSUS 3.x can be dealt with by running the Server Cleanup Wizard from the Update Services console. [NOTE: If you have never run the Server Cleanup Wizard in WSUS on a server that's been in production for a while, I recommend running the wizard manually and only select one category at a time. The first run can clean a LOT of information out of the WSUS environment, and it can take a VERY long time to complete.] But in this day of automating tasks, I don’t want to manually run the Server Cleanup Wizard on a regular basis as it can still take some time to complete the supplemental runs even after the first (and potentially longest) pass has been completed.
Well, there are two mechanisms for automating the Server Cleanup Wizard process on an SBS 2008 server (and other servers running WSUS for that matter). The first method that I’ll discuss below is fairly easy to google, but the second doesn’t show up in searches related to SBS 2008 (that I’ve been able to find at the time that I put this post together), so I’m going to document it here.
Let me start by saying that a lot of people who have implemented one of these two methods seem to be in agreement that these processes (or a variation thereof) should be included within WSUS itself and not relegated to what amounts to an add-on for maintenance and management. I’m in the same category, and really would like the WSUS team to look at providing tools with WSUS to be able to schedule the maintenance out of the box.
The first solution I ran across last year was a tool uploaded to Codeplex: http://wsus.codeplex.com/Release/ProjectReleases.aspx?ReleaseId=17612. This is a complied tool that will perform operations on the WSUS implementation based on command-line parameters that are passed to the tool when executed. It can run each of the cleanup tasks in the Server Cleanup Wizard individually or in groups, and also includes an SQL script that the tool can call to perform maintenance on the WSUS database file itself. I’ve deployed this in testing on a few SBS 2003 installations where I have WSUS 3.x running, and it’s been able to keep the WSUS installation in check rather nicely. My only beef with the tool is that since its a compiled executable, it’s impossible to tweak its operation beyond what the developer has coded into the tool. Currently, I can’t think of any WSUS tasks that I’d like to do that this tool cannot, but if an update to WSUS changes the way some of these tasks can be called, it’s possible that the tool might cease to function or not be able to handle new functionality and need an update from the author. I’ve also not run this on SBS 2008 yet simply because I don’t have a test box that I could run this on to make sure it doesn’t misbehave on that platform. It might work just the same on SBS 2008 as SBS 2003, but I can’t confirm that first-hand, so I haven’t pushed in out.
The second solution I ran across (again, not in an SBS 2008 search) is a PowerShell script that calls the Server Cleanup Wizard functions from WSUS directly. Since PowerShell is enabled by default on SBS 2008 out of the box, and since I can get into the code directly, I went ahead and implemented this script on my own production server, because I honestly hadn’t run the Cleanup Wizard on it in I don’t know how long. The script came from the Microsoft Technet Script Center at http://gallery.technet.microsoft.com/ScriptCenter/en-us/fd39c7d4-05bb-4c2d-8a99-f92ca8d08218. I have a Tools folder on the root of the second partition of every server I deploy, and I added a Scripts folder in that to house this script. I named the script WSUS_Cleanup.ps1 and copied the contents from the Script Center page into the file. I then opened a Command Prompt as Adminstrator and ran “powershell.exe WSUS_Cleanup.ps1″ on the server. After a long wait (like I said, I hadn’t run the Server Cleanup Wizard in a looooooong time), I got output from the script that showed the results of each of the steps it ran within the script (as listed on the Script Center page, the option to remove old computer from WSUS has been commented out).
Being the kind of guy who likes to review the results of processes once they complete, I build a quick and dirty batch file wrapper for the PowerShell script. Yes, I probably could have done the whole thing in PowerShell, but I’m still a bit of a PS newbie, so I relied on my comfort with batch files to get this wrapper done. Here’s the contents of the WSUS_Cleanup.bat that I put on the server:
@echo off @echo Starting cleanup: %date% %time% >> d:\tools\scripts\WSUS_Cleanup.log powershell.exe d:\tools\scripts\WSUS_Cleanup.ps1 >> d:\tools\scripts\WSUS_Cleanup.log @echo Finished cleanup: %date% %time% >> d:\tools\scripts\WSUS_Cleanup.log
The batch file writes the current date and time to a log file that I created in the same Scripts folder where the other pieces are, then calls PowerShell to run the cleanup script and appends the output of that process to the log file as well. Once that finishes, the current date and time are again appended to the log. Now I can see when the script ran, what it did when it ran, and how long it took to complete.
Either of these tools are easily adaptable to running as scheduled tasks or as scripts from your favorite RMM tool. THE WSUS_Cleanup from Codeplex has a couple of advantages over the PowerShell script. One, you can select which components of the Cleanup Wizard you wish to run by adjusting the command line call to the tool. With the PowerShell script as written, you have to modify the script and comment or uncomment each of the tasks. (Yes, a savvy PowerShell person should be able to modify that script to mimic the behavior of the Codeplex tool, and as I’ve mentioned, I’m not that guy. Yet.) Second, the Codeplex tool has the SQL maintenance script included which can be run within the scope of the Codeplex tool. The PowerShell script does not include anything for SQL maintenance on the actual database files. Again, someone with SQL skills could easily script up and automate a process to do the same thing, and again that’s not me.
Given that PowerShell is getting more and more visibility in the Server 2008 world, I’m going to be focusing (when possible) on dealing with automation tasks that make use of PowerShell or other native scripting tools rather than rely on someone else to build an executable file. Not to say that the WSUS_Cleanup tool on Codeplex is a bad thing. I’m probably going to keep that on my 2003-based systems until there’s a reason not to. But for my 2008 deployments, I’m going to stick with PowerShell for WSUS maintenance. If nothing else, I get an excuse to learn more about PowerShell and keep my WSUS installations in good working order.
Recovering “Hidden” Disk Space Used on SBS 2008 C: partitions
Posted by: | CommentsOne of the significant differences in the minimum specs for installing SBS 2008 versus SBS 2003 was the minimum size of the C: partition needed for installation and operation. SBS 2008 requires a minimum of 60GB in the install partition or it won’t go. Those of us who were used to fighting the 12GB C: partition implemented by OEM vendors in SBS 2003 initially looked at that and thought “yeah, that’s a good change.” Well, as it turns out, kinda like the 4GB RAM minimum spec, the 60GB C: partition may not be big enough after all.
If you ask around those who have been doing SBS 2008 deployments, one of the best practices adopted by most is to use the Move Data Wizards in the Server Storage tab of the SBS 2008 Console and get the key data components off the C: partition and onto another partition (Exchange, SharePoint, User’s folders, User’s redirected documents, and WSUS content). And if you take the step that some do of installing third-party software to a partition other than C:, we should be ending up with a fairly pristine C: partition with minimal dynamic data on it. In theory.
I’ve been deploying my SBS 2008 installs with a 100GB C: partition simply because I figured that over time, something would find a way to suck up all the space on C: and we’d eventually get to a point where we’d have to deal with resizing paritions or doing manual data cleanup. I didn’t expect that I’d hit that scenario just over a year after my first SBS 2008 production deployment.
In the last couple of weeks, my monitoring tools have started chirping about low disk space on C: on a couple of installs. Sure enough, one installation had 17GB remaining of a 100GB partition, another had 3.5GB remaining on an 80GB partition (my own production box, and yeah, it really needs an overhaul, but that’s another story). I started digging around and found the most common disk hog that’s been complained about across the net, the winsxs folder. Based on everything I’ve been able to read about winsxs, including a post from the Windows Server Core Team, that’s something that we’ll just have to live with, and really isn’t the point of this post anyway. Still, on my boxes, the winsxs folder still only amounted to about 12GB (bigger than what I’d like, but certainly not the primary culprit) which is only about 10% of my standard install C: space. Something else had been sucking away space and keeping it from me.
We use TreeSize from JAM Software as a standard utility on our server deployments to help monitor disk space usage, as this is something that comes up from time to time. [NOTE: this is not a specific endorsement of TreeSize, just a note that it's one of the many tools that we use in our operation.] So in the case of these low-free-space servers, I fired up TreeSize and went looking for the disk hog. Surprisingly, I couldn’t find it. I did clear up some areas that showed a larger-than-expected usage, but couldn’t find the smoking gun. A few weeks have gone by, and while I’ve been monitoring the state of these servers to ensure that free space didn’t get critically low, other tasks moved up on the priority list.
Then a discussion on one of my private lists cropped up regarding this exact topic, and I learned two valuable tidbits from that discussion.
The first is that in order for TreeSize to see the contents of ALL folders on the C: partition, it must be Run As Administrator. Upon reflection, this makes sense, but I know it’s catching a lot of experienced system admins off-guard. Some are advocating disabling UAC on the server to avoid this kind of issue, and I’m honestly not fully decided where I stand on that, so I won’t comment either way on that. But it does serve as a reminder that many system tools we may have been using for years on 2003 servers might not behave the same way under 2008 if you don’t use the almighty Run As Admin option.
The second is that the WSUS site in IIS has been logging an OBSCENE amount of data into the IIS logs folder. One of my servers had nearly 30GB (yes, that’s 30 gigabytes) of data in the WSUS log folder (C:\inetpub\logs\LogFiles\W3SVC1372222313). Another had just over 20GB. And in looking in the folder, I saw numerous DAILY log files that were well over 100MB each, with some well over 200MB each.
Once I cleared out the old log files (honestly, how far back am I going to need to look at WSUS logs anyway?) the free space on C: increased to a reasonable level, and my monitoring stopped yelling at me quite so often.
There are multiple lessons learned from this experience for me. The first is the whole reminder about Run As Administrator in the Server 2008 era. I’ve even taken to labeling some shortcuts with “Run As Administrator” in the icon name just to serve as a reminder. The second lesson is that 60GB is certainly NOT going to be sufficient as a minimum partition size on a production SBS 2008 server, even if all other data is moved off to different volumes (and I haven’t even covered the option of moving the WSUS SQL database files off of C: to another partition, which can’t be done through wizards but must be done by hand). With winsxs and the WSUS logs as two items that will definitely be grabbing disk space unexpectedly (well, it’s expected now anyway), we can be sure that over time there will be others. And as stated on the Core Team blog, you can only expect that winsxs will continue to grow over time. If it’s 12GB now, how large will it be in a couple of years? The third lesson is that some logging that happens automatically on the server probably should not just be left unchecked. If you enable SMTP logging (which I do and recommend for troubleshooting purposes), you should clean out old SMTP logs on a regular basis. Well, now you can add WSUS/IIS logs to that approach as well. There are numerous posts out there for ways to script this process, and I’m evaluating the approach we’re going to take within our operation to make this happen for our customer base.
If you’ve been struggling with low disk space issues on SBS 2008 C: partitions, hopefully this information will help you get a better handle on the immediate actions as well as the long term strategy that you’ll develop for your particular environment.
More Fun with SBS 2008 and Sharepoint Updates
Posted by: | CommentsAnyone who has been dealing with SBS 2008 for the last couple of months knows that there have been issues with recent Sharepoint and SBS 2008 updates:
Companyweb Inaccessible After Sharepoint 3.0 Service Pack 2
Files in Companyweb are Opening Read-Only After SBS 2008 UR2
Sharepoint Service 3 Search event errors after an SBS 2008 Update Rollup
Event 2436 for Sharepoint Services 3 Search
Bottom line, it’s not been an easy road. Fortunately, the SBS team have done a good job of documenting the issues as they come up. Unfortunately, not everything has been caught yet. As I found out this week.
I’ve had two new SBS 2008 deployments in the last two months. One a migration (won’t go there), and the other a clean install. Ironically, the clean install is the one that’s caused me the most grief. The initial install went smoothly, and we’ve been keeping up to date with all the updates. Based on the information above, we knew to install the Sharepoint 3 SP2 before installing SBS 2008 UR2, and flipped the database off of Read Only.
Yesterday, I went to create a new security group. I launched the Add Group Wizard from the SBS 2008 console and was immediately greeted with:
“Windows SBS 2008 Add Group Wizard has stopped working”
The first wizard screen never even launched. Of course, I started digging through the addgroup.log file in C:\Program Files\Windows Small Business Server\Logs, and found the following after hunting for several minutes:
An exception of type 'Type: System.Data.SqlClient.SqlException, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' has occurred. Message: Access to table dbo.Versions is blocked because the signature is not valid.
In the stack dump that followed, many of the references were to Sharepoint. “Ah ha!” I thought. “The Add Group Wizard also does some things in Sharepoint!” and I went off to look at Sharepoint. Sure enough, companyweb wouldn’t come up. So, I went back to Companyweb Inaccessible After Sharepoint 3.0 Service Pack 2 and went through those steps again. I verified that the database was not read-only, then I went through and followed the steps to re-run the setup wizard from the command line. Uh, oh, got errors. Fortunately, the psconfig command had me look at the PSCDiagnostics log in C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\LOGS. Unfortunately, those logs didn’t really tell me anything useful. What I found was this:
08/17/2009 17:12:59 1 ERR One or more configuration tasks has failed to execute
08/17/2009 17:12:59 1 INF Entering function TaskDriver.Stop
08/17/2009 17:12:59 1 INF Entering function StringResourceManager.GetResourceString
08/17/2009 17:12:59 1 INF Resource id to be retrieved is PostSetupConfigurationFailedEventLog for language English (United States)
08/17/2009 17:12:59 1 INF Resource retrieved id PostSetupConfigurationFailedEventLog is Configuration of SharePoint Products and Technologies failed. Configuration must be performed in order for this product to operate properly. To diagnose the problem, review the extended error information located at {0}, fix the problem, and run this configuration wizard again.
08/17/2009 17:12:59 1 INF Leaving function StringResourceManager.GetResourceString
08/17/2009 17:12:59 1 ERR Configuration of SharePoint Products and Technologies failed. Configuration must be performed in order for this product to operate properly. To diagnose the problem, review the extended error information located at C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\LOGS\PSCDiagnostics_8_17_2009_17_7_9_507_298886299.log, fix the problem, and run this configuration wizard again.
I actually found a reference to the solution in the comments in the Companyweb Inaccessible After Sharepoint 3.0 Service Pack 2 post. Not directly, but one of the comments mentions that an account name was changed after the initial setup. I haven’t renamed any accounts, but I was reminded that I was running the psconfig command under a different account than had been used to initially install the Sharepoint SP2 update. I logged out of that account and logged back in with the account that was used to install the update, and the psconfig command completed successfully.
Woo hoo! Got it working! Only, http://companyweb and the Sharepoint Central Administration 3.0 sites still would not come up. I once again connected to the database via SQL Management Studio (reminder: run that with elevated permissions or you’ll never authenticate successfully) and verified that it was not read only. And the services were running. I checked the web site configuration in IIS and found the issue – all of the web sites had stopped. That’s when I remembered getting all the alerts overnight about the World Wide Web Publishing Service and the TS Gateway service being stopped. I had started them again first thing this morning and promptly forgot about them. Sure enough, when I checked again, they were both stopped (not surprised that the TS Gateway service stopped since it’s dependent upon the WWW Publishing service). I started both services and both companyweb and Sharepoint Central Administration were back online.
And I was able to finally add the one security group I needed to get added.
Takeaways from this process that aren’t documented in the SBS blog posts:
- If the Sharepoint SP2 update doesn’t take the first time and you need to run the psconfig command manually to complete the install, make sure you are running the command from the same user account that was used to attempt to install SP2 in the first place.
- Note that the psconfig command stops the World Wide Web Publishing Service (and TS Gateway) and does NOT restart them automatically.
SSL Certificate Validation
Posted by: | CommentsI put up a post this morning regarding SSL certificate request validation over on the Third Tier web site. If you’ve been wondering how SSL certificates work in SBS 2008 or if you’re about to renew an SSL certificate on an SBS 2003 box, you might want to check out that post.
Restoring SBS 2008 to Different Hardware
Posted by: | CommentsWhile doing some testing on the restore capabilities of SBS 2008 using the native Server 2008 backup and restore tools, I ran cross an interesting tidbit regarding the restore process. Once I thought about it, it made sense, but not having tested a full system restore yet, I hadn’t run across it just yet.
When doing a bare metal restore of SBS 2008 using the native Windows Backup tools, your restore system must match the disk configuration of the source server as closely as possible. Specifically, if you have your backup from a server with two partitions on a single volume, you must restore to a single volume whose size is at least as large as the source volume. You cannot restore the two partitions from the original backup to a system with two volumes and expect that one partition would restore to one volume and the second partition would restore to the second volume. If your backup came from a system with a single volume and two partitions, you must restore to a system with a single volume so the backup can put two partitions on it.
I’m assuming that the reverse is true (if you have two volumes as the source for the backup, you must have two volumes for the restore) but have not had the ability to test this yet.
Again, this holds for a bare metal restore using the recovery method available when booting from the SBS 2008 installation CD. Using the native tools when SBS 2008 is running, you have the option to restore to alternate locations.
SBS 2008 and Companyweb Offline
Posted by: | CommentsOver the last couple of weeks, I’ve seen reports of companyweb not displaying on some SBS 2008 servers. Same when trying to load the SharePoint 3.0 Central Administration site. Poking through the event logs, we’re seeing errors and warnings like:
Error Windows SharePoint Services 3 3760 Database
SQL Database ‘ShareWebDb’ on SQL Server instance ‘np:\\.\pipe\MSSQL$Microsoft##SSEE\sql\query’ not found. Additional error information from SQL Server is included below.
Cannot open database "ShareWebDb" requested by the login. The login failed.
Login failed for user ‘NT AUTHORITY\NETWORK SERVICE’.
Restarting the Windows Internal Database (Microsoft##SSEE) service restores access, at least temporarily.
Thus far, I’ve been unable to identify any commonality that might be triggering this behavior. If you have encountered this issue, especially if all you’ve had to do is restart the Windows Internal Database service to recover access, please post a comment back so we can try to collect additional information and see what might be triggering this issue.
SBS 2008 Unleashed On Sale
Posted by: | CommentsKarl Palachuk has a sale going on for the Microsoft Small Business Server 2008 Unleashed book at SMB Books. If you purchase SBS 2008 Unleased plus any other item and enter the promo code, you’ll get $20 off the total order. Other promotions are going on at the site as well. For more information, check out Karl’s post: http://smallbizthoughts.blogspot.com/2009/02/right-now-sale-at-smb-books.html.
Hotfix for Server 2008 Issue Available
Posted by: | CommentsMicrosoft released a hotfix today that addresses an issue in the Server 2008 networking stack. Users of SBS 2008 may have seen the effects of this issue if networking services seemed to “hang” after the server had been running for 4-7 days and needed a restart to restore normal operations. The problem has manifested with certain software products attempting to access the impacted resource. One such application is Trend Worry-Free 5.1, but it is not the only application that has seen the issue. Note that third-party applications are not causing the issue, but third-party applications that attempt to access the problematic code are seeing the issue.
Microsoft has released a hotfix for this issue, but the KB article, KB961775, that describes the issue in detail is not yet available. The hotfix can be downloaded from http://support.microsoft.com/hotfix/KBHotfix.aspx?kbnum=961775&kbln=en-us.
UPDATE: While the MS KB has not been made public yet, the SBS blog does have detailed information on this issue. Check out their blog post at: http://blogs.technet.com/sbs/archive/2009/02/12/you-may-lose-network-connectivity-on-sbs-2008-when-using-a-driver-which-utilizes-tdi.aspx.
SBS 2008 Update Rollup 1 Available
Posted by: | CommentsMicrosoft released the first update specifically for SBS 2008, information can be found in KB958715. The Officical SBS Blog also discusses the update. The update addressess two issues in the initial release of SBS 2008:
- The Security Tab in the SBS console did not correctly report anti-virus status on connected workstations for some anti-virus programs. I’ve been experiencing this with Sophos Anti-virus, which we use with our client base. After installing the update, I can confirm that the anti-virus status is now correctly reported with Sophos Anti-virus on the workstations.
- The Internet Address Wizard stops functioning when registering a domain name through GoDaddy.
The update is now available through Microsoft Update and should appear in the Update subtab of the Windows SBS Console. You can approve the update in the console and allow it to roll automatically through WSUS, or you can manually install the update as follows:
- Open the Windows Update panel from the Start Menu.
- Click the Check online for updates from Microsoft Update link in the panel.
- When the check finishes, you should see at least one update available. Click the View available updates link to see all updates available.
- Under Windows Small Business Server 2008, you should see the Update Rollup 1 for Small Business Server 2008 (KB958715) in the list and checked.
- Click Install to install the update.
No restart is needed after the update installs, but you should close the SBS Console prior to installing the update.