Lessons Learned

I’m a huge proponent of enabling SMTP logging on servers for diagnostic and troubleshooting purposes. Every SBS 2003 server I’ve touched over the last few years I’ve enabled SMTP logging just so that when the inevitable question “why didn’t so-and-so get this e-mail” comes, I’ve got a starting point to go look through.

As with many aspects of SBS 2008, SMTP logging is handled differently in the new SBS solution. There are several places you have to go to enable logging, but fortunately, they’re all in the Exchange Management Console.

Because Exchange 2007 handles SMTP though multiple connectors, you have to enable logging in each of the connectors. In addition to having separate send and receive connectors, there are also multiple receive connectors. Also, SMTP logging is a binary option. You either have full SMTP logging on a connector, or you have none. The following steps walk you through the process of enabling SMTP logging on the Internet Send and Internet Receive connectors in SBS 2008.

1. Open the Exchange Management Console from the Start menu.
2. Expand the Organization Configuration and select the Hub Transport.
3. Click on the Send Connectors tab.
4. Right-click on the Windows SBS Internet Send servername item and select Properties.
5. From the Protocol Logging Level drop-down menu, select Verbose.
6. Click Apply, then click OK.
7. Expand Server Configuration and select Hub Transport.
8. Click on the Receive Connectors tab.
9. Right-click on the Windows SBS Internet Receive servername item and select Properties.
10. From the Protocol Logging Level drop-down menu, select Verbose.
11. Click Apply, then click OK.
12. Repeat the process for the Default servername item and the Windows SBS Fax Sharepoint Receive servername item if desired.
13. Close the Exchange Management Console.

By default, the SMTP logs are stored in C:\Program Files\Microsoft\Exchange Server\TransportRoles\Logs\ProtocolLog\. This folder path is specified in the Exchange Management Console under Server Configuration, servername Properties, Log Settings. A separate folder exists under the ProtocolLog folder for SmtpSend and SmptReceive. You can, if you choose, move each of the log folder locations individually to alternate locations on the server.

The “wizard” used to join workstations to an SBS 2008 network has undergone some significant changes from the SBS 2003 days. The process is streamlined, it can work with workstations that are domain-joined (including workstations that are joined to the current SBS domain), and it has additional options that were not present in the SBS 2003 version of the wizard. But it still has problems with private profiles, just like its predecessor.

When you go to the new http://connect site, run the tool, and get to the section where you select the local profile to use for the specified domain account, you may find that the profile you want to choose is not listed in the drop-down list. This doesn’t mean that there’s a problem with the profile, just that the profile has probably been marked private.

The simple fix is to open Windows Explorer, browse to C:\Documents and Settings, right-click on the user’s folder, and clear the “Make Folder Private” checkbox. Apply the changes, close the window, and run the Connect Computer tool again. The profile should show in the list now. If it still does not, go back into the folder settings, enable the “Make Folder Private” checkbox, apply the changes, then disable the “Make Folder Private” checkbox and apply the changes again.

If you want to rename an item that appears in the Start Menu, click the Start Menu, then right-click on the item whose name you want to change, then click Rename. Enter the new name for the item and press Enter when done. Viola, the item has been changed.

So what?

Well, if you’re like me and keep forgetting that when you open a Command Prompt on SBS 2008 that you’re not running the command prompt as an administrator, you might want to rename the Command Prompt item to something like “Command Prompt - Run as Administrator” so that you remember you need to right-click the Command Prompt icon and select Run As Administrator so you can get administrative access to a command prompt when needed. Just a thought.

The Add a Trusted Certificate wizard goes a long way towards creating a proper CSR (Certificate Signing Request) to send to an SSL certificate vendor to get a valid third-party SSL cert for your SBS 2008 server. However, there are a couple of gotchas you need to watch out for.

First, you must put in the proper DNS name for the server when requesting the cert. This may seem obvious, and the Add a Trusted Certificate wizard does pre-populate the field with the domain name you specified in the Set Up Your Internet Address wizard. But if the DNS name does not match exactly what users type into their browsers to get to the SBS 2008 server, you may as well have stuck with the self-generated cert.

Second, in the US, when you enter the State into the form, SPELL IT OUT. Do not use the two-letter state abbreviation. Legit SSL cert providers will choke on an abbreviated state name and not allow you to complete the certificate request. [Note: the last time I had this issue, GoDaddy did not correctly verify this information in a CSR I had created and allowed me to continue to the next phase of the cert request, Thawte did check the field value and rejected the abbreviated state name.]

Fortunately, Thawte provides an online tool to validate the CSR before you submit it for a cert. Once you generate the CSR from the Add a Trusted Certificate wizard, plug the CSR into the Thawte form to ensure that the CSR has been properly formatted. If there are any problems, the tool will let you know and you can go back and correct it.

Fortunately, the Add a Trusted Certificate wizard is an easier way to generate the CSR than what we had in SBS 2003, but it’s still a good idea to validate the CSR before submission to your SSL vendor.

The SBS 2008 getting started wizards assume that the server will be in a Class C subnet (i.e., subnet with a mask of 255.255.255.0). Furthermore, when you run the Connect to the Internet wizard, the wizard specifically looks for your Internet gateway at specific addresses in the 192.168.x.x class C subnet. So what if you’re migrating from an existing SBS 2003 server that doesn’t match one of these assumptions?

In the case of your existing server being in a subnet other than 192.168.x.x, no problem. When you create the answer file, you’ll plug in the IP addresses for the existing server, the IP gateway, and the new server into the Answer File Creator so that the migration setup can do its job. In the case of a new installation, the Connect to the Internet wizard will fail to automatically detect the router and you’ll be able to enter the information manually.

But if your network is on anything other than a Class C subnet, migration is not going to work. You will have to temporarily configure the network into a Class C setup to get the initial migration working. After that, you can modify the network settings to go back to your other network configuration, but the migration setup requires a Class C configuration in order to work.

Hopefully this is going to be one of those exceptions rather than a rule, but there it is in case you run across this.

SBS 2008 includes the default message store limits for Exchange 2007 - 2GB per mailbox. But it imposes this limit in two places that you will need to know during a migration.

1. The Exchange Message Store has a 2GB limit at installation time.
2. The Standard User Role has a user quota for Exchange of 2GB.

If you are migrating a system that has users with mailboxes over 2GB, you need to address both of these items. Adjusting the quota for the message store is fairly straightforward, and you actually won’t be able to complete the Move Mailbox portion of the migration until you adjust this setting if you have mailboxes with more than 2GB of data in them. But that’s the time you should also go in and either adjust the Standard User role to remove the 2GB quota, or create a new role based on the Standard User role that does not have the quota enabled.

Unless you want to force the user to shrink their mailbox size to under 2GB.