SBS 2011 Essentials Build Info

  • Article

Windows Small Business Server 2011 Essentials Build document

<in progress - placeholder>

Pre install planning

 

Router is assumed to have DHCP enabled

 The assumption for Small Business Server Essentials (hereinafter called SBSE) is that it will be the first domain controller in the network.  Note this does not mean it has to be the only DC, just that like its cousin SBS, that it has to hold the FSMO roles.  Unlike SBS however, the assumption is that the external router will perform the role of DHCP and provide SBSE with a dynamic IP address.  Whilst you can install the role later after the server is installed and assign the server a static IP, it is assumed that DHCP will be enabled and running on the router as you build the SBSE server. 

That said, your life will be easier in the long run if you move the DHCP back to the SBS Essentials server and assign it a static IP.  To do so follow this blog post.

 

Installation using an Answer File

Check out this post by Robert Pearman for a tool to help you install SBS Essentials using an Answer File.
http://titlerequired.com/2012/01/16/introducing-the-microsoft-sbs-2011-essentials-answer-file-tool/

Say no to Updates.

When presented with the option to decide whether you would like to accept the default settings for Windows Updates, you should select No. If you select Yes, then immediately following installation your server will begin to download and apply updates. This will slow down the rest of your configuration and will require several server reboots. Please keep in mind that if you select No, then you will need to go into Windows Update (Start, Windows Update) and enable it after the server build process has finished. 
After you patch the server, you can reclaim disk space taken up by the patches by issuing the following command from an Administrative Command Prompt
dism /online /cleanup-image /spsuperseded
This tip came from here.

 

After Installation has Completed

Configuration of Volumes

The installation process will define a 100mb hidden volume, a 60gb C volume and another volume using the next available drive letter for the rest of the space. All data storage will be pre-configured to this last volume.  The data volume will, by default, be drive letter D.  If you want to adjust these sized review these blog posts:http://titlerequired.com/2011/08/02/installing-sbs-essentials-using-an-answer-file/

Additional resources include:  extending Your System Partition of your Primary Hard Drive on SBS 2011 Essentials or WHS 2011 Server - Using Windows Home Server:
http://usingwindowshomeserver.com/2011/08/13/extending-your-system-partition-of-your-primary-hard-drive-on-sbs-2011-essentials-or-whs-2011-server/
Installing WHS 2011 on SSD or SATA Hard Drives smaller than 160GB - Using Windows Home Server:
http://usingwindowshomeserver.com/2011/09/20/installing-whs-2011-or-sbs-2011-essentials-on-ssd-or-sata-hard-drives-smaller-than-160gb/

As a suggestion, you may wish to shrink that last volume and divide the space into two volumes, one for data storage and the other for client backup files. Doing so will give you the flexibility to not backup the volume containing the client backup files.

Group policy

 

 The easiest way to add group policies to SBSE is to export and import them from a server that has them already built.  The easiest ones to import and export are the group policies from SBS 2008 or SBS 2011 Standard.  To import these policies into SBSE follow this blog post and link up to an organizational unit..  You can add  Microsoft security essentials in SBSE - for that see Group Policy Center » Blog Archive » Group Policy for Microsoft Security Essentials 2.0:
http://www.grouppolicy.biz/2010/12/group-policy-for-microsoft-security-essentials-2-0/

To use group policy to disable the launchpad on workstations, follow this blog post: 
http://titlerequired.com/2011/12/09/quick-fix-disable-the-microsoft-sbs-2011-essentials-launchpad/

VAPs and VARs Can Add Support Information to the Dashboard:

An alternative to the below method that works for all Windows Server 2008+ and Windows Vista+ Operating Systems by SBS MVP Philip Elder:

        http://blog.mpecsinc.ca/2008/04/windows-server-2008-oem-branding.html

    • No reboot required.
    • Registry template provided in the blog post.
    • Image recommendation provided in the blog post.

Using an XML File:
http://social.technet.microsoft.com/Forums/en-US/smallbusinessserver2011essentials/thread/419389c2-31f3-4b92-a507-5942ec6bb395

***This information applies to Windows Small Business Server 2011 Essentials, Windows Home Server 2011, and Windows Storage Server 2008 R2 Essentials

***Advanced support information for Value Added Professionals (VAPs) and Value Added Resellers (VARs).

You can add a link to a file that contains your information to the Dashboard Home page in the Support Contact by placing an XML file named supportcontact.xml in the %ProgramFiles%\Windows Server\Bin\Addins\Home folder on the server.

  1. Save your logo file to the %ProgramFiles%\Windows Server\Bin\Addins\Home folder on the server.

  2. Open Notepad, and add the following XML code

    <supportContact Logo=”path to your logo”> Contact information</supportContact>

    For example:

    <supportContact Logo="c:\Windows_update_icon.png">
    John Doe
    1 Microsoft Way
    Redmond, WA 98052
    (123) 456-7890
    < /supportContact>

  3. Change contact information to your information. You can add up to four lines of contact information.

  4. Save the file to %ProgramFiles%\Windows Server\Bin\Addins\Home folder on the server, and name the filesupportcontact.xml.

  5. Restart the server. When you open the Dashboard, you will see your information under Support Contact on the Home page.

 

Adding a SSL cert manually:

To manually add a SSL cert from a vendor other than that that provided the domain name, follow this wiki and blog to add a SSL cert manually

                  Manually install existing SSL certificate into Small Business Server 2011 Essentials - TechNet Articles - Home - TechNet Wiki:
                  http://social.technet.microsoft.com/wiki/contents/articles/manually-install-existing-ssl-certificate-into-small-business-server-2011-essentials.aspx?wa=wsignin1.0

                  How to Install Your Existing Certificate into SBS Essentials - The Official SBS Blog - Site Home - TechNet Blogs:
                  http://blogs.technet.com/b/sbs/archive/2011/08/04/how-to-install-your-existing-certificate-into-sbs-essentials.aspx

                  For very detailed information on installing a NEW SSL certificate for SBS 2011 Essentials, see Rob Pearman's blog post:
                  http://titlerequired.com/2011/07/15/setting-up-remote-web-access-on-sbs-2011-essentials-part-2/
    
                  Follow this post for help installing your certificate Manually.
                  http://titlerequired.com/2012/03/05/sbs-2011-essentials-manually-installing-ssl-certificate/

Make sure you install Update Rollup 1, as this fixes a lot of issues with the SSL/RWA wizards amongst other things. It can be downloaded from Windows Update.
Update Rollup 2 is now available, which is cumulative and does not require UR1 to be installed first.
See the Blog post here

Client Installation

Check out this post from Robert Pearman about the installation process
http://titlerequired.com/2011/08/30/joining-a-client-to-an-sbs-2011-essentials-network/

Troubleshooting Client Installation

SBS 2011 Essentials Log Collector. http://titlerequired.com/2011/11/23/sbs-2011-essentials-log-collector-rtm/

To help you with client installation issues, Robert Pearman has recapped issues here:

Also review this official SBS product team wiki and a SBS MVP wiki on the issues seen.

Please post any other issues or solutions to the SBS Essentials forum

 

SBS 2011 Essentials & User/Connections

With SBS Essentials there are some specific rules:

  • Thou shalt have no more than ONE SBS Server
  • Thou shall follow ALL the wizards
  • Thou shalt have no more than 25 users
  • Thou shalt have no more than 25 concurrent connections

Now this is all fine until you hit an error implying that you have run out of users.

[2656] 111202.065215.3944: ClientSetup: JoinDomain failed:
System.ComponentModel.Win32Exception (0×80004005): Your computer could not be joined to the domain.

 

You have exceeded the maximum number of computer accounts you are allowed to create in this domain.
Contact your system administrator to have this limit reset or increased

* at Microsoft.WindowsServerSolutions.ClientSetup.NativeMethods.NativeMethodRetryWrapper(…)
at Microsoft.WindowsServerSolutions.ClientSetup.NativeMethods.NetJoinDomain(…)
at Microsoft.WindowsServerSolutions.ClientSetup.ComputerMgmt.JoinDomain(…)
at Microsoft.WindowsServerSolutions.ClientSetup.ClientDeploy.JoinDomainTask.Run(…)*

[2656] 111202.065215.5348: ClientSetup: Exiting JoinDomainTask.Run
[2656] 111202.065215.5348: ClientSetup: Task with Id=ClientDeploy.JoinDomain has TaskStatus=Failed

After a bit of digging we found that there is another limit in Windows SBSe of 10 users - which is tied into Active Directory. So when a user tries to take ownership of an 11th desktop, the error comes up. The solution is to open up the ADSI Edit MMC snap-in and increase the value of ms-DS-MachineAccountQuota for the domain.

http://support.microsoft.com/kb/251335/EN-US 

Add a PPTP VPN:

Unlike SBS standard versions, SBS 2011 Essentials does not include a wizard to configure the server to accept PPTP VPN connections.  It does however have the services necessary to do so.  The following blog article by Rob Williams outlines how to enable and configure RRAS and NPS for SBS 2011 Essentials. 
http://blog.lan-tech.ca/2012/01/28/sbs-2011-essentials-configuring-vpn-access/ 
(Keep in mind that RWW/RWA and rpc/http provide far better perfomance and better security than a VPN connection)

Should you also want to create a deployable VPN client similar to the SBS 2003 Connection manager, there is an additional article as to how do so using CMAK, the Connection Manager Administration Kit.   Using CMAK builds a deployment package for the remote user that provides connection information and name resolution for the client. 
http://blog.lan-tech.ca/2012/01/30/windows-vpn-client-deployment/

 

 

Adding a second server to SBS Essentials or Storage Server Essentials

Please see Robert Pearman's great write up here:  http://titlerequired.com/2011/10/25/installing-a-second-server-sbs-2011-essentials/
                                                                                http://titlerequired.com/2012/03/09/installing-a-second-server-sbs-2011-essentials-premium-add-on-server-part-2/

 

If you have issues getting workstations to install the connector - please review these resources:

Connect Computer troubleshooting
Troubleshooting client deployment
and Robert Pearman's resource