Monthly Archives: November 2003

You are browsing the site archives by month.

Publishing Sharepoint through ISA

 Making Companyweb available via RWW with ISA installed.

NOTE: If ISA isn’t installed, it all works through the CIECW, no further
configuration required.

NOTE: Run the CEICW first to create a certificate.

1. Create a new protocol definition for Inbound TCP/444

Go to ISA -> Policy Elements -> Protocol Definitions. Create a protocol
definition called “Companyweb Inbound” (Port number: 444, Type: TCP,
Direction: Inbound)

2. Create a Server Publishing rule to publish the new protocol.

Go to ISA -> Server Publishing Rules, create a rule called “Publish
Companyweb”. Specify the internal and external IP, set it to apply to
“Companyweb Inbound” and Any Request.

3. Assign the FQDN cert to the companyweb with SSL port set to 444

Go to IIS -> Companyweb Properties. Directory Security tab. Click Server
Certificate -> Assign an existing certificate. Next, you should have 2
different certs available. One is the FQDN, the other is
Publishing.domain.local. Pick the FQDN and continue. Set the SSL port to 444
and next all the way.

4. Do the regedits for the sharepoint links you want to display in RWW.

HLKM\Software\Microsoft\SmallBusinessServer\RemoteUserPortal\KWLinks\STS to
1
HLKM\Software\Microsoft\SmallBusinessServer\RemoteUserPortal\AdminLinks\STS
to 1
HLKM\Software\Microsoft\SmallBusinessServer\RemoteUserPortal\AdminLinks\Help
Desk to 1

5. Type “iisreset” at a command prompt.
6. Restart ISA Server Control.
7. From a remote location, verify you can telnet to FQDN on port 444.

So if you created your certificate server.domain.com, then server.domain.com
must be reachable from the internet. If all you have is a fixed ip address,
then create your certificate using the ip. “123.456.789”. Then telnet to
123.456.789 444 to verify. If this doesn’t work, go back to the top and try
again, starting with the ciecw to create a certificate.

8. Connect to RWW and you should see the SharePoint links.

NOTE: If your remote client happens to also be behind an ISA server, you’re
not done.

ISA does not allow HTTPS traffic on port 444 by default. Opening the packet
filters should not change the behavior since that only affects server based
communications. Your client is behind ISA and will be using the protocol
rules and if the HTTP Redirector is enabled it will also use the
site&content rule for its HTTPS requests. You need to follow the
instructions on the following article (change the port range to 444,444) on
the ISA server.

283284 Blank Page or Page Cannot Be Displayed When You View SSL Sites

http://support.microsoft.com/?id=283284
Now officially documented here:
838304 – How to publish http://Companyweb to the Internet by using ISA Server 2000 on a server that is running Windows Small Business Server 2003, Premium Edition: 
http://support.microsoft.com/?kbid=838304

Ports used by SBS2k3

 Table A: Ports that Enable Remote Access to SBS Services
      TCP Port Service Description
      21 FTP Enables external and internal file transfer
      25 Exchange Server Enables incoming and outgoing SMTP mail
      80 (
http://) IIS Enables all nonsecure browser access, including:
internal access to IIS Webs including the company Web, Windows SharePoint
Web, Windows SharePoint administration Web, and server monitoring and usage
reports Enables internal access to Exchange by OWA and OMA clients
      110 POP3 Enables Exchange to accept incoming POP3 mail
      123 (UDP port) NTP Enables the system to synchronize time with an
external Network Time Protocol (NTP) server
      143 IMAP4 Enables Exchange to accept incoming IMAP4-compliant messages
      220 IMAP3 Enables Exchange to accept incoming IMAP3-compliant messages
      443 (
https://) Outlook Enables all secure browser access, including
external access to Exchange for Outlook 2003, OWA, and OMA clients; required
for external access to server monitoring and usage reports
      444 Windows Share Point Services Enables internal and external access
to the SharePoint Web
      500 IPSec Enables external VPN connections by using IPSec
      1701 L2TP clients Enables external L2TP VPN connections
      1723 PPTP clients Enables external PPTP VPN connections
      3389 Terminal Services Enables internal and external Terminal Services
client connections
      4125 (Note: you can change this port in RRAS) Remote Web Workplace
Enables external OWA access to Exchange, plus internal and external HTTPS
access to the client Web site
      4500 IPSec Internet Key Exchange (IKE) Network Address Translation
(NAT) traversal

Rdp and vpn issues?

Courtesy of Jim Behning, SBS MVP from Georgia:

Do you have some users that can RDP into some accounts and not others?  Can’t make more than 2 concurrent connections vpn connections?

Have SQL server installed on that box as well?

Go find the key hklm/current control set/services/tcp/parameters/ReservedPorts.

Delete the value and restart RRAS.

If you can’t get Sharepoint installed – reset your clock.

833019 – You Receive an Error Message When You Install Windows SharePoint Services, Create a New Content Database, or Provision a New Virtual Server:
http://support.microsoft.com/?id=833019



SYMPTOMS
If you try to install Microsoft Windows SharePoint Services by using the default settings after November 24, 2003, you receive the following error message:


Metadata manifest ‘C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\bin\sqmcfg.dll’ does not exist or has invalid signature. (Error code: 2779).  If you try to provision a new virtual server or you try to create a new content database when you are running Windows SharePoint Services by using Microsoft SQL Server 2000 Desktop Engine (Windows) (WMSDE) after November 24, 2003, you receive the following error message:


Metadata manifest ‘C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\bin\sqmsto.dll’ does not exist or has invalid signature. (Error code: 2779).  Note By default, SQL Server 2000 Desktop Engine (Windows) (WMSDE) is installed when you choose Typical Install during the installation of Windows SharePoint Services.


CAUSE
This problem is caused by code that verifies the signatures of the dynamic-link libraries (DLL) that are installed with Windows SharePoint Services. An error in the verification algorithm does not permit the signatures of the DLLs to be verified. All installations of Windows SharePoint Services experience this behavior after November 24, 2003.


WORKAROUND
To work around this problem, temporarily set the date in the Date and Time Properties dialog box to a date that is between May 24, 2002 and November 23, 2003. If you receive the error messages that are described in the “Symptoms” section when you try to install Windows SharePoint Services by using the default settings, follow these steps:
Remove Windows SharePoint Services.
Set the date in the Date and Time Properties dialog box to a date that is between May 24, 2002 and November 23, 2003.


Note You may have to temporarily disable the Windows Time service if it has been enabled. Install Windows SharePoint Services again by using the same options. Set the date in the Date and Time Properties dialog box back to the current date and time, and then restart the Windows Time service if appropriate.  If you receive the error messages that are described in the “Symptoms” section when you try to provision a new virtual server or when you try to create a new content database, follow these steps:
Set the date in the Date and Time Properties dialog box to a date that is between May 24, 2002 and November 23, 2003.


Note You may have to temporarily disable the Windows Time service if it has been enabled.  Try to provision the virtual server or to create the new content database again, and then verify your results.  Set the date in the Date and Time Properties dialog box back to the current date and time, and then restart the Windows Time service if appropriate.  Note If you receive the following message during this process, close your Internet browser, and then start the Internet browser again:   The security validation for this page has timed out.


STATUS
Microsoft is researching this problem and will post more information in this article when the information becomes available. Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the “Applies to” section of this article.

MORE INFORMATION
This problem does not apply to Windows SharePoint Services deployments that use Microsoft SQL Server 2000 for data storage. It also does not affect Windows SharePoint Services sites that have already been provisioned.

 

UPDATE – DON’T RESET YOUR CLOCK – JUST INSTALL IT AS IS AND THEN GO TO WINDOWS UPDATE AND GET THE PATCH

To Reinstall Sharepoint

If you have RTM, let’s try this
1. Remove Intranet using sbs setup
2. Remove MSDE SharePoint from Add/Remove Program
3. Delete Program Files\Microsoft SQL Server\MSSQL$SharePoint\ and
HKEY_LOCAL_MACHINE\Software\Microsoft\SmallBusinessServer\Intranet
4. Delete Companyweb from IIS if it is still there.
5. Rerun SBS setup to put back Intranet.

Enabling Full Text Searches in Sharepoint by upgrading to SQL

 
To enable full text search you will need to do the following..

1) Upgrade the SharePoint named instance of SQL to full SQL Server 2000.. 
be sure that you install/add Full-Text Search.. (listed in the steps in the 
premiuminstallsteps.htm on the Premium cd)
2)  Once SQL Server the named instance is upgraded and service packed, then 
go to Start/Administrative Tools/SharePoint Central Administration  scroll 
down to the Component Configuration section and click on the Configure 
full-text search link.  Then click the checkbox to enable full-text search 
and index component..

Once that is done if you then go back to the companyweb site then you 
should see a text box in the upper right corner of the page (with a 
magnifying glass icon to the left.. ) to enter your search criteria.

SBS 2k3 in Australia

LINUX no good for small business: Microsoft
iT News, Australia
Microsoft small business sales VP Steve Guggenheimer took a swipe at Linux
while pushing Small Business Server 2003 to partners at a vendor conference
yesterday …
<http://www.itnews.com.au/storycontent.asp?ID=8&Art_ID=17222>

RC to RTM “flip tool”

The Windows Small Business Server 2003 Build-to-Build Upgrade wizard enables you to upgrade from the Release Candidate version of Windows Small Business Server 2003 to the full product version.

Hot fix for Travan tape drive mis-identification issue

This hotfix corrects the problem of NTBackup incorrectly choosing the backup tape type on a drive that supports multiple tape types.

Getting the Sharepoint/Company Web to work through ISA Server

Create a server publishing rule on port 444.
Assign the FQDN cert to the companyweb with SSL port set to 444. 
Change HLKM\Software\Microsoft\SmallBusinessServer\RemoteUserPortal\KWLinks\STS to 1 and 
\AdminLinks\STS and AdminLinks\HelpDesk to 1.
838304 - How to publish http://Companyweb to the Internet by using ISA Server 2000 on a server that is running Windows Small Business Server 2003, Premium Edition: 
http://support.microsoft.com/?kbid=838304