Category Archives: Ray-isms

The 64bit version of Ray Fong’s "so you want your Outlook to stay with POP being the default on the client not Exchange"

I’m revisiting this post to update it with the 64bit instructions courtesy of Laurence Hsu —

Got it! run this one %systemroot%\syswow64\regedit and it works now.

RAY-ISM: So you want Outlook to stay with POP being the default on the client not Exchange? – THE OFFICIAL BLOG OF THE SBS “DIVA”:
http://msmvps.com/blogs/bradley/archive/2005/01/23/33661.aspx

While I think POP pulling into a workstation is silly as you should use the power of your server, if you absolutely positively MUST have your Outlook on your workstations individually POP AND do Exchange you’ll want to make the POP be the “main honcho” of the mailbox.

A post in the newsgroup and a response from Les reminded me of this reg fix [originally posted by Ray-the Man Fong so I'm categorizing it under Ray-ism in honor of Ray Fong who graciously and patiently put up with a bunch of rowdy SBS MVPs in Charlotte, North Carolina]

At the client, create the following registry key:

Location: HKLM\Software\Microsoft\SmallBusinessServer\ClientSetup
Name: NoTransportOrder
Type: REG_DWORD
Data: 1

Thank you Mr. Fong

http://msmvps.com/blogs/bradley/archive/2008/02/08/double-check-those-ip-addressses.aspx


When I was doing that last night and in the middle of troubleshooting I stupidly forgot the ISA rules of SSL certs versus the SBS standard rules of SSL certs.


On a standard SBS box, the SSL cert gets changed on the IIS web site — you’ve seen this post: http://blogs.technet.com/sbs/archive/2007/08/21/how-to-install-a-public-3rd-party-ssl-certificate-on-iis-on-sbs-2003.aspx


On the SBS premium with ISA, the cert on the IIS web site is the internal publishing.server.lan and the SSL cert is in the ISA web publishing rule.


So this morning the RWW site was working ..but not and giving me a “500 Internal Server Error”.  That means it’s working…but that ISA isn’t matching up the cert right.  Shoot what did I do wrong, says I.  So I fire up google and hit a Ray Fong post that reminds me of the exact stupid thing I did wrong.


http://groups.google.com/group/microsoft.public.windows.server.sbs/browse_thread/thread/658556b6f262c70e/3a1758cc96df1fc1?hl=en&lnk=st&q=remote+web+workplace+500+Internal+Server+Error#3a1758cc96df1fc1


“Check IIS, is the Default Website’s cert name called
“Publishing.domain.local” and the ISA’s Incoming Web Request’s cert name
called “xxx.domain.com”?

Ray Fong
Microsoft SBS Product Support “


Duh.  Me more blonde as I was fitzing around with settings and ran the CEICW and changed that thinking it was supposed to be like standard.


Last I heard Ray was in Messenging support…but thank you, Mr. Fong.  Four years later and you just helped this SBSer.

If you really and truly messed up the OWA permissions

Someone really got their OWA permissions horked up pretty good, and before we just went and uninstalled and reinstalled, I remembered our dear friend Ray Fong had posted a “fasten your seatbelts we’re editing the metabase“ post a while back.


 


THIS IS NOT FOR THE FAINT OF HEART AND I’M ONLY POSTING THIS SO I CAN FIND IT FOR THE NEXT TIME SOMEONE REALLY AND TRULY SCREWS UP OWA [and yes I know I'm yelling]


 


But as always…thank you Ray Fong!


 


1. Go to IIS, right-click servername (local computer), Properties.


Backup/Restore Configuration to save a copy of IIS settings


2. Right-click servername (local computer), Properties. Check Enable Direct


Metabase Edit.


3  Expand servername (local computer), Web Sites, Default Web Site.


4. Delete Exadmin, Exchange, ExchWeb, Microsoft-Server-ActiveSync, OMA (Do


Not delete exchange-oma)


5. Open MetaBase.xml with Notepad.


6. Locate the following object where ID = 61472


 


<IISCONFIGOBJECT  Location


=”/LM/DS2MB/HighWaterMarks/{57F70E62-7E37-472B-A9F0-3BE08883AC5A}”>


  <?XML:NAMESPACE PREFIX = Custom<Custom


                Name=”UnknownName_61472″


        ID=”61472″   (<—- This one)


        Value=”53322″


        Type=”STRING”


        UserType=”IIS_MD_UT_SERVER”


        Attributes=”NO_ATTRIBUTES”


   />


 


7. Change the Value to “0”. Your original number will not be “53322”.


8. Save the file.


9. From a command prompt, type “iisreset”


10. Restart Exchange System Attendant


11. Run CEICW (ToDoList -> Connect to the Internet). Make sure you select


Enable Firewall.


 


Another one for the category of Ray-isms… dedicated to once a SBSer always a SBSer Ray Fong!

</Custom

Ray-Ism: Where’s my ConnectComputer?

So from the mailbag tonight comes a question about getting workstations to work via RWW but it appears that the setup may be a bit more horked than that.  When the person goes to /connectcomputer it says “Page cannot be displayed”.


So googling around… I came across “Ray THE MAN Fong” postings… Ah Ray… who suffered through dealing with a bunch of us MVPs in Charlotte for training…


Per Ray here are some Steps to troubleshoot with:


  • Ensure clients are pointing to the server for their DNS
  • Check to see if you can bring up http://servername
  • In IIS check to see if you have a virtual directory called ConnectComputer under the Default Web sie
  • If you don’t…. if you look at c:\Inetpub, is there a folder called ConnectComputer, and if you do, make a virtual directory called ConnectComputer under the Default WebSite, enable anonymous access to it.
  • Add the http://servername to the IE Intranet zone on the local machine
  • And if you are an upgrade from SBS 2000, remove the URLScan security tool and download the updated version

Thanks Ray…even more than a year later your posts are Golden!

And my name is?

I have a name inside that is different than the name outside.  I want my name that I give to my trusted people to be different than the name I give to outsiders.  In fact, the shorter and cleaner it is, the better off I am to my admin.  What am I talking about?


Computer names and domain names.


In SBSland the computer names you assign to the workstations are the names that will show up in the Remote Web Workplace window.  Don’t make those too cryptic for your end users so they don’t know which workstation to connect to.


Don’t make the computer name of your server so long and icky that for three years while you run your SBS 2000 box you curse yourself for naming it the name with a year.  Dumb.. so dumb… dumb!  [Yes, I'll admit to being that stupid about naming my server's computer name something that I regretted for three years]


And don’t worry that the ‘domain name’ you name your network…that .local thingy or the .lan thing doesn’t match your email domain.  It doesn’t matter.  In fact the more generic you make this, the easier it makes it not be an issue if the firm decides to change or sell their name.  When the client comes to you and says “We just renamed our business from “This is a cool name for a business.com” to “This is an even MORE cool name for a business.com” all you will need to do to change the email addresses is to rerun the connect to internet wizard and change the information there. 


You can also change the ‘branding’ of the Remote Web Workplace as well with a reg edit


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\Current\Version\RegisteredOrganization


But you never ever want to go into a Small Business Server box and change the computer name, nor run a dcpromo and change the domain name.  Too many ‘active directory glue spots’ will break.


[thanks Ray Fong for that RegEdit reminder!]

RAY-ISM: So you want Outlook to stay with POP being the default on the client not Exchange?

While I think POP pulling into a workstation is silly as you should use the power of your server, if you absolutely positively MUST have your Outlook on your workstations individually POP AND do Exchange you’ll want to make the POP be the “main honcho” of the mailbox.

A post in the newsgroup and a response from Les reminded me of this reg fix [originally posted by Ray-the Man Fong so I'm categorizing it under Ray-ism in honor of Ray Fong who graciously and patiently put up with a bunch of rowdy SBS MVPs in Charlotte, North Carolina]

At the client, create the following registry key:

Location: HKLM\Software\Microsoft\SmallBusinessServer\ClientSetup
Name: NoTransportOrder
Type: REG_DWORD
Data: 1

RAY-ISM: Can’t see your member server/Terminal Server in the “Connect to my Application Server” Box?

If you logon as a regular user (with user, mobile user, or power user), you
should see the option. If not, verify

HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\SmallBusinessServer\RemoteUserPortal\
KWLinks\AppTS is set to 1.
[stick all that together btw]

Ray Fong
Microsoft SBS Product Support

This posting is provided “AS IS” with no warranties, and confers no rights.


The Ray-ISM category is dedicated to Ray Fong who suffered through teaching a bunch of unruly SBS MVPs in Charlotte.


Remember once an SBSEr, always an SBSer.

Ray-Ism: Are you getting prompted for username and password when you connect to http://localhost/backup and http://localhost/remote?

Are you getting prompt for username and password when you connect to


http://localhost/backup and http://localhost/remote?


 


This one may help


 


Add Local Service and Network Service account Read & Execute, List Folder Contents, 


and Read permissions to %windir%\Microsoft.NET\Framework\v1.1.4322


 


Add Local Service and Network Service account Full Control permission to  


%windir%\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files.


 


This will allow Backup and Monitoring folders under “Temporary ASP.NET


Files” folder to have full control for Local Service and Network Service.


 


The Ray-ISM category is dedicated to Ray Fong who sufferred through teaching a bunch of unruly SBS MVPs in Charlotte.

Ray-Ism: Default permissions for User Folders in Small Business Server 2003


So screwed up the default permissions in your user folders?  Here’s the defaults:


 


Users Shared Folders:


 


Folder Name:


  • Users Shared Folders

Share Name:


  • Users

Sharing Permissions


  • Domain Admins – Full Control
  • Domain Users – Full Control
  • SBS Folder Operators – Full Control

NTFS Permissions


  • Domain Admins – Full Control
  • Domain Users – Special Traverse Folder/Execute File, List Folder/Read Data,
  • Read Attributes, Read Extended Attributes, Create Folders/Append Data, Read Permissions)
  • SBS Folder Operators – Full Control
  • System – Full Control

The Ray-ISM category is dedicated to Ray Fong who sufferred through teaching a bunch of unruly SBS MVPs in Charlotte.

Ray-Ism: An error occurred while creating distribution groups

Problem:

I Continually get this error after attempted install.
“An error occurred while creating distribution groups. 
Open Active Directory Users and Computers, and manually 
create a test distribution group to verify that Active 
Directory is running. Rerun Setup.”
I Create the test distribution group without issue, but 
after reruning setup Same error occurs.

Ray-ism solution:


Register wizchain.dll before running setup again
   regsvr32 “C:\Program Files\Windows for Small Business Server\Administration\wizchain.dll”