Windows Group Policy – Disable The Local Windows Firewall

KB ID 0001090

Problem

I’ve got nothing against the Windows firewall, it’s certainly a lot easier to manage now than it was back in the XP SP2 days. But I find a lot of clients still just ‘want it gone’ and, providing they have a decent corporate firewall in front of them that’s fair enough.

Solution

1. On a domain controller or a client running the remote administration tools > Windows Key+R > gpmc.msc {Enter} > The Group Policy Management Console will open.

2. Select the OU that contains the ‘Computers’ you want to enforce this policy on, (or here I’m choosing the entire domain) > Right Click > ‘Create GPO in this domain, and link it here..’.

3. Give the policy a sensible name so you can see what it is doing later.

4. Right click your new policy > Edit.

5. Navigate to;

[box]

Computer Configuration > Policies > Administrative Templates > Network > Network connections > Windows Firewall > Domain Profile > Windows Firewall: Protect all network connections

[/box]

6. Set the policy to disabled.

7. Close the Group Policy Management Editor. If you have a Windows 2012 domain you can force the policy refresh on a particular OU like so.

9. Or simply run gpupdate /force on the target machine, (or you could also wait a couple of hours, or reboot the target machines).

SBS Note

An (SBS) Small Business Server domain enables the client firewall by default! The policy us called Windows Firewall Policy, which is usually linked to the computer OU under  ‘My Business’.

Related Articles, References, Credits, or External Links

Windows – Open a Firewall Port with Group Policy

SBS Server: Remove / Uninstall Exchange

KB ID 0001455

Problem

I’ve never really been a fan of SBS Server, Theres too many ‘wizards’, and things that are either automatically configured for you, or wont work until you’ve configured something else, I’ve a boat-load of problems with it over the years.

Last week saw me retiring an SBS 2011 server, and migrating to a 2016 domain, with Exchange 2016 server. But how to gracefully remove Exchange 2010 from the old SBS server?

Solution

Firstly, SBS or not, this is in essence just an Exchange 2010 to Exchange 2016 migration, and all the methods and prerequisites are the same. I’ve covered that entire procedure before in the following series of articles, go there and run though them and then come back here when you are ready to uninstall Exchange 2010.

Migration From Exchange 2010 to Exchange 2016

So you’ve gone though the above procedure at this point? Anyway to summarise, make sure before proceeding that;

  • All 2010/2007 Mailbox Databases are dismounted and removed.
  • All 2010/2007 Public folder Databases are dismounted and removed.
  • The 2010/2007 Exchange Server is NOT responsible for any Offline Address Books.
  • Open Toolbox > Queue Viewer > Make sure the queues are empty.
  • The server is NOT set as a source server on your ‘Send Connector’.
  • The 2010/2007 Exchange Management consoles are CLOSED.

Open and Administrative Command Window, then navigate to the folder that Exchange is installed into and change directory to the ‘Bin’ directory, (in most cases this will be on the C: drive). Then use the command line option to remove Exchange;

SBS 2011: Remove Exchange 2010 Gracefully

[box]

cd "C:\Program Files\Microsoft\Exchange Server\V14\Bin"
setup.com /mode:uninstall

[/box]

 

SBS 2007: Remove Exchange 2007 Gracefully

[box]

cd "C:\Program Files\Microsoft\Exchange Server\Bin"
setup.com /mode:uninstall

[/box]

SBS Exchange Removal Things That Might Go Wrong!

Error:

There are 1 messages waiting in the ‘{server-name}\{Queue-name}’ queue. Proceeding with the removal of the server role may result in data loss.
There are 2 messages waiting in the ‘{server-name}\Submission’ queue. Proceeding with the removal of the server role may result in data loss.
This computer is configured as a source transport server for 1 connector(s) in the organization. These must be moved or deleted before Setup can continue.

The Exchange Server setup operation didn’t complete. More details can be found in ExchangeSetup.log located in the <SystemDrive>:\ExchangeSetupLogs folder.

Exchange Server setup encountered an error.

As the message indicates there’s messages still in the queues on the Exchange 2010 server. Open Exchange Managmeent Center > Toolbox > Queue Viewer > And delete them (you may need to restart the transport service as well).

Error:

Hub Transport Role Checks FAILED
This computer is configured as a source transport server for 1 connector(s) in the organization. These must be moved or deleted before Setup can continue.

The Exchange Server setup operation didn’t complete. More details can be found in ExchangeSetup.log located in the <SystemDrive>:\ExchangeSetupLogs folder.

Exchange Server setup encountered an error.

This is because the Exchange 2010 server, is still listed as a source server on your Exchange environments send connector, open exchange management on your NEW Exchange server >  Mail flow >  Send connectors. Remove the old Exchange 2010 server.

Related Articles, References, Credits, or External Links

NA

Stop the SBS 2003 Internet Connection Wizard

KB ID 0000003 Dtd 08/09/08

Problem

SBS 2003 Internet connection wizard (ICW) keeps launching all the time.

Solution

SBS Stop Internet Connection Wizard (ICW).

1. Start Run > msconfig {enter}
2. Select the startup Tab
3. Untick icwnotify > Apply > Close
4. Exit without Restart.
5. Right Click the Taskbar > Task Manager > Rocesses
6. Locate icwnotify.exe > Right Click > End Process Tree > Yes.

 

Related Articles, References, Credits, or External Links

NA

SBS Cannot access ‘Companyweb’ after changing the IP Address

KB ID 0000151 

Problem

After changing the SBS Server IP address you can no longer access the sharepoint services web site on http://companyweb.

Solution

Launch the “Windows SBS Console” > Navigate to Network > Connectivity > Click “Fix My Network”

Related Articles, References, Credits, or External Links

NA

SBS 2008 – Cannot RDP to machines via VPN or from other sites

KB ID 0000193

Problem

The firewall policy that Server 2008 uses out of the box only allows RDP connections from the local LAN. This is great in an office environment, but it you have remote VPN clients (On a different IP range) that can’t get access to your client PC’s or member servers via RDP, not so good. If you have a member server running terminal services for example, then having RDP blocked will stop it working.

You would think that, to fix the problem you would change the policies either at..

Windows Firewall: Allow inbound remote administration exception.
or
Windows Firewall: Allow inbound Remote Desktop exceptions.

But I did that and it still didn’t work!

Solution

1. Assuming the affected machines are in the My Business > Computers > SBSComputers OU in Active Directory. (If not either move them or change policies accordingly).

2. On the SBS Server, Click Start > Administrative Tools > Group Policy Management > Navigate to Computer Configuration > Policies > Administrative Templates >Network > Network Connections > Windows Firewall > Domain Profile > Locate “Windows Firewall: Define inbound Port Exceptions” > Double Click it > Click Enabled > Click Show

3. CLick Add > In the “Enter the Item to be added” box type the following,

3389:TCP:*:enabled:RDP

Note: the asterisk denotes accept traffic from any IP, you can enter a range of IP addresses i.e. 192.168.1.0/24 or a single IP address like 172.16.3.1, or the word localsubnet, or a combination, seperated by commas e.g.

3389:TCP:192.168.1.0/24,172.16.3.1.localsubnet:enabled:RDP

4. Click OK > Apply > OK.

5. On the machine you are trying to get to Click Start > In the run/search box type cmd {enter} > At command line issue the gpupdate /force command.

 

Related Articles, References, Credits, or External Links

NA

SBS – Outlook Web Access shows a 404.0 Error

KB ID 0000205 

Problem

SBS 2008 (which runs Exchange 2007) displays a 404 error when you try and view Outlook Web Access.

https://sites/owa and https://localhost/owa don’t work

Solution

A 404 Error just means page not found, so there are lots of different reasons why this might happen, this is just one of many fixes.

1. On the SBS Server > Click Start > Administrative Tools > Internet Information Services (IIS) Manager > Expand {server name} > Sites > Expand SBS Web Applications > Ensure “owa” is listed below > Notice this site is in a stopped state (indicated by the arrow).

2. If you try and start the site it will probably complain that the port is in use (Look upwards and you will see the “Default Web Site” is running and will be using the same ports).

3. To stop the Default Web Site (if it’s running) Select “Site” > Right click “Default Web Site” > Manage Web Site > Stop.

4. The to Start the “SBS Web Applications” site, Select “Site” > Right click “SBS Web Applications” > Manage Web Site > Start.

Related Articles, References, Credits, or External Links

NA

SBS – Stop the ‘SBS Console’

KB ID 0000212 

Problem

Every time you log into an SBS Server the “Windows SBS Console” loads, a lot of users will be quite happy with this, but it annoys me.

You can’t turn it off by simply ticking “Don’t Run” somewhere, like you can with “Server Manager” on the full server product, nor can you disable it with msconfig, or in the Registry.

Solution

1. On the SBS Server Click Start > Administrative Tools > Task Scheduler.

2. When it Loads > Expand Task Scheduler Library > Microsoft > Windows > Windows Small Business Server 2001 or 2008 > Select the ‘console’ task in the center window > then either “Delete” or “Disable” the task.

Related Articles, References, Credits, or External Links

Original Article written 26/03/10

SBS – Loses connectivity to Active Directory(5-7 Day intervals)

KB ID 0000214 

Problem

Seen on SBS 2008 running McAfee AV

Seen on SBS 2008 running Trend AV

Problem reoccurs on a rough 5-7 days cycle, rebooting the server solves the problem.

You may also see

System Event Log:
Log Name:      System
Source:        Microsoft-Windows-GroupPolicy
Event ID:      1054
Level:         Error
User:          SYSTEM
Description:
The processing of Group Policy failed. Windows could not obtain the name of a 
domain controller. This could be caused by a name resolution failure. Verify 
your Domain Name System (DNS) is configured and working correctly.
DNS Server Event log:
Log Name:      DNS Server
Source:        Microsoft-Windows-DNS-Server-Service
Event ID:      408
Level:         Error
Description:
The DNS server could not open socket for address 0.0.0.0.

Verify that this is a valid IP address for the server computer.  If it is NOT
 valid use the Interfaces dialog under Server Properties in the DNS Manager to
 remove it from the list of IP interfaces.  Then stop and restart the DNS 
server. (If this was the only IP interface on this machine and the DNS server
 may not have started as a result of this error.  In that case remove the 
DNSParameters ListenAddress value in the services section of the registry 
and restart.)

If this is a valid IP address for this machine, make sure that no other application (e.g. another DNS server) is running that would attempt to use the DNS port.

Log Name:      DNS Server
Source:        Microsoft-Windows-DNS-Server-Service
Event ID:      404
Level:         Error
Description:
The DNS server could not bind a Transmission Control Protocol (TCP) socket to 
address 0.0.0.0.  The event data is the error code.  An IP address of 0.0.0.0 
can indicate a valid "any address" configuration in which all configured IP 
addresses on the computer are available for use.

Restart the DNS server or reboot the computer.

When trying to Open the Exchange Management Console

You will see the following error,

get-ExchangeServer Failed
Error:
No suitable domain controller was found in domain {your domain name}
Errors:
An Active Directory error 0x51 occurred when trying to check server
{your servername and your domain name} :389 suitability. The LDAP server is
unavailable.

 

Solution

It’s caused by a driver using the Transport Driver Interface, If you see this problem install this hotfix.

http://support.microsoft.com/hotfix/KBHotfix.aspx?kbnum=961775&kbln=en-us

Note: The hotfix is for both Server 2008 and Vista do not be alarmed!

Related Articles, References, Credits, or External Links

NA

SBS 2003 has lost its CAL’s (Client Access Licenses reset to 5)

KB ID 0000339

Problem

Been a while since I’ve seen this one, and strangely I didn’t document it. so when I was asked this morning I searched here on PeteNetLive, and In my personal database of solutions but the cupboard was bare.

Solution

1. Before you do anything make sure your SBS has plenty of space on the hard drive, simply running out of room on the system drive can cause SBS to lose its licences, make sure this is not your problem.

2. If you have plenty of room, then click Start > Run > services.msc {enter}. Locate the Licence Logging service > Right Click > Stop.

3. Locate the licstr.cpa file (it’s in C:windowssystem32 by default) > Rename it to licstr.OLD.

4. Locate the autolicstr.cpa (Should be in the same folder) and COPY it to your desktop to create a backup, Then rename the original to licstr.cpa

5. Back in the services console restart the “Licence Logging Service”.

6. Your licences should now be back in place.

7. Finally, you will notice there’s an option in the Licensing console to back up your licences, now would be a good time, to avoid having to do this again.

 

Related Articles, References, Credits, or External Links

NA