EBS 2008

The end of Essential Business Server

This morning, Microsoft announced that Essential Business Server 2008 development will stop in June 2010.

Announcement on EBS website

Support will continue for the next 5 years, so no need to panic!

Existing customers will be able to trade-in EBS licensing for Standard versions of the products that make up EBS including CAL’s e.g. 3 x Standard Windows Server 2008, 1 x Exchange, TMG, Forefront etc.

Microsoft have some FAQ’s here

EBS is a great product. I would like to thank all those people who put a massive effort (over 5 years of development) into bring EBS to market. I was lucky enough to do one of the first implementations in New Zealand and found the team at Microsoft very helpful and responsive in my hour of need (more than once actually). I am sure those talented guys will be put to good use on new things.

I have a tear in my eye šŸ˜¦

Essential Business Server Wish List

It is no secret that I am a fan of Essential Business Server 2008 (EBS 2008), but that doesn’t mean I can’t have a wish list of features and changes for the next version. Here is my short list of features I would like to see in the next version of EBS. I am interested in other peoples thoughts, so why not post a comment with your suggestions.

Give me the latest

Since EBS 2008 was released back in November 2008, Microsoft have been busy updating many of the components that make up EBS. The first items on my wish list are upgraded versions of those products:

  • Upgrade the underlying server technology to Windows 2008R2
  • Replace Exchange 2007 with Exchange 2010
  • Replace System Centre Essentials 2007 with System Centre Essentials 2010
  • Sharepoint 2010 – perhaps the foundation version

Improve the installer

While the EBS 2008 installer is easy to use and very clever, it would be nice to have the option of a manual install. I understand the value of having a highly automated installation process but at times it would be nice to have choices. This would be particularly useful for “green field” installations.

Client side Antivirus

A client side antivirus solution would be a great addition to EBS. Forefront Antivirus Client could be incorporated into EBS to allow centralised management of antivirus protection of client computers. Unfortunately while the current version of Forefront client works perfectly on EBS servers and clients, the management components require 32bit servers with SQL 2005 and reporting services.

Backup

Currently EBS 2008 uses Windows Backup as the built in backup solution. Backup functionality that allows Exchange 2010 to be backed up would be a great addition.


EBS 2008 Configuration Data Introduction

Essential Business Server 2008 (EBS 2008) is more than just Windows 2008 server with a bundled applications. Under the covers Active DirectoryĀ is used to store configuration dataĀ used by the various EBS roles (management, messaging and security). Changes to configurationĀ after installationĀ should be made using the utilities like “ChangeIPAddress” rather than manually to avoid unwanted side-effects. It is however nice to understand a little bit of what goes on behind the scenes. Here are a few tips to help get you started.

A good first point of call for installation errors is this log file. It contains a comprehensive log of the installation process:

  • C:\Program Files\Windows Essential Business Server\Logs\mmssetup.log

Configuration data stored in Active Directory can be exported to an XML file using the EBS Export Configuration Wizard.Ā The resulting XML file is readable inĀ plan text. To run this wizard, navigate to the following location in the Start menu:

  • All Programs \ Windows Essential Business Server \ Tools

An alternative method for viewing theĀ data is ADSIEdit.Ā I recommend only viewing data with this tool, as editing can have serious adverse affects! Using ADSIEdit navigate to the EBS Configuration data as follows:

  • Connect to the Configuration Partition
  • Open MMSConfiguration
  • Select the properties of the node you are interested in
  • You should now see the configuration information

Details of the data stored in Active Directory can be found here: http://technet.microsoft.com/en-us/library/dd430092(WS.10).aspx

The EBS Console displays information about servers and PC’s in the EBS 2008 domain. Information is gather via Windows Update and so the WUAUCLT utility can be used to register PC’s that for one reason or another have failed to register or have stopped checking in and updating the console. At the command prompt type the following commands to force the client to check in:

  • wuauclt /detectnow
  • wuauclt /reportnow

Upgrade fun: SBS 2003 to EBS 2008

Last weekend I received a call for help from a mate who was having trouble with his first Essential Business Server 2008 (EBS 2008) installation. He was upgrading and existing Small Business Server 2003 site to Essential Business Server. The EBS 2008 environment is virtualized and installed with SBS 2003 still in place.

Their are many good reasons to consider EBS 2008 when choosing and upgrade path from SBS 2003. EBS 2008 scales to 300 users, includes System Centre Essentials, Forefront TMG and many other goodies. EBS 2008 can be virtualized onto a single server, keeping the hardware requirements to a minimum.

Good Stuff
In an upgrade scenario, EBS 2008 is installed side-by-side with SBS 2003. You have 21 days to complete the upgrade before the SBS 2003 server will stop talking to the network (I haven’t actually seen what happens, but my advice is make sure you don’t have to either). Both the SBS and EBS Exchange servers can exist together during the 21 day window.

The best thing about the in-place upgrade option is that you don’t need to touch workstations or user accounts and Exchange mailboxes can be migrated to the EBS 2008 server slowly over a few days. This really takes the pressure off and is a big timesaver.

A few issues
The installation had a few issues which we’re resolved with some excellent advise from a nice guy at Microsoft (I’ll call him Mark). Twitter really comes into its own here, I was in New Zealand and Mark was in Texas, USA. Posting cries for help with the hashtag #EBS08 resulted in excellent advice very quick. Thanks guys!

The first issue was an error installing .NET 3.5 on the Management Server. The fix for this problem can be found here – EBS .NET 3.5 installation issue

The second issue was an error installing Silverlight on the Management Server. The fix was to unplug the NIC and reboot the Management Server to continue the installation. Thanks again Mark.

The real panic set in when we started installing the Messaging Server. The first issue was with Exchange 2007. The installation failed with an error saying that the “System Attendant Mailbox was inaccessible”. Checking the Application Event Log showed that Exchange was trying to install the Information Stores to E: drive. Oops, this was actually a ISO image mounted as a drive…Restarting the installation and changing drive letters resolved the issue.

At this point we got stuck with this error “Failed to create Edge Subscription”. After a lot of investigation we decided to call it a day and keep the users mailboxes on SBS 2003. Thank goodness for the 21 days. A couple of tweets for help to #EBS08 and I found I wasn’t alone. Relief! Then Mark responded again, this time with a link about time. EBS Timezone issue.

I didn’t think the error was exactly what we were getting so emailed Mark C:\Program Files\Windows Essential Business Server\Logs\mmssetup.log and went to bed. The next morning, he replied pointing out the Time Sync error in the log that I had missed. At that point we noticed the time between the SBS 2003 server and EBS server was out of sync by 5 minutes. Synchronizing the clocks and restarting the Messaging Server install from scratch resolved the issue. Happiness!

Here is the error message from MMSSETUP.LOG clearly indicating that time was the issue

[2872],”2009/12/05 23:12:29.890″,”MMSNet_Exchange”,”Information”,”Command: New-EdgeSubscription -FileName:C:\Program Files\Windows Essential Business Server\Data\MmsEdgeSubscription0.903150528158597.xml -Site:Default-First-Site-Name -Force”

[2872],”2009/12/05 23:12:30.078″,”MMSNet_Exchange”,”Error”,”ImportSubscriptionOnMessaging failed Microsoft.EssentialBusinessServer.Common.PowerShell.MmsCommandException:Ā The clock setting for the Edge Transport server to be subscribed and the computer on which you are running this task are not synchronized. Make sure the clocks on all Exchange servers in your organization and your Edge Transport servers are synchronized.Ā —> System.InvalidOperationException: The clock setting for the Edge Transport server to be subscribed and the computer on which you are running this task are not synchronized. Make sure the clocks on all Exchange servers in your organization and your Edge Transport servers are synchronized.

— End of inner exception stack trace —

Although the installation had a few issues, we were never stuck without options. The end users weren’t aware of the issues and user impact was almost zero.

If you are considering doing an EBS installation, join twitter and search for #EBS08. You’ll find a great group of people who love to share experiences and give advice when it is needed.

Essential Business Server Replacement Mode Install

I recently had an issue with the System Centre Essentials on the Management Server of an Essential Business Server (EBS08). One of the catches with EBS08 is that you can’t easily reinstall the SCE component, you actually need to reinstall the server it is on. This is of course worst case scenario.

I found this article on Technet which explains how to do a “Replacement Mode Install” of EBS08.
Essential Business Server Replacement mode article on Technet.

Replacement Mode allows reinstallation of any one of the EBS08 servers in event of hardware failure or a particularly nasty software issue that is best resolved by a reinstall.

Note that it is extremely important to ensure you have a complete backup before attempting this.

Expert Advice:

The following tweets are a response from Mark Stanfill at Microsoft Support in response to a question posted on Twitter about doing a replacement mode install. Thanks very much Mark, this is really useful stuff.

Tweets from: @Markstan (Senior Support Engineer at Microsoft)
Marks blog is: blogs.technet.com/essentialbusinessserver

@nztechtweet: found this when investigating how to reinstall a broken SCE on #EBS08, anyone tried this? http://tinyurl.com/yexnnh6

@nztechtweet @energizedtech done dozens of #EBS08 Replacement Modes ( http://tinyurl.com/yexnnh6) Ready for a brain dump? New series…

#EBS08 New Series – Mark’s Rules for Successful Replacement Mode – MR4SRM. RM = replacment mode.

#EBS08 MR4SRM Rule #1 – Make a complete server backup first. No exceptions.

#EBS08 MR4SRM Export config to XML using http://bit.ly/2jlxkE. Pay special attention to all IP addresses . Make sure they’re corrrect.
technet.microsoft.com/en-us/library/dd430092(WS.10).aspx

#EBS08 MR4SRM You need 2 functional EBS servers for Replacement Mode. If not, restore one server from backup.

#EBS08 MR4SRM Always back up CALs on Mgmt server before RM.

#EBS08 MR4SRM Mgmt server needs CALs reinstalled or restore post RM.

#EBS08 MR4SRM Mgmt Server RM will pull down all WSUS data again – many GB. Export & import – http://bit.ly/4DUxtN. Backup data drive
technet.microsoft.com/en-us/library/bb680473.aspx

#EBS08 MR4SRM All servers are going to need patching. Expect many reboots, considerable time.

#EBS08 MR4SRM Security & Msg can pull updates from WSUS rather than MU. Deselect optional updates during RM. Critical updates come from MU

#EBS08 MR4SRM Make sure AD is healthy before RM. Always run IT Health Scanner first – http://bit.ly/Od1uH
blogs.technet.com/essentialbusinessserver/archive/2009/10/28/how-to-run-the-it-environment-health-scanner-in-an-ebs-environment.aspx

#EBS08 MR4SRM Never, ever delete computer accounts or run metadata cleanup before RM. http://bit.ly/Cwsrr
blogs.technet.com/essentialbusinessserver/archive/2009/02/24/properly-handling-an-ebs-2008-setup-failure.aspx

#EBS08 MR4SRM All DCs need to be online and contactable before RM.

#EBS08 MR4SRM Make sure IIS is healthy, started, listening on port 808 for /remoting directory on all servers before RM.

#EBS08 MR4SRM Run “dnscmd /config /enableglobalqueryblocklist 0” for wpad autodiscovery – http://bit.ly/3NceQm
technet.microsoft.com/en-us/library/cc995158.aspx

#EBS08 MR4SRM Management Server restore – repair all SCE clients underAdministration node.

#EBS08 MR4SRM RM on Messaging obviously does not restore mailboxes & PFs. Make backups first – online, offline, PSTs. Belt and suspenders.

#EBS08 MR4SRM To get Security Server to report back to SCE after RM – “net stop fweng /y”, repair SCE client, restart services

#EBS08 MR4SRM Remove UM (if present) from Exchange before RM of Messaging Server to avoid setup failure.

EBS 2008 Firewall Configuration

Essential Business Server 2008 (EBS 2008) automatically installs and configures most of the components required to provide remote access. Details can be found in my EBS 2008 Remote Access article.

Forefront TMG is automatically configured during installation to allow the ports listed below to access services in the EBS 2008 environment. If you have an external router or firewall you will need to forward the following ports from that device to the WAN Adapter of the EBS 2008 Security Server:

  • Port 25 TCP ā€“ SMTP
  • Port 80 TCP ā€“ HTTP (EBS 2008 redirects inbound HTTP to HTTPS)
  • Port 443 TCP ā€“ HTTPS (RWW, OWA and TS Gateway)
  • Port 987 TCP ā€“ External secure Windows SharePoint Services intranet access
  • Port 1723 TCP ā€“ PPTP (VPN) – optional as RRAS is not configured by default

Note that RDP access to server consoles is done via Terminal Services Gateway (over port 443) so do not allow inbound connections on port 3389 as it is a security risk.

Recent EBS 2008 issues and solutions

Essential Business Server 2008 (EBS 2008) has in my experience been a very stable environment, but I have struck a few interesting issues. Here are solutions to some of the issues I have encountered:

Outlook prompts for authentication every few minutes

I found the solution to this was to change authentication on “AutoDiscover” in IIS on the Messaging Server. Details can be found on the Essential Business Server Team Blog

.NET Framework 3.5 will not install

To resolve installation errors with .NET 3.5 I downloaded the “.NET Cleanup tool” and removed all copies of .NET 3.5. I then restarted the server with the issue and reinstalled .NET 3.5 + service pack 1 sucessfully.

System Centre Essentials reporting stops after applying hotfix KB948109

Microsoft have released Hotfix KB957755 to resolve this issue.