Troubleshooting To view troubleshooting information for feature areas in Microsoft® Windows® Small Business Server 2003, click any of the following feature area links: Updated March 2004
Troubleshooting Server Setup Troubleshooting Users and Groups Troubleshooting Client Computers Troubleshooting Mobile Devices Troubleshooting E-mail Troubleshooting Monitoring Troubleshooting Backup and Restore Troubleshooting Internet Access Troubleshooting Your Intranet Troubleshooting Shared Network Resources Troubleshooting Remote Connections Troubleshooting Client Licensing © 2004 Microsoft Corporation. All rights reserved.
Troubleshooting Server Setup
Back to Top
Setup initialization error: Source \SQL2000_SP3a\x86\Setup\Sqlspre.ini. Cause: You may receive this error when you try to install SQL Server 2000 Service Pack 3. It occurs when the Service Pack 3 Setup program tries to copy Setupsql.ini to
-1-
the %Temp% folder, but cannot overwrite a pre-existing version of the file that is marked as read-only. Solution: Browse to the %Temp% folder on your system drive, and either delete the pre-existing version of setupsql.ini or remove the read-only attribute. Then run SQL Server 2000 Service Pack 3 Setup again.
Troubleshooting Users and Groups
Back to Top
E-mail cannot be received or sent. Cause: A user account has reached the assigned Exchange mailbox size limit. Solution: Save e-mail messages in a local folder on the client computer. If this problem occurs often, consider increasing the mailbox size for the user account.
Files cannot be saved to shared folders on the server. Cause: The user account has reached the assigned disk quota limit. Solution: Save files in a local folder on the client computer. If this problem occurs often, consider increasing the disk quota for the user account.
Password cannot be changed. Cause: The user account password does not comply with a password policy configured by the administrator. Solution: Create a new password that complies with the password policies configured by the administrator.
User cannot connect remotely to a computer running Windows XP Professional. Cause: The user does not have permissions to log on by using Remote Desktop. Solution: Assign the user permissions to use Remote Desktop.
To assign user permissions to use Remote Desktop To complete this procedure, you must be logged on as a member of the Domain Admins security group.
1. On a computer running Windows Small Business Server 2003, click Start, and then click Server Management.
-2-
2. In the console tree, click Users. 3. In the details pane, right-click the user account that requires permissions to log on to Terminal Services, and then click Change User Properties.
4. On the User Properties page, click the Terminal Services Profile tab. 5. Check the Allow to log on to Terminal Server check box. Cause: The client computer running Windows XP Professional is not configured to allow Terminal Services connections. Solution: Configure the client computer running Windows XP Professional to use Remote Desktop.
To configure the client computer running Windows XP Professional to use Remote Desktop To complete this procedure, you must be logged on as a member of the Domain Admins security group.
1. On the client computer, click Start, point to Settings, click Control Panel, and then click System.
2. On the Remote tab, under Remote Desktop, click Select Remote Users. 3. In the Remote Desktop Users dialog box, click Add. 4. In the Select Users dialog box, click Locations to specify the search location. 5. To specify the types of objects that you want to search for, click Object Types. 6. In Enter the object names to select, type the names of the objects that you want to search for.
7. Click Check Names. 8. When the name is located, click OK. The name appears in the list of users in the Remote Desktop Users dialog box.
User account is locked out. Cause: There may be too many failed logon attempts. Solution: Unlock the user account.
To unlock a user account To complete this procedure, you must be logged on as a member of the Domain Admins security group.
1. On a computer running Windows Small Business Server 2003, click Start, and then click Server Management.
2. In the console tree, click Users.
-3-
3. In the details pane, right-click the user account that is locked out, and then click Properties.
4. On the User Properties page, click the Account tab. 5. Clear the Account is locked out check box to unlock the account.
Application with service account fails. Cause: Service account passwords have been changed but automatic logon properties have not been updated to use the new passwords. Windows Small Business Server does not automatically propagate password changes to all applications that use the service account. Solution: Update the service accounts and passwords used with a particular application by running Windows Small Business Server Setup again.
New user cannot log on or access e-mail. Cause: A new user attempts to log on or access network resources immediately after the account is created and before Active Directory has had time to update. A delay can occur between the time a user account is created and when Active Directory recognizes the user account. Solution: Wait fifteen minutes and try again.
Windows Small Business Server 2003 displays a GUID instead of a user name for an e-mail address. Cause: This problem can occur if a user account name contains Unicode characters. Solution: Use the Active Directory Users and Computers snap-in to change the SMTP e-mail address for the account.
To change the SMTP e-mail address for a user account 1. Click Start, and then click Server Management. 2. In the console tree, double-click Advanced Management, double-click Active Directory Users and Computers, double-click your server name, and then locate the account in either the Builtin or Users folder.
3. Right-click the account, click Properties, and then click the E-mail Addresses tab.
4. Under E-mail addresses, select the SMTP e-mail address to be changed, and then click Edit.
5. In the E-mail address text box, replace the GUID with the correct e-mail alias, and then click OK.
6. Click the Exchange General tab. 7. In the Alias text box, replace the GUID with the correct e-mail alias, and then click OK twice to save your settings.
-4-
Troubleshooting Client Computers
Back to Top
After migrating user profiles, users cannot access redirected folders. Cause: If you made user profiles private, administrative credentials were removed from user folders on the client computer. Users need these credentials to access folders that are redirected to the server. After you migrate private user profiles (which include redirected folders), users may be unable to access their folders. Solution: Manually restore access to user folders on the client computer.
From the client computer: 1. Click Start, click Control Panel, and then click Performance and Maintenance.
2. Click Administrative Tools, and then double-click Event Viewer. 3. Under Event Viewer (Local), double-click Application. 4. Search for an event with the type listed as Error and the source listed as Folder Redirection, and double-click that event. 5. Note the source and destination directory listed in the event description.
From the server: Note
•
You must be logged on as a member of the Domain Admins security group to perform the following procedure.
1. Click Start, right-click My Computer, click Explore, and then browse to the user folder in the location you noted in step 5 of the preceding procedure.
2. Right-click the folder, click Sharing and Security, click the Permissions tab, and verify that the user's name does not appear. If the folder is empty, delete it.
From the client computer: Note
•
To perform the following procedure, the user whose profile you are redirecting must be a member of the Local Admins security group on the client computer.
1. Click Start, right-click My Computer, click Explore, and then browse to the user folder in the location you noted in step 5 of the first procedure.
-5-
2. Right-click the folder, and then click Sharing and Security. 3. On the Security tab, click Advanced. 4. On the Owner tab, click the user name in the Change owner to box, and then select the Replace owner on subcontainers and objects check box.
5. Click Apply. 6. On the Permissions tab, verify that the user whose profile you want to redirect appears in the list under Permission entries. If the user's name does not appear, click Add, type the user name under Enter the object name to select, and then click Check Names.
7. Click OK. 8. Click Apply, and then click OK. The Permission Entry page appears. 9. Select the Full Control check box, and then click OK. 10. Click OK, and then click OK again. 11. Log off, and then log back on to the client computer.
I received an error stating that Client Setup cannot migrate private user settings. Cause: This error occurs when one or more of the subfolders in a user's profile have been made private. This means that permissions giving other users access to the folders have been removed. Solution: Manually configure the client computer to remove the restrictions that are preventing the migration.
•
If the client computer is running Windows XP Professional, make sure that the profile that did not migrate is configured as a "public" profile.
To configure the user profile as a "public" profile 1. Click Start, and then click My Computer. 2. Double-click the drive where Windows is installed (usually drive C:, unless you have more than one drive on your computer).
3. Double-click the Documents and Settings folder. 4. Right-click the user folder that did not migrate, and then click Sharing and Security.
5. Select the Make this Folder Private check box, and then click OK. If this setting does not appear in the Properties dialog box, perform step 6, and then follow the instructions for client computers running Windows 2000 Professional.
6. On the View tab, under Advanced settings, make sure Use simple file sharing (Recommended) is selected, and then click OK.
-6-
•
If the client computer is running Windows 2000 Professional, log on to the client computer as the user with the profile that did not migrate, and then grant the Administrators group full control over the profile folder and all subfolders.
To grant the Administrators group full control of the profile folder and all subfolders 1. Click Start, and then click My Computer. 2. Double-click the drive where Windows is installed (usually drive C:, unless you have more than one drive on your computer).
3. Double-click the Documents and Settings folder. 4. Right-click the user folder that did not migrate, click Properties, and then click the Security tab.
5. Click Add, type Administrators in the text box, and then click OK. 6. Under Group or user names, click the Administrators tab, select Allow for the Full Control permission, and then click OK.
7. Repeat steps 4 through 6 for all subfolders in the user profile. 8. Repeat steps 4 through 7 for each user folder that did not migrate. 9. While you are logged on with the user profile that did not migrate, give the user ownership of all files in his or her profile.
To give the user ownership of all files in the user profile a. Right-click the user folder to be migrated, click Properties, and then click the Security tab.
b. Click Advanced, and then click the Owner tab. c.
In the Change owner to box, select the user that you are giving ownership to, and then click OK.
d. Select the Replace owner on subcontainers and objects check box, and then click OK twice to save your settings.
10. Run Client Setup again. Notes
•
Perform these steps for each user profile listed in the error message.
•
If you are running Windows 2000 Professional with Service Pack 2, you must upgrade to any later version of the service pack.
Applications are missing after upgrading to Windows Small Business Server 2003. Cause: If applications other than those available by default were installed on client computers, they will not be upgraded.
-7-
Solution: You must reinstall these applications on the computer running Windows Small Business Server 2003 and then reinstall them on client computers after the upgrade is complete. Command lines used to install these applications are stored in the registry in the following location:
HKLM\SOFTWARE\Microsoft\SmallBusinessServer\clientsetup\sbs2k_arc hive\Client Applications\ Caution
•
Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer.
After the upgrade is complete, start the Client Setup Applications Wizard and use the command lines to reinstall the applications.
1. Click Start, and then click Server Management. 2. In the console tree, click Client Computers. In the details pane, click Set Up Client Applications. 3. Follow the instructions in the wizard to add client applications.
Older versions of Microsoft Office do not run on client computers that have an Office 2003 application installed. Cause: Older versions of Office conflict with Office 2003. Solution: To run older versions of Office, you must uninstall all versions of Office on the client computer, and then reinstall the version you want to use.
To uninstall older versions of Office from the client computer 1. Click Start, and then click Control Panel. 2. Click Add or Remove Programs, click each version of Office installed on the client computer, and then click Remove. After uninstalling all versions of Office, reinstall the version that you want to use on the client computer.
The initial logon process is slow after joining the Windows Small Business Server domain. Cause: Redirection for My Documents folder has been enabled, and a large amount of data in the My Documents folder on the client computer is synchronizing with the server. Solution: No action is required. After the initial logon, only changes to the My Documents folder are synchronized. Synchronization does not take as long as the initial logon.
-8-
Files in the local My Documents folder are not synchronizing with the server. Cause: Disk quotas have been exceeded. Solution: Reduce the size of the user's My Documents folder by deleting unnecessary files or compressing files. Or, increase the quota amount.
To increase disk quotas 1. On a computer running Windows Small Business Server 2003, click Start, and then click My Computer.
2. Right-click the volume for which you want to modify quota values, and then click Properties.
3. On the Quota tab, click Quota Entries. 4. Click the entries for the users whose options you want to modify, and on the Quota menu, click Properties.
5. In the Quota Settings dialog box, do one of the following: •
To track disk space usage without limiting disk space, click Do not limit disk usage.
•
To limit disk space, click Limit disk space to. Type a numeric value, and select a disk space limit unit from the drop-down list. You can use decimal values, for example, 20.5 megabytes (MB).
Note
•
If the volume is not formatted with the NTFS file system, or if you are not a member of the Administrators group, the Quota tab is not displayed in the volume's Properties dialog box.
I received an error stating that Client Setup cannot migrate private user settings. Cause: This error occurs when one or more of the subfolders in a user's profile have been made private. This means that permissions giving other users access to the folders have been removed. Solution: Manually configure the client computer to remove the restrictions that are preventing the migration.
•
If the client computer is running Windows XP Professional, make sure that simple file sharing is enabled on the computer, and then follow the steps outlined in the error message.
To enable simple file sharing on a client computer running Windows XP Professional 1. Click Start, and then click Control Panel.
-9-
2. Double-click Folder Options. 3. On the View tab, under Advanced settings, make sure Use simple file sharing (Recommended) is selected, and then click OK.
•
If the client computer is running Windows 2000 Professional, log on to the client computer as the user with the profile that did not migrate, and then grant the Administrators group full control over the profile folder and all subfolders.
To grant the Administrators group full control of the profile folder and all subfolders 1. Click Start, and then click My Computer. 2. Double-click the drive where Windows is installed (usually drive C:, unless you have more than one drive on your computer).
3. Double-click the Documents and Settings folder. 4. Right-click the user folder that did not migrate, click Properties, and then click the Security tab.
5. Click Add, type Administrators in the text box, and then click OK. 6. Under Group or user names, click the Administrators tab, select Allow for the Full Control permission, and then click OK. 7. Repeat steps 4 through 6 for all subfolders in the user profile. 8. Repeat steps 4 through 7 for each user folder that did not migrate. 9. While you are logged on with the user profile that did not migrate, give the user ownership of all files in his or her profile.
To give the user ownership of all files in the user profile a. Right-click the user folder to be migrated, click Properties, and then click the Security tab.
b. Click Advanced, and then click the Owner tab. c.
In the Change owner to box, select the user that you are giving ownership to, and then click OK.
d. Select the Replace owner on subcontainers and objects check box, and then click OK twice to save your settings.
10. Run Client Setup again. Notes
•
Perform these steps for each user profile listed in the error message.
•
If you are running Windows 2000 Professional with Service Pack 2, you must upgrade to any later version of the service pack.
-10-
Troubleshooting Mobile Devices
Back to Top
ActiveSync cannot be installed when a mobile device is connected to the client computer. Cause: If a mobile device is connected to the client computer, ActiveSync cannot be completely installed. Solution: Disconnect the mobile device from the client computer, log off, log on again, and then reinstall ActiveSync. For more information, open Help and Support and search for "To connect a mobile device by using a cradle or cable."
Pocket PC 2003 is not automatically configured to synchronize with the server. Cause: The server is configured to connect to the Internet using a dialup connection instead of a broadband connection. Solution: Configure the Pocket PC 2003 using the instructions that came with your device, and manually configure it to synchronize with the server. You must also disable Secure Sockets Layer (SSL) on the mobile device. Note
•
Before beginning the following procedure, obtain the server's fully qualified internal computer name and NetBios domain name.
To disable SSL on the mobile device 1. Click Start, and then open ActiveSync. 2. Click Tools, and then click Options. 3. Click the Server tab, and then clear the This server uses an SSL connection check box.
Important
•
Disabling SSL means that you will send user name and password information over the network. Ensure that you have enabled Wired Equivalent Privacy (WEP) encryption on your wireless LAN.
After running the Get Connected Wizard and selecting "Synchronize with this desktop
-11-
computer," my mobile device is not synching with my Inbox, calendar or contacts. Cause: This problem can occur if any of the following conditions are true:
•
The server is not connected to the Internet.
•
The server is connected to the Internet using a dial-up connection.
•
The user has configured ActiveSync to synchronize the mobile device with the server.
Solution: Manually configure ActiveSync to synchronize with the desktop computer.
To manually configure ActiveSync to synchronize with the desktop computer 1. Plug the mobile device into the cradle.
2. On the desktop computer, click Start, click All Programs, and then click Microsoft ActiveSync.
3. Click Tools, and then click Options. 4. On the Sync Options tab, clear the Enable synchronize with a server check box.
5. When prompted to remove all synchronized data using ActiveSync, click OK.
6. Select the Inbox, Calendar and Contacts check boxes, and then click OK. The device then synchronizes with the desktop computer. Note
•
The Routing and Remote Access (RRAS) Wizard configures mobile devices to synchronize with the server by default. Each time you run the RRAS Wizard, you must use the preceding steps to configure mobile devices to synchronize with the desktop computer.
Using a hardware router prevents synchronization when the mobile device is cradled. Cause: If the server is configured with a single network card and a hardware firewall, routers that have built-in IP spoofing protection do not allow internal client computers to connect to the external domain. Solution: Consult with your hardware provider for updated firmware for your specific device. As an alternative, you can add a DNS zone to bypass IP spoofing by some hardware routers.
To add a DNS zone
-12-
1. Click Start, click Run, and then type dnsmgmt.msc. The DNS Management Console appears.
2. Double-click your server name in the console tree.
3. In the details pane, right-click Forward Lookup Zone, and then click New Zone. The New Zone Wizard appears. Click Next.
4. On the Zone Type page, select Primary Zone, clear the Store the zone in Active Directory (available only if DNS Server is a domain controller) check box, and then click Next.
5. On the Zone Name page, in the Zone Name box, type the fully qualified domain name of your external domain (for example, www.externaldomainname.com), and then click Next.
6. On the Zone Files page, click Next. 7. On the Dynamic Update page, select Do not allow dynamic updates, and then click Next.
8. Click Finish to close the New Zone Wizard. 9. Right-click the new zone in the DNS Management Console details pane, and then click New Host (A). The New Host dialog box appears.
10. Leave the Name field empty. In the IP address box, type the Server Local Area IP address, and then click Add Host.
11. Click OK, and then click Done to close the New Host dialog box.
The initial synchronization of the mobile device failed. Cause: ActiveSync cannot create Microsoft Office Outlook 2003 profiles. If the user starts ActiveSync before running Outlook 2003, the user receives an error message stating that the profile cannot be found. Solution: Connect the mobile device by using the cradle or cable, open Outlook, and then reconnect the mobile device.
The user cannot browse the Internet when the mobile device is connected using the cradle or cable (applies only if Internet Security and Acceleration Server 2000 is installed). Cause: If you connect the mobile device by using a cradle or cable, you are considered anonymous when browsing the Internet. If ISA Server is installed on the computer running Windows Small Business Server 2003, anonymous browsing is not allowed. Solution: Follow the instructions for Microsoft Pocket PC Phone Edition 2002, Microsoft Pocket PC Phone Edition 2003, or Microsoft SmartPhone 2003, and then follow the instructions to configure ActiveSync settings.
-13-
•
For Microsoft Pocket PC Phone Edition 2002 1. On the mobile device, click Start, and then click Settings. 2. On the Connections tab, click Connections. 3. Under Work Settings, click Modify. 4. On the Proxy settings tab, check the This network connects to the Internet box, and then check the This network uses a proxy server to connect to the Internet box.
5. Type the proxy server name, and then click Advanced. 6. In the Port box, type 8080. 7. Click OK, and then click OK again. •
For Microsoft Pocket PC 2003 or Microsoft Pocket PC Phone Edition 2003 1. On the mobile device, click Start, and then click Settings. 2. On the Connections tab, click Connections. 3. Click Set up my proxy server. 4. On the Proxy settings tab, check the This network connects to the Internet box, and then check the This network uses a proxy server to connect to the Internet box.
5. Type the proxy server name, and then click Advanced. 6. In the Port box, type 8080. 7. Click OK, and then click OK again. •
For Microsoft SmartPhone 2003 1. On the mobile device, select Start, select Settings, and then select Date connections.
2. Select Menu, select Edit Connections, and then select Proxy Connections.
3. Select Menu, and then select Add. 4. In the Connects From box, select Work. In the Connects To box, select The Internet.
5. In the Proxy (name:port) box, type the server name and port, using the following format: ServerName :8080
6. Type your user name and password, and then select Done. To configure ActiveSync settings 1. On the client computer, click Start, point to All Programs, and then click Microsoft ActiveSync.
-14-
2. On the Tools menu, click Options, and then click the Rules tab. 3. In the Connection box (under Pass Through), click the down arrow, and then click Work. The first time that you use the device to browse the Internet, you are prompted for a user name and password. Type a user name that is a member of the Windows Small Business Server Internet Users group, and save the password so that ActiveSync can synchronize with the server. Note
•
If you still cannot browse the Internet, see the person responsible for your network to ensure that you have the correct permissions.
A connection cannot be established between the mobile device and the client computer. Cause: There is a universal serial bus (USB) connection error. Solution: Upgrade to the latest version of ActiveSync. If the user is already using the latest version, remove the mobile device from the cradle (or disconnect the cable), turn the device off and then back on, and then reconnect it.
The mobile device cannot be synchronized when connected using a cradle or cable. Cause: The Pass Through option is not configured correctly in ActiveSync. Solution: Configure the Pass Through option.
To configure the Pass Through option 1. On the client computer, click Start, point to All Programs, and then click Microsoft ActiveSync.
2. On the Tools menu, click Options, and then click the Rules tab. 3. In the Connection box (under Pass Through), click the down arrow, and then click Internet. For more information, see Microsoft ActiveSync Help. To open ActiveSync Help, click Start, point to All Programs, click Microsoft ActiveSync, and then click Help.
Outlook Mobile Access with Secure Sockets Layer (SSL) does not work on a SmartPhone 2002, PocketPC 2002, or Wireless Application Protocol (WAP) 2.0 phone.
-15-
Cause: Some of these devices are not supported using the Windows Small Business Server unsigned certificate. Solution: Purchase a signed certificate from a trusted certification authority (CA) for the server to support these devices.
Other considerations for troubleshooting mobile devices. If you continue to have a problem using your mobile device, consider the following questions:
•
Does your mobile device have sufficient signal strength?
•
Can you browse to other internal or external Web sites?
•
Have you tried turning off the device and then turning it back on?
•
Does your mobile device synchronize when connected to the server?
•
Have you tried reconfiguring your mobile device?
To reconfigure your mobile device 1. On the client computer, click Start, point to All Programs, and then click Microsoft ActiveSync.
2. Connect the mobile device to the client computer by using the cradle or cable included with the device.
3. Click Start, and then click All Programs. 4. Click Small Business Server Tools, and then click Configure Mobile Device. The device will be reconfigured with the original Windows Small Business Server settings, and users will be able to synchronize with the server within a few seconds. Note
•
The mobile device configuration program is at the following location: Program Files/Windows Small Business Server/Clients/SBSMobConfig.exe
•
Have you allowed access to the Outlook Mobile Access Web service from the Internet using the Configure E-mail and Internet Connection Wizard?
•
Are you using an external router? Are ports 80 and 443 open and pointed to the server?
For more information, open Help and Support and search for "To allow access to Web services on the server."
-16-
Troubleshooting E-mail
Back to Top
I have more than one e-mail domain name, and the E-mail Domain page of the Configure E-mail and Internet Connection Wizard allows me to enter only one of the domain names. Cause: The Configure E-mail and Internet Connection Wizard can configure reply-to addresses for only one e-mail domain on the E-mail Domain page. Solution: Use one of the e-mail domain names when you run the wizard. Then, you can create a custom recipient policy in Exchange Server 2003 for a second e-mail domain. The custom recipient policy creates the appropriate e-mail addresses for users in the second e-mail domain. For more information, search for "Create a New Recipient Policy" in Exchange server Help. To access Exchange server Help, click Start, click Server Management, and then press F1.
Unsolicited e-mail is being delivered to Exchange server mailboxes. Cause: Connection filtering is not configured on your Exchange server. Solution: Exchange 2003 supports connection filtering based on block lists, which are lists that can be queried by your Exchange server to identify verified spam sources. Connection filtering uses external services that list known sources of unsolicited e-mail, dial-up user account lists, and servers open for relay based on IP addresses on block lists that they maintain. Connection filtering complements third-party content filter products. You can also configure connection filtering without using a block list provider by creating global accept and deny lists of SMTP addresses from which you want to globally accept or deny all e-mail. To configure connection filtering, you must first create and configure a connection filtering rule, and then apply it your SMTP virtual server. For more information, search for "Configure Connection Filtering" in Exchange server Help. To access Exchange server Help, click Start, click Server Management, and then press F1.
Troubleshooting Monitoring
Back to Top
-17-
I have received an alert notification that a user account is under attack. Cause: A user has repeatedly tried to log on due to losing or forgetting the user account password. This alert occurs when the number of failed logons for a specific user exceeds the Account Lockout Threshold. Solution: Reset the user account password.
To reset a user's password To complete this procedure, you must be logged on as a member of the Domain Admins security group.
1. Click Start, and then click Server Management. 2. In the console tree, click Users. 3. In the details pane, select a user account, and then click Change Password. 4. Type and confirm the new password.
5. Select or clear the User must change password at next logon check box, and then click OK.
Cause: An actual attack has occurred. This alert occurs when the number of failed logons for a specific user exceeds the Account Lockout Threshold. Solution: You need to do the following if you suspect the account is under attack:
•
Unplug the Internet cable from your server or router if you are certain that your network has been attacked. Open Event Viewer and view the audit logon events in the Security Events log to determine if an attack has occurred.
To open Event Viewer 1. Click Start, and then click Server Management. 2. In the console tree, click Monitoring. 3. In the details pane, click View Event Logs. •
View the event log to try and determine the IP address from which the attack is originating. Contact your Internet service provider (ISP) to report or block it.
•
Check for any unknown user accounts by using the Manage Users snapin in Server Management.
•
Reset the user's password.
•
Reset the administrator password.
•
Disable the user account until the threat of the network attack passes.
-18-
To disable a user account To complete this procedure, you must be logged on as a member of the Domain Admins security group.
1. Click Start, and then click Server Management. 2. In the console tree, click Users. 3. In the details pane, select a user account, and then click Disable Account. Note
• •
Disabled accounts are not removed, but you cannot use them to log on or to access network resources.
Consider setting strong password policies.
To configure password policies To complete this procedure, you must be logged on as a member of the Domain Admins security group.
1. Click Start, and then click Server Management. 2. In the console tree, click Users. 3. In the details pane, click Configure Password Policies. 4. Select the check boxes to configure the policies you want, select when you want the policies to become effective, and then click OK. If you are still setting up the network and thus do not want the policies to be effective yet, you can choose to make them effective in a few days. Note
•
This action changes the password policies used in your entire network. Enabling or changing password policies requires all users to change their passwords the next time they log on to the network.
For more information about keeping your network secure, visit the Microsoft Security and Privacy Web site (http://go.microsoft.com/fwlink/?LinkId=102).
Usage information for Internet activity cannot be viewed in the server usage reports. Cause: You might be using a router as a firewall to access the Internet. If so, usage information for Internet activity cannot be included in the report
-19-
because Windows Small Business Server 2003 is unable to monitor firewall statistics for third-party devices. Solution: Install a second network adapter on the computer running Windows Small Business Server 2003, and then enable the Routing and Remote Access service as the firewall on the server by using the Configure E-mail and Internet Connection Wizard. Cause: You might be using the Internet Security and Acceleration (ISA) Server firewall to access the Internet. Windows Small Business Server 2003 is unable to monitor firewall statistics for ISA Server. Solution: Configure ISA Server for monitoring and reporting. For more information about configuring ISA Server for monitoring and reporting, search for "Configure monitoring and reporting" in the ISA Server Help. To access ISA Server Help, click Start, click Server Management, and then press F1.
I am not receiving server performance or usage reports in Outlook Express. Cause: By default, Outlook Express blocks certain file attachments in email to prevent you from opening potentially harmful attachments. As a result, you may not be able to open server performance or usage reports. Solution: Configure Outlook Express to allow attachments.
To configure Outlook Express to allow attachments 1. Open Outlook Express.
2. On the Tools menu, click Options. 3. On the Security tab, clear the Do not allow attachments to be saved or opened that could potentially be a virus check box, and then click OK. Note
•
E-mail attachments can contain viruses. It is recommended that you open files sent by a reliable source only and that you use antivirus software to scan files received in e-mail.
Server performance or usage report does not contain all selected log files. Cause: If a selected log file has not changed since the last time it was attached to a server performance or usage report, or if no new files exist for applications that generate multiple log files (such as Internet Information Services), the server performance or usage report will not contain attachments for those selections.
-20-
Solution: No action is required. To review the latest version of a selected log file, open the file attachment from the previously delivered server performance or usage report.
Services set to start automatically stop running. Cause: When configured to start automatically, a small number of services may stop running if they are not performing any tasks. When this happens, these services are reported in the server performance report as not running. This is known to occur with the following services:
•
Fax
•
Performance Logs and Alerts
•
Removable Storage
Solution: The noted services are designed to stop running when they are not being used. If you do not want these services to be reported in the server performance report when they are not running, you can change the Startup type for the service to Manual.
To change the startup type for a service to Manual 1. Click Start, and then click Server Management. 2. In the console tree, click Monitoring and Reporting, and then click View Services.
3. In the details pane, right-click the service that you want to change, and then click Properties.
4. For Startup type, select Manual, and then click OK. For more information, open Help and Support and search for "Monitoring overview."
Monitoring alerts are not being delivered. Cause: After a Health Monitor configuration is imported using the Import Health Monitor Configuration Wizard, imported actions may not run as expected. This problem can occur when settings for imported actions remain associated with the computer from which they were exported. For example, the SMTP server specified for e-mail actions could be inaccurate, or an inaccurate file path could be specified for script actions. Solution: Review the settings for the imported actions and make changes as necessary.
To view the imported actions 1. Click Start, point to Administrative Tools, and then click Health Monitor.
2. In the console tree, click Actions.
-21-
3. In the details pane, right-click an action, and then click Properties. 4. Review the settings on each tab, and modify as necessary. 5. Repeat steps 3 and 4 for each action. For more information, open Help and Support, and then search for "To update settings for an imported Health Monitor configuration."
Troubleshooting Backup and Restore
Back to Top
The NTBackup log is blank. Cause: NTBackup.exe is being manually ended from the Task Manager, or NTBackup.exe encountered an error during launch. Solution: Run NTBackup manually, and load the Small Business Backup Script.
To run NTBackup manually and load the script 1. Click Start, click Run, type ntbackup, and then press Enter. The Backup or Restore Wizard launches.
2. On the Welcome to the Backup or Restore Wizard page, click Advanced Mode.
3. Click the Backup tab. 4. From the Job menu, choose Load Selections. 5. In the File Name box type %sbsprogramdir%\backup. 6. Click Small Business Backup Script.bks to select, and click Open. 7. On the Backup tab, click Start Backup. If the backup succeeds, run the Windows Small Business Server Backup Configuration Wizard from the Backup taskpad in Server Management. If the problem persists, click Start, click Server Management, click the Information Center link, and then click either Community Website or Technical Support to get information about the problem. If the backup fails, consult the error message for further information about the problem.
Backup fails, reporting "'Script.bks' file not found." Cause: The Exchange Information Store is not running. Solution: Start the Exchange Information Store.
-22-
To start the Exchange Information Store 1. Click Start, click Run, and then type Services.msc. 2. In the details pane, right-click Microsoft Exchange Information Store, and then click Start.
Cause:
•
A folder explicitly marked to be included in the backup is not on the system.
•
The Small Business Backup Script has been deleted or is corrupted.
•
The UNC path you are backing up to does not exist or is inaccessible.
Solution: Re-run the Backup Configuration Wizard from the Backup snapin in Server Management, accepting the defaults to reset.
Redirection of My Documents failed. Cause: Certain files cannot be made available offline. Files with the following extensions cannot be made available offline:
•
.db*
•
.ldb
•
.mdb
•
.mde
•
.mdw
•
.pst
•
.slm
When you have configured users' My Documents folders to be redirected to the server, files with these extensions are saved to the server only, and they are not saved at logon or logoff to the client computer. The following error message appears if you try to synchronize these types of files: "Warnings occurred while Windows was synchronizing your data. Results: Offline files. Unable to make file name available offline. Files of this type cannot be made available offline." For more information about this issue, see article 252509, "Error Message: Files of This Type Cannot Be Made Available Offline," in the Microsoft Knowledge Base.
-23-
Solution: If you have a file that cannot be made available offline and you want to avoid seeing this message at logoff and logon, you can perform one of the following actions:
•
Move the files that cannot be made available offline out of the My Documents folder and in to a shared folder on the server.
•
Disable offline files.
In both of these instances, a file that cannot be made available offline will be unavailable if the server becomes unavailable. However, it will be included in the backup of the server by default. If you disable offline folders, none of your files, regardless of whether they can be made available offline, will be available if the server becomes unavailable.
To reduce the size of the Event Log 1. In Windows Explorer, click Tools, and then click Folder Options. 2. On the Offline Files tab, clear the Enable Offline Files check box.
Volume Shadow Copy Services fails, reporting error number 800xxxxx. There are several causes for Volume Shadow Copy Services failure. They are listed in order of probability:
•
Low disk space on a drive with Volume Shadow Copies Services enabled.
•
The disk is highly fragmented.
•
SQL ServerTM 2000 is installed and one or more databases have a recovery model that is not set to Simple. Windows Small Business Server 2003 Backup can back up a database only if its recovery model is set to Simple.
•
An Event Log is larger than 64 megabytes (MB).
•
Directory Service Access auditing is enabled.
Use the information in the following sections to determine which of these issues is causing Volume Shadow Copy Services to fail and to correct the failure. Cause: Low disk space on a drive with Volume Shadow Copies Services enabled.
To verify that a drive with Volume Shadow Copies Services enabled has low disk space 1. Click Start, and then click My Computer. 2. Click the Shadow Copies tab.
-24-
3. Click the volume that has Shadow Copies enabled, and then click Settings.
4. In the Storage Area dialog box, click Details, and compare the Used and Maximum Size columns to determine whether disk space is low.
Solution: Increase the space available on the system drive and on the drive with previous versions (Volume Shadow Copy Services) enabled. Cause: The disk is highly fragmented. Solution: Defragment all system hard disks. Cause: SQL Server 2000 is installed and one or more databases have a recovery model that is not set to Simple. Windows Small Business Server 2003 Backup cannot back up this type of database. Solution: Set the SQL Server 2000 database recovery model to Simple.
To set the SQL Server 2000 database recovery model to Simple 1. Open SQL Server Enterprise Manager.
2. Double-click Microsoft SQL Servers, double-click SQL Server Group, (Local), and then double-click Databases.
3. Right click each database, choose Properties, and then on the Options tab, under Recovery, set the model to Simple.
For more information about SQL Server database recovery models, see SQL Server Help and search for "recovery model." Cause: An Event Log is larger than 64 MB. Solution: Reduce the size of the Event Log to a maximum of 64 MB.
To reduce the size of the Event Log To complete this procedure, you must be logged on as a member of the Domain Admins security group.
1. Click Start, click Administrative Tools, and then click Event Viewer. 2. In the console tree, click any Event Log that is larger than 64 MB.
3. On the Action menu, click Properties. 4. On the General tab, in Maximum log size, specify a log size of 64000 kilobytes or less.
5. To put the new setting in effect, click Clear Log.
-25-
If you want to retain the information currently in the log, click Yes when a message appears asking if you want to save the original log before clearing it, and then click OK. Cause: Directory Service Access auditing is enabled.
To verify that Directory Service Access auditing is enabled 1. Click Start, click Run, and then type rsop.msc. 2. In the details pane, double-click Computer Configuration, doubleclick Windows Settings, double-click Security Settings, doubleclick Local Policies, and then double-click Audit Policy.
3. In the Computer Setting column, verify that it reads either Success or Failure. If Directory Service Access is not enabled, the entry in the Computer Setting column will read No auditing. Solution: Disable Directory Service access auditing.
To disable Directory Service access auditing 1. Click Start, and then click Server Management. 2. In the console tree, click Advanced Management, and then click Group Policy Management.
3. Navigate to /Forest/Domains/your domain/Domain Controllers, and then right-click Small Business Server Auditing Policy.
4. Click Edit to open Group Policy Object Editor. 5. In Group Policy Object editor, navigate to Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy.
6. Double-click Audit directory service access. 7. Clear the Success and Failure boxes if they are checked. 8. Click Start, click Command Prompt, and then type gpupdate /Force to refresh the policy setting.
Portions of a file are not backed up. Cause: The destination of the backup has previous versions (Volume Shadow Copy Services) enabled on it, and the allocated space for previous versions does not have enough room for the entire backup file. Solution: Either disable previous versions (Volume Shadow Copy Services) by using the Backup Configuration Wizard or choose another destination for the backup. Note
-26-
•
Backing up to a volume on which previous versions are enabled will drastically reduce the number of previous versions from which users can restore.
Backup fails, reporting "A fixed drive is not a valid drive." Cause: A timeout occured while writing the backup file to the destination. Solutions:
•
If you are backing up to a network share, ensure the UNC path you are backing up to is always accessible.
•
Ensure the drivers for the media of the backup destination are up to date. Contact the manufacturer for information about updating your drivers.
•
Ensure there is no excessive activity on the device you are backing up to.
Cause: The drive you are backing up to is low on disk space. Solution: Ensure the disk to which you are backing up has adequate disk space to hold the backup.
Backup fails, reporting "Tape media not found." Cause: No tape is in the drive. Solution: Put a tape in the drive. Cause: The system does not recognize the tape drive. Solutions:
•
Ensure the tape in the drive is a tape that works with the drive.
•
If the tape drive is external, ensure the power of the tape drive is on.
•
Ensure that the system is detecting the tape drive.
To ensure that the system is detecting the tape drive 1. Click Start, click Administrative Tools, and then click Computer Management.
2. In the left pane, click Device Manager. 3. Navigate to the tape drive and double-click it to view Device status.
-27-
4. If the device is not working properly, click Troubleshoot to fix the problem.
•
Ensure the drivers for the media of the backup destination are up to date. Contact the manufacturer for information about updating your drivers.
•
Be sure the tape drive is compatible with Windows Small Business Server 2003. Consult the Windows Catalog Web site (http://go.microsoft.com/fwlink/?LinkId=16906).
Backup fails, reporting error number 8007422. Cause: Windows Management Instrumentation needs to be started in order for Windows Small Business Server Backup to determine success or failure. Solution: Start Windows Management Instrumentation.
To start Windows Management Instrumentation 1. Click Start, click Run, and then type Services.msc. 2. In the details pane, right-click Windows Management Instrumentation, and then click Start.
If the problem persists, click Start, click Server Management, click the Information Center link, and then click either Community Website or Technical Support to get information about the problem.
Backup fails, reporting "End of media encountered." Cause: The backup does not fit on the media to which you are backing up. Solutions:
•
Reduce the size of the backup by excluding folders from the backup using the Backup Configuration Wizard.
•
Purchase a backup device with larger capacity.
Cause: The destination of the backup is a hard drive formatted with the FAT file system. Drives formatted with FAT support a file size of up to 4 GB. If your backup is larger than 4 GB, it exceeds the size of the destination hard drive. Solution: Convert the drive to the NTFS file system using convert.exe. For information about using convert.exe, see article 214579, "How to Use Convert.exe to Convert a Partition to the NTFS File System," in the Microsoft Knowledge Base.
-28-
Cause: The backup does not fit on the hard drive to which you are backing up. Solution: Increase the amount of space available on the drive for the backup.
Backup fails, reporting "An inconsistency was encountered." Cause: You are backing up to a UNC path on the local computer that is currently being backed up. Solution: Use the Backup Configuration Wizard to change the destination of the backup to another location. Alternately, you can use the wizard to exclude the UNC path from the backup.
Users cannot restore files because the Previous Versions tab in the My Documents Properties dialog box is missing. Cause: If storage allocation has been enabled for deleted files, and the location to which My Documents is redirected has recently been changed, then the regularly scheduled snapshot has not occurred. Solution: No action is required. The Previous Versions tab will appear after the next regularly scheduled snapshot occurs. By default, snapshots are scheduled to occur at 7:00 A.M. and at noon. Note
•
If you have not run Client Setup on your client computer, you might need to manually install the Shadow Copy client. To manually install the Shadow Copy client, from the client computer click Start, click Run, and then type: \\server\ClientApps\ShadowCopy\SHADOWCOPYCLIENT.MSI
Troubleshooting Internet Access
Back to Top
I want to switch from using my existing DHCP server, such as a router device, to using Windows Small Business Server 2003 as my DHCP server. Cause: You must disable the existing DHCP server, install the DHCP Server service on your computer running Windows Small Business Server 2003, and then configure the DHCP scope for your network.
-29-
Solution: Using Windows Small Business Server 2003 as your DHCP server ensures that your DHCP settings are properly configured for the local network. Not all DHCP scope options for the Windows Small Business Server network can be configured for the DHCP service of all router devices. For information about how to install and configure DHCP on your Windows Small Business Server network, open Help and Support and search for "Installing a DHCP server."
I need to modify the phone number used by my dial-up connection to connect to the Internet. Cause: If you use a dial-up connection to connect to the Internet, the dialing is handled by the firewall on your computer running Windows Small Business Server 2003. As a result, to change the phone number used by the dial-up connection to the Internet, you must modify the connection information in the firewall settings for your computer running Windows Small Business Server 2003. Solution: The easiest way to change the phone number used by your dialup connection is to run the Configure E-mail and Internet Connection Wizard and add a new dial-up connection. Notes
•
If you do not want to modify settings defined in the last run of the wizard for a specific component, select the option to not make changes for that component. You can then bypass the associated pages for that component.
•
Running the Configure E-mail and Internet Connection Wizard does not require the computer running Windows Small Business Server to restart. However, users will experience a temporary loss of connectivity to the Internet while necessary services are restarted.
I am having problems connecting to the server from a client computer. Cause: The network adapter on the client computer might be configured with a static IP address. Since the server performs network services that are dependent on the IP address of the local network adapter, using a statically assigned IP address on a client computer may result in connectivity issues with these services. Solution: Configure the client computer to use DHCP to acquire an IP address. You must use an IP address that is within the scope of your existing firewall device. If a router provides the DHCP service, you must configure the service for your network. For more information, see Appendix C in Getting Started.
-30-
I need to change the IP address of the network adapter that connects to the Internet from dynamically assigned to statically assigned (or vice versa). Cause: The DHCP server at your Internet service provider (ISP) has switched from using a dynamic IP address to using a static IP address. Solution: Reconfigure the network connection.
To reconfigure the network connection 1. On a computer running Windows Small Business Server 2003, click
Start, point to Control Panel, point to Network Connections, and then click the network connection you want to reconfigure.
2. Double-click Internet Protocol (TCP/IP), and then modify how the IP address is assigned to the network connection. Important
•
If you are using a router to connect to the Internet, you must use a static IP address for the external interface (the interface that connects to your ISP) of the router. For more information, see the router manufacturer's documentation.
Troubleshooting Your Intranet
Back to Top
The user is prompted for credentials when trying to access the internal Web site. Cause: The internal Web site is based on Windows SharePoint Services. To use this site, users must be members of a Windows SharePoint Services site group. A user who is prompted for credentials does not have a site group membership. Solution: Create user accounts based on Windows Small Business Server templates. User accounts based on these templates have permission to access the internal Web site because the templates are members of the site groups by default. For more information, open Help and Support, and search for the topic "To add a user account."
Documents on the internal Web site cannot be saved or edited.
-31-
Cause: The client computer might be running a version of Microsoft Office that is earlier than Office XP. Solution: Upgrade the application on the client computer to Office XP or later so that the user can save or edit documents on the internal Web site.
Search is not available on the internal Web site. Cause: The computer running Windows Small Business Server might be running Microsoft SQL Server Data Engine (MSDE). MSDE does not support full text searches. Solution: Upgrade MSDE to SQL Server 2000 or later and add full text search components. Evaluation and Not for Resale versions of SQL Server cannot be used to upgrade MSDE.
My Remote Web Workplace logon page appears in search engine results on the Internet. Cause: This may occur after you use the Configure E-mail and Internet Connection Wizard to publish your Business Web site on the Internet. Components of the Internet called "Web robots" automatically search and catalog documents and pages published to Web sites by following hyperlinks on the various pages that have been published. Solution: You can prevent Web robots from cataloging all or part of your Web site by using a text editor such as Notepad to create a file called robots.txt. Use the text from one of the examples below to specify which Web site folders the Web robots cannot catalog. After you create the file, publish it at the root of the Default Web Site (%systemdrive%\inetpub\wwwroot). Note
•
To enable Web robots to read the robots.txt file, run the Configure Email and Internet Connection Wizard and choose the option to publish the Business Web site (wwwroot).
To prevent Web robots from cataloging your entire Web site, use the following text:
User-agent: * Disallow: / To allow Web robots to catalog your business Web site, but not to catalog your intranet or private internal Web sites such as Remote Web Workplace, use the following text:
User-agent: * Disallow: /_vti_bin/ Disallow: /clienthelp/ Disallow: /exchweb/ Disallow: /remote/ Disallow: /tsweb/
-32-
Disallow: Disallow: Disallow: Disallow: Disallow: Disallow: Disallow: Disallow:
/aspnet_client/ /images/ /_private/ /_vti_cnf/ /_vti_log/ /_vti_pvt/ /_vti_script/ /_vti_txt/
For more information about using robots.txt, see the Web Robots Pages (http://go.microsoft.com/fwlink/?LinkId=25134).
Troubleshooting Shared Network resources
Back to Top
Faxes are not being received. Cause: If no fax errors appear in the event log and you have an external modem and the fax service is running, the modem may need to be reset. Solution: Unplug the modem, and plug it back in to reset it.
No option to route faxes to the document library ("Route to Document Library") is visible in the Fax Configuration Wizard or the Fax Admin console. Cause: You uninstalled and then reinstalled Fax Services using Add/Remove Windows components in Control Panel. Solution: Uninstall Fax Services using Add/Remove Windows components in Control Panel, and then reinstall the services using the Install option in Windows Small Business Server 2003 Setup. Note
•
There is no option to "Reinstall" the Fax Services in Windows Small Business Server 2003 Setup.
To uninstall and then reinstall Fax Services 1. Click Start, point to Control Panel, click Add or Remove
Programs, and then click Add/Remove Windows Components.
2. In the Windows Components Wizard, clear the Fax Services check box.
3. Click Finish to close the wizard.
-33-
4. In the Add or Remove Programs dialog box, under Currently
installed programs, click Microsoft Windows Small Business Server 2003, and then click Change/Remove.
5. Follow the instructions until you reach the Component Selection page.
6. To install Fax, under Action for the Fax Services, click the drop-down list, and then change the action to Install.
7. Click Next to continue. Follow the instructions for completing Setup.
Users are unable to log on to the server following a virus scan Cause: You may encounter this issue if a virus is detected in an e-mail message while running a virus scan or while using real-time virus scanning on a computer running Windows Small Business Server 2003. In some scenarios, services and applications do not function properly. Event log messages are logged for affected services. Solution: Consider excluding some folders (such as e-mail and fax queues, and SQL databases) from real-time virus scanning. If the antivirus software has a "quarantine" feature, consider turning it off. For information about how to do this, visit the Web site of your antivirus software provider, or consult the online Help or user manual that came with the antivirus software. Consult your antivirus software provider to determine whether they offer a patch for the problem. Note
•
A quarantine state indicates that at least one virus was found and that your system may be infected. Make sure you have the latest virus signature installed on the server, and then perform a thorough scan for viruses. If quarantine happens repeatedly, ensure that all computers on the network have antivirus software running.
Services or applications do not function properly after a virus scan Cause: You may encounter this issue if a virus is detected in an e-mail message while running a virus scan or when using real-time virus scanning on a computer running Windows Small Business Server 2003. In some scenarios, services and applications do not function properly. Event log messages are logged for affected services. Solution: Consider excluding some folders (such as e-mail and fax queues, and SQL databases) from real-time virus scanning. If the antivirus software has a "quarantine" feature, consider turning it off. For information about how to do this, visit the Web site of your antivirus software provider, or consult the online Help or user manual that came with the antivirus software.
-34-
Consult your antivirus software provider to determine whether they offer a patch for the problem. Note
•
A quarantine state indicates that at least one virus was found and that your system may be infected. Make sure you have the latest virus signature installed on the server, and then perform a thorough scan for viruses. If quarantine happens repeatedly, ensure that all computers on the network have antivirus software running.
Troubleshooting Remote Connections
Back to Top
Users receive a security alert when they try to connect to a secure Web site on the computer running Windows Small Business Server 2003. Cause: This commonly appears after using the Configure E-mail and Internet Connection Wizard to create an unsigned certificate for the company Web sites. Because the certificate was issued by Windows Small Business Server rather than by a trusted certification authority, the server itself is not being authenticated as the server that you want to connect to. Solutions:
•
The session is still encrypted, so it is not possible for others to view information that you are sending. Users can click Yes to accept the unsigned certificate. If your company requires a higher level of security, consider purchasing a signed certificate from a trusted certification authority.
•
If the Web site is being accessed from a private computer from which the site will be accessed repeatedly in the future, users can click View certificate to install the certificate into the certificate store of the client computer. Important
•
For security reasons, users should not install the certificate if they are accessing the secure Web site from a public computer, such as an Internet kiosk.
Sound cannot be disabled on remote desktop connections through the Remote Web Workplace. Cause: The Hear sounds from the remote computer on this computer option on the computer selection page cannot be disabled until the Remote Web Workplace Web site is added to the trusted sites zone in Internet Explorer. By default, sound will be played.
-35-
Solution: Add the Remote Web Workplace to the trusted sites zone in Internet Explorer.
To add the Remote Web Workplace to the trusted sites zone in Internet Explorer 1. Click Start, and then click Internet Explorer. 2. On the Tools menu, click Internet Options. 3. On the Security tab, click Trusted sites, and then click Sites. 4. Under Add this Web site to the zone, type the URL for the Remote Web Workplace, and then click Add.
5. Click OK, and then click OK again.
Using Remote Web Workplace to connect a remote computer to a client computer results in an error message before the connection is established. Note
•
The client computer you are connecting to must be running Microsoft Windows XP or later.
Cause: The client computer may not be turned on. Solution: Verify that the client computer is powered on and connected to the Windows Small Business Server network. Cause: Remote Desktop connections may not be enabled on the client computer. Solution: Verify that Remote Desktop is enabled on the computer you are connecting to.
To enable Remote Desktop To complete this procedure, you must be logged on as a member of the Domain Admins security group.
1. Click Start, click Control Panel, click Performance and Maintenance, and then click System.
2. On the Remote tab, select the Allow users to connect remotely to this computer check box.
3. Ensure that you have the proper permissions to connect to your computer remotely, and then click OK. You must be an administrator or a member of the Remote Desktop Users group to connect remotely to your computer. Verify that Remote Desktop is enabled by creating a Remote Desktop connection from another computer on the Windows Small Business Server
-36-
network, and then attempting to connect to your computer. To start Remote Desktop, click Start, point to All Programs, point to Accessories, point to Communications, and then click Remote Desktop Connection. If you are running any firewall software on the client computer, ensure that it is not blocking access to port 3389 (the port specific to Remote Desktop Connections). For more information, see the firewall manufacturer's documentation. Cause: The remote computer may have reached the maximum number of allowed connections. Solution: Verify that the computer you are connecting to has not reached the maximum number of allowed connections. If you are connecting to a computer running Windows XP Professional, only one user can be connected at a time. If you are connecting to an application sharing server, connections are determined by the number of client access licenses (CALs) purchased by your company. For more information, see your administrator. Cause: Firewall settings may be blocking port 4125. Solution: Verify that port 4125 (the port specific to the Remote Web Workplace) is open to the Internet on the computer running Windows Small Business Server. If you ran the Configure E-mail and Internet Connection Wizard, and chose to publish the Remote Web Workplace, this is configured automatically on the server. If you have a router or firewall device that does not support Universal Plug and Play (UPnp), you must manually configure this device to accept Internet traffic through port 4125. For more information, see the device manufacturer's documentation. If the computer running Windows Small Business Server is running Microsoft Internet Security and Acceleration (ISA) Server, run the Configure E-mail and Internet Connection Wizard, choose to publish the Remote Web Workplace, and ISA Server will be automatically configured to allow Remote Desktop connections. If you are connecting from a remote computer that accesses the Internet through ISA Server, the person responsible for ISA Server must create a protocol rule allowing outbound traffic through port 4125. You must also install ISA Firewall Client on the remote computer. Verify that your Internet service provider (ISP) is not blocking Internet traffic through port 4125.
A client computer does not appear in the Computers list after you click Connect to my computer at work. Cause: The client computer has not been joined to the Windows Small Business Server domain. Solution: Join the client computer to the Windows Small Business Server domain.
-37-
To join the client computer to the Windows Small Business Server domain 1. Open Internet Explorer, and type the following URL in the address bar: https://servername/connectcomputer (where servername is the name of the computer running Windows Small Business Server 2003).
2. Click Connect to the network now, and follow the instructions in the Network Configuration Wizard to join the client computer to the Windows Small Business Server domain. Cause: The client computer is not running Windows XP Professional or later. Solution: Verify that the client computer is running Windows XP Professional or later. Cause: You are attempting to access the Remote Web Workplace from the computer you are logged on to. Solution: Access the Remote Web Workplace from another computer. Note
•
Computers running server operating systems do not appear in the list of computers you can connect to. Application sharing servers are available through the Connect to my company’s application-sharing server link.
Links appear in and disappear from the Remote Web Workplace. Cause: Remote Web Workplace links are dynamic, and are based on Windows Small Business Server network features that are available from the Internet. Links may also be manually disabled by your network administrator for security reasons, and they may not appear if you are accessing the Remote Web Workplace from a public or shared computer that is using an earlier browser. Solution: This behavior is by design. If a link that you regularly use disappears, contact your administrator, upgrade the browser on the public or shared computer to the latest version, or access the Remote Web Workplace from a computer that is not public or shared.
Remote Web Workplace features are inaccessible with my Web browser. Cause: Some browsers do not support technology required by the Remote Web Workplace. This technology may include the use of unsigned certificates, ActiveX Controls (which are required for Remote Desktop
-38-
sessions), and Windows Integrated Authentication (which is required for accessing Monitoring links and your company's internal Web site). Solution: Upgrade to the latest version of the Web browser and ensure the browser supports the noted technologies.
The connection to the Remote Web Workplace is frequently interrupted or lost. Cause: The Remote Web Workplace contains a built-in timeout feature for security reasons. When your session has been inactive for a specified period of time, you are logged off automatically. The Remote Web Workplace will timeout after 20 minutes of inactivity by default if you use the site from a public or shared computer. If the computer is not public or shared, the timeout is 120 minutes by default. Solution: If you would prefer the 120-minute timeout, you can access the Remote Web Workplace from a computer that is not public or shared, and clear the I'm using a public or shared computer check box on the logon page. If you need more time, contact your network administrator. The timeout values for the Remote Web Workplace can be manually configured. However, seriously consider the security implications of a longer timeout. Cause: If you run a backup program or antivirus scan while remote users are connected to the network, Remote Web Workplace remote desktop sessions may be disconnected. If this occurs, the error message "An Internal Error has occurred" appears, and users are returned to the Remote Web Workplace computer selection page or log on page. At this point, users can log back on to the remote computer and resume work. Solution: A supported fix is available from Microsoft. For more information, see Knowledge Base article 821438 at the Microsoft Product Support Services Web site (http://go.microsoft.com/fwlink/?LinkId=19635). Note
•
As a best practice, backups and antivirus scans should be scheduled for times when users are least likely to be logged on to a remote session.
Cause: Certain Internet connection types, such as dial-up and PPoE connections, may be subject to timeouts due to inactivity. Solution: This is by design. Contact your Internet service provider if you require a longer timeout period. Cause: Intermittent drops in connectivity may result from wireless or faulty network connections. Solution: Ensure that network hardware is not resetting. See your hardware vendors documentation.
-39-
The company name on the logon page is incorrect or has changed. Cause: The name on the logon page of the Remote Web Workplace is the company name that was specified during Windows Small Business Server Setup. Solution: You can change this name by editing the following registry entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVers ion\RegisteredOrganization Caution
•
Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer.
Note
•
Only names of 50 characters or less are supported.
The link in the Remote Web Workplace introductory e-mail does not work. Cause: Some e-mail programs, such as Outlook Web Access, may block links as a security precaution. Additionally, the Web site address may not be registered or immediately available. Solution: Type the address into your Web browser's address bar, or try the link later or from a different computer. If the site still does not appear, contact your network administrator.
Troubleshooting Client Licensing
Back to Top
Users are unable to log on to the network or access network resources Cause: If Small Business Server 2003 cannot validate the number of installed client access licenses (CALs), the number of available licenses will be reset to five. This can occur if Active Directory is unavailable or if the license store becomes corrupt. When this happens, you will receive an error message that will also be logged to the System event log. The following error is also recorded in the Application event log: "No license was available for user Domain\Username using product Productname. Use Licensing from the Administrative Tools folder to ensure that you have sufficient licenses."
-40-
Solution: To correct this problem, restore the CALs from a valid license store using the Restore License Wizard, or from System backup using the Backup or Restore Wizard. Alternately, you can use the Add License Wizard to reissue them.
To restore CALs using the Restore License Wizard To complete this procedure, you must be logged on as a member of the Domain Admins security group.
1. Click Start, point to Administrative Tools, and then click Licensing. Details about the currently installed CALs appear in the details pane.
2. Click Restore Licenses. 3. Follow the instructions to specify the file name and location of the backup file from which you want to restore the CALs.
To restore CALs using the Backup or Restore Wizard To complete this procedure, you must be logged on as a member of the Domain Admins security group. 1. Insert the correct tape into the tape drive, or connect the removable hard drive to the system
2. Open the Backup or Restore Wizard. To do this, click Start, click Run, type ntbackup, and then click OK. If the Backup or Restore Wizard does not recognize the backup media, the Recognizable Media Found dialog box appears. Select Allow Backup Utility.
3. On the Backup or Restore page, select Restore files and settings. 4. On the What to Restore page, under Items to restore, select the files or folders that you want to restore, and then click Next.
5. On the Completing the Backup or Restore Wizard page, review the settings. If you want to change the location to which the backup is restored or how the existing files that you are backing up are handled, click Advanced.
a. On the Where to Restore page, you can change the location to which your files are restored, or you can choose to have your files restored to a single folder.
b. On the How to Restore page, you can choose what to do with the versions of the files that already exist on your computer.
c.
On the Advanced Restore Options page, if you chose to restore to the original location on the Where to restore page, ensure that the Restore junction points, but not the folders and the file data they reference check box is selected. If you chose to save to a different location, ensure that the check box is not selected.
-41-
Note Do not recover files through a Remote Desktop session.
To reissue CALs to the same server To complete this procedure, you must be logged on as a member of the Domain Admins security group.
1. Click Start, point to Administrative Tools, and then click Licensing. Details about the currently installed CALs appear in the details pane.
2. In the details pane, click Add Client Licenses to open the Add License Wizard, and then follow the wizard instructions.
3. On the Contact Method page, select whether you will use the Internet or the telephone to reissue licenses. 4. After completing the wizard, refresh the Licensing console to verify the successful reissue of the CALs. Notes
•
You will be required to provide the license codes that you received when you purchased the CALs.
•
If you have a choice between using the telephone or using the Internet to activate CALs, it is recommended that you use the Internet.
•
If you are using the telephone to activate the CALs, be prepared to provide a customer service representative with the Installation IDs from the Confirmation Information page in the wizard. You can print both the contact information and Installation IDs from the Confirmation Information wizard page.
•
If you have made changes to the hardware configuration of your computer since first adding the CALs, you may be required to transfer licenses rather than reissue them.
•
To avoid the need to reissue CALs, it is recommended that you restore licenses from backup whenever possible.
-42-