Small Business Server 2011 - Build Document - IV. Tweaking the Server for Optimization and Customization

Still in progress of converting to SBS 2011 info

IV.  TWEAKING THE SERVER FOR OPTIMAL PERFORMANCE AND CUSTOMIZATION


    A.  SBS CONSOLE TWEAKS

1.  If you'd rather not have the SBS Console launch at login, check this blog post

2.  If you'd rather have it autolaunch the SBS Console (Advanced) edit the task mentioned above and add the '/a' switch.  properties of the task, actions tab, click EDIT.  Put the '/a' in the "add arguments (optional)" box.  click OK.  you may have to surround the full path to the console executeable with quotes.

3.  If you'd like a console with extra links to helpful blogs like this site, download a replacement console.exe.config and follow the instructions in this file. once you have it installed, open the console again, go to the home page, "getting started tasks" and scroll down to the bottom.     Have to convert this to SBS 2011 info - stay tuned for changes

4.  Is your SBS Console crashing when approving updates? A possible solution here.

    B.  TWEAKS FOR WSUS

1.  Adjust the group policy so that recommended updates will be deployed just like other updates.

2.  Go here and grab the "wsus cleanup tool".  set this as a scheduled task to run weekly on your server to keep the WSUS database and updates in check.  See the documentation for the tool for the correct usage.

3.  If Powershell is your thing, here is another script you can use to accomplish the same thing.

4.  Free Webinar on WSUS in SBS 2008.

5. If you haven't already done this yet - move the SUSDB from the C: drive to another drive following this blog post  .

6.  Where there are bandwidth and metered internet limitations, the following is probably not what you want to do.  WSUS only downloads each update one time, whereas the suggestion that follows requires every system to download the updates.

As time goes on there are more and more updates.  Adding legacy OS products such as Server 2003 for LOB applications or XP for the die hards in your organization means hours of "one at a time" updates from the SBS Management Console.  For this reason we suggest using Microsoft or Windows Update on each system before joining the domain to get them current, OR, using the native WSUS application to click and install a range of updates in one pass to expidite the process.  We suggest that you pay particular attention to dot net 4 updates to XP and Server 2003 and only install them if your application calls for them.  And don't forget the psconfig command following each and every update to SharePoint on SBS 2011.  Once this is done, and all systems are current, return to the SBS Management console if desired. 

    C.  TWEAKS FOR SHAREPOINT  (in progress)

1.  To enable SharePoint to display the PDF icon and to index the files you need to add ifilters and indexing to SharePoint

2.  Add the ability of SharePoint to index Office 2007 documents by adding an iFilter.  To index Office 2010 documents ensure you download thisiFilter pack.

3.  If you need to adjust the time that SharePoint will stay open, you can edit the value to be longer than 30 minutes.

4.  If you need to upload large files, edit the value accordingly.

5.  Add the email routing to SharePoint as blogged on the SBS blog.

6. Add an email alert when PSConfig is required to update SharePoint TechNet Gallery

7. If you are getting errors/alerts that say "The SharePoint Health Analyzer detected an error. Drives are running out of free space.
Available drive space is less than twice the value of physical memory
" consider reading this blog post,

    D.  TWEAKS FOR REMOTE WEB ACCESS AND OWA

1.  Adjust the time out value for Remote Web Access

2.  Add a third party certificate Tips on SSL Certs in SBS. More tips in this free webinar. Why you now must use a 2048-bit RSA key.

3.  How to set up autodiscover so you don't need a SAN cert

4.  General customization tips for the Remote Web Access here

5.  If you need to add additional two factor authentication and security to RWA, consider Authanvil for a specific solution for SBS 2011.

6.  To add the ability for the clipboard to work across RWA you need to instruct users to click on the computer in the RWA screen click Remote Web Access Options and click on the box to allow clipboard access.  This is documented here.

7. You can add a Second Server to the RWA using this Tool.
  If you need to add additional two factor authentication and security to RWA, consider Authanvil for a specific solution for SBS 2011.

6.  To add the ability for ;segoe ui',sans-serif;color:#333333;">
8. Configure your SPF record with this helpful tool.

    E.  TWEAKS FOR SEARCH

1.  You can add the search service to enable additional search features.

1.  To tweak the search service, go into control panel and open "Indexing Options".

2.  click Modify.  in the bottom half of the new window that pops up, select the folders relating to WSUS and look above and uncheck them in the top half of the window.

3.  if you are running Trend Micro as an antivirus package on the server, you want to locate the Ofcscan share and remove it from indexing

4.  Click ok, then close.

    F.  TWEAKS FOR MONITORING

1.  Add new things to monitor by visiting this library of alerts and custom filters.

2.  More plug-ins to the monitoring reports from this SBS Developer

3.  Want to make your own Alerts?

4.  Errant workstations giving WMI errors in the SBS Console?

5.  DCOM errors in your reports?

6.  CAPI2 Errors in your reports?

7. Remove "ok to ignore" alerts from your monitoring reports with this helpful post.

    G.  TWEAKS FOR NOTIFICATIONS/ALERTS

6.  CAPI2 Errors in your reports?

7. Remove "ok to ignore" alerts from your monitoring reports with this helpful post.

    G.  TWEAKS FOR NOTIFICATIONS/ALERTS

1.  Open the SBS 2011 console, click on Network tab. on the right side of the console, click "View Notification Settings"

2.  Go down the list of services - if you've added any 3rd party software (antivirus, backup, software) that depends on a service, you may want to check the box next to the service so you get notified if the service isn't running.

3.  Go to the Event Log Errors section - scroll down the list and uncheck and/or check the errors you want notification for.  eg: if you are not using Forefront, you can uncheck the boxes.

4.  Go to Email Address - enter the email address you wish to be notified of any alerts.

5. Add an email alert when PSConfig is required to update SharePoint TechNet Gallery

     H. TWEAKS FOR EXCHANGE 2010/OUTLOOK

1.  Adding Disclaimers to email

2.  Doing any Smarthosting?

3.  Outlook Anywhere tips

4.  Need to restrict incoming mail (inbound filtering), some good instructions are available here (2/3 down the page under IP Restrictions), but it may be easier to restrict it at your firewall like this.

                5.    Client issues:

                        In order to connect Outlook 2003 clients to Exchange 2010 sp1, ensure that you change the MAPI encryption setting to ON .

                        Go into the Outlook 2003 and tick the box to Encrypt data between the Office Outlook and the Exchange Server as shown below:

                    http://support.microsoft.com/kb/2006508 



                    This problem occurs because the default Exchange Server 2010 Release to Manufacturing (RTM) configuration requires RPC encryption. However, by default, Microsoft Office Outlook 2003 does not use RPC encryption.



                    Note This problem can also occur if you are using Microsoft Office Outlook 2007 and you disable the Encrypt data between Microsoft Office Outlook and Microsoft Exchange profile setting.



                    Note In Exchange Server 2010 Service Pack 1, the RPC encryption requirement is disabled, by default. Any new Client Access Servers (CAS) deployed in the organization will not require encryption. However, any CAS servers deployed prior to Service Pack 1, or upgraded to Service Pack 1, will retain the existing RPC encryption requirement setting.

                    Remember that SBS 2011 standard includes Exchange 2010 sp1.







                    6.  Fixing the issue of OWA redirect (courtesy of Daryl Maunder)





                    Create an Exchange folder in the same folder as the OWA folder.  

                    Make the permissions the same as the /owa folder.

                    Change the /Exchange virtual folder in IIS to point to this folder instead of the /owa it's pointing to.  

                    Unticked the http redirect on the /owa folder.

                    Unticked/reticked the http redirect box on the /exchange folder and it created a web.config file in the exchange folder and the redirect from /exchange to /owa now works.
                    7. Need to change the max send/receive message size?  Another method here.

                    8. Outlook 2003 Issues?

Exchange 2010 introduces some new features and settings, and these can cause issues for clients still using Outlook 2003 (yes they are still out there) The best fix seems to be updating Exchange 2010 to latest SP and then applying a throttling policy.

http://www.techrepublic.com/blog/data-center/how-to-make-outlook-2003-coexist-peacefully-with-exchange-2010-server/

I have used the value of 1000 for RCAMaxConcurrency
http://blogs.msdn.com/b/pepeedu/archive/2010/01/13/exchange-2010-client-access-throttling.aspx

Steps to create and apply a throttling policy:

New-ThrottlingPolicy –name <Name>

Set-ThrottlingPolicy –identity <Name> –RCAMaxConcurrency <Value>

Set-Mailbox –Identity “Username” –ThrottlingPolicy <Name>

I have also set a policy, per user of Outlook 2003.

    J.  TWEAKING for DEVICES AND PRINTERS

1.  Adjusting the SMTP to allow for device email

2.  SBS 2008 – MFP/Copier To Scan To E-mail Destined To A Companyweb SharePoint Library How To (MPECS Inc Blog)

1.  This blog post explains how to configure everything from the copier through to SharePoint and Outlook.

3.  Publishing printers via Group Policy

1.  SBS 2008 - Deploying Printers (MPECS Inc. Blog)

2.  x86 PushPrinterConnections.exe a must for the Technician's Thumb Drive! (MPECS Inc. Blog) 

1.  The 32bit version of PushPrinterConnections.exe is needed for XP Pro x86 and you can download it here.

4.  Adding 32 bit printer drivers 
    Adding 32bit Drivers in SBS 2011

5.  Disabling SMB signing for older scanners and Apple mac's  While the instructions in this blog post say SBS 2003 the instructions are identical for a SBS 2011.

6. Setting the default printer via group policy.


    K.  TWEAKS FOR REMOVING RSS FEED SYNC

    Since a server is probably not syncing RSS feeds, there's a task that runs in the background that is not needed on the server.  In some cases you may see an alert in the event logs that indicate that the rss sync has not completed.  While it can be ignored, you can also adjust the rss feed sync to not occur.   This tip is courtesy of Yves Gourle:

    You can disable the automatic feed sync as follows:

1.  Run the following command (with a command prompt started with elevated rights) : msfeedssync disable

2.  Or in IE options go to content  -feeds and web slices,  click on settings  and uncheck “automatically check for feeds”


L.  Until Service pack 1 for Windows 2008 R2 comes out


    1.  Consider installing this update:  A computer that is running Windows 7 or Windows Server 2008 R2 takes four minutes to open a Microsoft Office 2003 document from a network share: http://support.microsoft.com/default.aspx?scid=kb;en-us;982860


To return to the outline of the SBS 2011 build document, click here.