Posts tagged ‘Wizard’

SBS connect / connectcomputer wizard fails

Generally when a computer cannot join the domain using http://connect (SBS 2008 & 2011) or http://SBSname/connectcomputer (SBS 2003) it is due to inability to correctly resolve the name of the domain controller in a timely fashion. Below is a list of common reasons for the connect wizards to fail.

In an SBS domain, the server should be the DHCP server, and if so, items 3 and 4 below should be automatically set through DHCP.  However if addressing is statically assigned or you are using a router you may need to make changes. Items 3 and 4 are also basic networking requirements of a Windows Domain, not just important for joining the domain.

1. If there is more than 1 network adapter installed, wired or wireless, disable all but 1 until domain joined.  If at all possible, make it a wired connection, not wireless. 

2. Many new PC’s also show a Bluetooth connection under “Network Connections”, this should be disabled as well while running the wizard.  If you are using a Bluetooth mouse and/or keyboard these will have to be temporarily replaced.

3. Make sure, using IPconfig /all, that the client’s DNS points ONLY to your internal DNS servers, in this case the SBS.  Do not allow a router or ISP to be added even as an alternate.

4. IPconfig /all should also show next to “Primary DNS Suffix”” your internal domain suffix such as MyDomain.local.  If not you need to add the domain suffix to the client machine. To do so insert it in the “DNS suffix for this connection” box under the DNS tab of the NIC’s advanced TCP/IP IPv4 properties

5. If there are any 3rd party firewalls or security suites installed, disable them until joined to the domain.  The Windows firewall should not need to be disabled.

6. If still failing add the connect web site to the “trusted” sites list in Internet Explorer under Tools | Internet Options | Security |trusted Sites

7. If all else fails you can skip the wizard and use a 3rd party utility called ProfWiz.  

It is important to note that using the connect and connectcomputer wizards is very important.  With SBS 2003 it is especially critical to do so as it performs a long list of tasks other than just joining the domain.  It copies the local user’s profile, configures the user and computer environments, changes permissions, installs SBS related features, makes changes to networking, and much more.  Susan Bradley’s blog outlines this in detail: “So exactly “what” does connect computer do anyway?”  However SBS 2008 and SBS 2011 control most of this through Group Policy.  The key bonus feature with the SBS 2008/2011 wizard is its ability to import current users’ local profiles. Though I still strongly recommend using the wizard, it will only import a local workgroup profile.  If the wizard fails or you are wanting to import a previous domain profile, you may want to consider using Profwiz.  Profwiz by forensit.com a simple little tool that will join the PC to the domain and reset the permissions of an existing profile allowing it to be used as the new domain profile (i.e. import users settings like desktop items, favorites, Documents, and application configurations). For instructions on downloading and running see:  https://blog.lan-tech.ca/2011/05/19/sbs-and-profwiz/

SBS 2008/2011 Renew 3rd party Certificate

It seems many Small Business Server 2008 existing third party SSL certificates are expiring and some people are confused about how to renew.  Instructions on the internet often involve lengthy solutions involving the IIS management console.  The forums show that these methods frequently result in failure to import the certificate or it is not properly bound to the default SBS Web Sites.

SBS makes this process very easy. Once again, use the wizards, use the wizards, use the wizards…

Note: This article addresses SBS 2008 and SBS 2011 Standard. If running SBS 2011 Essentials I recomend reviewing Robert Pearman’s Blog article; Renew your SSL Certificate : SBS 2011 Essentials 

I should confirm this article addresses 3rd party SSL certificates, if you are using an SBS self-signed certificate, you simply need to run the “Fix My Network Wizard” to renew.

Open the Windows SBS console and browse to Network | Connectivity | highlight “Certificate” | in the right hand  menu select “”Add a trusted certificate”

image

Choose “I want to renew my current trusted certificate with the same provider”

image

Allow the encrypted certificate request to be generated and click copy.  You could go from here directly the the vendor from whom you are going to purchase and renew the certificate, but there are often delays with process so I recommend pasting to Notepad to retain the text file for a few minutes.  Alternatively you can click the “save to file” button and accomplish the same thing.

image

If you think the provider will supply the certificate immediately you can leave this window open and wait, but most often you are best to put the process in “suspend mode” by selecting “My certificate provider needs more time to process the request”

image

….and complete the wizard.

image

Next, log onto your certificate provider’s webs site, purchase the certificate renewal, create the certificate by copying and pasting the saved contents of Notepad (the encrypted CSR text) when prompted, wait for your certificate approval (usually sent by e-mail), download the certificate, and save to a location of your choice on the server.

Now you can import the certificate.  Once again open the Windows SBS console and browse to Network | Connectivity | highlight “Certificate” | in the right hand menu select “”Add a trusted certificate”.  This time choose “I have a certificate from my certificate provider”.

image

Browse to the location where you saved the certificate.

image

….and complete the wizard.

image

You can confirm your certificate has been imported / updated by choosing “View certificate properties” from the same Windows SBS console window, and reviewing the expiry date.

image

Tag Cloud