Troubleshooting Windows Small Business Server 2003

Microsoft Corporation

Published: January 2007

Version: 4

This document describes problems that you might encounter when installing or using Microsoft Windows Small Business Server 2003 with Service Pack 1 or Windows Small Business Server 2003 R2 (Windows SBS). To view troubleshooting information, click any of the following feature-area links.

If this document does not list a solution for the problem you are having, try searching for a solution at the Windows SBS Solutions Center (http://go.microsoft.com/fwlink/?LinkID=70661).

Troubleshooting Server Setup

Troubleshooting Users and Groups

Troubleshooting Client Computers

Troubleshooting Windows Vista on your Network

Troubleshooting Mobile Devices

Troubleshooting E-mail

Troubleshooting Monitoring

Troubleshooting Backup and Restore

Troubleshooting Internet Access

Troubleshooting Your Intranet

Troubleshooting Shared Network Resources

Troubleshooting Remote Connections

Troubleshooting Client Computer Licensing

© 2006 Microsoft Corporation. All rights reserved.

Troubleshooting Server Setup

Setup initialization error: Source \SQL2000_SP3a\x86\Setup\Sqlspre.ini.

Cause:  You may receive this error when you try to install SQL Server 2000 Service Pack 3. It occurs when the Service Pack 3 Setup program tries to copy Setupsql.ini to the %Temp% folder, but cannot overwrite a pre-existing version of the file that is marked as read-only.

Solution:  Browse to the %Temp% folder on your system drive, and either delete the pre-existing version of setupsql.ini or remove the read-only attribute. Then run SQL Server 2000 Service Pack 3 Setup again.

Troubleshooting Users and Groups

E-mail cannot be received or sent.

Cause:  A user account has reached the assigned Exchange mailbox size limit.

Solution:  Save e-mail messages in a local folder on the client computer. If this problem occurs often, consider increasing the mailbox size for the user account.

Files cannot be saved to shared folders on the server.

Cause:  The user account has reached the assigned disk quota limit.

Solution:  Save files in a local folder on the client computer. If this problem occurs often, consider increasing the disk quota for the user account.

Password cannot be changed.

Cause:  The user account password does not comply with a password policy configured by the administrator.

Solution:  Create a new password that complies with the password policies configured by the administrator.

User cannot connect remotely to a computer running Windows XP Professional.

Cause:  The user does not have permissions to log on by using Remote Desktop.

Solution:   Assign the user permissions to use Remote Desktop.

Note
To complete the following procedure, you must be logged on as a member of the Domain Admins security group.

To assign user permissions to use Remote Desktop

  1. On a computer running Windows Small Business Server 2003, click Start, and then click Server Management.

  2. In the console tree, click Users.

  3. In the details pane, right-click the user account that requires permissions to log on to Terminal Services, and then click Change User Properties.

  4. On the User Properties page, click the Terminal Services Profile tab.

  5. Check the Allow to log on to Terminal Server check box.

Cause:  The client computer running Windows XP Professional is not configured to allow Terminal Services connections.

Solution:  Configure the client computer running Windows XP Professional to use Remote Desktop.

Note
To complete the following procedure, you must be logged on as a member of the Domain Admins security group.

To configure the client computer running Windows XP Professional to use Remote Desktop

  1. On the client computer, click Start, point to Settings, click Control Panel, and then click System.

  2. On the Remote tab, under Remote Desktop, click Select Remote Users.

  3. In the Remote Desktop Users dialog box, click Add.

  4. In the Select Users dialog box, click Locations to specify the search location.

  5. To specify the types of objects that you want to search for, click Object Types.

  6. In Enter the object names to select, type the names of the objects that you want to search for.

  7. Click Check Names.

  8. When the name is located, click OK. The name appears in the list of users in the Remote Desktop Users dialog box.

User account is locked out.

Cause:  There may be too many failed logon attempts.

Solution:  Unlock the user account.

Note
To complete the following procedure, you must be logged on as a member of the Domain Admins security group.

To unlock a user account

  1. On a computer running Windows Small Business Server 2003, click Start, and then click Server Management.

  2. In the console tree, click Users.

  3. In the details pane, right-click the user account that is locked out, and then click Properties.

  4. On the User Properties page, click the Account tab.

  5. Clear the Account is locked out check box to unlock the account.

Application with service account fails.

Cause:  Service account passwords have been changed but automatic logon properties have not been updated to use the new passwords. Windows Small Business Server does not automatically propagate password changes to all applications that use the service account.

Solution:  Update the service accounts and passwords used with a particular application by running Windows Small Business Server Setup again.

New user cannot log on or access e-mail.

Cause:  A new user attempts to log on or access network resources immediately after the account is created and before Active Directory has had time to update. A delay can occur between the time a user account is created and when Active Directory recognizes the user account.

Solution:  Wait fifteen minutes and try again.

Windows Small Business Server 2003 displays a GUID instead of a user name for an e-mail address.

Cause:  This problem can occur if a user account name contains Unicode characters.

Solution:  Use the Active Directory Users and Computers snap-in to change the SMTP e-mail address for the account.

To change the SMTP e-mail address for a user account

  1. Click Start, and then click Server Management.

  2. In the console tree, double-click Advanced Management, double-click Active Directory Users and Computers, double-click your server name, and then locate the account in either the Builtin or Users folder.

  3. Right-click the account, click Properties, and then click the E-mail Addresses tab.

  4. Under E-mail addresses, select the SMTP e-mail address to be changed, and then click Edit.

  5. In the E-mail address text box, replace the GUID with the correct e-mail alias, and then click OK.

  6. Click the Exchange General tab.

  7. In the Alias text box, replace the GUID with the correct e-mail alias, and then click OK twice to save your settings.

Troubleshooting Client Computers

I received the error, "This Service Pack requires the machine to be on AC Power before setup starts…" when I install Service Pack 2 for Windows XP.

The Setup program for Windows XP Service Pack 2 (SP2) requires that your computer uses AC power. If the battery power runs out during installation, the update cannot be completed. If this occurs, you might not be able to restore the operating system to its previous state.

Solution:  To resolve this issue, connect your computer to an AC power source, such as an electrical outlet, and then run Setup.

For more information about this issue, see Article 883609, "This Service Pack requires the machine to be on AC Power before setup starts," at the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkID=70662).

After migrating user profiles, users cannot access redirected folders.

Cause:   If you made user profiles private, administrative credentials were removed from user folders on the client computer. Users need these credentials to access folders that are redirected to the server. After you migrate private user profiles (which include redirected folders), users may be unable to access their folders.

Solution:  Manually restore access to user folders on the client computer.

To restore access to user folders on the client computer

  1. Log on to the client computer.

  2. Click Start, click Control Panel, and then click Performance and Maintenance.

  3. Click Administrative Tools, and then double-click Event Viewer.

  4. Under Event Viewer (Local), double-click Application.

  5. Search for an event with the type listed as Error and the source listed as Folder Redirection, and double-click that event.

  6. Note the source and destination directory listed in the event description.
Note
To complete the next part of this procedure, you must be logged on as a member of the Domain Admins security group.

  1. Click Start, right-click My Computer, click Explore, and then browse to the user folder in the location you noted in step 6.

  2. Right-click the folder, click Sharing and Security, click the Permissions tab, and verify that the user's name does not appear.

    If the folder is empty, delete it.

Note
To perform the next part of this procedure, the user whose profile you are redirecting must be a member of the Local Admins security group on the client computer.

  1. Click Start, right-click My Computer, click Explore, and then browse to the user folder in the location you noted in step 5 of the first procedure.

  2. Right-click the folder, and then click Sharing and Security.

  3. On the Security tab, click Advanced.

  4. On the Owner tab, click the user name in the Change owner to box, and then select the Replace owner on subcontainers and objects check box.

  5. Click Apply.

  6. On the Permissions tab, verify that the user whose profile you want to redirect appears in the list under Permission entries. If the user's name does not appear, click Add, type the user name under Enter the object name to select, and then click Check Names.

  7. Click OK.

  8. Click Apply, and then click OK. The Permission Entry page appears.

  9. Select the Full Control check box, and then click OK.

  10. Click OK, and then click OK again.

  11. Log off, and then log back on to the client computer.

I received an error stating that Client Setup cannot migrate private user settings.

Cause:  This error occurs when one or more of the subfolders in a user's profile have been made private. This means that permissions giving other users access to the folders have been removed.

Solution:  Manually configure the client computer to remove the restrictions that are preventing the migration.

If the client computer is running Windows XP Professional, make sure that the profile that did not migrate is configured as a "public" profile.

To configure the user profile as a "public" profile

  1. Click Start, and then click My Computer.

  2. Double-click the drive where Windows is installed (usually drive C:, unless you have more than one drive on your computer).

  3. Double-click the Documents and Settings folder.

  4. Right-click the user folder that did not migrate, and then click Sharing and Security.

  5. Select the Make this Folder Private check box, and then click OK.

  6. If this setting does not appear in the Properties dialog box, perform step 6, and then follow the instructions for client computers running Windows 2000 Professional.

  7. On the View tab, under Advanced settings, make sure Use simple file sharing (Recommended) is selected, and then click OK.

If the client computer is running Windows 2000 Professional, log on to the client computer as the user with the profile that did not migrate, and then grant the Administrators group full control over the profile folder and all subfolders.

 To grant the Administrators group full control of the profile folder and all subfolders

  1. Click Start, and then click My Computer.

  2. Double-click the drive where Windows is installed (usually drive C:, unless you have more than one drive on your computer).

  3. Double-click the Documents and Settings folder.

  4. Right-click the user folder that did not migrate, click Properties, and then click the Security tab.

  5. Click Add, type Administrators in the text box, and then click OK.

  6. Under Group or user names, click the Administrators tab, select Allow for the Full Control permission, and then click OK.

  7. Repeat steps 4 through 6 for all subfolders in the user profile.

  8. Repeat steps 4 through 7 for each user folder that did not migrate.

  9. While you are logged on with the user profile that did not migrate, give the user ownership of all files in his or her profile.

To give the user ownership of all files in the user profile

  1. Right-click the user folder to be migrated, click Properties, and then click the Security tab.

  2. Click Advanced, and then click the Owner tab.

  3. In the Change owner to box, select the user that you are giving ownership to, and then click OK.

  4. Select the Replace owner on subcontainers and objects check box, and then click OK twice to save your settings.

  5. Run Client Setup again.
Note
Perform these steps for each user profile listed in the error message.

Note
If you are running Windows 2000 Professional with Service Pack 2, you must upgrade to any later version of the service pack.

Applications are missing after upgrading to Windows Small Business Server 2003.

Cause:  If applications other than those available by default were installed on client computers, they will not be upgraded.

Solution:  You must reinstall these applications on the computer running Windows Small Business Server 2003 and then reinstall them on client computers after the upgrade is complete. Command lines used to install these applications are stored in the registry in the following location:

HKLM\SOFTWARE\Microsoft\SmallBusinessServer\clientsetup\sbs2k_archive\Client Applications\

Caution
Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer.

After the upgrade is complete, start the Client Setup Applications Wizard and use the command lines to reinstall the applications.

To start the Client Setup Applications Wizard

  1. Click Start, and then click Server Management.

  2. In the console tree, click Client Computers. In the details pane, click Set Up Client Applications.

  3. Follow the instructions in the wizard to add client applications.

Older versions of Microsoft Office do not run on client computers that have an Office 2003 application installed.

Cause:  Older versions of Office conflict with Office 2003.

Solution:  To run older versions of Office, you must uninstall all versions of Office on the client computer, and then reinstall the version you want to use.

To uninstall older versions of Office from the client computer

  1. Click Start, and then click Control Panel.

  2. Click Add or Remove Programs, click each version of Office installed on the client computer, and then click Remove.

After uninstalling all versions of Office, reinstall the version that you want to use on the client computer.

The initial logon process is slow after joining the Windows Small Business Server domain.

Cause:  Redirection for My Documents folder has been enabled, and a large amount of data in the My Documents folder on the client computer is synchronizing with the server.

Solution:  No action is required. After the initial logon, only changes to the My Documents folder are synchronized. Synchronization does not take as long as the initial logon.

Files in the local My Documents folder are not synchronizing with the server.

Cause:  Disk quotas have been exceeded.

Solution:  Reduce the size of the user's My Documents folder by deleting unnecessary files or compressing files. Or, increase the quota amount.

To increase disk quotas

  1. On a computer running Windows Small Business Server 2003, click Start, and then click My Computer.

  2. Right-click the volume for which you want to modify quota values, and then click Properties.

  3. On the Quota tab, click Quota Entries.

  4. Click the entries for the users whose options you want to modify, and on the Quota menu, click Properties.

  5. In the Quota Settings dialog box, do one of the following:

    • To track disk space usage without limiting disk space, click Do not limit disk usage.

    • To limit disk space, click Limit disk space to. Type a numeric value, and select a disk space limit unit from the drop-down list. You can use decimal values, for example, 20.5 megabytes (MB).

Note
If the volume is not formatted with the NTFS file system, or if you are not a member of the Administrators group, the Quota tab is not displayed in the volume's Properties dialog box.

I received an error stating that Client Setup cannot migrate private user settings.

Cause:  This error occurs when one or more of the subfolders in a user's profile have been made private. This means that permissions giving other users access to the folders have been removed.

Solution:  Manually configure the client computer to remove the restrictions that are preventing the migration.

If the client computer is running Windows XP Professional, make sure that simple file sharing is enabled on the computer, and then follow the steps outlined in the error message.

To enable simple file sharing on a client computer running Windows XP Professional

  1. Click Start, and then click Control Panel.

  2. Double-click Folder Options.

  3. On the View tab, under Advanced settings, make sure Use simple file sharing (Recommended) is selected, and then click OK.

If the client computer is running Windows 2000 Professional, log on to the client computer as the user with the profile that did not migrate, and then grant the Administrators group full control over the profile folder and all subfolders.

To grant the Administrators group full control of the profile folder and all subfolders

  1. Click Start, and then click My Computer.

  2. Double-click the drive where Windows is installed (usually drive C:, unless you have more than one drive on your computer).

  3. Double-click the Documents and Settings folder.

  4. Right-click the user folder that did not migrate, click Properties, and then click the Security tab.

  5. Click Add, type Administrators in the text box, and then click OK.

  6. Under Group or user names, click the Administrators tab, select Allow for the Full Control permission, and then click OK.

  7. Repeat steps 4 through 6 for all subfolders in the user profile.

  8. Repeat steps 4 through 7 for each user folder that did not migrate.

  9. While you are logged on with the user profile that did not migrate, give the user ownership of all files in his or her profile.

To give the user ownership of all files in the user profile

  1. Right-click the user folder to be migrated, click Properties, and then click the Security tab.

  2. Click Advanced, and then click the Owner tab.

  3. In the Change owner to box, select the user that you are giving ownership to, and then click OK.

  4. Select the Replace owner on subcontainers and objects check box, and then click OK twice to save your settings.

  5. Run Client Setup again.

Note
Perform these steps for each user profile listed in the error message.

Note
If you are running Windows 2000 Professional with Service Pack 2, you must upgrade to any later version of the service pack.

Troubleshooting Windows Vista on your Network

The following are known issues for troubleshooting Windows Vista. They are listed in "Using Windows Vista and Outlook 2007 in a Windows Small Business Server 2003 Network " at the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkID=77626).

Troubleshooting Windows Vista Client Setup

Not all applications that are selected in the Windows Small Business Server Client Setup tools are installed on Windows Vista

I received an error stating that Client Setup does not configure client computers that are running this version of Windows

The logon screen shows "Other User" when the computer restarts after joining the Windows Small Business Server domain during client setup

I receive an error about multiple network adapters when I use Connect Computer to join a client to the domain, even though there is only one network adapter

Troubleshooting upgrades of Windows XP to Windows Vista

While upgrading Windows XP to Windows Vista, I receive a compatibility warning saying that the current ActiveSync version does not work with Windows Vista

The Group Policy settings for Windows Vista Firewall are not applied after I upgrade a client computer from Windows XP to Windows Vista

The CompanyWeb link that is listed in my computer’s network locations after I upgrade a client computer from Windows XP to Windows Vista is broken

The "Connect to Small Business Server" shortcut does not work after I upgrade a client computer from Windows XP to Windows Vista

I can no longer send a fax after I upgrade a client computer from Windows XP to Windows Vista

Troubleshooting E-mail in Windows Vista

Outlook cannot synchronize with the Exchange mailbox on the server

Troubleshooting Remote Connections in Windows Vista

I received an error stating that "Automation server can not create object" when trying to offer Remote Assistance to a client computer

I cannot deploy Connection Manager using the Setup Configuration Wizard on computers

I get an error message about a self-signed certificate when I browse to Remote Web Workplace from a computer that is running Windows Vista and that is not joined to the Windows Small Business Server domain

Troubleshooting Printers and Faxes

I see the shared printer in Windows Vista, even though I deleted the shared printer from the server

I deployed a printer to my x64 client computer, but the printer does not appear in the Printers list

I changed the name of the shared printer, but the original printer still appears on my computer that is running Windows Vista

I deployed a printer on Windows Vista but it does not appear in the printer folder

I get an error message saying "To use the shared printer, you need to install a printer driver on this computer …"

I cannot send faxes by using Microsoft Outlook on a 64-bit edition of Windows Vista

I can no longer send fax after upgrading from Windows XP to Windows Vista Enterprise

Miscellaneous

When I try to install the ISA Server 2004 hotfix on the server, I receive an error stating that Windows Installer cannot install the upgrade patch because the program to be upgraded may be missing

The list of user profiles on a client computer says "None"

The Windows Firewall settings list some applications twice, and one of the duplicated listings has its check box selected and is grayed out

Troubleshooting Mobile Devices

ActiveSync cannot be installed when a mobile device is connected to the client computer.

Cause:  If a mobile device is connected to the client computer, ActiveSync cannot be completely installed.

Solution:  Disconnect the mobile device from the client computer, log off, log on again, and then reinstall ActiveSync.

For more information, open Help and Support and search for "To connect a mobile device by using a cradle or cable."

Pocket PC 2003 is not automatically configured to synchronize with the server.

Cause:  The server is configured to connect to the Internet using a dialup connection instead of a broadband connection.

Solution:  Configure the Pocket PC 2003 using the instructions that came with your device, and manually configure it to synchronize with the server. You must also disable Secure Sockets Layer (SSL) on the mobile device.

Note
Before beginning the following procedure, obtain the server's fully qualified internal computer name and NetBios domain name.

To disable SSL on the mobile device

  1. Click Start, and then open ActiveSync.

  2. Click Tools, and then click Options.

  3. Click the Server tab, and then clear the This server uses an SSL connection check box.

Important
Disabling SSL means that you will send user name and password information over the network. Ensure that you have enabled Wired Equivalent Privacy (WEP) encryption on your wireless LAN.

After running the Get Connected Wizard and selecting "Synchronize with this desktop computer," my mobile device is not synching with my Inbox, calendar or contacts.

Cause:  This problem can occur if any of the following conditions are true:

  • The server is not connected to the Internet.

  • The server is connected to the Internet using a dial-up connection.

  • The user has configured ActiveSync to synchronize the mobile device with the server.

Solution:  Manually configure ActiveSync to synchronize with the desktop computer.

To manually configure ActiveSync to synchronize with the desktop computer

  1. Plug the mobile device into the cradle.

  2. On the desktop computer, click Start, click All Programs, and then click Microsoft ActiveSync.

  3. Click Tools, and then click Options.

  4. On the Sync Options tab, clear the Enable synchronize with a server check box.

  5. When prompted to remove all synchronized data using ActiveSync, click OK.

  6. Select the Inbox, Calendar and Contacts check boxes, and then click OK.

    The device then synchronizes with the desktop computer.
Note
The Routing and Remote Access (RRAS) Wizard configures mobile devices to synchronize with the server by default. Each time you run the RRAS Wizard, you must use the preceding steps to configure mobile devices to synchronize with the desktop computer.

Using a hardware router prevents synchronization when the mobile device is cradled.

Cause:   If the server is configured with a single network card and a hardware firewall, routers that have built-in IP spoofing protection do not allow internal client computers to connect to the external domain.

Solution:  Consult with your hardware provider for updated firmware for your specific device. As an alternative, you can add a DNS zone to bypass IP spoofing by some hardware routers.

To add a DNS zone

  1. Click Start, click Run, and then type dnsmgmt.msc. The DNS Management Console appears.

  2. Double-click your server name in the console tree.

  3. In the details pane, right-click Forward Lookup Zone, and then click New Zone. The New Zone Wizard appears. Click Next.

  4. On the Zone Type page, select Primary Zone, clear the Store the zone in Active Directory (available only if DNS Server is a domain controller) check box, and then click Next.

  5. On the Zone Name page, in the Zone Name box, type the fully qualified domain name of your external domain (for example, www.externaldomainname.com), and then click Next.

  6. On the Zone Files page, click Next.

  7. On the Dynamic Update page, select Do not allow dynamic updates, and then click Next.

  8. Click Finish to close the New Zone Wizard.

  9. Right-click the new zone in the DNS Management Console details pane, and then click New Host (A). The New Host dialog box appears.

  10. Leave the Name field empty. In the IP address box, type the Server Local Area IP address, and then click Add Host.

  11. Click OK, and then click Done to close the New Host dialog box.

The initial synchronization of the mobile device failed.

Cause:  ActiveSync cannot create Microsoft Office Outlook 2003 profiles. If the user starts ActiveSync before running Outlook 2003, the user receives an error message stating that the profile cannot be found.

Solution:  Connect the mobile device by using the cradle or cable, open Outlook, and then reconnect the mobile device.

The user cannot browse the Internet when the mobile device is connected using the cradle or cable (applies only if Internet Security and Acceleration Server 2000 is installed).

Cause:  If you connect the mobile device by using a cradle or cable, you are considered anonymous when browsing the Internet. If ISA Server is installed on the computer running Windows Small Business Server 2003, anonymous browsing is not allowed.

Solution:  Follow the instructions for Microsoft Pocket PC Phone Edition 2002, Microsoft Pocket PC Phone Edition 2003, or Microsoft SmartPhone 2003, and then follow the instructions to configure ActiveSync settings.

To configure connection settings for Microsoft Pocket PC 2003 or Microsoft Pocket PC Phone Edition 2003

  1. On the mobile device, click Start, and then click Settings.

  2. On the Connections tab, click Connections.

  3. Click Set up my proxy server.

  4. On the Proxy settings tab, check the This network connects to the Internet box, and then check the This network uses a proxy server to connect to the Internet box.

  5. Type the proxy server name, and then click Advanced.

  6. In the Port box, type 8080.

  7. Click OK, and then click OK again.

To configure connection settings for Microsoft SmartPhone 2003

  1. On the mobile device, select Start, select Settings, and then select Date connections.

  2. Select Menu, select Edit Connections, and then select Proxy Connections.

  3. Select Menu, and then select Add.

  4. In the Connects From box, select Work. In the Connects To box, select The Internet.

  5. In the Proxy (name:port) box, type the server name and port, using the following format:

  6. ServerName :8080

  7. Type your user name and password, and then select Done.

To configure connection settings for Microsoft Pocket PC Phone Edition 2002

  1. On the mobile device, click Start, and then click Settings.

  2. On the Connections tab, click Connections.

  3. Under Work Settings, click Modify.

  4. On the Proxy settings tab, check the This network connects to the Internet box, and then check the This network uses a proxy server to connect to the Internet box.

  5. Type the proxy server name, and then click Advanced.

  6. In the Port box, type 8080.

  7. Click OK, and then click OK again.

To configure ActiveSync settings

  1. On the client computer, click Start, point to All Programs, and then click Microsoft ActiveSync.

  2. On the Tools menu, click Options, and then click the Rules tab.

  3. In the Connection box (under Pass Through), click the down arrow, and then click Work.

The first time that you use the device to browse the Internet, you are prompted for a user name and password. Type a user name that is a member of the Windows Small Business Server Internet Users group, and save the password so that ActiveSync can synchronize with the server.

Note
If you still cannot browse the Internet, see the person responsible for your network to ensure that you have the correct permissions.

A connection cannot be established between the mobile device and the client computer.

Cause:  There is a universal serial bus (USB) connection error.

Solution:  Upgrade to the latest version of ActiveSync. If the user is already using the latest version, remove the mobile device from the cradle (or disconnect the cable), turn the device off and then back on, and then reconnect it.

The mobile device cannot be synchronized when connected using a cradle or cable.

Cause:  The Pass Through option is not configured correctly in ActiveSync.

Solution:  Configure the Pass Through option.

To configure the Pass Through option

  1. On the client computer, click Start, point to All Programs, and then click Microsoft ActiveSync.

  2. On the Tools menu, click Options, and then click the Rules tab.

  3. In the Connection box (under Pass Through), click the down arrow, and then click Internet.

For more information, see Microsoft ActiveSync Help. To open ActiveSync Help, click Start, point to All Programs, click Microsoft ActiveSync, and then click Help.

Outlook Mobile Access with Secure Sockets Layer (SSL) does not work on a SmartPhone 2002, PocketPC 2002, or Wireless Application Protocol (WAP) 2.0 phone.

Cause:  Some of these devices are not supported using the Windows Small Business Server unsigned certificate.

Solution:  Purchase a signed certificate from a trusted certification authority (CA) for the server to support these devices.

Other considerations for troubleshooting mobile devices.

If you continue to have a problem using your mobile device, consider the following questions:

  • Does your mobile device have sufficient signal strength?

  • Can you browse to other internal or external Web sites?

  • Have you tried turning off the device and then turning it back on?

  • Does your mobile device synchronize when connected to the server?

  • Have you allowed access to the Outlook Mobile Access Web service from the Internet using the Configure E-mail and Internet Connection Wizard?

  • Are you using an external router? Are ports 80 and 443 open and pointed to the server?

  • Have you tried reconfiguring your mobile device?

To reconfigure your mobile device

  1. On the client computer, click Start, point to All Programs, and then click Microsoft ActiveSync.

  2. Connect the mobile device to the client computer by using the cradle or cable included with the device.

  3. Click Start, and then click All Programs.

  4. Click Small Business Server Tools, and then click Configure Mobile Device.

    The device will be reconfigured with the original Windows Small Business Server settings, and users will be able to synchronize with the server within a few seconds.
Note
The mobile device configuration program is at the following location:

Program Files/Windows Small Business Server/Clients/SBSMobConfig.exe

For more information, open Help and Support and search for "To allow access to Web services on the server.

Troubleshooting E-mail

I cannot see my deleted mailbox item when I try to recover it by using the Recover Deleted Items option on the Tools menu in Outlook.

Cause: You may not have selected the folder or the parent folder from where the item was permanently deleted.

Solution: If you are recovering a permanently deleted mail item, ensure that you select the folder from which the mail was deleted. For example, if you have a subfolder in your Inbox named Meeting Minutes, you must select the Meeting Minutes folder before you choose the Recover Deleted Items option on the Tools menu.

If you are recovering a deleted folder, ensure that you select the parent folder of the deleted folder. For example, if you permanently deleted a subfolder named Meeting Minutes from your Inbox, you must select the Inbox folder before you choose the Recover Deleted Items option on the Tools menu.

Note
You cannot recover a permanently deleted item if the retention time for permanently deleted items has elapsed. The default retention time is 30 days. An administrator can run the Backup Configuration Wizard to change the retention time or to turn it off.

The Recover Deleted Items option is disabled on a Windows XP-based client computer.

Cause: There are two possible causes. First, you may be using Outlook over the Internet (which is also called "RPC over HTTP") to check your e-mail. Second, you may have manually joined the Windows XP-based client computer t o the Windows Small Business Server network. If you did, then you bypassed Windows Small Business Server Client Setup, which enables the Recover Deleted Items option in Outlook.

Solution: You must manually enable the Recover Deleted Items option.

Note
You must log in as an Administrator of the client computer to complete the following procedure.

To manually enable the Recover Deleted Items option

  1. On the client computer, exit Outlook.

  2. Click Start, click Run, and then in the Open text box, type regedit.

    Caution
    Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer.

  3. Browse to HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Exchange\ Client\ Options.

  4. From the Edit menu, click New, and then click DWORD Value.

  5. Type the name DumpsterAlwaysOn.

    Note
    Do not type any spaces in the name.

  6. Double-click DumpsterAlwaysOn, and then in the Value Data field, type 1.

  7. Restart Outlook.

I have more than one e-mail domain name, and the E-mail Domain page of the Configure E-mail and Internet Connection Wizard allows me to enter only one of the domain names.

Cause:  The Configure E-mail and Internet Connection Wizard can configure reply-to addresses for only one e-mail domain on the E-mail Domain page.

Solution:  Use one of the e-mail domain names when you run the wizard. Then, you can create a custom recipient policy in Exchange Server 2003 for a second e-mail domain. The custom recipient policy creates the appropriate e-mail addresses for users in the second e-mail domain.

For more information, search for "Create a New Recipient Policy" in Exchange server Help. To access Exchange server Help, click Start, click Server Management, and then press F1.

Unsolicited e-mail is being delivered to Exchange server mailboxes.

Cause:  Connection filtering is not configured on your Exchange server.

Solution:  Exchange 2003 supports connection filtering based on block lists, which are lists that can be queried by your Exchange server to identify verified spam sources. Connection filtering uses external services that list known sources of unsolicited e-mail, dial-up user account lists, and servers open for relay based on IP addresses on block lists that they maintain. Connection filtering complements third-party content filter products. You can also configure connection filtering without using a block list provider by creating global accept and deny lists of SMTP addresses from which you want to globally accept or deny all e-mail.

To configure connection filtering, you must first create and configure a connection filtering rule, and then apply it your SMTP virtual server. For more information, search for "Configure Connection Filtering" in Exchange server Help. To access Exchange server Help, click Start, click Server Management, and then press F1.

Troubleshooting Monitoring

I have received an alert notification that a user account is under attack.

Cause:  A user has repeatedly tried to log on due to losing or forgetting the user account password. This alert occurs when the number of failed logons for a specific user exceeds the Account Lockout Threshold.

Solution:  Reset the user account password.

Note
To complete the following procedure, you must be logged on as a member of the Domain Admins security group.

To reset a user's password

  1. Click Start, and then click Server Management.

  2. In the console tree, click Users.

  3. In the details pane, select a user account, and then click Change Password.

  4. Type and confirm the new password.

  5. Select or clear the User must change password at next logon check box, and then click OK.

Cause:  An actual attack has occurred. This alert occurs when the number of failed logons for a specific user exceeds the Account Lockout Threshold.

Solution:  You need to do the following if you suspect the account is under attack:

  • Unplug the Internet cable from your server or router if you are certain that your network has been attacked. Open Event Viewer and view the audit logon events in the Security Events log to determine if an attack has occurred.

To open Event Viewer

  1. Click Start, and then click Server Management.

  2. In the console tree, click Monitoring.

  3. In the details pane, click View Event Logs.

  • View the event log to try and determine the IP address from which the attack is originating. Contact your Internet service provider (ISP) to report or block it.

  • Check for any unknown user accounts by using the Manage Users snap-in in Server Management.

  • Reset the user's password.

  • Reset the administrator password.

  • Disable the user account until the threat of the network attack passes.

Note
To complete the following procedure, you must be logged on as a member of the Domain Admins security group.

To disable a user account

  1. Click Start, and then click Server Management.

  2. In the console tree, click Users.

  3. In the details pane, select a user account, and then click Disable Account.
Note
Disable accounts are not removed, but you cannot use them to log on or to access network resources.
  • Consider setting strong password policies.

Note
To complete the following procedure, you must be logged on as a member of the Domain Admins security group.

To configure password policies

  1. Click Start, and then click Server Management.

  2. In the console tree, click Users.

  3. In the details pane, click Configure Password Policies.

  4. Select the check boxes to configure the policies you want, select when you want the policies to become effective, and then click OK.

    If you are still setting up the network and thus do not want the policies to be effective yet, you can choose to make them effective in a few days.
Note
This action changes the password policies used in your entire network. Enabling or changing password policies requires all users to change their passwords the next time they log on to the network.

For more information about keeping your network secure, visit the Microsoft Security and Privacy Web site (http://go.microsoft.com/fwlink/?LinkID=102).

Usage information for Internet activity cannot be viewed in the server usage reports.

Cause:  You might be using a router as a firewall to access the Internet. If so, usage information for Internet activity cannot be included in the report because Windows Small Business Server 2003 is unable to monitor firewall statistics for third-party devices.

Solution:  Install a second network adapter on the computer running Windows Small Business Server 2003, and then enable the Routing and Remote Access service as the firewall on the server by using the Configure E-mail and Internet Connection Wizard.

Cause:  You might be using the Internet Security and Acceleration (ISA) Server firewall to access the Internet. Windows Small Business Server 2003 is unable to monitor firewall statistics for ISA Server.

Solution:  Configure ISA Server for monitoring and reporting. For more information about configuring ISA Server for monitoring and reporting, search for "Configure monitoring and reporting" in the ISA Server Help. To access ISA Server Help, click Start, click Server Management, and then press F1.

I am not receiving server performance or usage reports in Outlook Express.

Cause:  By default, Outlook Express blocks certain file attachments in e-mail to prevent you from opening potentially harmful attachments. As a result, you may not be able to open server performance or usage reports.

Solution:  Configure Outlook Express to allow attachments.

To configure Outlook Express to allow attachments

  1. Open Outlook Express.

  2. On the Tools menu, click Options.

  3. On the Security tab, clear the Do not allow attachments to be saved or opened that could potentially be a virus check box, and then click OK.

Note
E-mail attachments can contain viruses. It is recommended that you open files sent by a reliable source only and that you use antivirus software to scan files received in e-mail.

Server performance or usage report does not contain all selected log files.

Cause:  If a selected log file has not changed since the last time it was attached to a server performance or usage report, or if no new files exist for applications that generate multiple log files (such as Internet Information Services), the server performance or usage report will not contain attachments for those selections.

Solution:  No action is required. To review the latest version of a selected log file, open the file attachment from the previously delivered server performance or usage report.

Services set to start automatically stop running.

Cause:  When configured to start automatically, a small number of services may stop running if they are not performing any tasks. When this happens, these services are reported in the server performance report as not running. This is known to occur with the following services:

  • Fax

  • Performance Logs and Alerts

  • Removable Storage

Solution:  The noted services are designed to stop running when they are not being used. If you do not want these services to be reported in the server performance report when they are not running, you can change the Startup type for the service to Manual.

To change the startup type for a service to Manual

  1. Click Start, and then click Server Management.

  2. In the console tree, click Monitoring and Reporting, and then click View Services.

  3. In the details pane, right-click the service that you want to change, and then click Properties.

  4. For Startup type, select Manual, and then click OK.

For more information, open Help and Support and search for "Monitoring overview."

Monitoring alerts are not being delivered.

Cause:  After a Health Monitor configuration is imported using the Import Health Monitor Configuration Wizard, imported actions may not run as expected. This problem can occur when settings for imported actions remain associated with the computer from which they were exported. For example, the SMTP server specified for e-mail actions could be inaccurate, or an inaccurate file path could be specified for script actions.

Solution:  Review the settings for the imported actions and make changes as necessary.

To view the imported actions

  1. Click Start, point to Administrative Tools, and then click Health Monitor.

  2. In the console tree, click Actions.

  3. In the details pane, right-click an action, and then click Properties.

  4. Review the settings on each tab, and modify as necessary.

  5. Repeat steps 3 and 4 for each action.

For more information, open Help and Support, and then search for "To update settings for an imported Health Monitor configuration."

Troubleshooting Backup and Restore

The server locks down, reporting Event ID 21192 and the error message, "The ISA Server Web filter was unable to connect to MSDE database...."

Cause: If your server is running Internet Security and Acceleration (ISA) Server, then at midnight ISA Server creates a new MSDE instance to store the next day's logging information for the Web and proxy traffic. If a backup is also a scheduled to begin at midnight, there is a conflict between the ISA Server MSDE instance and the backup process, and this conflict causes the server to lock down.

Solution: To exit the lockdown, restart the Microsoft Firewall service.

To restart the Microsoft Firewall service

  1. Click Start, point to Administrative Tools, and then click Services.

  2. In the list of services, right-click the Microsoft Firewall service, and then click Properties.

  3. Ensure that the Startup type is set to Automatic.

  4. In Services status, click Start, and then click OK.

To prevent this issue in the future, schedule the server backup to start at either 11:30 P.M. or 12:30 A.M. This ensures that there is no conflict between the ISA Server MSDE instance and the backup process.

To modify the Backup schedule settings

  1. Click Start, and then click Server Management.

  2. In the Admin Console, in Standard Management, click Backup.

  3. In the details pane, click Modify the Backup Schedule. The Backup Configuration Wizard starts.

  4. On the Define Backup Schedule page, in the Start Backup at list box, choose either 11:30 P.M. or 12:30 A.M. or later.

Quarantined virus files are not backed up, and your backup reports a failed status.

Cause: If the quarantine folder for your antivirus software is saved to a volume that is protected by a previous version of Volume Shadow Copy service, then the shadow copy captures the quarantine folder. As a result, the shadow copy includes viruses.

Solution: You can either use the antivirus software to move the quarantine folder to a volume that is not protected by Volume Shadow Copy service or configure the anti-virus application to delete infected files instead of having them quarantined.

For more information about resolving this issue, if you are using TREND Micro, Inc. antivirus software on your server, see Article 888035, “Quarantined virus files are skipped and your backup reports a failed status on your Windows Small Business Server 2003-based computer” at the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkID=70319).

I do not have a backup copy of the mailbox database on my server.

Cause:  You have not configured a back up solution for your mailbox database.

Solution:  Use the recovery storage group feature in Exchange Server 2003 to create a backup copy of the Exchange mailbox database on the server. You can do this while the original database is still running and serving client computers. For information about how to create a backup copy of the Exchange mailbox database on the server, see "Using Microsoft Exchange Server 2003 Recovery Storage Groups" at the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkID=70663).

The NTBackup log is blank.

Cause: NTBackup.exe is being manually ended from the Task Manager, or NTBackup.exe encountered an error during launch.

Solution:  Run NTBackup manually, and load the Small Business Backup Script.

To run NTBackup manually and load the script

  1. Click Start, click Run, type ntbackup, and then press Enter. The Backup or Restore Wizard launches.

  2. On the Welcome to the Backup or Restore Wizard page, click Advanced Mode.

  3. Click the Backup tab.

  4. From the Job menu, choose Load Selections.

  5. In the File Name box type %sbsprogramdir%\backup.

  6. Click Small Business Backup Script.bks to select, and click Open.

  7. On the Backup tab, click Start Backup.

If the backup succeeds, run the Windows Small Business Server Backup Configuration Wizard from the Backup taskpad in Server Management. If the problem persists, click Start, click Server Management, click the Information Center link, and then click either Community Website or Technical Support to get information about the problem.

If the backup fails, consult the error message for further information about the problem.

Backup fails, reporting "'Script.bks' file not found."

Cause:  The Exchange Information Store is not running.

Solution:  Start the Exchange Information Store.

To start the Exchange Information Store