Friday, May 17th, 2013
I’ve seen this question asked a bit in the various mail lists and forums. The short answer is yes it does. Trend have documented here the supported Exchange versions for WFBS 8.0. This document was recently updated after they completed their testing using the final RTM version of Exchange 2010 Service Pack 3.
Tuesday, March 5th, 2013
There’s more than a few questions about user limits, device limits and so on around Windows Server 2012 Essentials. Microsoft have a few blog posts, on this but are not really all that clear – so here’s my shot at answering those questions.
How many users can I run on my Windows Server 2012 Essentials server?
Windows Server 2012 Essentials comes with support out of the box for up to 25 users. You do not need to purchase additional CALS at that point – in fact there are no CALs that you can purchase for Windows Server 2012 Essentials at all. What you have when you purchase Windows Server 2012 Essentials is the right to create up to 25 users and allow them to access the server and it’s resources – note that I did not say that you have 25 CALs for users.
What if I want to have 26 or more users?
If you want more than 26 users, you can do that using the Transmog or inplace upgrade available from Microsoft. They describe it here. What you do here is basically get a Windows Server 2012 Standard Edition product key and enter that into your server – and after a couple of reboots, you have a Windows Server 2012 Standard Edition server with the Essentials bits still present and working. Two things you need to understand. Firstly – when you do this, you need to purchase Windows Server 2012 CALS for all users or devices that access this server – there is no limit to the number you can purchase – if you want you can put 500 users on your server now because it is basically a Windows Server 2012 Standard server now. The second thing you need to understand however is that the Windows Server 2012 Essentials features that were left on your server are only tested and supported for up to 75 users. So while you CAN have 500 users, Microsoft will tell you they only support up to 75 users as that is all they have tested and will guarantee. The article I linked to above will give you more information on that.
Boon Tee – fellow SBS MVP has a blog post here where he also summarises what Microsoft are trying to get across… should not be so hard should it?
Thursday, February 28th, 2013
I was installing Window Server 2012 Essentials today for a client, and had laid down the base operating system and then walked away from the computer for a while. When I came back, I found the screen was locked and I didn’t know the password. Some investigation found that the default Administrator password used during the setup of Windows Server 2012 Essentials is Admin@123 – Microsoft documented it here which is where I found it.
Note – this is not a major security issue, as this password is only used for the base Windows installation. Once you either finish the new server installation or server migration, the local administrator password is set to whatever you’ve told it to be set to for the Domain Administrator.
Tuesday, December 11th, 2012
In short – you can’t. You can however install it using the trial/evaluation key available from Microsoft here and then later once you get the real product key you can put that in via the Properties of the Computer and activate it as fully licenses software.
Monday, December 10th, 2012
This question is often asked by people as they try to setup things such as Network Teaming etc. It’s always been the case that Microsoft have NEVER supported more than one Network card since SBS 2008 era. Prior to that they supported two network cards, but only for Internet access and they’ve never supported network teaming at all. So – in Windows Server 2012 Essentials, Microsoft once again only support a single network card in the server. Here’s the official Microsoft word on Network Teaming as it relates to Windows Server 2012 Essentials
Tuesday, November 6th, 2012
Microsoft designed Windows Server 2012 Essentials to work with onpremise Exchange server installations. Below is the list of Exchange versions they support with the WS2012E console integration and the ARRconfig tools.
Exchange 2010 SP1
Exchange 2010 SP2
Personally, I’ve not tried Exchange 2013 as yet, so can’t vouch for it, but I will try it shortly and advise.
Wednesday, October 10th, 2012
Windows Server 2012 Essentials is different from previous versions of SBS as it’s designed to work with 3 different types mail systems. As a result the ports you need to have open on your firewall is also different.
If you have a uPnP router then the configuration wizards in Windows Server 2012 Essentials will do the work for you. If you like me elect to disable uPnP then you will need to configure the firewall port forwarding manually.
Here’s the list of ports you need to open on your firewall for Windows Server 2012 Essentials. Note that not ALL of them need to be open in order for things to work.
Port 25 – is NOT required to be open if you are using a cloud based mail system such as Office 365 then this port can and should be closed. ONLY if you have an onpremise Exchange or other mail server should you open this port to your network. If you have an onpremise Exchange or other mail server, then you will port forward this port to that server and not the Windows Server 2012 Essentials server. If you have no external email filtering or antispam software then you will need to leave this open for all external IPs. If however you are using something like ExchangeDefender or Trend IMHS then you will need to lock down the external IPs that this port can talk to.
Port 80 - does NOT need to be open at all in reality. It’s there to provide an easy redirect for our users when they go to access the Anywhere Access feature of Windows Server 2012 Essentials (formerly known as Remote Web Access). Having this port open allows the user to type in remote.mycompany.com into a web browser which will then go direct to our server. The server will immediately redirect the user to https://remote.mycompany.com/remote so that all traffic is encrypted. You can safely close this port to reduce your attack profile but you will need to train your users to type in the full URL of https://remote.mycompany.com/remote. My advice is to train your users – put this URL on the back of a business card for them to make it easy to handle.
Port 443 – this is a mandatory one. This needs to be open and forwarded to your Windows Server 2012 Essentials server to allow access to the Anywhere Access website. All traffic over this connection is encrypted so it’s safe and secure. If this is not open then none of these functions will work outside your office. This port is also used by default for the SSTP VPN protocol which is the default protocol in Windows Server 2012 Essentials.
Port 1723 – is an optional port on Windows Server 2012 Essentials. You see – the default protocol for VPN is now SSTP which runs over port 443. You will only need to open port 1723 if you have client PCs that can not use SSTP to access your server. Make sure if you have a more advanced router to also allow the GRE protocol (type 47) over this port.
Wednesday, October 3rd, 2012
You will get this on a server as standard error if you are trying to run scripts that you’ve created yourself. To get around the issue, you need to change the execution policy on the server to allow you to run unsigned scripts. Use the command below to do this.
Monday, August 20th, 2012
There’s a lot of things that go on under the covers of a domain joined computer that you just don’t realise most of the time. One of the recent things I was involved in today was the investigation of a client network that had slow internet. Here’s how the problem was investigated.
Ok – hope that’s been helpful to you – let me know if there are more things like this that can help you investigate and troubleshoot better.
Monday, August 6th, 2012
Recently we took over a new site, and as part of that we went about changing passwords for a number of key services and a few more additional items. This then became a discussion amongst my fellow MVPs about what do you change when you take over a site, I took it to task to put together a list of passwords and things to review when you take over a site.
Network Related Items
Firstly, secure the most recent backups of the servers. That way if anything goes amiss, you have something to compare it to. Then create a new Admin account with a password only you know as a temporary backdoor – delete it once you have completed all the following.
Other Non Network Related Issues
What else would you add to this list? The goal is to ensure that you get full control of the network as quickly as possible.