IT Support Newcastle

Small Business Server – annoyances

By Paul W. in Small business server | 19/07/2011

SBS 2008 is a great product, providing the small business with MS Windows Server 2008 and MS Exchange 2007, as well as a few other robust features.

It does, however, come with a few annoying issues.  Below are some of these issues, including instructions on how to resolve them. 

 

Problem: The Security log is full

Shortly after joining your clients to the new SBS 2008 domain, users are unable to log on to their PC, with the following message being displayed:

“The security log on this system is full. Only administrators can log on to fix the problem”


This is caused by the “SBSMonAcct” account, a special account created by SBS 2008 that interacts (a lot!) between client and server. 

The solution is to change the default retention settings for the Windows Security log, and to set a maximum log size.  The best way to do this is via Group Policy.

  • On your SBS 2008 server, open Group Policy management and edit the “Windows SBS Client Policy”
  • Navigate to Computer Configuration _> Policies _> Windows Settings _> Security Settings _> Event Log
  • Edit the “Maximum Security Log Size” and “Retention Method for Security Log” settings as follows:
    • Maximum Security Log Size: 16,384 kilobytes (the default when you enable this policy)
    • Retention Method for Security Log: set to “Overwrite events as needed”.

 

Problem: The POP3 Connector

If you have pop3 mailboxes that you want to automatically download mail from and deliver to an existing Exchange mailbox, you use the POP3 connector wizard.  However, by default, the POP3 connector wizard does not show your AD user mailboxes in its dropdown list.  So how do you select which user you want to deliver the pop3 mail to?

The solution is simple.  To allow the wizard to see your SBS users in it’s dropdown list, you need to modify an attribute on the user object in AD.

  • In Active Directory Users and Computers, go to View _> Advanced Features
  • Open up the properties of the user you want, then click on the Attribute Editor tab
  • Find the property called msSBSCreationState
  • Change the value to “Created”

The user will now show up in the SBS Console and, if the account is mail enabled, the mailbox will show up in the drop-down list under the POP3 connector.

 

Problem: Some websites suddenly become inaccessible to you

Some websites suddenly become inaccessible to you, and the only way you can get access to them again is to restart the DNS server service on your SBS 2008 server.

The reason for this is because when the DNS server saves the NS records to the cache, the TTL for the A record gets changed to be 1 day.  The TTL for the NS Record stays at 2 days.  When the A records expire, the DNS server starts returning a “Server Failure” response to the client that issues the DNS query.

The solution to this is included in this Microsoft knowledge base article (note: modify the registry at your own risk).

  • Start Registry Editor (regedit.exe)
  • Locate the following registry key:
    • HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesDNSParameters
  • On the Edit menu, click New, click DWORD (32-bit) Value, and then add the following value:
    • Value: MaxCacheTTL
    • Data Type: DWORD
    • Data value: 0x2A300 (172800 seconds in decimal, or 2 days)
  • Click OK
  • Quit Registry Editor
  • Restart the DNS Server service

 

We hope these tips prove useful to you.  Please click here to contact us if you would like advice on this or any related topic.

 

All

Announcements

Hardware

Security

Small business server

Hints and Tips

Support

Virtualisation

Content

Sign-up to receive IT tips, news, and events