Small Business Server 2011 Standard - Build Document III. Key Tasks After the Server Is Installed

Make a backup

At this time you may wish to make a full backup of the server before proceeding to the next step of moving data and installing updates. SBS 2011's native backup is imaged based and can be used to restore the server from scratch. Some people like the native SBS backup, some people prefer a third party backup. At this early state of building the server, before installing updates I'd recommend using the native backup to make a backup of the server. Add an external USB hard drive, run the sbs backup wizard. Ensure that you use an external USB hard drive of a different size than the partitions in your server as it will make determining which backup drive is the proper one easier. More information on backup can be found in this wiki post.

Install certain updates first

 Windows Server 2008 R2 Service Pack 1 can, and should, be installed on SBS 2011 Standard per the official SBS blog post here. To get the Windows Server 2008 R2 SP1 to be immediately offered, three updates are needed; subsequently, then you can search using Microsoft Update and have SP1 advertised for installation. explained in detail here

While Exchange 2010 has SP1 already on the box, you should be offered Exchange update rollups. Exchange 2010 SP2 is now released along with related update rollups for consideration to install; remember that Exchange Service Packs are irreversible aka you cannot uninstall or go back. So unless a feature is desired in Exchange 2010 SP2, you'll be wise to go with what is a known good quantity.

All of the released Security updates for Windows 2008 R2 will also need to be updated.. After that you can manually install all of the updates after you flip the box over to Microsoft update. While you can install using WSUS, using Microsoft update is a faster way to get the box updated.

How we run updates as found in our SBS 2011 Setup Guide. Philip Elder SBS MVP

1. Exchange 2010 Updates
2. Server Updates via WSUS/MU.
   • Update to the latest SBS Update Rollup first.
   • Run updates according to the following product groups:
   • Windows Server 2008 Standard R2
     • Run OS Updates at around 10-15 per reboot cycle.
     • Run OS Security Updates at around 5-10 per reboot cycle.
   • Exchange SP1/2/3 or Exchange Rollup RU1/2/3/etc 
   • .NET
     • If .NET v1 is present update first.
     • Do .NET v2 and v2.x updates one at a time.
     • Do .NET v3 and v3.x updates one at a time.
     • Do .NET v4 and v4.x updates one at a time.
     • Reboot between each cycle as requested.
   • SQL
     • Start with 2005 versions.
     • Next to 2008 versions.
     • Next to 2008 R2 versions.
3. WSUS, and others.
4. Deploy the Network Location Change Hotfix - http://support.microsoft.com/kb/2524478
5. SharePoint Foundation Updates should be run separately .
   • Back Up Before SharePoint Updates!
   • NOTE: Official SBS Blog: You Must Manually Run PSCONFIG after Installing SharePoint 2010 Patches
   • Add an email Alert if PSConfig is Required Microsoft TechNet Gallery 

Speed up reboots

Unlike SBS 2008, SBS 2011 shuts down Exchange quickly thus at this time we don’t recommend you do any tweaks to speed up the reboot.

Fixing DNS

Before running the Internet domain wizards determine if you will use the native DNS which points to root hints or will flip over to DNS forwarders. 

There is a known issue with the DNS in Windows 2008 where the root hints may fail in certain circumstances.  R2 suffers from the same issue and the registry change was not set by Sustained engineering. See official kb entry here

To fix this perform the following.

If you want to use root hints, you can set the maxcachettl registry value on the Windows 2008 DNS Server as follows:

1.  Start Registry Editor (Regedit.exe). 

2.  Locate the following registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters 

3.  On the Edit menu, click New, click DWORD (32-bit) Value , and then add the following value:

   •  Value: MaxCacheTtl
   •  Data Type: DWORD 
   •  Data value: 0x2A300 (172800 in decimal = 2 days)

4. & Click OK. 

5. & Quit Registry Editor.

6.  Restart the DNS server.

 Data type Range /p>

•  REG_DWORD 0x0 | 0x1 - 0xFFFFFFFF seconds Default value:0x15180 (86,400 seconds = 1 day)

 You may see this behavior in Windows 2008, SBS 2008 and EBS 2008.

 Alternativley you can use this script to set this Value for you. http://gallery.technet.microsoft.com/Set-DNS-Max-Cache-TTL-Value-09aced02

 2. Setting DNS scavenging to ensure that Remote Web Workplace will properly work.

IE TRUSTED SITES

 Using the server to browse the Internet is not recommended, However, you may need to download files from Microsoft when there is no workstation available. Add these URLs to Internet Explorer trusted sites to prevent downloads from Microsoft from being blocked:

• Start up Internet Explorer, and click Tools > Internet Options > Security tab > Trusted Sites > Sites
• Add following URLs
  • download.microsoft.com
  • *.download.microsoft.com

Alternatively you can disable enhanced IE by launching the server manager, scrolling down, finding IE ESC and launching the console. From there disable it for Administrators only and then NEVER surf from the server.

 

Move data

Use the move data wizards in the console to move data from the c: drive to the additional partitions you have chosen. 

If you move the location for storing user data, please turn on Shadow Copies for the volume where the files will reside. Optionally enable Access Based Enumeration for the shares

1. Unlike SBS 2008, the SBS 2011 is set to automatically trim the WSUS logs,
2. You can also move the SUSDB following this blog post.

 

DHCP Scope Best Practices

1. <to come>

To return to the outline of the SBS 2011 build document, click here.