Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




1368 posts

Uber Geek
+1 received by user: 118


Topic # 150961 9-Aug-2014 10:45
Send private message

Recently I upgraded from my SBS2011 server to Server 2012R2 (Standard with the Essentials role), along with SBS2011 (for on site Exchange).  I has SBS2011 running for a while with no issues, but upgraded for a few reasons:

SBS2011 is an older product based on Server 2008, and 2012R2 offers improved performance
2012R2 includes Hyper-V and I now have a few VM's (SBS2011 can only address 8GB of RAM)
I wanted on site Exchange (both to move away from gmail etc, but also as a learning exercise)
I wanted to setup BES for my Blackberry (this runs in a VM along with SQL Server in another VM)

However I have a few issues and wondered if anyone could help.

1) Domain logins - as part of the move the main change was from a workgroup setup to a domain, however my iMac has real issues logging into the domain.  Now I get constant errors (trust relationship errors like http://support.microsoft.com/kb/162797 )
2) Windows Updates via WSUS - I have a Windows 8.1 laptop that just doesn't get updates from WSUS no matter what I do

Are these 'normal' issues for running a domain? I am thinking of reverting back to WHS2011 for the file shares, and keeping SBS2011 for just Exchange and SharePoint, and not bothering with the AD part.

Create new topic
1332 posts

Uber Geek
+1 received by user: 284


  Reply # 1106878 12-Aug-2014 09:49
Send private message

WSUS is nothing but a pain in the *ss . You would be surprised how many SBS2003 networks simply stopped doing any WinUpdates
on server & workstations after MS put through an update to the WSUS software.

I had the same issue Win Win8 & SBS2011 .  It also caused issues when Win8 needed to use WinUpdate to download a driver (eg for printers)

To sort this out properly means reconfiguring Wsus, Group Policies etc. And then constantly check things as
MS may put out a patch/update that simply breaks it , needing reconfiguration, again.

or
copy below into a txt file, rename to .reg & run it on the Win8 pc
reboot , go into Winupdates & change the settings .

Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]



1368 posts

Uber Geek
+1 received by user: 118


  Reply # 1106879 12-Aug-2014 09:56
Send private message

Ironically, after posting this I have come across another problem - the amount of disk space WSUS updates take up.  It is already at 70GB and now the C: is full!  And since it's a Vm with snapshots I have to merge the snapshots (not a quick thing to do) shut down the VM, expand the disk, and restart.  I have for the time being turned off the Update Service and cleaned the WSUS folder.

1101 - Thanks for the info.  I may just use SBS2011 for the email and SharePoint functionality.  I am 50/50 on if I need the domain functionality.  I can setup a WHS2011 box (effectively using it as a SAN) for all my shared files.

Final thing would be - would anyone recommend the 2012R2 remote access over the SBS2011?  I currently have it setup so that I remote into the SBS2011 system, where I can access shared files, RDP etc.  But I understand the 2012R2 functionality is far better?  I assume just changing ports 80, 443 and 3389 on my modem is all I need to do?

 
 
 
 


2090 posts

Uber Geek
+1 received by user: 848


  Reply # 1106945 12-Aug-2014 11:14
Send private message

timbosan: Ironically, after posting this I have come across another problem - the amount of disk space WSUS updates take up.  It is already at 70GB and now the C: is full!  And since it's a Vm with snapshots I have to merge the snapshots (not a quick thing to do) shut down the VM, expand the disk, and restart.  I have for the time being turned off the Update Service and cleaned the WSUS folder.

1101 - Thanks for the info.  I may just use SBS2011 for the email and SharePoint functionality.  I am 50/50 on if I need the domain functionality.  I can setup a WHS2011 box (effectively using it as a SAN) for all my shared files.

Final thing would be - would anyone recommend the 2012R2 remote access over the SBS2011?  I currently have it setup so that I remote into the SBS2011 system, where I can access shared files, RDP etc.  But I understand the 2012R2 functionality is far better?  I assume just changing ports 80, 443 and 3389 on my modem is all I need to do?


Be selective in what WSUS downloads - select only updates needed by computers and only for products you use.

WSUS is perfectly fine - usual issue being people that don't know how to use it setting it up wrong.

Do some reading before opening random ports - the new stuff is pretty well documented.

Domain at home isn't worth it for 2 devices, no. Especially if one is a mac. However given you are using Sharepoint and Exchange you already have a domain - your clients just aren't joined to it.

Not to be rude but from the sounds of it this isn't something you manage/deal with every day - so unless you want to learn how all of this works I wouldn't bother. 

Awesome
4781 posts

Uber Geek
+1 received by user: 1059

Trusted
Subscriber

  Reply # 1106951 12-Aug-2014 11:16
Send private message

How many mailboxes do you run on Exchange at home? I would be considering Office 365. A few bucks a month and you don't need to use your own hardware/power etc.




Twitter: ajobbins


1507 posts

Uber Geek
+1 received by user: 213


  Reply # 1107010 12-Aug-2014 12:29
Send private message

What aspect of remote access are you wanting to use?
If it is direct access, you can only run it on enterprise windows 8/8.1 and need a certificate if you want windows 7. 
If it is the RDP gateway or VPN, honestly, it is a bit easier with server 2008R2. Type of VPN is going to determine ports and protocols. 

WSUS is fine, only download what you need and the size is managable. Deploy settings through group policy and it works lovely.  It is complete overkill for one PC though.





Try Vultr using this link and get us both some credit:

 

http://www.vultr.com/?ref=7033587-3B


1507 posts

Uber Geek
+1 received by user: 213


  Reply # 1107916 13-Aug-2014 20:02
Send private message

Just found today that you can set wsus to make clients download direct from MS. This should stop the local storage issue and still allow you to manage updates. 




Try Vultr using this link and get us both some credit:

 

http://www.vultr.com/?ref=7033587-3B


4948 posts

Uber Geek
+1 received by user: 1316

Trusted
Microsoft

  Reply # 1107954 13-Aug-2014 21:00
Send private message

Exchange & SharePoint depend on AD, so it sounds like you need a DC unless you move both those workloads into Office 365 (that's what I'd recommend, but sounds like want the local install for training/learning)

1496 posts

Uber Geek
+1 received by user: 368


  Reply # 1107956 13-Aug-2014 21:03
Send private message

ajobbins: How many mailboxes do you run on Exchange at home? I would be considering Office 365. A few bucks a month and you don't need to use your own hardware/power etc.

timbosan:  but also as a learning exercise



1368 posts

Uber Geek
+1 received by user: 118


  Reply # 1107964 13-Aug-2014 21:35
Send private message

ajobbins: How many mailboxes do you run on Exchange at home? I would be considering Office 365. A few bucks a month and you don't need to use your own hardware/power etc.


Only 3, but as mentioned it is just as much for learning about all this stuff, and there seems to be lots to learn! I also like retaining ownership of my own data, hence I don't want stuff in the cloud.



1368 posts

Uber Geek
+1 received by user: 118


  Reply # 1107965 13-Aug-2014 21:36
Send private message

paulmilbank: Just found today that you can set wsus to make clients download direct from MS. This should stop the local storage issue and still allow you to manage updates. 


Sounds cool, do you have a link or info on how this works and how to set it up? Does it also work for Windows 8 clients?



1368 posts

Uber Geek
+1 received by user: 118


  Reply # 1107966 13-Aug-2014 21:39
Send private message

nathan: Exchange & SharePoint depend on AD, so it sounds like you need a DC unless you move both those workloads into Office 365 (that's what I'd recommend, but sounds like want the local install for training/learning)


Yeah, the more I think about it, having an AD is not a bad thing, it just a new/different way of working, and not having had to deal with GPO's, GPE, WSUS, etc before, it is a steep learning curve, even with SBS2011 doing a lot of the work and only have a small LAN (about 6 machines and a couple of VM's).

Plus I had to set up an AD at some point as I want to try BES10, and that requires a domain.  I have it installed, now I just need to set up the ports and link my Z10 to it.

1507 posts

Uber Geek
+1 received by user: 213


  Reply # 1107988 13-Aug-2014 22:04
Send private message

In the wsus console,click on options from the selection on the left then click on update files and languages. There are options in there to restrict languages downloaded, download all updates locally or only the ones approved, on download approved updates direct from MS without storing locally.
Also in the options, you can find the products and classifications to download. Only tick what is on your network, if you aren't using it, don't download updates for it.




Try Vultr using this link and get us both some credit:

 

http://www.vultr.com/?ref=7033587-3B


1496 posts

Uber Geek
+1 received by user: 368


  Reply # 1108674 14-Aug-2014 21:17
Send private message

you also need to set your clients (policy) to use wsus.  it doesn't just happen.



1368 posts

Uber Geek
+1 received by user: 118


  Reply # 1108909 15-Aug-2014 11:21
Send private message

MadEngineer: you also need to set your clients (policy) to use wsus.  it doesn't just happen.


But doesn't this happen auto-magically if you join the domain?  (Except maybe on Windows 8 client on SBS2011, which seems to be a problem still)

2090 posts

Uber Geek
+1 received by user: 848


  Reply # 1108932 15-Aug-2014 11:51
Send private message

timbosan:
MadEngineer: you also need to set your clients (policy) to use wsus.  it doesn't just happen.


But doesn't this happen auto-magically if you join the domain?  (Except maybe on Windows 8 client on SBS2011, which seems to be a problem still)


Only if there are pre built GPOs that configure it.

Otherwise no. There is no magic.

Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Fujifilm X beats its best with new top of the range, high-performance camera
Posted 24-Feb-2018 14:05


One million kiwis affected by cybercrime
Posted 24-Feb-2018 13:58


New Zealanders want to engage with government online and via mobile apps
Posted 24-Feb-2018 13:56


Samsung launches Samsung Max
Posted 24-Feb-2018 13:52


CPTPP text and National Interest Analysis released for public scrutiny
Posted 21-Feb-2018 19:43


Foodstuffs to trial digitised shopping trolleys
Posted 21-Feb-2018 18:27


2018: The year of zero-login, smart cars & the biometrics of things
Posted 21-Feb-2018 18:25


Intel reimagines data centre storage with new 3D NAND SSDs
Posted 16-Feb-2018 15:21


Ground-breaking business programme begins in Hamilton
Posted 16-Feb-2018 10:18


Government to continue search for first Chief Technology Officer
Posted 12-Feb-2018 20:30


Time to take Appleā€™s iPad Pro seriously
Posted 12-Feb-2018 16:54


New Fujifilm X-A5 brings selfie features to mirrorless camera
Posted 9-Feb-2018 09:12


D-Link ANZ expands connected smart home with new HD Wi-Fi cameras
Posted 9-Feb-2018 09:01


Dragon Professional for Mac V6: Near perfect dictation
Posted 9-Feb-2018 08:26


OPPO announces R11s with claims to be the picture perfect smartphone
Posted 2-Feb-2018 13:28



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.