So we finished our office upgrade a few weeks back. After a couple rough patches, everything seems to be working fairly well now. Here is a quick rundown.
To start off, we wanted to do a clean upgrade and leave as much cruft behind as we could. This meant not bothering with importing the old Active Directory and the arduous process it entailed. We simple backed up what we needed, shut down the old SBS2003 server, and fired up the new SBS2008 server. We only had about a dozen accounts to create, only half of those being internal Exchange enabled accounts, so not a big deal. This also made it easier on me since I could go ahead and install the OS (a couple solid hours in itself), and preconfigure the intranet sites we would be using in advance instead of doing it on site like I would have if we did the “proper” upgrade.
Next I had to bring up the new fileserver. I had originally planned on using a hacked version of Home Server but dumped the idea at the last minute because, well, it wasn’t a very sound idea even if it worked. Instead, I opted to go with the tried and true OpenFiler OS running on a 4GB CF card using a CF to IDE adapter. I also dropped in a gigabit card and directly connected it to the second gigabit port on the Dell 2850 server and mounted it via ISCSI with the help of some instructions from their FORUM. Again, this is a four 250GB drive RAID10 array and so far it’s been running great. All of the shared folders and user “My Documents” are redirected to this server. We plan to later replace this with a Drobo connected via FW800 so it’s easily expandable without me, and keep this OpenFiler server running just for storing backups to.
Next came the fun part of importing Exchange mailboxes. I prepared for this by exporting all the mailboxes out of Exchange 2003 into PST files. Little did I know that when it did this that it automatically password protected each PST. I didn’t find out until after about an hour or two of cursing at the Exchange 2007 Powershell. This LINK and this LINK helped with the syntax, but it wasn’t until I found this GEM that I finally regained my sanity and steamed ahead. Not only do you need to repackage the PST’s without a password, but it has to be repaired and checked so it is correctly imported. What a pain.
With that out of the way, we rejoined all of the workstations to the new domain with the help of SBS’s Connect wizard, which is much improved with SBS2008 I must say. It did a much better job of setting up all the settings for the users than that of 2003’s.
Finally there was the firewall upgrade. The aging harddrive was also replaced with a CF+IDE adapter combo for the OS. I dropped IPCop in favor of Smoothwall 3 because of it’s nicer interface and plugins. I loaded “FullFirewall Control” and “Zerina” plugins so I could have better firewall control and OpenVPN support. Users will be using the Microsoft VPN as part of Windows Server, but I wanted to use OpenVPN for myself. The goal of OpenVPN was so in the event the Dell server was down (thus VPN was down), I could still plug into the office network remotely and connect to the DRAC (Dell Remote Access Card) on the server and see what it’s hardware status was or what was on the console screen. We ran into a problem with this right after I left though (figures). I had forgotten to change the DNS server entries in the firewall config to those of OpenDNS, which shouldn’t be a big deal to change. But once I changed this, the firewall went down, taking the office with it. I walked someone through changing the config back from the console but it didn’t help. We were baffled by this, such a change shouldn’t have affected anything. Luckily I had a small Watchguard SOHO there for just an occasion, so that got them up and running until I could figure out the cause. Unfortunately, after a week of testing, I couldn’t recreate the problem but I did managed to get it working again. It is now fully functional, OpenVPN and all.
Aside from a few minor issues of getting files restored and profiles setup correctly, everything worked out well, although the entire process took more time than I had originally planned. To date, it has been one of the smoothest upgrades we have ever done, and SBS2008 has worked out really well. Working with SBS2008 is worlds better than 2003 was, mostly in part to the combined technologies of Server 2008 and Home Server, both great products on their own.
Tidbits:
Here are a few extra bits I came across that might be of use to others.
We use Gmail as our frontend server to filter incoming email, and act as a backup spooler of sorts. SBS2008 “finally” adds support for SSL POP3 retrieval natively, so that was easy to setup. In 2003, I had to setup OpenSSL and use it as a local proxy Exchange could use to connect to Gmail through since it didn’t support SSL natively. Every 10 mins Exchange downloads email from Google Hosted Domain Gmail accounts into the appropriate Exchange mailbox’s. Having Verbose Logging enabled helps too. For us though, only our office staff uses Exchange mailboxes, and our remote staff only uses a Gmail account that we provide. So, somehow we have to get Exchange to route local email to Gmail for those users who don’t have a mailbox in Exchange. This is done by creating a custom Send Connector that sends any Unresolved Recipients up to Gmail’s servers for routing. For any other emails, those get routed via the standard Send Connector to our hosting server that acts as a smarthost.
We also have some users (like me) who only use Gmail for all email and want to send their company specific emails directly through the Exchange server instead of to Gmail and wait for them to be downloaded by Exchange. The easiest way was to enable port 587 for Gmail to connect to as part of its new Send Mail Through ability. This just basically requires a custom Receive Connector as documented HERE.
Other great links:
http://blogs.technet.com/sbs/archive/2008/06/03/sbs-2008-how-to-info-on-david-overton-s-blog.aspx
http://sbs.editme.com/