Friday, April 22, 2005

SBS 2003 default web site... Guard it with your life

I had a rough couple of days at a new client. I was called in because the original consultant who installed SBS 2003 server was unable to get all the features working correctly. There was a laundry list of problems, but mainly he couldn't get the clients iPAQ's connected to their server when they were in the field. After several months of trying to get things working he stopped returning the clients phone calls. The client then had a "friend" look at the server to see if he could get it to work. Being the security minded person that he was he deleted the default web site in IIS on the server. This opened up a huge can of worms. Suddenly the client had a ten sales people that could not even access their email from OWA. That's when they called me. I came in to find a server that was so messed up it wasn't even funny.

* AV not running on the server
* AV updates not being pulled down to the clients
* All website deleted from the server
* N0 full backups (at least they were backing up their user data)

And the list goes on....

All these things need to be addresses, but I need to get OWA working again. You would think that something as important as the default web site would be easy to reinstall. I searched high and low for a solution to reinstall the default web site. I did find a kb article on how to get company web and Sharepoint admin back. Things would have been so much easier if a proper backups were being done.

As I thought through the issue my partner came up with the idea of building a parallel server with the same config and then just copy the sites over. Hey that's just crazy enough to work! Six hours later I had built up another server and migrated the IIS sites over to the client's server. Holding my breath I entered in the OWA address in IE.... No dice. I spent the next five hours plowing though every setting on the default web site. If you've never looked there are about 10,000 of them. I finally go it to work for the most part. If you ever have to do this you will need to do a couple of things.

* A migration tool (I used IIS Export Utility)
* Check the NTFS permissions on the files
* Check the Directory Security of all site and virtual directories in IIS
* Reinstall any SSL certificates

After all this RWW works as designed and OWA works, but you are challenged with a password popup rather than the OWA login page. Oh well. It works and the server will need to be rebuilt because of all the cooks that have been in the kitchen. The client was happy that his sales staff can get their email and that's all that matters.

No comments: