Tips to get the job done right.
Great Reference Chart - Contributed by Ofer Shimrat
| Table A: Ports that Enable Remote Access to SBS Services | ||
| TCP Port | Service | Description |
| 21 | FTP | Enables external and internal file transfer |
| 25 | Exchange Server | Enables incoming and outgoing SMTP mail |
| 80 (http://) | IIS | Enables all nonsecure browser access, including: internal access to IIS Webs including the company Web, Windows SharePoint Web, Windows SharePoint administration Web, and server monitoring and usage reports Enables internal access to Exchange by OWA and OMA clients |
| 110 | POP3 | Enables Exchange to accept incoming POP3 mail |
| 123 (UDP port) | NTP | Enables the system to synchronize time with an external Network Time Protocol (NTP) server |
| 143 | IMAP4 | Enables Exchange to accept incoming IMAP4-compliant messages |
| 220 | IMAP3 | Enables Exchange to accept incoming IMAP3-compliant messages |
| 443 (https://) | Outlook | Enables all secure browser access, including external access to Exchange for Outlook 2003, OWA, OMA and ActivieSync clients; required for external access to server monitoring and usage reports |
| 444 | Windows Share Point Services | Enables internal and external access to the SharePoint Web |
| 500 | IPSec | Enables external VPN connections by using IPSec |
| 1701 | L2TP clients | Enables external L2TP VPN connections |
| 1723 | PPTP clients | Enables external PPTP VPN connections |
| 3389 | Terminal Services | Enables internal and external Terminal Services client connections |
| 4125 (Note: you can change this port in RRAS) | Remote Web Workplace | Enables OWA access to Exchange when you use RWW to connect to a server or workstation inside your network. If you do not wish to use this functionality it can be closed. |
| 4500 | IPSec | Internet Key Exchange (IKE) Network Address Translation (NAT) traversal |
This will affect anyone that has a large number of W2K TSCALs as there is NO upgrade path to using these W2K TSCALs with a W2K3 Terminal Server. I have 25 W2K TSCALs for which we paid a lot of money. The list price of 25 W2K3 TSCALs is about $3700. If you need the new features of W2K3 Terminal Server (remote sound, 32 bit color, remote drive mapping) then the cost may be worth it. If you don't need those features then you want to use your existing W2K TSCALs. BTW, you will require W2K3 TSCALs for all W2K Pro and WXP clients that will connect via TS, you don't need TSCALs for these clients if connecting to a W2K TS. A W2K TS requires that the TS Licensing Service run on a W2K Domain Controller (DC) in a W2K Native Mode Domain. So, to run W2K Terminal Services AppMode you need a W2K DC available. I had been informed that I could not have a W2K DC running in a SBS2K3 network, thus I thought I could not use my 25 W2K TSCALs and would have to buy all new 25 TSCALs if I wanted to upgrade my SBS2K network to SBS2K3.
Last week at a WINSUG users group I mentioned my problem and asked if anyone knew if I could run a W2K DC in a SBS2K3 network. Nobody knew the answer. The following day, Jerry Drews of our user group took it upon himself to install a W2K server in his SBS2K3 lab network. He then promoted the W2K server to a DC without any problems. Further, he installed TS in the AppMode and installed the TS Licensing service on this W2K DC. After he Server Published the W2K TS I was able to log into it without any problem. We concluded that you can run a W2K DC in a SBS2K3 network. Jerry also noted that his SBS2K3 server when initially installed had installed with the following default: "Domain Functional Level = Windows 2000 Native and that the AD Forest Functional Level is Windows 2000". Jerry research this information further and found the following article in ServerWatch: www.serverwatch.com/tutorials/article.php/2213281. If you read this article you will learn that the "Windows 2000 Native" functional level will support both W2K and W2K3 Domain Controllers in the same domain.
Further discovery by Jerry in Mark Minasi's Windows Server 2003 book also supports this data. We had both roped Tony Su in on this venture earlier and Tony located the Microsoft KB article 322692 which discusses the various "Functional Levels" in W2K3 server. You can raise the "Functional Level" of a W2K3 domain to Windows Server 2003 which will not support a W2K DC. As best we can determine the only benefit to be gained by doing this would be the ability to rename the domain, which is of questionable benefit in a SBS2K3 network running Exchange 2K3.
In conclusion you can run a W2K Application Mode Terminal Server running the W2K License Service in a SBS2K3 domain. This means you can continue to use your W2K TSCALs and you do not need to buy TSCALs for either W2K Pro or WXP Pro clients.
Dick Davis
Question (Gary Shawen):
I'm needing to build a Terminal Server for a customer, that we are also doing a SBS2003 standard system. What type of specs do you look at? It will start with less than 10 users and slowly grow, not sure how many max users there will be, I do not expect over 15. I t is construction company that wants its supervisors at remote locations to connect and use Intuit Masterbuilder, Word, Excel.
Answer (Martin Murray):
As a VERY loose rule of thumb I normally spec dual-processor machines with 64Mb-128Mb for each concurrent user session plus 512Mb for Windows OS itself. For ten concurrent sessions that might allow you to get away with between 1152Mb and 1792Mb RAM plus nice fast dual Xeon CPUs. The more the merrier. Host the data files for these users on the box in question if at all possible (on a RAID array) and tune the heck out of your antivirus product. You'll have a nice fast box.
Ultimately though your bottleneck is going to be your WAN connection.
Helpful advice (David G):
If your environment has lots of users, but few machines -- use Device CALs (like in a call center where the seats are operated 7X24)
The user/machine ratio is >
If your environment is highly mobile (desktops, notebooks, PDA's etc.) implement User CALs
The user/machine ratio is <
Those of you who worked with or used SBS 2000 are familiar with the Company Shared Folder. This does not exist in teh default SBS 2003 installation and has been replaced by the CompanyWeb (SharePoint). You can run the files import wizard from the Intranet snap-in to import those company shared folder files to the SharePoint site. Otherwise, map the drives needed.
CTRL-ALT-End (works like CTRL-ALT-DEL)
This can be an endless source of pain for end-users. How to get rid of these cached addresses that keep popping up every time you start typing an email address?
Do a search for a hidden file with the extension *.nk2. That is Outlook's cache. Delete it and you should be fine. Make sure in the search that you are looking for "Hidden Files and Folders".