Windows Server Essentials – Configuration Troubleshooter

powershell2xa4I had a support case this week where it became apparent to me that there is no quick and easy way to test Essentials Servers for Configuration errors. Manually working through IIS or Certificates is prone to human error, as was proved to me, by me missing certain key things.

Uncharacteristically i decided to write a PowerShell script to save me from this sort of embarrassment in the future, and make me look really good next time i need to troubleshoot an Essentials Server.

You can download the tool from here, and am very interested to hear how it works for you.

If you have already downloaded it, i have updated the tool so you should download it again!

What does the tool do?

Well, it checks a number of things that i have found are the key things that make an Essentials Server tick. That is IIS and MOST IMPORTANTLY, Certificate Services.

I knew that the CA was pretty significant to an Essentials Server, but i didn’t know just how deep that significance went. In your Local Machine Certificate Store you have a number of Certificates, perhaps the most important file on the whole server (aside from perhaps ntds.dit) is your Certificate Authority Root Certificate. Without that, you cannot correctly reinstall the CA, and without that CA, you can’t do anything. It is not just a case that you cant reinstall the CA, you can. The CA requires a specific name, and if you reinstall and generate a new key, the name is not likely to remain correct.

There may well be a way to get around even that scenario by hacking the crap out of AD, but honestly, i think i might take a reinstall over that.

That was a bit of a side track, so, again, what does this tool do?

Firstly it will decide if you are running on Essentials 2011, 2012 or 2012 R2.

It will then give you the choice of testing IIS or your CA. If you choose to test your IIS Configuration, it will inspect your Web Site Configuration, your Application Pools, Virtual Directories and ISAPI filters as well as your Web Site Bindings.

When you check the CA, it will check that the CA is available, that it has the right name (that is important), that the certificate set in the Registry for the Dashboard matches what you have in your Local Machine Store, it will even download a copy of the CRL from your server and test that it is publishing the right information.

Essentials Configuration Tool

It compares all of this information to ‘’Defaults’ and lets you know where you may have problems.

Essentials Configuration Tool Errors

I have run it against SBS 2011 Essentials, Essentials 2012, and R2, and it has identified the deliberate errors i have introduced and reported back correctly once those have been repaired.

Essentials Configuration Tool Results

i haven’t made it to be an exhaustive tool of everything that could possibly go wrong on an Essentials Server, it really is just focussed on IIS and the CA,  even then it may not cover every scenario. Hopefully if you do come across a broken Essentials Server using this will do enough to point you to the fix, or at least help to rule some things out.

About Robert Pearman
Robert Pearman is a UK based Small Business Server enthusiast. He has been working within the SMB IT Industry for what feels like forever. Robert likes Piña colada and taking walks in the rain, on occasion he also enjoys writing about Small Business Technology like Windows Server Essentials or more recently writing PowerShell Scripts. If you're in trouble, and you can find him, maybe you can ask him a question.

12 Responses to Windows Server Essentials – Configuration Troubleshooter

  1. Just came across this tool, after having issues with a brand new server Essentials…

    I get a ton of errors when running the CA tests….any idea where to start looking/reading to fix these?

    Testing CA Name..
    Certificate Authority Online : OK
    Certificate Authority Name : OK
    Certificate Authority Cert : Errors Detected – Local Machine Store

    Testing /Connect Certificate Package..
    Connect Computer Certificate : OK

    Testing CRL Download..
    Exception calling “DownloadFile” with “2″ argument(s): “The remote server returned an error: (404) Not Found.”
    At C:\users\gregh\downloads\EssentialsTester.ps1:800 char:17
    + $wc.DownloadFile($source,$destination)
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : WebException

    Get-ItemProperty : Cannot find path ‘C:\windows\temp\crl.crl’ because it does not exist.
    At C:\users\gregh\downloads\EssentialsTester.ps1:801 char:32
    + $CRLDownload = Get-ItemProperty $destination
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : ObjectNotFound: (C:\windows\temp\crl.crl:String) [Get-ItemProperty], ItemNotFoundExcepti
    on
    + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.GetItemPropertyCommand

    CRL Download : OK
    Remove-Item : Cannot find path ‘C:\windows\temp\crl.crl’ because it does not exist.
    At C:\users\gregh\downloads\EssentialsTester.ps1:803 char:17
    + Remove-Item $destination -Force
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : ObjectNotFound: (C:\windows\temp\crl.crl:String) [Remove-Item], ItemNotFoundException
    + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.RemoveItemCommand

    Testing CRL Distribution Configuration..
    CRL Extension (CDP) : OK
    CRL Extension (CRL) : OK

    Testing Dashboard Certificate..
    Dashboard Certificate : Error
    Dashboard Certificate : OK
    Dashboard Certificate : Error
    Dashboard Certificate : Error
    Dashboard Certificate : Error

  2. Alan Pendlebury says:

    Hey Robert thank you for your post, I am 99% done with this configuration, but when i ran your tool I got this message, any idea where to start looking at this.

    ************************************************
    * Essentials Server 2012, Configuration Tester *
    ************************************************

    OS Detected: Microsoft Windows Server 2012 R2 Standard

    This tool will check your current Configuration against known Essentials 2012 Values.
    Written by Robert Pearman (TitleRequired.com) February 2014

    Version Info: Version: 1.7

    1. Test IIS
    2. Test CA Infrastructure
    3. Test Services
    4. Test Service Ports
    0. Quit

    Enter Task..
    2
    Testing CA Name..
    437.625.0:: 0×80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND): CADescription
    419.6336.0:: 0×80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND)
    437.2132.0:: 0×80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND)
    437.625.0:: 0×80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND): ParentCAName
    Certificate Authority Online : OK
    Certificate Authority Name : OK
    Certificate Authority Cert : Errors Detected – Local Machine Store

    Testing /Connect Certificate Package..
    Connect Computer Certificate : OK

    Testing CRL Download..
    CRL Download : OK

    Testing CRL Distribution Configuration..
    437.625.0:: 0×80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND): CADescription
    419.6336.0:: 0×80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND)
    437.2132.0:: 0×80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND)
    437.625.0:: 0×80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND): ParentCAName
    CRL Extension (CDP) : OK
    CRL Extension (CRL) : OK

    Testing Dashboard Certificate..
    Dashboard Certificate : OK

    Review your results, items in red should be investigated.

    ************************************************
    * Essentials Server 2012, Configuration Tester *
    ************************************************

    OS Detected: Microsoft Windows Server 2012 R2 Standard

    This tool will check your current Configuration against known Essentials 2012 Values.
    Written by Robert Pearman (TitleRequired.com) February 2014

    Version Info: Version: 1.7

    1. Test IIS
    2. Test CA Infrastructure
    3. Test Services
    4. Test Service Ports
    0. Quit

    Enter Task..

    • Is the Dashboard opening ok?

      • Alan Pendlebury says:

        Yes it opens ok. I can go to the domain name internally, but I cannot get it to render by dns or IP externally. I can also get to the connect page to download the connector internally but not externally. The configuration wizard, gives me the error saying Anywhere access to your server is blocked, that port 80 and 443 are blocked, but they are open on the firewall. It also tells me that Port forwarding is not configured correctly on your router, which it is. I read some more on these errors on Microsoft partner network, and they said that they can be ignored. I think I have a cert or a routing issue. The cert is installed correctly, at least I think, though I do not know what I am missing on the routing, cause I thought I covered everything.
        Thank you,
        Alan

      • Sounds like you have not opened the ports on your router, given that it is not working externally and you have those errors. At the very least confirm your servers internal IP and check port forwarding on your router. It is also possible your ISP are blocking these ports. If the dashboard opens you may be able to discard the certificate error in the tool.

      • Alan Pendlebury says:

        Hey Robert,
        It was a firewall issue, the firewall rules were in place, but not working cause the firewall needed a firmware update. Once I updated the firmware on the firewall, then everything worked.

        Alan

Leave a reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 419 other followers

%d bloggers like this: