Tuesday, October 21, 2008

“Fix My Network” Wizard in SBS 2008

In the previous version of SBS, the Configure E-Mail and Internet Connection Wizard (CEICW) could be run again and again and again ... and again.  If you had an issue with networking, you’d run the wizard as many times as you wanted to reset to the known SBS defaults.  With 2008, we provided a wizard for exactly this case, called “Fix My Network” wizard.


The wizard is designed to detect known problems on your network, and then give you the option to fix them or not.  There are roughly 70-80 different checks and fixes that it does.  Some important things to note:

  1. The fixes may have dependencies.  For example, if the wizard detects that the DHCP services are stopped, it will report that, but won’t be able to check the configuration inside the DHCP service, because it’s stopped.  So, it’s important to run this wizard a few times, until you’re happy with the issues it’s finding/not finding.
  2. If you replace your router on your network, or change your router IP address, you should consider running the Connect to the Internet Wizard first.
  3. The wizard is designed to bring the network back to a “known good” working state.  So any custom configuration will be un-done.

Now that you know how to use the wizard, what exactly are the things we keep an eye on?  Well, to know exactly, you will have had to work on the wizard, but here is the high level.

  1. Network Cards
    1. Disabled Network Cards
    2. Additional Network Cards
    3. Duplicate IP, Missing IP, Extra IP addresses
    4. Incorrect DNS, Gateway and subnet settings
    5. NIC unplugged from the network
  2. DHCP Configuration
    1. DHCP Enabled and running
    2. DHCP scope settings
    3. DHCP IPv4 and IPv6 settings
  3. Local DNS Configuration
    1. Missing Zones
    2. Invalid Names and domains
    3. Missing records
    4. Reverse Zones invalid or missing
  4. Internet DNS (if with a domain name partner)
    1. Missing Records
    2. Missing or incorrect credentials
    3. Domain configured and in good standing with provider
    4. Dynamic DNS client is configured correctly (if running)
  5. SSL Certificate Configuration
    1. Invalid Root and Leaf Certificates
    2. Invalid Certificate installation package
    3. Certificate installed on IIS
    4. Self-Issued certificates expiring or invalid
    5. Certificate authority is installed and running
    6. Trusted Certificate installed and valid
  6. Router Configuration
    1. Gateway can be reached
    2. Internet can be reached
    3. UPnP (if available) port mappings
  7. VPN (if enabled)
    1. Firewall configuration
    2. RRAS service enabled and running
    3. VPN default Policy is in place
  8. E-Mail Configuration
    1. SMTP connectors configured correctly
  9. IIS Configuration
    1. IIS is enabled and running
    2. Host headers are configured correctly

A Common Question

Question: Does SBS support NIC Teaming?

Answer: The core OS supports it, but not the SBS wizards, it’s recommended you configure your network with a single network card, and then set up the team afterwards.  Microsoft Support mentions they may ask you to disable the team for any troubleshooting.


Dean Collins said...

is anyone else concerned that ISA 2006 wont run on SBS2008??

Basically this means you need to rn a seperate box for SBS until 2010 when the next ISA is released??

Am i missing this massive fail?


Sean Daniel said...

Actually, you'll always need a separate box. ISA is not supported on this version of SBS, as this version can only be a single-nic solution. This has been published for over 2 years now, which is why lots of people have already come to gripes with it.

Here is a post of when I first announced it, but I wasn't first.

Arvis said...

All this discussion about what it does, but no mention of how to RUN IT!!!

Sean Daniel said...

LOL. Click on the network tab, then the connectivity sub-tab, and then on the right hand side under the tasks at the bottom section, there is a link to the wizard.

Sorry about that.

DHolmes said...

Does anyone know how to fix the "Fix my Network" Wizard in SBS 2008? Everytime I try to run it I'm told it has stopped.

Stopped working

Problem signature:
Problem Event Name: CLR20r3
Problem Signature 01: fncw.exe
Problem Signature 02: 6.0.5601.0
Problem Signature 03: 48a22615
Problem Signature 04: mscorlib
Problem Signature 05:
Problem Signature 06: 4bf4c227
Problem Signature 07: 20c7
Problem Signature 08: 143
Problem Signature 09: N3CTRYE2KN3C34SGL4ZQYRBFTE4M13NB
OS Version: 6.0.6002.
Locale ID: 1033

I've run BPA and none of the warnings pertain to the network. Under the information section it only detects 1 NIC (I disabled the second NIC in BIOS). The last few lines of the fncw.log file are:

An exception of type 'Type: System.IO.FileNotFoundException, mscorlib, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089' has occurred.
Timestamp: 12/03/2010 14:24:49
Message: Filename: \\?\C:\Windows\system32\inetsrv\config\applicationHost.config
Error: Unrecognized configuration path 'MACHINE/WEBROOT/APPHOST/SBS Web Applications/Rpc'

Stack: at Microsoft.Web.Administration.Interop.AppHostWritableAdminManager.GetAdminSection(String bstrSectionName, String bstrSectionPath)
at Microsoft.Web.Administration.Configuration.GetSectionInternal(ConfigurationSection section, String sectionPath, String locationPath)
at Microsoft.WindowsServerSolutions.Common.IWorker.IISConfig.CIisConfigLib.GetBasicAuthentication(String webSiteName)
at Microsoft.WindowsServerSolutions.Networking.NetValidation.ValidateMisc()
at Microsoft.WindowsServerSolutions.Networking.Wizards.FNCWizard.ValidationPagePresenter.m_searchWorker_DoWork(Object sender, DoWorkEventArgs e)
at System.ComponentModel.BackgroundWorker.WorkerThreadStart(Object argument)

Thank you.

Sean Daniel said...

it looks like your missing a file: C:\Windows\system32\inetsrv\config\applicationHost.config

Perhaps you can obtain it from another SBS server?

Anonymous said...

Two questions about "Fix My Network" on SBS 2008:

1) Is it stupid to try this via a remote conenction to the server? I would expect so, but I thought I would ask explicitly.

2) Is there a variant lor option that I would tend to call "Check My Network"? In other words, have it go through as many tests that it can but not make ANY CHANGES without explicit authorization from the user. No automatic changes unless specifically OKed.

Thanks for providing the informaton that you have already posted and also this additional information if you can.

Joe M

Sean Daniel said...

In order for FMNW to detect networks and such it does change your NIC settings, so you will loose your connection if you are remote during the scan phase

but it does set it back, so feel free to run it, view the errors, and then cancel.

Also, you should check out the best practice analyser

Alicia said...

this is cool blog and so different .. and sean daniel's tips is the best one...and SBS Support is also helped me once and I guess it would helpful for you as well :)

J Smith said...

I am still trying to find out HOW to run it.

Sean - Nice start but after being a tech for almost 15 years - I am unclear in what the NETWORK TAB is and how to get to it and then exactly what is CONNECTIVITY? Can you please put this in a "For Dummys" version - is this in Control Panel - In Server Manager?

I find all kind of articles about running but still none about HOW TO RUN IT.


Sean Daniel said...

Hi J Smith,

it's in the Windows SBS console (search the start menu for it if you can't find). then click on Networking, then Fix My Network Wizard. Here is a screenshot of that page to help you know what you're looking for.

chicago colocation said...

Is there a way where we can upgrade this connection without using the server OS? Maybe Windows 7 Ultimate edition can offer a good server environment.

Sean Daniel said...

Windows 7 "server" capabilities is very limited as it's not designed to be a server. you'll be throttled left right and center. up to you though.

adsa said...

If you renew the self-signed certificate via the Fix My Network wizard, will the current certificate that users have on their remote devices stop working? Will the user need a copy of the newly created cert on their device?

Sean Daniel said...

If you install a self-issued certificate, yes, remote devices will stop working. This is why we just recommend buying a cert for like $30/year... it's far easier.

Unknown said...

i run fix my network to renew my self isued certificate. The result says certificate is renewed.When i check the date it still shows the old certificate date. When I look in IIS the renewed certificate is in the list.So I think it's there but not the active certificate. How to fix that? thank's

Unknown said...

Remember, the feeling you get from a good is far better than the feeling you get from sitting around wishing you were running. See the link below for more info.