Ports to open on a firewall for SBS 2003 communication

Everytime I setup a Microsoft 2003 Small Business Server or troubleshoot connectivity problems to the SBS server I have to lookup the ports that are required to pass through a firewall for proper communication to occur with the various SBS components.  Since I’m tired of Googling for them, I’ve decided to post them here for my quick reference.  Hopefully others will find this helpful as well:

SBS firewall ports

SMTP – port 25 – email

http – port 80 – web server including wwwroot and server usage and performance reports

https – port 443 – secure web server.  Includes OWA and OMA

Windows SharePoint Services intranet site – port 444 for allowing users to securely access the intranet Web site created by SharePoint Services from the Internet

PPTP – port 1723 – VPN connections

Remote Web Workplace (RWW)  – ports 443 and 4125

Remote Desktop (RDP direct) – port 3389.  If using RDP through RWW this is not required.

Other SBS ports

POP3 – port 110

IMAP – port 143

IMAPs – port 993

FTP – port 21

Posted in SBS. Tags: , , . 5 Comments »

Howto: Fix Remote Web Workplace not working with XP SP3

After applying Windows XP SP3 you may receive the following message when trying to access Remote Web Workplace (RWW) on a Windows Small Business Server (SBS):

This portion of the Remote Web Workplace requiresthe Microsoft Remote Desktop ActiveX Control.  Your browswer’s security settings may be preventing you from downloading ActiveX controls.  Adjust these settings, and try to connect again.

This error is a result of a disabled Microsoft Terminal Service ActiveX control Add-On.  To fix the problem:

  1. Within Internet Explorer, open ToolsInternet Options – Programs tab – Select Manage add-ons
  2. Highlight the Microsoft Terminal Service ActiveX control, which will be set to disabled. 
  3. Select EnabledOK
  4. Restart Internet Explorer.

 You can also create a GPO to enable the ActiveX control.

Posted in Windows. Tags: , , , . 3 Comments »

Howto: Extend the Grace Period for having two SBS Servers in the Same Domain

When migrating your Windows Small Business Server 2003 domain to a new machine, there is a seven day grace period where the two SBS servers can co-exist as members of the same domain. This is because the license agreement for SBS enforces a limitation that permits the presence of only one Windows SBS server in the domain.

Microsoft has released an update that extends the grace period from seven to 21 days.

For more details, see KB 943494.

Posted in SBS. Tags: , , . 2 Comments »

Clearing out Exchange SMTP queues using AQADMCLI

I recently had to help a customer clean up their SBS 2003 server which had been used to send out spam. It seems that one of their user accounts had been compromised, and we were able to stop the spam by changing the user’s password. The server’s performance was horrible, even after a reboot, and we found messages stuck in over 500 SMTP queues. Rather than clear the queues one at a time, I used the Aqadmcli tool to delete all the stuck messages at once.

To clear all the SMTP queues at once, run the following from a command prompt on the Exchange server:


setserver [servername]

delmsg flags=all


where [servername] is the name of the Exchange server containing the queues you want to clear.

You can also delete messages from a particular sender using the syntax

delmsg flags=SENDER,sender=user@domain.com

You can read more about this tool here [via the Wayback Machine]

KB 324958 describes an alternate way of cleaning up the SMTP queues. There is also a webcast that shows how to accomplish SMTP queue cleanup.