Thursday, May 13, 2010

Setting up a QuickBooks Enterprise 10 server

Recently our Finance people discovered that they had outgrown QuickBooks Premier’s abilities when it came to our ‘company file’ (data file). The solution for this was to upgrade to QuickBooks Enterprise, which could handle the larger amount of data. So, today I’ll be documenting what I did to setup their new system.

Prior to QuickBooks 2007 we didn’t have to do anything to ‘manage’ the QuickBooks files on the server side. However, with QuickBooks 2007 we had to install a piece called the ‘QuickBooks Database Manager’. This piece of software (in my experience) is somewhat quirky. So, when we went to upgrade to QuickBooks Enterprise edition I decided to create a separate fileserver for the QuickBooks/Financial data. This gives me the following benefits:

  • Removes QuickBooks/Financial management tools off of my primary fileservers
  • Allows me to segment the financial data from my normal file stores

QuickBooks Enterprise Solutions 10 has the following pieces (from what I’ve read):

  • QuickBooks Database Manager
    Provides ‘consistency checks’ on the QuickBooks files, and provides the ability for multiple users to access the same file(s)
  • QuickBooks Clients
    The software piece that the end-user uses.

I’ll be covering the server piece of QuickBooks Enterprise 10 setup, QuickBooks Database Manager. Next time I’ll cover the clients.

Setting up your server with QuickBooks Database Manager

I’ll be using Windows Server 2003 R2 x32 Enterprise Edition for my ‘Finance’ server. We’ll perform the following steps:

  1. Normal OS setup
  2. Preparing the server for QuickBooks Database Manager
  3. Installing QuickBooks Database Manager
  4. Configuring QuickBooks Database Manager
  5. Setting QuickBooks Database Manager to start as a service
  6. Firewall considerations and configuration

To start, I performed our normal Windows 2003 R2 OS setup:

  • Installed the OS
  • Ran the appropriate updates
  • Installed our standard software package: Antivirus, other tools
  • Performed our standard security configuration

Preparing the server for QuickBooks Database Manager:

QuickBooks Database Manager has the following requirements that we’ll need to add to our standard setup:

  • Storage location for the QuickBooks files. I don’t want them on the boot drive
  • Microsoft .NET Framework 3.5

First, make sure you’ve setup the storage location for the QuickBooks files. You’ll need to make sure that the following settings are in place:

  1. You may not use a mapped resource on the server that houses QB Database Manager. QB Database Manager must exist on the same server that the file share does.
  2. Set the Share Permissions to ‘Full Control’ for ‘Everyone’
  3. Set the NTFS Security Permissions as you would like, but make sure that the users who will be connecting have ‘Full Control’

Next, let’s install .NET Framework 3.5
Note: Windows Server 2008 R2 includes the .NET framework 3.5; you have to perform an ‘add role’ to enable it.


Accept the EULA and click Install. It installs


Wow, that was easy! .NET framework is now installed.

I also installed the following patches & Service Packs:

  • 2.0 SP2 – KB958481
  • 3.0 SP2 – KB958483
  • 3.5 SP1 – KB958484

Make sure to verify that you’ve installed all appropriate patches & upgrades, along with rebooting when it asks. Microsoft Update is a good tool that will help you catch anything you missed.

Installing QuickBooks Database Manager

After you’ve opened your installer, you’ll see the following screen. It will cache any files for the install


Wait a bit, and then you’ll get the next screen


Click Next


Accept the EULA and click next


Make sure to choose the 3rd option, ‘I will NOT be using QuickBooks on this computer. I will be storing our company file here so it can be shared over our network.’ After you’ve chosen the third option click next


We’re happy with the default install location. Click next.


This screen gives you a chance to print out any settings you’ve made before you start the install. When you’re ready click install.


QuickBooks Database Manager is now installed. If you would like you can use the ‘Help me get started…’ tools, but I opted to skip them. Click Finish

Don’t forget to install any updates at this time if you have already downloaded them. They are available online and free to download.

Configuring QuickBooks Database Manager

Let’s configure QuickBooks Database Manager so our staff can access the company file (repeat this process for each folder that you will be using QBW files in)

First, open QuickBooks Database Manager. There should be an icon on your desktop.


You’ll see a few tabs. Choose the one called ‘Monitored Drives’

QB_DB_Mgr02 QB_DB_Mgr03

In our configuration we don’t need to monitor the boot drive. We have the dedicated drive (F:) for the QB data. Uncheck C: and make sure that our data drive, F: is check-marked.


Click on the ‘Scan Folders’ tab.


Now we need to tell it where on the drive the files are. Click on the ‘Add Folder’ button.


Navigate to the folder where your QBW files will be (on the second disk drive you created earlier on the server). Choose ok.


Back at the main screen it lists the folder you just specified. Click on the ‘Scan’ button. This will search the directory and find any QBW files.


It should list any QBW files that are in that directory.

Now the meat of our configuration is done. But we also need to make sure that the Database Manager starts even if the computer restarts.

Setting QuickBooks Database Manager to start as a service

  1. Open up the Services management console
    • Start –> run –> services.msc
  2. Locate the ‘QuickBooksDB20’ service
  3. Right-click on the service, and choose properties
  4. Under the ‘Startup Type:’ drop-down, choose ‘automatic’
  5. Click ok
  6. Done!

Firewall considerations and configuration for the QuickBooks Database Manager server

If you call QuickBooks support and ask them for firewall suggestions, they’ll point you to this KB article, which lists the following exceptions in our config:

note: if you are using the ‘server’ as an installation of QB you will have other exceptions you need to address. I’ve only listed the exceptions that apply to our configuration.


  • DBManagerExe.exe located in C:\Program Files\Intuit\QuickBooks Enterprise Solutions 10.0
  • QBDBMgrN.exe.exe located in C:\Program Files\Intuit\QuickBooks Enterprise Solutions 10.0
  • QBCFMonitorService.exe located in C:\Program Files\Common Files\Intuit\QuickBooks
  • QBServerUtilityMgr.exe located in C:\Program Files\Common Files\Intuit\QuickBooks

TCP ports (bi-directional): 80, 8019, 56720, 55338 through 55342

To setup these firewall exceptions:

Open up the firewall (Start –> Control Panel –> Firewall)


Click on the Exceptions tab.


This lists all current exceptions. You should have a list there already (I removed them for this guide).

Click on the ‘Add Program…’ button


Choose ‘QuickBooks Database Server Manager’ from the list and click ok (if it isn’t listed, you’ll have to browse to it)

QuickBooks Database Server Manager is now listed as an exception


Now we need to add the other programs to the exception list.

Use the following method to add the other programs:

  1. Click on the ‘Add Program…’ button
  2. Click on the ‘Browse…’ button
  3. Navigate to the directory that the exception is located in, and choose the appropriate executable.
  4. Click OK (which should return you to the exceptions list)

Repeat this process for each of the following executable’s:

DBManagerExe.exe located in C:\Program Files\Intuit\QuickBooks Enterprise Solutions 10.0
QBDBMgrN.exe.exe located in C:\Program Files\Intuit\QuickBooks Enterprise Solutions 10.0
QBCFMonitorService.exe located in C:\Program Files\Common Files\Intuit\QuickBooks
QBServerUtilityMgr.exe located in C:\Program Files\Common Files\Intuit\QuickBooks

You’re done with adding the programs. Now you need to add the ports.

Use the following method to add port exceptions:


  1. Click the ‘Add Port…’ button
  2. Type in a name for each port exception. I just named all of mine ‘QuickBooks-Port#’ with # being the port #
  3. Type in the port number for the exception.
  4. Click OK

Repeat the process for the following ports: 80, 8019, 56720, 55338-55342

When you’ve added all ports and all program exceptions, click OK and that will close the firewall preferences machine

Reboot the server. This step is optional, but I highly suggest that you reboot to check your work.

Then check to make sure that the ‘QuickBooksDB20’ service is set to ‘automatic’ and ‘started’:

  1. Open up the Services management console
    • Start –> run –> services.msc
  2. Locate the ‘QuickBooksDB20’ service
  3. Under the ‘Startup Type:’ drop-down, verify that startup type is set to ‘Automatic’ and that the status is ‘Started’
  4. If all of your settings are correct, then you should be done


If you have any experience with this process or suggestions, please let me know!

Friday, March 19, 2010

Fixing a broken AD Domain (part 3)

In part 1 and part 2 I explained what has happened to my AD domain, and the steps I’ve taken to fix it.

Now, let’s get a better safety net in place!

I’ve got a good, reliable PowerEdge 2650 that was donated by another IT guy (thanks Jim!) It’s been humming right along, waiting for something to break an opportunity to take on some further roles.

My PE2650 is a Windows Server 2003 R2 box. ‘Dorothy’ is a tired old Windows Server 2003 SP2 box (as are my other servers). To make the PE2650 a domain controller, I need to:

  1. Extend the AD Schema to accomodate 2003 R2’s new functionality
  2. Add the PE2650 as a Domain Controller

Step 1: Extend the schema

  • Log onto ‘Dorothy’ as a schema admin
  • Use this excellent TechNet article to extend the schema. Read carefully and follow every step
    note: I had no issues extending the schema, and the directions were spot-on. Why re-invent the wheel?

Step 2: Add the PE2650 as a Domain Controller

  • Log onto the PE2650 (w/ admin rights)
  • Follow this excellent Petri article to add the PE2650 as a domain controller
    note: I did not have to restart the netlogon service

Fixing a broken AD Domain (Part 2)

Earlier today I started a series about fixing my problematic AD Domain. This is part 2

So, at this point I have an unhealthy Active Directory infrastructure. What I’m facing:

  • Domain Controller that doesn’t exist
  • DHCP server that doesn’t exist
  • Working DHCP server that’s worrisome
  • The need for a 2nd quality Domain Controller and backup DHCP server

What I’ll be tackling in this post:

  1. Removal of the bad Domain Controller (DC) from our systems
  2. Removal of a DHCP server that was added during RIS trials (the trials have been canned)

Step 1: Verify documentation of AD servers

Be sure to include the following:

  • Domain Controller’s (DC’s)
  • Schema Master
  • Domain Role owner
  • PDC Role
  • RIP Pool Manager
  • Infrastructure Owner

In my case, all of these roles belong to my primary server, ‘dorothy’

Also make sure to document any Trust relationships (other domain’s, etc.). I don’t have any

Step 2: Remove the failed Domain Controller

To remove a failed/dead domain controller, I used the following method:

  1. At a command, type ‘ntdsutil’ and hit enter to open the Directory Services Utilities menu
  2. Type in ‘metadata cleanup’ and hit enter to enter the metadata cleanup menu. This will help us clear out the stale information referencing our dead DC.
  3. Type in ‘select operation target’ and hit enter
  4. Type ‘list domains’ and hit enter. This will list the domains we have available. Mine is called ‘’ (no we don’t own it; it’s a long story)
  5. Type ‘select domain 0’  and hit enter ( i.e. DC=calvary,DC=com is 0 for me)
  6. Type ‘list sites’ and hit enter. This lists all sites. I only have one
  7. Type ‘select site 0’ and hit enter (my site # is also 0)
  8. Type ‘list servers in site’ and hit enter. This shows you the list of servers in the site (domain controllers). I took note of the # for my bad DC (1)
  9. Type ‘select server 1’ and hit enter. This selects the bad DC
  10. Type ‘q’ and hit enter. We need to go back to the metadata cleanup menu to finish
  11. Type ‘remove selected server’ and press enter
  12. I got a warning message asking for confirmation. Obviously I wanted to complete this (because the physical DC doesn’t exist anymore)
  13. Now you get a confirmation line
  14. Type ‘quit’ and hit enter

Next, I need to remove the DC from the corresponding other areas: Active Directory Sites and Services, Active Directory Users and Computers, DNS, and possibly DHCP

  1. Open up ‘Active Directory Sites and Services’
  2. Expand the site that the DC exists in
  3. Right-click on the bad DC, and then left-click on ‘Delete’
  4. Open up ‘Active Directory Users and Computers’
  5. Open the ‘Domain Controllers’ container
  6. Delete the bad DC computer object. You may get a warning. Heed it and proceed
  7. Open the ‘DNS’ snap-in
  8. Remove the bad DC records (CNAME, hostname, NS, A, etc.) from the appropriate Forward Lookup Zones. In my case, I had 2 areas to go through and check:
  9. Remove the bad DC records from any Reverse Lookup Zones. In my case these were already clean (I’m unsure as to why)
  10. Go through and check DHCP to make sure that you’ve removed all traces of the bad DC. I didn’t have anything in DHCP, but wanted to double-check. If the bad DC was a time server or some other role, make sure you make the proper modifications

I went ahead and restarted DHCP, flushed my DNS server’s cache, and then restarted DNS.

Great! Now I have cleaned up my AD infrastructure.

Let’s get the ‘extra’ DHCP server that was added during RIS trials removed
note: the DHCP server for RIS never went active. It was added to the DHCP server list as a prerequisite

  1. Open up the DHCP snap-in on your DHCP server (‘dorothy’ for me)
  2. Right-click on the icon labeled ‘DHCP’ (not the icon for ‘dorothy’)
  3. Left-click on ‘Manage authorized servers…’
  4. Select the DHCP server that doesn’t exist and then click ‘Unauthorize’

That’s it!

Up next time:

  • Extending the schema of my AD domain to support Windows 2003 R2
  • running adprep on ‘dorothy’
  • Adding a 2nd (replica) domain controller

Fixing a broken AD Domain (Part 1)

NOTE: This post (like many) is mostly for my documentation. If you derive some value from it, great!

I received a phone call on the way in to work today that we had the following symptoms:

  • Some staff weren’t seeing their network shares
  • Some staff had issues logging on
  • The internet was working sporadically
  • Some staff noticed no difference

Needless to say, this caused me to breathe quickly for a few seconds, and then I started praying on the way in, because it means that:

  • Domain controller(s) aren’t responding
  • Our internet connection (Bonded T-1’s) are down
  • Our firewall is having issues
  • Some other, unknown, time-consuming thing has happened

After praying, I remembered Romans 12:2 ; this was another reminder that God has bigger plans for my life, because this verse was brought up during a morning accountability group this very morning. Set my mind on Him and His things, and He will hold true to His promises.

Upon arriving at work, I found the following:

  • My FSMO, PDC, GC, and otherwise-depended-upon server was having serious issues. NTFRS, NTDS, Directory Services, DHCP, DNS, etc. were all throwing out errors.
  • My firewall (pfSense) was showing connectivity issues on the WAN link
  • Staff was able to log on with cached credentials, but could not access network resources
  • Staff that had previously logged on (before 8:45am) were sometimes working normally
  • My bosses laptop OS decided to finally junk out. It’s been showing bad signs, but ‘it’s not at the top of the list’

What I did:

  1. Checked the backups of my FSMO/GC/Schema Master/RID/Infrastructure server. We’ll call her ‘dorothy’
  2. Rebooted Dorothy

What happened:

  1. Staff was able to login
  2. Network resources mapped and were available to staff

Whew! Crisis averted, right?

WRONG! This was just a small band-aid on a gushing wound. Time for surgery.

What the real problem was:

  • We have a ‘stale’ Domain controller (died)
  • ‘Dorothy’ is a very old server (at least 6 years old). She’s also had an in-place motherboard replacement done (to dis-similar hardware).
  • DNS is flaky
  • DHCP is showing signs of flakiness on Dorothy

Up next: Fixing all the issues. Hopefully I’ll be done today

Wednesday, March 10, 2010

Dell Desktop System Software – Do you use it?

Recently I’ve been working on updating our images for some new (to us) machines we purchased and our Office 2007 rollout. Along the way, I noticed something interesting:

Dell recommends that you install ‘Dell Desktop System Software’ before installing any drivers, etc. on your new Windows installation. This is the description of DSS:

Desktop System Software (DSS) is a utility that provides
critical updates and patches for your operating system

I did a little more digging, and here’s an interesting tidbit I found on a messaging board:

This is the equivelent of windows update, but it updates dell device
drivers, and dell supplied software. MS doesnt do that.

I haven’t been using Dell DSS for my machines, and I haven’t had any serious recurring issues. I did have one issue, one time, with 2 Optiplex 755’s needing a BIOS update, but I determined that after calling support. I wonder now if this would have made that process easier or automated.


What’s your experience? Do you use Dell DSS? Has it saved you a support headache? Has it caused a support headache?

Thursday, February 18, 2010

AccessACS and Switchvox integration, iteration 1

Recently I've been helping one of our volunteers, Rick, to integrate Switchvox (our phone system) with AccessACS (part of our Church Database/ChMS). I’m the big picture guy (Michael Scott), and he’s the day-to-day guy (Jim Halpert).

Well, when I first tweeted about this, I got quite a bit of good feedback, and even more asking for examples/documentation. Well the day has come, and below is the information that Rick has passed along to me:

  • We have this setup on an IIS server that is *only* available internally.
  • Switchvox sends the callerid info, etc. using their 'switchboard' functionality to the IIS server
  • Rick packaged up a Visual Studio project that you can download here which includes his work, etc.

Instructions to setup ACSPanel.
1.    Setup a folder called ACSPanel as a virtual directory on IIS.

2.    Set directory permissions in IIS to allow Anonymous Access.

3.    From the attached zip file, copy only the files from  the 'Install' subdirectory to the new web directory. The top level of the directory should have folders called 'bin' and 'Web References' in it.   Note that this folder also contains a Visual Studio 2008 solution file in it if you want to make changes to the code.  Although it hasn't been tested, it is possible that you can use the free version of Visual Studio to make changes.

4.    Edit the web.config and change the following:

a.    AccessACSSecurityId: Set this to the SecurityId assigned to you by ACS. This is the longer cryptic token, typically 24 characters.

b.    AccessACSSiteId: Set this to your ACS SiteId.  This is usually a 6-digit number.

5.    Setup this site up as a panel in ACS.  The URL to the panel will be: http://YourServerName/ACSPanel/Default.aspx?CallerId={CallerIdFromSwitchVox}

If you want to see some of Rick’s coding genius, you can always check out his technical blog (way above my head)