Following the previous success of upgrading my DC, and Hyper-V servers I decided that it was time for my server that hosts the "Windows Server Update Services" role to be updated.
How did it go? In a nutshell... BLAH!
After the upgrade completed, WSUS was logging errors in the system log about not being able to connect to it's web sites. The reason became very obvious to me after I installed the IIS Management Console and had a look.... the WSUS application pool was not there, and neither was there any of the WSUS content in the "Default Web Site".
After a bit of searching on Google & Technet and finding nothing, I decided to uninstall the WSUS & IIS roles & then re-install.
Uninstall was easy ... just made sure to leave behind the downloaded updates, database, etc... and reboot.
Re-install was failing, saying that updates could not be found and suggesting that I might have a network connectivity issue. Well I didn't have a network connectivity issue, but I figured it was trying to use the WU client to connect to the MS updates site, and seeing how my WSUS Group Policy on the domain was pointing all systems to my WSUS server there was little wonder that it could not find any updates.
I decided the simplest and most certain way to revert the WU client to use the MS updates online was to change the "Specify intranet Microsoft update service location" to "Disabled" .... doing this instead of "Not Configured" ensured that it was actually disabled. I didn't really care if other systems picked up the policy in the short time it was going to be active.
Once I refreshed the policies on the WSUS server ("gpupdate /force"), and restarted the WU client service the installation of the WSUS role was successful - made sure to point to the original database & downloaded updates location... and everything was back to normal. PHEW!
Wednesday, September 16, 2009
Windows Server 2008 R2 Core - Poking at the Firewall: Part 1
So... I can't ping my Core server, and I can't remotely manage it!
Well it's time to get cosy with Windows Advanced Firewall, and configuring it using the netsh command :-)
If you want to get your boots on and get into it knee deep, you can list all the firewall rules using the command:
netsh advfirewall firewall show rule name=all
Wow, now there's something to get your teeth into and provide yourself with some gripping reading for the next 15 minutes... not. Well not unless you know what you are looking for... and unless you have already had a good play with this stuff, then you can probbly only make an educated guess at what it is that you are looking at.
So, the first thing I want to be able to do is to get IPv4 ping replies from my server. You might ask: "Surely there is already a rule that I can turn on to allow this", and the answer would be "Yes"... there is, but I find that the rule is named in a way that slightly throws you off course...
The rule is called "File and Printer Sharing (Echo Request - ICMPv4-In)"
So, take a look at it with the following command:
netsh advfirewall firewall show rule name="File and Printer Sharing (Echo Request - ICMPv4-In)"
You will see that the "Action" will be set to "Allow" ... buuut the "Enabled" parameter is set to "No"
So to enable this rule you use the following command:
netsh advfirewall firewall set rule name="File and Printer Sharing (Echo Request - ICMPv4-In)" new enable=yes
While most of that is self explanetory, I wondered what the "new" bit was for, well the built-in help explained that:
"Values after the new keyword are updated in the rule. If ther are no values, or keyword new is missing, no changes are made."
So there we go, the server is now ping-able using IPv4. If you use IPv6, then the rule name is almost identical .. just change the 4 to a 6!
Remote Admin, and other fun things will follow in my next post!
Well it's time to get cosy with Windows Advanced Firewall, and configuring it using the netsh command :-)
If you want to get your boots on and get into it knee deep, you can list all the firewall rules using the command:
netsh advfirewall firewall show rule name=all
Wow, now there's something to get your teeth into and provide yourself with some gripping reading for the next 15 minutes... not. Well not unless you know what you are looking for... and unless you have already had a good play with this stuff, then you can probbly only make an educated guess at what it is that you are looking at.
So, the first thing I want to be able to do is to get IPv4 ping replies from my server. You might ask: "Surely there is already a rule that I can turn on to allow this", and the answer would be "Yes"... there is, but I find that the rule is named in a way that slightly throws you off course...
The rule is called "File and Printer Sharing (Echo Request - ICMPv4-In)"
So, take a look at it with the following command:
netsh advfirewall firewall show rule name="File and Printer Sharing (Echo Request - ICMPv4-In)"
You will see that the "Action" will be set to "Allow" ... buuut the "Enabled" parameter is set to "No"
So to enable this rule you use the following command:
netsh advfirewall firewall set rule name="File and Printer Sharing (Echo Request - ICMPv4-In)" new enable=yes
While most of that is self explanetory, I wondered what the "new" bit was for, well the built-in help explained that:
"Values after the new keyword are updated in the rule. If ther are no values, or keyword new is missing, no changes are made."
So there we go, the server is now ping-able using IPv4. If you use IPv6, then the rule name is almost identical .. just change the 4 to a 6!
Remote Admin, and other fun things will follow in my next post!
Wednesday, September 9, 2009
Server 2008 upgrade to R2 - PART 2
Following the successful upgrade of my VM Domain Controller I decided to go "all-in" and upgrade my physical host.
First attempt stopped at the compatibility test and directed me to shut down all my virtual machines, and referred me to this site: Description of methods to upgrade to Windows Server 2008 R2 from Windows Server 2008 with Hyper-V
I chose Method 1, and shut down my VM's & tried again.... ignoring the other warning message that showed up in the compatibility report on this system, and the previous one I upgraded.... this warning tells you to make sure that any software that you have installed on your server is compatible with R2... probbly fairly important to do this in a production environment, but as this is my Lab server I am prepared to see what breaks.
But if you feel so inclined, you can follow the Upgrading to Windows Server 2008 guide and search the Windows Server Catalogue.
So... my upgrade went fine, but I have noticed a couple of broken things so far:
First attempt stopped at the compatibility test and directed me to shut down all my virtual machines, and referred me to this site: Description of methods to upgrade to Windows Server 2008 R2 from Windows Server 2008 with Hyper-V
I chose Method 1, and shut down my VM's & tried again.... ignoring the other warning message that showed up in the compatibility report on this system, and the previous one I upgraded.... this warning tells you to make sure that any software that you have installed on your server is compatible with R2... probbly fairly important to do this in a production environment, but as this is my Lab server I am prepared to see what breaks.
But if you feel so inclined, you can follow the Upgrading to Windows Server 2008 guide and search the Windows Server Catalogue.
So... my upgrade went fine, but I have noticed a couple of broken things so far:
- Virtual Clone Drive: stopped working.... a simple re-install got it working again.
- Microsoft Network Monitor 3.3: it runs, but does not list any network adapters - I suspect a re-install will fix this too.... but will wait until I am at the local console for fear of loosing network connectivity :)
Other software installed... Self Test Software .. worked fine after upgrading.
Server 2008 upgrade to R2 - PART 1
I decided to upgrade some of my 2008 servers to R2 last night, so I started with my Domain Controller (running Windows Server 2008 Enterprise).
My DC is a virtual, so I took a snapshot first, and then inserted the DVD (well inserted the "virtual" DVD iso). As with the original installation of 2008 - everything is quite intuitive for anyone with previous Windows server administration experience... like to start with a big button in the middle of the screen saying "Install".
So you click "Install", and select whether or not to check for updates & provide feedback (yes, yes), then select the version (Sandard, Enterprise, Datacenter, or Web), and choose Upgrade or New installation.
Choosing upgrade then goes on to run compatibility tests ... and if you don't prepare your DC with the R2 schema, then the tests fail and you get a "Windows Compatibility Report" HTML document on your desktop with a link to a Microsoft article and some info telling you what needs to be done before you can upgrade. In the case of a DC, you need to prepare the AD schema for R2, and to do this you open up an Administrative command prompt and go into the \support\adprep directory on the installation disk, and run adprep.
In my case, my DC is the only one on the network, so it is the "everything" master. So the first command to run is:
adprep.exe /forestPrep
and then:
adprep.exe /domainPrep
Now we can run the R2 upgrade... kick it off, then sit back and relax while it runs!
Links
My DC is a virtual, so I took a snapshot first, and then inserted the DVD (well inserted the "virtual" DVD iso). As with the original installation of 2008 - everything is quite intuitive for anyone with previous Windows server administration experience... like to start with a big button in the middle of the screen saying "Install".
So you click "Install", and select whether or not to check for updates & provide feedback (yes, yes), then select the version (Sandard, Enterprise, Datacenter, or Web), and choose Upgrade or New installation.
Choosing upgrade then goes on to run compatibility tests ... and if you don't prepare your DC with the R2 schema, then the tests fail and you get a "Windows Compatibility Report" HTML document on your desktop with a link to a Microsoft article and some info telling you what needs to be done before you can upgrade. In the case of a DC, you need to prepare the AD schema for R2, and to do this you open up an Administrative command prompt and go into the \support\adprep directory on the installation disk, and run adprep.
In my case, my DC is the only one on the network, so it is the "everything" master. So the first command to run is:
adprep.exe /forestPrep
and then:
adprep.exe /domainPrep
Now we can run the R2 upgrade... kick it off, then sit back and relax while it runs!
Links
Thursday, September 3, 2009
Windows Server 2008 R2 Core
I am installing a Server Core VM to play with ... so it's back to the command line for setting this baby up!
I am going to use the server for network routing, ISATAP, etc... so it has been given 2 network interfaces. First step is to assign an IPV4 address to the first interface. Now you would assume that the first interface is the one called "Local Area Connection" ... however just to be sure running "ipconfig /all" will display the MAC addresses for each NIC ... then all you have to do is look for the MAC address for that NIC in the VM settings... if you set it to "Dynamic" it will be grayed out, but the address in the boxes below will be displayed.
Knowing what the adapter is called (in this case i is "Local Area Connection") I can run the following command to set the IP address, network mask, and default gateway:
netsh interface ipv4 set address "Local Area Connection" static 192.168.0.12 255.255.255.0 192.168.0.1
... and to set the DNS server:
netsh interface ipv4 set dnsservers "Local Area Connection" static 192.168.0.10 primary
Next... using netdom to rename & join to the domain:
use "echo %computername%" to find out what the current computer name is, and then:
netdom renamecomputer currentcomputername /NewName newcomputername
then reboot.... "shutdown /r /t 0"
then to join to domain
netdom join computername /Domain:domain.name /UserD:administrator /PasswordD:* /reboot
Next steps will be setting it up to allow as much admin to be done remotely from a GUI.....
I am going to use the server for network routing, ISATAP, etc... so it has been given 2 network interfaces. First step is to assign an IPV4 address to the first interface. Now you would assume that the first interface is the one called "Local Area Connection" ... however just to be sure running "ipconfig /all" will display the MAC addresses for each NIC ... then all you have to do is look for the MAC address for that NIC in the VM settings... if you set it to "Dynamic" it will be grayed out, but the address in the boxes below will be displayed.
Knowing what the adapter is called (in this case i is "Local Area Connection") I can run the following command to set the IP address, network mask, and default gateway:
netsh interface ipv4 set address "Local Area Connection" static 192.168.0.12 255.255.255.0 192.168.0.1
... and to set the DNS server:
netsh interface ipv4 set dnsservers "Local Area Connection" static 192.168.0.10 primary
Next... using netdom to rename & join to the domain:
use "echo %computername%" to find out what the current computer name is, and then:
netdom renamecomputer currentcomputername /NewName newcomputername
then reboot.... "shutdown /r /t 0"
then to join to domain
netdom join computername /Domain:domain.name /UserD:administrator /PasswordD:* /reboot
Next steps will be setting it up to allow as much admin to be done remotely from a GUI.....
Monday, August 24, 2009
Windows XP Mode, & Virtual PC
Well after having a good play with XP Mode and Windows Virtual PC, I can now feel confident about describing some of it's features.
XP Mode is essentially an XP SP3 virtual machine that runs under Microsoft's new Virtual PC for Windows 7 Professional and Ultimate. At this present time, Windows Virtual PC and XP Mode are at RC level.
One of the first things I noticed before I even installed anything was the name of the virtualisation product ... Previously we have seen Virtual PC 2004, Virtual PC 2007, and Virtual Server 2005 - followed by Hyper-V in Windows Server 2008, all by Microsoft. This product has been named Windows Virtual PC - taking away the year distinction at the end, and proclaiming it at the beginning with "Windows"... interesting decision, I am not sure if that will just initially confuse the matter, or help to set it apart from it's predecessor "Virtual PC" products.
One of the main new features of Windows Virtual PC is it's option install it's Integration Components, and to switch on or off it's Integration Features, and Auto Publish option.... and this is where the thing they are calling "XP Mode" comes into it.
The XP Mode packacge is essentially a preconfigured, pre-activated installation of XP with SP3.
When you get your XP Mode virtual machine up and running, you are presented with an interface which is familiar to anyone who has used and played with other Virtual PC products .... you get a fully functioning XP system running in a virtual environment ... desktop and all. Ok, so nothing suprising there... but here is where the cool part comes in. Lets say you need to use an application that does not install or run in Windows 7, so you install it on your XP Mode virtual machine and hey presto, the application shortcuts show up in the start menu (under the Windows Virtual PC tree) of your Windows 7 host!
Launching this application from your Windows 7 host informs you that the virtual machine needs to be closed before the application can be launched, but when it does launch, it appears as if it where running directly within the Windows 7 environment!
After a bit of tinkering an playing around with this new cool feature I can see that it appears to be a customised implementation of Terminal Services on XP, and the publishing of applications from the XP virtual machine to the Windows 7 host via Terminal Services on the XP virtual machine.
Further tinkering around found that I could install a VPN client on the XP virtual machine, and then lauch that from my host & connect the XP virtual environment to a remote VPN network and then run other applications within that virtual environment which connected to services on that remote network - all the while my Windows 7 host sat happily on my internal network with no interruptions to it's connectivity from things like VPN split tunnelling options disabling the local connection etc....
I can see this version of Microsoft Virtual PC becoming quite handy for many things.
Links:
-------
XP Mode is essentially an XP SP3 virtual machine that runs under Microsoft's new Virtual PC for Windows 7 Professional and Ultimate. At this present time, Windows Virtual PC and XP Mode are at RC level.
One of the first things I noticed before I even installed anything was the name of the virtualisation product ... Previously we have seen Virtual PC 2004, Virtual PC 2007, and Virtual Server 2005 - followed by Hyper-V in Windows Server 2008, all by Microsoft. This product has been named Windows Virtual PC - taking away the year distinction at the end, and proclaiming it at the beginning with "Windows"... interesting decision, I am not sure if that will just initially confuse the matter, or help to set it apart from it's predecessor "Virtual PC" products.
One of the main new features of Windows Virtual PC is it's option install it's Integration Components, and to switch on or off it's Integration Features, and Auto Publish option.... and this is where the thing they are calling "XP Mode" comes into it.
The XP Mode packacge is essentially a preconfigured, pre-activated installation of XP with SP3.
When you get your XP Mode virtual machine up and running, you are presented with an interface which is familiar to anyone who has used and played with other Virtual PC products .... you get a fully functioning XP system running in a virtual environment ... desktop and all. Ok, so nothing suprising there... but here is where the cool part comes in. Lets say you need to use an application that does not install or run in Windows 7, so you install it on your XP Mode virtual machine and hey presto, the application shortcuts show up in the start menu (under the Windows Virtual PC tree) of your Windows 7 host!
Launching this application from your Windows 7 host informs you that the virtual machine needs to be closed before the application can be launched, but when it does launch, it appears as if it where running directly within the Windows 7 environment!
After a bit of tinkering an playing around with this new cool feature I can see that it appears to be a customised implementation of Terminal Services on XP, and the publishing of applications from the XP virtual machine to the Windows 7 host via Terminal Services on the XP virtual machine.
Further tinkering around found that I could install a VPN client on the XP virtual machine, and then lauch that from my host & connect the XP virtual environment to a remote VPN network and then run other applications within that virtual environment which connected to services on that remote network - all the while my Windows 7 host sat happily on my internal network with no interruptions to it's connectivity from things like VPN split tunnelling options disabling the local connection etc....
I can see this version of Microsoft Virtual PC becoming quite handy for many things.
Links:
-------
Thursday, August 20, 2009
Windows 7 XP Mode
Windows 7 XP Mode ... it's like a virtual XP environment in which to seamlessly run XP applications on Windows 7. I am about to install it and try it out!
Wednesday, August 19, 2009
Adventures in the land of Microsoft Certification
Since my employer approved some Microsoft Windows Server 2008 training for me, and subsequently sent me on a training course a couple of weeks ago (Course 6421A: Configuring and Troubleshooting a Windows Server 2008 Network Infrastructure), I have been regularly studying for my first MS Certification Exam (70-642: TS: Windows Server 2008 Network Infrastructure, Configuring).
Along the way I have been discovering a whole heap of "stuff" about Windows Server that I have just never needed to look at before, and "new stuff" like IPv6. This along with my inherent need to tell people about "cool stuff" has made me decide to try Blogger out & see how I go with it :-)
Along the way I have been discovering a whole heap of "stuff" about Windows Server that I have just never needed to look at before, and "new stuff" like IPv6. This along with my inherent need to tell people about "cool stuff" has made me decide to try Blogger out & see how I go with it :-)
Subscribe to:
Posts (Atom)