Following the previous success of upgrading my DC, and Hyper-V servers I decided that it was time for my server that hosts the "Windows Server Update Services" role to be updated.
How did it go? In a nutshell... BLAH!
After the upgrade completed, WSUS was logging errors in the system log about not being able to connect to it's web sites. The reason became very obvious to me after I installed the IIS Management Console and had a look.... the WSUS application pool was not there, and neither was there any of the WSUS content in the "Default Web Site".
After a bit of searching on Google & Technet and finding nothing, I decided to uninstall the WSUS & IIS roles & then re-install.
Uninstall was easy ... just made sure to leave behind the downloaded updates, database, etc... and reboot.
Re-install was failing, saying that updates could not be found and suggesting that I might have a network connectivity issue. Well I didn't have a network connectivity issue, but I figured it was trying to use the WU client to connect to the MS updates site, and seeing how my WSUS Group Policy on the domain was pointing all systems to my WSUS server there was little wonder that it could not find any updates.
I decided the simplest and most certain way to revert the WU client to use the MS updates online was to change the "Specify intranet Microsoft update service location" to "Disabled" .... doing this instead of "Not Configured" ensured that it was actually disabled. I didn't really care if other systems picked up the policy in the short time it was going to be active.
Once I refreshed the policies on the WSUS server ("gpupdate /force"), and restarted the WU client service the installation of the WSUS role was successful - made sure to point to the original database & downloaded updates location... and everything was back to normal. PHEW!
Wednesday, September 16, 2009
Windows Server 2008 R2 Core - Poking at the Firewall: Part 1
So... I can't ping my Core server, and I can't remotely manage it!
Well it's time to get cosy with Windows Advanced Firewall, and configuring it using the netsh command :-)
If you want to get your boots on and get into it knee deep, you can list all the firewall rules using the command:
netsh advfirewall firewall show rule name=all
Wow, now there's something to get your teeth into and provide yourself with some gripping reading for the next 15 minutes... not. Well not unless you know what you are looking for... and unless you have already had a good play with this stuff, then you can probbly only make an educated guess at what it is that you are looking at.
So, the first thing I want to be able to do is to get IPv4 ping replies from my server. You might ask: "Surely there is already a rule that I can turn on to allow this", and the answer would be "Yes"... there is, but I find that the rule is named in a way that slightly throws you off course...
The rule is called "File and Printer Sharing (Echo Request - ICMPv4-In)"
So, take a look at it with the following command:
netsh advfirewall firewall show rule name="File and Printer Sharing (Echo Request - ICMPv4-In)"
You will see that the "Action" will be set to "Allow" ... buuut the "Enabled" parameter is set to "No"
So to enable this rule you use the following command:
netsh advfirewall firewall set rule name="File and Printer Sharing (Echo Request - ICMPv4-In)" new enable=yes
While most of that is self explanetory, I wondered what the "new" bit was for, well the built-in help explained that:
"Values after the new keyword are updated in the rule. If ther are no values, or keyword new is missing, no changes are made."
So there we go, the server is now ping-able using IPv4. If you use IPv6, then the rule name is almost identical .. just change the 4 to a 6!
Remote Admin, and other fun things will follow in my next post!
Well it's time to get cosy with Windows Advanced Firewall, and configuring it using the netsh command :-)
If you want to get your boots on and get into it knee deep, you can list all the firewall rules using the command:
netsh advfirewall firewall show rule name=all
Wow, now there's something to get your teeth into and provide yourself with some gripping reading for the next 15 minutes... not. Well not unless you know what you are looking for... and unless you have already had a good play with this stuff, then you can probbly only make an educated guess at what it is that you are looking at.
So, the first thing I want to be able to do is to get IPv4 ping replies from my server. You might ask: "Surely there is already a rule that I can turn on to allow this", and the answer would be "Yes"... there is, but I find that the rule is named in a way that slightly throws you off course...
The rule is called "File and Printer Sharing (Echo Request - ICMPv4-In)"
So, take a look at it with the following command:
netsh advfirewall firewall show rule name="File and Printer Sharing (Echo Request - ICMPv4-In)"
You will see that the "Action" will be set to "Allow" ... buuut the "Enabled" parameter is set to "No"
So to enable this rule you use the following command:
netsh advfirewall firewall set rule name="File and Printer Sharing (Echo Request - ICMPv4-In)" new enable=yes
While most of that is self explanetory, I wondered what the "new" bit was for, well the built-in help explained that:
"Values after the new keyword are updated in the rule. If ther are no values, or keyword new is missing, no changes are made."
So there we go, the server is now ping-able using IPv4. If you use IPv6, then the rule name is almost identical .. just change the 4 to a 6!
Remote Admin, and other fun things will follow in my next post!
Wednesday, September 9, 2009
Server 2008 upgrade to R2 - PART 2
Following the successful upgrade of my VM Domain Controller I decided to go "all-in" and upgrade my physical host.
First attempt stopped at the compatibility test and directed me to shut down all my virtual machines, and referred me to this site: Description of methods to upgrade to Windows Server 2008 R2 from Windows Server 2008 with Hyper-V
I chose Method 1, and shut down my VM's & tried again.... ignoring the other warning message that showed up in the compatibility report on this system, and the previous one I upgraded.... this warning tells you to make sure that any software that you have installed on your server is compatible with R2... probbly fairly important to do this in a production environment, but as this is my Lab server I am prepared to see what breaks.
But if you feel so inclined, you can follow the Upgrading to Windows Server 2008 guide and search the Windows Server Catalogue.
So... my upgrade went fine, but I have noticed a couple of broken things so far:
First attempt stopped at the compatibility test and directed me to shut down all my virtual machines, and referred me to this site: Description of methods to upgrade to Windows Server 2008 R2 from Windows Server 2008 with Hyper-V
I chose Method 1, and shut down my VM's & tried again.... ignoring the other warning message that showed up in the compatibility report on this system, and the previous one I upgraded.... this warning tells you to make sure that any software that you have installed on your server is compatible with R2... probbly fairly important to do this in a production environment, but as this is my Lab server I am prepared to see what breaks.
But if you feel so inclined, you can follow the Upgrading to Windows Server 2008 guide and search the Windows Server Catalogue.
So... my upgrade went fine, but I have noticed a couple of broken things so far:
- Virtual Clone Drive: stopped working.... a simple re-install got it working again.
- Microsoft Network Monitor 3.3: it runs, but does not list any network adapters - I suspect a re-install will fix this too.... but will wait until I am at the local console for fear of loosing network connectivity :)
Other software installed... Self Test Software .. worked fine after upgrading.
Server 2008 upgrade to R2 - PART 1
I decided to upgrade some of my 2008 servers to R2 last night, so I started with my Domain Controller (running Windows Server 2008 Enterprise).
My DC is a virtual, so I took a snapshot first, and then inserted the DVD (well inserted the "virtual" DVD iso). As with the original installation of 2008 - everything is quite intuitive for anyone with previous Windows server administration experience... like to start with a big button in the middle of the screen saying "Install".
So you click "Install", and select whether or not to check for updates & provide feedback (yes, yes), then select the version (Sandard, Enterprise, Datacenter, or Web), and choose Upgrade or New installation.
Choosing upgrade then goes on to run compatibility tests ... and if you don't prepare your DC with the R2 schema, then the tests fail and you get a "Windows Compatibility Report" HTML document on your desktop with a link to a Microsoft article and some info telling you what needs to be done before you can upgrade. In the case of a DC, you need to prepare the AD schema for R2, and to do this you open up an Administrative command prompt and go into the \support\adprep directory on the installation disk, and run adprep.
In my case, my DC is the only one on the network, so it is the "everything" master. So the first command to run is:
adprep.exe /forestPrep
and then:
adprep.exe /domainPrep
Now we can run the R2 upgrade... kick it off, then sit back and relax while it runs!
Links
My DC is a virtual, so I took a snapshot first, and then inserted the DVD (well inserted the "virtual" DVD iso). As with the original installation of 2008 - everything is quite intuitive for anyone with previous Windows server administration experience... like to start with a big button in the middle of the screen saying "Install".
So you click "Install", and select whether or not to check for updates & provide feedback (yes, yes), then select the version (Sandard, Enterprise, Datacenter, or Web), and choose Upgrade or New installation.
Choosing upgrade then goes on to run compatibility tests ... and if you don't prepare your DC with the R2 schema, then the tests fail and you get a "Windows Compatibility Report" HTML document on your desktop with a link to a Microsoft article and some info telling you what needs to be done before you can upgrade. In the case of a DC, you need to prepare the AD schema for R2, and to do this you open up an Administrative command prompt and go into the \support\adprep directory on the installation disk, and run adprep.
In my case, my DC is the only one on the network, so it is the "everything" master. So the first command to run is:
adprep.exe /forestPrep
and then:
adprep.exe /domainPrep
Now we can run the R2 upgrade... kick it off, then sit back and relax while it runs!
Links
Thursday, September 3, 2009
Windows Server 2008 R2 Core
I am installing a Server Core VM to play with ... so it's back to the command line for setting this baby up!
I am going to use the server for network routing, ISATAP, etc... so it has been given 2 network interfaces. First step is to assign an IPV4 address to the first interface. Now you would assume that the first interface is the one called "Local Area Connection" ... however just to be sure running "ipconfig /all" will display the MAC addresses for each NIC ... then all you have to do is look for the MAC address for that NIC in the VM settings... if you set it to "Dynamic" it will be grayed out, but the address in the boxes below will be displayed.
Knowing what the adapter is called (in this case i is "Local Area Connection") I can run the following command to set the IP address, network mask, and default gateway:
netsh interface ipv4 set address "Local Area Connection" static 192.168.0.12 255.255.255.0 192.168.0.1
... and to set the DNS server:
netsh interface ipv4 set dnsservers "Local Area Connection" static 192.168.0.10 primary
Next... using netdom to rename & join to the domain:
use "echo %computername%" to find out what the current computer name is, and then:
netdom renamecomputer currentcomputername /NewName newcomputername
then reboot.... "shutdown /r /t 0"
then to join to domain
netdom join computername /Domain:domain.name /UserD:administrator /PasswordD:* /reboot
Next steps will be setting it up to allow as much admin to be done remotely from a GUI.....
I am going to use the server for network routing, ISATAP, etc... so it has been given 2 network interfaces. First step is to assign an IPV4 address to the first interface. Now you would assume that the first interface is the one called "Local Area Connection" ... however just to be sure running "ipconfig /all" will display the MAC addresses for each NIC ... then all you have to do is look for the MAC address for that NIC in the VM settings... if you set it to "Dynamic" it will be grayed out, but the address in the boxes below will be displayed.
Knowing what the adapter is called (in this case i is "Local Area Connection") I can run the following command to set the IP address, network mask, and default gateway:
netsh interface ipv4 set address "Local Area Connection" static 192.168.0.12 255.255.255.0 192.168.0.1
... and to set the DNS server:
netsh interface ipv4 set dnsservers "Local Area Connection" static 192.168.0.10 primary
Next... using netdom to rename & join to the domain:
use "echo %computername%" to find out what the current computer name is, and then:
netdom renamecomputer currentcomputername /NewName newcomputername
then reboot.... "shutdown /r /t 0"
then to join to domain
netdom join computername /Domain:domain.name /UserD:administrator /PasswordD:* /reboot
Next steps will be setting it up to allow as much admin to be done remotely from a GUI.....
Subscribe to:
Posts (Atom)