Search results for 'app:weblogs' matching tags 'Server' and 'Servers'

Creating a new Domain Forest on Server Core

Anonymous — Mon, 12 Oct 2009 05:00:00 GMT

This article explains how to install a new domain forest on Windows Server Core, or in the Windows Server CLI (Command Line Interpreter). I will not discuss any other option for RODCs, existing domains, child domains, and so on… there are a plethora of articles out there that describe those already.

It astounded me the first (several) times I tried to create a new domain using Windows Server Core installations as my first domain controller in the forest. There are, I should mention, copious articles on creating additional DCs in an existing domain, but I have not come across too many (any?) that explained creating the FIRST… i.e.: creating the forest FOR the trees :)

This evening Steve Syfuhs and I sat down and attempted to do just that. Actually our original intentions had very little to do with that, but as we discovered along the way we would have two choices:

Create a new physical server with Windows Server 2008 FULL install, create a new domain on GUI mode, join our Server Core machine to that domain, promote it to Domain Controller, transfer all Operations Master Roles to the Server Core machine, and continue on; or
Figure out once and for all how to create our domain in Server Core.

I should point out that between us we read several dozen articles (including some written by some very reputable IT Pros) that CLAIMED that it was possible, but none that elaborated.

So we started clawing our way through the tidbits we gleaned from various sources and came up with the following unattend file that did the job:

[DCInstall]
InstallDNS=yes
NewDomain=forest
NewDomainDNSName=swmi.ca
DomainNetBiosName=SWMI
SiteName=Default-First-Site-Name
ReplicaOrNewDomain=domain
ForestLevel=3
DomainLevel=3
DatabasePath="%systemroot%\ntds"
LogPath="%systemroot%\ntds"
RebootOnCompletion=yes
SYSVOLPath="%systemroot%\sysvol"
SafeModeAdminPassword=Pa$$w0rd

Now: Once the file was created we put it in the root of C: on the server core machine, and typed the following command:

dcpromo /unattend:c:\unattend.txt

The next user interaction was (after a reboot) a logon prompt for the SWMI\Administrator account.

I hope this helps the next group of IT Pros trying to claw their way through the process… Creating AD Forests and Domains is something I have done a thousand times but always in GUI mode; from now on I can do it either way… and so can you!

Going Green

Anonymous — Sun, 02 Nov 2008 05:00:00 GMT

Theresa and I bought a new car recently. It's Green. To be specific, it is actually a colour called Aloe Green Metallic, which to me sounds like a pretentious way of saying it's green.

The car was actually available in one of seven colours, but it did not really matter, because no matter what colour we chose (Desert Sand Mica... Barcelona Red Metallic... SHEESH!) the car would still be green.

We decided to buy a hybrid, or to be more more specific, we went to the dealership to look at hybrid cars with the intention that if we could do so without too much of an increase in our monthly expenses we would do it, and we did.

Don't get me wrong... I am not a conservationist, but I am very practical; with the price of gas being what it is (when we bought the car it was $1.30/litre… now it is down to $.90/litre), we can either decide to drive less (not a viable option with our lifestyle, as well as where we live) or we can look for a more fuel efficient car.

Our car is not the only change we have made recently as a nod to the green movement. As an independent IT consultant, trainer, and courseware designer I need several servers running at any given time; this week it is Essential Business Server 2008 (three servers), last week it was a complete deployment infrastructure (including Active Directory, System Center Configuration Manager, System Center Operations Manager, and Microsoft Deployment Toolkit – three servers plus three workstations), and a few weeks before that it was migrating from an SBS 2003 Premium infrastructure to an EBS 2008 Premium infrastructure (six servers, three workstations). Of course I do not need to keep all of these configurations when I was finished, so all I really need is six servers and a few desktop computers and I’m set.

Of course, there are a couple of issues to consider here:

Six servers with the minimum requirements for these projects would be prohibitively expensive;
None of the servers in question would ever utilize more than 15% of their resources, but they were necessary nonetheless;
Nine machines would increase my monthly electricity bill by $200/month; and
I do not have a home office big enough to store these all if it was the best way.

There was a green solution to this conundrum: a single server that is powerful enough to virtualize all of these servers simultaneously. It is not widely appreciated that most servers do not use all of their resources… especially in a smaller environment without excessive use. Moore’s Law promised us that processing power would skyrocket, and indeed it has… well past the basic needs of most individuals. A result of this is that there are huge numbers of computers and servers whose CPU are never taxed beyond 15%. Of course we can’t purchase 20% of a CPU… but we can share the resources between servers.

The server that I decided on is a HP ProLiant DL585 G2, with four dual-core CPUs, sixteen gigabytes of RAM and six high-speed SAS hard disks - admittedly more machine than any individual server I would ever have purchased for my home… and is the single most expensive piece of equipment in the house. It consumes more electricity than any other item (including our central air conditioner). It generates enough heat to make a noticeable difference in the room where it resides… and it is loud. Having stated all of that it is also the smartest purchase I have made in years. With all of the resources that it does consume, it is less by far than the six machines I would have needed to do the same work… as much as 75% less electricity; it generates 20% of the heat that those servers would have; it takes much less space than a physical server farm would have; and as far as return on investment (ROI) the eight CPU cores average between 40 and 80% usage at any given time (when running hot). It has more hard drives than any server I would have bought… and yet they are all being used (efficiently).

Admittedly it is bigger than any server I would have bought (My old PowerEdge 4300 was bigger and if not heavier then close) for myself, but it still took less materials to make than what I would have bought… and when the time comes (years from now) to dispose of it, aside from the fact that so much of it is recyclable, it would take up much less space in a landfill than would six machines.

I’ll say it again… I am not an environmentalist, but there are times when going green just makes sense… cars and servers are just two examples where I saved money while being planet-friendly. How about you?

A Secure, Well-Managed Disaster Zone

Anonymous — Sat, 13 Sep 2008 05:00:00 GMT

I owe a great debt to Microsoft Canada (Damir!) and Hewlett Packard Canada (Laurie!) who came through to supply me with a server for my last two projects. If you happen to find yourself in the market for a server for a small to mid-sized company I cannot think of a better product than the HP ProLiant DL-585 G2 that I have been using since May. It truly is everything that I could ever ask for in a server, and has been running my virtual environment flawlessly and without so much as a hiccup.

Let me give you a little bit of information on this machine - that I have often described as the server G-d would buy if he were running a mid-sized corporation. It is a 4U rack-mounted server with hot plug redundant power supplies. Forgetting the basic configuration, the model that I have been working with has four dual-core 2.8GHz AMD Opteron CPUs, sixteen gigabytes of RAM, and six hot plug high-speed SAS (serial attached SCSI) drives (2x 72 GB for the system drive, 4x individual 146 GB drives for storage and virtual machines - all 15,000 rpm). It has a fibre channel host bus adapter, dual gigabit NICs, and HP's server management package which I have come to love - Integrated Lights Out 2 (iLO 2) Standard Management.

In a word, this server rocks. It would fit in perfectly in any company's data centre. Having said all of that, I do not necessarily recommend it for your home office to sit under (or on top of) your desk, as I have had it for the past few months. There are a number of reasons for this.

The server is not quiet. If you are a long-time reader of my blog (back to the days when it resided on www.mitpro.ca) you may have read about the Hovercraft, my old PowerEdge 4300 server which sat on the floor of my apartment in Ville St-Laurent and ran my mail server (see http://mitchgarvis.com/blogs/mitch/archive/2007/06/27/the-dell-hovercraft-is-officially-retired.aspx). We called it the hovercraft because it was loud. Well, this server is louder; initially it scared the puppies, though the entire family has grown used to its sounds from behind the closed door of my office. For several weeks I continued to work in the office despite the noise, but eventually realized that laptops and wifi routers allowed me to escape the constant headaches.
The server generates heat. I do not mean it kicks the thermostat by a degree or two; I mean that if the central heating goes out in the winter we can all sit comfortably in a room with this server going... as long as we brought ear plugs. Occasionally during the summer Theresa would turn the air conditioner to max... I understand that she just does not like the heat. Whenever it got too chilly for me I would just go down to my office and warm up for a bit. Not to say that my office is not air conditioned... but the server wins!
The server is not light. The ProLiant DL-585 G2 is a lot of things, but it has never been accused of being portable. The configuration that I described above weighs just shy of one hundred and fifty pounds. When I picked it up it took two of us to carry it to my car, and when I got it home I had to remove the central processing unit (40 lbs) and carry it into the house in two parts. I do not recommend putting it on your desk without doing some serious weight-capacity testing first.
The server is not small. 19" wide by 26.5" deep by 6.94" tall (48.3cm x 67.3 cm x 17.6 cm) is a perfect size for a server room... if it had four legs three people could comfortably sit at it for afternoon tea. In a word, it is BIG.

Back in May I actually brought the server with me to Montreal. I drove, not because I couldn't write off the airfare, but because Air Canada laughed at me when I suggested I wanted to bring a 150lbs delicate oversized piece of carry-on luggage. As I drove down the 401 it occurred to me that my Toyota Matrix had more computing power in it than the entire space program that launched the first few space shuttles, and likely more CPU cycles than the entire world did when Ronald Reagan was elected president. The concierge at both hotels I stayed at were not entirely sure that I was not secretly playing a practical joke on them, and looked around for hidden cameras. Needless to say they both expected (and received) sizeable tips for helping me to and from my rooms!

Over the past few years I have professed to anyone who would listen the need for a secure, well managed infrastructure. Part of that should be a clean environment, and I am afraid that I have fallen quite short of that goal. Several months ago I posted about how Theresa and I cleaned out our office together (http://mitchgarvis.com/blogs/mitch/archive/2008/02/04/an-organized-office-and-the-journey-into-the-unknown.aspx). I took a picture at the time of what my desk looked like (see left). Unfortunately the past few months my desk area has not looked exactly like that, what with the server and all (see right). I took the picture this morning before removing the server, which thanks to months of air purification and cleaning (after adopting out our cats) has now been re-homed to the basement, where it will probably spend the rest of its life.

Now that I have a little bit of time (between contracts) I am going to spend a few days rebuilding my network environment... I look forward to taking the time to plan both the physical and virtual environment to my liking... a project that I am looking forward to tackling that will let me get back to being a system administrator for a bit! I'm sure that when that project is done I will be proud to blog about how my home network is organized... until then, have a great week-end!

Server 2008 Virtualization - Catch It!

Anonymous — Thu, 14 Feb 2008 06:00:00 GMT

This past Monday I had the opportunity to present what I call a 'Let's Get Excited' presentation to an architect audience at Microsoft Canada. I was asked to showcase several new features of Windows Server 2008, due to launch on February 27th.

While preparing for the presentation I thought back to the first time I presented virtualization, when Microsoft Virtual Server 2005 R2 was released. I was at the time amazed at how much more powerful the product was than Virtual PC, which I had been playing with for a while. So when I started playing around with Hyper-V (alternately known as Hyper-Visor, Windows Server Virtualization, and a number of other names) I was amazed by the improved functionality.

If you are a critic of Microsoft - or even if you are not - you are probably quick to point out then features that Microsoft initially promised to be included, such as live migration of virtual servers between parent machines, the ability to add (virtual) hardware components on the fly, and a number of other features that have been removed from the product (for now). You might complain about Microsoft's seemingly fragmented virtualization picture noting that its much vaunted System Center Virtual Machine Manager (SCVMM) which offers spectacular functionality such as the automated migration of a physical network environment into virtual, intelligent placement of virtual machines on appropriate hosts, and the ability to automatically provision new virtual machines in a few minutes and with a number of keystrokes from a library of templates for systems such as file servers, domain controllers, mail servers, and myriad other possibilities. You will certainly mention, as a critic of the world's premiere software goliath, that the Hyper-V feature that was supposed to release with Windows Server 2008, has been delayed and is only now issued as a semi-public beta program.

Of course saying all of that would be correct, but for my money Hyper-V offers a number of features that make it worth the wait. I would like to cover a number of these, leaving for the moment that Hyper-V will be neither an add-on nor an additional cost, but will upon release (assumedly through a Microsoft Update patch) be distributed to all Windows Server 2008 installations as a new role, easily installed in minutes.

If you were to examine servers in any average data centre you would note that the resource usage for most of them is quite low. If a server's CPU runs at, on average, twenty percent usage, and the company paid (to use a simple number but not based on actual pricing) $1000, doesn't it stand to reason that these companies could have just as easily purchased a CPU with one fifth the capacity for one fifth the price? This is of course not an option, and virtualization allows us to fill that unused CPU capacity. On Virtual Server 2005 R2 there were limitations to the functionality of the guest OS, and taxing on the host OS. With Hyper-V both of these issues are addressed; it eliminates the host/guest operating system model that we have gotten used to and replaces it with a parent/child model in which the parent (or primary) Windows Server instance hosts the Hyper-V role, but the virtual (child) OSes address the physical resources of the hardware, rather than detracting from the parent, as was previously the case. This allows several servers to operate in tandem on the same box with the resources you allocate to it, without draining each other. To test this I built a Server 2008 lab environment within a Dell Lattitude 830 laptop with a 2.4GHz CPU and 4GB of RAM, The parent OS (Windows Server 2008 Enterprise Edition, RTM) hosted the Hyper-V role; Three virtual machines hosted one NAP (Network Access Protection) server on Server 2008, a domain controller and System Center Configuration Manager Site Server, both hosted on Windows Server 2003 R2 (Enterprise Edition) with Service Pack 2 installed. I did not see any performance degradation on any of them.

(It should be noted that although Server 2008 is available in both 32- and 64-bit editions, only the 64-bit edition will support Hyper-V.)

A huge advantage to Hyper-V over its predecessor is the ability to support 64-bit child servers. This is a huge advantage to companies who would otherwise virtualize servers such as mail servers, but couldn't due to Exchange 2007 only compatible with 64-bit servers. I am looking forward to playing with that particular configuration in coming weeks.

If you previously built your virtual environment around the Virtual Server 2005 R2 platform you are bound to be happy that your virtual machines are going to be fully compatible with the new Hyper-V platform. In the current beta build of the product there is a bug that prevents you from importing VMs, but there is a simple work-around... simply create a new virtual machine and then rather than create a new virtual hard drive select your existing .vhd file. Make sure you check your settings, but having played with it for weeks I can attest that the method is flawless.

That being said, there is some minor preparation required before you migrate; your old Virtual Machine Additions are not going to be compatible with the new platform, and must be uninstalled from either Virtual PC or Virtual Server before bringing the VMs into Hyper-V. Though offering similar functionality, Hyper-V now offers Integration Components in place of the old VMAs.

Before you kick off in Hyper-V you should be aware that all of the old key-combinations that we got used to in WVS and VPC have been replaced; if you are familiar with Remote Desktop Client then the transition will not be too tough, which brings up another favourite feature of mine: Rather than requiring a special client or connecting through Internet Explorer (an option that is certainly still available) you can connect to your Hyper-V machines using Remote Desktop Client, and since they are sitting on the hardware independently you can access them from remote machines as you would any remote server. This will prove to be a huge benefit to systems administrators who manage geographically diverse servers, whether they be across a campus or around the world.

It just happens that earlier this week the mail servers in my fiance's organization were down for an entire day this week due to faulty hardware. The time it took for the server provider to get and install the replacement part meant that nobody in the entire organization received or sent e-mail for an entire business day. Without addressing the glaring lack of redundancy in their infrastructure I can imagine that their entire organization - especially the CIO - must have been visibly aging while the server was brought back online (eleven hours later). I did a quick test and discovered that I could easily automate Hyper-V to take a snapshot of my servers every fifteen minutes; once done I was able to turn off the Server 2008 machine, attach the Network Attached Storage device storing my VMs to a different Server 2008 machine running Hyper-V, and restore the VM and then that snapshot to the previous snapshot within minutes.

Microsoft has nothing to be ashamed of in its current iteration of Hyper-V, beta release and all. Although there are certainly features that have been removed (which hopefully will be included in future releases) the product as it stands is certainly a value-add to Windows Server 2008. Its functionality is not what was hoped for but certainly offers improvements over Virtual Server 2005 R2. I look forward to SCVMM integration and management, and the live migration will be a huge feature for the next release. However for architects and systems engineers trying to decide if now is the time to virtualize or if they should wait I would certainly recommend keeping your eyes open for the RTM Hyper-V and then do it. In the meantime have your systems administrators download the beta release to familiarize themselves with it so that when it is released there need be no further delays... as our critics will bring up we have had enough of those already.

Hosting Servers Without a Static IP Address

Anonymous — Wed, 06 Feb 2008 06:00:00 GMT

Microsoft Windows Small Business Server is a great solution for small businesses of any size, from two to seventy-five seats. The standard package offers the complete functionality of Windows Server, along with a web server, mail server, SharePoint Services, and much more for a small business price. It allows small companies to bring their IT in-house and to compete with their larger competitors on an equal footing using the same technologies.

Unfortunately the way the Internet is designed in order to host public-facing servers (web, e-mail) you need a static IP address, much like having a business requires a telephone number. Not every company with an Internet connection wants to pay the higher monthly fees (depending on the ISP and service often between $75 and $200 per month) for those benefits, and instead opt for a dynamic IP address, or an address that changes every so often.

To address that problem a number of DNS Providers offer what is called dynamic DNS services, by which companies can configure a software client on the server (many inexpensive routers have the client built-in) to report back to a central server every time the dynamic IP address changes. The DNS Provider then gives them an address (such as mitchgarvis.dyndns.org) which they can use to access their servers remotely anytime.

Although this solution does address the initial problem, it creates a number of problems as well, such as:

Visitors know immediately that the company does not use static addresses;
The DNS Provider's name (or a variation thereon) is always part of their web address; and
Many ISPs block the default ports for many popular services on their lower-priced packages.

In this article I will offer solutions for all of these issues. I will offer a solution for a fictitious company called Alpine Ski House that:

Registers their own domain name (alpineskihouse.com);
Configure web services and e-mail services at that address;
Redirects the necessary ports for the mail services*; and
Costs the company less than $100 per year, over and above their basic ISP fees.

What you need:

Although many of these methods can be adapted to different configurations, this article assumes that you have:

A properly configured server running Microsoft Windows Small Business Server, Standard Edition; and
A permanent connection to the Internet.

Domain Name

First things first, in order to do any of this you must purchase your domain name. Choose something simple but explicative... so if your company name is Alpine Ski House try to choose something like alpineskihouse.com, and not theskichaletdowntheroadfromthatplaceIoncehaddinnerat.com. Unfortunately it is true that most of the good domain names are taken, and consider alternate top-level domains, such as .info or .tv, if your first choice is taken.

Once upon a time there were only a couple of companies selling domain names, but those days are behind us. Companies such as domainsatcost.ca, godaddy.com, and dyndns.com all sell domain names, and depending on what you want you may need to go to a few of them (domainsatcost.ca sells Canadian domain names which many of the others do not, though they should all sell .com, .net, and such). Pick one that offers what you need at a reasonable price. Recently a client told me they had paid $98 per year for their domain name and asked if they had paid too much... the same week that I paid $12.95 for one. Shop around if you like and find a site you are comfortable with.

Register with a Dynamic DNS Provider

Open an account with a DNS Provider that offers Dynamic DNS services in addition to regular DNS services. For the purpose of this article I used dyndns.com, but there are others such as no-ip.com who offer comparable services. This service should be free, though it will start costing a bit as soon as we start adding options. You will be asked what hostname you want to use (alpineskihouse.dyndns.org) as well as what domain name you want to use (dyndns.com offers several choices in lieu of dyndns.org).

NOTE: Especially if you have outside consultants working on your network I recommend selecting a password for this account that is completely different from all of your other services such as banking and such. The password for your dynamic DNS will be configured either in your router or in a dynamic DNS client on your server, both of which are clear-text and unsecured.

Install a router with a DDNS Option

Even many of the lower end home routers these days offer a Dynamic DNS feature, and it is one less service that needs to run on your server. For extra points get one with Universal Plug and Play (UPnP), which will allow the Small Business Server wizards to open all of the necessary ports in the device's firewall and direct them to the right server, which saves having to do this all manually.

Typically configuring Dynamic DNS will require selecting which dynamic DNS Provider you use, the username, password, and hostname. Once you set this up properly it should report back to your DNS Provider the current IP address, and you should be ready to go.

Configure all Internet and E-Mail Services on your server

In short, run the Configure E-Mail and Internet Connection Wizard (CEICW). This will configure everything automatically, and by selecting the option to configure your UPnP Router option when asked. Make your selections according to your needs, so if you intend to host Exchange Server with Outlook Web Access, make sure to select the E-Mail option and Webmail options when asked. When asked for the mail domain, enter the domain name you purchased (alpineskihouse.com).

Custom DNS Services

Now we may not like it, but this is where we start paying for all this. The good news is that it is not overly expensive - recently I paid $22.50 for one year. For mail and web services you will need a Custom DNS service. The custom DNS will link your actual domain name to the dynamic account. Because of this I recommend purchasing these services from the same DNS Provider that supplies your DDNS Service.

A Record: Forward looking records, the main record that points your name (alpineskihouse.com) to your server. It is the only record that will point to an IP address. If you purchased your domain name from a provider that is not your Dynamic DNS Provider then you will either have to transfer the name, or go into the records where you purchased them and substitute the original Name Servers with the ones that your DDNS Provider supplies you with.

CNAME Record: Canonical names are the records for sub-names, such as www. They are not required, but do not cost any more.

Although these records may only take a few minutes to create do not expect them to work right away. The entire Internet DNS directory has to be updated appropriately, and this can take anywhere from 24-72 hours.

Ports? What Ports?

If your ISP does block the necessary ports - typically port 25 for e-mail servers, then you have to play around a bit.

You will need to add a Mailhop Relay service to your DNS Zone. This is another cost - I recently paid $42.50 for one year. Configure the Mailhop service to your domain name, and select an alternate port to use - a common one is port 2525 which is generally not used for anything else.
You will then have to create two MX Records in your zone. Again this will take 24-72 hours.
Open the custom port in your router and redirect it to your SBS server.

MX Record: Mail Exchanger records control the e-mail addresses, the infamous name@address.com. When you purchase the Mailhop service you will be instructed to create two MX records within the DNS account, and how to do so.

<WARNING> We are about to play in the advanced options of your Small Business Server. If you are not comfortable doing so have a professional do this for you.

Log onto the Small Business Server with Administrator credentials. In the Server Management console tree expand Advanced Management, then First Organizational Unit, then <your servername>. Under servername expand Protocols, then SMTP.
Right-click on Default SMTP Virtual Server and click Properties.
In the General tab of Default SMTP Virtual Server Properties click on the Advanced... button.
Click Add
In the Identification window in the box next to TCP Port enter the value of the custom port you selected (2525).
Check the boxes next to Apply Recipient Filter and Apply Intelligent Message Filter, then click OK.
Click OK to close out of the Advanced window and OK to close out of the Default SMTP Virtual Server Properties window.

Test it!

As mentioned the DNS settings may take a couple of days to fully work, but in essence you are done. Go for lunch, take the afternoon off, and tomorrow morning, from a remote location, try the following tests:

In a web browser try to navigate to your server by typing http://alpineskihouse.com. If that works then the main DNS records are properly configured.
Try to send an e-mail to administrator@alpineskihouse.com. Because I am impatient I usually configure 'Request Delivery Receipt' so that I know exactly when it shows up, but if you can log onto the Outlook Web Access (https://alpineskihouse.com/exchange) as the Administrator and the e-mail is there, then it works!

What About SBS Premium Technologies?

If you are using Windows Small Business Server 2003 Premium Edition then you likely are using Internet Security and Acceleration Server 2004 as your firewall, possibly in addition to your router device. If that is the case you will have to configure the Mail rules to use the custom port instead of Port 25.

Good luck and happy SBSing!

*These instructions are technical in nature, and do not address contractual parameters set forth by your ISP, which may exclude you from hosting these servers.