Your basic ITPro blog... What's going on at work, what I'm interested in.

Thursday, August 29, 2013

New Lab Migration–Part 3

The last server in this little lab of mine is the Exchange server. To recap, my network now looks like:

  • DC1 running Windows 2012
  • DC2 running Windows 2012
    • AD forest/domain at Win2012 functional level
  • FS1 running Windows 2012
  • EXCH1 running Windows 2008 and Exchange 2010

Like the other servers, I install the Windows 2012 disk and run setup

  • Insert Windows 2012 setup DVD
  • /setup.exe
    • “Install now”
    • Go online to install updates as needed
    • Product key
    • Select OS type to install
    • Accept license terms
    • “Upgrade”
    • Compatibility report
    • GO!
    • A few reboots… This one is taking WAY longer than the others… Making me nervous.
    • It FINALLY finished!

It looks like the update worked. But, while waiting for this to finish, I did some research. It looks like early versions of Exchange 2010 don’t play nicely with Windows 2012. I am actually surprised that the lab Exchange server didn’t blow up when I upgraded the OS on it… From what I have read, I am surprised it is working. In either case, I will make sure that my production Exchange server is current with all updates before running the OS upgrade. Exchange 2010 SP3 and later seems to work fine with Windows 2012.

This has been a good lab. I am confident that these upgrades will go well on my production systems. I have already run the checks (listed in Part 1) and my AD/replication/etc. all look good.

Ready to go!

New Lab Migration–Part 2

We have successfully upgraded our DCs. So, the network now looks like:

  • DC1 running Windows 2012
  • DC2 running Windows 2012
    • AD raised to Windows 2012 functional level
  • FS1 running Windows 2008R2
  • EXCH1 running Windows 2008R2
  • CLIENT1 running Windows 7

I know want to run an in-place upgrade on the file server. I am just going to put the disk in and run setup.exe

  • Insert Windows 2012 setup disk
  • run /setup.exe
    • “Install Now”
    • Go online and install updates as needed
    • Enter license key
    • Pick OS type to install
    • Accept license terms
    • ‘Upgrade’
    • Warnings/Compatibility report
    • GO!
    • Reboots, etc.
    • Done.
    • Add Dedupe Role feature
      • File and Storage Services Role
        • File and iSCSI Services
          • Data Deduplication
  • Enable Dedupe on data volumes
    • File and Storage Services
      • Volumes
        • Disks
          • Select the data disk
          • Under volumes, right click on volume and select “Configure Data Deduplication”
            • Enable Data Dedupe
            • Configure
  • Wanted to test something I read about, some people having problems accessing network shares on Windows 2012 servers if the disk/volume is added after server is joined to domain
    • Create new VHD and attach to FS1
    • Set up disk
    • Create the folders/shares
    • Test access from client computer
      • No problems accessing shares/files/folders on new volume. Good news.
  • I set the dedupe aging to 1 day. I also copied a file over an over. Hopefully, it will dedupe and I can see the numbers.

So far, everything is working well. Now, to see about upgrading the Exchange server.

New Lab Migration–Part 1

I outlined here a new lab that I am running. My goal is to test in-place upgrades from Win08 to Win12 on DCs, File servers, and Exchange2010 servers.

My first step is to upgrade the DCs.

To review, the current lab network consists of:

  • DC1 running Win08R2
    • Running AD, DNS, DHCP
  • DC2 running Win08R2
    • Running AD, DNS
  • FS1 running Win08R2
    • Various shares, files, ACLs, etc.
  • EXCH1 running  WIN08R2 and Exchange 2010
  • CLIENT1 running Win7

So, my first step is going to be upgrading the DCs and domain to Windows 2012. I will be following the steps I outlined in this post. Should be pretty straightforward.

First, run a couple of test tools to see if anything looks horrible.

  • Dcdiag /v /c /d /e /s:DCName >c:\dcdiag.log [please replace DCName with your Domain Controller name]
  • Repadmin /showrepl dc* /verbose /all /intersite >c:\repl.log ["dc* is a place holder for the starting name of the DCs if they all begin the same (if more than one DC exists)]
    • These are taken from here.

Then…

  • On DC1
    • AD Sites and Services to force replication
    • Start command prompt as Administrator
      • from Windows2012 install disk
        • \support\adprep\adprep /forestprep
        • \support\adprep\adprep /domainprep
        • \setup.exe
          • Go online and get updates as needed
          • Enter product key
          • Select OS to install (core, w/GUI, etc.)
          • Accept license terms
          • ‘Upgrade’
          • Warnings?
          • GO!
          • Automatic reboot
          • More GO!
          • A couple more reboots…
          • All Done!
    • Verify services and everything looks OK.
  • Reboot Mail server
    • Looks like it needs the new schema info
  • Reboot file server
    • For good measure
  • Test client connectivity, services, etc.
  • On DC2
    • from Windows2012 install disk
      • run \setup.exe
        • Go online and get updates as needed
        • Enter product key
        • Select OS to install
        • Accept license terms
        • ‘Upgrade’
        • Warnings?
        • GO!
        • Etc. Etc.
        • All Done!
  • Force replication between DCs
  • AD Domains and Trusts
    • Right-click on AD Domains and Trusts
      • Raise Forest functional level

Everything seems to have worked as advertised in the lab! I know have two Windows 2012 DCs with a Windows 2012 forest/domain.

Now, on to the file server upgrade.

More Testing

I am back in my lab, doing some more testing. I have decided that this is the year to get off of Win08 and move everything I can to Win2012. To that end, I am building a lab that replicates our production environment and am going to do some upgrade/migration testing. Specifically, I want to test (and perhaps re-test):

  • Windows08R2 AD upgrade to Windows 2012 AD
  • An existing file server, running Windows08, upgrade to Windows2012
  • An existing Exchange2010 server, running on Windows08, upgrade to Windows2012

My plan is to do these three upgrade in this order.

My starting environment will look like this:

  • DC1 running Win08R2
    • Running AD, DNS, DHCP
  • DC2 running Win08R2
    • Running AD, DNS
  • FS1 running Win08R2
    • Various shares, files, ACLs, etc.
  • EXCH1 running  WIN08R2 and Exchange 2010
  • CLIENT1 running Win7

All of these machines will be part of the AD domain. My plan is to test in-place upgrade of the OS for all of these servers, in the order listed.

We will see how it goes. Stay tuned.

Wednesday, March 20, 2013

DFS Testing In A Lab–Part 2

Here in part two, I am going to add two file servers and a client computer to the lab network. I discovered that I also want to test another feature on my lab.

Our current file server is running Win08. I have a disk on my SAN that is being passed-through to the file server VM and used to store my file shares. I want to test turning up a Win12 file server and moving the disk over. It will be great if this is a fairly simple operation.

Another thing I will want to test is upgrading a Win08 domain to a Win12 domain. This would be a true test of upgrades in our environment. More blog posts to come!

In any case, here are the steps I am taking to add file servers, clients, and DFS in to the environment:

  • Add a Win08 file server to domain.
  • Add a Win12 file server to domain.
  • Add a Win8 client computer to domain.

Simple enough.

The Win08 file server had the File Services Role on it. I am basically following the steps outlined on the website (listed below under Resources) to implement DFS.

  • Add the DFS Role Service
  • Using DFS Management tool, create the namespace
    • First decision, which server to make the namespace host. First thought was the file server itself. But, decided to go with my DCs after reading a bit online.
    • Left all namespace host related options at default.
  • Opted for domain-based namespace.
  • Once the namespace was created, I added my other DC as another namespace server.
  • Add two folders to the namespace, my ‘groups’ folder and my ‘users’ folder.
    • Add a folder called ‘groups’
    • Selected the ‘groups’ shared folder on FS01
    • Did the same for my ‘users’ shared folder
  • Enable access-based enumeration on the namespace
    • Right-click on namespace and select ‘Properties’
    • Advanced Tab | checkbox to ‘Enable access-based enumeration for this namespace’
  • From a second file server, I added second folder target to the ‘groups’ DFS folder.
    • I was hoping that DFS would aggregate the available folders from the multiple targets into a single namespace, for example:
      • FS01
        • groups\folder1
        • groups\folder2
      • FS02
        • groups\folder3
        • groups\folder4
      • <domain>\groups\
        • folder1
        • folder2
        • folder3
        • folder4
    • But, it does not seem to work this way.
    • I was able to create a replication group with these two folders in it. Now, both servers have identical data on it.

Some thoughts-

  • There are no DFS-related Powershell cmdlets for Win08, only Win8/Win12. In my production environment, we are Win08 (at the domain and file server). This could be a compelling reason to upgrade.
  • Moving to DFS won’t be as straightforward as I was initially anticipating. I will have to do some design work to implement DFS, rather than just install it and point it to my current shares.
    • I will likely want just a subset of my shared folder replicated between my sites. This will require that I break things out a bit and design an appropriate DFS namespace/folders.

There is still a lot to learn about DFS. But, this was a good introduction. As always, please add your comments/experiences below.

Resources:

http://technet.microsoft.com/en-us/library/cc732863%28v=ws.10%29.aspx

http://social.technet.microsoft.com/Forums/en-US/winserverfiles/thread/6a745bf3-78c5-4739-9add-2ed171c8e65b/

Wednesday, March 13, 2013

Upgrading A Fileserver (and domain) from Win08 to Win12–Part 3

In Part 3 here, I am going to look at upgrading my domain from Win08R2 to Win12. I shut all my test VMs off, snapped them, and then started them back up.

Now, there are likely a number of things to consider before doing an upgrade like this. I am sure I could go to <insert preferred search engine> and quickly find countless articles and blogs on this process. But, I figured I would just put the Win12 DVD in one of my DCs and run setup. Let’s see what happens.

So, setup runs, asks for a key, has me pick a version, runs a compatibility report… and STOPS! It looks like I need to run ADPREP before installing. Doing that now; running ADPREP /FORESTPREP

Failure. ADPREP could not verify that schema master has replicated AD to all DCs… or some such error. I used Sites and Services to replicate and tried again. SUCCESS! Running setup.exe again.

Fail! Need to run ADPREP /DOMAINPREP as well. (For some reason, I would have figured that these steps would have been more automated). Command was a success. Third time’s a charm?

Compatibility Check gives me a NEXT button, rather than a CLOSE button. Looking good. Installing. Rebooting. Getting ready. Another reboot.

LOGIN SCREEN!

Logging in, I see that DNS, DHCP, AD all look good. So, to update my functional level to Win12, I need to upgrade my second DC as well. Doing that now. Heh. No need to run ADPREP again…  :/

Upgrade was successful. I tried updating the forest functional level, but it said that there were DCs in my domain that were not on the correct Windows version. Both DCs have been upgraded to Win12. Maybe server reboots will help?

Active Directory Domains and Trusts will not let me raise the forest or domain functional level. But, using the Active Directory Administrative Center lets me do it. Oops. Actually that failed too. It looks like this was a replication issue between the DCs again. Like before, I used AD Sites and Services to manually replicate between DCs. After replication, AD-D&T let me raise the functional level without a problem.

So, from this test, it looks like the basic steps are:

  • From the Win12 disk on first DC
    • run ADPREP /FORESTPREP
    • run ADPREP /DOMAINPREP
    • run setup.exe
  • Check and make sure services are working
  • From the Win12 disk on next DC
    • run setup.exe
    • repeat as necessary
  • Make sure DCs have all replicated with each other and are all up-to-date with domain info
  • Raise the forest/domain level to Win12
  • Double-check everything

Easy!

Of, course… you should make sure that you have good, usable backups of your domain/DCs. Also, as notes on the article listed below, you should probably run some checks to make sure there are no problems with your domain.

 

Resources:

http://msmvps.com/blogs/mweber/archive/2012/07/27/upgrading-an-active-directory-domain-from-windows-server-2008-or-windows-server-2008-r2-to-windows-server-2012.aspx

Tuesday, March 12, 2013

Upgrading A Fileserver (and domain) from Win08 to Win12–Part 2

NOTE: This blog post is primarily my notes on this test. While I hope you find it informative (and feel free to ask any questions about it), I am mainly using this to keep my information straight. Thanks.

Here in Part 2 of my little test, I have completed setting up the environment. I have:

  • 2x Win08 domain controllers
  • 1x Win08 file server
  • 1x Win12 file server
  • 1x Win7 client

My next steps are these:

  • Record folder share and security information
  • Shut down both file servers
  • Move the VHD containing my actual data from old file server to new file server
  • Bring up the new file server
  • Make sure the new file server can see the data VHD
  • Re-create the shares on the new file server
  • Test access and connectivity from the client computer

The process to manage shares is a little different in Win12 than in Win08.

  • Computer Management | Storage | Disk Management
    • Bring disk online
    • Assign drive letter (E:)
    • Share folders, using the same settings as on the old file server
    • Enable ABE
      • Server Manager | File and Storage Services | Shares
      • Right-click on share | select Properties
      • Settings | Enable access-based enumeration

Things look good from my client. Too easy!

Now, in production, there are other steps of course. Modifying logon scripts, drive mappings, backups (new base in AppAssure, OUCH!). But it looks like I can get our file serving moved onto a Win12 box without too much difficulty.

As I think more about it, the ‘backups’ question may prove to be a tough one… We use AppAssure for backups. Our repository does not have enough room to do ANOTHER base image of our main file server. Moving this data to a new Win12 box would, I think, trigger a new base image to be taken. Looking at AppAssure, I may be able to delete old base images of our old file server and see if that won’t free up enough room to take the new base. Once the new file server is up and running and have some backup history in place, I can then clear out the rest of the old file server images.

Now, to look at Win08-to-Win12 domain upgrade.

Monday, March 11, 2013

Upgrading A Fileserver (and domain) from Win08 to Win12–Part 1

I am setting up another quick lab to test two things out…

  1. Upgrading my fileserver from Win08 to Win12. I will actually be creating a new file server and just moving a disk from the SAN to the new server. At least, I am hoping this will work smoothly.
  2. Upgrading my domain from Win08R2 to Win12.

I should be able to do both tests with a very simple lab environment. The lab will consist of:

  • DC01 (Win08)
  • DC02 (Win08)
  • FS01 (Wino8)
  • FS03 (Win12)
  • Client02 (Win7)

I will test the file server upgrade first and the domain upgrade second. The plan is simple… Set up a file server with a few shares, files and folders using security groups for access permissions, ABE, etc. Your standard fare, and a fair representation of what we have in production. I will then turn up the Win12 file server and see about moving the disk from the old to the new. I am guessing that I will need to duplicate the share configuration on the new server. But, the NTFS permissions should ‘just work’. (famous last words). Then, just tell everyone the new server name (hoping that, someday, DFS will alleviate this step).

Once I get this file server migration tested, I am then going to look at the DC upgrade and domain migration. Fun!

Thursday, March 7, 2013

DFS Testing In A Lab–Part 1

I have never used DFS before. This changes now.

As noted in a previous blog post, we have a small lab setup in place. My plan is to build out a Windows 2012 domain and do some DFS testing. My thinking for an initial setup is the following:

  • Networks
    • Lab LAN01
    • Lab LAN02
  • Servers
    • Win12-DC01
      • 192.162.1.10
      • AD, DNS, DHCP for 192.168.1.200+
    • Win12-DC02
      • 192.168.2.10
      • AD, DNS, DHCP for 192.168.2.200+
    • Win12-RRAS
      • 192.168.1.1
      • 192.168.2.1
    • Win12-FS01
      • 192.168.1.20
    • Win12-FS02
      • 192.168.2.20
    • Win7-Client01
      • DHCP Client

The setup will be pretty basic, but I am hoping it will allow me to install, configure, and test the features of DFS. The domain will have two sites on two subnets. DFS will be configured and used on both file servers. In this Part 1 post, O will be setting up the RRAS server and the two domain controllers. Here are the actual configuration steps I am taking:

  • Create VMs (differencing disks from a base Win12 install)
  • Configure RRAS server first
    • Rename server.
    • This server has two NICs. Give each its IP address. Only configure IP address and subnet mask.
    • Installed the ‘Remote Access’ Role (which added other roles and features as needed).
      • Made sure the ‘Routing’ Role service was selected
    • Open RRAS console.
      • Right-click on server and select ‘Configure and Enable Routing and Remote Access’
      • Enable LAN-to-LAN routing
    • Enable ‘Allow PING’ in firewall
  • Configure first DC
    • Configure IP address
    • Rename server
    • Enable ‘Allow PING’ in firewall
    • Install ADDS Role
    • Promote server to DC
      • Create new domain: DFSLab.local
    • Install DHCP Role and configure to hand out IP addresses for clients on the 192.168.1.x network
  • Configure second DC
    • Configure IP address
    • Rename server
    • Enable ‘Allow PING’ in firewall
    • Install ADDS Role
    • Promote server to DC
      • Add to existing domain
        • Had to move the server onto the same subnet as my first DC
        • Had to add a DNS server address in the IP config
    • Put server back on its own subnet
  • Set up two Sites and subnets in Active Directory Sites and Services
  • Test connectivity

In Part 2, I will be adding the two file servers and a client computer.

I would love to hear your thoughts and recommendations regarding this. I am in new waters here and any guidance/thoughts/hints would be wonderful.

Wednesday, March 6, 2013

Name Migration Between IIS Servers

We are migrating our current Arena server’s name to our new Arena server. Our initial thought was to simply remove the old server from the network and modify the DNS record for OLDARENA to point to the IP address of NEWARENA. When we did this, we found our new server would challenge us for AD credentials.

The problem turned out to be with SPNs. Even with the changes listed above, the SPNs for OLDARENA were still associated with the actual OLDARENA server. Deleting these SPNs resolved the auth/credentials/kerberos issues. For completeness, we added the SPNs to the associate with the NEWARENA server.

We used the “setspn” command line tool to accomplish this. See for information:
http://technet.microsoft.com/en-us/library/cc731241%28v=ws.10%29.aspx

This blog post put me on the right track: http://blogs.iis.net/brian-murphy-booth/archive/2007/03/09/the-biggest-mistake-serviceprincipalname-s.aspx

 

Other item of note:
DNS record replication between DNS servers. When making static changes, records are having a hard time replicating. Looks to be a timing issue. As troubleshooting steps, I deleted the DNS record and then rebooted the server, hoping (correctly) that it would trigger a DNS record add/update. Replication then occurred to my other DNS servers after a short period of time.

UPDATE: A much better account of this:
http://codersforchrist.com/cs/blogs/nick/archive/2013/03/06/Server-Swap-Leads-to-SPN-Discovery.aspx

Monday, February 4, 2013

VM Migration from 2008 to 2012… Not too Smooth

Well, the Cluster Migration Wizard worked like a charm. That is to say, the configuration has been migrated successfully. It is almost too easy. I am amazed that migration from a Win08 Hyper-V cluster to a Win12 Hyper-V cluster is turning out to be so simple. Tonight, I will actually move the SAN resources to the new cluster.

More to come this evening: SAN management with the MD3000i, turning VMs up on the new cluster, celebrate!

--------

Not so fast… I migrated the SAN virtual disks to the new cluster and tried to bring the resources online. No dice. Then, after some researching, I realized that I had not put the MD3000i management software on the servers, which included their MPIO drivers. Oh yeah, I remember that now. Once I did this, all was shiny!

The CSVs came online in the new cluster. But, there is another problem… Some VMs start, others fail. Recommendation is to run the cluster validation tool. (Did I say things were almost too easy somewhere above?!)

The validation tool showed a couple of warnings, but no show-stoppers. Also, I more robustly configured the iSCSI Initiator, using multiple connections and enabling MPIO.

Server reboots.

Some VMs start, other don’t. Getting event IDs 1069, 1205.

I blew out the VM configs for the VMs that won’t start. Created new configs and attached my existing VHDs. Things are starting now.

Some VMs won’t live migrate. Turns out these are the Vms that WOULD start after migration. Strange. Did a quick migrate on the VM. It moves to the new host but won’t resume. Turns out the NIC config was showing bad. Reset the NIC config to point to a valid virtual switch port. All seems good now.

After running fine over the weekend, VM host server lost connectivity to MD3000i iSCSI disks. Had to reboot the MD3000i and VM host machines. things seem to be running smoothly now.

We will see how things go this week.

It’s been an adventure.

 

RESOURCES:

http://paulgrevink.wordpress.com/2012/02/21/configure-dell-md3000i-mpio-with-windows-2008-r2/

Tuesday, January 29, 2013

Some Not-Minor Work This Evening

We here at Central have some work lined up this evening. The biggest task will be upgrading our Hyper-V infrastructure. We currently have three Win08 Hyper-V servers (clustered) hosting our VMs. I have blogged about this environment in the past. We recently got three new servers and are running Win2012 DCE on them. These will be our new Hyper-V servers. Everything is set up and ready for the Cluster Migration Wizard to do its thing. Based on what I have read, and some initial test, this should be a pretty smooth process.

The biggest upgrade in all of this is our host memory situation. We are going from 32GB per host to 96GB per host. This will give us the ability to add some memory to some of our high-need VMs (Exchange, SQL Server, etc.). I am hoping that these systems will be a bit better performing after this work.

Here’s to hoping the “Cluster Migration Wizard” performs as advertised!

Tuesday, January 8, 2013

A New Year, Win2012 Hyper-V Servers

Long time! The new year is starting off with a big project. We currently have three Win08 Hyper-V servers clustered hosting out VMs. We will soon be replacing them with three Win12 boxes. These new servers will have 3x the memory and beefier guts in general. I am excited to see the new Hyper-V and the new server OS. Updates to come. Comments (if you have been through this already) welcome!

Additional Info

My photo
email: support (AT) mangrumtech (DOT) com
mobile: 480-270-4332