User Tools

Site Tools


enet:2008_upgrade_notes

Windows Server 2008 Server Migration Notes

Note: This document assumes the new file server has been brought online as a member server in Active Directory.

Prepare Active Directory for Windows 2008 Domain Controller (15 minutes)

  • Raise domain functional level from Windows 2000 Mixed to Windows Server 2003
    • Can be completed from Active Directory Domains and Trusts
  • Raise forest functional level from Windows 2000 to Windows Server 2003
    • Can be completed from Active Directory Domains and Trusts
  • Copy Windows 2008 ADPREP to current file server.
  • Prepare forest and domain for Windows 2008 DC
    • adprep /forestprep
    • adprep /domainprep
    • adprep /domainprep /gpprep
    • adprep /rodcprep

Promote the Windows 2008 Server to Domain Controller (15 minutes)

Run DCPROMO Wizard on the new file server, choosing the following values:

  • Additional domain controller for existing domain
  • Use the WIC site domain and the administrator credentials
  • Select the WIC site domain
  • Site: Default-First-Site-Name
  • Additional Options:
    • Read-only domain controller: No
    • Global Catalog: Yes
    • DNS Server: Yes
  • DNS Delegation “Error”. Do you want to continue?: Yes
  • Database folder: C:\Windows\NTDS
  • Log file folder: C:\Windows\NTDS
  • SYSVOL folder: C:\Windows\SYSVOL
  • Directory Services Restore Mode Password: (Domain administrator password)
  • Reboot when completed

Transfer FSMO Roles to New File Server (15 minutes)

Reference Microsoft KB255504

  • Run NTDSUTIL on new file server to enter shell
  • Type roles
  • Type connections
  • connect to server (new file server name)
  • Type q
  • Type ? at FSMO Maintenance prompt for list of roles
  • For all roles, transfer (role)
  • Type q
  • Type q

Set NTP Settings in Registry (15 minutes)

Launch Regedit on the new server and set the following values:

Registry Key Subkey Value
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters Type NTP
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config AnnounceFlags 5
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer Enabled 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters NtpServer time-a.nist.gov,0x1
  • net stop w32time
  • net start w32time
  • w32tm /resync /rediscover

Install Necessary Software and Features (1 hour)

  • Added the following Windows features
    • Windows Server Backup
    • Command-line tools for Windows Server Backup
    • Powershell
    • Telnet Client
    • DHCP Server Tools
    • File Services Tools
    • Removable Storage Manager (Prerequisite for NTBACKUP Restore Utility)
  • Run Windows Update
  • Installed the following software
    • Sybase + EBF
    • Filezilla
    • NTBACKUP Restore Utility
    • 7-Zip
    • SMTP Diagnostics
    • Java Runtimes
  • Uninstall from old server
    • SecureRDP

Backup Data from Old Server and Restore to New Server (1 hour)

NTBACKUP is a reliable utility for this task as it does a good job of preserving file attributes.

  • Replicated data on old server
  • Disable scheduled replication task
  • Shut down and disable Starlinc_Network Sybase Service
  • Backup C:\Users and D:\Starlinc to network share on new server
  • Used NTBACKUP Restore Utility to restore data to D:\Users and D:\Starlinc on the new server
  • Create Users share on D:\Users
    • Everyone group gets Change and Read permissions at the share level

Re-ip Conundrum (15 minutes)

Need to IP new server with old server IP. To do this, we need to re-ip the old server first. Doing this will take away our only point of entry to the WIC site's network. So..

  • Give new server the old server's IP in it's registry
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\(Interface GUID)
  • Give old server the new server's IP in it's registry
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\(Interface GUID)
  • Reboot both servers simultaneously.

Demote Old File Server (15 minutes)

  • De-authorize DHCP server on old server
  • Run DCPROMO Wizard on old server to demote to member server (Oxymoron, I know)
  • Reboot

Adjust Server Names (30 minutes)

Reference Petri IT Knowledge Base

  • Disable ESET Remote Administrator Service and ESET RA HTTP Server on old server.
  • Uninstall Powerchute
  • Renamed old server to STARLINC-old and rebooted
  • Remove STARLINC from Active Directory Sites and Services (Default-First-Site-Name\Servers)
  • Rename new server to STARLINC
    • netdom computername NEWSERVER.WICDOMAIN.LOCAL /add:STARLINC.WICDOMAIN.LOCAL
    • netdom computername NEWSERVER.WICDOMAIN.LOCAL /makeprimary:STARLINC.WICDOMAIN.LOCAL
    • Reboot new server
    • netdom computername STARLINC.WICDOMAIN.LOCAL /remove:NEWSERVER.WICDOMAIN.LOCAL
  • Added any necessary DNS aliases for new server

Configure New Server to Host and Run WIC Applications (30 minutes)

  • Created STARLINCAPPS share on new server and verified permissions.
    • Administrators get Full Control at the share level.
    • Starlinc Users get Change/Read permissions at the share level.
    • Verify Starlinc Users get Full Control at the filesystem level of D:\Starlinc\Applications\tranlog.
  • Created Starlinc_Network database service in Sybase Central and started the service
    • -x tcpip
    • -c 512m
    • -ch 1024m
    • -n StarLINC_network
    • d:\starlinc\data\databasename.db
  • Copied starencode.dll to Sybase WIN32 directory on new server
  • Added ODBC entries for Starlinc_Network and Starlinc_Rep
  • Copied replication shortcut to desktop on new server and tested
  • Created and tested Scheduled Task for replication
  • Copied application shortcuts to desktop on server and tested applications

Backup Configuration (30 minutes)

  • Created Powershell script for nightly backups
  • Create backups share on G: drive (RD1000)
    • Administrators get full control
  • Create G:\Logs folder
  • Added Scheduled Task for Nightly Backups
    • Run every weeknight at 10PM Eastern

Install and Configure Powerchute (15 minutes)

  • Run Powerchute Business Edition installer
  • Choose Single Node Agent
  • Username: admin
  • Password: apcadmin

Log into Powerchute and configure the following values:

  • Under Smart-UPS 1000–>Configure:
    • UPS Name: ROCH_UPS (adjust for location)
  • Under Events–>Actions
    • Enable E-Mail for all Event Actions in the Critical and Warning categories.
  • Under Events–>Recipients
    • Add myself as E-Mail recipient
  • Under Protected System–>System Settings
    • Server Name: mail.cquest.us
    • Account Name: starlinc-(location)@cquest.us
    • Contact Name: CQuest
    • System Location: (Location)

Install and Configure NOD32 Remote Administrator Server (30 minutes)

  • Stop ERAS Service on old file server
  • Install same version of ERAS and ERAS Console on new server
  • Stop ERAS Service on new file server
  • Copy contents of C:\Documents and Settings\All Users\Application Data\ESET\ESET Remote Administrator\Server to C:\ProgramData\ESET\ESET Remote Administrator\Server on the new server.
  • Start ERAS service on new file server
  • Verify updates and replication are working properly
  • Push NOD32 Client to new server (server will reboot)

Install and Configure Windows Server Update Services (1 hour)

  • Installed Windows Server Update Services 3.0 SP2 Prerequisites
    • IIS Role with following Feature Services
      • ASP.NET
      • Windows Authentication
      • IIS 6 Management Compatibility
    • Microsoft Report Viewer 2008 SP1 Redistributable
  • Shrank D: volume by 40GB and assigned free space to the W: Drive (Volume name: WSUS)
    • This was done to store updates on another volume and exclude it from the nightly backups.
  • Installed Windows Server Update Services 3.0 SP2
    • Chose to store updates locally on W:\WSUS
    • Chose “Windows Internal Database” for database method and stored also on W:\WSUS
  • Ran Windows Server Update Services Configuration Wizard
    • Opted out of Improvement Program
    • Synchronize from Microsoft Update
    • Do not use proxy server
    • Start Connecting
    • English language only
    • Narrowed update selections to Office products and Windows XP
    • Used default classifications + Service Packs
    • Set to automatically synchronize at 1AM once per day
    • Do not begin initial synchronization but do launch the administrator console
  • In Administrator Console
    • Right-click Computers-All Computers
      • Add Starlinc-(Location) Computer Group
    • Options
      • Automatic Approvals
        • Check default rule
      • E-Mail Notifications-General
        • Send status reports Weekly at 6AM
        • Recipient: Also Moi
      • E-Mail Notifications-E-Mail Server
        • Outgoing SMTP Server: mail.cquest.us
        • Sender name: WSUS (Location) NH WIC
        • E-mail address: wsus-(location)@cquest.us

Group Policies (1 hour)

  • Launch Active Directory Users and Computers
  • Create the following Organizational Units
    • Policies
    • Workstations
      • Desktops
      • Laptops
  • Move computer accounts into the appropriate OU
  • Launch Group Policy Management
  • Under the Policies OU, create the following GPO's
    • Automatic Updates
    • DNS Settings
    • Power Management
    • Remote Assistance
  • Edit Automatic Updates GPO with the following settings:
    • Computer Configuration–>Policies–>Administrative Templates–>Windows Components–>Windows Update
      • Configure Automatic Updates: Enabled, 4 - Auto download and schedule the install, 0 - Every Day, 03:00
      • Specify intranet Microsoft update service location: Enabled. http://starlinc, http://starlinc
      • Automatic Updates detection frequency: Enabled, 4 hours
      • Allow non-administrators to receive update notifications: Enabled
      • Turn on Software Notifications: Disabled
      • Allow Automatic Updates immediate installation: Enabled
      • Turn on recommended updates via Automatic Updates: Disabled
      • No auto-restart with logged on users for scheduled automatic updates installations: Enabled
      • Re-prompt for restart with scheduled installations: Enabled, 10 minutes
      • Delay Restart for scheduled installations: Enabled, 5 minutes
      • Reschedule Automatic Updates scheduled installations: Enabled, 2 minutes
      • Enable client-side targeting: Enabled, Starlinc-(Location)
  • Edit DNS Settings GPO with the following settings:
    • Computer Configuration–>Policies–>Administrative Templates–>Network–>DNS Client
      • DNS Servers: Enabled, (IP of StarLINC server)
      • Primary DNS Suffix: Enabled, (wicdomain).local
      • Dynamic Update: Enabled
      • Replace Addresses in Conflicts: Enabled
      • Registration Refresh Interval: Enabled, 1800s
  • Edit Power Management GPO with the following settings:
    • Computer Configuration–>Policies–>Administrative Templates–>System–>Power Management–>Button Settings
      • Select the Power Button Action (Plugged In): Enabled, Shut Down
      • Select the Sleep Button Action (Plugged In): Enabled, Sleep
      • Select the Start Menu Power Button Action (Plugged In): Enabled, Shut Down
      • Select the Lid Switch Action (Plugged In): Enabled, Take no action
      • Select the Power Button Action (On Battery): Enabled, Shut Down
      • Select the Sleep Button Action (On Battery): Enabled, Sleep
      • Select the Start Menu Power Button Action (On Battery): Enabled, Shut Down
      • Select the Lid Switch Action (On Battery): Enabled, Sleep
    • Computer Configuration–>Administrative Templates–>System–>Power Management–>Hard Disk Settings
      • Turn Off the Hard Disk (Plugged In): Enabled, 0s
    • Computer Configuration–>Administrative Templates–>System–>Power Management–>Notification Settings
      • Critical Battery Notification Action: Enabled, Sleep
      • Low Battery Notification Action: Enabled, Take no action
      • Critical Battery Notification Level: Enabled, 2%
      • Turn Off Low Battery User Notification: Disabled
      • Low Battery Notification Level: Enabled, 5%
    • Computer Configuration–>Administrative Templates–>System–>Power Management–>Sleep Settings
      • Specify the System Sleep Timeout (Plugged In): Enabled, 0s
      • Turn Off Hybrid Sleep (Plugged In): Enabled
    • Computer Configuration–>Administrative Templates–>System–>Power Management–>Video and Display Settings
      • Turn Off the Display (Plugged In): Enabled, 0s
  • Edit Remote Assistance GPO with the following settings:
    • Computer Configuration–>Policies–>Administrative Templates–>System–>Remote Assistance
      • Solicited Remote Assistance: Enabled, Allow helpers to remotely control the computer, 1, Hours, Mailto
      • Offer Remote Assistance: Enabled, Allow helpers to remotely control the computer, (wicdomain)\domain admins

Miscellaneous Tasks (30 minutes)

  • Disabled Internet Explorer Enhanced Security Configuration (Makes browsing impossible)
  • General Cleanup of Data volume copied from old file server
  • Add desktop shortcuts for Administrator
    • Computer Management MMC
    • Filezilla Shortcut for CQuest FTP
  • Add DHCP role to new server if desired
  • Establish profile for Starling account.
  • Remove Restrict Each User to a Single Session restriction in Terminal Services.
  • Disable QOS Packet Scheduler, IPv6, and Second NIC on new file server.
  • Disable Windows Firewall service
enet/2008_upgrade_notes.txt · Last modified: 2014/09/10 21:35 by admin