Archive for April, 2011
Temporary Post Used For Theme Detection (607c006d-1fe8-41a1-afca-995f371e7406 – 3bfe001a-32de-4114-a6b4-4005b770f6d7)
This is a temporary post that was not deleted. Please delete this manually. (0fd47799-d2f4-4b35-9dad-b6d053108907 – 3bfe001a-32de-4114-a6b4-4005b770f6d7)
With Virtualisation technology and programs becoming increasingly popular, it makes sense to look at Virtualising your server prior to a major upgrade or migration, keeping the source server as a fully reliable backup/roll back.
Using tools like Shadow Protect, you can very quickly take a running server, and turn it into a bootable virtual machine.
The drawback is it is an expensive product, and, for some smaller consultancy’s it may be a ‘nice to have’ but not something that is looked at as a serious option when preparing to migrate a client.
Hopefully we can change that idea.
Using the Sysinternals tool, disk2VHD, we can take our running system and create a VHD from it. Using this VHD and Microsoft’s Free Hyper-V Server, we can build a VM from that VHD and using this we can begin to prepare our migration or upgrade.)
So, to follow me through this article you will need…
- A source server ( i am running SBS 2003 R2 Standard)
- Some available hardware to host your virtual server (ideally with at least the same amount of ram as your physical server, but remember your server needs to have hardware that supports hyper-v)
- The Sysinternals disk2VHD tool
- USB/eSata Storage to transfer VHD (or local network access to the source server)
- Microsoft’s free Hyper-V server (this is the pre SP1 version)(1.5gb)
- Hyper-V Management Tools (Install the update, then use ‘turn windows features on or off’ to activate) (240mb)
Considerations: Make sure your source server is correctly licensed to allow for virtualisation, Keep in mind technically you are moving the server to new hardware, so a typical OEM license would not cover you for this. That being said, I’m sure we can all use our common sense on the licensing front!
Can i just REITERATE – if you are running an OEM install of SBS 2003 (or any OS) it is highly likely your server will require activation when it boots on the virtual hardware. Reactivation will be at Microsoft’s discretion and i can make no guarantees or whatever :p
Also as we are on new hardware, we will need to follow procedures for your particular OS to change NICs.
This article is split into 10 steps…
Step One. disk2VHD
So first of all we will run our disk2VHD tool on our source server, the size of your servers disk drive(s) will determine the time it takes for the VHD to be built, luckily on my source server i only have a single C: drive, and the used space is quite low.
Under VHD File name, you can choose the destination VHD path and file name, once you are happy with that simply click on ‘Create’, to start building your VHD.
You will then have a short, or long, period where the volume(s) are snapshotted, and then you will see some progress and a quite accurate ETA for the time the process will complete.
Once this process is completed i can copy the VHD off to removable media, and begin working with it in Hyper-V.
Step Two. Install Hyper-V Server
SO i guess we should get our Hyper-V server ready.
As usual, press the any key to boot…
Windows loads files from your media..
Windows is starting..
Choose your installation language..
Choose your time and date / keyboard preferences..
Confirm your settings, and click next..
Choose ‘Install Now’…
Setup will begin..
Review the license agreement.. If you accept the terms, check the box and click Next..
Choose a ‘Custom’ install..
Here you can choose your disk formatting options, or install raid controller drivers if needed. I just have a single disk in my system and i am not using RAID – this is my lab system remember. If you are doing a real, live, migration you may want to consider the redundancy of your virtual machine. Yes you can always go back to your VHD if you took a copy before you started, but you don’t really want to start again if you can avoid it!
You can click on Drive Options, if you have to partition format the drive in a specific way, or just click Next if you have a blank drive to let the system format and partition the drive for you.
Setup will now run through, copying files, expanding files, installing features etc etc…
Step Three. Initial Hyper-V Configuration
At first boot, you will need to setup a password for your account. Put some thought in to this, i am running my Hyper-V server in a workgroup. My laptop is also in a workgroup. That means to authenticate between the two we need identically named accounts. (Both username and password) For example if i login to my laptop as Administrator with a password of Rob123 i should set the Hyper-V server username to Administrator, and use a password Rob123. However i wouldn’t recommend you use those :p
Enter your password and confirm..
Now the system will log you on, and you will get your first look at the Hyper-V Core.
So from the home screen, you can get a little bit of info about the server itself, you can see the default hostname, and domain status, you can configure any one of these options by selecting the corresponding number.
First thing i will do is add a new local admin, as stated above we need identically named accounts on our workstation with the Hyper-V tools installed.
So press ‘3’ and Enter.
Type the new account name, and press enter. The screen will switch over to a traditional command prompt, where you are asked to enter the password for the account, and confirm.
If you confirmed correctly, you will be given a congratulatory message!
Now i want to enable the remote management of the Hyper-V server, so press 4 and enter.
You have several options here, we will go through 1-3 in turn. Start with number 1.
You will receive a message to say this has completed..
Next, use option 2 to enable PowerShell.
Once the powershell commands have completed you will need to restart.
Log back in, and go back to option 4 (Enabled Remote Management), to complete the setup, go to option 3 to enable ‘Remote Server Management’.
It will take a few moments for all the commands to run and complete…
Once that has finished, you can press 5 to return to the main menu. (Reminds me of DOS)
Step Four. Hyper-V Network Configuration
If you want to change the system name at all, just press 2, then enter. I am happy to leave mine on the random name assigned by setup.
Let’s have a quick look at our network settings.. press 8 and Enter.
We can see the NIC’s installed, and the current IP Address. If you want to configure the NIC, press the index number that represents that NIC. So i only have 1 NIC so i can press 0 (zero)
You might want to configure a static IP or any other network setting, this is the place to do it. I am going to put my server on a static IP, so i will need to use option 1.
Choosing option 1, prompts me then to use either DHCP (D), Static (S) or to cancel..
Choose S for Static. Then enter your IP details.
When you enter the default gateway you will see the screen refresh and reflect your new address details.
So you can see DHCP is now showing as false (disabled) and my new static IP is displayed
You can press 4 to go back to the main menu.
From testing i know that the firewall configuration can be tricky.
However, as this will not be a production box i have decided on my system to just switch off the firewall.
There is a great little tool called HVRemote.WSF which you can obtain from here… this takes a lot of the pain out of configuring the Hyper-V core, especially when you follow the instructions, which IMHO could be just a little clearer, but nether the less work well.
You run it both from the Hyper-V server, and the Client that will control the Hyper-V server (most commands are run from the client) it even has a great switch for diagnosing connectivity issues between the two!
To disable the firewall..
Exit to the command line (option 15) and then type:
netsh firewall set opmode disable
(If you choose to Disable the firewall, instead of configuring, You will need to run that command each time you reboot the Hyper-V Server)
As you can see in the screen shot, this command is deprecated now and you are told you should use ‘netsh advfirewall’ instead, but since this command still works, why should we bother??
Now just to recap, at this point we have installed the Hyper-V core, we have configured it for remote management, we have added a like named user to match our workstation/system with the Hyper-V tools running. We have configured our network adapters and turned off the firewall.
Step Five. Connect to Hyper-V Server
Now that your Hyper-V server is up and running, you probably want to add some Virtual Machines, and finish our server virtualisation project?
You will need a machine running the Hyper-V management tools, you can install these as part of the RSAT, or if you already have a server running Hyper-V you can add it as an additional server.
I have a Windows 7 Pro machine running the Hyper-V tools, so i will connect to the Hyper-V Server from there.
Open up the Hyper-V console.
Right click ‘Hyper-V Manager’ and click on ‘Connect to Server’
Choose to connect to ‘Another Computer’ and enter the IP or HOSTNAME of your Hyper-V Server, and click on OK.
After a short delay, you will see your server is added to the console tree. It will display the hostname, whether you added the server by IP or HOSTNAME.
Select your server from the list, to begin working with Hyper-V on that server. You will see that the Hyper-V console is attempting to connect to the Virtual Machine Management service on the remote server..
And hopefully in a few seconds you will see….
Step Six. Configure your VM
Now we will need to copy our VHD across to the Server, and build our VM.
I am going to attempt to copy my VHD across the network firstly, and then i will walk through the process using removable media.
Before you attempt to power up your VM you MUST move the Hyper-V server to a separate network. You cannot run two Servers on the same Subnet with the same name and IP address.
I ran the disk2VHD tool directly on my SBS server, and stored the created VHD there, so from the Server i will attempt to browse to the Hyper-V server.
So, Click Start, then Run in the run box , enter the UNC path to your server, and as we don’t yet have any shares on the server, let’s try to go for the c$ share.
Hopefully you are prompted to login, so enter the administrator username and password.
If you entered the correct credentials you should now see your C: on the Hyper-V server. Add a new Folder to store your VHD file.
Right click, new > folder. Name the folder VHD and press enter.
Now we can just try to drag and drop our VHD file across..
Sit back and grab a coffee, it might take a while!
When the copy has completed we can switch back to our Hyper-V server and configure the VM.
If you want to use removable media instead, copy the VHD to your media from the source server, plug that media into your Hyper-V server, and you can use the xcopy tool from a command line to copy it across. You might want to use DISKPART to identify which Drive letter your Media has been assigned.
From a command prompt, type..
LIST VOLUME <enter>
This will show you the volumes on your system, their size, and assigned drive letter.
From here you can gauge which drive is your removable media, and it should be simple enough to copy the file across.
Now we need to configure our networking. My Microserver only has one NIC so i am not able to have a dedicated NIC for management and one for the VM.
In the Hyper-V console, load up the ‘Virtual Network Manager’
Our VM will need physical network access, so we will need to create an ‘External’ Network. Click Add.
You will need to enter a name for your network, you may want to add some notes about it’s purpose/function within your Hyper-V setup, you also need to confirm the physical NIC the network will bind to, and whether or not the Host OS will have access to share this NIC. There are also some other settings which we do not need to worry about.
As i said, i only have the one NIC, so i am leaving all of the defaults here.
Enter a name you are happy with, and click on OK to setup the network.
With a single NIC configuration you may have some temporary disruption when you click on OK. You will be prompted to acknowledge this by clicking ‘Yes’ in a warning dialogue box.
Once the server has applied your networking configuration, you can go ahead and run the New Virtual Machine Wizard.
Right click the Server Name, highlight New, then select Virtual Machine.
Review the information on the ‘Before you Begin’ page, even if you have done it before it is always useful to review this type of information.
Click Next when you are ready.
We will need to name our Virtual Machine – this name will be what is shown within the Hyper-V console. You may also choose to move the configuration information to a non default location.
When you are ready, click Next.
Choose your memory allocation. My Physical server had 1GB of Ram, so i am going to allocate 1GB here. You may want to allocate more if your system has the free memory. My Microserver only has 2GB installed, and remember SBS 2003 only supports up to 4GB of RAM.
When you are ready click Next.
Choose your Network from the dropdown menu. I only have the one to choose. Click Next. (You can ignore this step for Windows 2003 as it does not support the Hyper-V synthetic NIC by default)
Next we choose our VHD. We don’t want to create a New VHD here, so choose to ‘Use an Existing VHD’ and type the path information to the VHD file, you ‘may see it auto-completes for you!
When you are happy with the VHD information, click Next.
Review the settings shown, and if you are happy, click on Finish.
Your new Virtual Machine will now be shown in the details pane of the Hyper-V console.
Step Seven. VM Network Configuration
Now, because we are running Windows Server 2003, we will need to use a ‘Legacy Network Adapter’
Right click the VM, and click Settings.
It should open on the ‘add hardware’ screen, select ‘Legacy Network Adapter’ and click Add.
Again, here you need to choose which network to connect the NIC to, and click on Apply.
Click on OK to close down the settings page.
Your NIC is now installed.
Now remember when we startup, it will be like we have replaced the NIC in a physical server, so there will be some configuration required and the SBS BPA can help us with that.
Step Eight. Power Up your VM!
Remember, your Hyper-V Server should now not be located on the same LAN as your source server.
Double click the VM to connect to it, then click on the green Power Button to power on.
You may be prompted for credentials due to the way the VM, and Hyper-V interact with the remote Hyper-V system, simply login with credentials valid on the remote Hyper-V Server.
Once you have logged in you will see the VM at whatever state it has got to in the boot process, it does not wait whilst you enter credentials!
After a short time you will be at the CTRL-ALT-DEL screen and you can login. (CTRL ALT END on Hyper-V) (CTRL ALT LEFT ARROW, to get your mouse focus back to your local pc)
Once logged on, you can see your server is at exactly the point when we made the disk2VHD snapshot.
Step Nine. Testing your VM
Your next step is to run the SBS BPA and resolve any issues highlighted. Remember your VM functions just like the real thing, so any issues in the registry that pre-existed for example, still exist. The main issue you are likely to see relates to having a new NIC installed on the system when SBS is tied to the other NIC. This error is the result in a change in the ‘LANNIC’ registry value.. the registry key is located here:
The above shows the current value of the GUID for our LANNIC. If that NIC is removed you might experience errors on the system, and services like DHCP may not work as expected.
The solution is to find the GUID of your actual LAN NIC, copy it down, and replace the value shown above, with your actual GUID.
To find the GUID of your NIC, go to, HKLM>System>Services>TCPIP>Parameters>Interfaces
Step Ten. Back to the Future..
No not a direction to sit in front of a DVD, but i needed a good name for the last step.
At this point you should have a fully functional SBS 2003 Virtualised, on Microsoft’s free Hyper-V server. You are now free to test migrations, patches, backups, anything you like, safe in the knowledge that your physical server, is safe from, well, you!
So you are back, where you started, which is, looking to the future… of your network and a server upgrade? ok that was awful but hopefully you get the point!
I hope you have found this useful, if not a little entertaining.
Hyper-V system Requirements
Hyper-V Management Tools (RSAT Updated for Windows 7 w/SP1)
USB Bootable Media Guide
Thanks to Tim Barrett, for his awesome editing and ideas!
Small Business Server 2003 R2 Standard, Migration to Small Business Server 2011 Essentials (Continued)
Back to our migration now and more preparation to our source server…
I am running another BPA scan to showup which issues remain to be resolved.
So as you can see we are now down to only 12 highlighted issues.
Let’s tackle the functional level of Exchange first, we need to load up the Exchange System Manager, which you can launch from the SBS Server management console, or navigate to it.
When System Manager opens up, right click the Servername at the top of the tree, and click on Properties.
On the properties page, you will see the details about which mode you are currently in, and also which Exchange Server versions this mode supports.
In the unlikely event you, a) have additional exchange servers, and b) they are running a Version other than 2003 (or newer), please make sure to migrate these out prior to changing this setting. It is one way, and cannot be changed back (without restoring the server)
SO when you are happy, click on ‘Change Mode’
A warning is displayed detailing the change and that it cannot be reversed, this is your last chance to back out, so make sure you are sure. I am sure you are sure, you wouldn’t be doing it otherwise right?
On clicking on Yes, you are returned to the properties page. Click OK to close the page and your changes will apply.
Next we can move onto fixing the WSUS warnings.
First we will load up the native WSUS console. Changing too many settings here can lead to the ‘blue shield’ state which was quite difficult to recover from in SBS 2003, in later version it is a lot easier. What did this state mean? just that the default settings for SBS/WSUS integration were changed. WSUS still functioned perfectly well but the integration with he SBS console and reports was broken. More info on that here.
Click on Start, Administrative Tools, then on Windows Server Update Services.
When the console opens, we will go to the Products and Classifications section first. We need to add ‘Service Packs’ to be downloaded.
Click on Products and Classifications, then on the Classifications tab.
Check the box marked ‘Service Packs’ and click Ok. Next move to ‘Automatic Approvals’
Click to Edit the ‘Default Automatic Approval Rule’
On the edit page, click the hyperlinked option ‘When an Update is in..’
Put a check next to ‘Service Packs’ and click Ok. Click Ok to close down the Default Automatic Approval Rule page, and close the WSUS Console.
We need to install an update now to resolve this next issue, so we will need to load up Windows Update on the server.
Open up IE, and click Tools, then Windows Update.
Choose to run a Custom check..
Well, after waiting for WU to check my server, it didn’t actually offer me the update in question. Luckily in the system tray was the Updates icon and it was top of the list. As i only want to install this one update at the moment i had to manually deselect all the other 100+ updates being offered. Tip here is the down arrow and the space bar!
Click on Install to kick off the installation.. it is a small update and it installs quite quickly.
You will need to acknowledge a message about what will happen to unselected updates.
Click on OK and the updates will stay in the system tray for Installation at a later date.
Again we will run a WU check to see if i we can download this update.
It seems this update is also not being offered to me by MU at this time either, and i cannot see it in my System tray updates notification window.
When i re-read the KB article, it states ‘Microsoft Update’ not Windows Update.
So we need to upgrade our server to use MU instead of WU.
Navigate to this link on your server, http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us
Click on ‘Start Now’
You will need to review the license agreement, and click to continue if you agree.
A new ActiveX is required to be installed..
Install the ActiveX.
And check for updates…
You’ll find the POP3 Update under ‘Software, Optional’ and then under, Microsoft Windows Small Business Server 2003
Make sure to clear all the security updates, and only select the POP3 connector update.
Click on Review and Install updates, and then on Install updates.
Installation should complete quite quickly.
Next we will tackle the Daylight Saving Time updates.
Querying an ACL.
Something a lot of us will have had to do on a number of occasions, when it is for one folder it is a fairly straight foward task. But imagine a scenario where you have to check multiple folders, and possible compare the results, it can be time consuming not to mention BORING!
So this was a task i had to perform this morning. A client running DFS where due to saturated WAN links their dfs had huge backlogs. Having resolved these issues using a variety of tools and tecniques (beyond the scope of this) i wanted to run a few quick checks to make sure permissions were applied accuratley accross sites.
Enter – Accesschk
A very handy Sysinternals tool that you can run to query an ACL from a folder, file or whatever you like.
Download the file and extract it to your desktop.
Open up a command prompt from the accesschk folder (right click and hold shift to get ‘open command prompt here’)
Type in your command, so i want to test this on c:\users so the syntax is…
accesschk c:\users <enter>
And you receive your output.
Not so easy to work with this output, so you might want to output to a txt file.
Simply add the usual ‘batch file output’ syntax ‘ > ‘ so our command becomes..
accesschk c:\users >accesschk.txt
No output displayed now, so we need to open out txt file to view the results.
As you can see the output here is much easier to view, and control.
You will need permission to actually view the ACL or your output may not be as expected.
As you can see from the output in the txt file my query couldnt get the ACL info from two of the folders. If i try to access these folders through explorer, you can see why..
This tool really saved me a lot of time, hopefully you will find it useful!
So a client called with a PC that crashed and wouldn’t boot up.
Luckily i was actually in the area so i called in to the customer, unluckily i was travelling light and didnt have my USB/SATA kit with me.
PC was a reasonably new Dell Optiplex 380, Running Windows 7 Pro. Covered under warranty and after a few minutes on the Dell Online Chat, i had arranged an engineer to be onsite next day with a new drive.
I decided to take the drive with me to see if i could salvage anything, and possibly image the drive for future recovery use.
So i brought the disk back to the office and set it up on a bench, ran a chkdsk and after that it seemed to function ok. (i could have done this onsite with an OS disc, but if it failed once i would rather have a new drive thank you)
So Dell have now replaced the drive and installed the OS, buuut wait, they dont join it to the domain or install any apps.
I need to know the name of this pc to rejoin it to the domain, i could make up a new name, but we have a convention… seems as though the system name sticker is missing as well.
So here’s what you can do.
Load up Regedt32 on the lab system, with the drive attached as a slave.
Navigate to HKLM and click file, load hive.
Now browse to the \windows\system32\config folder on the slave drive and find the SYSTEM file.
Enter a name – i used OLD
Now browse to HKLM>Old>CurrentControlSet1>Control>Computername>Computername
You should see a key named ‘ComputerName’ with the system name as the value.
Small Business Server 2003 R2 Standard, Migration to Small Business Server 2011 Essentials (Continued)
Having installed Windows 2003 Service Pack 2 to our source server, we will need to now rerun the SBS BPA to find any new issues that the SP introduces. You may recall there are some new features such as RSS that are enabled by the installation of this SP.
The results of the SBS BPA show the following issues:
Looks like that list is a little shorter now! So let’s address the issues in red to start with.
Receive Side Scaling (RSS) is enabled and should be disabled on Windows SBS 2003. This issue is highlighted as fixable in the BPA results using this KB article, however if you follow the link you will need to redirect to this newer KB to get the right patch.
Download and run the x86 version of the hot fix..
Again accept the license agreement and click next to start the install, it is a very small update and should apply in a matter of seconds.
This update should also resolve the ‘TCPA Enabled’ BPA critical issue, but a reboot is required prior to the changes becoming active.
To minimise our reboots let’s look at the other two critical items and see if we can apply any of the fixes.
Task offloading is enabled & TCP Chimney is enabled, are both fixed without the need to install any other patches. So let’s apply those fixes before our reboot. (Task Offload fix is documented here)
To disable TCP Chimney, open up a command prompt and type..
Netsh int ip set chimney DISABLED
Press enter, and the command simple returns ‘OK’, moving on to disabling ‘Task Offload’
You’ll want to open up the registry editor, Start > Run > regedt32
Now navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
On the Edit menu, click New, then DWORD Value
Name the value ‘DisableTaskOffload’
Press enter to accept the name change, then enter again to edit the value. Enter a 1 in place of the 0 (0 = disable 1 = enabled) )that is to say, 0 disables, disabletaskoffload and 1 enables, disabletaskoffload)
Click on OK to accept your changes, and then you are good to go ahead and reboot.
That takes care of the 4 critical issues highlighted by the BPA, and now we can focus on the remaining warnings shown.