SBS2000 to 2003 Upgrades – a few considerations…

Ok – my preference for installations of SBS2003 is to do a totally fresh installation.  However there are times when this is not possible due to budget contraints or time limitations.  I’ve had two such customer scenarios this week that needed to have the inplace done, one for budget reasons, and the other for time constraints.  So we’ve used the inplace upgrade method.  Before using the in place upgrade method I’d considered a few things.


1. Did I install SBS2000 on this system? I look at this as I want to ensure that it’s a system that I’ve controlled for it’s life.  If I didn’t install it then there may be a heap of underlying issues just waiting to bite me.


2. Is the hardware capable to run SBS2003 for the next 2-3 years.  In the case of the systems I’ve done this week, both were for 5 user sites, one was a 2.4Ghz system with 1GB RAM which was fine, the other was an 800Mhz system with 1GB RAM which was at the very low end of what I wanted.  I advised the 800Mhz customer of this and he was fine – wants to replace the server next financial year anyway.


So here’s the process I followed in these upgrades this week.  Both of them had RAID 1 using software mirroring, so we disconnected the mirrored drive before we commenced as our utlimate backup plan, and then later once it was done and we knew the upgrade was 100% we reconnected it and reconfigured the mirror.


Preflight Check – these can all be done prior to the day of the upgrade to minimise the downtime


 



  1. Check workstations – if any Win95 or Win ME then upgrade can not proceed
  2. Check SBS2000 Service Pack levels – must have SBS 2000 SP1 installed
  3. Minimum 2GB Free on C: Drive
  4. Ensure ISA SP1 is installed (v3.0.1200.50 if no SP, v3.0.1200.166 SP1)
  5. Install hotfix for ISA for W2003 Server (ISAHF255.exe – KB331062)
  6. Download and unpack the latest supportpaq from HP for the server
  7. Clean up drives, delete files not needed and empty recycle bin
  8. Defrag drives (if time permits – do this remotely)
  9. Verify backups are good

 Rollout Process



  1. Ensure the Internet NIC is disconnected
  2. Disconnect the mirrored hard drive (if it’s a dual drive mirrored system)
  3. Remove any UPS cables to the server
  4. Remove Exchange IM
  5. Remove Admin tools
  6. Remove AV software



    1. Remove Scanmail for Exchange
    2. Remove Trend Client from the server
    3. Remove OfficeScan Corporate Edition from the server
    4. Reboot


  1. Note any specific config options that need to be reinstated later

a.      Exchange – forward all mail to specific host



  1. CHKDSK /f on all hard drives
  2. Save and clear event logs
  3. Reboot server
  4. Check event logs – note / decide on action about ANY errors
  5. Insert SBS2003 CD1 and commence setup
  6. During the W2003 installation portion of setup, if it asks you for drivers for the HP/Compaq server, insert the SmartStart CD as it has the drivers the system needs.
  7. Phase 2 of the SBS Setup
  8. Reboot and complete the To Do list
  9. Do not do step 6 of the to do list – Import Files – as we don’t use this option
  10. Detune ISA security

    1. Remove the authenticate all users from the outbound web listener

  11. Windows Update & reboot
  12. Review loginscripts to ensure that they are correct and do not have any additional characters in them
  13. Test one workstation on LAN – verify access to email, files etc
  14. Install ISA FP1, ISA FP1 URLSCAN (isafp1ur.exe), ISA SP2
  15. Install Trend AV & configure
  16. Install GZIP Hotfix, E2003SP1 and Post SP1 SBS Hotfix
  17. Modify hardware firewall to add additional ports and protocols

    1. 443,444,4125

  18. Shutdown and configure the mirror the original hard drive
  19. Workstation rollouts

    1. Assign applications to all workstations from the SBS console wizards
    2. Remove old AV & rollout the new AV
    3. Add users to be able to logon remotely via RWW on the desktop computers

  20. Verify all AV clients are seen in the AV console

 

19 thoughts on “SBS2000 to 2003 Upgrades – a few considerations…

  1. Great list of actions, as I intend to do an upgrade in the near future.

    Did you choose to uninstall the AV software (Trend, I assume) because the original configuration was not suitable for SBS2003, or as a matter of course?

    I run McAfee GroupShield, VirusScan & ePolicy Orchestrator on my SBS2000 server. Would you recommend doing the same (uninstalling; but a real pain to have to reconfigure from scratch again), or just disable the real-time scanner during the upgrade?

    Also, is it safe to assume that as I have already applied ISA FP1 + URLSCAN & SP2 that I will not need to reapply?

    What is the Post SP1 SBS Hotfix mentioned in item 23?

    TIA

  2. Richard,

    I remove the AV for two reasons;

    1. It’s likely to be the same version that was installed with the server back in 2000 and therefore may require a later version to support W2003/E2003.

    2. Removing the AV totally removes the potential for it to get in the way of the upgrade. Remember that AV software works at a very low level and as such can interfere with all kinds of operations. Removing it from the system totally removes the risk. Sure reinstalling it takes time, but I would rather have an hour of reinstallation planned in advance than an unknown number of hours investigating some strange problem that I eventually find is linked back to the AV software (been there done that)

    I’ve updated the article to include a link to the hotfix in item 23.

    Thanks for the feedback and questions

  3. Just spent the weekend doing an inplace upgrade guided by the MS paper "Chapter 3B – Upgrade Small Business Server 2000".

    Prior to the upgrade we doewnloaded and installed ISA Server 2000 SP2, and the latest Exchange Rollup. Bad Move! The install disk kept asking for ISA Server Sp1 – didn’t want to recognise SP2. had to roll back to Sp1 and download the ISA 2003 fix file.

  4. N.Hughes

    I have just done the same, and using Wayne’s notes above with the chapter 3b, but had no problems with ISA SP2 like you did.

    But I do have problems that I think are DNS related. I am busy googling for the solution, but may soon be posting to the SBS2k3 group.

    I also had problems with Routing and Remote Access and numerous other niggles.

    A clean install woulld have been easier!

    Wayne,

    The note I could not reconcile was no. 17. Detune? Does that mean make less safe? Which access policy element is that?

    Cheers

    Richard

  5. Richard,

    Point 17 – Detune ISA – basically ISA authenticate all out bound requests to the internet using a combination of methods. Wha I do is to detune it and stop it from using one of those methods as I’ve found it causes more problems than it’s worth. I spoke recently with Dr Tom Shinder (www.isaserver.org fame) and found that he also does the same -therefore I conclude that it’s not a huge security risk to do so.

    What I am refering to is in the ISA MMC – drill down to the first level and then right click the ISA SERVER computer and go to properties. Then select the Outgoing Web Requests tab. Down the bottom there is a tick box called "Authenticate All Users" (or similar). Remove the tick, Press OK and then restart the ISA services. In SBS2000 this box is not enabled either. There are some additional ISA tuning things that I do and I’ll post on them later.

    Hope that helps.

    Wayne

  6. Hello All,

    Regarding point #6, (if you happen to like IBM servers) down load the latest Update Express CD image from IBM’s site:

    http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-53046

    I recently upgraded an IBM x235 server from SBS2000 to SBS 2003 Pro and found using the Update Express CD to update all IBM firmware and software drivers very easy.

    Also the Upgrade Requirement Messages for Windows Small Business Server 2003 Setup document is a very good document to go through prior to starting the upgrade:

    http://www.microsoft.com/technet/prodtechnol/sbs/2003/deploy/upsetreq.mspx

    Best Regards,

    Robert Pereira

    London, Ontario, Canada

  7. Thanks for the link for the IBM drivers – yes – regardless of what server model you use, you should always check for later drivers for Windows 2003 as part of your upgrade process – many drivers for servers running Windows 2000 were written now up to 5 years ago.

Leave a Reply

Your email address will not be published. Required fields are marked *