• Chapter 1. Installing and Configuring Windows Server 2003
  • software development Company Server 2003
  • Chapter 1. Installing and Configuring Windows Server 2003
  • New Features in Windows Server 2003
  • Best Practices
  • Moving Forward
  • Version Comparisons
  • Hardware Recommendations
  • Installation Checklist
  • Functional Overview of Windows Server 2003 Setup
  • Installing Windows Server 2003
  • Post Setup Configurations
  • Functional Description of the Windows Server 2003 Boot Process
  • Correcting Common Setup Problems
  • Chapter 2. Performing Upgrades and Automated Installations
  • New Features in Windows Server 2003
  • NT4 Upgrade Functional Overview
  • Upgrading an NT4 or Windows 2000 Server
  • Automating Windows Server 2003 Deployments
  • Moving Forward
  • Chapter 3. Adding Hardware
  • New Features in Windows Server 2003
  • Functional Description of Windows Server 2003 Architecture
  • Overview of Windows Server 2003 Plug and Play
  • Installing and Configuring Devices
  • Troubleshooting New Devices
  • Moving Forward
  • Chapter 4. Managing NetBIOS Name Resolution
  • New Features in Windows Server 2003
  • Moving Forward
  • Overview of Windows Server 2003 Networking
  • Name Resolution and Network Services
  • Network Diagnostic Utilities
  • Resolving NetBIOS Names Using Broadcasts
  • Resolving NetBIOS Names Using Lmhosts
  • Resolving NetBIOS Names Using WINS
  • Managing WINS
  • Disabling NetBIOS-over-TCP/IP Name Resolution
  • Chapter 5. Managing DNS
  • New Features in Windows Server 2003
  • Configuring a Caching-Only Server
  • Configuring a DNS Server to Use a Forwarder
  • Managing Dynamic DNS
  • Configuring Advanced DNS Server Parameters
  • Examining Zones with Nslookup
  • Command-Line Management of DNS
  • Configuring DHCP to Support DNS
  • Moving Forward
  • Overview of DNS Domain Structure
  • Functional Description of DNS Query Handling
  • Designing DNS Domains
  • Active Directory Integration
  • Configuring DNS Clients
  • Installing and Configuring DNS Servers
  • Configuring Secondary DNS Servers
  • Integrating DNS Zones into Active Directory
  • Chapter 6. Understanding Active Directory Services
  • New Features in Windows Server 2003
  • Active Directory Support Files
  • Active Directory Utilities
  • Bulk Imports and Exports
  • Moving Forward
  • Limitations of Classic NT Security
  • Directory Service Components
  • Brief History of Directory Services
  • X.500 Overview
  • LDAP Information Model
  • LDAP Namespace Structure
  • Active Directory Namespace Structure
  • Active Directory Schema
  • Chapter 7. Managing Active Directory Replication
  • New Features in Windows Server 2003
  • Replication Overview
  • Detailed Replication Transaction Descriptions
  • Designing Site Architectures
  • Configuring Inter-site Replication
  • Controlling Replication Parameters
  • Special Replication Operations
  • Troubleshooting Replication Problems
  • Moving Forward
  • Chapter 8. Designing Windows Server 2003 Domains
  • New Features in Windows Server 2003
  • Design Objectives
  • DNS and Active Directory Namespaces
  • Domain Design Strategies
  • Strategies for OU Design
  • Flexible Single Master Operations
  • Domain Controller Placement
  • Moving Forward
  • Chapter 9. Deploying Windows Server 2003 Domains
  • New Features in Windows Server 2003
  • Preparing for an NT Domain Upgrade
  • In-Place Upgrade of an NT4 Domain
  • In-Place Upgrade of a Windows 2000 Forest
  • Migrating from NT and Windows 2000 Domains to Windows Server 2003
  • Additional Domain Operations
  • Moving Forward
  • Chapter 10. Active Directory Maintenance
  • New Features in Windows Server 2003
  • Loss of a DNS Server
  • Loss of a Domain Controller
  • Loss of Key Replication Components
  • Backing Up the Directory
  • Performing Directory Maintenance
  • Moving Forward
  • Chapter 11. Understanding Network Access Security and Kerberos
  • New Features in Windows Server 2003
  • Windows Server 2003 Security Architecture
  • Security Components
  • Password Security
  • Authentication
  • Analysis of Kerberos Transactions
  • MITv5 Kerberos Interoperability
  • Security Auditing
  • Moving Forward
  • Chapter 12. Managing Group Policies
  • New Features in Windows Server 2003
  • Group Policy Operational Overview
  • Managing Individual Group Policy Types
  • Moving Forward
  • Chapter 13. Managing Active Directory Security
  • New Features in Windows Server 2003
  • Overview of Active Directory Security
  • Using Groups to Manage Active Directory Objects
  • Service Accounts
  • Using the Secondary Logon Service and RunAs
  • Using WMI for Active Directory Event Notification
  • Moving Forward
  • Chapter 14. Configuring Data Storage
  • New Features in Windows Server 2003
  • Functional Description of Windows Server 2003 Data Storage
  • Performing Disk Operations on IA32 Systems
  • Recovering Failed Fault Tolerant Disks
  • Working with GPT Disks
  • Moving Forward
  • Chapter 15. Managing File Systems
  • New Features in Windows Server 2003
  • Overview of Windows Server 2003 File Systems
  • NTFS Attributes
  • Link Tracking Service
  • Reparse Points
  • File System Recovery and Fault Tolerance
  • Quotas
  • File System Operations
  • Moving Forward
  • Chapter 16. Managing Shared Resources
  • New Features in Windows Server 2003
  • Functional Description of Windows Resource Sharing
  • Configuring File Sharing
  • Connecting to Shared Folders
  • Resource Sharing Using the Distributed File System (Dfs)
  • Printer Sharing
  • Configuring Windows Server 2003 Clients to Print
  • Managing Print Services
  • Moving Forward
  • Chapter 17. Managing File Encryption
  • New Features in Windows Server 2003
  • File Encryption Functional Description
  • Certificate Management
  • Encrypted File Recovery
  • Encrypting Server-Based Files
  • EFS File Transactions and WebDAV
  • Special EFS Guidelines
  • EFS Procedures
  • Moving Forward
  • Chapter 18. Managing a Public Key Infrastructure
  • New Features in Windows Server 2003
  • Moving Forward
  • PKI Goals
  • Cryptographic Elements in Windows Server 2003
  • Public/Private Key Services
  • Certificates
  • Certification Authorities
  • Certificate Enrollment
  • Key Archival and Recovery
  • Command-Line PKI Tools
  • Chapter 19. Managing the User Operating Environment
  • New Features in Windows Server 2003
  • Side-by-Side Assemblies
  • User State Migration
  • Managing Folder Redirection
  • Creating and Managing Home Directories
  • Managing Offline Files
  • Managing Servers via Remote Desktop
  • Moving Forward
  • Chapter 20. Managing Remote Access and Internet Routing
  • New Features in Windows Server 2003
  • Configuring a Network Bridge
  • Configuring Virtual Private Network Connections
  • Configuring Internet Authentication Services (IAS)
  • Moving Forward
  • Functional Description of WAN Device Support
  • PPP Authentication
  • NT4 RAS Servers and Active Directory Domains
  • Deploying Smart Cards for Remote Access
  • Installing and Configuring Modems
  • Configuring a Remote Access Server
  • Configuring a Demand-Dial Router
  • Configuring an Internet Gateway Using NAT
  • Chapter 21. Recovering from System Failures
  • New Features in Windows Server 2003
  • Functional Description Ntbackup
  • Backup and Restore Operations
  • Recovering from Blue Screen Stops
  • Using Emergency Management Services (EMS)
  • Using Safe Mode
  • Restoring Functionality with the Last Known Good Configuration
  • Recovery Console
  • Moving Forward
  • Who Should Read This Book
  • Who This Book Is Not For
  • Conventions
  • Acknowledgments
  • About the Author
  • About the Technical Reviewers
  • Index
  • Index A
  • Index B
  • Index C
  • Index D
  • Index E
  • Index F
  • Index G
  • Index H
  • Index I
  • Index J
  • Index K
  • Index L
  • Index M
  • Index N
  • Index O
  • Index P
  • Index Q
  • Index R
  • Index S
  • Index SYMBOL
  • Index T
  • Index U
  • Index V
  • Index W
  • Index X
  • Index Z
  • Preface
  • Previous Section Next Section

    Post Setup Configurations

    If you have no abnormal indications and the system appears to be functioning normally, you can declare a job well done and give yourself a week off. If Setup did not complete or had significant errors, check the section, "Correcting Common Setup Problems," in this chapter.

    You may want to do a few things to tidy up. Here are a few hygiene checks you should perform.

    Product Activation

    The license agreement accompanying any Microsoft Windows product makes it very clear that the operating system is considered a part of the computer, no different than a chipset or the system BIOS. That's why most retail versions of Windows are called "upgrades," on the assumption that you must have received a Windows operating system with the original hardware. (This is not always the case, of course. It is possible to purchase a server without an operating system, or with an alternative OS such as Linux or NetWare.)

    When you install the retail version of Windows Server 2003, you have 30 days to activate the product. This is handled by the Windows Product Activation (WPA) Wizard. The executable is called Msoobe.exe, which stands for MS Out-Of-Box Experience. WPA has three major components:

    • A 25-character product key on the jewel case or other container.

    • An Installation ID generated based on the hardware installed in the server at the time of activation. If you are interested in the hardware components that go into the makeup of the Installation ID, a German firm called Fully Licensed has analyzed the WPA process and published a white paper at www.licenturion.com/xp/fully-licensed-wpa.txt.

    • A Confirmation ID supplied by Microsoft via the Internet, modem, or phone. This number is what "activates" the Windows Server 2003 installation.

    If your server does not have direct connection to the Internet but it has a modem, you can use dial-up to one of Microsoft's Product Activation Centers using a number provided in the WPA Wizard. If you do not have a modem, you can call the Product Activation Center directly to obtain a Confirmation ID. There are support centers in each country. Each one is available 7 x 24. The operator does not collect any user information. The operator may ask for a name, but only out of politeness. Microsoft insists that no personal information is recorded.

    If you choose to activate via phone, the WPA Wizard displays a window that displays the Installation ID so you can read it to a customer support representative. Figure 1.12 shows an example.

    Figure 1.12. Activate Windows screen—phone activation.


    If you reinstall Windows Server 2003 using the same product key on the same machine with the same hardware, you need only validate the existing activation via the Internet or phone or modem. You can perform an unlimited number of validations.

    If you do a radical change to your hardware, you will be required to reactivate. The exact nature of the change is something Microsoft will not publish. The retail version of XP is extremely forgiving. If the machine uses the same BIOS, activation will not be triggered.

    WPA only applies to retail versions of the product. The product key you obtain from a Master License Agreement or a Volume Purchase Agreement is not subject to per-instance activation. The minimum number of overall licenses required to qualify for a VPA is relatively modest. Check with your reseller for current requirements.

    Event Log Checks

    You should check the Event log to make sure no abnormal situations came up during installation and the initial boot. Event logs are stored in the \Windows\System32\ Config folder along with the Registry hives. You can view the contents of the logs using the Event Viewer console, Eventvwr.msc, or the Event Viewer executable, Eventvwr.exe.

    Activation and Registration

    Windows Product Activation, as a process, is completely distinct from product registration. Registration lets Microsoft know who you are so you can obtain technical support, product update notifications, and lots of email concerning third-party product information.

    Activation does not contain any information that relates a particular user or organization to a particular license of Windows Server 2003. Registration, on the other hand, contains a great deal of information about you and your organization. You do not need to register in order to activate.

    The Event Viewer console can be opened from the Start menu via START | PROGRAMS | ADMINISTRATIVE TOOLS | EVENT VIEWER. Figure 1.13 shows an example of the Event Viewer console showing the System log. If you are an NT4 administrator, you'll be pleasantly surprised to see that the navigation arrows in the viewer now actually indicate how the cursor will move.

    Figure 1.13. Event Viewer console showing typical System log entries after installing Windows Serve 2003.


    There are several Event logs:

    • Application. Events from user processes.

    • System. Events from drivers and Executive processes.

    • Security. Used only if Auditing is enabled.

    • Directory Services. Installed only on domain controllers.

    • File Replication Service. Installed only on domain controllers.

    • DNS. Installed only on DNS servers.

    You should get familiar with the normal Event log entries for your system. Some errors happen all the time and are benign. Others should cause you immediate attention. Each entry in the Event log has a description of the event and many have suggestions for troubleshooting. Figure 1.14 shows what an error looks like in the Event log.

    Figure 1.14. Sample Event log entry showing error details.


    Move and Configure the Paging File

    The paging file holds memory pages that have been swapped out of RAM. The pages are stored in a system file called Pagefile.sys, stored at the root of the system partition. The default minimum size of the paging file is 150 percent of system RAM with a maximum size of 300 percent of RAM.

    For small systems with 256MB of RAM, you can get away with keeping the paging file on the system partition. But for large systems with multiple gigabytes of RAM, you should take a few actions to control the file's size and location.

    Move the Paging File to Another Disk

    You can improve overall system performance by putting the paging file on a fast drive that does not share connections with the operating system drive.

    You can have up to 16 paging files as long as each one is on a separate logical drive. You will not get a performance improvement unless the paging files are on separate physical drives, as well.

    You should leave a small paging file on the boot partition. This is because the system uses the paging file to hold memory dump information following a kernel-mode stop error (a.k.a. Blue Screen of Death). The memory is dumped first to the paging file and then copied to a dump file following the next restart. That's why the paging file must be at the root of the system partition, because the bugcheck executable has no access to the file system and so must use INT13 calls, which are limited to the root of the boot drive.

    The option to dump system memory can force you to set aside very large chunks of disk real estate if you have lots of memory. An alternative is to dump only the operating system memory. This saves considerable disk space and gives Microsoft technical support a more compact file to examine in the event of a crash. Or you can dump just the stack heap if you really want to conserve space (<64KB total). This is outlined in Procedure 1.3.

    In most situations, I've found that a stack heap dump gives sufficient information for servers that are not having problems. If you have a server that is crashing frequently, you may need to save a dump of the operating system or even of the entire memory space. At this point, you are probably going to call Microsoft Product Support Services, and they will tell you what sorts of information they need.

    Procedure 1.3 Configuring the System to Dump Only the Contents of the Kernel Memory

    1. Open the System applet in Control Panel.

    2. Select the Advanced tab.

    3. Click Settings under Startup and Recovery.

    4. Under Write Debugging Information, select the option to do a Kernel Memory Dump or a Small Memory Dump (see Figure 1.15).

      Figure 1.15. Startup and Recovery window showing memory dump options.


    Avoid Paging File Fragmentation

    The paging file can become fragmented, which hurts performance considerably. Finding pages in a fragmented paging file requires more work. Also, because the paging file is a system file, the disk defragmenter must work around it to defrag the remaining files.

    To avoid fragmentation, make sure the drive you select for the paging file is already defragmented, then make the minimum and maximum file sizes the same. This causes the system to lay out the full paging file in a single, contiguous run that won't grow and get fragmented. Be sure to give a generous amount of space. If you are going to run Terminal Services, make the paging file at least double the size of memory up to 4GB.

      Previous Section Next Section