• Chapter 1. Installing and Configuring Windows Server 2003
  • software development Company Server 2003
  • Chapter 1. Installing and Configuring Windows Server 2003
  • New Features in Windows Server 2003
  • Best Practices
  • Moving Forward
  • Version Comparisons
  • Hardware Recommendations
  • Installation Checklist
  • Functional Overview of Windows Server 2003 Setup
  • Installing Windows Server 2003
  • Post Setup Configurations
  • Functional Description of the Windows Server 2003 Boot Process
  • Correcting Common Setup Problems
  • Chapter 2. Performing Upgrades and Automated Installations
  • New Features in Windows Server 2003
  • NT4 Upgrade Functional Overview
  • Upgrading an NT4 or Windows 2000 Server
  • Automating Windows Server 2003 Deployments
  • Moving Forward
  • Chapter 3. Adding Hardware
  • New Features in Windows Server 2003
  • Functional Description of Windows Server 2003 Architecture
  • Overview of Windows Server 2003 Plug and Play
  • Installing and Configuring Devices
  • Troubleshooting New Devices
  • Moving Forward
  • Chapter 4. Managing NetBIOS Name Resolution
  • New Features in Windows Server 2003
  • Moving Forward
  • Overview of Windows Server 2003 Networking
  • Name Resolution and Network Services
  • Network Diagnostic Utilities
  • Resolving NetBIOS Names Using Broadcasts
  • Resolving NetBIOS Names Using Lmhosts
  • Resolving NetBIOS Names Using WINS
  • Managing WINS
  • Disabling NetBIOS-over-TCP/IP Name Resolution
  • Chapter 5. Managing DNS
  • New Features in Windows Server 2003
  • Configuring a Caching-Only Server
  • Configuring a DNS Server to Use a Forwarder
  • Managing Dynamic DNS
  • Configuring Advanced DNS Server Parameters
  • Examining Zones with Nslookup
  • Command-Line Management of DNS
  • Configuring DHCP to Support DNS
  • Moving Forward
  • Overview of DNS Domain Structure
  • Functional Description of DNS Query Handling
  • Designing DNS Domains
  • Active Directory Integration
  • Configuring DNS Clients
  • Installing and Configuring DNS Servers
  • Configuring Secondary DNS Servers
  • Integrating DNS Zones into Active Directory
  • Chapter 6. Understanding Active Directory Services
  • New Features in Windows Server 2003
  • Active Directory Support Files
  • Active Directory Utilities
  • Bulk Imports and Exports
  • Moving Forward
  • Limitations of Classic NT Security
  • Directory Service Components
  • Brief History of Directory Services
  • X.500 Overview
  • LDAP Information Model
  • LDAP Namespace Structure
  • Active Directory Namespace Structure
  • Active Directory Schema
  • Chapter 7. Managing Active Directory Replication
  • New Features in Windows Server 2003
  • Replication Overview
  • Detailed Replication Transaction Descriptions
  • Designing Site Architectures
  • Configuring Inter-site Replication
  • Controlling Replication Parameters
  • Special Replication Operations
  • Troubleshooting Replication Problems
  • Moving Forward
  • Chapter 8. Designing Windows Server 2003 Domains
  • New Features in Windows Server 2003
  • Design Objectives
  • DNS and Active Directory Namespaces
  • Domain Design Strategies
  • Strategies for OU Design
  • Flexible Single Master Operations
  • Domain Controller Placement
  • Moving Forward
  • Chapter 9. Deploying Windows Server 2003 Domains
  • New Features in Windows Server 2003
  • Preparing for an NT Domain Upgrade
  • In-Place Upgrade of an NT4 Domain
  • In-Place Upgrade of a Windows 2000 Forest
  • Migrating from NT and Windows 2000 Domains to Windows Server 2003
  • Additional Domain Operations
  • Moving Forward
  • Chapter 10. Active Directory Maintenance
  • New Features in Windows Server 2003
  • Loss of a DNS Server
  • Loss of a Domain Controller
  • Loss of Key Replication Components
  • Backing Up the Directory
  • Performing Directory Maintenance
  • Moving Forward
  • Chapter 11. Understanding Network Access Security and Kerberos
  • New Features in Windows Server 2003
  • Windows Server 2003 Security Architecture
  • Security Components
  • Password Security
  • Authentication
  • Analysis of Kerberos Transactions
  • MITv5 Kerberos Interoperability
  • Security Auditing
  • Moving Forward
  • Chapter 12. Managing Group Policies
  • New Features in Windows Server 2003
  • Group Policy Operational Overview
  • Managing Individual Group Policy Types
  • Moving Forward
  • Chapter 13. Managing Active Directory Security
  • New Features in Windows Server 2003
  • Overview of Active Directory Security
  • Using Groups to Manage Active Directory Objects
  • Service Accounts
  • Using the Secondary Logon Service and RunAs
  • Using WMI for Active Directory Event Notification
  • Moving Forward
  • Chapter 14. Configuring Data Storage
  • New Features in Windows Server 2003
  • Functional Description of Windows Server 2003 Data Storage
  • Performing Disk Operations on IA32 Systems
  • Recovering Failed Fault Tolerant Disks
  • Working with GPT Disks
  • Moving Forward
  • Chapter 15. Managing File Systems
  • New Features in Windows Server 2003
  • Overview of Windows Server 2003 File Systems
  • NTFS Attributes
  • Link Tracking Service
  • Reparse Points
  • File System Recovery and Fault Tolerance
  • Quotas
  • File System Operations
  • Moving Forward
  • Chapter 16. Managing Shared Resources
  • New Features in Windows Server 2003
  • Functional Description of Windows Resource Sharing
  • Configuring File Sharing
  • Connecting to Shared Folders
  • Resource Sharing Using the Distributed File System (Dfs)
  • Printer Sharing
  • Configuring Windows Server 2003 Clients to Print
  • Managing Print Services
  • Moving Forward
  • Chapter 17. Managing File Encryption
  • New Features in Windows Server 2003
  • File Encryption Functional Description
  • Certificate Management
  • Encrypted File Recovery
  • Encrypting Server-Based Files
  • EFS File Transactions and WebDAV
  • Special EFS Guidelines
  • EFS Procedures
  • Moving Forward
  • Chapter 18. Managing a Public Key Infrastructure
  • New Features in Windows Server 2003
  • Moving Forward
  • PKI Goals
  • Cryptographic Elements in Windows Server 2003
  • Public/Private Key Services
  • Certificates
  • Certification Authorities
  • Certificate Enrollment
  • Key Archival and Recovery
  • Command-Line PKI Tools
  • Chapter 19. Managing the User Operating Environment
  • New Features in Windows Server 2003
  • Side-by-Side Assemblies
  • User State Migration
  • Managing Folder Redirection
  • Creating and Managing Home Directories
  • Managing Offline Files
  • Managing Servers via Remote Desktop
  • Moving Forward
  • Chapter 20. Managing Remote Access and Internet Routing
  • New Features in Windows Server 2003
  • Configuring a Network Bridge
  • Configuring Virtual Private Network Connections
  • Configuring Internet Authentication Services (IAS)
  • Moving Forward
  • Functional Description of WAN Device Support
  • PPP Authentication
  • NT4 RAS Servers and Active Directory Domains
  • Deploying Smart Cards for Remote Access
  • Installing and Configuring Modems
  • Configuring a Remote Access Server
  • Configuring a Demand-Dial Router
  • Configuring an Internet Gateway Using NAT
  • Chapter 21. Recovering from System Failures
  • New Features in Windows Server 2003
  • Functional Description Ntbackup
  • Backup and Restore Operations
  • Recovering from Blue Screen Stops
  • Using Emergency Management Services (EMS)
  • Using Safe Mode
  • Restoring Functionality with the Last Known Good Configuration
  • Recovery Console
  • Moving Forward
  • Who Should Read This Book
  • Who This Book Is Not For
  • Conventions
  • Acknowledgments
  • About the Author
  • About the Technical Reviewers
  • Index
  • Index A
  • Index B
  • Index C
  • Index D
  • Index E
  • Index F
  • Index G
  • Index H
  • Index I
  • Index J
  • Index K
  • Index L
  • Index M
  • Index N
  • Index O
  • Index P
  • Index Q
  • Index R
  • Index S
  • Index SYMBOL
  • Index T
  • Index U
  • Index V
  • Index W
  • Index X
  • Index Z
  • Preface
  • Previous Section Next Section

    Overview of Windows Server 2003 Plug and Play

    Windows Server 2003 uses the same plug-and-play support introduced in Windows 2000. The Windows Executive has two components that handle PnP services: Plug and Play Manager and Power Manager:

    • Plug and Play Manager. Discovers PnP devices using a process called enumeration. It then loads an appropriate driver and makes Registry entries based on INF scripts written either by Microsoft or the hardware vendor. Plug and Play Manager also allocates resources such as IRQs, I/O ports, and DMA channels based on information gleaned from ACPI.

    • Power Manager. Handles dynamic interaction with devices to conserve battery life or limit wear and tear on components. Power Manager can be set to spin down a hard drive, for example, after a certain interval of inactivity.

    The trick to getting a successful PnP enumeration is having an INF script that calls out the same name as that reported by the device. If PnP Manager cannot match an INF script to the device, it cannot complete the transaction even if the correct driver is available on the machine. Drivers are stored in \Windows\System32\Drivers. INF scripts are stored in \Windows\Inf.

    32-bit drivers cannot be loaded on an IA64 machine. The WOW64 emulator only works in user space, not kernel space. However, the same INF script can be used to load both 32-bit and 64-bit drivers. This enables a vendor to deploy a single script and two sets of drivers. If the vendor wants to load only a 64-bit driver, the .inf extension can be changed to .ia64. This signals the operating system to look only for 64-bit drivers.

    Using Device Manager

    Before proceeding much further, let's take a look at the MMC console provided by Microsoft for viewing details about the devices loaded on a machine. This is the Device Manager, Devmgmt.msc. In general, if you have hardware problems or want to configure a device, the first place to go is the Device Manager console. There are several ways to open the console:

    • Right-click the My Computer icon on the desktop and select MANAGE from the flyout menu. Expand the tree under System Tools | Device Manager.

    • Right-click the My Computer icon, select PROPERTIES from the flyout menu, select the Hardware tab, then click Device Manager.

    • My personal favorite is the Run window. I just enter devmgmt.msc and press Enter.

    Figure 3.12 shows an example of the device tree displayed by the Device Manager console.

    Figure 3.12. Device Manager console showing device tree.

    graphics/03fig12.gif

    To see the configuration information for a particular device, right-click the Device icon and select PROPERTIES from the flyout menu. If Device Manager does not list a device that you know is installed in the system, the device might be misconfigured or a legacy device might not be recognized by the PnP Manager. Legacy devices can be installed manually using the Install New Hardware applet in Control Panel.

    An exclamation point or question mark next to a device indicates a problem of some sort, usually a resource conflict. A big red X indicates that the problem was severe enough to force disabling of the device.

    To assess the problem, open the Properties window for the device then select the Device Status tab to find the nature of the problem. If the properties indicate a resource conflict, use the Resource view to see what other devices are contending for the same resource.

    To clear a conflict, try deleting the device then restarting. This may force PnP Manager to reconsider the resource allocation decision it made the first time. You can also try moving the card to another PCI slot, which forces ACPI to assign different resources.

    If a resource conflict persists for a legacy device, try taking manual control of the resource allocation for the device by selecting the Resources tab and unchecking the Use Automatic Settings option. This option will be dimmed for PCI devices. After you manually allocate resources to a legacy device, restart the machine to see if the error persists or if you caused a problem for another device.

    Additional Device Enumeration Tools

    Although Device Manager is probably the simplest way to look at the hardware on a machine, it does not give a consolidated view of drivers, resources, and functions. The tool best suited for this type of viewing is the System Information tool, which is most easily launched by entering WINMSD at the Run command.

    In both Windows 2000 and Windows Server 2003, launching WINMSD immediately launches another utility, Msinfo32. Msinfo32 is located in \Program Files\Common Files\Microsoft Shared\Msinfo. WINMSD closes as soon as it opens Msinfo32.

    In Windows 2000, Msinfo32 gathers a bit of folder information then launches an MMC console with the System Information snap-in. This is the same snap-in used by the Computer Management console in Windows 2000 to display information about the operating system and the hardware.

    In Windows Server 2003, there is no System Information snap-in. Instead, Msinfo32 launches the Help and Support Center with the focus set on a display of system information gleaned from Windows Management Instrumentation (WMI). Figure 3.13 shows an example.

    Figure 3.13. System Information listed by the Help and Support Center when launched by Msinfo32 via WINMSD.

    graphics/03fig13.gif

    The Help and Support Center has a more visually friendly display of system information. From the main Support Center window, click Tools then General then System Information then My Computer Information. Figure 3.14 shows an example of the information layout.

    Figure 3.14. Help and Support Services display of system information.

    graphics/03fig14.jpg

    Advanced Configuration and Power Interface (ACPI)

    Although Microsoft calls Windows Server 2003, XP, and Windows 2000 "Plug-and-Play" operating systems, they are actually ACPI operating systems. The Advanced Configuration and Power Interface standard defines mechanisms by which devices report their capabilities and resource needs to ACPI, where they are dutifully listed in a set of tables in the volatile memory section of the chip. The operating system reads these tables and makes resource allocation and power management decisions based on the information it finds there.

    According to the ACPI 2.0 specification, available at www.acpi.info, the following services are provided by the ACPI infrastructure:

    • System power management

    • Device power management

    • Processor power management

    • Device and processor performance management

    • Plug and Play

    • System Events

    • Battery management

    • Thermal management

    • Embedded Controller management

    • SMBus Controller management (SMBus is the System Management bus specification promulgated by Intel.)

    The ACPI infrastructure on a machine is an intimate part of the machine's operation, so Microsoft chose to incorporate ACPI support directly into the operating system kernel via the Hardware Abstraction Layer (HAL).

    As you can see from the list, Windows Server 2003 and XP use ACPI to handle power management as well as plug and play. Don't confuse these power management features with the legacy Advanced Power Management (APM) services that were part of the PC specifications for many years. APM uses function calls in the system BIOS to control the machine's wake-state. Legacy APM function calls are supported only in XP, not in Windows Server 2003 servers.

    You can check to see if APM is enabled by clicking the Power Options hyperlink in the new Printers and Other Hardware section of the new Control Panel interface. If the Power Options window has an APM tab, the machine has an APM BIOS. You should only enable APM support if the machine has no other power management options available, indicating that no ACPI functionality has been enabled in the HAL.

    Using APMSTAT

    There is a utility in the Windows Server 2003 Support Tools called APMSTAT that tests for an APM BIOS on a machine. Here is a sample report using the -v (verbose) switch:

    
    C:\Program Files\Resource Kit>apmstat -v
    This computer appears to have an APM legal HAL
    This machine has an APM bios present that looks OK, and it is
    not on the list of machines known to have APM problems.
    Check the power applet in the control panel to see if APM is 
    graphics/ccc.gifenabled
    APM Registry Data Dump
    Major = 0001  Minor = 0002
    InstallFlags = 0003
    Code16Segment = f000  Code16Offset = 56c4  DataSeg = 0040
    Signature = APM
    Valid = 0001
    Detection Log Data:
    44 45 54 4c 4f 47 31 00 00 00 00 00 00 00 00 00
     D  E  T   L  O  G  1
    

    If APCI is enabled, APMSTAT reports the following :

    This is an ACPI machine. APM is NOT relevant on this machine.
    

    ACPI Compatibility

    You should have relatively few problems installing Windows Server 2003 on a new machine that meets the ACPI v2 specification. Older machines built during the time that the ACPI spec was evolving sometimes have problems, ranging from the failure of certain power management features to erratic behavior to periodic freezes and bugchecks.

    Microsoft drew a line at 1/1/99 and assumes that any machine built after that date is ACPI 2.0-compliant. Machines that are known exceptions to this rule are listed in the Txtsetup.sif file on the Windows Server 2003 CD under the heading [NWACL], which stands for Non-Windows ACPI Compliance List.

    Setup determines the ACPI identification of a machine by querying two ACPI tables: the Fixed ACPI Description Table (FACP), which contains a string representing the vendor, and the Root System Description Table (RSDT), which contains an alphanumeric value assigned by the vendor to represent the machine's make and model. The [NWACL] entry identifies the source of the identification. For example, the Toshiba Portege 3300 and the Fujitsu Sprint are on the NWACL list. Here are the particulars from the [NWACL] section of the Txtsetup.sif file:

    [ToshibaPortege3300]
    AcpiOemId="FACP","TOSHIB"
    AcpiOemTableId="FACP","750     "
    AcpiOemRevision="<=","FACP",1
    
    [FujitsuSPRINT]
    AcpiOemId="RSDT","FUJ   "
    AcpiOemTableId="RSDT","SPRINT  "
    

    The Txtsetup.sif file also lists machines built prior to 1/1/99 that are known to be ACPI-compliant. These machines are listed under the [GoodACPIBios] heading.

    There is also a "good but only with some fixes" list included in a file called Biosinfo.inf, also in the \I386 directory on the Windows Server 2003 CD. This list identifies machines that work only if certain ACPI features are disabled. Here is an example listing:

    ; Workaround for BIOS bug in Dell Dimension 8100, Precision 220,
    ;and Precision 420 using National PC87364 SuperIO chipsets.
    ;Parallel port is configured in a way that does not
    ; work on Win2k or WinXP
    
    [DellNationalPC87364WorkAround]
    AddReg=DellNationalPC87364WorkAroundAddReg
    
    [DellNationalPC87364WorkAroundAddReg]
    HKLM,SYSTEM\CurrentControlSet\Services\Parport\Parameters,DellNationalPC87364,0x00010001,1
    

    If you have a machine with a motherboard older than 1/1/99 that is not listed on the good-boy list but you think it would be perfectly fine running with the ACPI kernel, you can try changing the ACPIEnable option from ACPIEnable = 2 to ACPIEnable = 1 in the Txtsetup.sif file. This forces Setup to enable ACPI and load the ACPI kernel. This has the potential to cause the machine to do odd gymnastics, so it is not recommended except for personal experimentation.

    Power Management Features

    Dependingon the ACPI table entries found during Setup, Windows Server 2003 and XP display certain options in the Power Options window opened in Control Panel. Figure 3.15 shows the options for XP running on a laptop. Figure 3.16 shows the options on Windows Server 2003.

    Figure 3.15. Power Options for an XP laptop.

    graphics/03fig15.gif

    Figure 3.16. Power Options for Windows Server 2003.

    graphics/03fig16.gif

    After Setup decides on the ACPI configuration for a machine, the entries are hardwired into the HAL. If you change your mind later on and decide to enable an option in CMOS, you'll need to reinstall the operating system. Keep this in mind when you deploy images.

    Windows Driver Model (WDM)

    A key benefit to the merging of the corporate and consumer Windows products is the ability to use a single driver throughout the product line. The blueprint for creating those drivers is the Windows Driver Model, or WDM. If you are interested in the architecture of WDM drivers or how they are developed, here are a few good references:

    • Programming the Microsoft Windows Driver Model, by Walter Oney. This is an excellent book for system administrators because it has lucid descriptions of the way the drivers work and the architectural models of the driver internals.

    • Developing Windows NT Device Drivers: A Programmer's Handbook, by Edward Dekker and Joseph Newcomer. This is another excellent resource. You'll get a lot of information if you don't mind sifting through a little complex jargon.

    • Windows NT Device Driver Development, by Peter Viscarola and Anthony Mason. This is considered the definitive book on NT device drivers. It is geared more for the older NT Driver Model, but has solid coverage of WDM.

    • Windows Server 2003 Driver Development Kit (DDK). The documentation in the DDK is terse, but you can't get much more authoritative. The DDK used to be a free download from Microsoft, but now you have to purchase it.

    WDM and PnP are inextricably linked in Windows Server 2003, so here is a brief overview just to get the vernacular.

    Bus

    The WDM view of I/O starts with a bus. A bus is an interface that controls one or more devices. An IDE controller is a bus, for example, because it provides the interface to one or more hard drives. Other buses include the following:

    • Personal Computer Interface (PCI) bus

    • RS-232 Serial Bus

    • Parallel Port

    • Advanced Configuration and Power Interface (ACPI)

    • Small Computer System Interface (SCSI)

    • PC Card (formerly Personal Computer Memory Card International Association, or PCMCIA)

    • Universal Serial Bus (USB)

    • IEEE 1394 FireWire

    Bus Drivers

    A bus is controlled by a bus driver. Bus drivers are controlled by the Plug and Play Manager, which communicates with the devices via function calls in the HAL.

    A bus driver enumerates devices on its bus and builds a Physical Device Object (PDO) for each device it finds. The PDO virtualizes the device, rendering it into a digital form that can respond to commands from the Executive. Other duties of the bus driver include hall monitor, errand boy, receptionist, and gofer. In other words, it does the following:

    • Keeps track of events on its bus and reports them to the Plug and Play Manager.

    • Responds to I/O request packets (IRPs) from Plug and Play Manager and Power Manager.

    • Improves I/O performance by multiplexing bus access requests.

    • Performs administrative chores required to keep the devices on the bus running smoothly.

    Functional Device Objects

    A bus driver generally does not communicate directly to devices on its bus unless the devices use raw I/O. Instead, the bus driver virtualizes the physical device objects still further into data constructs called Functional Device Objects (FDO). These FDOs are controlled by function drivers. The Plug and Play Manager loads one function driver for each device.

    Function Drivers

    A function driver is implemented as a set of drivers: a class driver, a minidriver, and one or more filter drivers.

    • Class drivers. Provide basic functionality for a device type, such as a mouse or a scanner or a hard drive. Microsoft usually writes class drivers.

    • Minidrivers. Determine specific operational functions. Vendors write mini drivers for their hardware.

    • Filter drivers. Layer above or below the function driver and provide additional services. Microsoft encourages vendors to write filters rather than build entirely new custom minidrivers.

    WDM Functional Example

    Here is an example of how a device with a WDM driver is enumerated and loaded:

    1. Insert a new PC Card SCSI controller with an attached Jaz drive into the PCMCIA slot of a laptop.

    2. The PCMCIA driver discovers the new card and creates a Physical Device Object (PDO) for it. It informs Plug and Play Manager about the new PDO.

    3. The Plug and Play Manager looks up the correct driver for the new PDO, loads the driver, and passes the PDO over to the SCSI driver.

    4. The SCSI driver builds a Functional Device Object (FDO) and attaches it to the driver stack for the PC Card bus.

    5. Plug and Play Manager instructs the SCSI driver to enumerate the bus.

    6. The SCSI driver enumerates the bus, finds the SCSI drive, and creates a PDO for the drive.

    7. Plug and Play Manager looks up the driver for the new PDO, loads the driver, and passes control of the PDO over to the new driver.

    8. The disk driver builds an FDO for the drive and attaches the FDO to the device stack for the SCSI bus.

    9. The file system drivers in I/O Manager can now communicate with the drive via the SCSI bus interface.

    One of the end results of all this PnP discovery, enumeration, and object building is a set of Registry keys under HKLM | System | CurrentControlSet | Enum. This is called the Enum tree and is used as a reference for loading services during startup.

    This concludes the overview of Windows Server 2003 hardware architecture. It's time to start adding devices.

      Previous Section Next Section