Technology

Archived Posts from this Category

2008-03-20

DCPromo Windows Server 2008 Server Core

Posted by Robert Auch under Domain Controllers, Windows | Tags: , , , , |
Leave a Comment 

I built a Windows Server 2008 Server Core DC last week. It’s an interesting exercise because you have to use an unattend.txt file. I found quite a few places online that listed RODC unattend.txt files, but not full read-write DC unattend.txt files. So, attached to this post you’ll find the unattend.txt I used, but also, of more interest, I’m attaching the full help file directly from the server, which I used to create the file.

FIrst, you have to install the server and set an IP address – my previous posts on IP changes on DCs all used netsh commands as well, so if you followed thouse, you should be somewhat prepared for Server Core. I already had a WIndows Server 2003 DC in the environment, so that will be my primary DNS server for the install, untill DCPromo edits the settings.
netsh interface ipv4 set address local static 10.1.1.6 255.255.255.0 10.1.1.1 10
netsh interface ipv4 set dns local static 10.1.1.5
netsh interface ipv4 set wins local static 10.1.1.5

Now networking is set up, we can rename the computer: netdom renamecomputer %computername% /NewName:dc02 and join the domain with etdom join dc02 /domain:foo.local /UserD:FOO\Administrator /reboot:5 /PasswordD:*. The “5″ after the reboot flag says to reboot 5 seconds after completion, and the “*” at the end says to prompt you for your password. I join the system to the domain manually first, because then I can WSUS patch it (if WSUS is in the network), or open up the firewall for any other patching software I have.

Once the server is back from reboot, activate, update the firewall to allow remote MMC connections (if you’re not doing that through GPO already), and install new roles.
slmgr.vbs -ato
netsh advfirewall firewall set rule group="Remote Administration" new enable=yes

The following roles are optional, depending on the service of the server. Mine has DNS and the File Server roles, but not DHCP. None of these are required to install AD Domain Services!
start /w ocsetup DNS-Server-Core-Role
start /w ocsetup DHCPServerCore
start /w ocsetup FRS-Infrastructure
start /w ocsetup DFSN-Server
start /w ocsetup DFSR-Infrastructure-ServerEdition

If this is the first Windows Server 2008 DC in your environment, you’ll need to take the Windows Server 2008 DVD to the DC with the Infrastructure Master role (required for /gpprep only) and run the following (E: assumed as DVD-ROM drive):
e:\sources\adprep\adprep.exe /forestprep
e:\sources\adprep\adprep.exe /domainprep
e:\sources\adprep\adprep.exe /domainprep /gpprep (Also run adprep /rodcPrep if you plan on building RODCs.)

Now you’re ready to do the DCPromo itself. Create an unattend.txt file. To add a DC to an existing domain, you can use:
[DCInstall]
AutoConfigDNS=Yes
ConfirmGc=Yes
DatabasePath=E:\Windows\NTDS
LogPath=c:\windows\NTDS
RebootOnSuccess=Yes
ReplicaDomainDNSName=foo.local
ReplicaOrNewDomain=Replica
ReplicationSourceDC=dc01.foo.local
SafeModeAdminPassword=passwordhere
SysVolPath=e:\windows\SysVol
UserDomain=foo.local
/Password:passwordhere

DCPromo will wipe out the passwords when it starts, or you can fill in “*” instead of the password, to be prompted. When it’s done, the server will reboot and be a new Global Catalog / DC in your domain. DCPromo will install neccessary binaries and configure the firewall for DC Services for you. It’s quite slick.

And as promised, here are the DCPromo Unattend Options for reference for creating your own unattend.txt.

 

2008-02-22

Akismet on WordPress

Posted by Robert Auch under Open Source Software, Security
Leave a Comment 

As of today:

“Akismet has caught 347 spam for you since you first installed it.”

That’s since 11/29/2007. Akismet has YET to miscategorize a comment as spam, and it has missed a single spam comment. All I had to do was click “this is spam” and it’s cleaned up.

The only other anti-spam product I’ve seen to perform this well is the IronPort mail system at a client. 130,000 or so attempts / day, 1 spam / day in the entire company queue, and no users complaining about spam in 5 months.

Akismet, Ironport, my hat is off to you both.

 

2008-02-15

Windows Server 2008 Disk Problem

Posted by Robert Auch under VMWare, Windows
Leave a Comment 

Just as a quick note – Windows Server 2008 RC0 seems to have the same setup issue as Windows Vista, or at least the x64 RC0 does – I spent most of the evening last night editing settings, rebooting, plugging in the product key, and reading “This computer’s hardware may not support booting to this disk. Ensure that the disk’s controller is enabled in the BIOS.” The problem is detailed at http://support.microsoft.com/kb/925481 for Vista. Windows Server 2008 RC1 fixes this issue.

I was having the problem on a Virtual system in VMWare ESX 3.5, so it was easy to disconnect a disk to get past the error, but downloading and installing the updated RC seemed like the better fix for the first DC in a new test lab.

What apparently is going on is if you have 2 hard drives that have never been partitioned or initialized, then the Setup.exe program gets confused. You can remove one of the disks temporarily, format them with another boot medium (BartPE, anyone?), or just not use Win2k8 RC0. According to the support note, the only fix for Vista is to format the drives.  I bet you can remove one of them and Vista will work, too, but haven’t tested.

 

2008-02-12

VMware ESX Server 3.5 on Dell 2900iii

Posted by Robert Auch under VMWare
Leave a Comment 

Building a new ESX host on new hardware with the PERC6/i RAID controller, we came across an error. ESX installs perfectly fine, but upon the initial boot, the server hangs showing:
Loading VMKernel megaraid_sas.o (options: '')
It turns out that this is caused by an IRQ routing issue in the 2.0.1 BIOS on the newest 2900 series (including 2950). You can get the update here, and the release notes here.

Note that the install I linked to is an “Update Package for Red Hat” – this requires RPM to install properly, I’m not sure if that’s to install the script in /etc/rc6.d/ to perform the actual update, or if there’s also a binary driver that needs to be updated as well. To perform this RPM update, rather than building a DOS floppy (or if you don’t have a floppy drive in the server):

  1. Download the update to a USB thumb drive or burn it to a CD.
  2. Reboot the ESX server.
  3. At the boot prompt, you have the choice of “VMware ESX Server”, “VMWare ESX Server (Debug)” or “ESX Troubleshooting mode”. Boot to Troubleshooting mode – this WILL bring you to a shell, eventually.
  4. Insert the thumb drive or CD media and mount it.
    For a thumb drive:
    mkdir /mnt/usb
    mount -t auto /dev/sdb1 /mnt/usb
  5. Execute the fix:
    /mnt/usb/PE2900_BIOS_LX_2.1.1.BIN
  6. Read the notes and hit “q” to finish, then let the server reboot and apply the update.

Server should come up 100% fine after the reboot, and you’re good to go!

 

2008-01-28

DEC 2008 – Chicago

Posted by Robert Auch under Business, Domain Controllers
Leave a Comment 

I have been invited to present at the Directory Experts Conference in Chicago in March, hosted by NetPro Computing, Inc.. I’ll be discussing how we recently integrated dozens of Linux servers into our 300+ server Windows 2000 Native Mode forest. I’m excited, but it’s taking away from the time to update a few things here I have in “unpublished” state.

Of note is a response for T. Colin Dodd regaring his short and sweet post regarding Red Hat Flaws according to Secunia. In short, Mr. Dodd (please correct me if the address is wrong), yes, Red Hat should be proud of what they’ve accomplished, but…

Well, that’s 2 pages of text that’s not yet finished.

 

« Previous PageNext Page »