Windows Insider

A Real-World Upgrade

In the non-Microsoft-exam world, there are serious budget constraints, manpower shortages and management conflicts over upgrading.

Have you ever noticed that the domain upgrade scenarios in Microsoft documentation and the certification exams read like scenes from an episode of “Lifestyles of the Rich and Famous?” You, the administrator, are invited to imagine yourself as the sole network systems architect for a company with 50,000 users in a hundred locations scattered all over the globe. You have an unlimited budget to implement whatever domain configuration meets the design goals in the product documentation and best practice white papers. You can deploy your designs without the need for collaboration with colleagues or approval by managers. The result of your efforts is a sublime amalgam of technical excellence and design elegance. You take a bow toward the footlights then stroll solemnly off-stage.

Meet Ann
The real world is somewhat less glamorous. Take this situation, for example. Ann is a systems technician for a small network support firm in Toledo, Ohio. One of her clients is a company that builds custom plastic shelves for convenience stores. The owner of this company has a well-deserved reputation for “spending both sides of a nickel.” Here’s the company’s current system configuration.

The main office has 15 employees, all of whom use thin clients that connect to a server running Windows NT 4.0 Terminal Services Edition. This server has two 400 MHz PIII processors. It was recently upgraded to 512MB of RAM using memory taken from the desktop of the owner’s business partner after a motherboard failure. The company’s assembly plant, located across town, has eight employees who also use thin clients to connect to the terminal server in the home office. The thin client units were purchased at the bankruptcy auction of a cell phone reseller. They are configured to use RDP as the wire protocol. Ann uses a short logon script to configure drive mappings and printer connections; but otherwise the users are free to manage their own virtual desktops.

Old Apps, Old Servers
The company bookkeeper keeps her financial records using a 16-bit Windows application that runs on NT but isn’t compatible with terminal services. Ann has installed the application on a PC that doubles as a terminal server client. The company owner also uses a PC, partly because he thinks a thin client doesn’t befit his role as CEO and partly because the terminal server bogs down too much when he runs Microsoft Golf.

The NT domain name is NT-DOM. The PDC for the domain is a 90MHz PII desktop with 128MB of RAM. The PDC also provides WINS and DHCP services, runs Exchange 5.5, and has two modems for the company’s salespeople to use for dial-in. The last time Ann took the skin off the PDC, the dust inside was so thick that everyone in the office had allergic attacks for a week.

The company contracts its DNS and Internet e-mail to an ISP that also hosts the company Web site, www.shelfware.biz. The company has changed Internet providers three times in three years, each time to a provider with a lower price. The Exchange server has an Internet mail connector that failed a few months ago so everyone pulls their Internet e-mail from the ISP mail server using an Outlook POP3 client while sending their internal e-mail using Exchange.

The main office has a BDC that also acts as a file and print server. The BDC is a 533 MHz PIII desktop with 128MB of RAM, an IDE boot disk, and three-disk SCSI array configured as a fault tolerant disk set with 18GB of usable storage. A DAT4 tape backup unit is attached to the external SCSI interface. Ann has configured an NTBackup job to capture as much of the volume as will fit on a single tape. The bookkeeper rotates the tapes using a calendar with each day of the week shaded with a highlighter that corresponds to a color on the tape label. The tapes have been in use since the start of former president Clinton’s second term in office. Ann has cautioned the owner about the need for off-site tape storage, so every once in a while he nabs a tape and sticks it in his briefcase. When the bookkeeper remembers to complain about the missing tape, he brings it back.

The network connection between the two offices consists of a SOHO router in each location that acts as a NAT interface to the Internet via a symmetrical DSL line with 256K capacity. Every once in a while, high latency on the Internet connection causes the remote office users to lose their terminal server session. They can log right back on and regain their sessions, so the owner won’t spend money on a dedicated frame relay connection.

That’s the gist of the configuration. Ann looks in every couple of weeks to check the event logs and reboot the servers.

The Upgrade
Left to itself, this little system and hundreds of thousands of others just like it would continue to putt along quite nicely for many years, but Microsoft has decried an end to NT support in 2003, and Ann is reluctant to leave her client on an operating system that lacks official standing with its vendor. She originally planned on upgrading to Windows 2000, but she’s been following the public newsgroups and knows that Windows .NET has great new features. Since .NET is due for release about the same time as the owner’s annual vacation, she decides to use it for her upgrades. Here’s a summary of the challenges that she faces as she sets out her plans.

Naming
Ann wants to change the current domain name, NT-DOM, to one that matches the company’s registered Internet name, Shelfware.biz. Ordinarily, the flat NetBIOS name of an AD domain is derived from the leftmost element of the hierarchical DNS name, but this is not an absolute requirement. Ann plans on using the domain rename feature in .NET to change the flat name after she finishes the upgrade.

DNS
The DNS server at the company’s ISP doesn’t support Service Locator (SRV) records, so Ann decides to install DNS on the .NET domain controllers. She avoids the temptation to install DNS in conjunction with the PDC upgrade. Instead, she installs .NET on one of the new machines as a member server then installs DNS with a standard primary zone. Later on, she’ll promote this machine to be a DC and integrate the zone into AD. The DNS server forwards to the ISP’s DNS server.

Domain Controller Hardware
The current PDC and BDC scarcely have sufficient resources to run NT, much less .NET, so Ann buys a couple of new P4 desktops with 256MB RAM. She decides to use a leapfrog approach to the PDC hardware upgrade. She installs NT 4.0 SP6a on one of the new machines and makes it a BDC. She then promotes it to PDC, which automatically demotes the existing PDC to a BDC. She upgrades the newly promoted PDC to .NET and, when that completes successfully, she promotes the .NET member server to a DC.

Rather than upgrade the existing BDC, which is also the file and print server, Ann originally planned to transfer the SCSI adapter and drives to the .NET member server. She’s disturbed to discover, however, that .NET doesn’t support NT-style fault tolerant disk sets. She finds an inexpensive IDE RAID controller and installs it along with two 20GB drives into the new machine. She mirrors the drives and copies the data files from the old BDC using the xcopy /o command to retain any special permissions that exist on the files and folders.

Once all data and services have been transferred from the BDC, Ann can remove it from the network and rename the .NET DC to the same name (a feature not available in Win2K.) This retains compatibility with drive mappings and shortcuts on the user desktops.

Ann keeps the BDC in reserve for a while in case a calamity causes a loss of AD. At some point in the future, she can format the hard drive and repurpose the machine.

Backups
Ann plans on transferring the SCSI controller and tape backup unit to the new file and print server and to use the built-in scheduler in NTBackup to build her nightly backup job. She found a three-tape DAT4 library on eBay and plans on using the Removable Storage Manager feature in .NET (also present in Win2K) to drive the library so she can get a full backup of all the critical servers each night. To avoid the necessity for naming each tape, she puts the /um (unmanaged) switch on the command line of the backup job. She trains the bookkeeper about the new tape rotation.

E-mail
Exchange 2000 can’t run on a .NET server because of incompatibilities with the rewritten IIS in .NET. Exchange 2000 relies on IIS to provide SMTP, NNTP, POP3 and IMAP4 services. Ann has no plans to upgrade from Exchange 5.5, however, so this lack of support doesn’t concern her. She installs Exchange 5.5 on one of the Win2K servers and moves the user mailboxes to the new server. She installs a new Internet connector and successfully configures it to route mail. With this service removed from the old PDC, she can now retire the machine.

If Ann decides to upgrade to Exchange 2000 in the future, she can install a new Win2K member server and use it as a platform for Exchange. The schema modifications performed during the Exchange 2000 installation are compatible with the .NET schema.

TCP/IP Services and Scripts
The old PDC, now demoted to a BDC, still runs DHCP and WINS. Ann decides to transfer the TCP/IP services to the newly upgraded PDC. She moves DHCP using the procedure in KnowledgeBase article Q130642, “How To Move a DHCP Database to Another Windows Server.” In brief, this procedure involves saving the NT DHCP Registry key to a file then copying the key and the DHCP database to the Win2K server and starting up DHCP services in such a way that the database is converted and the keys aren’t overwritten.

The WINS database requires much less work. Ann simply removes WINS from the demoted BDC and installs WINS on the new Win2K DC. She reconfigures the other servers and the two desktops to point at the new WINS server and runs:

nbtstat –RR

to register their resource records. Ordinarily, because Ann uses logon scripts in NT 4.0, she’d need to reconfigure NETLOGON replication to use a classic BDC as an export server because neither .NET nor Win2K supports classic LMRepl. However, because she’s upgrading the entire system at once, she plans to use group policies to control the terminal server sessions.

Dial-in Services
Rather than moving the modems to one of the new .NET DCs, Ann plans to enable the RRAS service on one of the servers to accept VPN connections. If she can get the SOHO firewall to accept tunneling IPSec in .NET, then she’ll use L2TP as the VPN. Otherwise, she’ll use PPTP.

Terminal Services
Ann is excited about the new terminal server features in .NET, but she has a couple of problems ahead of her. First is money. To run Win2K or .NET as an application terminal server, Ann must install Licensing Services and populate the license database with Terminal Server Client Access Licenses (TSCals) for her thin clients. This turns out to be a significant expense. She only has 90 days to obtain the licenses after upgrading the terminal server, so she needs to come up with compelling reasons to give the owner prior to upgrading the server. Those reasons include much faster performance, fewer problems with the high-latency connection between offices, greater color density, automatic printer/serial port redirection, and better encryption support on the data streams coming across the Internet from the assembly plant.

She’s also likely to encounter problems with her thin client units. RDP-based thin clients use a CE operating system that must be upgraded to CE .NET to support the latest version of RDP in .NET. If Ann’s fortunate enough to have thin clients that support a CE .NET upgrade, then all’s well. If not, the clients won’t take advantage of the greater color density, automatic printer/serial port redirection or other new .NET terminal server features.

The existing terminal server doesn’t meet the minimum CPU speed requirements for a .NET server, but Ann isn’t about to talk the owner into getting rid of a two-processor server for the sake of a few hundred MHz of processor speed. She’s fortunate that she doesn’t have a four-processor server, because that would require installing .NET Enterprise at a significant price differential.

One Long Weekend
All in all, Ann is looking at a single day of work over a weekend to do the entire upgrade, assuming that nothing goes wrong. She uses the same plan to upgrade the remainder of her clients in Toledo and still has time to go to a few Mudhen games.

Featured

comments powered by Disqus

Subscribe on YouTube

Upcoming Training Events