Home / Infrastructure and Networking / Rules To Better Windows Servers

Rules To Better Windows Servers

Hold on a second! How would you like to view this content?
Just the title! A brief blurb! Gimme everything!

  1. Do you use Group Policy to manage your Windows Update Policy?

    We all know it’s important to keep our servers updated. Unfortunately though, by default, Windows will automatically download and install all new Windows Updates on your servers. This will mean the servers will occasionally restart to install updates when you don’t want them too. You will also get annoying popups trying to get you to restart the computer.
    Accidently press Restart Now on a Production server and your users won't be happy!
    Accidently press Restart Now on a Production server and your users won't be happy!
    The best ensure you are still downloading updates but not installing them automatically is to use Group Policy. 

    1. Create an Organization Unit (OU) in Active Directory, and put all your Production Servers in the OU
      Add all your Production Servers to the Production Server OU
      Add all your Production Servers to the Production Server OU
    2. Create a new Group Policy object and link it to the Production Server OU
      Create a new Group Policy for your Production Servers
      Create a new Group Policy for your Production Servers
    3. Edit the new Group Policy object and drill down to Computer Configuration | Policies | Windows Components | Windows Update
    4. Edit the Configure Automatic Update Properties item and enable it
    5. Set the Configure Automatic Updating option to 3 – Auto download and notify for install
      Edit Configure Automatic Updates Properties and enable 'Auto download and notify for install'
      Edit Configure Automatic Updates Properties and enable 'Auto download and notify for install
    After the new Group Policy propagates, you will notice the update setting is now locked on the servers in the Production Server OU. 

    The Group Policy locks the Windows Update setting
    The Group Policy locks the Windows Update setting


    Now the next time you plan to reboot your server you can install updates quickly and reboot – keeping your servers updated without unplanned reboots.

    The following screenshot is the settings applied to the default domain policy for the same group policy settings but this will apply to all machines joined to the SSW domain. Default domain policy1.png

     


    Read more about Do you use Group Policy to manage your Windows Update Policy?

  2. Do you wait before applying Service Packs or upgrades?

    After a new Service Pack is released for a product (for example, Exchange 2010 Service Pack 1), users and management can get very excited about new features that the Service Pack will bring that will help them out, or fix problems that they had been having with the product.

    Microsoft generally test their Service Packs very well, but things can go wrong.

    As a general rule, we wait 4 weeks before installing a new Service Pack, and tell everyone to hold their horses.


    Figure 1 - Even though managers and users might be pressing you to install a Service Pack - tell them to hold their horses!

    After the 4 week period has expired perform the following tasks before installing the Service Pack:
    • Do an search for any trending problem when updating to the new Service Pack 
    • Check for any known issues in the Microsoft KB with the Service Pack
    • Read installation documentation
    • Backup your system, or if you are using Hyper-V, take a snapshot
    • Reboot before you are about to install a Service Pack
    Following this rule should prevent disaster in the event that a Service Pack is troublesome.
    Read more about Do you wait before applying Service Packs or upgrades?

  3. Do you know how to Setup NLB on Windows Server 2008 R2? (aka Network Load Balancing)

    Downtime occurs when you have a single server setup.

    Use NLB to allow load balancing and failover. On each of your Windows Servers you will host your website.

    You need to follow these steps to get it up and running:

    1. On all nodes of the NBL cluster, the Network Load Balancing Feature needs to be installed.
      Setup NLB Figure: Install the NLB Feature
    2. Open the Network Load Balancing Manager from Administrative Tools
      Setup NLB Figure: Under the Cluster menu item, click New
    3. Enter the first node in the cluster in ‘Host’ and press ‘Connect’
      Setup NLB Figure: Select the interface for the node
    4. Enter a Priority as 1 (this is just a host identifier)
      Setup NLB Figure: In 'Priority' enter '1'
    5. Setup NLB Figure: Enter a virtual IP address for the cluster. eg. 192.168.1.12
    6. Choose the IP address of your cluster from the dropdown list Set a Full Internet Name eg. spcluster.sydney.ssw.com.au.
      Ensure the Multicast Cluster operation mode is selected.
      Setup NLB Figure: Set the 3 cluster parameters
    7. You want sticky sessions so you don’t mistakenly bounce between servers (and lose your state)
      Setup NLB Figure: Leave the Port Rule as default. This will provide sticky sessions
      Setup NLB Figure: Success. The cluster configuration will show a green icon
    8. Right click the name of the cluster eg. spcluster.sydney.ssw.com.au Click Add Host To Cluster
      Setup NLB Figure: Add the 2nd web server
    9. Enter the host name of the next node eg. SYDVMAPS2010P02
      Click connect
      Setup NLB Figure: Enter the 2nd web servers name
    10. Take the default settings, assuring the ‘Priority (unique host identifier)’ is different than the first node:
      Setup NLB Figure: Set the priority as #2
    11. Take defaults on Port Rules page and click Finish
    12. Success. The status of the cluster will now be Converged
      Setup NLB Figure: Success with 2 green icons
    13. Open a command prompt and type in wlbs query to verify the cluster:
      Setup NLB Figure: Type in wlbs query to verify the cluster
    14. Ping both nodes and the virtual IP address externally to verify they are all working
    Read more about Do you know how to Setup NLB on Windows Server 2008 R2? (aka Network Load Balancing)

  4. Do you get Zero Downtime when Updating a Server?

    If you are dealing with a single server, there is no way to achieve 100% uptime, when updating or restarting a server.

    So set your web site up correctly with at least 2 front ends, and 1 backend (the SQL Server).

    Server down, site up Figure: Good Example – When one server goes down, the web site remains up

    Then, use a Network Load Balancer (we recommend Microsoft’s build in NLB) which allows you to spread web site load to multiple servers, but even more helpful when you need to do Windows Updates or make changes to web servers in your environment.

    Follow the below steps on your test server first, get the application tested passed, then move on to production.

    1. Open the Network Load Balancing Manager
    2. Right click on the machine you want to update | Select Control Host | Click Drain Stop drain stop Figure: The 2 green icons indicate both servers are live with users - Do a drain stop on the server you want to make changes too
    3. To view the current connections on the server, open a command prompt and enter netstat -an. You will be able to see the connections list dropping as users are sent to the other server netstat Figure: Run "netstat -an" to view the current connections on the server
    4. Allow the NLB to finish sending the connections to the remaining servers. The server you have drain stopped, will turn red when all the users have been moved to the other server Server turns red Figure: When the server turns red, the connections have been dropped and you're ready to update
    5. Optional – if you are using Hyper-V, take a snapshot of the server you are about to make changes on
    6. Restart
      7. Windows update Figure: Now that the server isn't being hit with users, perform your updates. Click "Restart Now"
    7. Optional – Do a smoke test (open the site and check its working)
    8. Optional – Run any automated tests (for example Telerik Tests)
    9. When the server ready, add it back into the load balancer. Right click on the machine | Select Control Host | Click Start
    10. The server icon will return to green, and users will start being sent to the server again
      11. Server OK Figure: The server will now accept connections again
    11. Follow the same process for the other server (or multiple)

    Congratulations you've just updated your servers with 100% uptime.

    Read more about Do you get Zero Downtime when Updating a Server?

  5. Printers - Do You Install Your Printers With Group Policy?

    It is important install your printers automatically to all clients that logon to the domain.

    This can be achieved via Group Policy. This can be setup easily on a Microsoft Windows 2008 Server R2:

    • From Server Manager add the Print Services role
      • Install the Print Services role Figure: Install the Print Services role
    • When the role has installed, open Print Management from Administrative Tools
    • Install all your printers by right clicking on Printers and clicking Add Printer
      • Add all of your printers to the server Figure: Add all of your printers to the server
    • Right click on Drivers and choose Add Drivers. From here you will be able to install the x86 and x64 drivers for your printers so all workstations in your organization get the printer drives automatically
      • Add the additional drivers for both x86 and x64 Figure: Add the additional drivers for both x86 and x64
    • Click on Printers in the menu to get a list of your installed printers
    • Right click on the first printer you want to install via group policy and click on Deploy with Group Policy
      • Deploying your printer with Group Policy Figure: Deploying your printer with Group Policy
    • Next you need to choose a Group Policy Object (GPO) to add the printers to. You may wish to create a new GPO specifically for the printers, which you can do through the Group Policy Management tool in Administrative Tools
      • Select the Group Policy Object (GPO) to add the printers to Figure: Select the Group Policy Object (GPO) to add the printers to
    • Repeat the last 2 steps for each printer you want to add automatically using Group Policy
    • Reboot your workstations and the new printers will be added upon logon
    Read more about Printers - Do You Install Your Printers With Group Policy?

  6. Printers - Do you make your Printers easy to find?

    For PCs that are not on the domain, the printers won’t be automatically installed.

    So add a DNS alias which map \\printer to your print server.

    Add the printer via Connect Figure: \\printer takes to this window, were the you can Add the printer via Connect
    Read more about Printers - Do you make your Printers easy to find?

  7. Do you know what to request if someone wants a more RAM and processors on a VM or a PC?

    A “Too slow” is not enough info.​​​

    Request an image of the “Resource Monitor”

    Then after you decide there is justification:

    •           Do a typical action – take a new image or baseline.

    •           give the ​​additional resources e.g. Ram and processors….

    •           Do the typical action again – take another image of the “Resource Monitor”

    •           If there is some improvement, reply “done” (otherwise reply “not done”)

     

    Note: An ideal email subject prefix for more resources would be e.g. “Performance issue – “Machine name”


     

    Figure: Use “Resource Monitor” prior to allocating more RAM on a VM

              highUtilisation.png
                Figure: If you see something like this, pass their request :-)

    Read more about Do you know what to request if someone wants a more RAM and processors on a VM or a PC?