Mark's Windows Server Blog

Snippets of Windows Server information from Mark Wilson

July 2007 - Posts

Some free Windows tools
I was recently alerted to the presence of Joe Richards' PSOMgr tool for managing Windows Server 2008 fine grained password policies and it turns out that Joe has a whole heap of useful tools available for free on his website.
Microsoft's support policy for software running in a non-Microsoft VM

I'm troubleshooting some problems with my Exchange server at the moment and the ExBPA led me to a knowledge base article about running Exchange Server in a virtualised environment. Whilst reading that, I can across Microsoft knowledge base article 897615, which discusses the support policy for Microsoft software running in non-Microsoft hardware virtualisation software.

I'll paraphrase it as "If you have Premier support and you use our virtualisation software, we'll try and work out what the issue is (we use Virtual Server 2005 R2 to do that anyway). If you don't have Premier support, then you should, and you need to proove that it's nothing to do with virtualisation (i.e. can you replicate the issue on physical hardware). If you have a Premier agreement but you use another vendor's virtualisation software then we'll try our best, but you'll probably have to proove the problem is not caused by the virtualisation software". The crux of this is the statement that:

"Microsoft does not test or support Microsoft software running in conjunction with non-Microsoft hardware virtualization software."
This might be worth considering whilst selecting which (if any) virtualisation platform is right for an organisation.
WSUS 3.0 delivers huge improvements for the deployment of Microsoft updates

I've been an advocate of Microsoft SUS/WSUS since the v1.0 release. Sure, there are better enterprise software deployment products out there (Microsoft even has one - Systems Management Server) but as a low cost (free) patch management solution for Windows, it's hard to beat Windows Software Update Services (which, since version 2.0, will update more than just Windows - WSUS 2.0 can act as a local cache for all updates that are available through the Microsoft Update servers). Except that now it has been beaten - by Windows Server Update Services (note the subtle name change) 3.0.

WSUS 3.0 was launched a couple of months ago and I finally installed it this afternoon. Not only does it include some great new features (like e-mail notification, improved reporting and computer management) but it finally gets an MMC administration interface (a huge improvement on the previous web administration interface). There are database changes too - WSUS no longer supports SQL Server 2000/MSDE (after all, those products are shortly to be retired), although it will upgrade an existing database.

The only downside that I can see is that the product still relies on clients connecting to the server and pulling updates (there is no option to force updates on clients - at least not as far as I can see). That's fine but it does introduce some latency into the process (i.e. if there is an urgent patch to deploy, then WSUS is probably not the right tool to use); however, for the basic operational task of keeping a Windows infrastructure patched (for Microsoft products) and reporting on the current state, WSUS is definitely worth considering.

For further information, check out the WSUS 3.0 distributed network improvements and WSUS 3.0 Usability improvements white papers.

Apache HTTP server on Windows Server 2008 Server Core
Microsoft's James O'Neill wrote about how:
"Some bright spark tried running Apache on [Windows Server 2008 Server] Core and having no special Windows dependencies it works."
I couldn't find any references to this elsewhere on the 'net so I had to give it a go - it's actually really easy:
  1. Install Windows Server 2008 Server Core
  2. Map a network drive, insert a CD or some other media and copy over the Apache HTTP server installer MSI.
  3. Issue the command, msiexec /i apache_2.2.4-win32-x86-no_ssl.msi. Not surprisingly, the installer is unable to create application shortcuts:

    Apache HTTP Server 2.2 Installer Information
    Warning 1909. Could not create shortcut Apache Online Documentation.lnk. Verify that the destination folder exists and that you can access it.


    Apache HTTP Server 2.2 Installer Information
    Warning 1909. Could not create shortcut Help, I'm stuck!.lnk. Verify that the destination folder exists and that you can access it.


    Presumably, that's what causes an error dialog with no message and an OK button at the end of the install.
  4. Open up the firewall with netsh firewall set portopening TCP 80 "Apache Web Server".
  5. Point a browser at the server's IP address and the words "It works!" should be displayed.
OK, so Apache running on Windows is no big deal but if this one cross-platform application runs on Server Core with no modifications, think what else this stripped out version of Windows can be used for.
Fixing RIS after installing Windows Server 2003 SP2

This may be an isolated incident, as I've already written about how my Windows Server 2003 SP2 installation appeared to be broken (but was ultimately successful) but ever since SP2 was installed, I've been warned about service startup failures and have been unable to PXE boot to RIS.

I haven't bothered too much - my RIS server is used for XP builds and I rarely need to build XP machines these days but as there are no fully-featured Windows Vista display drivers for my IBM ThinkPad T40, I wanted to rebuild it on XP today.

It turns out that the problem was trivial. RIS has been replaced in Windows Server 2003 SP2 by Windows Deployment Services (WDS). WDS includes something called Windows Deployment Services Legacy - which looks remarkably like RIS to me (it uses WDS binaries to provide RIS functionality). I fired up the Windows Deployment Services Legacy administrative tool and performed a diagnostic check, after which PXE boots resulted in a successful connection to the OSChooser.