Trials and tribulations of a new Admin.

[nutcase]

I've recently taken on the task of managing the network for the company I work for. I've got some experience from working with the exisiting IT manager for a while, and also have a domain based network at home, but have no qualifications, and what experience I do have is very limited. Google is going to be very much my friend...

I'm planning on spending this weekend moving one of our DCs off of an old DL380 G5, into a Hyper-V VM and onto our new DL380 G9. It decided to randomly switch itself off again today for the second time in 2 months - right at the time the other DC wasn't available...

I've done P2Vs before but never on a DC. OS is Server 2008 R2. I know people say to do a new install but that's not really an option at present as there is other software installed that isn't easy to re-install for various reasons.

Will I need to demote it first then promote it afterwards? Any tips?

Thanks

 

[nutcase]

It's also the second DNS server. I would like to introduce split scope DHCP but would need to up the number of available IPs first as we're always running at about 90% used. I can do it as most of the network uses DHCP instead of static and there are plenty of static ones available. It's just finding the time.

It has hyper-v installed as it used to host an old database server that was P2V'd a couple of years ago. That is now running on the host I want to move this one to. It does however host the NEW version of the database. It's lightly used so doesn't put much load on it. This is the software that isn't easily re-installable.

I'd much prefer to have this as a DC only (plus DNS etc) but haven't got any spare OS licences so will have to stick with shared roles for now.

 

[nutcase]

Thanks All. After reviewing the existing install again - I've gone for the fresh option. I'm not sure what it's been used for in the past but there's signs of all sorts of previous software so what the heck, fresh it is.

 

[nutcase]

So I built the VM yesterday (used the new convenience rollup - saved some time!). Decided it prudent to run some checks this morning to make sure all good before running DCPROMO - and discovered that the to-be-retired DC hadn't actually been functioning correctly for some time - amongst several issues, journal wrap errors. The DC was happily replicating AD data but there was no SYSVOL or NETLOGON folders to share...

Think I'm beginning to understand why we were always told to log off when the main server needed a daytime restart - not just so you had to put your password in again when exchange came back up.

So lots of googling, trawling event logs and crossing of fingers we now have 3 fully functioning DCs. Phew

 

[nutcase]

2012 is a way off for us - CALS mainly Plenty of work to be done with what I have at present to start with

 

[nutcase]

Quite liking the lack of errors and warnings on the DCs this morning.

Trying to pluck up the courage to demote the old one now.

 

[nutcase]

The first one I had already done, with the only issue being relevant if we were to have RODC which we don't. The other one I hadn't and it came up fine - a bit close to the 1 hr mark but not past it.

I didn't get a chance to demote yet, and I'm not in the office tomorrow, so it can wait.

 

[nutcase]

Still not done it. Wednesday's backup threw a wobbly so not doing anything until a successful backup is in the bag (or safe in this case!).

Getting more and more annoyed with how rubbish the main server is. Had to dismount and re-mount the exchange database to clear the VSS issue that flobbed the backup.

 

[nutcase]

Hmm, DCPROMO fails because the old PDC is still reference somewhere. Argh, this network is rubbish. Think a metadata cleanup is required.

 

[nutcase]

Done it. Had to run this script: https://support.microsoft.com/en-gb/kb/949257

Now, how to get this poxy database moved

 

[nutcase]

One of the other bits I have started to do is get WSUS onto another sever. It's currently on the PDC (along with just about everything else...).

Installed a new instance, done everything but no downloading of updates. Error log shows BITS issue. Turns out the original WSUS has been configured not to use BITS instead of just asking the MPLS provider to enable the correct support.

Has anything on this poxy network been done right!? I've already had the MPLS supplier (who at present does DHCP for the regional offices) change hte DNS to both internal DNS servers instead of one internal and one external...
Eventually I'll get all DHCP done internally.

 

[nutcase]

On the bright side, it's a fun challenge to get it all cleaned up.

Very true, each time I've fixed something it has been a bit of a buzz I won't lie!

I am in constant fear of breaking something though, so the stress levels are WAY UP Especially at the moment - anything exchange wise I'm putting to the IT consultants. I pointed out a couple of weeks back we were getting warnings and errors about the self-signed certs running out of time (yes I know, and it's on the list...). They said don't worry you don't use them. Ok. Down to 50 hours remaining yesterday so thought I'd have a look. Of course we use them. So I asked the consultants to have another look, which they did and renewed them.

The net effect of this, is all the mobile devices have complained about the new cert being untrusted. Fine, just accept it. Except on windows phones you CAN'T just accept it. The only way we've found to do it is to delete the account off the phone and put it back on. Thanks microsoft, we have about 100 un-computer literate field staff who currently have no emails on their phone!

 

[nutcase]

It's an "issue" I've known about for years, but as I've been getting closer and closer to the middle of the IT department (i.e. - now it's only me lol) it's got closer to the top of the list. By the end of yesterday, it was top of the list, just had to get director approval to get the change made.

By the end of tomorrow we should have a CA issued cert. Could I have done it myself? Probably. Am I ready to start messing with exchange on a live system that's already flaky? Nope. So we're paying for them to do it.

 

[nutcase]

Argh, new cert is in, and instantly all the windows phones are refusing to use the new one without removing the account again.

Microsoft can suck my

 

[nutcase]

Will using an SRV record make up for the (insert expletive here) idiots not including autodiscover.xxx.com on the cert?

 

[nutcase]

And now, 24 hours later the idiots at namesecure still haven't actually put the SRV record on, let alone it start propagating through - so still no autodiscover.

I even called them to request it as well as email. Eejits

 

[nutcase]

Think I'm tempting to ask this thread to be renamed "trials and tribulations of a new admin".

Still no sign of my SRV record. And I'm in the office this morning for some other stuff and thought I'd have a poke around at a "quiet" time (still 7 people logged into terminal servers, and 3 of us in this office...). Getting errors from the VSS writers on the backups sometimes. I've gone through most things, but thought I'd check the level of fragmentation on the data drive.

40%

Ok, best get that sorted then.

edit: so it's taken about an hour to defrag 1000 files. There are 269000 files to do. Don't think it's going to be finished today. Or this week. Or next.

 

[nutcase]

It's definitely something added to the list...!

 

[nutcase]

Ugh - so the defrag has been running for 24 hours now. It's somewhere between 1 and 2%. It's only managed to do 16000 files out of 269000.

I don't think there's anything slowing it down - there's 15% free disk space but presumably that is horrifically fragmented as well.

I'll leave it until about 8am tomorrow but then I'll have to pause it.

 

[nutcase]

Wasn't even at 2% after 35 hours, so stopped it. Using defraggler to target heavily used files - PST archives for example* Going through the files list, a very large number are sub 5 fragments, so not much of an issue there. Going to run a few files each night I guess to get this mess sorted.

Was interesting to note that the exhange database was measured in the 300,000 fragment range. Not really a surpise becuase of the amount of activity but quite a number!

* - I am fully aware that server stored PST files is the "wrong" way to do email archiving... It's another thing on the list. As you can imagine, I have a very long list.