Major Differences between windows 2000 & 2003

OS Related
 Windows 2003 supports 64 bit version OS
 Windows 2003 supports SharePoint services
 Windows 2003 supports Volume Shadow Copies
 Windows 2003 supports increased security for Internet connections
 Windows 2003 has Automated System Recovery (ASR) feature
 Windows 2003 has Inbuilt firewall.
 Windows Server 2003 introduces the concept of a Majority Node Set. This allows server clusters
to be built without using the shared disk for the quorum. This enables you to build and configure
geographically dispersed clusters.
 Windows 2000 supports IPV4 whereas 2003 supports both IPV4 & IPV6
 Windows 2000 supports only 8 processors and 64 GB RAM whereas 2003 supports up to 64
processors and max of 512GB RAM.
 Windows 2000 supports 4-node clustering and 2003 supports 8-node clustering
 Windows 2000 - IIS 5 and windows 2003 – IIS 6
 Windows 2000 doesn't support Dot net whereas 2003 Supports Microsoft .NET 1.1(2.0 in R2)
 Windows 2000 has Server and Advance Server editions whereas 2003 has Standard, Enterprise,
Datacenter and Web server Editions.
 Windows 2000 server gives only 90 days trial version of Terminal server. But windows server
2003 gives 120 days trial version.
 Windows 2000 server has 10 user limit when accessing the shared folder at the same time,
whereas there is no limit in windows 2003 server
 The default permission for a shared folder in Windows Server 2003 is the now only READ
permission granted to the ‘everyone’ group.
 Introduction of DNS Stub zones in windows 2003.

NOTE: 64-bit systems offer direct access to more virtual and physical memory than 32-bit systems
and process more data per clock cycle, enabling more scalable, higher performing computing
solutions.

Active Directory related

 Domain Rename in Windows 2003
 Universal group caching supported in Win2003 (DC's can cache the Global Catalogue thus
preventing user logon problems if no Global Catalogue server is available.. This feature allows
users to log on to a domain at a remote site without having a global catalog server present in that
site)
 Drag-and-drop functionality for moving AD objects in windows 2003 domain
 Command line tools like DSMOD, DSQUERY, DSADD group and DSGET for modifying/querying
domain objects/ managing group memberships
 In 2000 we don't have end user policy management, whereas in 2003 we have a End user policy
management which is done in GPMC (Group policy management console).
 GPUPDATE & GPRESULT
 In windows 2003 server, AD partition is 5 where as in 2k that is 3 the added partition is: 1) Global
catalog 2) Application partition.
 In 2000 we have cross domain trust relation ship and 2003 we have Cross forest trust
relationship.
 Between parent and child, there is built in trust .It is called as transitive trust.
 In 2k the Domain operation Roles and only two mode of operation and in Win2k3 there are 4
modes of Domain operation [2000 native mode, 2000 mixed mode, Windows 2003 interim mode
and windows 2003 mode]
 In 2000 we can create 1 million users and in 2003 we can create 1 billion users
 Win 2003 has service called ADFS (Active Directory Federation Services) which is used to
communicate between branches with safe authentication.
Windows 2003 R2 new features
R2 is not a service pack, but rather a re-release of the Windows Server 2003 operating system. R2 is
a roll up of the original Windows Server 2003 code, Service Pack 1, and the various feature packs
that have been released for Windows Server 2003. Well, there are actually quite a few new features
that we will see for the first time in R2

 Active Directory Federation Service - Active Directory Federation Service extends the Active
Directory to the Web.
 Quota management - In R2, quotas can be applied at the folder level, not just at the volume level.
Furthermore, you can do things like apply a quota across a set of folders. You can even structure
the quota so that Windows does not allow a folder to grow beyond a certain size, regardless of
who owns the files within the folder. You can now restrict folder content by file type. For example,
imagine that in the past you have had problems with users storing their collection of MP3 files on
your servers.
 Hardware Management - You can use Windows Remote Management (WinRM) to manage
server hardware remotely across firewalls and monitor conditions on servers that are offline.
 MMC 3.0 –
 SharePoint Central Administration – Web browser interface for managing your server
 Storage Management for SANs - Storage Manager for SANs is a new Microsoft Management
Console (MMC) snap-in that helps you create and manage logical unit numbers (LUNs) on fibre
channel and iSCSI disk drive subsystems in your storage area network (SAN). Storage Manager
for SANs can be used on storage subsystems that support Virtual Disk Server (VDS).

What is Windows Server 2008 RC?

"RC" refers to "Release Candidate." This means that it is a pre-release version, released a few weeks
or months before the RTM release. Release candidates usually have all the features of the final
product, but may still have some minor bugs that will be fixed by the RTM release.

Windows 2008 Features

 Support for up to 2TB Memory (on 64bit)

 OS installation is completely GUI and requires less User intervention
 Combined Search/Run command
 BCD (Boot configuration data) – replaces Boot.ini. BCD editor is BCDEDIT
 Firewall enabled by default
 Quota Management – Volume level as well as Folder level quotas
 Windows Server Backup – replaces NTBACKUP and not backward compatible with NTBACKUP
 Windows Deployment Services - replaces Automated Deployment Services and RIS
 Fine Grained Password and account lockout policies – ability to have multiple password and
account policies in a single domain.
 Network Access Protection (NAP) – NAP is a quarantine technology which identifying machines
that doesn’t have the latest virus signatures, service packs or security patches. Uses SHV
(System Health Validator), SHA (System Health Agent) & a SoH (Statement of Health) to validate
the health of client before granting access to Network Resources.
 Network Policy Server (NPS) –
 DNS - Full support for IPv6. Recognition and support for RODC (Read-only Domain Controllers).
Creation of a new DNS zone called GlobalNames Zone (GNZ) a way of incorporating WINS
resolution within DNS
 DHCP – Full support for IPv6
 Re-startable AD - is implemented as a normal Windows service that can be stopped and started
as required. Not only will this reduces the need for reboots, but it also it simplifies offline actions
such as defragging the AD database.
 AD DS (Active Directory Domain Services) – replaces ADS (Active Directory Services) with more
features. Remember DCPROMO can be run only after installing AD DS Role to create a DC.
 AD LDS (Active Directory® Lightweight Directory Services) - provides directory services for
directory-enabled application (functionality that was provided by Active Directory Application
Mode (ADAM), does not require DNS. An instance of AD LDS is a single running copy of AD LDS.
Multiple copies of AD LDS can run simultaneously on the same computer. This is not true for
 AD DS, the full service. No Kerberos, no Group policies, required. This is more of particular
interest to Application Development not Server Administrators.
 AD FS (Active Directory® Federation Services) - ADFS is a single-sign-on technology that uses
claims-based authentication to validate a user's identity across domains. Normally when the
user's account is in one domain and the resource is in another, the resource will prompt the user
for local credentials. ADFS eliminates the secondary credential request; the user's identity is
validated, and access provided, based on information in the user's home directory.
 AD RMS (Active Directory Rights Management Services) - used for restricting access to rights-
protected content to authorized users only. Companies can use this technology to encrypt
information stored in such document formats, and through policies embedded in the documents,
prevent the protected content from being decrypted except by specified people or groups, in
certain environments, under certain conditions, and for certain periods of time
 AD CS (Active Directory Certificate Services Role) - is a low cost method of issuing digital
certificates internally and maintaining a Certificate Authority (CA) infrastructure.
 FSRM (File Server Resource Manager) - Quota management, File screening management &
Storage reports management
 Failover Clusters - x64-based failover clusters support up to 16 nodes in a single cluster &
Clusters nodes can have their IP addresses assigned by DHCP.
 Read-Only Domain Controllers - these domain controllers will be used in environments where you
need a domain controller but you cannot guarantee the physical security of the server.
 Server Core Installation - a new type of install of Windows Server 2008 that will allow you to only
install the typical Windows network infrastructure services – DHCP, DNS, file sharing, and domain
controller functions. There will be no local GUI interface to the OS. Provides benefits such as
Reduced maintenance, Reduced attack surface, Reduced management & Less disk space
required
 Windows Server Virtualization - Hyper-V virtualizes the system resources of a physical computer.
Computer virtualization allows you to provide a virtualized environment for operating systems and
applications. When used alone, Hyper-V™ is typically used for server computer virtualization.
When Hyper-V is used in conjunction with Virtual Desktop Infrastructure (VDI), Hyper-V is used
for client computer virtualization. Hyper-V supported only on 64bit OS & requires Hardware VT
 Windows BitLocker Drive Encryption - allows you to encrypt all of the hard drives on a server.
This will prevent the data from being viewed if a hard drive or the server is stolen.
 Server Manager - new console that will put all the snap-ins you need to manage your server in a
single place, making it easier and faster to for administrators to manage Windows 2008 Servers.
 Microsoft .NET 3.0
 IIS 7.0 - has been redesigned with new administration interface. Now IIS 7 is module based so
not necessary modules can be turned off to enhance performance and new modules can be
added to extend the features.
 Remote Desktop Services – replaces Terminal Services and supports Web Access
 Transactional NTFS file systems so it is possible to tie up Transactional file commands. For
instance in a transactional file system environment you can copy a group of file in a transaction
mode so either all of the file will be copied to the destination or none of them will be copied. This
kind of features you might have seen in SQL Server platforms.
 Self-Repairable NTFS file system - it ensures while the server is running another service can
check for disk problems and fix it automatically without interrupting the server operations.
 Multiple parallel sessions - the new session model in both Vista and Windows Server 2008 can
initiate at least four sessions in parallel, or even more if a server has more than four processors.
 Clean Service Shutdowns - usually in windows servers or window workstations, while shutting
down the system it uses a typical 20 second timer that will give 20 second time to all the services
to shutdown. In this scenario, some services will exit with error because that service was working
with the disk which requires a longer time to finish the work. Now in Windows 2008 Server, that
20-second countdown has been replaced with a service that will keep applications given the
signal all the time they need to shut down, as long as they continually signal back that they're
indeed shutting down.
 Kernel Transaction Manager - This is a feature which developers can take advantage of, which
could greatly reduce and might eliminate, one of the most frequent causes of System Registry
and file system corruption: multiple threads seeking access to the same resource.
 Address Space Load Randomization (ASLR) - Perhaps one of the most controversial added
features already, especially since its debut in Vista, ASLR makes certain that no two subsequent
instances of an operating system load the same system drivers in the same place in memory
each time
 Windows Hardware Error Architecture (WHEA) - Microsoft has actually standardized the error –
more accurately, the protocol by which applications report to the system what errors they have
uncovered.
 Powershell - Now we know it's a part of the shipping operating system: the radically new
command line tool that can either supplement or completely replace GUI-based administration.
 Windows Events has been upgraded to version 6.0 with a lot of features for the developers to
track their errors on windows applications.

Windows 2008 R2 Features

 Windows Server 2008 R2 is a pure 64-bit OS
 Microsoft .NET 3.5
 IIS 7.5
 Scalability of up to 256 logical processors (up to 64 x64/64-bit processors in 2008 R2 Datacenter)
 Hot Add/Replace Memory and Processors with supporting hardware (in 2008 R2 Datacenter)
 Support for 2 terabytes of RAM (in 2008 R2 Datacenter)
 Support for a 16-node failover cluster (in 2008 R2 Datacenter)
 Hyper-V–based unlimited virtualization (in 2008 R2 Datacenter)
 Unlimited virtual image use rights (in 2008 R2 Datacenter)
 Windows Powershell 2.0

 Different editions of Windows Server 2008

Standard Edition
 Enterprise Edition
 DataCenter Edition
 Web Server Edition
 HPC Server Edition
 Standard, Enterprise, DataCenter Edition for Itanium systems
 Standard, Enterprise, DataCenter Edition for 64-bit with and without Hyper

Where is the i386 folder for Windows Server 2008 after the installation?
There is no i386 folder on server 2008. It is replaced by SOURCES folder

Backup S/W's & versions

Built-in NTBACKUP
VERITAS Netbackup 6.0 MP4/6.5.3/6.5.4

Memory Dumps
Types, configure, & troubleshoot if not created
 Complete memory dump(It contains all information from kernel and user mode address spaces
that was in physical memory at the time of the dump(paging file on boot volume sufficient to hold
all the physical RAM plus 1 megabyte, previous file overwritten if 2nd time dump occurs))
 Kernel memory dump(records only the kernel memory & must have between 150MB-2GB of PF
space, previous file overwritten if 2nd time dump occurs)
 Small memory dump (64 KB) - records the smallest set of useful information & requires PF size of
about 2MB, new files are created each time dump occurs and are stored in %System Root%\
Minidump.

Kernel and Complete Memory Dumps are written to %SystemRoot%\Memory.dmp by default.

Complete memory dump option, can also be enabled by manually setting the registry entry under the
following registry subkey to 1
"HKEY_LOCAL_MACHINE\SYSTEM\Current Control Set\ Control\Crash
Control\CrashDumpEnabled"
Methods to generate a manual kernel dump file or a complete memory dump file - Using Keyboard,
hold right CTRL key and pressing the SCROLL LOCK key two times or Generate NMI option using
ILO

NOTE: By default, ‘complete memory dump’ is disabled. You can enable the option if the computer
has more than 2 GB of physical RAM
NOTE: Windows 2008 has different process of enabling Complete Memory Dump. Additional MS
hotfixes need to be installed to effectively enable the dump option

Windows does not save memory dump file after a crash

 The Memory.dmp file already exists and the option Overwrite Any Existing File (found in Control
Panel System) is not selected.
 The paging file on the boot drive is not large enough
 The paging file is not on the %systemroot% partition
 If you specify a non-existent path, a dump file will not be written.
 There is not room for the Memory.dmp file in the path specified in Control Panel for writing the
memory dump.
 If you have problems obtaining a manual memory dump file, you may have to update the SCSI
controller firmware and driver from the hardware vendor

Windebug - How to configure & analyze DMP file?

Create folder "c:\symbols" & Open Windbg, click File/Symbol path, copy/paste the following:
SRV*c:\symbols*http://msdl.microsoft.com/download/symbols

Save Workspace so that you need not again enter the symbols paths from next time. Run "!analyze
-v" to debug the DMP file

Client not getting DHCP IP - Why?

Ensure NIC set to obtain IP automatically
try ipconfig/release & renew
Check Drivers of NIC/speed/duplex settings
Check DHCP scope & if it is authorized or not
Check NIC, Cable & Switch
Ensure that host is in correct VLAN of the switch

Is RDP enabled by default when Windows 2003/2008 R2 is installed?

RDP is not enabled by default when 2003/2008 is installed. You need to manually enable it.

Remote means to connect to a server

RDP
RDP Console
RADMIN
ILO/DRAC/IBM Console
AVOCENT
TELNET

Which default MS tool is used to connect to a server in the absence of ILO/3rd party tool?
You can use Windows Remote Management (WinRM) to manage server hardware remotely across
firewalls and monitor conditions on servers that are offline. This was introduced with Windows 2003
R2. WinRM provides a command-line interface for common management tasks and a scripting
application programming interface (API) for writing Windows Script Host-based system administration
scripts.

Using WinRM, you can write scripts to monitor and control the state of server hardware by
communicating with a Baseboard Management Controller (BMC). A BMC is a separate micro-
controller with its own network adapter that is connected to the processor board of a server and can
monitor conditions even when the server is off or malfunctioning. A new Windows Management
Interface (WMI) provider for Intelligent Platform Management Interface (IPMI) exposes six new WMI
classes for accessing BMC information with scripts.
WinRM is not installed by default with Windows Server 2003 R2. To install it, open Add or Remove
Programs from Control Panel, and click Add/Remove Windows Components.

POST (Power-On Self-Test)

The first thing that the BIOS does when it boots the PC is to perform what is called the Power-On
Self-Test, or POST for short. The POST is a built-in diagnostic program that checks your hardware to
ensure that everything is present and functioning properly, before the BIOS begins the actual boot. It
later continues with additional tests (such as the memory test that you see printed on the screen) as
the boot process is proceeding.

Beeps Meaning
Steady, short beeps Power supply may be bad
Long continuous
Memory failure
beep tone
Steady, long beeps Power supply bad
No beep Power supply bad, system not plugged in, or power not turned on
If everything seems to be functioning correctly there may be a problem with the
No beep
'beeper' itself. The system will normally beep one short beep.
One long, two short
Video card failure
beeps

Boot process of Windows 2003

BIOS: performs Power On Self Test (POST)
BIOS: loads MBR from the boot device specified/selected by the BIOS
MBR: contains a small amount of code that reads the partition table, the first partition marked as
active is determined to be the system volume
MBR: loads the boot sector from the system volume
BOOT SECTOR: reads the root directory of the system volume at loads NTLDR
NTLDR: reads BOOT.INI from the system volume to determine the boot drive (presenting a menu if
more than 1 entry is defined)
NTLDR: loads and executes NTDETECT.COM from the system volume to perform BIOS hardware
detection
NTLDR: loads NTOSKRNL.EXE, HAL.DLL, BOOTVID.DLL (and KDCOM.DLL for XP upwards) from
the boot (Windows) volume
NTLDR: loads \WINDOWS\SYSTEM32\CONFIG\SYSTEM which becomes the system hive
HKEY_LOCAL_MACHINE\System
NTLDR: loads drivers flagged as "boot" defined in the system hive, then passes control to
NTOSKRNL.EXE
NTOSKRNL.EXE: brings up the loading splash screen and initializes the kernel subsystem
NTOSKRNL.EXE: starts the boot-start drivers and then loads & starts the system-start drivers
NTOSKRNL.EXE: creates the Session Manager process (SMSS.EXE)
SMSS.EXE: runs any programs specified in BootExecute (e.g. AUTOCHK, the native API version of
CHKDSK)
SMSS.EXE: processes any delayed move/rename operations from hotfixes/service packs replacing
in-use system files
SMSS.EXE: initializes the paging file(s) and the remaining registry hives
** before this step completes, bugchecks will not result in a memory dump as we need a working
page file on the boot (Windows) volume **
SMSS.EXE: starts the kernel-mode portion of the Win32 subsystem (WIN32K.SYS)
SMSS.EXE: starts the user-mode portion of the Win32 subsystem (CSRSS.EXE)
SMSS.EXE: starts WINLOGON.EXE
WINLOGON.EXE: starts the Local Security Authority (LSASS.EXE)
WINLOGON.EXE: loads the Graphical User Identification and Authentication DLL (MSGINA.DLL by
default)
WINLOGON.EXE: displays the logon window
WINLOGON.EXE: starts the services controller (SERVICES.EXE)
** at this point users can logon **
SERVICES.EXE: starts all services marked as automatic

NOTES:
The SYSTEM volume is the partition from which the boot process starts, containing the MBR, boot
sector, NTLDR, NTDETECT.COM & BOOT.INI

The BOOT volume is the partition which contains the Windows folder - this can be a logical partition

Boot process of Windows 2008

System is powered on
The CMOS loads the BIOS and then runs POST
Looks for the MBR on the bootable device
Through the MBR the boot sector is located and the BOOTMGR is loaded
BOOTMGR looks for active partition
BOOTMGR reads the BCD file from the \boot directory on the active partition
The BCD (boot configuration database) contains various configuration parameters( this information
was previously stored in the boot.ini)
BOOTMGR transfer control to the Windows Loader (winload.exe) or winresume.exe in case the
system was hibernated.
Winloader loads drivers that are set to start at boot and then transfers the control to the windows
kernel.
The Windows boot environment also includes the Windows Memory Tester (Memdiag.exe or
Memdiag.efi). You can start this diagnostic tool from the boot manager to verify that RAM is working
correctly.
New data store that replaces Boot.ini
The Boot Configuration Data (BCD) store replaces the text-based Boot.ini file. In the BCD store, the
Windows boot manager, the Windows boot loader, and other boot applications are represented as
program objects (GUIDs) instead of text items. A new tool, BCDEdit.exe, enables you to use basic
and extended commands to modify these objects in order to control all aspects of the boot process.
Although the data store represents each object with a GUID, some objects have alias names for
common use, such as {bootmgr} (which refers to boot manager) and {default} (which refers to the
default Windows boot loader). Applications can modify boot configuration data by using a new BCD
Windows Management Instrumentation (WMI) provider.
You can use the standard system application Msconfig.exe to provide a graphical interface for viewing
and modifying a subset of the boot configuration settings. You must run Msconfig.exe with
administrative rights.

Poolmon
Memory Pool Monitor (Poolmon.exe) displays data that the operating system collects about memory
allocations from the system paged and nonpaged kernel pools and about the memory pools used for
Terminal Services sessions. The data is grouped by pool allocation tag. This information can be used
by Microsoft Technical Support to find kernel mode memory leaks.
A memory leak is caused by an application or by a process that allocates memory for use but that
does not free the memory when the application or process finishes. Therefore, available memory is
completely used over time. Frequently, this condition causes the system to stop functioning correctly.
Below ID’s will be logged,

Event ID: 2020

Source: Srv
Description: The server was unable to allocate from the system paged pool because the pool was
empty.

Event ID: 2019

Source: Srv
Description: The server was unable to allocate from the system nonpaged pool because the pool was
empty.

What is event ID 6008 and 1001?

Event 1001 Source: Save Dump – When BSOB occurs
Event 6005 is logged at boot time noting that the Event Log service was started.
Event 6006 is logged as a clean shutdown.
Event 6008 is logged as a dirty shutdown (unexpected shutdown)
Event 6009 is logged during every boot and indicates the operating system version, build number,
service pack level, and other pertinent information about the system. Depending on your current
configuration, it gives a message similar to: "Microsoft (R) Windows NT 4.0 1381 Service Pack 6
Multiprocessor free".

What's an application pool is IIS?

It's an area that processes requests from website(s). If there's a crash, this area is normally "recycled"
(reset) in order for it to work again. The recycle happens after a defined time - meaning your website
is effectively down until the recycle occurs. When adding websites to your server, make sure to give
each one its own application pool. This effectively isolates each website from an application crash.
This is good for two reasons:-
If one application pool crashes, it doesn't affect the others
It's much easier to identify the site that is having the problem when all sites are in their own
application pool - i.e. it's the ONLY site having issues

Default settings in IIS

When you add a website to your server, it's automatically added to the Default Application Pool
(DefaultAppPool, found in IIS > Application Pools). This means that unless you intervene, all your
sites are running in the same application pool. Not Good.
Symptoms of an application pool crash
When you get an application pool crash, your website(s) in that pool stop responding. You will see no
error - just they will freeze and nothing happens when you try to load the website in a browser. This
will appear to be intermittant because in reality the application pool is recycling (resetting) after a
crash. If it's the first time you experience this, it can be very puzzling and ultimately frustrating
because there's no apparent clue as to what is happening.
What to do if your sites have these symptoms
Go to IIS, then right click on DefaultAppPool (under Application Pools) and select Recycle.

What is resource kit? Name of the part of resource kit?

The Microsoft Windows Server Resource Kit Tools are a set of tools to help administrators streamline
management tasks such as troubleshooting operating system issues, managing Active Directory®,
configuring networking and security features, and automating application deployment.

What is RIS and steps to initiate it

You can use RIS (Remote Installation Services) to create installation images of operating systems or
of complete computer configurations, including desktop settings and applications. You can then make
these installation images available to users at client computers. You can also specify which RIS
server will provide installations to a given client computer, or you can allow any RIS server to provide
the installation.
When you use RIS, a CD-ROM is not required for installation of an operating system on a client
computer. The client computers must support remote booting with the Pre-Boot eXecution
Environment (PXE) ROM, or they must be started with a remote-startup floppy disk and contain a
network adapter that is supported by that disk.

RIS can be used only for clean installations and can't be used to upgrade a previous version of
Windows. On Windows 2003, two services are required to provide Remote Installation Services:
DHCP and Remote Installation Service. The Remote Installation Server doubles as a proxy DHCP
server to provide Boot Server and Filename instructions to clients. Remote Installation Service utilizes
UDP port 4011 to provide clients the contents of each page the OS Chooser displays. Additionally,
this service can provide drivers to clients; it is often used to provide the workstation's network card
driver, which is required to launch the OS Chooser and mount the share where images are stored.

RIS Pre-requisites and Dependencies

 Active Directory and DNS in particular
 DHCP
 The RIS partition on RIS server that stores the image for deployment should be on NTFS
partition. Store the image away from the system files.
 Client machines with PXE network cards.

CLUSTERING
What is clustering and types of clustering?
A cluster is a group of computers, called nodes that function as a single computer/system to provide
high availability and high fault tolerance for applications or services. If one member of the cluster (the
node) is unavailable, the other computers carry the load so that applications or services are always
(with a small interruption) available. Typical uses for server clusters include file servers, print servers,
database servers, and messaging servers.

Cluster categorizations
There are four forms of clustering wherein each form caters to a specific need. They are; Load
Balancing, High Availability, Grid Computing and Compute Clusters.

High-availability (HA) clusters (Failover Clusters)

High availability focuses on the nodes ability to be fully available under any circumstances. The
functions could be implemented by each node wherein each node becomes a back-up to another
node in case something wrong happens. High availability is also referred to as failover clusters or
clusters with high redundancy level. The advantage is, of course, on its promise of stability. However,
this type of clustering might not use the full potential of nodes as some could be used only as a back-
up. Both nodes should be of same HW configuration. Each component or node has the ability to
provide the needed function so that it can easily take over when one of the nodes fails

HA Clustering could be differentiated based on the behavior of the nodes

Active/active configuration - In this type of HA clustering the nodes are programmed to share the
workload. However, when one node fails to function, the workload of the failed node will be distributed
to other nodes until the failed node is fixed.
Active/passive configuration - The nodes in this configuration all have redundant functions wherein
they will take over the primary node in case any problem arises.

Load-balancing clusters
Load balancing allows you to combine two or more computers into a cluster. You can use NLB to
distribute workloads (TCP/IP requests) across the cluster nodes in order to support a larger number
of simultaneous users.Load balancing enhances the performance of the servers, leads to their optimal
utilization and ensures that no single server is overwhelmed. Load balancing is particularly important
for busy networks, where it is difficult to predict the number of requests that will be issued to a server.
Requests initiated from the user are managed by, and distribute the load among the group of servers,
which is also known as a server cluster. All the application configurations across these servers should
be the same.
One of the most common applications of load balancing is to provide a single Internet service from
multiple servers, sometimes known as a server farm. Commonly, load-balanced systems include
popular web sites, large Internet Relay Chat networks, high-bandwidth File Transfer Protocol sites,
Network News Transfer Protocol (NNTP) servers and Domain Name System (DNS) servers.

Compute clusters
Compute cluster is basically a type of clustering wherein the nodes are connected together or have an
active relationship so that it could achieve the desired computation. The advantage of compute cluster
is based on the fact that it utilizes each node to reach the right computation. Compute clusters are
often used in highly complicated computations wherein a single computer will not have the ability to
provide the right output. These types of computer clusters are usually used for scientific and
mathematical purposes as these fields require heavy calculations.
On the other hand, compute cluster might run into the problem of stability. Since each node will be
required to compute separately, each node might not be working well which could jeopardize the
entire operation. That means maintenance is always a priority in each node since the nodes has an
important functions to do to ensure success of the computation.

Grid Computing
Grid computing is a type of computer clustering wherein the nodes have different functions but they
do not communicate with each other. Compared to compute clustering, grid computing is more
versatile as each node could have a completely different set of functions. Maintenance on grid
computing is relatively easy since troubleshooting is only based per node. Other functions might
continue working while the failed node could be replaced or fixed.
On the other hand, grid computing might not provide the speed of computing when compared to
compute clusters. Since each node is independent, it will take a lot of time before the specific
calculation is achieved. It might even have the same problem with compute clustering wherein one
node could jeopardize the whole computation because of its inability to function on time.

In Windows we can configure two types of clusters

NLB (network load balancing) cluster for balancing load between servers. This cluster will not
provide any high availability. Usually preferable at edge servers like web or proxy.
Server Cluster - This provides High availability by configuring active-active or active-passive cluster.
In 2 node active-passive cluster one node will be active and one node will be stand by. When active
server fails the application will FAILOVER to stand by server automatically. When the original server
backs we need to FAILBACK the application

Quorum: A shared storage need to provide for all servers which keeps information about clustered
application and session state and is useful in FAILOVER situation. This is very important if Quorum
disk fails entire cluster will fails.

Heartbeat: Heartbeat is a private connectivity between the servers in the cluster, which is used to
identify the status of other servers in cluster.

Application Clustering
Before you can install any applications into clustering, you must first install Windows Server clustering
services.

Cluster configuration
Steps to configure prior to actual cluster installation
 Double check to ensure that all the nodes are working properly and are configured identically
(hardware, software, drivers, etc.).
 Check to see that each node can see the data and Quorum drives on the shared array or SAN.
Remember, only one node can be on at a time until Windows 2003 clustering is installed.
 Verify that none of the nodes has been configured as a Domain Controller.
 Check to verify that all drives are NTFS and are not compressed.
 Ensure that the public and private networks are properly installed and configured.
 Ping each node in the public and private networks to ensure that you have good network
connections. Also ping the Domain Controller and DNS server to verify that they are available.
 Verify that you have disabled NetBIOS for all private network cards.
 Verify that there are no network shares on any of the shared drives.
 Check all of the error logs to ensure there are no nasty surprises. If there are, resolve them before
proceeding with the cluster installation.
 Check to verify that no antivirus software has been installed on the nodes. Antivirus software can
reduce the availability of clusters and must not be installed on them. If you want to check for
possible viruses on a cluster, you can always install the software on a non-node and then run
scans on the cluster nodes remotely.
 Check to verify that the Windows Cryptographic Service Provider is enabled on each of the
nodes.
 Check to verify that the Windows Task Scheduler service is running on each of the nodes.
 If you intend to run SQL Server 2005 Reporting Services, you must then install IIS 6.0 and
ASP .NET 2.0 on each node of the cluster
 If you intend to use SQL Server encryption, install the server certificate with the fully qualified
DNS name of the virtual server on all nodes in the cluster.
 Add the SQL Server and Clustering service accounts to the Local Administrators group of all the
nodes in the cluster.

Installing Cluster
How to recover a crashed quorum disk?
To recover from a corrupted quorum log or quorum disk
1. If the Cluster service is running, open Computer Management.
2. In the console tree, double-click Services and Applications, and then click Services.
3. In the details pane, click Cluster Service.
4. On the Action menu, click Stop.
5. Repeat steps 1, 2, 3, and 4 for all nodes.
6. If you have a backup of the quorum log, restore the log by following the instructions in "Backing up
and restoring server clusters" in Related Topics.
7. If you do not have a backup, select any given node. Make sure that Cluster Service is highlighted in
the details pane, and then on the Action menu, click Properties.

Under Service status, in Start parameters, specify /fixquorum, and then click Start.
8. Switch from the problematic quorum disk to another quorum resource.

For more information, see "To use a different disk for the quorum resource" in Related Topics.
9. In Cluster Administrator, bring the new quorum resource disk online.

For information about how to do this, see "To bring a resource online" in Related Topics.
10. Click Start, click Run, and type a command with the following syntax:
cluster [ClusterName] res QuorumDiskResourceName /maint:on
11. Run Chkdsk, using the switches /f and /r, on the quorum resource disk to determine whether the
disk is corrupted.

For more information on running Chkdsk, see "Chkdsk" in Related Topics.

12. Click Start, click Run, and type a command with the following syntax:
cluster [ClusterName] res QuorumDiskResourceName /maint:off
13. If no corruption is detected by Chkdsk, it is likely that the log was corrupted. Proceed to step 15.

If corruption is detected on the disk, check the system log in Event Viewer for possible hardware
errors.

Resolve any hardware errors before continuing.

14. Stop the Cluster service after Chkdsk is complete, following the instructions in steps 1-4.
15. Make sure that Cluster Service is highlighted in the details pane. On the Action menu, click
Properties.

Under Service status, in Start parameters, specify /resetquorumlog, and then click Start.

This restores the quorum log from the node's local database.

Important
• The Cluster service must be started by clicking Start on the service control panel. You cannot
click OK or Apply to commit these changes as this does not preserve the /resetquorumlog
parameter.
16. Restart the Cluster service on all other nodes.
Notes
• To perform this procedure, you must be a member of the Administrators group on the local computer,
or you must have been delegated the appropriate authority. If the computer is joined to a domain,
members of the Domain Admins group might be able to perform this procedure. As a security best
practice, consider using Run as to perform this procedure.
• To open Computer Management, click Start, click Control Panel, double-click Administrative
Tools, and then double-click Computer Management.
• The quorum disk must be formatted with the NTFS file system.
• If none of the nodes are running, or one node fails while you are changing the quorum resource, only
the running nodes are able to form the cluster, and the offline node is only able to join the cluster.
After the offline node has joined the cluster, all nodes are again able to form or join the cluster. This
design prevents the offline node from forming the cluster using the old quorum resource.
• Optionally, after step 13 above, you can use the ClusterRecovery tool, available in the Microsoft
Windows Server 2003 Resource Kit, to restore the registry checkpoint files.

How many servers can I load balance?

WLBS and NLB support a maximum of 32 nodes.
What is the maximum number of hosts that can be included in one NLB cluster?
32 is the maximum number of supported nodes. However, studies have shown that the Ideal number
of nodes is 8. This is because the network traffic is broadcasted to every node, yet only one NLB
node accepts the connection, so scaling beyond 8 nodes can cause a slight performance hit.

If you need a larger cluster you can you can create multiple NLB clusters, and use round robin DNS to
load balance between each cluster.

Can NLB function with a single NIC per server?

Yes. Unlike previous versions, Network Load Balancing in Windows Server 2008 R2 can be
configured on servers with a single network adaptor.

Can I run mixed clusters containing both physical servers and VMs as NLB nodes?
Yes. However, all servers and Virtual Machines (VMs) must be on the same VLAN and IP subnet.

Patch deployment
We use Patchlink from Lumension to deploy the patches. All the patches are first downloaded to the
Patchlink server and a Patchlink client is installed on all clients so that they can communicate with the
Patchlink server. We push the patches from the server to the clients.
On 2nd Tuesday each month MS releases the critical patches.
We first deploy the same on test servers (hosting various applications like citrix, SQL, MS-Exchange,
DC etc) and monitor for few days for any issues arising from the deployment.
We then schedule the same on Dev servers (after raising a change and informing the box owners)
After this we target the Prod servers
After each deployment we do a checkout from OS perspective and ask the application owners to
checkout from app perspective.
If any issues are observed after the deployment, further troubleshooting is done to identify the
problematic patch by uninstalling them one by one.

OS is not accessible & from console we can see it is blue screened. What is the first step you
take?
If it is blue screened check if it is generating a memory dump and if so, allow it to finish completing the
dump. Later if we are unable to get any logs for cause of BSOD, we can use this memory dump to
analyze and find the root cause of the BSOD.
If there is no memory dump getting generated and host stuck, power cycle it to get it back online.

3rd party tools for monitoring

Netcool & MOM
BMC

Where are the documents and settings for the roaming profile stored?
All the documents and environmental settings for the roaming user are stored locally on the system,
and, when the user logs off, all changes to the locally stored profile are copied to the shared server
folder. Therefore, the first time a roaming user logs on to a new system the logon process may take
some time, depending on how large his profile folder is.

Where are the settings for all the users stored on a given machine?
\Document and Settings\All Users

I have a file to which the user has access, but he has no folder permission to read it. Can he
access it?
It is possible for a user to navigate to a file for which he does not have folder permission. This involves
simply knowing the path of the file object. Even if the user can’t drill down the file/folder tree using My
Computer, he can still gain access to the file using the Universal Naming Convention (UNC). The best
way to start would be to type the full path of a file into Run… window.

What hidden shares exist on Windows Server 2003 installation?

Admin$, Drive$, IPC$, NETLOGON, print$ and SYSVOL.
What’s the number of permitted unsuccessful logons on Administrator account?
Unlimited. Remember, though, that it’s the Administrator account, not any account that’s part of the
Administrators group.

You need to automatically install an app, but MSI file is not available. What do you do?
A .zap text file can be used to add applications using the Software Installer, rather than the Windows
Installer.

What’s the difference between Software Installer and Windows Installer?

The former has fewer privileges and will probably require user intervention. Plus, it uses .zap files.

what is symbols in windbg

Identify H/W issues?

what is the trouble shooting steps for server performance.

Others
service desk tools..

About ITIL and service desk tools...

The Information Technology Infrastructure Library (ITIL) is a set of concepts and

practices for Information Technology Services Management (ITSM), Information
Technology (IT) development and IT operations.

itsm
Servicenow

Problem management in ITIL

issue,inc,prb,rca,change
Incident Management is a process for managing incidents
that can interrupt the functioning of IT services. These
incidents can include events such as error in printing,
hard disk failure, and network server failure.

Change Management is a process that helps introduce changes

in the IT services provided by a company, such as changes
in business needs and introduction of new technologies.

Problem Management is a process of resolving problems that

can occur in IT services due to the incidents, which are
not resolved by Incident Management. Problem Management is
of two types,reactive and proactive. The reactive Problem
Management helps resolve the problems that have occurred in
an IT service. The proactive Problem Management identifies
problems that are likely to occur.

Severity/SLA(service level agreements) levels

P1 –
P2 –
P3 –
P4 –
What is the ticking system you use...

ITIL process – CR, CAB

Daily Activities
Shift Lead
Queue Manager
Alerts
Escalation from shift members

Installing iis certificatyes