RSS 2.0 Feed
Say Hello to DELILAH

It's hard to admit that she's well past her useful shelf life, starting to show her age, and not as agile and responsive as I would like. Or that she's been ready for replacement with a younger model for a while. Is it really surprising that I crave something with sexy curves and performance to match? - after all, I'm a man. So, my dear DELILAH, your time is up. Your warm and cozy spot in my server rack is about to be filled with something better able to handle the needs of a computer geek (and part-time network administrator) like me.

Say Hello to DELILAH DELILAH is, or was, my sole network domain controller. She's an old Dell (hence the name) tower machine that I scrounged from the "used computers" room at Wrox Press way back in about 1999. She had been abandoned from her role as a desktop client (too slow), and then became the "gash" server for our first experiments with classic ASP, finally performing for several years as the public Web server for our "Rapid/WebDev" authoring team. OK, so she's only got a 450MHz processor and 192MB of RAM, but - since she came to live with me - I've dressed her up with a smart new CD-ROM and two 100MB hard drives.

In that guise, running Windows 2000 Server, she has quite happily looked after my Active Directory, DNS, DHCP, file storage, SQL Server, Intranet Web server, and other network and development needs - almost without a murmur and without ever developing any serious faults. And, amazingly, there was rarely anything but blue in the Event Log! Like all my other server-room machines (which all still run Windows 2000 Server), I'd decided that there was no point changing anything until Longhorn Server is ready and proven. Then I'll splash out on new 64-bit boxes and move my domains, Exchange Server, ISA Server, public Web server, and all the other stuff into the current decade.

But three unrelated events changed all these plans. Firstly, I fell in love with WSUS (Windows Server Update Service), which lets me download those huge service packs and updates just once; and control how, when, and where they get installed. It even emails me details of new updates and a summary of the installation process for each machine. But WSUS will only run on XP or Windows 2003 Server, which meant I had to keep the spare box I used to test it running all the time, eating up non-green and very expensive electricity.

Secondly, DELILAH was not capable of supporting media streaming reliably (even just WMA music files), which I need to do for the Soundbridge radio my wife acquired at Christmas. You can read about that episode (go on, I'm sure you want to...) in previous diary entries.

Finally, and this was the killer reason, the three-month contract I was due to start work on, having cleared the decks of everything else, got delayed - and so I was faced with a couple of weeks roaming uneasily around the house looking for jobs to do. I needed a task other than tidying the garden and cleaning the car, otherwise I might have been "persuaded" that it was time to redecorate the kitchen or install a new shower. So, why not sort out the network? Easy, just promote the spare box, which was already running Windows Server 2003, to a domain controller and drop it into the server cabinet to replace DELILAH.

Now, in the past, you will recall me saying that I'm a technology Luddite, and a firm believer in the "not broke, don't fix" approach. And I guess, after a week of work, I am even more so. I made a start bright and early on Monday morning, having sent my wife out to work for the week. Now, as I write this, it's Friday evening and I've just finished the job of getting the network running as I wanted. I won't bore you (at least, any more than usual) with details of the whole process, but I have to say it was interesting. And I learnt a lot I didn't really want to know about networking in general, and Active Directory in particular.

I suppose the reason for many of the problems was that I couldn't bear to see DELILAH put out to grass, and so I decided to implement a domain with the spare Dell box (named DELMONTE - see the naming pattern here?) as the main AD Catalog domain controller, and DELILAH as an additional (backup) domain controller. That way, if anything went wrong, I could switch over the Catalog to the backup controller, add a new domain controller, and switch the Catalog to that one. I'd get redundancy I've never had before, as well as all the advantages of a proper working Windows 2003 domain instead of the mixed domain I use now. And I could run all the new software I want to use.

Of course, this approach meant that I needed to upgrade the domain using ADPREP to Windows 2003 level, which seemed to work OK at the time. But I also decided that, because DELILAH is the music server and file store, it would be better to swap the machine names as well so that the spare box was called DELILAH, and DELILAH became DELMONTE (if you see what I mean).That would preserve consistency in the file paths in Media Player and Media Center, and the myriad shortcuts, batch files, and other stuff that's grown like weeds throughout my network.

To make matters worse, the spare box only had two 40GB disks. And, to upgrade it to a DC means I have to uninstall WSUS, install Active Directory, then reinstall WSUS (thankfully, as I discovered, you don't lose all the downloaded files). So I ended up putting two new 120GB disks into it, together with a new DVD ROM drive, and starting from scratch with a full install of Windows 2003 Server, Active Directory, SQL Server, and all the other stuff - followed by reinstalling WSUS and copying back the update files. The neat part here is that I could then use them to update the machine - so it was a lot quicker than usual!

I managed to join the domain, take over the Master roles and the Global Catalog, and become the main controller for the domain. The process even copied over all my DNS and Group Policy settings, though DHCP was not happy with the existing address leases and complained furiously for about 24 hours before sorting itself out. So, everything was looking rosy.

Next job, pull DELILAH out of the network and then rename the new DC to DELILAH and adopt DELILAH's IP address so that everything would look the same from the network. Maybe this is where it all went wrong, because I followed the advice of just using the System Properties dialog rather than the full and complicated process described on MSDN. As far as I could establish from the docs, the only difference was that network clients would be confused for a while. I'm like that most days and can live with it, so I'm sure they can. After all, my wife is at work this week, so she won't be here to hassle me when her browser can't find any of her favorite Web sites, and her email stops working.

All still seemingly going well, so I FDISK the old DELILAH and install Windows 2003 Server and AD. I give her the name DELMONTE and a new squeaky-clean and unused fixed IP address, then join the domain as a second domain controller. Wait an hour for replication to sort itself out, and then start checking for errors. Bang! Event logs full of them! Cryptic messages about ServerReference attributes, KCC inconsistencies, MrxSmb locator failures, and FRS Connection errors. Then DNS starts telling me it can't update my ISP's DNS server (not that I expected it to), or find the other domain controller.

For a few moments, I was sorely tempted to just put the saved disk image from DELILAH back and give up. But then the thought of redecorating drifted to mind, and I decided that it would be good experience and useful for the future if I mastered this kind of stuff and sorted the problems. So, the last three days have been spent trawling MSDN and other networking Web sites, and fiddling about in a "poke it and see what happens" way until - amazingly - it all seems to be working!

Final jobs were to sort out the few broken links from other servers, reorganize my backup routines (which involve lots of DOS batch files and Windows Scheduler - having suffered what they euphemistically call "data loss" in the past, I keep multiple copies of everything everywhere on the network!), and installing all the other everyday applications I use. I've also come to love Group Policy, as it makes configuring multiple machines so much easier. If you decide to try WSUS, you'll soon discover how.

Of course, adding a second domain controller didn't actually solve the issue of reducing consumption of my electricity supplier's increasingly expensive volts and amps (at the price they are now, they should be gold-plated). So I needed to be able to turn off the backup DC for most of the time, and just let it run now and then to do backups and resynchronize with the main DC. However, as I discovered, this causes another flurry of errors in the Event Logs and dire warnings that the network is broken, and you'll probably be invaded by rats, and the house will fall down.

The solution I came up with was to run Logon and Logoff scripts on the backup DC that execute the REPADMIN utility (from the Windows 2003 Support Tools MSI on the setup disks) to enable and disable AD replication on the main DC. This works fine as there are only the two DCs, and the remaining KCC messages can (according to MSDN) be safely ignored. If you want the scripts, you can download them here. I added a 30 second delay to the Logoff script to give AD time to commit the process, confirmed by entries in the target DC Event Log, but it should be OK with a shorter delay. I did try running them as machine Startup and Shutdown scripts, but that doesn't seem to work - maybe because AD communication with the main DC is not available at these times.

So, I'm all up to date (until, of course, they release Longhorn Server), and have a network with some extra redundancy and loads of file storage and backup space. I also have a fast and responsive new mare in my server rack, yet the faithful old lady that has served me so well over the years now rests contently under the desk in my office and will still come out to play occasionally.

To end, just in case you are interested in the technical details or are having AD replication problems, here (briefly) are some of the issues I finally solved, and links to stuff I found useful:

Email:         Privacy and Acceptable Use Policy