Re: [ActiveDir] Windows 2003 SP1 upgrade...
Nearly a SBS box 'eh? Windows 2003 sp1 isn't too bad of an upgrade Hardware wise -- If Dell ensure you have Dell Open Manage 4.4 or above otherwise known/reported issues of BSOD's on DC's with OM 4.3 and below. SP1 shipped in March and it took Dell until June to release OM 4.4 If HP make sure you have the SP1 supported ROM upgrades for that box too. Vendor specific issues with Windows 2003 Service Pack 1 (part of SBS SP1) DELL Primary Dell page for 2003 SP1: http://www1.us.dell.com/content/topics/global.aspx/alliances/en/microsoft_main?c=uscs=555l=encs=555l=ens=biz General Dell pre-install instructions for SP1: http://support.dell.com/support/topics/global.aspx/support/kb/en/document?c=usDN=1092292l=enopt=trues=gen~mode=popup Stop error KB article from Dell includes a link to the Dell Registry Update tool: http://support.dell.com/support/topics/global.aspx/support/kb/en/document?dn=TT1092326 And from Microsoft TechNet post about Dells OpenManage support for SP1: Dell OpenManage support for Windows Server 2003 SP1. In order to support the new enhancements and features in Windows Server 2003 SP1, Dell plans to release Dell OpenManage version 4.4, including Dell Server Assistant version 8.6, to fully support SP1. For current customers who are running Dell OpenManage version 4.3 or earlier, go to the Dell Web site for Dell OpenManage and Service Pack 1 upgrade and deployment information. HEWLETT PACKARD For HP Servers please refer to: HP Support. Software and Drivers - download ProLiant Support Pack for Microsoft Windows Server 2003, 7.30 A: http://h18023.www1.hp.com/support/files/server/us/download/22274.html We do the post 05-019 patch because we have Exchange anyway. The other one I've done is the dcom patch for ISA 2004 that allows outlook on a TS box to connect back through ISA [doesn't sound like you need that patch though] Us SBSers have had more issues with the last part of our 'own' SBS sp1, but the Windows 2003 sp1 part is pretty solid once you ensure you've done the Dell/HP stuff. Frank Abagnale wrote: Hello all, I am planning on rolling out SP1 to my Domain Controllers. I have looked through msn search to find known issues with applying SP1 to DC's. I found the following kb articles (below)so I can prepare if I have issues. I haven't run into any issues in my test environment however, has anyone else had any undocumented problems they may wish to share? One of my DC's is also a WINS, DNS, DHCP, FSMO role holder, so any issues or pointers that you mayhavecome up against would be appreciated. Also, is there any recommendation as to which DC you choose first when you upgrade to SP1? The Windows Time service may generate event ID 7023 after you upgrade to Windows Server 2003 Service Pack 1 http://support.microsoft.com/?id=892501 Network issues that affect TCP/IP and RPC traffic across firewall or VPN http://support.microsoft.com/kb/899148/ The incorrect HAL may be applied if your computer uses a custom HAL http://support.microsoft.com/kb/889101 Thanks Frank Yahoo! FareChase - Search multiple travel sites in one click. Yahoo! FareChase - Search multiple travel sites in one click. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Windows 2003 SP1 upgrade...
Installing security update MS05-019 or Windows Server 2003 Service Pack 1 may cause network connectivity between clients and servers to fail: http://support.microsoft.com/kb/898060/ RPC data may be blocked, and Outlook may not start in Windows Server 2003 with SP1: http://support.microsoft.com/default.aspx?scid=kb;en-us;897716 You'll need the first... you might not need the second. Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote: Nearly a SBS box 'eh? Windows 2003 sp1 isn't too bad of an upgrade Hardware wise -- If Dell ensure you have Dell Open Manage 4.4 or above otherwise known/reported issues of BSOD's on DC's with OM 4.3 and below. SP1 shipped in March and it took Dell until June to release OM 4.4 If HP make sure you have the SP1 supported ROM upgrades for that box too. Vendor specific issues with Windows 2003 Service Pack 1 (part of SBS SP1) DELL Primary Dell page for 2003 SP1: http://www1.us.dell.com/content/topics/global.aspx/alliances/en/microsoft_main?c=uscs=555l=encs=555l=ens=biz General Dell pre-install instructions for SP1: http://support.dell.com/support/topics/global.aspx/support/kb/en/document?c=usDN=1092292l=enopt=trues=gen~mode=popup Stop error KB article from Dell includes a link to the Dell Registry Update tool: http://support.dell.com/support/topics/global.aspx/support/kb/en/document?dn=TT1092326 And from Microsoft TechNet post about Dells OpenManage support for SP1: Dell OpenManage support for Windows Server 2003 SP1. In order to support the new enhancements and features in Windows Server 2003 SP1, Dell plans to release Dell OpenManage version 4.4, including Dell Server Assistant version 8.6, to fully support SP1. For current customers who are running Dell OpenManage version 4.3 or earlier, go to the Dell Web site for Dell OpenManage and Service Pack 1 upgrade and deployment information. HEWLETT PACKARD For HP Servers please refer to: HP Support. Software and Drivers - download ProLiant Support Pack for Microsoft Windows Server 2003, 7.30 A: http://h18023.www1.hp.com/support/files/server/us/download/22274.html We do the post 05-019 patch because we have Exchange anyway. The other one I've done is the dcom patch for ISA 2004 that allows outlook on a TS box to connect back through ISA [doesn't sound like you need that patch though] Us SBSers have had more issues with the last part of our 'own' SBS sp1, but the Windows 2003 sp1 part is pretty solid once you ensure you've done the Dell/HP stuff. Frank Abagnale wrote: Hello all, I am planning on rolling out SP1 to my Domain Controllers. I have looked through msn search to find known issues with applying SP1 to DC's. I found the following kb articles (below)so I can prepare if I have issues. I haven't run into any issues in my test environment however, has anyone else had any undocumented problems they may wish to share? One of my DC's is also a WINS, DNS, DHCP, FSMO role holder, so any issues or pointers that you mayhavecome up against would be appreciated. Also, is there any recommendation as to which DC you choose first when you upgrade to SP1? The Windows Time service may generate event ID 7023 after you upgrade to Windows Server 2003 Service Pack 1 http://support.microsoft.com/?id=892501 Network issues that affect TCP/IP and RPC traffic across firewall or VPN http://support.microsoft.com/kb/899148/ The incorrect HAL may be applied if your computer uses a custom HAL http://support.microsoft.com/kb/889101 Thanks Frank Yahoo! FareChase - Search multiple travel sites in one click. Yahoo! FareChase - Search multiple travel sites in one click. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Windows 2003 SP1 upgrade...
We've been refreshing our 2003 DC's to new HW and using W2K3 with SP1. We've done 4 out of 23 with no issues . All of the DC's that have been done are GC/DNS as well. One, was the first DC in the child domain, still holding the FSMO roles of PDC RID. We transferred the roles and then transferred them back.One also was the licensing server and a TS Lic server as well.We held out forever worryinguntil oneDC finally bit the dust and had to be rebuilt, sowhy not start here and seeif it plays well with others.It did, so onward through the fog we went, now saying why did we wait so long... Every environment is different. It appears you knowwhere to look if issues do arise. AndI don't know the "best practice" butwe haven't followed any kind of order Good luck Paul From: [EMAIL PROTECTED] on behalf of Frank AbagnaleSent: Sun 11/20/2005 2:46 PMTo: ActiveSubject: [ActiveDir] Windows 2003 SP1 upgrade... Hello all, I am planning on rolling out SP1 to my Domain Controllers. I have looked through msn search to find known issues with applying SP1 to DC's. I found the following kb articles (below)so I can prepare if I have issues. I haven't run into any issues in my test environment however, has anyone else had any undocumented problems they may wish to share? One of my DC's is also a WINS, DNS, DHCP, FSMO role holder, so any issues or pointers that you mayhavecome up against would be appreciated. Also, is there any recommendation as to which DC you choose first when you upgrade to SP1? The Windows Time service may generate event ID 7023 after you upgrade to Windows Server 2003 Service Pack 1 http://support.microsoft.com/?id=892501 Network issues that affect TCP/IP and RPC traffic across firewall or VPN http://support.microsoft.com/kb/899148/ The incorrect HAL may be applied if your computer uses a custom HAL http://support.microsoft.com/kb/889101 ! Thanks Frank Yahoo! FareChase - Search multiple travel sites in one click. Yahoo! FareChase - Search multiple travel sites in one click.
Re: [ActiveDir] Windows 2003 SP1 upgrade...
Ha Ha, that's amusing, it might as well be a SBS box! unfortunately we have a few thousand users. I intend to move these roles eventually but politics are 90% of the battle.Thanks for your response ( and to Paul as well), it's most helpful.Frank"Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" [EMAIL PROTECTED] wrote: Nearly a SBS box 'eh?Windows 2003 sp1 isn't too bad of an upgradeHardware wise --If Dell ensure you have Dell Open Manage 4.4 or above otherwise known/reported issues of BSOD's on DC's with OM 4.3 and below. SP1 shipped in March and it took Dell until June to release OM 4.4If HP make sure you have the SP1 supported ROM upgrades for that box too. Vendor specific issues with Windows 2003 Service Pack 1 (part of SBS SP1) DELL Primary Dell page for 2003 SP1: http://www1.us.dell.com/content/topics/global.aspx/alliances/en/microsoft_main?c=uscs=555l=encs=555l=ens=biz General Dell pre-install instructions for SP1: http://support.dell.com/support/topics/global.aspx/support/kb/en/document?c=usDN=1092292l=enopt=trues=gen~mode=popup Stop error KB article from Dell includes a link to the Dell Registry Update tool: http://support.dell.com/support/topics/global.aspx/support/kb/en/document?dn=TT1092326 And from Microsoft TechNet post about Dells OpenManage support for SP1: Dell OpenManage support for Windows Server 2003 SP1. In order to support the new enhancements and features in Windows Server 2003 SP1, Dell plans to release Dell OpenManage version 4.4, including Dell Server Assistant version 8.6, to fully support SP1. For current customers who are running Dell OpenManage version 4.3 or earlier, go to the Dell Web site for Dell OpenManage and Service Pack 1 upgrade and deployment information. HEWLETT PACKARD For HP Servers please refer to: HP Support. Software and Drivers - download ProLiant Support Pack for Microsoft Windows Server 2003, 7.30 A: http://h18023.www1.hp.com/support/files/server/us/download/22274.html We do the post 05-019 patch because we have Exchange anyway.The other one I've done is the dcom patch for ISA 2004 that allows outlook on a TS box to connect back through ISA [doesn't sound like you need that patch though]Us SBSers have had more issues with the last part of our 'own' SBS sp1, but the Windows 2003 sp1 part is pretty solid once you ensure you've done the Dell/HP stuff.Frank Abagnale wrote: Hello all,I am planning on rolling out SP1 to my Domain Controllers. I have looked through msn search to find known issues with applying SP1 to DC's. I found the following kb articles (below)so I can prepare if I have issues. I haven't run into any issues in my test environment however, has anyone else had any undocumented problems they may wish to share? One of my DC's is also a WINS, DNS, DHCP, FSMO role holder, so any issues or pointers that you mayhavecome up against would be appreciated. Also, is there any recommendation as to which DC you choose first when you upgrade to SP1? The Windows Time service may generate event ID 7023 after you upgrade to Windows Server 2003 Service Pack 1 http://support.microsoft.com/?id=892501Network issues that affect TCP/IP and RPC traffic across firewall or VPN http://support.microsoft.com/kb/899148/The incorrect HAL may be applied if your computer uses a custom HAL http://support.microsoft.com/kb/889101ThanksFrank Yahoo! FareChase - Search multiple travel sites in one click. Yahoo! FareChase - Search multiple travel sites in one click. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ Yahoo! FareChase - Search multiple travel sites in one click. Yahoo! FareChase - Search multiple travel sites in one click.
RE: [ActiveDir] Windows 2003 SP1 upgrade...
The biggest thing people complaint to me about that isn't documented as an issue below is with the new ACL on the service control manager. The new ACL really locks down who can enumerate services remotely. This has impact on multiple different applications and services, especially any monitoring that isn't using full admin IDs. Kind of sad actually, people trying to run with least privs for the monitors got nailed and had to give out more perms until info started getting out on how to fix the problem. Check out the items exposed by the following query http://www.google.com/search?hl=enlr=safe=offrls=GGLD%2CGGLD%3A2004-07%2CGGLD%3Aenq=sdset+sc+2003+site%3Asupport.microsoft.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank AbagnaleSent: Sunday, November 20, 2005 3:47 PMTo: ActiveSubject: [ActiveDir] Windows 2003 SP1 upgrade... Hello all, I am planning on rolling out SP1 to my Domain Controllers. I have looked through msn search to find known issues with applying SP1 to DC's. I found the following kb articles (below)so I can prepare if I have issues. I haven't run into any issues in my test environment however, has anyone else had any undocumented problems they may wish to share? One of my DC's is also a WINS, DNS, DHCP, FSMO role holder, so any issues or pointers that you mayhavecome up against would be appreciated. Also, is there any recommendation as to which DC you choose first when you upgrade to SP1? The Windows Time service may generate event ID 7023 after you upgrade to Windows Server 2003 Service Pack 1 http://support.microsoft.com/?id=892501 Network issues that affect TCP/IP and RPC traffic across firewall or VPN http://support.microsoft.com/kb/899148/ The incorrect HAL may be applied if your computer uses a custom HAL http://support.microsoft.com/kb/889101 Thanks Frank Yahoo! FareChase - Search multiple travel sites in one click. Yahoo! FareChase - Search multiple travel sites in one click.
RE: [ActiveDir] Windows 2003 SP1 upgrade...
True. But, to monitor services does someone have to log on to the server? Would a good and SAFE work around - if the said user doesn't need to log on, to create a service account to do the work, but remove the interactive rights? Seems to me that proxying the access would be the close to ultimate in LUA. Rick --Posting is provided "AS IS", and confers no rights or warranties ... From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Sunday, November 20, 2005 5:21 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Windows 2003 SP1 upgrade... The biggest thing people complaint to me about that isn't documented as an issue below is with the new ACL on the service control manager. The new ACL really locks down who can enumerate services remotely. This has impact on multiple different applications and services, especially any monitoring that isn't using full admin IDs. Kind of sad actually, people trying to run with least privs for the monitors got nailed and had to give out more perms until info started getting out on how to fix the problem. Check out the items exposed by the following query http://www.google.com/search?hl=enlr=safe=offrls=GGLD%2CGGLD%3A2004-07%2CGGLD%3Aenq=sdset+sc+2003+site%3Asupport.microsoft.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank AbagnaleSent: Sunday, November 20, 2005 3:47 PMTo: ActiveSubject: [ActiveDir] Windows 2003 SP1 upgrade... Hello all, I am planning on rolling out SP1 to my Domain Controllers. I have looked through msn search to find known issues with applying SP1 to DC's. I found the following kb articles (below)so I can prepare if I have issues. I haven't run into any issues in my test environment however, has anyone else had any undocumented problems they may wish to share? One of my DC's is also a WINS, DNS, DHCP, FSMO role holder, so any issues or pointers that you mayhavecome up against would be appreciated. Also, is there any recommendation as to which DC you choose first when you upgrade to SP1? The Windows Time service may generate event ID 7023 after you upgrade to Windows Server 2003 Service Pack 1 http://support.microsoft.com/?id=892501 Network issues that affect TCP/IP and RPC traffic across firewall or VPN http://support.microsoft.com/kb/899148/ The incorrect HAL may be applied if your computer uses a custom HAL http://support.microsoft.com/kb/889101 Thanks Frank Yahoo! FareChase - Search multiple travel sites in one click. Yahoo! FareChase - Search multiple travel sites in one click.
[ActiveDir] Restoring System State
Return Receipt Your document: [ActiveDir] Restoring System State was received by: nelson yong/IT/KSL at: 21/11/2005 09:19:17 AM
