2.3. Upgrading Previous and Existing InstallationsMost organizations and businesses have extensive investments in previous versions of server operating systems. In this section, I'll cover issues you'll run into when upgrading from Windows NT and Windows 2000 to Windows Server 2003. 2.3.1. Upgrading Windows NTA lot of companies are jumping the sinking NT shipend of life for the NT Workstation product was mid-2003 and NT Server's death has reached us as welland so it's highly possible you have some machines running NT that are worth upgrading. It's remarkably easy to upgrade any type of Windows NT installationbe it a primary domain controller (PDC ), a backup domain controller (BDC ) , or a regular member serverto Windows Server 2003. Microsoft has taken great pains to ensure the upgrade to Windows Server 2003 is as painless as possible. The installation procedure follows a clean install reasonably closely, and in fact requires less hands-on work. The program doesn't prompt you at all after the inception of the installation, and at the beginning, you're asked only for the CD Key and to acknowledge any compatibility issues. NT upgraders should, however, note the following points:
The upgrade procedure for an NT domain, although relatively straightforward, is involved. First, you must choose the first server to upgrade in your Windows NT domain. As you upgrade different machines, depending on their existing role in the domain, features and capabilities become available with Windows Server 2003 on the upgraded machine. In particular, upgrading an NT primary domain controller (PDC) enables Active Directory, as well as the other capabilities inherent in any Windows Server 2003 server (such as improved Routing and Remote Access service features), no matter the role. Note that you can upgrade Windows NT member servers at any time during your migration plan; most migration plans specify that member servers are last on the list to receive the upgrade. However, when you begin upgrading NT domain controllers to Windows Server 2003, you must upgrade the PDC before any other domain controller machines.
Additionally, if you have a member server functioning as a remote access server (RAS) machine, you should upgrade it to Windows Server 2003 before the last domain controller is upgraded. The RAS machine has certain security requirements that are incompatible between the different operating system versions. This means that if you have only one domain controller in your domain, you need to upgrade your RAS machine before beginning any domain controller upgrades. Regarding storage, you might want to examine the following disk issues before upgrading:
For more information on using native Windows Server 2003 tools to replicate your existing NT fault-tolerant functionality, consult Chapter 12. 2.3.1.1. Evaluating NT-based Windows Server 2003 interoperability issuesAs with any complex upgrade, issues exist concerning interoperating with the various operating system revisions, levels, and versions that currently reside on your network. By default, Windows Server 2003 domain controllers will sign all network communications and verify the authenticity of parties to a transaction. These settings help prevent communications between machines from being hijacked or otherwise interrupted. Certain older operating systems are not capable of meeting these security requirements, at least by default, and as a result are unable to interact with Windows Server 2003 domain controllers. These legacy operating systems are Windows for Workgroups, Windows 9x machines without the Directory Services client pack, and Windows NT 4.0 machines prior to Service Pack 4. Windows Server 2003 domain controllers by default require all clients to digitally sign at a minimum just their server message block (SMB) communications. The SMB protocol allows Windows systems to share files and printers, and enables various remote administration functions, as well as logon authentication over a network. If your clients are running one of the operating systems mentioned in the previous paragraph and upgrading them to a later revision is not an option, you'll need to turn off the SMB signing requirement. The most efficient way to do this is by disabling the following security policy in the Default Domain Controller GPO on the Domain Controllers OU: Computer Configuration\Windows Settings\Security Settings\Local Policies\ Security Options\Microsoft Network Server: Digitally sign communications (always) If you are certain you want to disable secure signing, follow these steps:
Additionally, Windows Server 2003 domain controllers similarly require that all secure channel communications be either signed or encrypted. Secure channels are encrypted tunnels of communication through which Windows-based machines interact with other domain members and controllers, as well as among domain controllers that have a trust relationship. Windows NT 4.0 machines prior to Service Pack 4 are not capable of signing or encrypting secure channel communications. If NT 4.0 machines at a revision earlier than SP4 must participate in a domain, or if a domain must trust other domains that contain pre-SP4 domain controller machines, you can remove the secure channel signing requirement by disabling the following security policy in the Default Domain Controller GPO: Computer Configuration\Windows Settings\Security Settings\ Local Policies\Security Options\Domain Member: Digitally encrypt or sign secure channel data (always)
If you are certain you want to disable secure channel signing and encryption, follow the steps outlined in this section. 2.3.2. Upgrading Windows 2000 ServerUpgrading from Windows 2000 to Windows Server 2003 is a straightforward process. You simply insert the CD, perform the in-place upgrade, and wait for Setup to process some data. Then, out comes your Windows Server 2003 server. You might think this section is ridiculously short, but in reality, 2000 Server and Windows Server 2003 are so alike that upgrades to the base operating system are really simple, almost akin to applying a service pack. (If you involve Active Directory, the process becomes a little more complicated than that, but I discuss those issues in Chapter 5.) The only key to an even smoother installation is to ensure that your 2000 Server system is configured exactly as you want it before the upgrade, and that all third-party software installed on the system, be it application software or drivers, is compatible with Windows Server 2003. It can be a nasty surprise to launch the newly upgraded system and see a blue screen before ever logging on. To ensure application compatibility on a machine that's a candidate for Windows Server 2003, insert the Windows Server 2003 CD and run winnt32.exe with the /checkupgradeonly switch (or select Check System Compatibility from the CD splash screen if you don't have AutoRun disabled). This will present a report to you with issues that might cause problems with an upgrade to Windows Server 2003. Other than those issues, Windows 2000 Server to Windows Server 2003 migrations are defined. |