Virtual Insanity: Part Two - Opening Windows
by, 24th January 2012 at 03:57 PM (5692 Views)
Hello again! This is the continuing travel log of my attempts to build a new virtual infrastructure, so if you've not read part one, this might seem very specific and strange. I'm not claiming to write The Guide here, I'm just jotting down my experiences as I go in the hopes it helps someone (and possibly future me if I go through this again. Hello future me! How're the flying cars?)
I'm still optimistically cross-posting this to my actual blog as well in the hopes that I actually stick at that, rather than it becoming yet another Wordpress wasteland, so read it there while you still can. (Although it's exactly the same there as here. But I write other stuff there too, sometimes)
Anyway, none of this bit is difficult, but thereís enough bits to miss that hopefully this forms a sort of overly-wordy checklist. This is The Part Where Windows Gets Installed.
Firstly Ė have a book to hand. Thereís a fair bit of waiting involved in all this, but not so much that thereís time to wander off and do something else. You also need to prepare yourself for how long servers take to start up and POST. Itís terrifying at first, as is the noise a 1U server makes at boot.
Download the BIOS update from HP before you start, and install the files to a USB stick. Boot into this first and run the update if itís needed (not always; it was on the 160, not the 380s).
If you need to set a RAID array up, use the SmartStart disc to get the graphical interface for the array command utility. The controller should look after itself, though; I installed a new P410 and 4 x 146Gb SAS discs in the 160 and it configured itself into a RAID5 array. Ignore any warnings from the RAID controller about drive firmwares and performance for now, we canít deal with it yet. Use your phone to take a photo of the message for later reference; youíve got no chance of getting it written down in time with a pen.
If youíre done with RAID, then take the HP SmartStart CD out as itís useless for installation. It seems to think that if you speak English you must be American and then doesnít appear to do anything other than ask the questions Windows would anyway. Put the Windows DVD in instead and give it the answers it seeks. You can get on with something else for half an hour now (or read that book you brought with you), as it restarts a couple of times and as I said at the start, that takes a while on a server. Unlike XP, though, it doesnít keep stopping halfway to ask more questions, which is something.
Give it a long password when it asks and write it down somewhere. Seriously, it wants a really long password; my domain password (15 alphanumerics) wasnít sufficient. So make up a longer one for this, write it down, and later on you can either a) make the server a domain controller, in which case it has no local account anymore or b) change it to a long garbage string with KeePass, which is an excellent idea for all your servers anyway. How often do you use local admin server accounts? Never, so make the password impossible to crack because the account is an easy target.
Congratulations! Windows has booted. Take a moment to feel smug.
I run updates first, to make sure itís all patched and happy. I still distrust Windows Update for hardware drivers so I tend to ignore those, and hide Silverlight because why on earth would you have Silverlight on a server. Iím also leaving .NET Framework off until something asks for it, as it can be a source of vulnerabilities (although I think it has 3.5 by default anyway, and AD requires it).
Once the server has run through one round of updates, I name & domain the machine so a single restart can finish installing the updates and join the domain. Once itís on domain, I can then get to all the files stashed on my workstation hard drive, i.e. drivers.
Drivers are good to do as soon as possible. Theyíre different for each server (obv) so Iíll break it down by model. Donít forget to run updates a couple more times to get the updates-for-updates; you can combine the restart they need with the restart that some drivers will need.
For the DL160 G6, the video driver needs updating first as Win2k8ís standard driver stops at 1024x768, which is annoying. It also insists that it is as up to date as it can be, thus proving itself completely useless. The onboard chip is actually a Matrox G200e, but grab the download from the Intel site as HP donít seem to have a good version. A later restart will then let you select up to 1280x1024. The NIC drivers can be updated; I downloaded all of them to try as the installer wonít run if you donít have the right hardware, although FWIW the Intel E1Q turned out to be right for the onboard NICs. Iíll get onto NIC Teaming in a moment.
The P410 Controller Driver went on next, then the Online Flash Component, and once theyíre installed the system will finally let you install the disk firmware update you might have been getting warnings about at boot. Make sure you pick the right one from the long list, as detailed in the photo you should have on your phone.
The DL380 G7 has the same stupid display adapter shenanigans going on, but its chip is actually an ATI ES1000 i.e. a repurposed ATi Rage from 1996. Search HPís download site for ďATI ES1000Ē and youíll come up with a 2k8 x64 driver, although youíll have to source your own copy of Doom to test the graphics capabilities. My additional NIC card needed a driver downloading as well, and the onboard NICs had a pretty significant update available. Again, if youíre not sure which one you want just download Ďem all (Pokťmon drivers) as the HP installer wonít let you run anything not applicable.
Device Manager also showed up a ďBase System DeviceĒ, which is the Integrated Lights Out guff. Google iLO3, go to the firmware page, click OS (Win2k8 R2), and download the necessary bits. You need to install the Management Controller Driver Package before you can run anything else, then the Online Component and Online Flash Component can go on, and lastly the Configuration Utility and the Management Directories Support Software. Note that iLO isnít essential to the running of the server, and Iím only installing it to see if itís worth having; I am concerned that itís another attack vector though, so it may yet come off.
Itís worth going through your NICs one by one unplugging the cables so you know which one is which; Local Area Connection 5 is not necessarily the 5th port, and it simplifies things later if you just rename your connections to Port 5 etc. Donít install the NIC teaming stuff if your server will be a Hyper-V host. Apparently it causes problems if you install it before the Hyper-V role.
My DL160, though, is just a physical server, so we can team those connections for redundancy & performance. The Network Configuration Utility is (illogically) listed under Drivers on HPís site; just download and run that. Once itís done, thereís an extra item in your system tray (not in your Start Menu, confusingly). Double click that, choose the connections to team (which will be easy now youíve named your connections after the physical port) and leave the settings on automatic. When itís done its thing for a few minutes you can then configure the new, teamed connection as normal. Note that the original ports remain in Network Connections, but you wonít be able to do anything with their properties.
After that, we just need to stick the product key in and turn remote desktop access on (XP canít hack network level auth, btw). If youíre using a KMS key, make sure youíve read up about KMS groups.
And done! Windows is installed and everything is dandy. Now all we need to do is install the various roles, patch them, configure them, test them, troubleshoot themÖ but all that can wait for another day.
Total Trackbacks 0