Re: Upgrade Win 2003 Std to Win SBS 2003 Std same box?

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

We haven't had an IIS attack in a long time though. There's more risk on workstations from malware at this time.

SuperGumby [SBS MVP] wrote:
one thing I'll comment on is IIS. Basic fact is that you shouldn't run IIS on a DC (NOTE: I do not say 'public' IIS, I mean IIS shouldn't be there. (that's a FULL STOP)) The consequences of collateral damage from an exploit attacking IIS being the main factor, in view that IIS is one of the most heavily targetted attack vectors. The possibility exists that a workstation infection (on another vector, say email) includes a payload vectored at IIS.

SBS has habitually broken this rule. IIS is used both as an 'SBS' resource, it forms part of management, and as an 'internal' resouce, CompanyWeb etc... Other DC configurations may also enable IIS for support of various things (eg. Dell management interface), so SBS is not alone in this violation. Doesn't make it 'right' though, I'd be much happier if these components/processes were implemented as 'programs' or better yet 'services', distinct applications having their own security context.

SO, in the case of an existing IIS site configured on the DC becoming SBS I would remove the site, possibly completely remove IIS and allow SBS to install/configure it, reinstate it only if it was a _required_ 'internal' resource.

SBS was always designed as 'first server', the premise being to offer an inexpensive way of moving a company from a workgroup to a domain, the original limitation being 25 CALs (I'm pretty sure it was 4.5 that took us to 50) and strongly focussed on that part hitting, or about to hit, share limitations of NTWorkstation (10 concurrent connections). In 4.x timeframe it was realised that many organisations wishing to implement SBS already had NT4Server and though nothing was done by MS to make this (NT Domain to SBS 4.x Domain) easier the idea was already significant at SBS 2000 release time. The SBS 2000 installation procedure changed to a manner that supported interruption and amalgamation to an existing AD, or 'inplace upgrade' from non-SBS to SBS (problematic that it may been). Increasingly, people have come from an existing AD (those who were unfamiliar with SBS, shy of it, implementing Standard 2000 in SBS suitable environments) to SBS, SBS dev have kept up with the changes, to the best extent an elephant (MS) can do so with the fast changing demands of SMB space.

"kj [SBS MVP]" <KevinJ.SBS@xxxxxxxxxxxxxxxxxx> wrote in message news:%23CAyLCe8HHA.1188@xxxxxxxxxxxxxxxxxxxxxxx
SuperGumby [SBS MVP] wrote:
PIFFLE
"PIFFLE" eh? Love it!

Man this would save a lot of time down the road.

Can't wait to see a fully deployed AD DC with DNS, WINS, DHCP, and IIS role right up to a full, clean, and substantially error free SBS install.

If so, I've really underestimated the conditionals the SBS dev team put into SBS setup.

throw SBS CD1 at it, go for your life.

Leythos knows the conditions of the AD so there's no problem there.
SBS setup will recognise the existing AD. AFAIK the existing AD
_could_ even be at R2 level without causing issue.

SP level _may_ be a problem. If the server is currrently SP2 you need
to consider that current SBS media is SP1 (AFAIK, no 'slip' SP2 yet).
Yeah, clone it but try to go on top of SP2, if it fails go back to
image and remove SP2, try again.

Also related to R2 is R2 functions implemeneted on the existing
server, if it is R2. SBS R2 does not support (include?) certain R2
functionality, if the current server is R2 _and_ has these functions
implemented they _will_ be broken by SBS setup.

The existing licence being/not OEM is a significant factor in how I
would approach the problem. IF NOT OEM I would probably want to use
that licence on another box as TS. There is no financial compensation
or 'upgrade path' in the move so in all cases the licence (as long as
it's not OEM) becomes available for use elsewhere, the _process_ may
be an upgrade but no license upgrade is performed, the existing
Win2003 licence on the server is _replaced_ by the SBS licence. With
this in mind I _may_ be tempted to move the licence to another box
(VM) through migration and decomission the existing box, then do SBS
as an 'add to existing AD' clean install.
Leythos also puts together decent hardware (unless this client argued
a lot). I'd possibly consider using the existing licence (whether OEM
or not) to run up a 2nd DC in Virtual Server on the existing box,
move the AD to it, move the real hardware out of a DC state, format
it, SBS Setup interrupted by VS install to get access to the AD, then
'add SBS to existing AD'.
or HEY, Leythos, this box got enough grunt to run SBS in VS? Leave the
current box intact, 'add SBS to existing AD' in a VM. The process
moves the FSMO roles, you may or may not want to kep it as a DC, you
may or may not want to use it as a TS while it also hosts SBS in a VM.

"kj [SBS MVP]" <KevinJ.SBS@xxxxxxxxxxxxxxxxxx> wrote in message
news:e%23lBnKa8HHA.4736@xxxxxxxxxxxxxxxxxxxxxxx
Leythos wrote:
In article <ORqDLMY8HHA.4612@xxxxxxxxxxxxxxxxxxxx>,
mwport@xxxxxxxxxxxxxxxxxxx says...
You can, but I don't like in-place upgrades unless I know the
complete history of the original server. Other than potential AD
problems (unknown cleanliness of AD), the partitions may be too
small or not optimal for SBS 2003 R2.
Actually, I built the server from scratch last year, but it was sold
to this company, in, so I know the full history of it.

Everything is already in place, AD, remote access, etc... They just
want to have their own email server and to use RWW - I was going to
hope that we could maintain the same AD and just integrate SBS using
some "Upgrade" path that installs Exchange and the SBS parts overtop
of the Std server install.
I don't think your going to be able to inplace install SBS on an
already existing DC.

You're into the swing migration catagory with this setup, imho.

I'm pretty sure you are going to need at least two servers (virtual
or physical), for at least a little while.

I'll have to make a clone of the server and try the upgrade first.

Thanks to all (thread replies below) that replied.
--
/kj
--
/kj



.

Relevant Pages

  • RE: trouble installing companyweb
    ... gone ahead and patched the server before continuing with step 13 of KB884453. ... sbs components that I could, ... install any 3rd-party software before you finish the installation. ... For the failed intranet component ...
    (microsoft.public.windows.server.sbs)
  • RE: Monitoring and Reporting
    ... I understand that you unable to get SBS ... monitoring report after you install Windows server 2003 sp2. ... To successfully install SBS 2003 SP1, ... Downloading and Installing Windows Small Business Server 2003 Service Pack 1 ...
    (microsoft.public.windows.server.sbs)
  • RE: SBS 2003 R2 - Please Help
    ... computers be slow after you install the full SBS 2003 R2 components. ... log on slow is probably refer to incorrect DNS ... as the DNS server on the clients rather than the ISP DNS servers. ...
    (microsoft.public.windows.server.sbs)
  • RE: Error on page in RMonitoring report
    ... IIS settings? ... Do you have any issue when you visit SBS backup node in the Server ... since you still receive the monitoring report of ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS 2003 Fax Sharepoint Routing
    ... Business Server 2003 and click "Change/Remove", ... If the Fax Services component was original installed by using the SBS ... Install fro the Fax Server component. ... And then we should push the shared fax client application from server to ...
    (microsoft.public.windows.server.sbs)