| Author | Messages | |
florian
Posts:87
 | | 12/01/2008 6:36 AM |
| John,
not sure if there's an official MS-doc out there outlining the best-practice
steps to apply a SP to a domain controller.
I'd suggest you make sure you have a recent backup of the machine and apply
the SP in non-business hours. Make sure other DCs in the site are available
and the service pack installation and the following reboot do not interrupt
service. Depending on how critical the DC is, you may want to think about
moving the FSMO roles it holds temporarily to a neighbour DC - that gets you
a time frame to troubleshoot any arising issues (failed reboot, stuff like
that).
Florian
_____
Von: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] Im Auftrag von John Christie
Gesendet: Montag, 1. Dezember 2008 12:03
An: activedir
Betreff: [ActiveDir] Best Practice for applying Service Pack on DC's
Are there any best practice guidelines to applying a service pack to a
Domain Controller?
Does anyone demote/move fsmo roles prior to applying service pack and then
re-promote once done?
Or just straight application? this is for SP2.
Views
JC
| | | |
| sbradcpa
Posts:496
| | 12/01/2008 10:24 AM |
| Specifically for SP2, you want to ensure that post sp2 that the TOE/RSS
stuff is turned off either via registry or via this patch:
An update to turn off default SNP features is available for Windows
Server 2003-based and Small Business Server 2003-based computers:
http://support.microsoft.com/kb/948496/
Florian Frommherz wrote:
>
> John,
>
> not sure if there’s an official MS-doc out there outlining the
> best-practice steps to apply a SP to a domain controller.
>
> I’d suggest you make sure you have a recent backup of the machine and
> apply the SP in non-business hours. Make sure other DCs in the site
> are available and the service pack installation and the following
> reboot do not interrupt service. Depending on how critical the DC is,
> you may want to think about moving the FSMO roles it holds temporarily
> to a neighbour DC – that gets you a time frame to troubleshoot any
> arising issues (failed reboot, stuff like that).
>
> Florian
>
> ------------------------------------------------------------------------
>
> *Von:* ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] *Im Auftrag von *John Christie
> *Gesendet:* Montag, 1. Dezember 2008 12:03
> *An:* activedir
> *Betreff:* [ActiveDir] Best Practice for applying Service Pack on DC's
>
> Are there any best practice guidelines to applying a service pack to a
> Domain Controller?
>
> Does anyone demote/move fsmo roles prior to applying service pack and
> then re-promote once done?
>
> Or just straight application? this is for SP2.
>
> Views
>
> JC
>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| adwulf
Posts:93
| | 12/01/2008 11:39 AM |
| 2008/12/1 Susan Bradley <sbradcpa@pacbell.net>:
> Specifically for SP2, you want to ensure that post sp2 that the TOE/RSS
> stuff is turned off either via registry or via this patch:
>
> An update to turn off default SNP features is available for Windows Server
> 2003-based and Small Business Server 2003-based computers:
> http://support.microsoft.com/kb/948496/
>
I thought that was only an issue with certain NIC manufacturers.
Something about Broadcom... evil... something something maybe D-Link
something....?
Should this be done on all DCs?
--
AdamT
"At times one remains faithful to a cause only because its opponents
do not cease to be insipid." - Nietzsche
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| deji
Posts:262
| | 12/01/2008 11:41 AM |
| Apart from the usual caveats about testing (and testing some more) in the lab before rolling out SPs to production, reading the release notes that come with the SP, reading newsgroups and lists like this to see if there are reported "gotchas" with the patches, a DC is not that special (or different from any other critical server) when it comes to patching.
Make sure you have at least one other DC available (without the patch) until you are satisfied that the patch has not neutered any of the DCs you have installed it on. I would not ping-pong the FSMO roles just for patching. Let them stay where they are, and just ensure that you patch the DCs holding the roles only after you are satisfied with the SP.
Sincerely,
_____
(, / | /) /) /)
/---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.name - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
________________________________________
From: ActiveDir-owner@mail.activedir.org [ActiveDir-owner@mail.activedir.org] On Behalf Of Susan Bradley [sbradcpa@pacbell.net]
Sent: Monday, December 01, 2008 7:19 AM
To: ActiveDir@mail.activedir.org
Subject: Re: AW: [ActiveDir] Best Practice for applying Service Pack on DC's
Specifically for SP2, you want to ensure that post sp2 that the TOE/RSS
stuff is turned off either via registry or via this patch:
An update to turn off default SNP features is available for Windows
Server 2003-based and Small Business Server 2003-based computers:
http://support.microsoft.com/kb/948496/
Florian Frommherz wrote:
>
> John,
>
> not sure if there’s an official MS-doc out there outlining the
> best-practice steps to apply a SP to a domain controller.
>
> I’d suggest you make sure you have a recent backup of the machine and
> apply the SP in non-business hours. Make sure other DCs in the site
> are available and the service pack installation and the following
> reboot do not interrupt service. Depending on how critical the DC is,
> you may want to think about moving the FSMO roles it holds temporarily
> to a neighbour DC – that gets you a time frame to troubleshoot any
> arising issues (failed reboot, stuff like that).
>
> Florian
>
> ------------------------------------------------------------------------
>
> *Von:* ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] *Im Auftrag von *John Christie
> *Gesendet:* Montag, 1. Dezember 2008 12:03
> *An:* activedir
> *Betreff:* [ActiveDir] Best Practice for applying Service Pack on DC's
>
> Are there any best practice guidelines to applying a service pack to a
> Domain Controller?
>
> Does anyone demote/move fsmo roles prior to applying service pack and
> then re-promote once done?
>
> Or just straight application? this is for SP2.
>
> Views
>
> JC
>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspxList info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| glate
Posts:3
| | 12/01/2008 11:49 AM |
| We had a lot of issues with the Broadcom NICs initially but their
drivers and firmwares have come a long way and we are no longer having
problems. If you're worried about it you can just turn it off.
http://support.microsoft.com/kb/945977
On Mon, Dec 1, 2008 at 8:31 AM, Adam Thompson <adwulf@gmail.com> wrote:
> 2008/12/1 Susan Bradley <sbradcpa@pacbell.net>:
>> Specifically for SP2, you want to ensure that post sp2 that the TOE/RSS
>> stuff is turned off either via registry or via this patch:
>>
>> An update to turn off default SNP features is available for Windows Server
>> 2003-based and Small Business Server 2003-based computers:
>> http://support.microsoft.com/kb/948496/
>>
>
> I thought that was only an issue with certain NIC manufacturers.
>
> Something about Broadcom... evil... something something maybe D-Link
> something....?
>
> Should this be done on all DCs?
>
> --
> AdamT
> "At times one remains faithful to a cause only because its opponents
> do not cease to be insipid." - Nietzsche
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| kennedyjim
Posts:89
| | 12/01/2008 11:53 AM |
|
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-
> owner@mail.activedir.org] On Behalf Of Adam Thompson
> Sent: Monday, December 01, 2008 11:32 AM
> To: ActiveDir@mail.activedir.org
> Subject: Re: AW: [ActiveDir] Best Practice for applying Service Pack on
> DC's
> I thought that was only an issue with certain NIC manufacturers.
>
> Something about Broadcom... evil... something something maybe D-Link
> something....?
>
> Should this be done on all DCs?
SNP is far more evil than Broadcom. Turn it off on everything, imho. I believe there was an update for 2003 about a year ago that did just that. Even MS recognized the evil they had released upon us.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| deji
Posts:262
| | 12/01/2008 12:13 PM |
| Don't look at the NIC or its manufacturer. Just you turn off SNP every chance you get. It was a well-intended feature that will (eventually) be ready for primetime. For now, it creates more heartache than it's worth.
Sincerely,
_____
(, / | /) /) /)
/---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.name - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
________________________________________
From: ActiveDir-owner@mail.activedir.org [ActiveDir-owner@mail.activedir.org] On Behalf Of Kennedy, Jim [kennedyjim@elyriaschools.org]
Sent: Monday, December 01, 2008 8:47 AM
To: ActiveDir@mail.activedir.org
Subject: RE: AW: [ActiveDir] Best Practice for applying Service Pack on DC's
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-
> owner@mail.activedir.org] On Behalf Of Adam Thompson
> Sent: Monday, December 01, 2008 11:32 AM
> To: ActiveDir@mail.activedir.org
> Subject: Re: AW: [ActiveDir] Best Practice for applying Service Pack on
> DC's
> I thought that was only an issue with certain NIC manufacturers.
>
> Something about Broadcom... evil... something something maybe D-Link
> something....?
>
> Should this be done on all DCs?
SNP is far more evil than Broadcom. Turn it off on everything, imho. I believe there was an update for 2003 about a year ago that did just that. Even MS recognized the evil they had released upon us.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspxList info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| sbradcpa
Posts:496
| | 12/01/2008 12:42 PM |
| A year after they shoved out Sp2 with it enabled they released a patch
to turn it off.
Gotta love it.
Kennedy, Jim wrote:
>
>> -----Original Message-----
>> From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-
>> owner@mail.activedir.org] On Behalf Of Adam Thompson
>> Sent: Monday, December 01, 2008 11:32 AM
>> To: ActiveDir@mail.activedir.org
>> Subject: Re: AW: [ActiveDir] Best Practice for applying Service Pack on
>> DC's
>>
>
>
>
>> I thought that was only an issue with certain NIC manufacturers.
>>
>> Something about Broadcom... evil... something something maybe D-Link
>> something....?
>>
>> Should this be done on all DCs?
>>
>
> SNP is far more evil than Broadcom. Turn it off on everything, imho. I believe there was an update for 2003 about a year ago that did just that. Even MS recognized the evil they had released upon us.
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
>
>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
|
|