Virtual Insanity: Part Two – Opening Windows

Hello again! This is the continuing travel log of my attempts to build a new virtual infrastructure, so if you’ve not read part one, this might seem very specific and strange. I’m not claiming to write The Guide here, I’m just jotting down my experiences as I go in the hopes it helps someone (and possibly future me if I go through this again. Hello future me! How’re the flying cars?)

None of this bit is difficult, but there’s enough bits to miss that hopefully this forms a sort of overly-wordy checklist. This is The Part Where Windows Gets Installed.

Firstly – have a book to hand. There’s a fair bit of waiting involved in all this, but not so much that there’s time to wander off and do something else. You also need to prepare yourself for how long servers take to start up and POST. It’s terrifying at first, as is the noise a 1U server makes at boot.

Download the BIOS update from HP before you start, and install the files to a USB stick. Boot into this first and run the update if it’s needed (not always; it was on the 160, not the 380s).

If you need to set a RAID array up, use the SmartStart disc to get the graphical interface for the array command utility. The controller should look after itself, though; I installed a new P410 and 4 x 146Gb SAS discs in the 160 and it configured itself into a RAID5 array. Ignore any warnings from the RAID controller about drive firmwares and performance for now, we can’t deal with it yet. Use your phone to take a photo of the message for later reference; you’ve got no chance of getting it written down in time with a pen.

If you’re done with RAID, then take the HP SmartStart CD out as it’s useless for installation. It seems to think that if you speak English you must be American and then doesn’t appear to do anything other than ask the questions Windows would anyway. Put the Windows DVD in instead and give it the answers it seeks. You can get on with something else for half an hour now (or read that book you brought with you), as it restarts a couple of times and as I said at the start, that takes a while on a server. Unlike XP, though, it doesn’t keep stopping halfway to ask more questions, which is something.

Give it a long password when it asks and write it down somewhere. Seriously, it wants a really long password; my domain password (15 alphanumerics) wasn’t sufficient. So make up a longer one for this, write it down, and later on you can either a) make the server a domain controller, in which case it has no local account anymore or b) change it to a long garbage string with KeePass, which is an excellent idea for all your servers anyway. How often do you use local admin server accounts? Never, so make the password impossible to crack because the account is an easy target.

Congratulations! Windows has booted. Take a moment to feel smug.

I run updates first, to make sure it’s all patched and happy.  I still distrust Windows Update for hardware drivers so I tend to ignore those, and hide Silverlight because why on earth would you have Silverlight on a server. I’m also leaving .NET Framework off until something asks for it, as it can be a source of vulnerabilities (although I think it has 3.5 by default anyway, and AD requires it).

Once the server has run through one round of updates, I name & domain the machine so a single restart can finish installing the updates and join the domain. Once it’s on domain, I can then get to all the files stashed on my workstation hard drive, i.e. drivers.

Drivers are good to do as soon as possible. They’re different for each server (obv) so I’ll break it down by model. Don’t forget to run updates a couple more times to get the updates-for-updates; you can combine the restart they need with the restart that some drivers will need.

For the DL160 G6, the video driver needs updating first as Win2k8’s standard driver stops at 1024×768, which is annoying. It also insists that it is as up to date as it can be, thus proving itself completely useless. The onboard chip is actually a Matrox G200e, but grab the download from the Intel site as HP don’t seem to have a good version. A later restart will then let you select up to 1280×1024. The NIC drivers can be updated; I downloaded all of them to try as the installer won’t run if you don’t have the right hardware, although FWIW the Intel E1Q turned out to be right for the onboard NICs. I’ll get onto NIC Teaming in a moment.

The P410 Controller Driver went on next, then the Online Flash Component, and once they’re installed the system will finally let you install the disk firmware update you might have been getting warnings about at boot. Make sure you pick the right one from the long list, as detailed in the photo you should have on your phone.

The DL380 G7 has the same stupid display adapter shenanigans going on, but its chip is actually an ATI ES1000 i.e. a repurposed ATi Rage from 1996. Search HP’s download site for “ATI ES1000” and you’ll come up with a 2k8 x64 driver, although you’ll have to source your own copy of Doom to test the graphics capabilities. My additional NIC card needed a driver downloading as well, and the onboard NICs had a pretty significant update available. Again, if you’re not sure which one you want just download ‘em all (Pokémon drivers) as the HP installer won’t let you run anything not applicable.

Device Manager also showed up a “Base System Device”, which is the Integrated Lights Out guff. Google iLO3, go to the firmware page, click OS (Win2k8 R2), and download the necessary bits. You need to install the Management Controller Driver Package before you can run anything else, then the Online Component and Online Flash Component can go on, and lastly the Configuration Utility and the Management Directories Support Software. Note that iLO isn’t essential to the running of the server, and I’m only installing it to see if it’s worth having; I am concerned that it’s another attack vector though, so it may yet come off.

It’s worth going through your NICs one by one unplugging the cables so you know which one is which; Local Area Connection 5 is not necessarily the 5th port, and it simplifies things later if you just rename your connections to Port 5 etc. Don’t install the NIC teaming stuff if your server will be a Hyper-V host. Apparently it causes problems if you install it before the Hyper-V role.

My DL160, though, is just a physical server, so we can team those connections for redundancy & performance. The Network Configuration Utility is (illogically) listed under Drivers on HP’s site; just download and run that. Once it’s done, there’s an extra item in your system tray (not in your Start Menu, confusingly). Double click that, choose the connections to team (which will be easy now you’ve named your connections after the physical port) and leave the settings on automatic. When it’s done its thing for a few minutes you can then configure the new, teamed connection as normal. Note that the original ports remain in Network Connections, but you won’t be able to do anything with their properties.

After that, we just need to stick the product key in and turn remote desktop access on (XP can’t hack network level auth, btw). If you’re using a KMS key, make sure you’ve read up about KMS groups.

And done! Windows is installed and everything is dandy. Now all we need to do is install the various roles, patch them, configure them, test them, troubleshoot them… but all that can wait for another day.

This entry was posted in Work and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s