Friday 17 April 2009

Hardware Independent Restore and NIC Teaming Caveat

We have a ShadowProtect image of one of our client’s SBS 2003 Premium RTM boxes that we are using to run through the SBS 2003 to SBS 2008 migration process with.

This SBS has been around for about four years or so. As a result, we wanted to run through the Microsoft migration method to see if there are any unforeseen hiccups with their setup or Line of Business applications.

So, we used the Hardware Independent Restore feature of ShadowProtect to restore the image to one of our lab server boxes. The restore process and the subsequent old server device cleanup (previous post) while in Safe Mode after the restore went as well as expected.

Once the OS had finished its boot after the cleanup, there were all kinds of problems though. Their source was the lack of NICs showing in Network Connections.

The Device Manager showed the Intel NICs, the teaming driver setups, and the NIC Team, but they were not showing up anywhere else.

It took a while to figure out how to break the team as any attempt to access the NICs in the Device Manager or work with the Intel driver software would result in a perpetual hour glass.

The old server setup has three NICs installed. There are the two onboard NICs teamed along with an add-in NIC that is used to connect to the Internet.

We ended up needing to reboot into Safe Mode and disabling any of the Intel software driver NIC components (MiniPorts, etc) and the like in the Device Manager leaving only the physical NICs enabled. We also set the Exchange and ISA services to manual so that they would not drag the box down during boot up as no IP addresses would be in place yet.

After rebooting the box into the SBS OS we finally had the two NICs showing up in the Device Manager and the Network Connections folder. We then reinstalled the current Intel ProSet drivers.

From there, we set one NIC with the SBS internal IP and in the other we set an IP to work with one of our routers that has direct access to the Internet. We did not need inbound Internet traffic, but we did need the Internet connection for the migration process.

We reset the Exchange and ISA services to automatic, restarted the ISA services only and reran the Configure E-mail and Internet Connection Wizard to set the new Internet subnet into ISA.

A reboot later and we had a happy Exchange with full mailbox access and ISA was working as expected. IE brought up a Web site as a test for Internet connectivity.

Now, we will image the box so as to have a place to fall back to in the event we have a failure during the initial migration process steps. We will keep imaging the old SBS box with incremental images until the process is finished, or we need to step back and figure out where things went wrong.

We will use the built-in SBS 2008 backup to keep a fallback for it.

IMPORTANT:

  • For any production SBS box image that is restored to a lab server setup or VM setup needs to have the POP3 Connector disabled before Internet connectivity is turned on!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac! (previous blog post)

Windows Live Writer

2 comments:

stryqx said...

When I do test restores that require network connectivity I use a firewall/router VM (currently FreeBSD, but could be pfSense or a Linux-based system) that uses the same internal address as the production site's router and sits on the same virtual network as the test restore. The firewall/router VM then sits in a VLAN that's allowed Internet access only to provide the test restore with Internet connectivity.
By default the firewall/router VM only allows outbound DNS, NTP and HTTP/HTTPS and I add rules as necessary to avoid problems such as SMTP/IMAP/POP delivery.
I also traffic shape the firewall/router so as not to DoS my Internet uplink.
The traffic shaping also helps if I want to simulate a WAN setup for testing.

Philip Elder Cluster MVP said...

Our workbench LAN setup is restricted to HTTP/HTTPS, DNS, and NTP only.

We enable SMTP/POP3 when testing a client workstation, but that is about it too.

Thanks Chris!

Philip