When we finish a new SBS build or Swing SBS build, we want to make sure that we can connect new desktops to the domain properly. Many of our clients have custom software installs via Group Policy, so we want to make sure those GP Software Installs/scripts work as they should.
There are also times where we want WSUS to catch up on all of the updates for more than just the SBS box on a new or Swing Migration build.
On a new build, there are no desktop OSs that have connected to the domain yet.
On a Swing Migration build, the existing desktops will need to have the command wuauclt /resetauthorization /detectnow run to get WSUS to recognize them before their scheduled detect time which is usually 03:00hrs.
Since the new Swing SBS box is sitting on our bench and the client desktops are at their location, the above two WSUS options are not possible at this point.
As an aside, one of the things we do for all of our SBS based clients is create a user account for testing purposes. We make sure our clients understand that the account is for testing security and Group Policy settings and that the email for that account is not necessarily monitored.
When it comes to naming the test account, we use a historical figure or someone we know. We learned the, "Um, Phil, did you get my email last week about the problem I am having?" issue arose very quickly if a technician or my own name was used for that account.
So, when we create the test account on the newly built SBS box, we also create a couple of test machine accounts with it. On the new Swing SBS box, we will add the machine accounts in the SBS console as the test user account is usually setup already.
We create a machine account for Windows XP Professional and one for Windows Vista Business. If we know our client will have Windows Vista Ultimate on the network, then we will use that Vista edition instead.
We install Virtual PC 2007 on the SBS box, copy over the VHD file sets into a folder setup for this purpose on the server, configure the VMs in VPC, and fire them up. Note that they may need to be shutdown and have the appropriate NIC chosen for them if they default to the ISA NIC in a 2 NIC SBS setup.
We then run the mysbs/connectcomputer routine to connect them both to the domain. Note that the VMs we copy are vanilla installs that have not touched a domain yet.
Once the VMs have come up after their final post SBS domain reboot, we logon to the workstation via the SBS domain and run the above WSUS command to make sure they get registered right away.
After running the WSUS command, one can monitor the SBS based WSUS console to see if the new workstation's connection to the domain and registration with WSUS takes.
In our experience, WSUS will trigger a synchronization with the Microsoft update servers when the XP workstation connects to bring up XP related updates. The same will be true for the Vista based workstation. We tend to run the XP Pro domain and WSUS setup first, then wait for the synchronization to finish before connecting the Vista VM to the domain and registering it with WSUS.
When the WSUS synchronization completes there will be a whole bunch of new XP and/or Vista updates to approve in the SBS WSUS console. Once approved, the updates will be downloaded and made ready for install.
We tend to then run through the install sequence on the VMs to make sure that everything works as it should.
In our experience, when an early media set is used to build a desktop and it is not updated prior to connecting to the SBS domain, things can get a little choked in the update setup. Instead of running the meriad of updates via a double click on the Gold Shield, we will Start --> Shut Down and choose the "Install Updates and Shut Down" option.
Running the update routines while shutting down gives the OS the opportunity to release those OS components that need to be updated. This will virtually eliminate the Red Shield in the SBS WSUS console for update errors.
Once we are done with the XP and Vista VMs, we delete both the VMC and VHDs off of the SBS hard drive and make sure VPC no longer shows them listed too.
We will keep Virtual PC on the server for any further VM needs.
Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.
No comments:
Post a Comment