I have been working through our upgrade to vSphere, and so far the only thing that has really been a big issue is the UNINSTALL of vmware tools on our existing Windows Server 2008 vms. If you run the upgrade for vmware tools, it will of course attempt to uninstall the previous version. Problem is, it doesnt work. It basically half uninstalls the previous version, leaving you with registry entries and so forth that make the new install of tools FAIL. If you find yourself in this predicament, try these steps.

1. Keep in mind, this is AFTER the uninstall of vmware tools has failed when upgrading on a Server 2008 vm.

2. Go to the vm in question, and open the console. Go to the VM menu, then guest, then install/upgrade vmware tools. This will mount the iso for installation. Exit out of the autorun box that comes up.

3. Get to a command prompt, and switch over to your cd drive that has the tools iso mounted. Now run this command……..”setup /c” This command will force remove all the registry entries and so forth and completely remove the old version of vmware tools.

4. Now, you may be tempted to just run setup from the command prompt at this point. DONT DO IT. Instead, go back out to the desktop and autorun the cd, and run setup from there. This will make sure that the install iso is available upon the reboot of your vm to finish the install process. Again, run it from autorun, NOT from the command prompt.

5. Once the vm reboots, it should finish up the tools upgrade, and you will be ready to upgrade the vm hardware to version 7.

6. One thing about upgrading the hardware on a server 2008 vm….When the vm comes back up after hardware upgrade, it will seem like the server is ready to go. In Server 2003, after hardware upgrade, you get the standard “Windows has installed new devices, you need to reboot” prompt. You dont get that prompt with Server 2008. REBOOT AFTER THE HARDWARE UPGRADE ANYWAY. There are a bunch of services that dont start properly on the first boot after hardware upgrade. A reboot will get these services going again.

These are my notes from watching Domain Function Level, Forest Functional Level for Server 2008 on CBTNuggets. I have paraphrased and added my own comments.

Domain Functional Level

Windows Server 2003 DFL

  • DC Rename (moving a server to another site, etc)- you can use the netdom command in server 2008 to change name as well. Make sure everything replicates before you move on.
  • Attributes: Last Log On Time Stamp, user password-Under Active Directory Users and Computers in Server 2008, you could create a custom query to find last log on for a number of users to get rid of old accounts.
  • rediruser, redircmp command can be used to redirect new accounts to a different folder in ad.
  • Selective authentication – restrict accounts across domains
  • Constrained Delegation
  • Authorization Manager – easier management of user access, mostly for applications

Windows Server 2008 DFL

  • You can only have Server 2008 DC’s
  • Uses DFS-R Sysvol replication ( as opposed to FRS), helping out with wan bandwidth etc.
  • Last logon (more details on logon for better queries)
  • Fine-grained passwords (you can have different password policies within a domain, using adsiedit) You can use specops password policy basic to do this as well….http://www.specopssoft.com/products/specopspasswordpolicy/
  • Advanced Encryption Services (128 or 256 bit for Kerberos)

Forest Functional Level

Windows Server 2003 FFL

  • Forest Trust – we can trust between different forests to allow access both ways (non-transitive).
  • Domain Rename – you can do it, just follow the instructions on technet…
  • Linked Value Replication – you dont have to replicate the entire group when you add a user, just the new object.
  • RODC – Read Only Domain Controller -more secure for a branch
  • Improved KCC algorithms — smarter replication over the wan.
  • inetorgperson/user conversion — you can convert other accounts to ad accounts
  • Schema objects can now be deactivated or disabled.

Windows Server 2008 FFL

  • All the server 2003 stuff plus, all new domains will be promoted to 2008 DFL.