This chapter will teach you how to update and troubleshoot Windows Server 2022. Such things are considered among the most challenging tasks of working with servers. However, as you progress through this chapter, you will notice that even the most difficult tasks have been simplified and are easy to run with a plan and strategy. Thus, in the business world, understanding the importance of troubleshooting, updating, monitoring, and maintaining servers will give you a significant chance of establishing a high business continuity standard that will significantly increase the business’s competitive advantage in the market.
This chapter will introduce you to the Windows Server startup process, advanced boot options and Safe Mode, backup and restore, disaster recovery plans, updating Windows Server 2022, server hardware, and third-party software. Event Viewer will also be covered in this chapter, which allows you to review different logs on Windows Server 2022, thus helping you troubleshoot and solve any problems you may experience. In that way, you will minimize downtime, which is expressed in money lost from a business perspective.
The chapter will conclude with an exercise on monitoring and managing Windows Server 2022 logs using Event Viewer.
The following topics will be covered in this chapter:
To complete the exercise in this chapter, you will need the following equipment:
As is the case, after every Windows OS installation, it is recommended to check the Windows Update service for any new updates. The aim is to install security updates to protect the Windows OS from malicious attacks, download driver updates for specific hardware, add new features, and enhance the current ones. Moreover, updating the Windows OS helps resolve Windows issues and bugs. Therefore, for the reasons mentioned here and others, updating Windows Server 2022 remains one of the first and foremost activities to be undertaken after installing it on a new or used server.
Every second Tuesday of each month, known as Patch Tuesday, Microsoft releases new updates, including the latest features, security updates, and fixes for Microsoft OSs and programs, including Windows Server 2022. Everything is distributed through Microsoft’s Windows Update server and received via a Windows Update feature. These can also be found on their official website: https://update.microsoft.com. In addition, a notification is displayed periodically in both the system tray and Notification Center stating that you need some updates, as shown in the following screenshot:
Figure 11.1 – Windows Update notification
When it comes to accessing the Update & Security settings, it is no different from Windows Server 2019, although there is a slight change in terms of theme and the options on the Windows Update page of Windows Server 2022. As a result, the following options are available (see Figure 11.2):
Figure 11.2 – Windows Update user interface
Now that we have provided a general overview of Windows Update, let’s learn how to update Windows Server 2022. To do this using Windows Update, follow these steps:
Figure 11.3 – Updating Windows Server 2022
Important note
As you might know, Windows 10 has introduced a new way of providing updates, known as Windows as a service. This means that Windows 10 will constantly evolve, and thus new releases will be delivered through Windows Update. But what if you do not want to receive these new releases? Well, the option that Microsoft offers is called Defer feature updates. You can learn more about this exciting feature at https://www.onmsft.com/news/mean-defer-feature-updates-windows-10.
With that, we’ve learned how to update Windows Server 2022. Now, let’s learn how to update Microsoft programs in Windows Server 2022.
It is common to have Microsoft programs running on a server powered by Windows Server 2002. Microsoft Exchange, SQL Server, and SharePoint are just some client/server programs that can run on Windows Server 2022 for specific purposes, such as email, database, and collaboration servers. For performance and security reasons, it is good to update Microsoft programs regularly. To do so, follow these steps:
Figure 11.4 – Updating Microsoft programs
As we have learned, Microsoft programs are usually updated via Microsoft’s Windows Update service. However, that may not be the case with third-party programs. Let’s demonstrate how to update such programs.
In addition to Microsoft programs, a server powered by Windows Server 2022 can also run third-party programs, such as an Oracle database, an Apache web server, a VMware ESXi, and so on. Because of that, for a system administrator, it is essential to understand the differences between updating Microsoft programs and third-party programs. As we have learned so far, for the most part, on Windows-based servers, Windows Update is responsible for updating both Microsoft OSs and programs. However, that is not the case with third-party programs. This is because if each software company is unique in how it develops software, then the procedure for updating that type of software shall be exceptional. Follow these steps to update a third-party program such as Adobe Acrobat Reader DC on Windows Server 2022:
Figure 11.5 - Updating the third-party Acrobat program
Now that we have learned how to update Microsoft and third-party programs, it’s time to learn how to update device drivers.
In the Updating the device drivers section of Chapter 4, Post-Installation Tasks in Windows Server 2022, you learned how to update device drivers using Device Manager. However, besides using Device Manager, in this section, you will learn how to configure the Windows Update feature to automatically check for the latest drivers and updates. Follow these steps:
Figure 11.6 – Device installation settings
Figure 11.7 – Setting up a device driver update
Microsoft’s product updates need to be managed and organized. This can be achieved with the help of Windows Server Update Services (WSUS). We’ll learn more about this in the next section.
As the successor to Software Update Services (SUS), WSUS allows system administrators to manage the distribution of Microsoft’s product updates to their organization’s computers. WSUS works so that its infrastructure can download updates, patches, and fixes to an organization’s server. Then, the server approves and distributes the updates to other organizations’ computers. Using WSUS, system administrators can approve or cancel updates, set the installation of updates on a given date, and generate reports to determine what updates are required for each computer. In addition, the organization’s computers do not need to refer to Microsoft Update anymore since WSUS provides the updates.
In Windows Server 2022, WSUS is a role that can be added using Server Manager. Thus, to add the WSUS role, follow these steps:
Figure 11.8 – Installing Windows Server Update Services
In this section, you learned how to update Windows Server 2022, Microsoft programs, non-Microsoft programs, and device drivers using the Windows Update feature. In the next section, we will understand the troubleshooting methodology.
Troubleshooting in IT is a skill that you will master with time. Every time you solve a problem, you gain more confidence, become more experienced, and establish a more extensive knowledge base. That is why learning and practicing means a lot in IT – you are practicing the troubleshooting itself while learning how to troubleshoot. With that in mind, the more you refine your mastery, the greater your chances of overcoming issues and solving problems.
Let’s begin by understanding the troubleshooting methodology’s best practices, guidelines, and procedures.
In IT, best practices are well-defined methods that are applied wherever problems occur. These best practices ensure that an organization’s policy and procedure management are handled effectively and efficiently. Among the best practices that are well-known, there are accredited management standards such as ISO 9000 and ISO 14001. Therefore, by following best practices, servers will run more efficiently, network services will be more reliable, client/server applications will be more secure, and network infrastructures will be more scalable. In addition, guidelines represent suggestions, recommendations, or best practices for satisfying the policy standard. Finally, procedures are the step-by-step instructions that detail how to implement the components of the policy.
Important note
You can learn more about the ISO 9000 standard at http://asq.org/learn-about-quality/iso-9000/overview/overview.html and the ISO 14001 standard at http://asq.org/learn-about-quality/learn-about-standards/iso-14001.
Next, let’s understand the troubleshooting process so that we can overcome any issue.
As explained in the previous section, troubleshooting is an activity in which the server technician deals with solving a specific server problem. CompTIA’s six-step troubleshooting model is the troubleshooting methodology used by Microsoft product support services engineers among dozens of available methods. The steps are as follows:
Important note
You can learn more about troubleshooting, particularly the detection method, at https://technet.microsoft.com/en-ca.
Besides these processes, troubleshooting is based on two approaches, which we will learn about next.
It is good to clarify from the outset that, when troubleshooting a particular server problem, the progress and success of the troubleshooting process itself depends very much on the approach we take toward solving that problem. Based on that, in general, the troubleshooting process and problem-solving techniques recognize two main methods:
Now, let’s examine various troubleshooting procedures in Windows Server 2022.
No matter how skillful you might be, troubleshooting is a skill that depends a lot on experience, expertise, and expressiveness. In addition, it requires specific guidelines that demand that a server technician is organized and takes on a logical approach to problem-solving with computers and servers. The procedures that need to be considered when dealing with the troubleshooting process include the following:
The utilities that a server technician considers when troubleshooting server problems are as follows:
Now, let’s examine the Information Technology Infrastructure Library (ITIL), which allows you to tailor your IT services to your business needs.
As you may know, due to the application of computer technology and networking increasing in businesses, the departments of information and communication technology in the 80s started becoming the driving force in increasing efficiency and productivity. Such a reality required recognizing IT as a service that would apply consistent practices across organizations’ entire IT service life cycles. Thus, ITIL was born and is considered the foundation for IT service management. ITIL, a well-structured framework, consists of best practices that guide IT organizations to design, implement, operate, and manage IT services. All of these ITIL practices are presented in the form of publications. The latest version of ITIL is v4 and was released throughout 2019 and 2020. At the same time, these publications constitute the ITIL core books. The basic concepts described in these books are as follows:
ITIL enables organizations to tailor IT services to business needs, thus making IT an essential driver in today’s economy.
Important note
You can learn more about ITIL at https://www.axelos.com/best-practice-solutions/ITIL.
Next, let’s learn about Event Viewer and its benefits as a source of troubleshooting information.
Event Viewer (see Figure 11.9), as the name suggests, is considered a tool for solving various problems in Windows OSs. In technical terms, Event Viewer is an MMC snap-in that enables system administrators to monitor server events. This makes Event Viewer a viable source of troubleshooting information whenever software, hardware, and network-related issues impact the server. However, it is worth mentioning that experienced system administrators are already accustomed to even a properly functioning system showing various warnings and errors in Event Viewer. This does not necessarily mean that a system administrator should ignore warnings and errors in Event Viewer. On the contrary, the system administrator needs to have a basic working knowledge of the tool and know when it can be helpful. Thus, from applications to forwarded events, five types of logs can be monitored with Event Viewer:
Figure 11.9 – Event Viewer
In this section, you learned about the methodologies, procedures, best practices, and approaches that will help you keep your server up and running. In the next section, we will introduce the startup process.
Although it is entirely technical, identifying and understanding the hardware components and the startup process has tremendous benefits. It helps troubleshoot hardware-related problems, thus keeping downtime to a minimum. To diagnose and troubleshoot a server startup problem, the server technician must understand what happens during startup. To understand what occurs during server startup, let’s look at the Basic Input/Output System (BIOS).
Imagine that you are in front of a server and have just pressed the button to turn it on. Although you may move back a little because of the noise generated by the cooling fans, I am sure that at this stage, it will be interesting to know what is happening inside the server. As soon as the DC flows through the server’s internal architecture, the so-called ROM chip on the server motherboard will activate the BIOS to enable you to access and set up the server’s hardware. That being said, the BIOS (see Figure 11.10) is a program that controls the functionality of the server’s hardware. Other than identifying and configuring the hardware in a server, the other essential task of the BIOS includes identifying the boot devices:
Figure 11.10 – Lenovo BIOS Setup Utility
Important Note
You can find the BIOS boot options information in the Understanding boot options section of Chapter 3, Installing Windows Server 2022.
Over time, BIOS was eventually replaced by the Unified Extensible Firmware Interface (UEFI). We will learn more about this next.
Unlike computers in the past, modern computers do not have a legacy BIOS; instead, they are equipped with UEFI, as shown in the following screenshot. To overcome the BIOS limitations regarding current hardware support during the booting process, UEFI Consortium has developed UEFI. Unlike BIOS, which is limited to a 16-bit processor mode and 1 MB of addressable memory, UEFI supports 32-bit or 64-bit processor modes and can access the entire computer’s memory. Also, in contrast to BIOS, which uses Master Boot Record (MBR) and supports disks up to 2 TB in size, UEFI uses GUID Partition Table (GPT), which enables support for disks more prominent than 2 TB in size. Moreover, UEFI can be quickly updated by downloading the firmware updates directly from the manufacturer’s website:
Figure 11.11 – The UEFI setup utility
Now, let’s look at the Trusted Platform Module (TPM), which helps secure the hardware.
Since Windows Vista, when Microsoft introduced the BitLocker feature for disk encryption, TPM has been present on computers with Windows OSs. This is because TPM supports encrypting disks by BitLocker by providing hardware security for the latter. From a technical standpoint, TPM is a chip on the computer’s motherboard, which Windows uses to store the encryption key whenever BitLocker encrypts the drives. Thus, BitLocker uses TPM to help ensure the integrity of early startup components by providing that no changes were made to the BIOS, boot sector, and boot manager. Once TPM has verified no changes, it releases the decryption key to the Windows OS bootloader. If TPM detects changes, it blocks any volume protected by BitLocker, and the disk will remain protected. This reveals the idea of using the TPM chip to provide security at the lowest level of an OS, where the Windows kernel is located. An example of such a practice is Windows 11, which has a mandatory Secure Boot and TPM requirement.
The following screenshot shows the TPM Management console in Windows Server 2022, which can be initiated by entering tpm.msc in the Run dialog box:
Figure 11.12 – The UEFI setup utility
Now, let’s explore Power-On Self-Test (POST), a diagnostic test that verifies whether or not the server hardware is working correctly.
The BIOS performs a hardware test known as POST when booting a server. POST is a diagnostic test that verifies that the server hardware is working correctly. Therefore, learning the POST’s beeps during server hardware initialization is beneficial, regardless of the BIOS manufacturer. In addition, it is recommended that you keep an eye on the components, such as the processors, memory, and graphics cards, as they are the first three components to be examined by POST. If any of these components are faulty, then the server boot fails.
Important note
You can learn about the various beep codes of different BIOS manufacturers at https://www.computerhope.com/beep.htm.
Now, let’s look at the MBR, a legacy partition scheme.
Once POST finishes verifying that the server hardware is working correctly, the BIOS hands control over the first boot device. Next, the BIOS looks after the boot device that contains the MBR. The MBR is created when disk partitions are made; however, the MBR resides outside the disk partitions. The MBR is located on the first disk sector and contains the information to identify and boot the OS. Here, the MBR has either NT Loader (NTLDR), Boot Manager (BOOTMGR), or both, depending on the Windows OS installed on the server’s disk. This determines the progress of loading the OS into RAM, as shown in the following table:
Table 11.1 – NTLDR versus BootMgr
Important note
You can find additional information about the MBR, including details about GPT, in the Understanding partition schemes section of Chapter 3, Installing Windows Server 2022.
Now that we understand the MBR, let’s look at Boot Configuration Data (BCD).
BCD represents a store consisting of specific files that control an OS boot. BCD provides a standard boot option interface for the newest Windows OSs, including Windows Vista to Windows Server 2022, independent of the firmware. As a result, it is more secure than the previous boot option (Boot.ini) and enables administrators to assign permissions to manage boot options. Moreover, BCD is available at runtime and during all stages of system configuration. For example, Bcdedit.exe, as shown in the following screenshot, is a file that’s used for the BCD data store. Similar to boot.ini, bcdedit.exe is located inside the disk partitions:
Figure 11.13 – Running bcdedit.exe
In a multiple boot scenario, the MBR contains both NTLDR and BOOTMGR, which means that both boot.ini and bcdedit.exe are present to display the respective OS’s list. In that case, bootsect.exe (refer to the Boot sector section later in this chapter) can be used to update the MBR for hard disk partitions, which require the switch between NTLDR and BOOTMGR.
Naturally, the sections for MBR and BCD precede the bootloader. Now, let’s explore the bootloader.
In its simplicity, a bootloader, often called a bootstrap loader or boot manager, is a program that boots a computer. The bootloader appears after POST verifies that the computer hardware is functional. Located in the MBR, the bootloader loads the Windows OS kernel into memory or disk. For example, in Windows OSs, there are two types of bootloaders:
Let’s explore the boot sector, which contains the information needed to boot the server (the bootloader).
In the HDD section of Chapter 9, Storing Data in Windows Server 2022, tracks and sectors were mentioned. The tracks look like concentric circles, and there are many on a disk, whereas the sectors are the track’s divisions whose size depends on the filesystem the server’s OS is running. So far, you have most likely established an initial understanding of the boot sector. Of course, this is a sector on a server’s disk that contains the information required to boot that server. Technically, the boot sector is located in the first sector of the first disk track, and usually, it contains the MBR, which then contains the bootloader.
Now, let’s learn about the boot menu, which is used when more than one OS runs on a computer.
If multiple Windows OSs are running on a computer, this is known as multi-booting. Usually, such a machine displays a boot list that lists all the OSs running on it every time that computer is turned on. Boot.ini (see Figure 11.14), a text file, is responsible for displaying the boot menu. It is mainly utilized by OSs, including Windows NT and Windows Server 2003. Unlike the MBR, boot.ini is located inside the disk partitions, precisely at the root partition (that is, the C partition). The path to boot.ini is C:oot.ini, which contains the boot options such as bootloader and the OS. As we in Table 11.1, the equivalent of boot.ini in the post-Vista OSs is BCD:
Figure 11.14 – Boot.ini displays the list of OSs
Now, let’s look at Safe Mode, which represents a diagnostic mode and uses a minimal set of drivers and services.
Often, users experience malfunctions when attempting to boot Windows OSs. For example, the OS does not boot when attempting to turn on the computer. However, by pressing the F8 key without overthinking anything, Windows Advanced Options Menu can be accessed from where the Safe Mode option can be selected. This is done because Safe Mode represents a diagnostic mode in Windows OSs that uses a minimal set of drivers and services. However, note that the F8 key option can only be used in pre-Vista Windows OSs such as Windows NT to Windows Server 2003. Advanced Startup Options enables Windows OS recovery in post-Vista Windows OS such as Windows Vista to Windows Server 2022, including access to Safe Mode:
Figure 11.15 – Windows Advanced Options Menu in Windows XP Professional
In Windows Server 2022, follow these steps to access the Safe Mode option from the Advanced Options menu:
Figure 11.16 – The Advanced Boot Options menu
In this section, you learned about partition schemes, the bootloader, the boot sector, the boot menu, and Safe Mode. In the next section, we will explore business continuity.
As a system administrator in this digital age, you must understand that any period of downtime will mean a loss of profit for the company. Therefore, your primary responsibility is to minimize downtime as much as possible. This can be achieved by adequately assessing the components that can fail and taking the appropriate measures to avoid such failure.
Let’s start by learning about disaster recovery plans (DRPs).
A DRP is a well-structured plan that ensures an organization will continue to provide services or recover from a disastrous situation as soon as possible. If a business cannot prevent unexpected events, it can minimize the losses if that business is prepared. Therefore, DRP is a proactive method for maintaining business continuity in such situations. The following is a list of things that organizations should consider when compiling DRP:
Now, let’s understand data redundancy, which helps restore services in a natural disaster.
Data redundancy is a process that allows you to store the same set of data in multiple locations and update it automatically. But what if the data updates are not successfully implemented? Data inconsistency problems occur, leading to more issues, such as data integrity. Such matters can further worsen the situation and potentially harm the organization’s extensive data and multiple data storage locations.
Now, let’s explore clustering, which merges the processing power of several servers.
Clustering refers to a group of servers that combine processor power, RAM, storage capacity, and network interfaces to achieve high availability of services. Clustering recognizes the following two most common practices:
Now, let’s examine redirection, which facilitates accessing documents in a network environment.
System administrators can use folder redirection to redirect the folder on a local computer, or a shared folder on a network, to a new location. With folder redirection, the data stored on the server can be accessed by users similar to how it would be if kept on a local computer.
In Windows Server 2022, you can create a Group Policy Object (GPO) to redirect a folder, as shown in Figure 11.17. The steps are as follows:
Figure 11.17 – Creating a GPO for folder redirection
Losing your data may hamper continuity. To prevent this, you can back up your data. We’ll learn more about this next.
A fundamental requirement when working with servers is that data on a server must be protected from being lost. In line with that, backups are usually used to copy the data if it’s lost. However, unlike a backup, a restore is the process of data recovery whenever data on a server is lost or corrupted. The following are the different types of backups:
When it comes to choosing a backup media, usually, it depends on the importance of the data and its quantity. Storage technologies such as CDs, DVDs, removable HDDs, backup tapes, network-attached storage (NAS), and storage area networks (SANs) are potential storage technologies for backing up. These days, organizations use online backup services too. Convenience, security, and cost are the decisive factors in choosing online backup services. Last but not least, the most common backup rotation scheme, Grandfather-Father-Son (GFS), is worth mentioning. The son backup is done daily, the father backup is done weekly, and the grandfather backup is done monthly.
In Windows Server 2022, Windows Server Backup is a feature that can be added using Server Manager. To add Windows Server Backup, follow these steps:
Figure 11.18 – Installing the Windows Server Backup feature
Once we have created a backup, we can restore the data. Let’s learn how to do this.
As shown in Chapter 5, Directory Services in Windows Server 2022, while adding the AD DS role in one of the Active Directory Domain Services Configuration Wizard steps, the Directory Services Restore Mode (DSRM) password was required (see Figure 11.19). This password is essential for an AD restore, so you must be careful. DSRM is to AD what Safe Mode is to the OS. It is a way of restoring AD when the latter has failed or needs to be fixed:
Figure 11.19 – Setting up DSRM
Usually, there are two methods for restoring data replicated on a domain controller (DC). The first method involves reinstalling the OS, reconfiguring the DC, and then, through normal replication, it will get populated from the second DC on a network. The second method considers the backup to restore the DC’s replicated data. From that, the replicated data from a backup medium can be restored in the following two ways:
We cannot keep our server running without a proper power supply. So, let’s learn how to overcome this problem.
Regardless of the processor’s power, memory capacity, data storage capacity, and the number of available network interfaces the server can have, all of this is useless if there is no constant power supply. Because the continuous power supply is crucial for a server’s overall functionality, the uninterruptible power supply (UPS) device (see Figure 11.20) has an important place in the server’s world. UPS is a battery-driven device that supplies the server with power during a power outage. However, despite the capabilities offered by UPS, it still does not provide a solution for lengthy power outages. For that reason, electric generators represent an alternative solution to overcome such issues:
Figure 11.20 – A rack-mountable UPS
This section has helped you learn about various redundancy technologies. Next, you will complete an exercise where you will monitor and manage logs using Event Viewer.
This exercise will teach you how to set up centralized monitoring, filter Event Viewer logs, and change the default log location. Let’s dive right in!
To set up centralized monitoring in Windows Server 2022, follow these steps:
Figure 11.21 – Adding a Remote Server to collect events
Now that we have centralized monitoring, let’s filter Event Viewer logs.
To filter the Event Viewer logs in Windows Server 2022, follow these steps:
Figure 11.22 – Filtering Event Viewer logs
Finally, let’s change the default logs location, which specifies the logging directory.
To change the default logs location in Windows Server 2022, follow these steps:
Figure 11.23 – Changing the default logs location in Windows Server 2016
This was a helpful exercise as it explained various ways of using Event Viewer to manage and monitor logs in Windows Server 2022.
This chapter taught you how to update and troubleshoot Windows Server 2022. You were provided with valuable information about updating Windows Server 2022, which helps add new features to the server and increase its security. Moreover, you learned about various troubleshooting methodologies that will help you take on the challenge of resolving issues. Furthermore, you learned about the different technologies you can use to add redundancy to the server.
Finally, this chapter concluded with an exercise that provided instructions on using Event Viewer to monitor and manage logs.
In the next chapter, you will learn how to study and prepare for the Microsoft certification exam.
Answer the following questions to test your knowledge of this chapter:
To learn more about the topics that were covered in this chapter, take a look at the following resources:
3.145.204.23