11

Updating and Troubleshooting Windows Server 2022

This chapter will teach you how to update and troubleshoot Windows Server 2022. Such things are considered among the most challenging tasks of working with servers. However, as you progress through this chapter, you will notice that even the most difficult tasks have been simplified and are easy to run with a plan and strategy. Thus, in the business world, understanding the importance of troubleshooting, updating, monitoring, and maintaining servers will give you a significant chance of establishing a high business continuity standard that will significantly increase the business’s competitive advantage in the market.

This chapter will introduce you to the Windows Server startup process, advanced boot options and Safe Mode, backup and restore, disaster recovery plans, updating Windows Server 2022, server hardware, and third-party software. Event Viewer will also be covered in this chapter, which allows you to review different logs on Windows Server 2022, thus helping you troubleshoot and solve any problems you may experience. In that way, you will minimize downtime, which is expressed in money lost from a business perspective.

The chapter will conclude with an exercise on monitoring and managing Windows Server 2022 logs using Event Viewer.

The following topics will be covered in this chapter:

  • Understanding updates
  • Understanding the troubleshooting methodology
  • Understanding the startup process
  • Understanding business continuity
  • Chapter exercise – using Event Viewer to monitor and manage logs

Technical requirements

To complete the exercise in this chapter, you will need the following equipment:

  • A PC with Windows 11 Pro, at least 16 GB of RAM, 1 TB of HDD, and access to the internet
  • A virtual machine with Windows Server 2022 Standard, at least 4 GB of RAM, 100 GB of HDD, and access to the internet

Understanding updates

As is the case, after every Windows OS installation, it is recommended to check the Windows Update service for any new updates. The aim is to install security updates to protect the Windows OS from malicious attacks, download driver updates for specific hardware, add new features, and enhance the current ones. Moreover, updating the Windows OS helps resolve Windows issues and bugs. Therefore, for the reasons mentioned here and others, updating Windows Server 2022 remains one of the first and foremost activities to be undertaken after installing it on a new or used server.

Understanding Windows Update

Every second Tuesday of each month, known as Patch Tuesday, Microsoft releases new updates, including the latest features, security updates, and fixes for Microsoft OSs and programs, including Windows Server 2022. Everything is distributed through Microsoft’s Windows Update server and received via a Windows Update feature. These can also be found on their official website: https://update.microsoft.com. In addition, a notification is displayed periodically in both the system tray and Notification Center stating that you need some updates, as shown in the following screenshot:

Figure 11.1 – Windows Update notification

Figure 11.1 – Windows Update notification

When it comes to accessing the Update & Security settings, it is no different from Windows Server 2019, although there is a slight change in terms of theme and the options on the Windows Update page of Windows Server 2022. As a result, the following options are available (see Figure 11.2):

  • Pause updates for 7 days: This option lets you pause the Windows Server 2022 update for a week. Once you click on that option, the Windows Update page in Windows Settings will let you know that the Windows Server 2022 update has paused. However, if you want to continue this pause for another week, click on Pause updates for 7 more days.
  • Change active hours: This option lets you set up active hours so that Windows Update will not restart the server during operational hours, even if it requires a restart to install the updates.
  • View update history: This option lets you display the list of updates and their statuses. It also allows you to uninstall updates and access recovery options.
  • Advanced options: This option lets you choose how updates are installed. You have two choices: Give me updates for other Microsoft products when I update Windows and Defer feature updates.
  • These options can be seen in the following screenshot:
Figure 11.2 – Windows Update user interface

Figure 11.2 – Windows Update user interface

Now that we have provided a general overview of Windows Update, let’s learn how to update Windows Server 2022. To do this using Windows Update, follow these steps:

  1. Press the Windows key + I to open the Windows Settings section.
  2. In the Windows Settings window, click on Update & Security.
  3. Under Update status, click on the Check for updates button. It will begin checking for updates.
  4. If Windows Update finds new updates, it will prompt you to install them, as shown in the following screenshot:
Figure 11.3 – Updating Windows Server 2022

Figure 11.3 – Updating Windows Server 2022

  1. In most cases, you will need to restart the server for the updates to take effect.

Important note

As you might know, Windows 10 has introduced a new way of providing updates, known as Windows as a service. This means that Windows 10 will constantly evolve, and thus new releases will be delivered through Windows Update. But what if you do not want to receive these new releases? Well, the option that Microsoft offers is called Defer feature updates. You can learn more about this exciting feature at https://www.onmsft.com/news/mean-defer-feature-updates-windows-10.

With that, we’ve learned how to update Windows Server 2022. Now, let’s learn how to update Microsoft programs in Windows Server 2022.

Updating Microsoft programs

It is common to have Microsoft programs running on a server powered by Windows Server 2002. Microsoft Exchange, SQL Server, and SharePoint are just some client/server programs that can run on Windows Server 2022 for specific purposes, such as email, database, and collaboration servers. For performance and security reasons, it is good to update Microsoft programs regularly. To do so, follow these steps:

  1. Press the Windows key + I to open the Windows Settings section.
  2. In the Settings window, click on Update & Security.
  3. Under the Update settings section, click on Advanced options.
  4. Enable the Receive updates for other Microsoft products when you update Windows option, as shown in the following screenshot:
Figure 11.4 – Updating Microsoft programs

Figure 11.4 – Updating Microsoft programs

  1. Close the Settings window.

As we have learned, Microsoft programs are usually updated via Microsoft’s Windows Update service. However, that may not be the case with third-party programs. Let’s demonstrate how to update such programs.

Updating third-party programs

In addition to Microsoft programs, a server powered by Windows Server 2022 can also run third-party programs, such as an Oracle database, an Apache web server, a VMware ESXi, and so on. Because of that, for a system administrator, it is essential to understand the differences between updating Microsoft programs and third-party programs. As we have learned so far, for the most part, on Windows-based servers, Windows Update is responsible for updating both Microsoft OSs and programs. However, that is not the case with third-party programs. This is because if each software company is unique in how it develops software, then the procedure for updating that type of software shall be exceptional. Follow these steps to update a third-party program such as Adobe Acrobat Reader DC on Windows Server 2022:

  1. From the Start menu, open the Adobe Acrobat Reader DC program.
  2. In the Help menu, select Check for Updates...
  3. Shortly afterward, Adobe Acrobat Reader DC Updater will check for new updates. When one is found, it will indicate that there is an update that can be downloaded.
  4. Click on the Download button.
  5. The icon in the system tray will silently download the update.
  6. Depending on your internet connection speed, Adobe Acrobat Reader DC Updater will let you know when the update is ready to be installed.
  7. Click on the Install button, as shown in the following screenshot:
Figure 11.5 - Updating the third-party Acrobat program

Figure 11.5 - Updating the third-party Acrobat program

  1. When prompted, click the Yes button on the UAC dialog box.
  2. Once installation completes, click the Close button to close Adobe Acrobat Reader DC.

Now that we have learned how to update Microsoft and third-party programs, it’s time to learn how to update device drivers.

Updating the device drivers

In the Updating the device drivers section of Chapter 4, Post-Installation Tasks in Windows Server 2022, you learned how to update device drivers using Device Manager. However, besides using Device Manager, in this section, you will learn how to configure the Windows Update feature to automatically check for the latest drivers and updates. Follow these steps:

  1. Press the Windows key + R, enter Control Panel, and then press Enter.
  2. Click on Hardware | Devices and Printers.
  3. From within the Devices and Printers window, right-click on the server’s name, and then click on Device installation settings, as shown here:
Figure 11.6 – Device installation settings

Figure 11.6 – Device installation settings

  1. Select the Yes (recommended) option, as shown here:
Figure 11.7 – Setting up a device driver update

Figure 11.7 – Setting up a device driver update

  1. Click on Save Changes to close the Device installation settings dialog box.

Microsoft’s product updates need to be managed and organized. This can be achieved with the help of Windows Server Update Services (WSUS). We’ll learn more about this in the next section.

Getting to know WSUS

As the successor to Software Update Services (SUS), WSUS allows system administrators to manage the distribution of Microsoft’s product updates to their organization’s computers. WSUS works so that its infrastructure can download updates, patches, and fixes to an organization’s server. Then, the server approves and distributes the updates to other organizations’ computers. Using WSUS, system administrators can approve or cancel updates, set the installation of updates on a given date, and generate reports to determine what updates are required for each computer. In addition, the organization’s computers do not need to refer to Microsoft Update anymore since WSUS provides the updates.

In Windows Server 2022, WSUS is a role that can be added using Server Manager. Thus, to add the WSUS role, follow these steps:

  1. Press the Windows key + R, enter servermanager.exe, and press Enter.
  2. In the Server Manager console, select Add Roles and Features.
  3. In the Before You Begin step, click Next.
  4. In the Installation Type step, ensure that role-based or feature-based installation is selected, and then click Next.
  5. Select a server from the server pool in the Server Selection step and click Next.
  6. In the Server Roles step, select Windows Server Update Services, as shown in the following screenshot, and click Next:
Figure 11.8 – Installing Windows Server Update Services

Figure 11.8 – Installing Windows Server Update Services

  1. In the Features step, there is no need to add features; therefore, click Next.
  2. The WSUS step presents the description and things to note regarding the WSUS installation. Click Next.
  3. In the Role Services step, WID Connectivity and WSUS Services are selected by default. Click Next.
  4. In the Content step, enter the name of the local or network location where the updates will be stored. Click Next.
  5. In the Confirmation step, click Install.
  6. When the installation is complete, click Close to close Add Roles and Features Wizard.

In this section, you learned how to update Windows Server 2022, Microsoft programs, non-Microsoft programs, and device drivers using the Windows Update feature. In the next section, we will understand the troubleshooting methodology.

Understanding the troubleshooting methodology

Troubleshooting in IT is a skill that you will master with time. Every time you solve a problem, you gain more confidence, become more experienced, and establish a more extensive knowledge base. That is why learning and practicing means a lot in IT – you are practicing the troubleshooting itself while learning how to troubleshoot. With that in mind, the more you refine your mastery, the greater your chances of overcoming issues and solving problems.

Let’s begin by understanding the troubleshooting methodology’s best practices, guidelines, and procedures.

Best practices, guidelines, and procedures

In IT, best practices are well-defined methods that are applied wherever problems occur. These best practices ensure that an organization’s policy and procedure management are handled effectively and efficiently. Among the best practices that are well-known, there are accredited management standards such as ISO 9000 and ISO 14001. Therefore, by following best practices, servers will run more efficiently, network services will be more reliable, client/server applications will be more secure, and network infrastructures will be more scalable. In addition, guidelines represent suggestions, recommendations, or best practices for satisfying the policy standard. Finally, procedures are the step-by-step instructions that detail how to implement the components of the policy.

Important note

You can learn more about the ISO 9000 standard at http://asq.org/learn-about-quality/iso-9000/overview/overview.html and the ISO 14001 standard at http://asq.org/learn-about-quality/learn-about-standards/iso-14001.

Next, let’s understand the troubleshooting process so that we can overcome any issue.

Troubleshooting process

As explained in the previous section, troubleshooting is an activity in which the server technician deals with solving a specific server problem. CompTIA’s six-step troubleshooting model is the troubleshooting methodology used by Microsoft product support services engineers among dozens of available methods. The steps are as follows:

  1. Discover the problem by gathering as much technical information as possible.
  2. Evaluate the system configuration by asking questions to determine whether hardware, software, or network changes have been made recently.
  3. List and track the possible solutions by isolating the problem by removing or disabling hardware or software components.
  4. Execute a plan through testing solutions and ensure that you have a plan B.
  5. Check the results. If the problem has not been solved, go back to step 3.
  6. Take a proactive approach by documenting any changes you have made while troubleshooting the problem.

Important note

You can learn more about troubleshooting, particularly the detection method, at https://technet.microsoft.com/en-ca.

Besides these processes, troubleshooting is based on two approaches, which we will learn about next.

The systematic versus the specific approach

It is good to clarify from the outset that, when troubleshooting a particular server problem, the progress and success of the troubleshooting process itself depends very much on the approach we take toward solving that problem. Based on that, in general, the troubleshooting process and problem-solving techniques recognize two main methods:

  • A systematic approach is an effective troubleshooting methodology because it is based on structured steps toward solving the problem, regardless of the type of problem.
  • A specific approach is based primarily on knowledge and prior experience solving the same/similar problems. In this approach, guesswork comes into play.

Now, let’s examine various troubleshooting procedures in Windows Server 2022.

Troubleshooting procedures

No matter how skillful you might be, troubleshooting is a skill that depends a lot on experience, expertise, and expressiveness. In addition, it requires specific guidelines that demand that a server technician is organized and takes on a logical approach to problem-solving with computers and servers. The procedures that need to be considered when dealing with the troubleshooting process include the following:

  • Consider checking the documentation to see whether the problem has occurred in the past.
  • Check any available logs, including Event Viewer.
  • Consider searching the Microsoft Knowledge Base (KB) articles.
  • Consider using utility programs
  • Consider running a backup before trying out any solutions

The utilities that a server technician considers when troubleshooting server problems are as follows:

  • The Advanced Boot Options menu, including Safe Mode
  • Windows Repair
  • Memory Diagnostics
  • System Information
  • Device Manager
  • Task Manager
  • Performance Monitor
  • Resource Monitor
  • Event Viewer

Now, let’s examine the Information Technology Infrastructure Library (ITIL), which allows you to tailor your IT services to your business needs.

ITIL

As you may know, due to the application of computer technology and networking increasing in businesses, the departments of information and communication technology in the 80s started becoming the driving force in increasing efficiency and productivity. Such a reality required recognizing IT as a service that would apply consistent practices across organizations’ entire IT service life cycles. Thus, ITIL was born and is considered the foundation for IT service management. ITIL, a well-structured framework, consists of best practices that guide IT organizations to design, implement, operate, and manage IT services. All of these ITIL practices are presented in the form of publications. The latest version of ITIL is v4 and was released throughout 2019 and 2020. At the same time, these publications constitute the ITIL core books. The basic concepts described in these books are as follows:

  • Service strategy: Describes the goals and objectives for both businesses and customers
  • Service design: Includes IT practices such as policies, architectures, and documentation
  • Service transition: Emphasizes change management
  • Service operation: Describes IT management
  • Continual service improvement: Includes policy improvements and updates

ITIL enables organizations to tailor IT services to business needs, thus making IT an essential driver in today’s economy.

Important note

You can learn more about ITIL at https://www.axelos.com/best-practice-solutions/ITIL.

Next, let’s learn about Event Viewer and its benefits as a source of troubleshooting information.

Event Viewer

Event Viewer (see Figure 11.9), as the name suggests, is considered a tool for solving various problems in Windows OSs. In technical terms, Event Viewer is an MMC snap-in that enables system administrators to monitor server events. This makes Event Viewer a viable source of troubleshooting information whenever software, hardware, and network-related issues impact the server. However, it is worth mentioning that experienced system administrators are already accustomed to even a properly functioning system showing various warnings and errors in Event Viewer. This does not necessarily mean that a system administrator should ignore warnings and errors in Event Viewer. On the contrary, the system administrator needs to have a basic working knowledge of the tool and know when it can be helpful. Thus, from applications to forwarded events, five types of logs can be monitored with Event Viewer:

  • The Application log includes applications or program events.
  • The Security log includes events triggered by security-related activities, such as an invalid login attempt or accessing a folder with denied permissions. In addition, it requires auditing to be enabled.
  • The Setup log includes application setup events.
  • The System log includes events triggered by Windows system components.
  • The Forwarded Events log includes events triggered by remote computers. It requires you to create an event subscription.
  • These can be seen in the following screenshot:
Figure 11.9 – Event Viewer

Figure 11.9 – Event Viewer

In this section, you learned about the methodologies, procedures, best practices, and approaches that will help you keep your server up and running. In the next section, we will introduce the startup process.

Understanding the startup process

Although it is entirely technical, identifying and understanding the hardware components and the startup process has tremendous benefits. It helps troubleshoot hardware-related problems, thus keeping downtime to a minimum. To diagnose and troubleshoot a server startup problem, the server technician must understand what happens during startup. To understand what occurs during server startup, let’s look at the Basic Input/Output System (BIOS).

BIOS

Imagine that you are in front of a server and have just pressed the button to turn it on. Although you may move back a little because of the noise generated by the cooling fans, I am sure that at this stage, it will be interesting to know what is happening inside the server. As soon as the DC flows through the server’s internal architecture, the so-called ROM chip on the server motherboard will activate the BIOS to enable you to access and set up the server’s hardware. That being said, the BIOS (see Figure 11.10) is a program that controls the functionality of the server’s hardware. Other than identifying and configuring the hardware in a server, the other essential task of the BIOS includes identifying the boot devices:

Figure 11.10 – Lenovo BIOS Setup Utility

Figure 11.10 – Lenovo BIOS Setup Utility

Important Note

You can find the BIOS boot options information in the Understanding boot options section of Chapter 3, Installing Windows Server 2022.

Over time, BIOS was eventually replaced by the Unified Extensible Firmware Interface (UEFI). We will learn more about this next.

UEFI

Unlike computers in the past, modern computers do not have a legacy BIOS; instead, they are equipped with UEFI, as shown in the following screenshot. To overcome the BIOS limitations regarding current hardware support during the booting process, UEFI Consortium has developed UEFI. Unlike BIOS, which is limited to a 16-bit processor mode and 1 MB of addressable memory, UEFI supports 32-bit or 64-bit processor modes and can access the entire computer’s memory. Also, in contrast to BIOS, which uses Master Boot Record (MBR) and supports disks up to 2 TB in size, UEFI uses GUID Partition Table (GPT), which enables support for disks more prominent than 2 TB in size. Moreover, UEFI can be quickly updated by downloading the firmware updates directly from the manufacturer’s website:

Figure 11.11 – The UEFI setup utility

Figure 11.11 – The UEFI setup utility

Now, let’s look at the Trusted Platform Module (TPM), which helps secure the hardware.

TPM

Since Windows Vista, when Microsoft introduced the BitLocker feature for disk encryption, TPM has been present on computers with Windows OSs. This is because TPM supports encrypting disks by BitLocker by providing hardware security for the latter. From a technical standpoint, TPM is a chip on the computer’s motherboard, which Windows uses to store the encryption key whenever BitLocker encrypts the drives. Thus, BitLocker uses TPM to help ensure the integrity of early startup components by providing that no changes were made to the BIOS, boot sector, and boot manager. Once TPM has verified no changes, it releases the decryption key to the Windows OS bootloader. If TPM detects changes, it blocks any volume protected by BitLocker, and the disk will remain protected. This reveals the idea of using the TPM chip to provide security at the lowest level of an OS, where the Windows kernel is located. An example of such a practice is Windows 11, which has a mandatory Secure Boot and TPM requirement.

The following screenshot shows the TPM Management console in Windows Server 2022, which can be initiated by entering tpm.msc in the Run dialog box:

Figure 11.12 – The UEFI setup utility

Figure 11.12 – The UEFI setup utility

Now, let’s explore Power-On Self-Test (POST), a diagnostic test that verifies whether or not the server hardware is working correctly.

POST

The BIOS performs a hardware test known as POST when booting a server. POST is a diagnostic test that verifies that the server hardware is working correctly. Therefore, learning the POST’s beeps during server hardware initialization is beneficial, regardless of the BIOS manufacturer. In addition, it is recommended that you keep an eye on the components, such as the processors, memory, and graphics cards, as they are the first three components to be examined by POST. If any of these components are faulty, then the server boot fails.

Important note

You can learn about the various beep codes of different BIOS manufacturers at https://www.computerhope.com/beep.htm.

Now, let’s look at the MBR, a legacy partition scheme.

MBR

Once POST finishes verifying that the server hardware is working correctly, the BIOS hands control over the first boot device. Next, the BIOS looks after the boot device that contains the MBR. The MBR is created when disk partitions are made; however, the MBR resides outside the disk partitions. The MBR is located on the first disk sector and contains the information to identify and boot the OS. Here, the MBR has either NT Loader (NTLDR), Boot Manager (BOOTMGR), or both, depending on the Windows OS installed on the server’s disk. This determines the progress of loading the OS into RAM, as shown in the following table:

Table 11.1 – NTLDR versus BootMgr

Table 11.1 – NTLDR versus BootMgr

Important note

You can find additional information about the MBR, including details about GPT, in the Understanding partition schemes section of Chapter 3, Installing Windows Server 2022.

Now that we understand the MBR, let’s look at Boot Configuration Data (BCD).

BCD

BCD represents a store consisting of specific files that control an OS boot. BCD provides a standard boot option interface for the newest Windows OSs, including Windows Vista to Windows Server 2022, independent of the firmware. As a result, it is more secure than the previous boot option (Boot.ini) and enables administrators to assign permissions to manage boot options. Moreover, BCD is available at runtime and during all stages of system configuration. For example, Bcdedit.exe, as shown in the following screenshot, is a file that’s used for the BCD data store. Similar to boot.ini, bcdedit.exe is located inside the disk partitions:

Figure 11.13 – Running bcdedit.exe

Figure 11.13 – Running bcdedit.exe

In a multiple boot scenario, the MBR contains both NTLDR and BOOTMGR, which means that both boot.ini and bcdedit.exe are present to display the respective OS’s list. In that case, bootsect.exe (refer to the Boot sector section later in this chapter) can be used to update the MBR for hard disk partitions, which require the switch between NTLDR and BOOTMGR.

Naturally, the sections for MBR and BCD precede the bootloader. Now, let’s explore the bootloader.

Bootloader

In its simplicity, a bootloader, often called a bootstrap loader or boot manager, is a program that boots a computer. The bootloader appears after POST verifies that the computer hardware is functional. Located in the MBR, the bootloader loads the Windows OS kernel into memory or disk. For example, in Windows OSs, there are two types of bootloaders:

  • NTLDR is the legacy Windows bootloader from Windows NT to Windows Server 2003.
  • BOOTMGR is the newest Windows bootloader from Windows Vista to Windows Server 2022.

Let’s explore the boot sector, which contains the information needed to boot the server (the bootloader).

Boot sector

In the HDD section of Chapter 9, Storing Data in Windows Server 2022, tracks and sectors were mentioned. The tracks look like concentric circles, and there are many on a disk, whereas the sectors are the track’s divisions whose size depends on the filesystem the server’s OS is running. So far, you have most likely established an initial understanding of the boot sector. Of course, this is a sector on a server’s disk that contains the information required to boot that server. Technically, the boot sector is located in the first sector of the first disk track, and usually, it contains the MBR, which then contains the bootloader.

Now, let’s learn about the boot menu, which is used when more than one OS runs on a computer.

Boot menu

If multiple Windows OSs are running on a computer, this is known as multi-booting. Usually, such a machine displays a boot list that lists all the OSs running on it every time that computer is turned on. Boot.ini (see Figure 11.14), a text file, is responsible for displaying the boot menu. It is mainly utilized by OSs, including Windows NT and Windows Server 2003. Unlike the MBR, boot.ini is located inside the disk partitions, precisely at the root partition (that is, the C partition). The path to boot.ini is C:oot.ini, which contains the boot options such as bootloader and the OS. As we in Table 11.1, the equivalent of boot.ini in the post-Vista OSs is BCD:

Figure 11.14 – Boot.ini displays the list of OSs

Figure 11.14 – Boot.ini displays the list of OSs

Now, let’s look at Safe Mode, which represents a diagnostic mode and uses a minimal set of drivers and services.

Safe Mode

Often, users experience malfunctions when attempting to boot Windows OSs. For example, the OS does not boot when attempting to turn on the computer. However, by pressing the F8 key without overthinking anything, Windows Advanced Options Menu can be accessed from where the Safe Mode option can be selected. This is done because Safe Mode represents a diagnostic mode in Windows OSs that uses a minimal set of drivers and services. However, note that the F8 key option can only be used in pre-Vista Windows OSs such as Windows NT to Windows Server 2003. Advanced Startup Options enables Windows OS recovery in post-Vista Windows OS such as Windows Vista to Windows Server 2022, including access to Safe Mode:

Figure 11.15 – Windows Advanced Options Menu in Windows XP Professional

Figure 11.15 – Windows Advanced Options Menu in Windows XP Professional

In Windows Server 2022, follow these steps to access the Safe Mode option from the Advanced Options menu:

  1. While holding down the Shift key, restart Windows Server 2022 by clicking on Restart from the Power option.
  2. On the Choose an option screen, select troubleshooting.
  3. On the Advanced options screen, choose Startup Settings.
  4. Click on the Restart button on the Startup Settings screen.
  5. The Advanced Boot Options screen will be displayed shortly afterward, as shown here:
Figure 11.16 – The Advanced Boot Options menu

Figure 11.16 – The Advanced Boot Options menu

In this section, you learned about partition schemes, the bootloader, the boot sector, the boot menu, and Safe Mode. In the next section, we will explore business continuity.

Understanding business continuity

As a system administrator in this digital age, you must understand that any period of downtime will mean a loss of profit for the company. Therefore, your primary responsibility is to minimize downtime as much as possible. This can be achieved by adequately assessing the components that can fail and taking the appropriate measures to avoid such failure.

Let’s start by learning about disaster recovery plans (DRPs).

DRP

A DRP is a well-structured plan that ensures an organization will continue to provide services or recover from a disastrous situation as soon as possible. If a business cannot prevent unexpected events, it can minimize the losses if that business is prepared. Therefore, DRP is a proactive method for maintaining business continuity in such situations. The following is a list of things that organizations should consider when compiling DRP:

  • Make an inventory of all hardware and software.
  • Analyze all potential threats and vulnerabilities.
  • Establish the organization’s priorities.
  • Define the organization’s tolerance in case of a disaster.
  • Review how the disaster was handled in the past.
  • Acknowledge that the staff matter more than data recovery and services.
  • Execute DRP DRY tests regularly.
  • Have management approve the DRP.
  • Never forget to update the DRP.

Now, let’s understand data redundancy, which helps restore services in a natural disaster.

Data redundancy

Data redundancy is a process that allows you to store the same set of data in multiple locations and update it automatically. But what if the data updates are not successfully implemented? Data inconsistency problems occur, leading to more issues, such as data integrity. Such matters can further worsen the situation and potentially harm the organization’s extensive data and multiple data storage locations.

Now, let’s explore clustering, which merges the processing power of several servers.

Clustering

Clustering refers to a group of servers that combine processor power, RAM, storage capacity, and network interfaces to achieve high availability of services. Clustering recognizes the following two most common practices:

  • Failover clustering requires a minimum of two servers and works on the active-passive principle, where one server is active, and the other is passive. Usually, it is applied to databases, mail servers, and, in general, backend processing environments.
  • Load-balancing clustering: This requires a minimum of two servers; however, servers are merged into one virtual server, exchanging heartbeats. As far as users are concerned, they access a single server; as far as backend processing is concerned, the loads are distributed between the servers. Usually, it is applied to web servers and, in general, frontend processing environments.

Now, let’s examine redirection, which facilitates accessing documents in a network environment.

Folder redirection

System administrators can use folder redirection to redirect the folder on a local computer, or a shared folder on a network, to a new location. With folder redirection, the data stored on the server can be accessed by users similar to how it would be if kept on a local computer.

In Windows Server 2022, you can create a Group Policy Object (GPO) to redirect a folder, as shown in Figure 11.17. The steps are as follows:

  1. Press the Windows key + R, enter gpmc.msc, and press Enter.
  2. Expand User Configuration | Policies | Windows Settings | Folder Redirection.
  3. Right-click on Documents and select Properties.
  4. Select the Basic - Redirect everyone’s folder to the same location setting.
  5. In the Target folder location section, choose Redirect to the following location.
  6. Specify the root path to your redirected folder.
  7. Click on OK to close the Document Properties window:
Figure 11.17 – Creating a GPO for folder redirection

Figure 11.17 – Creating a GPO for folder redirection

Losing your data may hamper continuity. To prevent this, you can back up your data. We’ll learn more about this next.

Backup and restore

A fundamental requirement when working with servers is that data on a server must be protected from being lost. In line with that, backups are usually used to copy the data if it’s lost. However, unlike a backup, a restore is the process of data recovery whenever data on a server is lost or corrupted. The following are the different types of backups:

  • A full backup makes a copy of all of the data. Therefore, you only require the last set of full backups to restore your data.
  • An incremental backup copies the data that has changed since the last backup, regardless of the type. Usually, incremental backups are done from Monday to Thursday, and the full backup takes place on Friday. Therefore, to restore your data, you need the last set of full backups and incremental backups between the full backup and the day you want to restore the data. Because of this, it takes less time to do the backup but more time to restore the data.
  • A differential backup copies the data that has changed since the last full backup. In the same way as an incremental backup, a differential backup is done from Monday to Thursday, and on Friday, the full backup takes place. You need the last set of full backups and incremental backups to restore your data. Because of this, it takes more time to do a backup and less time to restore the data.

When it comes to choosing a backup media, usually, it depends on the importance of the data and its quantity. Storage technologies such as CDs, DVDs, removable HDDs, backup tapes, network-attached storage (NAS), and storage area networks (SANs) are potential storage technologies for backing up. These days, organizations use online backup services too. Convenience, security, and cost are the decisive factors in choosing online backup services. Last but not least, the most common backup rotation scheme, Grandfather-Father-Son (GFS), is worth mentioning. The son backup is done daily, the father backup is done weekly, and the grandfather backup is done monthly.

In Windows Server 2022, Windows Server Backup is a feature that can be added using Server Manager. To add Windows Server Backup, follow these steps:

  1. Press the Windows key + R, enter servermanager.exe, and press Enter.
  2. From the Server Manager console, select Add Roles and Features.
  3. In the Before You Begin option, click Next.
  4. In the Installation Type step, ensure that Role-based or feature-based installation is selected, and click Next.
  5. Select a server from the server pool under Server Selection and click Next.
  6. There is no need to add roles; therefore, click Next.
  7. In the Features step, scroll down the list of features and select Windows Server Backup, as shown in the following screenshot. Then, click Next:
Figure 11.18 – Installing the Windows Server Backup feature

Figure 11.18 – Installing the Windows Server Backup feature

  1. In the Confirmation area, click Install.
  2. When the installation is complete, click Close to close Add Roles and Features Wizard.

Once we have created a backup, we can restore the data. Let’s learn how to do this.

Active Directory (AD) restore

As shown in Chapter 5, Directory Services in Windows Server 2022, while adding the AD DS role in one of the Active Directory Domain Services Configuration Wizard steps, the Directory Services Restore Mode (DSRM) password was required (see Figure 11.19). This password is essential for an AD restore, so you must be careful. DSRM is to AD what Safe Mode is to the OS. It is a way of restoring AD when the latter has failed or needs to be fixed:

Figure 11.19 – Setting up DSRM

Figure 11.19 – Setting up DSRM

Usually, there are two methods for restoring data replicated on a domain controller (DC). The first method involves reinstalling the OS, reconfiguring the DC, and then, through normal replication, it will get populated from the second DC on a network. The second method considers the backup to restore the DC’s replicated data. From that, the replicated data from a backup medium can be restored in the following two ways:

  • Non-authoritative restore: This is applied when a DC has failed due to hardware or software-related problems. The AD structure is restored from a backup medium, and then it will be populated from the second DC on a network through normal replication.
  • Authoritative restore: This takes place after a non-authoritative restore, thus helping to restore the entire system to a state before the AD objects were deleted. It uses the Ntdsutil command, which enables an authoritative restore of AD.

We cannot keep our server running without a proper power supply. So, let’s learn how to overcome this problem.

Power redundancy

Regardless of the processor’s power, memory capacity, data storage capacity, and the number of available network interfaces the server can have, all of this is useless if there is no constant power supply. Because the continuous power supply is crucial for a server’s overall functionality, the uninterruptible power supply (UPS) device (see Figure 11.20) has an important place in the server’s world. UPS is a battery-driven device that supplies the server with power during a power outage. However, despite the capabilities offered by UPS, it still does not provide a solution for lengthy power outages. For that reason, electric generators represent an alternative solution to overcome such issues:

Figure 11.20 – A rack-mountable UPS

Figure 11.20 – A rack-mountable UPS

This section has helped you learn about various redundancy technologies. Next, you will complete an exercise where you will monitor and manage logs using Event Viewer.

Chapter exercise – using Event Viewer to monitor and manage logs

This exercise will teach you how to set up centralized monitoring, filter Event Viewer logs, and change the default log location. Let’s dive right in!

Setting up centralized monitoring

To set up centralized monitoring in Windows Server 2022, follow these steps:

  1. Open the command prompt with elevated admin rights on a Remote Server, enter winrm quickconfig, and press Enter to configure LocalAccountTokenFilterPolicy to grant administrative rights remotely to local users.
  2. Right-click on the Start button and select Computer Management.
  3. Expand Local Users and Groups and click Groups.
  4. Open the administrator’s group and add the central server.
  5. Open a command prompt with elevated admin rights on a Central Server, enter wecutil qc, and press Enter.
  6. Press Y (for yes) when prompted to do so.
  7. From the command prompt window, enter eventvwr.exe to open Event Viewer.
  8. Right-click on Subscriptions and select Create Subscription...
  9. Enter a Subscription name and its description.
  10. Set Forwarded Events to Destination log.
  11. Select Remote Server by clicking the Select Computers button, as shown in the following screenshot, and click OK:
Figure 11.21 – Adding a Remote Server to collect events

Figure 11.21 – Adding a Remote Server to collect events

  1. In the Subscription Properties window, click on the Select Events... button and select Edit.
  2. Set the event logs filtering criteria you want to collect in the Query Filter window and click OK.
  3. Click on the Advanced... button to ensure that the machine account is the chosen option. Then, click OK.
  4. Click OK to close the Subscription Properties window.

Now that we have centralized monitoring, let’s filter Event Viewer logs.

Filtering Event Viewer logs

To filter the Event Viewer logs in Windows Server 2022, follow these steps:

  1. Press the Windows key + R, enter eventvwr.msc, and press Enter.
  2. Expand Windows Logs and select the log type that you want to filter.
  3. In the Actions pane, click on Filter Current Log..., as shown in the following screenshot:
Figure 11.22 – Filtering Event Viewer logs

Figure 11.22 – Filtering Event Viewer logs

  1. Set the filtering criteria in the Filter Current Log window to get the desired results.
  2. Click OK to close the Filter Current Log window.

Finally, let’s change the default logs location, which specifies the logging directory.

Changing the default logs location

To change the default logs location in Windows Server 2022, follow these steps:

  1. Press the Windows key + R, enter regedit, and press Enter.
  2. Locate the HKEY_LOCAL_MACHINESystemCurrentControlSetServicesEventLogSystem path.
  3. Open the File value within the System folder, enter the new path in the Value data text box, and click OK:
Figure 11.23 – Changing the default logs location in Windows Server 2016

Figure 11.23 – Changing the default logs location in Windows Server 2016

  1. Locate HKEY_LOCAL_MACHINESystemCurrentControlSetServicesEventLogApplication to change the default location for application logs.
  2. Locate HKEY_LOCAL_ MACHINESystemCurrentControlSetServicesEventLogSecurity to change the default location for security logs.
  3. Close the Registry Editor window.

This was a helpful exercise as it explained various ways of using Event Viewer to manage and monitor logs in Windows Server 2022.

Summary

This chapter taught you how to update and troubleshoot Windows Server 2022. You were provided with valuable information about updating Windows Server 2022, which helps add new features to the server and increase its security. Moreover, you learned about various troubleshooting methodologies that will help you take on the challenge of resolving issues. Furthermore, you learned about the different technologies you can use to add redundancy to the server.

Finally, this chapter concluded with an exercise that provided instructions on using Event Viewer to monitor and manage logs.

In the next chapter, you will learn how to study and prepare for the Microsoft certification exam.

Questions

Answer the following questions to test your knowledge of this chapter:

  1. A boot sector is a sector on a server’s ROM that contains the required information so that you can boot the server. (True | False)
  2. __________ is an MMC snap-in that enables system administrators to monitor events in servers.
  3. Which of the following is a troubleshooting method?
    1. Rational approach
    2. Pragmatic approach
    3. Systematic approach
    4. Specific approach
  4. Apple Product and Support Services engineers use a six-step troubleshooting model known as the detection method. (True | False)
  5. __________ is a device with a battery that continues to supply the server with power when a power outage occurs.
  6. Which of the following are Event Viewer types of logs?(Choose two)
    1. Application
    2. Security
    3. Software
    4. Driver
  7. The DRP is a well-structured plan that ensures the organization will continue providing services or recovering from situations when a disaster occurs as soon as possible. (True | False)
  8. __________ is a diagnostic test that verifies whether or not the server hardware is working correctly.
  9. Which of the following are Windows bootloaders? (Choose two)
    1. NTLDR
    2. BOOTMGR
    3. BOOT.INI
    4. BCDEDIT.EXE
  10. The Basic Input/Output System, known as the BIOS, is a program that controls the functionality of the server’s hardware components. (True | False)
  11. __________ refers to a group of servers that combine processor power, RAM, storage capacity, and network interfaces to achieve the high availability of services.
  12. Which of the following are backup types? (Choose two)
    1. Incremental
    2. Differential
    3. Arithmetic
    4. Geometric
  13. Discuss the startup process.
  14. Discuss the troubleshooting process.
  15. Discuss Event Viewer filtering and central logging.

Further reading

To learn more about the topics that were covered in this chapter, take a look at the following resources:

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.145.204.23