Monday, April 16, 2007

Eating My Own Dog Food

This weekend I upgraded my home production domain from Windows 2003 R2 (x32) and Exchange 2003 to Windows 2003 R2 SP2 (x64) and Exchange 2007. My goal was to pretend I was at a customer site and had to migrate this environment successfully to the new hardware.

My home production equipment consisted of a single Dell 4600 all-in-one box. It was a W2K3 R2 Enterprise domain controller with SP1, which also ran Exchange 2003 Enterprise SP2 and served as a DNS, WINS, WWW and file server. The server had a single Intel 2.8Ghz HT CPU, 2GB of RAM and a 160GB hard drive. My replacement server is a Dell E521 with an AMD Athlon 64 Dual-Core, 4GB of RAM and a 250GB hard drive.

Since I am still limiting myself to a single physical server, I decided to use VMware to virtualize most of my environment. All servers will run Windows Server 2003 R2 (x64) with SP2. The host server (GATEWAY) will be a workgroup server running Exchange 2007 Edge Server and VMware Workstation. The two virtual servers are DC01, a domain controller/DNS/WINS server, and EX01, an Exchange 2007 server with the Hub Transport, Client Access, and Mailbox roles. My LAN is connected to the Internet via a Netgear wireless router/firewall, as per the following diagram.

First I installed x64 Windows Server 2003 R2 Enterprise SP1 on GATEWAY and used the Microsoft Update site to install SP2, IE7, ADAM (required for Exchange Edge server) and all the critical updates. SP2 installs the Windows firewall by default, so I disabled it. Then I installed VMware Workstation 5.6. I chose Workstation since ESX will not recognize SATA drives and GSX only allows one snapshot per VM.

Next I created a base image VM using x64 Windows Server 2003 R2 Enterprise, upgraded to SP2, IE7 and all the critical updates, and disabled the firewall. I use this image to base all my servers on, which makes provisioning future servers a breeze.

I then created two new linked clone servers, DC01 and EX01 and joined them to the domain. I promoted DC01 to a domain controller and installed DNS and WINS. I installed IIS, .NET Framework 2.0 and 3.0, and the necessary patches on EX01 in preparation for Exchange 2007. I took a snapshot of both servers at this point and then began to install Exchange 2007.

Here's where it gets interesting. The Exchange 2007 setup has a lot of logic and workflow built into it. You pretty much install the DVD, answer a few questions and let it run. Setup will check that the server meets the prerequisites and pre-qualifies the environment to ensure a smooth installation. In theory. The installation went happily along updating the schema, preparing the domain and installing the server roles. But as it was installing the Hub Transport role it errored, saying that the disk could not be read and to try setup again later. It did not offer a "retry" button. The trouble turned out to be a smear of what I can only guess was macaroni and cheese on the DVD. Kids. Gotta love 'em.

So, I cleaned off the DVD and ran setup again. Now setup said that the Hub Transport role was not installed properly and to remove it first. Trouble is, neither setup or the Exchange Management Console (EMC) show that any roles have been installed, so I can't uninstall it. I'll spare you the gory details, but I tried uninstalling it using PowerShell, the switches in setup, and reverting to my snapshot. No good. I then removed the Exchange Administrative Group (FYDIBOHF23SPDLT) and Exchange Routing Group that setup automatically creates in a mixed mode environment using ADSI Edit. This let me run setup again, but now I got an error complaining that Exchange Administrative Group (FYDIBOHF23SPDLT) was missing. I recreated both the AG and RGC on the Exchange 2003 side (I had to use ADSI Edit again to rename the AG using the parentheses) and tried again. Success!

After I ensured that I had mail flow between the E2K3 and E2K7 servers, I installed the Edge Server role and Microsoft ForeFront (antivirus/antispam) on GATEWAY. This created a new RGC to the Internet on GATEWAY. I then created an EdgeSync subscription and tested it. I moved the mailboxes to EX01 and successfully tested OWA and Outlook.

Now to put it into production. I have one MX record published on the Internet for inbound email. My firewall allows SMTP port 25 and HTTP port 80 traffic to WWW (x.x.x.50). I reconfigured WWW to use a different address and configured GATEWAY to use x.x.x.50. I successfully tested inbound and outbound email and that my web pages worked properly from GATEWAY. I then reconfigured my firewall to forward SSL port 443 to EX01. Exchange setup automatically configures OWA on the CAS role to use SSL. I used to look back into my OWA and successfully tested email again.

The final step was to decommission my old DC/Exchange 2003 server. There are a few steps I needed to do in Exchange 2007, such as re-home the OAB, replicate Public Folder content, etc. After that, it was simply a matter of deleting the RGCs to the Exchange 2003 AG, deleting the old AG itself, and uninstalling Exchange 2003. I'm pleased to say that the customer is very satisfied. :)

I learned a lot through this entire process. Highlights are:
  • Dog food is delicious.
  • Ensure your media is OK. Keep sticky fingers and food away! I was surprised at this, since setup copies the binaries to the local hard drive and re-compiles them.
  • Microsoft put a lot of work into the install process, but it's not perfect. I would imagine I would have had the same problem if the DVD was ejected during setup.
  • Never give up. I could have always used exmerge and rebuilt my domain, but few customers would accept this.
  • 64-bit hardware, lots of RAM and VMware are "good things"
  • Giving 512MB to my virtual DC and 2GB to my virtual Exchange Server yields respectable performance
  • Since VM Workstation won't start as a service, I enabled auto-logon on GATEWAY and wrote a script that launches and runs my VM team
  • Microsoft Forefront is still a Sybari product with Microsoft stickers on it (needs work)
8:57 AM