locked
Repair and Maintenance on a Pre-Built WHS Server RRS feed

  • Question

  • The pictures of the HP WHS box that I saw showed a box with only two ports: power and ethernet.

    How do I troubleshoot a friend's box if I can't log in locally?  If the NIC dies, how do I know this?  Will the NIC report special codes to the admin console?  What if a virus infects the WHS?  How do I reload the OS?  How do I verify that updates are actually occuring?

    Suppose a cracker got through to the OS and was playing around.  How would I know if I can only see the shared folders?  Has anyone found a way to get through the shared folders to the OS?

    :-)  I want my WHS server to be reliable and secure.  How do we make certain that it is both?

    Thursday, March 8, 2007 1:27 PM

All replies

  • You can always use remote desktop from another machine on the home network to access the Administrator desktop on WHS. However, the intent is that the WHS will be used as a headless appliance on your home network, and all day-to-day administration will be done through the WHS Console. For various reasons, I would not open up the RDP port in a home user's edge firewall to allow remote access directly to the WHS desktop from the Internet.

    As for problems with the internal NIC, if that goes bad, you will completely lose connectivity to the WHS. Remote Desktop and the WHS Console will both stop working.

    It's unlikely that someone outside of your home network will be able to get through the shared folders to the OS. If you have a Wireless Access Point and it's configured with no security, of course, anyone walking by with a laptop and WiFi can get onto your home network. I'm not aware of any exploits to penetrate the shares on WHS at this time. Which is not to say they don't exist.  
    Thursday, March 8, 2007 8:39 PM
    Moderator
  • Part of my problem with a completely headless box is troubleshooting (I understand the capabilities of RDP).  It is conceivable that I am unable to log in to the box remotely (i.e. from another system in the house - not from the internet).  If that happens, how do we trouble shoot a system without a keyboard/mouse/monitor?

    Not trying to be difficult, I just don't know what to do on this point.  If the OS needs a reload, how do I do that?  Via the network?  Right now, if I want to troubleshoot a Windows system that doesn't boot properly, I use a LiveCD (BartPE or any number of the Linux CDs).  Can't do that if I don't have input into the box. 

    See, I think that there needs to be some changes to the NIC to make it easier to troubleshoot (maybe ver 2.0).  Might be that MS could pioneer a remote testing capability that can report back issues on the NIC.  I'm thinking something on the line of a BIOS for the NIC that can respond even if the card is mostly defunct.  Might be useful.

     

    Thursday, March 8, 2007 8:56 PM
  • These are all good questions. For general troubleshooting, I suspect there will be a way to hook KVM up, possibly only by cracking the case. There will certainly have to be something to indicate a general "hardware fault" condition, as well.

    As for the OS reload, are you aware that most modern hardware can boot from a USB device? Picture something like an internal read only 4 GB flash drive with the installer and a silent install response file. Flip a switch, reboot, and your ailing WHS reloads the OS overnight.

    Friday, March 9, 2007 1:14 AM
    Moderator
  • Here's a better idea that I have been pondering throughout the day.  This should work based on the rebuilding of the Tombstones (I think that's what they called them) that allow you to rebuild the main drive.  This will be much easier if the default is to duplicate the data.

    Drop in a special DVD that restores the OS without user intervention.  Pop in the disk and reboot.  When the DVD ejects, you can log in remotely as when the system was brand new.  If the drive is healthy and the backups were duplicated then little to no data should be lost. 

    Of course, this only works for software issues.  Now that I think about it, if the server could export a config file of all the critical settings (users, hashed passwords, permissions etc...) to the main comptuer (stored in an encrypted locker like a TrueCrypt file) then the file could be pushed back to the server when the OS has been restored and updated.  Also, providing updates manually, would be nice for this situation.  Having a CD already prepared with the updates would be useful to negate the need for two-three hours of updating....

     

    Friday, March 9, 2007 1:40 AM
  • I believe that the hardware vendor should provide a BIOS-based testing mechanism like the one found in computers such as the Dell Optiplex. A simple 4 LED indicator with green/orange lights that flash 'codes' during boot to indicate various hardware tests. If there is trouble, the LED code will tell you where the BIOS detected a problem. Since the HP device already has 4 LEDs (for the 4 internal HDDs) it's just a matter of instructing the BIOS to use them at bootup. Take it a step further and put a small LCD screen on the front of the unit to report health status, connection status, etc. Add a couple of buttons (like those found on computer monitors) and you can interact with the BIOS to troubleshoot / configure the system without the need for a keyboard, mouse, or monitor.

    Looking at the HP device I don't see any indication of an internal DVD drive. How would you reload WHS on this box? External DVD drive? Perhaps a PXE boot strap in the NIC firmware that would connect it to one of the home PCs so that the server could use the PCs drive to reload the OS. Better still, create a Pre-Execution environment (al, la BartPE) small enough to put on a USB drive. Force the WHS box to boot from it to connect to one of the home PCs to re-load the OS.

    I agree with mtgarden about the need to store the config data in the event of a rebuild. Since the WHS box has USB ports, how about exporting the data to a USB drive in an encrypted file. Once the reload is done, insert the key and it restores the config.

    A $10.00 USB drive could hold the backup config and the Pre-Boot environment. Include it with the WHS machine and put an installer on the DVD to reload the USB drive if it get's lost, erased, etc.

    I would hope that MS will include some kind of option during installation to have the WHS server 'call home' to get updates so that once the installation is complete, all critical patches are loaded w/o the need for user intervention. Then the user can connect to the server and apply any optional updates as he/she sees fit.

    Comments anyone?

    Friday, March 9, 2007 2:59 AM
  • There are tons of devices that run headless.  Most routers, NAS boxes, etc are running some form of Linux.  They have a web admin interface that lets you manage the configuration, but you don't get to admin the OS in the traditional sense.  (Unless you hack in, but I digress.)  This is the WHS model for the typical home user.

    Several thoughts:

    • OEMs like HP will have to deal with headless error reporting through blinking lights, beeps, etc.
    • When an appliance device really breaks, you send it to a repair depot or you toss it.
    • The Beta 2 installation procedure will be improved for the final product.
    • I would venture to say that one of greatest contributors to unreliability is the amateur administrator.  Just leave it alone.
    • In my work life, I develop software for telephony servers that run for years in an equipment room with little or no admin.   We've still got some NT 3.51 boxes in the field. Some of our biggest support problems start when someone changes settings.

     

    Friday, March 9, 2007 3:19 AM
  • MurMan99,

    While it is true that many devices are designed headless (i.e routers, switches, IPS, IDS etc...) they also have two things.  First, they do not have a full OS, but a specially designed redundant OS.  Secondly, they usually have a serial port for communication with the unit even when it is not plugged into the network (this is for setup purposes).

    With a robust OS like we have in the WHS, we need to ensure a reliable method for rebuilding the OS and/or a way to peer into the running OS.

    Friday, March 9, 2007 1:36 PM
  • You and I don't really disagree.  (Except your comment that routers use a 'redundant OS'.)   

    It's just that there's a difference between the support model for a consumer device for home networks versus a server that can be tweaked by technical users like us.  WHS is actually both devices and therefore will need two separate support models.  How one would answer your questions in this thread depend on which model you're talking about.  My earlier post was aimed at the support model for the broader consumer market.

    I'm not sure how the WHS Team views this issue, but I suspect that technical support will determine the success or failure of the WHS product.  Unfortunately for Microsoft, it is the OEM that is primarily responsible for the support.  It will be really interesting to see how they respond. 

    This is all just interesting conjecture at this point.  But, if I were the product manager for a consumer WHS product, I would not include a serial port. ( It's extra cost without a lot of value.)  The server is an Ethernet device, so that should be the interface.  If the Ethernet hardware is broken, send it back for repair.  If the software is broken, have a way to repair it or re-install it from the CD-ROM drive on a client computer.  For example, I can replace the hard drive and fully reload the OS of my Buffalo Linkstation over the network.  WHS devices will probably be able to do the same.

    Murray

    Friday, March 9, 2007 5:17 PM
  • How about a small restore partition that is activated by holding the power switch in during boot or some such.  HP's restore partitions are fairly decent.

     

    I have to say that personally the only way I'd have had a headless WHS server in my house is if it were less expensive than the $180.00 for the OEM software. 

     

    Wednesday, October 24, 2007 1:39 AM
  • Jeshimon, you should take a look at the documentation on the OPK disk that came in your package. You'll see how Microsoft intends for a server recovery to work on the pre-built units.
    Wednesday, October 24, 2007 2:30 AM
    Moderator
  • Ken,

    After I saw your message I took a look.  Pretty impressive really.  I kind of wish I was willing to pay the price of admission; but I'd rather spend that money elsewhere.

    Jim

     

    Wednesday, October 24, 2007 5:10 AM