Windows 7 / Getting Started

---

Maintaining Windows Server 2008

Maintaining Windows 2008 systems isn't an easy task for administrators. They must find time in their firefighting efforts to focus and plan for maintenance on the server systems. When maintenance tasks are commonplace in an environment, they can alleviate many of the common firefighting tasks.

The processes and procedures for maintaining Windows 2008 systems can be separated based on the appropriate time to maintain a particular aspect of Windows 2008. Some maintenance procedures require daily attention, whereas others might require only quarterly checkups. The maintenance processes and procedures that an organization follows depend strictly on the organization; however, the categories described in the following sections and their corresponding procedures are best practices for organizations of all sizes and varying IT infrastructures.

Daily Maintenance

Certain maintenance procedures require more attention than others. The procedures that require the most attention are categorized into the daily procedures. Therefore, it is recommended that an administrator take on these procedures each day to ensure system reliability, availability, performance, and security. These procedures are examined in the following three sections.

Checking Overall Server Functionality

Although checking the overall server health and functionality might seem redundant or elementary, this procedure is critical to keeping the system environment and users working productively.

Some questions that should be addressed during the checking and verification process are the following:

• Can users access data on file servers?
• Are printers printing properly? Are there long queues for certain printers?
• Is there an exceptionally long wait to log on (that is, longer than normal)?
• Can users access messaging systems?
• Can users access external resources?

Verifying That Backups Are Successful

To provide a secure and fault-tolerant organization, it is imperative that a successful backup be performed each night. In the event of a server failure, the administrator might be required to perform a restore from tape. Without a backup each night, the IT organization will be forced to rely on rebuilding the server without the data. Therefore, the administrator should always back up servers so that the IT organization can restore them with minimum downtime in the event of a disaster. Because of the importance of the backups, the first priority of the administrator each day needs to be verifying and maintaining the backup sets.

If disaster ever strikes, the administrators want to be confident that a system or entire site can be recovered as quickly as possible. Successful backup mechanisms are imperative to the recovery operation; recoveries are only as good as the most recent backups.

Monitoring Event Viewer

Event Viewer is used to check the system, security, application, and other logs on a local or remote system. These logs are an invaluable source of information regarding the system. The Event Viewer Overview and Summary page in Server Manager is shown.

NOTE: Checking these logs often helps your understanding of them. There are some events that constantly appear but aren't significant. Events will begin to look familiar, so you will notice when something is new or amiss in your event logs.

All Event Viewer events are categorized either as informational, warning, or error. Some best practices for monitoring event logs include the following:

• Understanding the events that are being reported
• Setting up a database for archived event logs
• Archiving event logs frequently

To simplify monitoring hundreds or thousands of generated events each day, the administrator should use the filtering mechanism provided in Event Viewer. Although warnings and errors should take priority, the informational events should be reviewed to track what was happening before the problem occurred. After the administrator reviews the informational events, she can filter out the informational events and view only the warnings and errors.

To filter events, do the following:

1. Expand the Event View folder in Server Manager.
2. Select the log from which you want to filter events.
3. Right-click the log and select Filter Current Log.
4. In the log properties window, select the types of events to filter. In this case, select the Critical, Error, and Warning check boxes.
5. Click OK when you're done.

The results of filtering on the system log. You can see in that there are a total of 7,510 events. In the message above the log, the filter is noted and also the 304 resulting number of events. The filter reduced the events by a factor of over 20 to 1. This really helps reduce the volume of data that an administrator needs to review.

Some warnings and errors are normal because of bandwidth constraints or other environmental issues. The more you monitor the logs, the more familiar you will become with the messages and, therefore, the more likely you will be able to spot a problem before it affects the user community.

TIP: You might need to increase the size of the log files in Event Viewer to accommodate an increase in logging activity. The default log sizes are larger in Windows 2008 than in previous versions of Windows, which were notorious for running out of space.

Weekly Maintenance

Maintenance procedures that require slightly less attention than daily checking are categorized in a weekly routine and are examined in the following sections.

Checking Disk Space

Disk space is a precious commodity. Although the disk capacity of a Windows 2008 system can be virtually endless, the amount of free space on all drives should be checked at least weekly if not more frequently. Serious problems can occur if there isn't enough disk space.

One of the most common disk space problems occurs on data drives where end users save and modify information. Other volumes such as the system drive and partitions with logging data can also quickly fill up.

As mentioned earlier, lack of free disk space can cause a multitude of problems including, but not limited to, the following:

• Application failures
• System crashes
• Unsuccessful backup jobs
• Service failures
• The inability to audit
• Degradation in performance

To prevent these problems from occurring, administrators should keep the amount of free space to at least 25%.

CAUTION: If you need to free disk space, you should move or delete files and folders with caution. System files are automatically protected by Windows 2008, but data is not.

Verifying Hardware

Hardware components supported by Windows 2008 are reliable, but this doesn't mean that they'll always run continuously without failure. Hardware availability is measured in terms of mean time between failures (MTBF) and mean time to repair (MTTR). This includes downtime for both planned and unplanned events. These measurements provided by the manufacturer are good guidelines to follow; however, mechanical parts are bound to fail at one time or another. As a result, hardware should be monitored weekly to ensure efficient operation.

Hardware can be monitored in many different ways. For example, server systems might have internal checks and logging functionality to warn against possible failure, Windows 2008's System Monitor might bring light to a hardware failure, and a physical hardware check can help to determine whether the system is about to experience a problem with the hardware.

If a failure has occurred or is about to occur, having an inventory of spare hardware can significantly improve the chances and timing of recoverability. Checking system hardware on a weekly basis provides the opportunity to correct the issue before it becomes a problem.

Running Disk Defragmenter

Whenever files are created, deleted, or modified, Windows 2008 assigns a group of clusters depending on the size of the file. As file size requirements fluctuate over time, so does the number of groups of clusters assigned to the file. Even though this process is efficient when using NTFS, the files and volumes become fragmented because the file doesn't reside in a contiguous location on the disk.

As fragmentation levels increase, disk access slows. The system must take additional resources and time to find all the cluster groups to use the file. To minimize the amount of fragmentation and give performance a boost, the administrator should use the Disk Defragmenter to defragment all volumes. As mentioned earlier in the tutorial, the Disk Defragmenter is a built-in utility that can analyze and defragment volume fragmentation. Fragmentation negatively affects performance because files aren't efficiently read from disk. There is a command-line version of the tool and a graphical user interface version of the tool.

To use the graphical user interface version of the Disk Defragmenter, do the following:

1. Start Disk Defragmenter by choosing Start, Run.
2. Enter dfrgui and click OK.
3. The tool automatically analyzes all the drives and suggests whether to defragment. This only happens if disk defragmentation is not scheduled to run automatically.
4. Click Defragment Now to defragment immediately.
5. Select the volumes to defragment (all volumes, by default), and click OK. Defragmentation will start.
6. The defragmentation runs independently of the Disk Defragmenter GUI, so you can exit the tool while the defragmentation is running by clicking Close.

Unlike previous versions of the software, the Windows 2008 Disk Defragmenter does not show a graphical view of the Disk Defragmenter.

The Disk Defragmenter also allows the administrator to set up a schedule for the backup. This modifies the ScheduledDefrag task in the Task Scheduler (located in Task Scheduler\Task Scheduler Library\Microsoft\Windows\Defrag\). After selecting the Run on a Schedule option, the schedule can be set by clicking the Modify Schedule button and the volumes to be defragmented can be selected by clicking the Select Volumes button. New volumes will automatically be defragmented by the task.