ITD Server Management Working Guidelines
ITD Server Management Working Guidelines

Managing Windows Servers
o How to Check Windows Updates
o How to Check the Virus Definition Files
o How to Defragment a Disk
o How to Reboot a Windows Server
o How to Check Log Files
o Management of Administrator Password.
o How to Check Scheduled Tasks
o How to Backup Windows Server Print Queues
o How to Report Server Errors

Managing Linux Servers
o How to Check Linux Server Patches
o How to Reboot a Linux Server
o How to Defragment a Disk
o How to Check Log Files
o
o Management of Administrator/System Password
o How to Report Server Errors

Managing Server Hardware and Peripherals
o How to Check the SAN
o Windows and Linux Server backup
o How to Check a UPS
o How to Report Equipment Failure
Managing Windows Servers
How to Check Windows Updates
Introduction
Logon to the WSUS server and start the Windows Server Updates Services. Servers with the yellow
warning icon can be ignored. They are servers that have received the latest critical and security updates
but not optional non-critical updates.
Servers that are requested by the Application Manager not to get updates are listed in the Organisational
Unit (OU) “Server No Updates” in Active Directory and in the “Servers No Updates” Computer Group
in WSUS.
The electronic version of this document is the latest version. It is the responsibility of the individual to ensure that any paper material is the
current version. Printed material is uncontrolled documentation.
Page 1 of 14
Revision: 15
ITD Server Management Working Guidelines
Summary of Procedure
1. Log on to WSUS server and start Windows Server Updates Services:
2. Select a Computer Group, e.g. ES Servers.
3. Sort computers on “Last Status Report”.
4. Check any ITD server with a Last Status Report is older than two days or has an error icon. In
the diagram above, lenelsrv has an error icon.
5. For each server that displays a Last Status Report older than two days or an error icon, log on to
the server and run up Windows Update to check if the latest updates have installed. Click the
Express button (see screenshot below):
The electronic version of this document is the latest version. It is the responsibility of the individual to ensure that any paper material is the
current version. Printed material is uncontrolled documentation.
Page 2 of 14
Revision: 15
ITD Server Management Working Guidelines
6. Install any updates needed, run again to double check:
The electronic version of this document is the latest version. It is the responsibility of the individual to ensure that any paper material is the
current version. Printed material is uncontrolled documentation.
Page 3 of 14
Revision: 15
ITD Server Management Working Guidelines
7. It is possible that some servers DO have the latest updates installed but display an error icon in
the Windows Updates Services console. Note these in the reports submitted.
8. Repeat this procedure for the Servers and “TS Servers” groups. Note: the Servers group contain
non-ITD servers. Ignore these and check only ITD servers.
Using Windows Update
1. Click on Start, All Programs, Windows Update.
2. Click on Check for Updates
3. When the high-priority updates are listed, click the Install Updates button.
4. Click the Express button to get high-priority updates.
5. When the high-priority updates are listed, click the Install Updates button.
6. A license agreement window may then pop up. Click I Agree to proceed with the updates. If a
restart is required, click NO.
7. Schedule a restart with the Task Scheduler in Administrative Tools using the shutdown
command.
Remember if you are updating a server that it might not be possible to restart it there and then because
most servers are “Mission Critical Systems” – P1 Servers. Do not restart P1 servers during working
hours. Therefore, you have to schedule a system restart. Contact the server’s Application Manager for a
suitable time to schedule the restart of the server.
Checking Virus Definitions
Kaspersky Endpoint Security protects all Windows servers. The Windows servers receive the
Kaspersky virus definitions from the Kaspersky server.
1. Log onto the KASPERSKY server and start the “Kaspersky Security Center” console:
The electronic version of this document is the latest version. It is the responsibility of the individual to ensure that any paper material is the
current version. Printed material is uncontrolled documentation.
Page 4 of 14
Revision: 15
ITD Server Management Working Guidelines
2. Click on the Managed Computers, ul.campus, Servers:
The electronic version of this document is the latest version. It is the responsibility of the individual to ensure that any paper material is the
current version. Printed material is uncontrolled documentation.
Page 5 of 14
Revision: 15
ITD Server Management Working Guidelines
3. Click on the different server groups to check the status, e.g. TS Servers:
4. Address any problems with the servers as per the Kaspersky Endpoint Security
Administrator’s Guide. All Kaspersky documention is available on the Kaspersky website,
www.kaspersky.com.
How to Defragment a Disk
Your hard drive is like a book with thousands of pages. Every time your computer writes a file to the hard drive, it
starts writing at the first "page." As files of different sizes are deleted and written, when your computer writes a
file, it may use a few pages here, then skip forward to the next empty page, then skip forward to the next empty
page after that. This process of breaking files into pieces of files is disk fragmentation. Fragmented disks may
cause system to run a little slower. Defragmenters move around these pieces of files until they all line up.
Running a defragmenter every month or so is good system maintenance, especially if your hard drive is almost
full
Windows Servers: How to use the Defragmentation Utility
Consult the Help in the various versions of Microsoft Windows Server to configure the built-in
defragmentation utility.
The electronic version of this document is the latest version. It is the responsibility of the individual to ensure that any paper material is the
current version. Printed material is uncontrolled documentation.
Page 6 of 14
Revision: 15
ITD Server Management Working Guidelines
How to Reboot a Windows Server
Generally, Windows servers reboot without incident. If for some reason you find that a server has
powered up correctly after a reboot, this indicates a hardware failure or corruption of the Windows
operating system. Any of which will require more detailed analysis and intervention. If you become
aware that a server has rebooted due to a power failure or some other event, then you should check the
following.
1. Check any attached storage to the server and deal with any problem with the storage before
rebooting the server.
2. Check that there are no red lights flashing on the server or any of its disks. Red lights usually
indicate a hardware fault. If this is the case, contact the server provider and have the serial
number of the server ready when talking to the vendor.
3. If the Windows server has rebooted, check that it connects to the network and that all users can
reach it.
4. Check that all services on the server have started correctly.
How to Check Log Files?
1. When troubleshooting a problem, log onto the relevant Windows Server using an administrator
account.
2. Right Click on the My Computer icon on the desktop. Select Manage from the menu that
appears. There should be three log files present Application, System and Security.
3. Check all the log files for entries relating to the problem you are troubleshooting.
Management of administrator/system password
1. Account privilege is allocated on the basis of functional tasks.
2. Administrator/system passwords are changed every 30 days using Password Manager Pro.
3. Password creation follows the following complexity policy:



Not contain all or part of the user's account name
Be at least six characters in length
Contain characters from at least two of the following four categories:
o English uppercase characters (A through Z)
o English lowercase characters (a through z)
o Base 10 digits (0 through 9)
o Non alphanumeric characters (e.g. !, $, #, %)
The electronic version of this document is the latest version. It is the responsibility of the individual to ensure that any paper material is the
current version. Printed material is uncontrolled documentation.
Page 7 of 14
Revision: 15
ITD Server Management Working Guidelines
How to Check Scheduled Tasks
1. Remotely examine the Scheduled Tasks on a server as follows: click Start, Run…, type
\\servername, e.g. \\NODE3, in the Open text box, hit Enter or click OK, then double-click on
the Scheduled Tasks share.
2. Look at the Last Result field for each task. If it’s not 0x0, log onto the server and investigate
further.
How to Backup Windows Server Print Queues
Print queues on servers, CASTALDI1, CASTALDI2, PAYPRINT64, and TRIALPRINT are backed up
monthly to this folder: \\Clio\PrintQueueBackup.
The PrintBRM utility, used to back up print queues, runs in command-line mode on a schedule on each
print server.
The print queue backup script files are in C:\Scripts on each server.
Three printerExport files for each server are retained for 21 days.
How to Report Server Errors
Report all server errors to the Technical Systems Support Team Leader. The Team Leader determines
what action to take.
Managing Linux Servers
How to check Linux Server Patches
Consult the on-line documentation for the relevant version of Linux to determine how to check patch
levels, e.g. www.redhat.com, www.ubuntu.com.
How to Reboot a Linux Server
To reboot a Linux server, use the following procedure
Redhat Linux
1. Log on to the server from the console or remotely as root.
2. Open a terminal session and type the following command
shutdown –r now (To shutdown and reboot)
shutdown –h now (To shutdown and power down the system)
Ubuntu Linux
The electronic version of this document is the latest version. It is the responsibility of the individual to ensure that any paper material is the
current version. Printed material is uncontrolled documentation.
Page 8 of 14
Revision: 15
ITD Server Management Working Guidelines
1. Logon to the server from the console or remotely note that the root account is disabled.
2. Use the following command “sudo shutdown –r now” to reboot the server.
3. Use the following command “sudo shutdown –h now” to shut down the server.
Note: when using the sudo command you will be asked for a password before proceeding.
How check a disk on a UNIX or Linux server
Every time a LINUX server reboots, a check is done to see when the last time the disks were checked. If
it has been more than 90 days the disk is checked automatically at reboot. Also, if there is an abnormal
shut down of a server, there is an automatic file system check done and any problems are reported. It is
important that someone monitor this process as it sometimes requires user input. You may check any file
system manually by using the following commands.
Redhat Linux
Logon as root
Unmount the file system you want to check using umont <file System>
Run the check disk command using the
/sbin/fsck -t <File system type eg. ext4> /dev/<disk>
Example: /bin/fsck –t ext4 /dev/sda
Ubuntu Linux
Logon to the server
Unmount the file system you want to check using sudo umont <file System>
Run the check disk command using the
sudo /sbin/fsck -t <File system type eg. ext4> /dev/<disk>
Example: sudo /bin/fsck –t ext4 /dev/sda
Note: you will be asked for a password when using the sudo command.
How to check the Log Files on a LINUX Server?
On a LINUX server, the mail log files are located in the /var/log directory also the root mail file is
located in /var/spool/mail. These log files can be used by using a standard text editor (vim or vi) or by
using the more or cat commands.
Report any suspicious activity in these logs tot the Technical Systems Support Team Leader.
Password Management
The electronic version of this document is the latest version. It is the responsibility of the individual to ensure that any paper material is the
current version. Printed material is uncontrolled documentation.
Page 9 of 14
Revision: 15
ITD Server Management Working Guidelines
Software application, Password Manager Pro, manages passwords for Linux and Windows servers.
The following is the policy used for generating passwords.
Key elements of the management of the Password Manager Pro application include:









Use of the Password Manager Pro console to maintain awareness and control of all Linux and
Windows server passwords.
The daily monitoring of Password Manager Pro reports.
Monitoring of Password Manager Pro to ensure that all server passwords are unexpired and
correcting expired password problems, as required.
Monitoring of Password Manager Pro to ensure that all server passwords are synchronised and
correcting unsynchronised passwords, as required.
Registration in Password Manager Pro of all servers currently on the Production Network.
Recording the following information for each server in Password Manager Pro: Server Name;
Domain; VLAN; Operating System type; Status, i.e. Production/Non Production.
Assigning registered servers to one of the following groups: Enterprise Solutions; Technology
Solutions; CommNet; VMWare.
Controlling access to passwords for each server group using Active Directory Security Groups.
Registration of new servers on request from application managers in accordance with the ITD
Server Deployment Procedure and Change Control.
The electronic version of this document is the latest version. It is the responsibility of the individual to ensure that any paper material is the
current version. Printed material is uncontrolled documentation.
Page 10 of 14
Revision: 15
ITD Server Management Working Guidelines








Removal of obsolete servers from Password Manager Pro on request from application managers
in accordance with the ITD Server Decommissioning Procedure and Change Control.
Establishment of a Disaster Recovery site PMP server with failover enabled.
Identification and rectification of a broad range of operational exceptions and error conditions.
Responding to enquiries by users, specialists or others.
Provision of training on the use of Password Manager Pro, as required.
Provision of training materials (a help document placed on SharePoint).
Dealing effectively with a broad range of Password Manager Pro problems of moderate
complexity, only escalating those that need specialist or management attention.
Reporting on the status of Linux and Windows password management to the Technology
Solutions Weekly Section Meeting.
Windows and Linux server Backup
The software application, Commvault Simpana, backs up data on high priority Windows and Linux
servers. A backup schedule is set up for each server. A number of Storage Policies determine the
retention period for the backups. These Storage Policies are defined in the CommVault Simpana
software and all logging of backups is stored in application database. The backups are managed by
running the CommVault Commserve GUI application on your PC. All log files and storage policies are
accessible using the CommVault GUI application.
How to Report Server Errors
Report all server errors to the Technical Systems Support Team Leader. The Team Leader determines
what action to take.
Managing the VMWARE infrastructure
Use the VMware vSphere Client or VMware vSphere Web Client to manage the VMware infrastructure.
Patching of ESXI hosts.
The ESXi hosts are patched regularly (every one to two months) to ensure their patching is up to date.
Managing Server Hardware and Peripherals
SAN Infrastructure
The electronic version of this document is the latest version. It is the responsibility of the individual to ensure that any paper material is the
current version. Printed material is uncontrolled documentation.
Page 11 of 14
Revision: 15
ITD Server Management Working Guidelines
The SAN infrastructure currently consists of 6 EMC storage arrays. These arrays are managed by
logging on to them from a web browser and running UNISPHERE. The IP addresses of the storage
arrays are listed in the table below.
Array
VNX5100South
VNX5100North
VNX5300South
VNX5300North
VNXe3150South
VNX33150North
IP Address
10.220.32.110
10.220.32.100
10.220.32.112
10.220.32.102
10.220.32.104
10.220.32.116
IP addresses for Storage Arrays.
How to Check a UPS
An uninterruptible power supply (UPS) is a device that sits between an A/C outlet (i.e. a wall outlet or
power strip) and an electronic device (such as a computer, server, or phone equipment) to prevent power
disturbances (outages, sags, surges, spikes, noise, etc.) from affecting the performance and life of the
electronic device and vital data.
A UPS contains batteries that provide backup power to your system in the event of a power outage to
give you the time to save all open files and gracefully shut down the system.
In the ITD Computer Room, GLG-009, there are two large UPS units supplying power to the servers,
SAN equipment and switches in the room. The display panels on the UPS units may checked for errors
or faults. Additionally, alerts are sent to key personnel in the event of a critical change in status.
Equipment Failure
Log hardware faults in the call logging system and then log the hardware faults with the relevant
maintenance contractor. Contact information for the maintenance contractors is in the Contact
Information spreadsheet here:
https://sharepoint.ul.ie/SiteDirectory/ITDManagement/servermanagement/Hardware%20Maintenance%
20Contracts/Forms/AllItems.aspx.
The electronic version of this document is the latest version. It is the responsibility of the individual to ensure that any paper material is the
current version. Printed material is uncontrolled documentation.
Page 12 of 14
Revision: 15
ITD Server Management Working Guidelines
Revision History
Revision No.
1
2.
Date
Mar. ‘05
Mar. ‘05
Approved by:
Management Team
M.L.
3
6 July 05
ML
4
12 Oct 05
KOM
5
9th July 07
KOM
6
10 July 2007
KOM
7
2 September
2008
Kim O’Mahony
8
8 September
2008
Kim O’Mahony
9
15 May ‘09
Kim O’Mahony
10
20 January
2011
Kim O’Mahony
11
28 April 2011
12
7 July 2011
Brian Sexton / Kim
O’Mahony
Details of Change
Initial Release.
Inclusion of revision history and footer
information.
Combined several documents into this one.
Combined separate desktop and corporate
procedures into common procedures.
Added additional how to’s
Eamonn Fitzgerald added a section entitled
‘Print Server Backup’
Eamonn T updated backup section to
reflect changes to backup operations.
Brian Sexton replaced the Server Patches
section with a Windows Updates section;
replaced the old Virus Definitions section
with a new section; rewrote the Windows
Defragement a Disk section; made minor
changes to other sections; reordered the
sections to coincide with the order listed at
the beginning of the document; created
separate Windows, Linux/Unix and
hardware sections.
Brian Sexton updated the How to Backup
Windows Server Print Queues section;
added Windows and Linux How to Report
Server Errors sections; and updated the
Equipment Failure section.
Brian Sexton updated the Equipment
Breakdown section to include a reference to
Contact Information for the hardware
maintenance contractors.
Eamonn T added a section on Password
Management using Password Mgt Pro.
Brian Sexton updated the Management of
administrator/system password section to
reconcile it with the Password
Management section.
Brian Sexton added the responsibilities and
duties of the Data Centre Officer to the
Backups and Password Management
sections; the How to Check Windows
Updates and How to Check the Virus
Definition Files sections were updated
using original notes written by Eugene
Murnane.
Brian Sexton
Brian Sexton updated the How to Backup
Windows Server Print Queues section to
reflect the use of the PrintBRM utility.
The electronic version of this document is the latest version. It is the responsibility of the individual to ensure that any paper material is the
current version. Printed material is uncontrolled documentation.
Page 13 of 14
Revision: 15
ITD Server Management Working Guidelines
13
14
9 Feb 2012
23 March 2016
Eamonn T Fitzgerald
/ KOM
Removed reference to manual checklist
Eamonn T Fitzgerald
Cleaned up document
Removed reference to old operating
systems.
Deleted obsolete sections.
Added in sections for VMware and new
storage arrays.
15
30th January
2017
Brian Sexton
Updated the “How to Check Windows
Updates” section: replaced screenshots,
updated the text.
Updated the “Checking Virus Definitions”
section: removed reference to Forefront;
added reference to Kaspersky; added
Kaspersky screenshots; updated the
defragmentation section; revised the Linux
sections; revised the print backup section;
revised the Password Manager Pro section;
updated the VMware section; revised the
UPS section.
The electronic version of this document is the latest version. It is the responsibility of the individual to ensure that any paper material is the
current version. Printed material is uncontrolled documentation.
Page 14 of 14
Revision: 15