Whether you can upgrade an existing server to Microsoft Windows Server 2003 depends on hardware compatibility, available disk space, and adequate hardware resources (such as the CPU and RAM). Upgrading to Windows Server 2003 is also dependent upon the existing Windows version on the target system—Setup will only upgrade Microsoft Windows NT 4 Server (with Service Pack 5 or later) and Microsoft Windows 2000 Server to Windows Server 2003.
To upgrade to Windows Server 2003, you must take into account different considerations depending upon whether you are currently running a Windows NT 4 network environment or a Windows 2000–based network with the Active Directory directory service already implemented. Yet there are also issues common to each of these scenarios, such as whether the server hardware is adequate. For many companies running Windows NT 4 servers, it is questionable whether the server hardware can adequately support Windows Server 2003 operational requirements.
Before you begin the upgrade process, you must consider several areas of information, including the most basic, such as whether your existing hardware and software support upgrading to Windows Server 2003. If upgrades are not supported, starting off with a new installation on new server hardware and migrating the user and group information to the new server might be your only option.
You can upgrade a system to Windows Server 2003 only if you're currently running Windows NT 4 Server with Service Pack 5 or later or a Windows 2000 Server platform. Further, servers running Windows NT 4 Enterprise Edition or Windows 2000 Advanced Server must be upgraded to Windows Server 2003, Enterprise Edition. Additionally, Windows 2000 Server using the Remote Storage service must be upgraded to the Enterprise Edition of Windows Server 2003.
A range of network services and applications require consideration and preparation prior to upgrading the hosting servers.
Itanium (IA-64) versions of Windows Server 2003 The Itanium (IA-64) versions do not support 16-bit applications (with the exception of Microsoft Windows Acme setup), nor do they support 32-bit device drivers. Likewise, 32-bit drive management utilities and 32-bit antivirus programs do not operate on 64-bit versions of Windows Server 2003, and the 32-bit Web components cannot be loaded in the 64-bit version of Microsoft Internet Explorer.
UDDI and SQLXML You can't run Universal Description, Discovery, and Integration (UDDI) and Microsoft SQL Server 2000 Web Release (SQLXML) on the same machine because of their differing requirements for Microsoft Internet Information Services (IIS) support. SQLXML requires the Isolation mode used by IIS 5, while UDDI uses the new worker process Isolation mode of IIS 6.
Cluster service Upgrading Windows 2000 Cluster service to Windows Server 2003 Cluster service requires that you restart the Cluster service. To restart this service, you must log on using an account that is a member of both the local Administrators group as well as the Domain Admins group. When you upgrade from Windows NT Cluster service, the security descriptor does not contain the system security identifier, or SID (see Microsoft Knowledge Base article 812876).
Windows 2000 SP3 required for Windows Server 2003 admin tools Windows Server 2003 administrative tools can be used only to manage Active Directory on a server running Windows 2000 Server if it has Service Pack 3 (SP3) or is using unsigned Lightweight Directory Access Protocol (LDAP) traffic.
Inside Out: IIS is not installed by default
Although there are many changes in IIS between Windows 2000 and Windows Server 2003, the key change of interest here is that it is no longer installed by default—if IIS isn't already installed on the server that you are upgrading to Windows Server 2003, it won't be installed during the setup process. Even if IIS is installed, it will not be started automatically when the server starts up, even if it was configured to do so before the upgrade. Security is tighter by default on new installations of IIS in Windows Server 2003, yet if you upgrade an existing IIS Web server, the Windows Server 2003 default security constraints will not be applied to this installation. For further information on IIS 6, see IIS 6 Administrator's Pocket Consultant, by William R. Stanek (Microsoft Press, 2003). You can either set the service to start automatically after installation or preconfigure the system to support IIS. To enable IIS to retain its operational status after the upgrade, you must prepare the server by performing the following steps:
Secure the IIS server by using the IIS Lockdown Tool, which is available at http://www.microsoft.com/windows2000/downloads/recommended/iislockdown/default.asp.
Make a dword entry (the name is arbitrary) with a value of 1 in the following registry node:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesW3SVC RetainW3SVCStatus
If performing an unattended installation, set DisableWebServiceOnUpgrade=false (in the [Internet Server] section of the Unattend.txt file).
The following are also some baseline changes in security configuration:
Default is more restrictive The default security settings for new installations of Windows Server 2003 are more restrictive than Windows 2000 Server (or Windows NT 4). Windows Server 2003 Setup will, however, retain existing security settings during an upgrade (i.e., the existing security configuration will not be enhanced by upgrading).
Internet Explorer is more restrictive Internet Explorer is set up with an enhanced security configuration, which by default disables scripting, ActiveX controls, file downloading, and the browser virtual machine. Also, Internet zone security settings are set the same as Restricted zone, and by default all sites are assigned to the Internet zone. Pass-through authentication of user credentials is blocked outside of the Local Intranet zone. These Internet Explorer settings can be configured by using the Advanced tab of the Internet Options icon on Control Panel.
Downloading software updates Because of the security enhancements set in Internet Explorer, you might be unable to download software updates from the Internet until you add those sites to the Trusted zones.
Because upgrade processes can and do err, verify that you have an effective recovery plan in place prior to commencing with an upgrade. Likewise, a migration can include removing information from the source domain; thus, prior to either an upgrade or migration, you should make sure that you have verified backups.
You can create an image of the system partition prior to upgrading so that you can restore its original state quickly if needed. Verify the method of backup (network share, CD, DVD) and restoration (network connectivity, imaging software, drivers, etc.) before beginning an upgrade or migration. Create the Emergency Repair Disk in case the upgrade does not complete successfully.
If you are upgrading an existing Windows 2000 domain or forest, the Active Directory schema information must be updated before you can begin. Run the Active Directory Preparation Wizard (Adprep.exe) with the /Forestprep parameter to upgrade the forest data and with the /Domainprep parameter to upgrade the domain information. Normally, this process is successful, but it can fail, and, worst case, it can render the domain controller inoperative. To ensure that you can recover from such disasters, you should do a full backup of two domain controllers from each domain in the forest before running the ADPREP /FORESTPREP command and verify the backup media.
If you are upgrading a Windows NT 4 domain or domain controller, no previous forest and domain schema exists; thus, Windows NT 4 domains are changed to Windows Server 2003 domains as part of the upgrade process. Nevertheless, you will want to verify you have backups of the domain controller, as well as keep a current functional backup domain controller (BDC) offline and available to restore network functionality in case of abject upgrade failure.