- Using Remote Desktop for Administration
- Taking Advantage of Windows Server 2003 Administration Tools
- Using Out-Of-Band Remote Administration Tools for Emergency Administration
- Using and Configuring Remote Assistance
- Securing and Monitoring Remote Administration
- Delegating Remote Administration
- Administering IIS in Windows Server 2003 Remotely
- Summary
Using Out-Of-Band Remote Administration Tools for Emergency Administration
All the methods for remote access to Windows Server 2003 servers discussed so far in this chapter rely on what are considered in-band connections. In-band connections typically involve connecting to the server directly through a network connection, and then using Terminal Service or Remote Desktop to manage the server with tools provided by Windows Server 2003. In-band connections are used with servers that are functioning normally. Out-of-band connections, on the other hand, refer to connections to a server that do not rely on a network connection, or a fully functioning server. Out-of-band remote administration is made available in Windows Server 2003 Emergency Management Services (EMS) to enable you to connect to and repair servers that are unavailable by in-band methods of connection.
Emergency Management Service (EMS)
Emergency Management Service (EMS) is a new feature available in Windows Server 2003 that enables you to manage servers remotely that are not available through the normal (network) connections. With EMS and appropriate server hardware equipped with supporting firmware, you can manage a server without the need for a keyboard, mouse, local monitor, or video adapter. EMS uses text-mode communication only, which provides flexibility as to the means by which servers are remotely accessed. These methods include serial connections, terminal concentrators, and terminal emulators.
With the proper hardware and EMS configuration, out-of-band support is provided to the server's kernel components, the loader, setup, Recovery Console, and Stop errors. When the server is up and running, EMS provides a text-mode management console called Special Administration Console (SAC), which will be discussed later in this section.
If the server hardware supports it, EMS can be installed with the Windows Server 2003 operating system. By enabling firmware console redirection in the system's BIOS before installing the OS, EMS will be self-configured on installation. To enable EMS after the operating system is installed, you can use the bootcfg.exe command with the /EMS switch in the command console. For example, the following command enables EMS to use COM1 with a baud rate of 19200 on the first boot entry ID:
bootcfg.exe Syntax
The syntax for the bootcfg.exe /EMS command is illustrated as follows:
BOOTCFG /EMS value [/S system [/U user [/P [password]]]] [/PORT port] [/BAUD baudrate] [/ID bootid]
Parameter List:
/EMSs |
Value |
On, Off, or Edit |
/S |
computer |
Specifies a remote computer |
/U |
Domain\user |
Specifies user context |
/P |
password |
Password for the user account |
/PORT |
port |
Specifies the COM port to be used for redirection. Valid ports are COM1, COM2, COM3, COM4, BIOSSET(EMS uses BIOS settings). |
/BAUD |
baudrate |
Valid baudrates are 9600, 19200, 57600, 115200. |
/ID |
Bootid |
Specifies the boot entry ID to add the EMS option. This is required when the EMS value is set to ON or OFF. |
Configuring the Serial Connection for EMS
As indicated in the previous section, for EMS to manage Windows Server 2003, properly designed hardware must be integrated and configured on the server. The server motherboard should support Serial Port Console Redirection (SPCR). If it does not, the SPCR table will have to be configured manually. The server firmware should also be able to release control of the serial port to Windows Server 2003 once the operating system is started in order to take advantage of most EMS functionality. Additional hardware, such as a service processor that is independent of the main server processor, will enhance EMS functionality. If the server hardware includes a service processor, console redirection should be available. The firmware must also use the same terminal conventions as EMS.
Terminal Conventions Supported by EMS
The terminal conventions supported by EMS in Windows Server 2003 are VT100, VT100+, and VT-UTF8. Using the same terminal conventions in the server firmware, service processor, and client terminal ensures a consistent environment for managing servers in all states of operation (or failure).
The serial port is the most common out-of-band hardware interface because it provides multiple methods of remote access, such as terminal concentrators and modems. By default, EMS uses the first serial port (COM 1 at 3F8). It is important to verify that the motherboard serial ports are enabled, and that no other device is using that resource. EMS and the Windows debugger cannot share the same COM port.
The actual configuration of the serial port will depend on the firmware settings available for a server. Some computers will enable user configuration, whereas others might simply have an Enabled/Disabled setting. Best practices for hardware configuration with EMS are as follows:
Enable the appropriate port and maintain the default setting. Because EMS works with COM1 at 3F8 automatically in most cases, this should be the target configuration.
Configure the port to use the highest baud rate available to the hardware. This will provide the best performance and reduce slow text-mode processes.
Use a null modem cable with the serial port connection.
Select hardware and firmware that support VT-UTF8. This terminal environment provides the best compatibility with EMS. Sending the proper command escape sequences are more difficult in a telnet session using VT100 and V100+.
Special Administration Console (SAC)
The Special Administration Console (SAC) is the primary EMS command line environment available to Windows Server 2003. The SAC is different from the typical command line environment, and provides functionality intended for out-of-band management scenarios.
When EMS is enabled, SAC is available as long as the Windows Server 2003 kernel is running. SAC provides commands to perform the following management tasks:
Restart or shut down the server.
View and end active processes.
View and set server IP address.
Generate a stop error to create a memory dump.
Start and access command prompts.
Because SAC enables you to access the command prompt, any text-based utilities usable in a Telnet session are available (provided there are system resources to run them). For example, the common communications accessory, HyperTerminal, can be used to access SAC on an EMS enabled server, as shown in Figure 8.4.
Figure 8.4 Using HyperTerminal to access the SAC command line.
SAC includes command shell utilities, such as dir, and text-based console programs, such as bootcfg.exe. Access to the command prompt requires a user logon with a local or domain account.
If SAC fails or becomes unavailable, !Special Administration Console (!SAC) is enabled. The !SAC is an auxiliary console environment hosted by Windows Server 2003 that has a subset of the features available with SAC. With !SAC, you can redirect Stop error message text and restart the server.