It’s been almost 9 months since Windows Server 2016 hit General Availability, and hopefully by now you have had the time to test it in your environment and start to deploy it in production. In this post, I am going to talk about how my experiences have been so far, with the intent of giving you some insights into what running it in production has been like for me. We’ve either installed new servers or replaced existing servers with Server 2016, and with only a couple of exceptions running 2012 R2, are only using Windows Server 2016 in our environment. Hopefully some of what we’ve learned along the way will be helpful to you.
First thing I did was rebuild my Hyper-V physical hosts with Windows Server 2016. This required several hours of moving existing VMs around so I could format and reinstall my host servers one at a time, and was probably the most labour intensive and time consuming part of the whole process so far. That said, I am really glad that I did, as once all my physical hosts were on Server 2016 we saw a definite improvement in overall stability, and had a much easier time moving machines from host to host and rebalancing load when needed. Once the Hyper-V hosts were complete, we upgraded our schema for Server 2016, installed 2016 domain controllers, moved the FSMO roles, and started to remove our 2012R2 domain controllers. Once done, we upgraded both Domain and Forest functional levels so that we were 100% 2016 for AD. This all went without a hitch, and included moving DNS and DHCP services along the way. We haven’t had any AD replication issues at all during or after this process, and the DCPROMO process was very familiar. All up, except for Hyper-V host with dual power supplies on dual UPSs plugged into separate circuits that still somehow couldn’t run when one of the UPSs failed, we haven’t had either a server crash or felt the temptation to reboot a box “Just because” since completing the process.
There’s a lot of good information online about the new features in Windows Server 2016, but I don’t want to rehash that here. What I do want to do is share some of the things I just kind of stumbled upon in upgrading my domain controllers and moving services over to 2016. DHCP now has a high-availability capability included, where you can have two (or more) DHCP servers sharing a database with one scope, rather than having to take the traditional 80/20 approach to splitting up your ranges, or configuring a DHCP relay in the event of failure. This was hidden in the right-click menu for the scope, but was ridiculously easy to set up with two DCs running DHCP. They can even “round robin” responding to DHCP DISCOVERs just to spread the load if you wish.
The new accuracies in the Windows Time service not only allow you to provide SNTP and NTP services to your network, but you can do so with millisecond accuracy. No more installing NTP on a router or Linux box to keep your drifts down to accuracies some automation and logging may require.
Networking improvements in the TCP stack make throughput when moving large amounts of data (like full VMs) noticeably faster, while the network options within Hyper-V include the ability to mirror traffic and segment networks from one another.
The Web Application Proxy has some great potential to replace TMG (finally!) but we’ll save that for another blog post, since between wild-card domains and pre-auth support, it definitely deserves its own post.
Finally, having Windows Defender installed and enabled by default has saved both time and money, as we’re no longer using any other antimalware software on our servers.
The learning curve from Windows Server 2012 R2 to Windows Server 2016 is a flat line. In fact, a couple of times I had to go to Server Manager or run ver in a command prompt just to be sure I was on a 2016 box instead of a 2012 R2 server. While there are some cool new features and capabilities, and some completely new things in 2016, anything you know how to do in 2012 R2 you can do exactly the same way in 2016 and get the same results.
Group Policy Management
There are over 150 new GPO settings for Windows Server 2016 and Windows 10. Many have to do with the UX experience, while others target telemetry and privacy controls. Still more apply to Office apps and interactions with Office 365. These may or may not be of interest to you, but if you are even considering the cloud, you will like the newer controls you have with these.
Some of the coolest stuff with Windows Server 2016 Active Directory and Group Policy capabilities really requires that your workstations are running Windows 10. That’s not really anything I think will come as a surprise here, and you don’t lose anything within GPOs that you had for Windows 8.1 and earlier on previous server operating systems, but it would have been nice to see some things backported. Of course, with the security features in Windows 10 like credential guard, you really may want to spend more time getting your workstations upgraded first before worrying too much about your servers.
But it hasn’t quite been 100% sunshine and puppy dogs for us, and as we noted above, we do still have some 2012R2 boxes running which will probably be around for a while. Not every app can run on Server 2016, and some of those apps cannot be easily upgraded or replaced. In addition to Microsoft’s own server applications, a lot of third-party apps are either not ready, or at least not supported when running on Server 2016, so do your research and check with your support agreements before going all in, or you may find yourself wasting some effort. You can read about Microsoft apps and their compatibility with Server 2016 at https://technet.microsoft.com/en-us/windows-server-docs/get-started/server-application-compatibility and you will want to check directly with the vendors of any LOB apps you are running to find out both if they support you running on 2016, and if there are any caveats or special steps required to get those apps to work on 2016. If you are using ERP packages, help-desk ticketing packages, MDM solutions, or databases from companies other than Microsoft, you may well need to wait a bit longer before you can move those apps to servers on 2016. Again, check with your vendors for their latest guidance, but don’t guess or take your chances on any of those!
It’s no secret I am a Microsoft fanboy, but I think if you’ve read much of what I have written over the years, you know I neither drink the kool-aid nor try to spin things when they aren’t great. When it comes to Server 2016, all up, I’m a fan. Since replacing all the servers I could with Windows Server 2016, I’ve seen better overall reliability, discovered some new features that, while not anything revolutionary, are pretty cool, and my virtulization platform has been rock-solid (except for one UPS issue I cannot blame on any operating system!) We’ve had excellent uptime, no unexpected crashes or issues, and practically no ramp time needed to come up on the new O/S. Now that it’s deployed, we have a couple of apps to go to get rid of our last 2012 R2 servers, but lots of opportunity to try out some of the newer features and capabilities. Some of those may well find their way into blog posts here, so watch this space for more, or heck, even leave a comment with what you would like to see more about. We aim to please!