shandscomb
asked on
Moving an existing SBS2003 domain system to a new WIndows 2003 system - same domain
Hi,
I've picked this job up half way through, so bear with me whilst I get things straightened out.
The original system was a single box running SBS2003 - it was the only server, did everything, and was on a standard PC machine, which caused it to fall over alot. Lets call this machine server-001
There are now two new machines, both running windows 2003 - server-002 and server-003
What we want to end up with is the ability to wipe server-001.
Done so far:
Copied the active directory from server-001 to server-002
Server-002 also has a copy of DNS from the AD system
Installed exchange to server-003 and move everything from server-001 to server-003
Problems:
1. Exchange problem #1
Even though all the exchange roles have been moved, including OAB, and replication was showing "In Sync", outlook is still using an old copy of the OAB - the changes took place 3 weeks ago, and still the changes made since the change do not show; I've looked on both new & old server, and both say that the new server is in charge of OAB, and previewing it shows all the new changes, and multiple rebuilds have had no effect.
I have created a new outlook profile on a seperate domain login, and that also downloads the aged OAB; I've checked and all versions of the OAB are seemingly up to date, and have upped logging to maximum, and the rebuilds dont show any errors.
2. Exchange problem #2
Is exchange built into SBS2003? The last part of the "removing the first exchange server" is removing exchange itself, but I've not been able to do this - I should point out I've never touched SBS2003 before (I was taught to hate SBS, and thus never installed/used/removed it).
3. Authentication
When server-001 goes offline, even though AD has been copied to server-002, which has routing & remote access on it, no-one can log in, for instance via VPN, but as soon as server-001 is back, you can log in - what gives? I have not yet transferred the FSMO roles, but my understanding is that authentication should still take place, no?
In general - am I going about this all wrong? I've read loads about moving from Win2003 to Win2003, and am working on the assumption that this is along the same principle.
The thing is, I've done quite a few of these role-moving jobs, and it's always gone pretty smoothly.
Looking forward to a little help
Steve
I've picked this job up half way through, so bear with me whilst I get things straightened out.
The original system was a single box running SBS2003 - it was the only server, did everything, and was on a standard PC machine, which caused it to fall over alot. Lets call this machine server-001
There are now two new machines, both running windows 2003 - server-002 and server-003
What we want to end up with is the ability to wipe server-001.
Done so far:
Copied the active directory from server-001 to server-002
Server-002 also has a copy of DNS from the AD system
Installed exchange to server-003 and move everything from server-001 to server-003
Problems:
1. Exchange problem #1
Even though all the exchange roles have been moved, including OAB, and replication was showing "In Sync", outlook is still using an old copy of the OAB - the changes took place 3 weeks ago, and still the changes made since the change do not show; I've looked on both new & old server, and both say that the new server is in charge of OAB, and previewing it shows all the new changes, and multiple rebuilds have had no effect.
I have created a new outlook profile on a seperate domain login, and that also downloads the aged OAB; I've checked and all versions of the OAB are seemingly up to date, and have upped logging to maximum, and the rebuilds dont show any errors.
2. Exchange problem #2
Is exchange built into SBS2003? The last part of the "removing the first exchange server" is removing exchange itself, but I've not been able to do this - I should point out I've never touched SBS2003 before (I was taught to hate SBS, and thus never installed/used/removed it).
3. Authentication
When server-001 goes offline, even though AD has been copied to server-002, which has routing & remote access on it, no-one can log in, for instance via VPN, but as soon as server-001 is back, you can log in - what gives? I have not yet transferred the FSMO roles, but my understanding is that authentication should still take place, no?
In general - am I going about this all wrong? I've read loads about moving from Win2003 to Win2003, and am working on the assumption that this is along the same principle.
The thing is, I've done quite a few of these role-moving jobs, and it's always gone pretty smoothly.
Looking forward to a little help
Steve
ASKER
Tigermatt:
I do not know if it is affecting LAN users - im helping from many (many!) miles away; I can tell you, however, that the router is definately pointing to the new server, and the new server answers the call, but rejects the authentication; I can see this as my desktop is linux and I see failure notice come from the "correct" server. As soon as server-001 (old) is back, it logs in fine.
Further, routing & remote access isnt installed on the old server.
Sorry, this isn't the issue.
Steve
I do not know if it is affecting LAN users - im helping from many (many!) miles away; I can tell you, however, that the router is definately pointing to the new server, and the new server answers the call, but rejects the authentication; I can see this as my desktop is linux and I see failure notice come from the "correct" server. As soon as server-001 (old) is back, it logs in fine.
Further, routing & remote access isnt installed on the old server.
Sorry, this isn't the issue.
Steve
It sounds like it could be because you haven't yet transferred FSMO roles to the new server, and could be an authentication issue, although I'm not sure when it comes to FSMO roles!
From what I understand, and what you've said, everything seems to be pointing towards that as I'm presuming, from your message, that is the only thing which the old server is running now.
From what I understand, and what you've said, everything seems to be pointing towards that as I'm presuming, from your message, that is the only thing which the old server is running now.
Steve:
Top 10 Gotchas
The domain can have only one machine running Windows SBS
Windows SBS 2003 Setup places the machine running Windows SBS at the root of an Active Directory forest. The end result is that there can be one and only one server running Windows SBS in a Windows SBS domain.
Many Enterprise IT Pros have stumbled right here, thinking that Windows SBS is like Windows Server, Standard or Enterprise Editions, on this point. They assume that they can install Windows SBS 2003 on a server and then drop that server on to an existing Windows Server domain as another replica domain controller on the network with no issue. But they can't! The server running Windows SBS always sits at the root of the domain. This obviously means that you can have only one server running Windows SBS on a network.
There can be only one machine running Windows SBS in a domain! Also, the Windows SBS computer must be the root of the forest so you can’t add another Windows Server machine to a Windows SBS network as the primary domain controller. (You can add extra machines running Windows Server to a Windows SBS domain as replica domain controllers, line-of-business (LOB) application servers, or servers that have Windows Server 2003 Terminal Server enabled.)
Top 10 Gotchas
The domain can have only one machine running Windows SBS
Windows SBS 2003 Setup places the machine running Windows SBS at the root of an Active Directory forest. The end result is that there can be one and only one server running Windows SBS in a Windows SBS domain.
Many Enterprise IT Pros have stumbled right here, thinking that Windows SBS is like Windows Server, Standard or Enterprise Editions, on this point. They assume that they can install Windows SBS 2003 on a server and then drop that server on to an existing Windows Server domain as another replica domain controller on the network with no issue. But they can't! The server running Windows SBS always sits at the root of the domain. This obviously means that you can have only one server running Windows SBS on a network.
There can be only one machine running Windows SBS in a domain! Also, the Windows SBS computer must be the root of the forest so you can’t add another Windows Server machine to a Windows SBS network as the primary domain controller. (You can add extra machines running Windows Server to a Windows SBS domain as replica domain controllers, line-of-business (LOB) application servers, or servers that have Windows Server 2003 Terminal Server enabled.)
Also SBS MUST hold the FSMO roles, if you transfer the roles the SBS box will repeatedly shut down
ASKER
Hi ssnyds,
I only have the one SBS2003 on the network; I do however have two Windows 2003 servers on the network.
What i'm trying to do is replace and remove the SBS server completely.
What are my options here?
Funny you should mention it, the SBS box has started shutting down today, but I have *not* transfered the FSMO roles.
Steve
I only have the one SBS2003 on the network; I do however have two Windows 2003 servers on the network.
What i'm trying to do is replace and remove the SBS server completely.
What are my options here?
Funny you should mention it, the SBS box has started shutting down today, but I have *not* transfered the FSMO roles.
Steve
No, but it is also no longer at the root of the domain either, therefore it cannot find it's place in your domain, are the other servers DC's?
ASKER
Yes, there is a second DC now (see original post).
I'm currently reading this with interest:
http://www.msexchange.org/tutorials/Migrating-Small-Business-Server-2003-Exchange-Standard-Part1.html
Steve
I'm currently reading this with interest:
http://www.msexchange.org/tutorials/Migrating-Small-Business-Server-2003-Exchange-Standard-Part1.html
Steve
ASKER
The aforementioned URL fixed most issues.
All that remains is the problem with the OAB.
500 points anyone????
All that remains is the problem with the OAB.
500 points anyone????
ASKER
The OAB was a problem due to no Service Packs being applied to Exchange.
ASKER
Agreed with thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Is this a problem which affects VPN and local machines on the LAN, or simply VPN?
If only VPN it could be related to port forwarding attempting to forward the VPN user to the old server's IP address. Have a look in your router's port forwarding settings.
tigermatt