Solved

Is it possible to have a 2nd DC in the event of a SBS failure?

Posted on 2008-10-02
12
225 Views
Last Modified: 2012-05-05
Hi,

It's looking like I may have a very serious problem on my hands and I'm looking for a quick get out of jail fix.

An SBS report this morning has indicated some very serious problems with it's primary boot hard disk. Unfortunately, as it's the only DC we have at the moment, I can't take the server down to look into and possibly replace the disk.
It seems to be ticking by at the moment but what I'm afraid of, is it going down suddenly over the next few days and we've also got a complete office move this weekend (brilliant timing) and I'm concerned that when we bring the server down, it won't come back up again.

Can anyone suggest anything I can do as a very quick fix? Is it possible to promote another one of our servers to become the primary DC (or am I right in thinking that if there's an SBS on the network, it has to be the primary DC)? Or, can i make one of our other servers a secondary DC in the event that the SBS goes catastrophically wrong this weekend and all services can still run as normal?

Any ideas or help would be greatly appreciated.

Paul
0
Comment
Question by:the1paulcole
  • 5
  • 4
  • 2
  • +1
12 Comments
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 50 total points
ID: 22622276
SBS must be the FSMO Master DC - HOWEVER, you CAN add additional DCs by simply running DCPROMO.  The same rules for adding a DC to an SBS domain exist - meaning you may have to run ADPREP on the SBS system if the SBS system is NOT an R2 system AND you try creating an R2 DC.
0
 
LVL 70

Accepted Solution

by:
KCTS earned 450 total points
ID: 22622331
Yes - nothing to stop you adding a second DC, and the additional DC may also be a DHCP, DNS and Global Catalog, but it cannot hold any of the FSMO roles, that said the FSMO roles are not essential short term for the functioning of the domain and you can authenticate clients etc with the SBS server down ,though obviously any data held on the SBS server (including exchange), will no be available if the SBS server itself is down - though you could of course replicate data files to the new server as well.

The procedure for implimenting this is:

The process is as follows

Install Windows 2003 on the new machine
Assign the new computer an IP address and subnet mask on the existing network

Make sure that the preferred DNS server on new machine points to the existing SBS Server on the Domain (

Join the new machine to the existing domain as a member server (use the connectcomputer wizard)

If the new Windows 2003 server is the R2 version and the existing set-up is not:-
 then you need to run Adprep  from CD2 of the R2 disks on the existing SBS Machine. Adprep is in the \CMPNENTS\R2\ folder on CD2
you need to run
adprep /forestprep
and
adprep /domainprep

From the command line promote the new machine to a domain controller with the DCPROMO command from the command line Select Additional Domain Controller in an existing Domain

Once Active Directory is installed then install DNS. You can do this through Add/Remove Programs->Windows Components->Networking Services->DNS.  If you are using Active Directory Integrated DNS then DNS will br replicated from the other DC/DNS.

Next make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand, Sites, Default first site and Servers. Right click on the new server and select properties and tick the Global Catalog checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

Install DHCP on the new DC. You can do this through Add/Remove Programs->Windows Components->Networking Services->DHCP. You should aldo set up a forwarder on the new server to allow internet access - see http://www.petri.co.il/configure_dns_forwarding.htm

You will then need to remove any existiing DHCP prior or at the minimum make sure that the DHCP scope on new and old machine do not overlap before authorising the new DHCP Server. When setting up the new DHCP server dont forget to set the default gateway (router) and DNS Servers.

Both DCs - the original SBS server an the new machine now need to be congigued to use themselves as the preferred DNS server, and each other as alternate DNS server - this is done in the TCP/IP settings on the network connection.

Additionally all clients need to have their Preferred DNS server set to one DC/DNS server and their alternate DNS set to the other (either in the TCP/IP settings on the network connection if they have static IPs, or in the DHCP options - remember to set the DHCP options on ALL DHCP servers)

Both Domain Controllers by this point will have Active Directory, Global Catalog, DNS and the domain could function for a while at least should any one of them fail.
0
 
LVL 1

Author Comment

by:the1paulcole
ID: 22622453
excellent. thanks very much for this, a life saver!

Excuse my ignorance, can the adprep be run on the SBS whilst live? it's not going to require a reboot or anything like that?
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 22622472
I haven't done one in a few months personally, but I'm 90% certain it doesn't require a reboot to run ADPREP.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 22622557
You only need to run adprep if the version of Windows that is going to be on the new server is a later version than the version that SBS is running - eg the new Machine will be R2003R2 and the SBS server is not.

But yes - Adprep can be run while the SBS server is running and no reboot is required.
0
 
LVL 7

Expert Comment

by:swaller
ID: 22624358
Just a comment, I believe that SBS rules require it to be the PDC meaning other DC can exist. That would also mean that the other DC could not be a SBS machine but would have to be a standard 2003 server (or 2008) instead.

I do think you are given some time when you demote a SBS PDC to a DC. I think it's short though. I have done several of Jeff Middleton's Swing Migrations and that involves that process but I don't remember the timeframe. 24-72 hours maybe?
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 70

Expert Comment

by:KCTS
ID: 22624489
You certainly cannot have two SBS servers on the same domain (for any period of time), if this is what you are getting at any additional DCs would have to be Standard servers
0
 
LVL 1

Author Comment

by:the1paulcole
ID: 22624864
All done. It worked perfectly thanks. One small issue that I appear to have now, since I promoted the secondary DC, the SBS now has constant grou policy errors:

Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.

followed by:

Windows cannot access the file gpt.ini for GPO cn={1273C968-E044-41BD-AFAA-AE52D62D8FA0},cn=policies,cn=system,DC=1Aim,DC=local. The file must be present at the location <\\1Aim.local\SysVol\1Aim.local\Policies\{1273C968-E044-41BD-AFAA-AE52D62D8FA0}\gpt.ini>. (The system cannot find the file specified. ). Group Policy processing aborted.

Not sure if this is related, but the timing does conincide with the work I did this morning. Any ideas?
0
 
LVL 70

Expert Comment

by:KCTS
ID: 22624930
It may be that is not fully replcated yet - give it a litlle while and then check again. if it persists please get back with the EventIDs and porcesses involved
0
 
LVL 1

Author Comment

by:the1paulcole
ID: 22632291
the GPO errors are still persisting. I'm getting 2 that recur every 30 seconds or so which are:

Event ID 1030: Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.

and

Event id 1058: Windows cannot access the file gpt.ini for GPO cn={1273C968-E044-41BD-AFAA-AE52D62D8FA0},cn=policies,cn=system,DC=1Aim,DC=local. The file must be present at the location <\\1Aim.local\SysVol\1Aim.local\Policies\{1273C968-E044-41BD-AFAA-AE52D62D8FA0}\gpt.ini>. (The system cannot find the file specified. ). Group Policy processing aborted.

0
 
LVL 70

Expert Comment

by:KCTS
ID: 22632377
Ok there are some possible explanations and fixes here

http://eventid.net/display.asp?eventid=1058&eventno=1752&source=Userenv&phase=1
0
 
LVL 1

Author Comment

by:the1paulcole
ID: 22632390
Hah, yeah, I've found that and have been looking through it slowly. Thanks for all of your help anyway.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Introduction At 19:33 (UST) on Tuesday 21st September the long awaited email arrived with the subject title of “ANNOUNCING THE AVAILABILITY OF WINDOWS SBS 7 PREVIEW”.  It was time to drop whatever I was doing and dedicate as much bandwidth as possi…
I've often see, or have been asked, the question about the difference between the Exchange 2010 SP1 version, available as part of Small Business Server (SBS) 2011, and the “normal” Exchange 2010 SP1 Standard. The answer to the question is relativ…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now