Solved

Is it possible to have a 2nd DC in the event of a SBS failure?

Posted on 2008-10-02
12
232 Views
Last Modified: 2012-05-05
Hi,

It's looking like I may have a very serious problem on my hands and I'm looking for a quick get out of jail fix.

An SBS report this morning has indicated some very serious problems with it's primary boot hard disk. Unfortunately, as it's the only DC we have at the moment, I can't take the server down to look into and possibly replace the disk.
It seems to be ticking by at the moment but what I'm afraid of, is it going down suddenly over the next few days and we've also got a complete office move this weekend (brilliant timing) and I'm concerned that when we bring the server down, it won't come back up again.

Can anyone suggest anything I can do as a very quick fix? Is it possible to promote another one of our servers to become the primary DC (or am I right in thinking that if there's an SBS on the network, it has to be the primary DC)? Or, can i make one of our other servers a secondary DC in the event that the SBS goes catastrophically wrong this weekend and all services can still run as normal?

Any ideas or help would be greatly appreciated.

Paul
0
Comment
Question by:the1paulcole
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
  • +1
12 Comments
 
LVL 96

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 50 total points
ID: 22622276
SBS must be the FSMO Master DC - HOWEVER, you CAN add additional DCs by simply running DCPROMO.  The same rules for adding a DC to an SBS domain exist - meaning you may have to run ADPREP on the SBS system if the SBS system is NOT an R2 system AND you try creating an R2 DC.
0
 
LVL 70

Accepted Solution

by:
KCTS earned 450 total points
ID: 22622331
Yes - nothing to stop you adding a second DC, and the additional DC may also be a DHCP, DNS and Global Catalog, but it cannot hold any of the FSMO roles, that said the FSMO roles are not essential short term for the functioning of the domain and you can authenticate clients etc with the SBS server down ,though obviously any data held on the SBS server (including exchange), will no be available if the SBS server itself is down - though you could of course replicate data files to the new server as well.

The procedure for implimenting this is:

The process is as follows

Install Windows 2003 on the new machine
Assign the new computer an IP address and subnet mask on the existing network

Make sure that the preferred DNS server on new machine points to the existing SBS Server on the Domain (

Join the new machine to the existing domain as a member server (use the connectcomputer wizard)

If the new Windows 2003 server is the R2 version and the existing set-up is not:-
 then you need to run Adprep  from CD2 of the R2 disks on the existing SBS Machine. Adprep is in the \CMPNENTS\R2\ folder on CD2
you need to run
adprep /forestprep
and
adprep /domainprep

From the command line promote the new machine to a domain controller with the DCPROMO command from the command line Select Additional Domain Controller in an existing Domain

Once Active Directory is installed then install DNS. You can do this through Add/Remove Programs->Windows Components->Networking Services->DNS.  If you are using Active Directory Integrated DNS then DNS will br replicated from the other DC/DNS.

Next make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand, Sites, Default first site and Servers. Right click on the new server and select properties and tick the Global Catalog checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

Install DHCP on the new DC. You can do this through Add/Remove Programs->Windows Components->Networking Services->DHCP. You should aldo set up a forwarder on the new server to allow internet access - see http://www.petri.co.il/configure_dns_forwarding.htm

You will then need to remove any existiing DHCP prior or at the minimum make sure that the DHCP scope on new and old machine do not overlap before authorising the new DHCP Server. When setting up the new DHCP server dont forget to set the default gateway (router) and DNS Servers.

Both DCs - the original SBS server an the new machine now need to be congigued to use themselves as the preferred DNS server, and each other as alternate DNS server - this is done in the TCP/IP settings on the network connection.

Additionally all clients need to have their Preferred DNS server set to one DC/DNS server and their alternate DNS set to the other (either in the TCP/IP settings on the network connection if they have static IPs, or in the DHCP options - remember to set the DHCP options on ALL DHCP servers)

Both Domain Controllers by this point will have Active Directory, Global Catalog, DNS and the domain could function for a while at least should any one of them fail.
0
 
LVL 1

Author Comment

by:the1paulcole
ID: 22622453
excellent. thanks very much for this, a life saver!

Excuse my ignorance, can the adprep be run on the SBS whilst live? it's not going to require a reboot or anything like that?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 22622472
I haven't done one in a few months personally, but I'm 90% certain it doesn't require a reboot to run ADPREP.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 22622557
You only need to run adprep if the version of Windows that is going to be on the new server is a later version than the version that SBS is running - eg the new Machine will be R2003R2 and the SBS server is not.

But yes - Adprep can be run while the SBS server is running and no reboot is required.
0
 
LVL 7

Expert Comment

by:swaller
ID: 22624358
Just a comment, I believe that SBS rules require it to be the PDC meaning other DC can exist. That would also mean that the other DC could not be a SBS machine but would have to be a standard 2003 server (or 2008) instead.

I do think you are given some time when you demote a SBS PDC to a DC. I think it's short though. I have done several of Jeff Middleton's Swing Migrations and that involves that process but I don't remember the timeframe. 24-72 hours maybe?
0
 
LVL 70

Expert Comment

by:KCTS
ID: 22624489
You certainly cannot have two SBS servers on the same domain (for any period of time), if this is what you are getting at any additional DCs would have to be Standard servers
0
 
LVL 1

Author Comment

by:the1paulcole
ID: 22624864
All done. It worked perfectly thanks. One small issue that I appear to have now, since I promoted the secondary DC, the SBS now has constant grou policy errors:

Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.

followed by:

Windows cannot access the file gpt.ini for GPO cn={1273C968-E044-41BD-AFAA-AE52D62D8FA0},cn=policies,cn=system,DC=1Aim,DC=local. The file must be present at the location <\\1Aim.local\SysVol\1Aim.local\Policies\{1273C968-E044-41BD-AFAA-AE52D62D8FA0}\gpt.ini>. (The system cannot find the file specified. ). Group Policy processing aborted.

Not sure if this is related, but the timing does conincide with the work I did this morning. Any ideas?
0
 
LVL 70

Expert Comment

by:KCTS
ID: 22624930
It may be that is not fully replcated yet - give it a litlle while and then check again. if it persists please get back with the EventIDs and porcesses involved
0
 
LVL 1

Author Comment

by:the1paulcole
ID: 22632291
the GPO errors are still persisting. I'm getting 2 that recur every 30 seconds or so which are:

Event ID 1030: Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.

and

Event id 1058: Windows cannot access the file gpt.ini for GPO cn={1273C968-E044-41BD-AFAA-AE52D62D8FA0},cn=policies,cn=system,DC=1Aim,DC=local. The file must be present at the location <\\1Aim.local\SysVol\1Aim.local\Policies\{1273C968-E044-41BD-AFAA-AE52D62D8FA0}\gpt.ini>. (The system cannot find the file specified. ). Group Policy processing aborted.

0
 
LVL 70

Expert Comment

by:KCTS
ID: 22632377
Ok there are some possible explanations and fixes here

http://eventid.net/display.asp?eventid=1058&eventno=1752&source=Userenv&phase=1
0
 
LVL 1

Author Comment

by:the1paulcole
ID: 22632390
Hah, yeah, I've found that and have been looking through it slowly. Thanks for all of your help anyway.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question