HaulnSS
asked on
Transfer SBS Server Roles
Don't have time to research this. Here is the problem.
Was setting up a new SBS2003, to migrate our old SBS2003. I was using a procedure from Technet. I transfered all the roles to the new server. (Schema Master, Domain Naming Master, RID Master, PDC) During the "continue setup" on the new server, the setup failed. I left things alone until I could research problem. Everything worked fine when I left this weekend. Yesterday, we discovered email would not send. I changed the DNS server back to the orginal server for a quick fix. I wanted to revert the Roles, but the servers won't talk to each other. There me be another factor here... for some reason, the new server is handing out the wrong time, even though the server has the proper time on it. I have stopped w32time services (on new server) and that seemed to remedy that for now. Basically, I want to revert the roles back and start over with the new server.
Was setting up a new SBS2003, to migrate our old SBS2003. I was using a procedure from Technet. I transfered all the roles to the new server. (Schema Master, Domain Naming Master, RID Master, PDC) During the "continue setup" on the new server, the setup failed. I left things alone until I could research problem. Everything worked fine when I left this weekend. Yesterday, we discovered email would not send. I changed the DNS server back to the orginal server for a quick fix. I wanted to revert the Roles, but the servers won't talk to each other. There me be another factor here... for some reason, the new server is handing out the wrong time, even though the server has the proper time on it. I have stopped w32time services (on new server) and that seemed to remedy that for now. Basically, I want to revert the roles back and start over with the new server.
You probably have replication problems between the servers. What errors are showing in the event logs? Does the new SBS server have its firewall turned on on the nic? Try disabling it if it did. You'll have to re-establish communication before you can transfer them back. You should be seeing informational messages about the new server being a DC and GC (if set).
ASKER
I would have to say the firewall is not running... When checking, I receive an error saying that the ICS Sharing service is not running. I assume some of this stuff happened when the setup failed.
Here is info from the File Replication Log:
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13508
Date: 3/30/2009
Time: 6:48:18 PM
User: N/A
Computer: SBSERVER
Description:
The File Replication Service is having trouble enabling replication from SBSERVER09 to SBSERVER for c:\windows\sysvol\domain using the DNS name sbserver09.Heiny.local. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name sbserver09.Heiny.local from this computer.
[2] FRS is not running on sbserver09.Heiny.local.
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: ba 06 00 00 º...
Here is info from the File Replication Log:
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13508
Date: 3/30/2009
Time: 6:48:18 PM
User: N/A
Computer: SBSERVER
Description:
The File Replication Service is having trouble enabling replication from SBSERVER09 to SBSERVER for c:\windows\sysvol\domain using the DNS name sbserver09.Heiny.local. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name sbserver09.Heiny.local from this computer.
[2] FRS is not running on sbserver09.Heiny.local.
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: ba 06 00 00 º...
When you go into network connections, does it say that the firewall is on? That's actually one of the errors I was expecting. It means that replication is not working. You need a 13509 after a 13508. If you don't have a 13509, then FRS is not replicating properly. Make sure that DNS is working and that the new server is in there, that it shows up in AD Sites and Services, and that the firewall is disabled. You can even flat-out disable the firewall service if you want. Can you ping back and forth between the machines? Does the new server show up as (same as parent folder) as an NS in DNS? Does it have an A record pointing to the IP address as well?
ASKER
Ok, here is the scoop...
The firewall is OFF on the new server. The DNS entries are there and the servers can ping each others ip's and names.
In AD Sites and Services: Old server can connect to both Domain Controllers, New server cannot connect to the old Domain Controller, says access is denied.
One thing I should add, I just realized I still had the new server using it's own DNS. I just changed that back to look at the old servers DNS in network settings.
The firewall is OFF on the new server. The DNS entries are there and the servers can ping each others ip's and names.
In AD Sites and Services: Old server can connect to both Domain Controllers, New server cannot connect to the old Domain Controller, says access is denied.
One thing I should add, I just realized I still had the new server using it's own DNS. I just changed that back to look at the old servers DNS in network settings.
Yeah, you shouldn't change the DNS until it has fully propagated the DNS application partition of AD from the old server. Just leave it for a while until everything is over on the new server.
ASKER
If I go to RID tab in AD users and computers, under operations masters and try to change the DC, I get an error that says "The transfer of the operations master role cannot be performed because The requested FSMO operation failed. The current FSMO holder could not be contacted. I assume this is more of the same problem.
I have to leave for a while... I will be back.
I have to leave for a while... I will be back.
ASKER
So...should I change DNS back???
Yes, you need to look for 13509s to match the 13508 for FRS. Once you see those, then you'll be able to get further.
leave it for now.
ASKER
Alright, I certainly appreciate your help. I have an appointment and since things are stable on the user end, I am leaving this alone until 5:00. Hope you will be around then, if not, I understand.
ASKER
I am back at it.
ASKER
Any ideas on fixing replication?
I also remembered while driving somewhere that you need to enable DNS Zone transfers in order to be able to transfer DNS. Open DNS, then right-click on your domain name (domain.lan), then go to Properties. Click on the Zone Transfer tab, and allow all Name Servers in domain. Then click on the Name Servers tab and make sure that both servers are on there. This should help with replication. What other errors are you getting besides 13508s?
ASKER
I went ahead and seized the roles on the old server....crossing fingers...
ASKER
tntmax, if you can give me suggestions on what needs to be cleaned up after seizing roles, I would appreciate it.
Well, now that you seized, the old server can never be a part of the domain again without formatting and re-installing. Just move over whatever else, and point clients to the new server for DNS and email.
Seizing is a last resort, and I don't think you were quite there yet, but anyway.
Seizing is a last resort, and I don't think you were quite there yet, but anyway.
ASKER
Sorry TNT, I didn't realize you posted on here earlier, I missed that...probably because I was watching new post....lol
I will definitely be formatting new server and using sbsmigration to migrate.
I ran out of ideas on the DNS, since I hadn't moved anything to the new server, I figured seizing the roles would be ok. After working on the DNS problem for some time, I think I was having issues with security, when trying to force replication, I would get security errors about the login on the other server...etc.
Shouldn't I clean up the "new server" references in AD?
Thanks!
I will definitely be formatting new server and using sbsmigration to migrate.
I ran out of ideas on the DNS, since I hadn't moved anything to the new server, I figured seizing the roles would be ok. After working on the DNS problem for some time, I think I was having issues with security, when trying to force replication, I would get security errors about the login on the other server...etc.
Shouldn't I clean up the "new server" references in AD?
Thanks!
Yes, you need to delete it out of DNS, AD Sites and Services, and AD as well if it is not there. Did you do a metadata cleanup after seizing?
ASKER
I did not do a metadata cleanup, was just starting to read about that... Any suggestions?
ASKER
This is what I get when running metadata cleanup:
C:\WINDOWS\ServicePackFile s\i386>ntd sutil
ntdsutil: metadata cleanup
metadata cleanup: remove selected server sbsserver09
Binding to localhost ...
Connected to localhost using credentials of locally logged on user.
LDAP error 0x22(34 (Invalid DN Syntax).
Ldap extended error message is 0000208F: NameErr: DSID-031001BA, problem 2006 (B
AD_NAME), data 8350, best match of:
'CN=Ntds Settings,sbsserver09'
Win32 error returned is 0x208f(The object name has bad syntax.)
)
Unable to determine the domain hosted by the DC (5). Please use the connection m
enu to specify it.
Disconnecting from localhost...
metadata cleanup:
C:\WINDOWS\ServicePackFile
ntdsutil: metadata cleanup
metadata cleanup: remove selected server sbsserver09
Binding to localhost ...
Connected to localhost using credentials of locally logged on user.
LDAP error 0x22(34 (Invalid DN Syntax).
Ldap extended error message is 0000208F: NameErr: DSID-031001BA, problem 2006 (B
AD_NAME), data 8350, best match of:
'CN=Ntds Settings,sbsserver09'
Win32 error returned is 0x208f(The object name has bad syntax.)
)
Unable to determine the domain hosted by the DC (5). Please use the connection m
enu to specify it.
Disconnecting from localhost...
metadata cleanup:
So, uh, just in case, did you take a system state backup of before you started the server migration? It might be easier and faster to revert to that instead. But we'll see...
ASKER
following petri instructions...going well so far...
ASKER
FYI...yes, I did a system state backup
Oh good, that's for just in case.. :-)
ASKER
OK, I think I have removed everything successfully... I am sure I will know for sure in the morning...lol
Workstations seem to be operating fine at this point.
I will start reading through sbsmigration tomorrow.
I appreciate all your help, you definitely earned the points!
Workstations seem to be operating fine at this point.
I will start reading through sbsmigration tomorrow.
I appreciate all your help, you definitely earned the points!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have thought about that. I only have 15 users, may go that route.
I really do appreciate your time and help!
Thank you!
I really do appreciate your time and help!
Thank you!
ASKER
Once again, Thank you!