jjoz
asked on
Consolidating all FSMO Role to one DC in single domain forest
Hi All,
My current AD forest is consist of single domain DOMAIN.COM and the functionality is still Windows 2000 Native because our file server is still on Samba 2.2.8
and the DC configuration is like this:
Server A - 1st DNS + DC Global Catalog (Schema Master role)
Server B - Exc.Srv07 + DC Global Catalog (PDC,RID,Infra. Master, Domain Naming master)
Would it be better if i put my schema master role into Server B for the ease of backup and if Server A restart, server B still can send and receive email ?
I need your advice and suggestion guys, what should i do about it ?
thanks.
My current AD forest is consist of single domain DOMAIN.COM and the functionality is still Windows 2000 Native because our file server is still on Samba 2.2.8
and the DC configuration is like this:
Server A - 1st DNS + DC Global Catalog (Schema Master role)
Server B - Exc.Srv07 + DC Global Catalog (PDC,RID,Infra. Master, Domain Naming master)
Would it be better if i put my schema master role into Server B for the ease of backup and if Server A restart, server B still can send and receive email ?
I need your advice and suggestion guys, what should i do about it ?
thanks.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
*smile* You're not alone :)
-Matt
ASKER
Matt,
Thanks for your response during the weekend ;-)
it is really helpful for me in doing all of this task at the moment.
yes, this is the "part II" question from my other thread that you replied today.
at the moment, the Server B is already acting as the Secondary DNS Server in my domain, and I'm wondering if i could fit all of the FSMO role into single box for simplifying the backup.
Initially, my plan is just reinstall CAS Server role, but then I found out that my FSMO role is spread across 2 servers, now I also planning to reinstall Server A as well since it's been running slow installed with too many software
In this case I shall then do these steps:
0. Backup Server A and B as Full (store it somewhere safe)
1. transfer Schema Master role to Server B
2. restart and check the email flow
3. Uninstall CAS-Role then restart.
4. Install CAS-ROLE and restart.
5. take final full backup again for both Server A and B
prepare another thread for Server A decommisioning and reinstallation :-)
Thanks for your response during the weekend ;-)
it is really helpful for me in doing all of this task at the moment.
yes, this is the "part II" question from my other thread that you replied today.
at the moment, the Server B is already acting as the Secondary DNS Server in my domain, and I'm wondering if i could fit all of the FSMO role into single box for simplifying the backup.
Initially, my plan is just reinstall CAS Server role, but then I found out that my FSMO role is spread across 2 servers, now I also planning to reinstall Server A as well since it's been running slow installed with too many software
In this case I shall then do these steps:
0. Backup Server A and B as Full (store it somewhere safe)
1. transfer Schema Master role to Server B
2. restart and check the email flow
3. Uninstall CAS-Role then restart.
4. Install CAS-ROLE and restart.
5. take final full backup again for both Server A and B
prepare another thread for Server A decommisioning and reinstallation :-)
ASKER
Wow,
Chris thanks for replying my thread again in Sunday Night (Australian time) :-)
"Is Server B also a DNS server?"
the answer is YES.
Chris thanks for replying my thread again in Sunday Night (Australian time) :-)
"Is Server B also a DNS server?"
the answer is YES.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Matt,
Regarding "You should configure your DNS zones to be Active Directory-integrated"
Yes it is done already initially as Chris-Dent guide me last year.
wow, using this forum feels like having a chat directly with and experts, even during the weekend ;-)
have a great day to you Chris and Matt !
I'll be singing alone in the server room and hope that all is good during those defined steps.
Cheers.
Regarding "You should configure your DNS zones to be Active Directory-integrated"
Yes it is done already initially as Chris-Dent guide me last year.
wow, using this forum feels like having a chat directly with and experts, even during the weekend ;-)
have a great day to you Chris and Matt !
I'll be singing alone in the server room and hope that all is good during those defined steps.
Cheers.
Curious, but... What went / is going wrong with the CAS / Autodiscovery that requires re-installation there?
I would also suggest you run DCDiag and NetDiag prior to running DCPromo to demote the first DC. It's worth making sure that everything is working without trouble prior to changing things :)
Chris
ASKER
It is simply because the Autodiscover service failed on my CAS, as the consequence these services is no longer available since last year Exchange Server 2007.
1. Offline Address Book.
2. Out of Office Message.
3. Free/Busy status in shared calendar.
1. Offline Address Book.
2. Out of Office Message.
3. Free/Busy status in shared calendar.
================================================================================
NETDIAG
================================================================================
.....................................
Computer Name: SERVER-B
DNS Host Name: SERVER-B.domain.com
System info : Microsoft Windows Server 2003 R2 (Build 3790)
Processor : EM64T Family 6 Model 23 Stepping 6, GenuineIntel
List of installed hotfixes :
KB915800-v9
KB921503
KB923561
KB924667-v2
KB925398_WMP64
KB925876
KB925902
KB926122
KB926139
KB927891
KB929123
KB930178
KB931836
KB932168
KB932596
KB933729
KB935839
KB935840
KB936021
KB936357
KB936594
KB936782
KB937143
KB938127
KB938127-IE7
KB938464
KB940349-v3
KB940467-v2
KB941202
KB941568
KB941569
KB941644
KB941672
KB941693
KB941716
KB942615-IE7
KB942763
KB942830
KB942831
KB943055
KB943460
KB943484
KB943485
KB943729
KB944533-IE7
KB944653
KB945553
KB946026
KB947864-IE7
KB948496
KB948590
KB948881
KB949014
KB950759-IE7
KB950760
KB950762
KB950974
KB951066
KB951072-v2
KB951698
KB951746
KB951748
KB952004
KB952069
KB952954
KB953838-IE7
KB953839
KB954211
KB954600
KB955069
KB955839
KB956390-IE7
KB956391
KB956572
KB956802
KB956803
KB956841
KB957095
KB957097
KB958215-IE7
KB958644
KB958687
KB958690
KB959426
KB960225
KB960714-IE7
KB960715
KB960803
KB961063
KB961260-IE7
KB961373
KB963027-IE7
KB967715
Q147222
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Gigabit LAN Port #1
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : SERVER-B
IP Address . . . . . . . . : SERVER-B IP Address
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 149.135.204.1
Primary WINS Server. . . . : 149.135.204.34
Dns Servers. . . . . . . . : SERVER-A IP Address
SERVER-B IP Address
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
WINS service test. . . . . : Failed
The test failed. We were unable to query the WINS servers.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{9D2B325F-DA1B-43CF-BFF5-27F0DE7A84CA}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server 'SERVER-A IP Address' and other DCs also have some of the name
s registered.
PASS - All the DNS entries for DC are registered on DNS server 'SERVER-B IP Address' and other DCs also have some of the name
s registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{9D2B325F-DA1B-43CF-BFF5-27F0DE7A84CA}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{9D2B325F-DA1B-43CF-BFF5-27F0DE7A84CA}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Failed
[FATAL] Cannot initialize TAPI. Failed with error(0x80000048).
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
================================================================================
DCDIAG
================================================================================
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SERVER-B
Starting test: Connectivity
......................... SERVER-B passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SERVER-B
Starting test: Replications
......................... SERVER-B passed test Replications
Starting test: NCSecDesc
......................... SERVER-B passed test NCSecDesc
Starting test: NetLogons
......................... SERVER-B passed test NetLogons
Starting test: Advertising
......................... SERVER-B passed test Advertising
Starting test: KnowsOfRoleHolders
......................... SERVER-B passed test KnowsOfRoleHolders
Starting test: RidManager
......................... SERVER-B passed test RidManager
Starting test: MachineAccount
......................... SERVER-B passed test MachineAccount
Starting test: Services
......................... SERVER-B passed test Services
Starting test: ObjectsReplicated
......................... SERVER-B passed test ObjectsReplicated
Starting test: frssysvol
......................... SERVER-B passed test frssysvol
Starting test: frsevent
......................... SERVER-B passed test frsevent
Starting test: kccevent
......................... SERVER-B passed test kccevent
Starting test: systemlog
......................... SERVER-B passed test systemlog
Starting test: VerifyReferences
......................... SERVER-B passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : DOMAIN
Starting test: CrossRefValidation
......................... DOMAIN passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DOMAIN passed test CheckSDRefDom
Running enterprise tests on : domain.com
Starting test: Intersite
......................... domain.com passed test Intersite
Starting test: FsmoCheck
......................... domain.com passed test FsmoCheck
How did Autodiscover fail?
-Matt
ASKER
Matt,
It was simply the changes made in .NET FX 3.5 SP1 affect the way Outlook communicates with Exchange 2007
It was simply the changes made in .NET FX 3.5 SP1 affect the way Outlook communicates with Exchange 2007
Before taking drastic steps to reinstall the CAS role, I'd probably simply try reinstalling the latest Service Pack which was applied to the server. Also attempt to reconfigure the auto-discover virtual directory via Exchange Management Console.
-Matt
ASKER
Yes, I've tried that before and I couldn't find it which one that actually broke Exchange.
However, here's the plan in backing up my Server B using BESRO:
1. Make sure to shut down al MS Exchange services and to shutdown the NETLOGON service.
2. As soon as BESR is completed turn the services back on.
so that is the last resort that i know of.
However, here's the plan in backing up my Server B using BESRO:
1. Make sure to shut down al MS Exchange services and to shutdown the NETLOGON service.
2. As soon as BESR is completed turn the services back on.
so that is the last resort that i know of.
Sounds good to me.
ASKER
thanks for your help and very fast response Chris and Matt !
Damn Matt, I thought I was the only one that posted this early on a Sunday morning :)
Chris