SBS 2003 migrate to EBS 2008 - unable to detect schema upgrade

My first step would be to download the "IT Health Scanner" from the MS website. This is built on the same technology as the EBS prep wizard, but has updated rules and does a few checks that the EBS scanner doesn't do because of the nature of when and where it was designed to be used.

It should hopefully tell you specifically what is happening with your AD infrastructure that may be preventing the EBS installer from detecting the updated schema.

See Health Scan Results from the "IT Health Scanner". I have pasted the report in under code

Network Connectivity  Completed  
Server names resolve correctly 
 Completed 
 
Active Directory is connected to all domain controllers 
 Completed 
 
Remote WMI access is enabled on servers 
 Completed 
 
Servers can be queried using DNS 
 Completed 
 
Time service is running on all domain controllers 
 Completed 
 
Exchange service is installed 
 Completed 
 
DSAccess is configured correctly 
 Completed 
 
Netlogon service is running on all domain controllers 
 Completed 
 

 
Active Directory Site Configuration  Completed  
Inter-site topology generation is enabled for the Knowledge Consistency Checker 
 Completed 
 
Intra-site topology generation is enabled for the Knowledge Consistency Checker 
 Completed 
 
Local Active Directory site contains only local subnets 
 Completed 
 
Universal group membership is cached 
 Completed 
 
Domain controllers are holding roles 
 Completed 
 
Active Directory site is contained in a site link 
 Completed 
 
Connection translation is enabled and a global catalog exists 
 Completed 
 
Interval for tombstone lifetime is set correctly 
 Completed 
 
Inbound replication is enabled 
 Completed: This check is not applicable because there is only one domain controller. 
 
Outbound replication is enabled (for writable domain controllers only) 
 Completed: This check is not applicable because there is only one domain controller. 
 
Infrastructure master is not a global catalog server 
 Completed 
 

 
Active Directory Subnet Configuration  Completed  
Subnets are associated to Active Directory sites 
 Completed 
 
Subnets are defined in Active Directory 
 Completed 
 
Subnet definitions are consistent in Active Directory 
 Completed 
 
Active Directory site contains a subnet definition 
 Completed 
 

 
Active Directory Replication  Completed  
Domain controller replicates within the timeout threshold 
 Completed: This check is not applicable because there is only one domain controller. 
 
Allow Replication With Divergent and Corrupt Partner is disabled 
 Completed 
 
Domain, Schema, and Configuration naming contexts are defined 
 Completed: This check is not applicable because there is only one domain controller. 
 
Naming context replicated successfully 
 Completed: This check is not applicable because there is only one domain controller. 
 

 
File Replication and SYSVOL Administration  Completed  
The File Replication Service and the DFS Replication services are running 
 Completed 
 
Domain controller replicates within the timeout threshold 
 Completed 
 
Sufficient free space exists on the SYSVOL partition 
 Completed 
 
Sufficient free space exists for the SYSVOL staging folder 
 Completed 
 
Domain controllers do not have morphed folders 
 Completed 
 
SYSVOL staging area has sufficient free space 
 Completed 
 
SYSVOL local path can be read from the registry. 
 Completed 
 

 
DNS Verification  Completed  
Start of Authority resource record was found 
 Completed 
 
Glue records can be resolved 
 Completed 
 
GUID CNAME records can be resolved 
 Completed 
 
DNS delegation is functioning 
 Completed 
 
Domain controllers are not hosting the root DNS zone 
 Completed 
 
Domain controllers are using static IP addresses 
 Completed 
 
Domain controllers are associated to a domain zone 
 Completed 
 
DNS records can be resolved 
 Completed 
 
Forwarders are configured and root hints are enabled 
 Completed 
 
Scavenging interval is set correctly for a zone 
 Completed 
 

 
Network Adapter Configuration  Errors: 1, Warnings: 1 
Domain controllers are not listening on multiple addresses 
 Warning: The SERVERNAME  domain controller is listening on multiple addresses. 
 See also: KB 272294 
 
DNS servers are not listening on multiple addresses 
 Completed 
 
Orphaned network interface objects do not exist 
 Completed 
 
Domain controllers reference a valid DNS server 
 Completed 
 
Binding order is set correctly 
 Completed 
 
APIPA addresses are not used 
 Completed 
 
Dynamic registration is configured correctly 
 Error: Dynamic DNS registration is enabled on the SMC EZ Card 10/100 PCI (SMC1211TX) (MAC address: 00:E0:29:4C:47:E2) external network adapter on the SERVERNAME  server. 
 See also: KB 816592 
 
Gateway address is in the same network as the IP address and subnet mask 
 Completed 
 
Computer is not connected to the same network multiple times via different network adapters 
 Completed 
 

 
Domain Controller Health  Completed  
Volume that contains the operating system has greater than 1 GB of free space 
 Completed 
 
Volume that contains the operating system has greater than 100 MB of free space 
 Completed 
 

 
Network Time Protocol Configuration  Warnings: 2 
Clock offset for domain controllers is within five minutes of the PDCE 
 Completed 
 
Domain controllers that are configured to use Network Time Protocol (NTP) have NTP servers defined 
 Completed 
 
PDCE of the root domain is configured to synchronize with a reliable time source 
 Completed 
 
Domain controllers are configured to allow time corrections that are less than two days 
 Warning: The SERVERNAME  domain controller is configured to allow time corrections that are greater than 172800 seconds. 
 See also: KB 884776 
 
Time sources are defined correctly for domain controllers 
 Warning: The SERVERNAME  server is configured to use only the default time source of time.windows.com. 
 See also: KB 816042 
 

 
Exchange Server Configuration  Completed  
Exchange Server is using domain controllers within the same local Active Directory site 
 Completed 
 
LDAP filters are valid 
 Completed 
 
Public Folders container exists under All Address Lists in Active Directory 
 Completed 
 
Public Folders container allows inheritable permissions 
 Completed 
 
All Address Lists container allows inheritable permissions 
 Completed 
 
Recipient Policy names do not contain leading and trailing spaces 
 Completed 
 
Exchange organization is running in native mode 
 Completed 
 
Recipient policies use supported SMTP address format 
 Completed 
 
Exchange organization does not contain a server running Exchange Server 5.5 
 Completed 
 
Exchange organization does not contain Active Directory Connectors 
 Completed 
 
Exchange Server 2003 service packs are installed 
 Completed 
 
Exchange Server 2000 service packs are installed 
 Completed 
 
Exchange 2000 Server software updates are installed 
 Completed 
 

 
Network Configuration  Completed  
IP addresses are valid in the network 
 Completed 
 
Network adapters are configured with the correct gateway 
 Completed 
 

 
Event Log Entries  Warnings: 2 
System Log, Netlogon, Event ID 5774 
 Completed 
 
System Log, Netlogon, Event ID 5775 
 Completed 
 
System Log, Netlogon, Event ID 5781 
 Completed 
 
System Log, EventLog, Event ID 6008 
 Completed 
 
System Log, W32Time,Event ID 36 
 Completed 
 
System Log, W32Time, Event ID 29 
 Warning: Event 29 was reported on the SERVERNAME  computer. Time: 2010/06/10 07:05:00 PM. Type: Error. Source: W32Time. Category: 0. User: . Computer: SERVERNAME Description: The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time. . 
 See also: KB 957009 
 
System Log, SAM, Event ID 16645 
 Completed 
 
System Log, NTFS, Event ID 55 
 Completed 
 
Directory Service Log, Global Catalog, Event ID 1110 
 Completed 
 
Directory Service Log, NTDS General, Event ID 2103 
 Completed 
 
File Replication Service Log, NtFrs, Event ID 13510 
 Completed 
 
File Replication Service Log, NtFrs, Event ID 13511 
 Completed 
 
System Log, Ftdisk, Event ID 57 
 Completed 
 
File Replication Service Log, NtFrs, Event ID 13568 
 Completed 
 
Directory Service Log, NTDS ISAM, Event ID 467 
 Completed 
 
File Replication Service Log, NtFrs, Event ID 13561 
 Completed

Select allOpen in new window

Ahh. Well, it looks like you are using a multi-homed domain controller. I recommend moving to a single-NIC configuration before performing the migration since the security server needs to step in and fill that role. Although I've not seen it cause schema issues, I have seen enough other oddities with multi-homed domain controllers that I wouldn't rule it out.

The problem is that we are using ISA server on the SBS server that is why we have two networks cards in the machine. We will now try to update our DHCP settings so that all domain PC will use the internet router as the gateway and not the SBS server anymore. Once everyone has the new DHCP settings we will disable the extra NIC on the SBS server and then restart the EBS installation wizard.

Will send an update as soon as we have come so far.

The problem is that we are using ISA server on the SBS server that is why we have two networks cards in the machine. We will now try to update our DHCP settings so that all domain PC will use the internet router as the gateway and not the SBS server anymore. Once everyone has the new DHCP settings we will disable the extra NIC on the SBS server and then restart the EBS installation wizard.

Will send an update as soon as we have come so far.

Ok, we have now changed our config and the IT Environment Health Scanner does not report the Network card error anymore. But the EBS environment check still says "A schema upgrade is required". See updated Health Scan Results

Ok, we have now changed our config and the IT Environment Health Scanner does not report the Network card error anymore. But the EBS environment check still says "A schema upgrade is required". See updated Health Scan Results

are you certain you have done the forest prep AND domain prep? those are two different steps. and you must raise the functional level of the domain. any one of those would cause a migration prep error but would not be considered a problem by the health scanner.

Yes, we have done both. See code.

Yes, we have done both. See code.

C:\Documents and Settings\Administrator\adprep>adprep.exe /forestprep

ADPREP WARNING:

Before running adprep, all Windows 2000 Active Directory Domain Controllers in t
he forest should be upgraded to Windows 2000 Service Pack 4 (SP4) or later.

[User Action]
If ALL your existing Windows 2000 Active Directory Domain Controllers meet this
requirement, type C and then press ENTER to continue. Otherwise, type any other
key and press ENTER to quit.


C
Forest-wide information has already been updated.
[Status/Consequence]
Adprep did not attempt to rerun this operation.



C:\Documents and Settings\Administrator\adprep>adprep.exe /domainprep
Running domainprep ...


Domain-wide information has already been updated.
[Status/Consequence]
Adprep did not attempt to rerun this operation.



C:\Documents and Settings\Administrator\adprep>adprep.exe /domainprep /gpprep
Running domainprep ...


Domain-wide information has already been updated.
[Status/Consequence]
Adprep did not attempt to rerun this operation.


No Group Policy Object (GPO) updates needed, or GPO information has already been
 updated.
[Status/Consequence]
Adprep did not attempt to rerun this operation.



C:\Documents and Settings\Administrator\adprep>

This relates to the issue but refers to a slightly different layout. worth a read in case it helps.

http://support.microsoft.com/kb/977193/en-gb?p=1

Here are a couple of things I'm noticing (or not noticing as the case may be:)

1) You are running adprep from the C drive. The 2008 media contains the actual schema files that adprep uses to upgrade the schema. I've always run adprep directly from the media, but if you copied that data, you need to copy the *entire directory.*

2) I mentioned that you also need to raise both the domain and forest functional level. This is *not* done by ADPrep. This is something you do in ADST on the server. Both must be raised to the 2003 functional level. I don't see you mention this anywhere after I brought it up, so I don't want to assume anything, or assume you thought ADPrep did this. Double check your functional level via ADST.

3) Exchange 2003 SP2 *must* be installed. That also makes Exchange-specific schema changes and, if not installed, you will still get schema errors even though the core AD schema is up-to-date.

Thank you for the good advice so far! We have forgotten to raise the functional level. So we have done this now. Both the Forest and Domain functional level is "Windows Server 2003".

We have copied the whole adprep folder from the EBS 2008 installation disk.

Exchange 2003 SP2 was installed.

Stll the same error message. We will now try to restart the EBS installation wizard and see if that helps at all.

Further advice will be appreciated.

I have now restarted the EBS setup, but no luck. It still stop at the Environment check:

"Active Directory schema level is set to Windows Server 2008": Error
A schema upgrade is required.

Is there anyway that I can check whether my schema level is actually set to Windows Server 2008?

I have now restarted the EBS setup, but no luck. It still stop at the Environment check:

"Active Directory schema level is set to Windows Server 2008": Error
A schema upgrade is required.

Is there anyway that I can check whether my schema level is actually set to Windows Server 2008?

To check domain functional level, open Active directory domains & trusts or users & computers and right click on the domain name> properties.

The 'Domain operation mode' should advise what level the domain is currently running at.
Sounds like there is a big issue there as the setup you are running thinks its at 2008 level, which is not possible if your server is server 2003.

could you check %Systemroot%\system32\debug\adprep\logs directory and see if there are any logs here advising whats going on?


Incidentally, has this server got two NICs? if so, are they on the same network/subnet and why are there two?

Yes. Let's start with this command:
dsquery * cn=schema,cn=configuration,dc=<root_domain> -scope base -attr objectVersion
replace <root_domain> with the root AD domain. It'll be an integer number that is returned. Post that back.

C:\Documents and Settings\Administrator>dsquery * cn=schema,cn=configuration,dc=
staro,dc=spc -scope base -attr objectVersion
  objectVersion
  47

Oh boy. So.....this network has or has had 2008 R2 domain controller. Good tidbit to know.
Here is your fix:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;977195
and
http://support.microsoft.com/default.aspx?scid=kb;EN-US;977193 

How do I install these updates on the EBS 2008 server? It is currenly running the installation wizard so I have no option of installing any updates?

Do you have any 2008 DCs?

totallytonto: Even if he doesn't, AD schema 47 is the schema version for 2008 R2, so at some point someone ran ADPrep from an R2 disc, even if they didn't follow through with promoting an R2 server.
The EBS installer was hardcoded to look for version 44, not higher, not lower, so this is a bug in the installer that must be patched, hence the forced installation of the .msp at runtime.

Thank you very much cgaliher! Installing the EBS2008-KB977193-X64-ENU update fixed the problem. I am now able to carry on with the EBS 2008 setup.

Thanks again!

Glad to hear. Sorry it took so long to get there. I read SBS 2003 and it never occurred to me that your schema would not be at the default SBS 2003 level. Live and learn; I won't make that assumption again!   :)  Good luck with the rest of your install. We are here if you get stuck.