Solved

Windows 2003 Server Migration profile problems

Posted on 2011-03-01
18
856 Views
Last Modified: 2016-10-27
I was called in to help a sister organization and I have a bit of an emergency on my hands help is greatly appreciated.

I have a dell power edge hosting AD (2003 ent) with about 100 users they have roaming profiles and redirected MyDocs and .psts. The server is on its last leg so I have built a new 2003 dc joined it to the domain, set as GC and transferred all roles.

I restored the profiles and user data on the new server using acronis I tried to transfer via Xcopy and copy but I had too many problems so I used the image.

My problem is the when I associate the user with the new profile directory and the data directory its gives me an access error I have check all permissions they seem identical to the original acls etc.
I also am experiencing an interesting issue with the D drive (profile and data drive) after sharing when I reboot the share disappears
Thanks for your time!!!
0
Comment
Question by:Willy_77
  • 7
  • 6
  • 4
  • +1
18 Comments
 
LVL 9

Expert Comment

by:rawinnlnx9
ID: 35011285
I think you need to reconsider you migration strategy. Go to http://www.sbsmigration.com and register. You can have your entire organization transfered seamlessly, with no hiccups (Assuming your current DC has up to date service packs).

Otherwise if you are member at that site you can get assistance and also download the troubleshooting guide which is a lifesaver.
0
 
LVL 31

Expert Comment

by:DrUltima
ID: 35011436
Willy_77,

I saw no where in your Question where you were using an SBS product.  If you are, please let me know, because this will change the advise given.

If you are on Server 2003 Standard or Enterprise (original or R2), this should be an acceptable path (though not the ideal one).  When you say you associate a user with a profile, I am assuming you are meaning you are associating with a Roaming profile.  Are you using GPO for this or are you defining them in ADUC?

DrUltima
0
 
LVL 76

Expert Comment

by:arnold
ID: 35011982
To DrUltima point if you were using Domain based share for roaming profile and folder redirect you are in better position i.e. all you would need to do is establish replication between the current repository and the new server. one the data is replicated, you would add the new server as a target and after some time, remove the old one as the target.

Do not alter roaming profiles prior to dealing with the folder redirect issues.

If your folder redirects are servename based, you would need to first remove the redirect using GPO such that the redirected folder data is copied back into the profile.
Once that is done. You would reapply a folder redirect GPO with the new location which I strongly recommend for you to use a domain based share (DFS).
The change for the profile is likely within ADUC which you can apply the change by selecting all the users and modifying them at the same time.
DFS for roaming profile might also be an option.  note though that you may have to clear the local cached profiles on systems if you do not have a policy that deletes cached roaming profiles when they logoff and the data is successfully transferred to the server.


0
 

Author Comment

by:Willy_77
ID: 35012174
Great comments!!
Whoohooo here we go!

No small business server I am running 2003 enterprise on both DCs
and I am on a closed network no outside access

Regarding folder redirection I am not using GP I am simply setting the "home folder" to a shared directory and the users are storing data, i.e.: Connect H: //otc1dc/usr_mydocs$/user

When I create a test account and recreate the environment and test I get the profile error and it creates a tmp profile locally.

Any ideas as to why I am losing my share on the D after reboot?
0
 
LVL 31

Expert Comment

by:DrUltima
ID: 35012242
Well... There are a couple of issues...

Home Profile, as defined in ADUC, is just a location the computer defaults to.  It doesn't move My Documents, etc.  You say your users have roaming profiles.  How do you accomplish this?  It is generally through GPO, but it can be done other ways.  Or, do you simply mean that users have a share in which they store their personal data?

Your second issue, the server losing its share after reboot, is a different issue.  I am going to assume that your D drive is an internal, physical drive or array (hopefully a redundant RAID).  If they are on an external drive, that could be causing problems, as that means the drive is probably not mounted before Windows tries to create the shares.  Additionally, you should see the shares in HKLM\System\CurrentControlSet in the Registry.  Also check ControlSetXXX (where XXX is a three digit number, generally 001, 002, etc) which is the LastKnownGood key.  Make sure they match.  If they don't, export CurrentControlSet and import it into ControlSetXXX (back up your registry first).

DrUltima
0
 

Author Comment

by:Willy_77
ID: 35012419
DrUltima,

Thanks for your time!!! The Home folder is just for storage and regarding the roaming profile standard approach with \\otc1dc\profiles\user in the profile path on the profile tab in ADUC.

The D drive is an internal with no fault tolerance the customer gave me a Dell T3400 workstation to build on. I should mention that the drive that was in the box when I installed died and I replaced it after the AD transfer etc.
The build went flawless I didnt see anything alarming the only thing I felt uncertain about was using Acronis to restore the profiles and usr docs directories on the new DC from the OLD

I will look into the registry issue when I go back to that lab today.

Thanks!
0
 
LVL 31

Expert Comment

by:DrUltima
ID: 35012458
You are welcome.  Once we have addressed your disappearing share issue, we can address the profile issue.  They are a chain reaction.  Once the share goes down, the profile fails.  We need to get the shares stable first.

DrUltima
0
 

Author Comment

by:Willy_77
ID: 35012473
Sequence of events:
Built new DC (OTC1DC) installed all patches,  DCPROMOED as additional DC, set new DC as GC in Sites and Services, transferred RID PDC Infastructure roles, created image of the  D drive on the old server and restored in on the OTC1DC recreated the shares and in ADUC when I change the \\olddc\profiles\user1 to \\OTC1DC\profiles\user1 It splashes an error saying the user doesn’t have the right to create profile in the directory
0
 
LVL 76

Expert Comment

by:arnold
ID: 35012482
you need to double check the permissions on the shared folder on the new server to make sure that domain users have full access to the shared folder, while the individal user profile folders are only accessible by the user and administrators (GPO to add Administrators group to the created user profile)

The problem as I mentioned if you do not have a GPO that unloads the cached roaming profile, it remains on the system pointing to the server from which it was loaded.  Depending on when you took the backup of the profiles, they might appear as being in use (ntuser.dat file).

Double check that the user profile has the user as the owner.

What is the share on D: drive?
0
Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

 
LVL 31

Expert Comment

by:DrUltima
ID: 35012492
Have you checked permissions to see if that is, indeed, the case?  In other words, did your Acronis restore work as you hoped it would and restore the permissions as well as the file structure?
0
 
LVL 31

Expert Comment

by:DrUltima
ID: 35012497
As an aside, it is safe you assume you transferred the other FSMO roles as well?
0
 

Author Comment

by:Willy_77
ID: 35012512
Awesome!!

I am going to check the registry now:0)

And one more thing I should mention I got past the access error in ADUC by making the user the owner of the directory then ADUC would allow me to complete the association, after I click apply it asked me if I would like to make the user the owner of the directory BUT I still am presented the error upon logon........
0
 
LVL 76

Accepted Solution

by:
arnold earned 250 total points
ID: 35013008
The AD roles have nothing to do with the access to the share.  The share issue deals with permissions and whether the profile is detected as being used.
Go to any workstation. Login as the admin, access the user profile section
Advanced properties of my computer/computer user profile settings.
Delete the profiles or use a profile that never logged into this workstation to see whether it also has an issue when logging into this workstation with the change in profile.  Double check that the share on the new server is accessible and is not beiing block by windows firewall.
Check the event log on the workstation to see if it records the reason for the error? i.e. roaming profile location inaccessible, etc.
once logged in, can he user access he \\servername\location\username?
Check the sharing permissions on the share.  It needs to have everyone with full access or domain users with full access.
0
 

Author Comment

by:Willy_77
ID: 35013202
Gentlemen,

   I think I was rushing the gun here I came back to check the server after 4 hours of brewing and I created a new account made the profile and home folder association clicked apply NO ERRORs plus I logged into a workstation without fault. I re-enabled an old account with a huge profile changed the share and profile association to the new dc on the profiles tab BAM no errors BUT i deleted the old profile on the workstation before I logged on so that may have been an issue.

I am going to run a backup and let her brew overnight and I will provide an update and points.

I really cant thank you guys enough thanks for helping feed my kids and pay my mortage:0)
0
 

Author Comment

by:Willy_77
ID: 35013224
DrUltima,

 The Acronis approached worked well it carried over all permissions etc I really need to dig into XCOPY. What approach would you use in this senario to move the data?
0
 
LVL 76

Expert Comment

by:arnold
ID: 35013998
Sorry to jump on your comment DrUlima if it is the same.
If the option exists i.e. your system in windows server 2003 R2 or newer, I'd use DFS-replication and then progress from there.

xcopy,
robocopy is another option. /copy:DATO will maintain the ownership, and other settings.
ntbackup is another option.
0
 
LVL 31

Assisted Solution

by:DrUltima
DrUltima earned 250 total points
ID: 35017242
robocopy is the method I would use, as arnold mentioned.  I know FSMO has no role in shares, I brought them up only because he indicated he was retiring the old server, so it would eventually need to happen.  Gracefully is better than seize.  

Glad it seems to be functioning for you now.

DrUltima
0
 

Author Comment

by:Willy_77
ID: 35028202
Hey guys we are steady and stable now I turned over the rest of the work to the local admin once he is finished I will finish the GRACEFULL transfer of the remaining roles.

I really appreciate all the help thanks for the suggestions and I can really use the guidance regarding xcopy and robo!!
0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Is your company's data protection keeping pace with virtualization? Here are 7 dynamic ways to adapt to rapid breakthroughs in technology.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now