[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

SBS2011 migration going badly

Posted on 2011-03-02
15
Medium Priority
?
826 Views
Last Modified: 2012-05-11
This could be getting ugly.  I am migrating a SBS 2003 to SBS 2011, which appears to be going through the motions fairly well, and is now at the point where it is time to start turning off the old server.  BUT...  When I add a new user to the network using the SBS console, the user does not appear in active directory users and computers, nor does it create a malbox for the user.  Still looking for the log file for more info on that, but the user can log in!  I have looked for the new user on both the old and new server thinking it might be a replication thing, and in every folder visible in ADUC. I am unable to add a mailbox to the new user manually as wizard is unable to see the user to attach the mailbox to.  I also discovered that when the old server is turned off, nobody can log in at all.  Verified that DNS points to new server primary and old server secondary.  
0
Comment
Question by:billherde
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 4
  • 2
  • +1
15 Comments
 
LVL 39

Expert Comment

by:Philip Elder
ID: 35022701
Did the Migration Mode OS install come up with the green check after it completed?

Was the Source Prep tool used on the source before the MM OS SBS 2011 install?

Philip
0
 
LVL 13

Expert Comment

by:AustinComputerLabs
ID: 35022709
Did you do a migration install using an answer file created on the old server?
0
 
LVL 3

Author Comment

by:billherde
ID: 35023003
Migration checks came up green across the board, and yes the answer file was created on the old server.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 3

Author Comment

by:billherde
ID: 35023014
Yes prep tool was completed also.
0
 
LVL 39

Expert Comment

by:Philip Elder
ID: 35023108
Did you run the SBS BPA on the source?

Is AD in Journal Wrap (in logs).

Philip
0
 
LVL 13

Expert Comment

by:AustinComputerLabs
ID: 35023110
Did the migration put the users into the SBS Users OU?
0
 
LVL 39

Expert Comment

by:Philip Elder
ID: 35023133
While SBS 2008 this gives you the OU structure:

http://blog.mpecsinc.ca/2009/03/sbs-2008-mpecs-default-group-policy.html

Philip
0
 
LVL 3

Author Comment

by:billherde
ID: 35023388
SBS BPA ran OK, and migration went through as I would have expected.  Email moved, FSMO moved, and current users moved into the SBS users folder.  It actually appeared to be all good until I started doing those just in case checks.
0
 
LVL 39

Expert Comment

by:Philip Elder
ID: 35023475
Did you give the new admin account a real name (created before running the Migration Wizard) and a long pass phrase?

Philip
0
 
LVL 3

Author Comment

by:billherde
ID: 35023605
Admin account had been renamed long ago with complex password.  Going offsite now, back in an hour.
0
 
LVL 5

Accepted Solution

by:
ccns earned 2000 total points
ID: 35024572
sounds like you need to manually move the FSMO roles to the new server. As if when you turn off the old machine that would suggest this, im on my phone right now so cant post a link.
Will try from memory,
moving ridmaster,pdc and inf master. Goto ad users and computers, right click domain and select operation masters role, to move to other server you will need to do this on the new pdc.
For the other two roles: schema and domain naming... Ad domains and trusts.... Same process.
Hope it helps
0
 
LVL 3

Assisted Solution

by:billherde
billherde earned 0 total points
ID: 35024631
So far it seems my first hunch is where it is leading.  User is not appearing in ADUC on either server, AND replication is failing between them, with a warning instead of an error. (why would something of this much importance only flag a warning???)  So far, have found one extra DNS entry for the new server pointing to the wrong place, Server IP had been changed to accommodate remote users that have hard coded host files for use across VPN, and new server was claiming invalid time zone. Rebooting both servers now and then lets look at FRS event log again.
0
 
LVL 3

Assisted Solution

by:billherde
billherde earned 0 total points
ID: 35024854
Still no replication happening.  Both DCs think FSMO are where they should be.  DS event log has a new error "the server is the owner of the FSMO role but does not consider it valid."  Proceeding with FSMO seize.  All 5 roles reported status of role could not be determined.  Seize completed OK.  Still no DS repl.  Attempt manual repl returns error "server is currently rejecting replication requests"  DCdiag reports "Replication has been explicitly disabled through server options" This looks like default SBS configuration, perhaps prep tool didn't do something?  repadmin /replicate /force suceeded, and the new user has appeared in ADUC!  Yay!  Still looking for how to enable repl as it is still not working and repadmin /options -disable_outbound_repl is not fixing it.
0
 
LVL 3

Assisted Solution

by:billherde
billherde earned 0 total points
ID: 35024891
Found it.  Syntax error,  should be 'repadmin /options {DC} -disable_outbound_repl' then repadmin /options {DC} -disable_inbound_repl'.  Moral of the story, Not all warnings can be ignored when checking event logs.
0
 
LVL 3

Author Closing Comment

by:billherde
ID: 35067790
CCNS was on the right track, but it was much deeper than expected.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question