Solved

SBS2011 migration going badly

Posted on 2011-03-02
15
823 Views
Last Modified: 2012-05-11
This could be getting ugly.  I am migrating a SBS 2003 to SBS 2011, which appears to be going through the motions fairly well, and is now at the point where it is time to start turning off the old server.  BUT...  When I add a new user to the network using the SBS console, the user does not appear in active directory users and computers, nor does it create a malbox for the user.  Still looking for the log file for more info on that, but the user can log in!  I have looked for the new user on both the old and new server thinking it might be a replication thing, and in every folder visible in ADUC. I am unable to add a mailbox to the new user manually as wizard is unable to see the user to attach the mailbox to.  I also discovered that when the old server is turned off, nobody can log in at all.  Verified that DNS points to new server primary and old server secondary.  
0
Comment
Question by:billherde
  • 8
  • 4
  • 2
  • +1
15 Comments
 
LVL 38

Expert Comment

by:Philip Elder
ID: 35022701
Did the Migration Mode OS install come up with the green check after it completed?

Was the Source Prep tool used on the source before the MM OS SBS 2011 install?

Philip
0
 
LVL 13

Expert Comment

by:AustinComputerLabs
ID: 35022709
Did you do a migration install using an answer file created on the old server?
0
 
LVL 3

Author Comment

by:billherde
ID: 35023003
Migration checks came up green across the board, and yes the answer file was created on the old server.
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 3

Author Comment

by:billherde
ID: 35023014
Yes prep tool was completed also.
0
 
LVL 38

Expert Comment

by:Philip Elder
ID: 35023108
Did you run the SBS BPA on the source?

Is AD in Journal Wrap (in logs).

Philip
0
 
LVL 13

Expert Comment

by:AustinComputerLabs
ID: 35023110
Did the migration put the users into the SBS Users OU?
0
 
LVL 38

Expert Comment

by:Philip Elder
ID: 35023133
While SBS 2008 this gives you the OU structure:

http://blog.mpecsinc.ca/2009/03/sbs-2008-mpecs-default-group-policy.html

Philip
0
 
LVL 3

Author Comment

by:billherde
ID: 35023388
SBS BPA ran OK, and migration went through as I would have expected.  Email moved, FSMO moved, and current users moved into the SBS users folder.  It actually appeared to be all good until I started doing those just in case checks.
0
 
LVL 38

Expert Comment

by:Philip Elder
ID: 35023475
Did you give the new admin account a real name (created before running the Migration Wizard) and a long pass phrase?

Philip
0
 
LVL 3

Author Comment

by:billherde
ID: 35023605
Admin account had been renamed long ago with complex password.  Going offsite now, back in an hour.
0
 
LVL 5

Accepted Solution

by:
ccns earned 500 total points
ID: 35024572
sounds like you need to manually move the FSMO roles to the new server. As if when you turn off the old machine that would suggest this, im on my phone right now so cant post a link.
Will try from memory,
moving ridmaster,pdc and inf master. Goto ad users and computers, right click domain and select operation masters role, to move to other server you will need to do this on the new pdc.
For the other two roles: schema and domain naming... Ad domains and trusts.... Same process.
Hope it helps
0
 
LVL 3

Assisted Solution

by:billherde
billherde earned 0 total points
ID: 35024631
So far it seems my first hunch is where it is leading.  User is not appearing in ADUC on either server, AND replication is failing between them, with a warning instead of an error. (why would something of this much importance only flag a warning???)  So far, have found one extra DNS entry for the new server pointing to the wrong place, Server IP had been changed to accommodate remote users that have hard coded host files for use across VPN, and new server was claiming invalid time zone. Rebooting both servers now and then lets look at FRS event log again.
0
 
LVL 3

Assisted Solution

by:billherde
billherde earned 0 total points
ID: 35024854
Still no replication happening.  Both DCs think FSMO are where they should be.  DS event log has a new error "the server is the owner of the FSMO role but does not consider it valid."  Proceeding with FSMO seize.  All 5 roles reported status of role could not be determined.  Seize completed OK.  Still no DS repl.  Attempt manual repl returns error "server is currently rejecting replication requests"  DCdiag reports "Replication has been explicitly disabled through server options" This looks like default SBS configuration, perhaps prep tool didn't do something?  repadmin /replicate /force suceeded, and the new user has appeared in ADUC!  Yay!  Still looking for how to enable repl as it is still not working and repadmin /options -disable_outbound_repl is not fixing it.
0
 
LVL 3

Assisted Solution

by:billherde
billherde earned 0 total points
ID: 35024891
Found it.  Syntax error,  should be 'repadmin /options {DC} -disable_outbound_repl' then repadmin /options {DC} -disable_inbound_repl'.  Moral of the story, Not all warnings can be ignored when checking event logs.
0
 
LVL 3

Author Closing Comment

by:billherde
ID: 35067790
CCNS was on the right track, but it was much deeper than expected.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question