Solved

SBS2011 migration going badly

Posted on 2011-03-02
15
819 Views
Last Modified: 2012-05-11
This could be getting ugly.  I am migrating a SBS 2003 to SBS 2011, which appears to be going through the motions fairly well, and is now at the point where it is time to start turning off the old server.  BUT...  When I add a new user to the network using the SBS console, the user does not appear in active directory users and computers, nor does it create a malbox for the user.  Still looking for the log file for more info on that, but the user can log in!  I have looked for the new user on both the old and new server thinking it might be a replication thing, and in every folder visible in ADUC. I am unable to add a mailbox to the new user manually as wizard is unable to see the user to attach the mailbox to.  I also discovered that when the old server is turned off, nobody can log in at all.  Verified that DNS points to new server primary and old server secondary.  
0
Comment
Question by:billherde
  • 8
  • 4
  • 2
  • +1
15 Comments
 
LVL 38

Expert Comment

by:Philip Elder
Comment Utility
Did the Migration Mode OS install come up with the green check after it completed?

Was the Source Prep tool used on the source before the MM OS SBS 2011 install?

Philip
0
 
LVL 13

Expert Comment

by:AustinComputerLabs
Comment Utility
Did you do a migration install using an answer file created on the old server?
0
 
LVL 3

Author Comment

by:billherde
Comment Utility
Migration checks came up green across the board, and yes the answer file was created on the old server.
0
 
LVL 3

Author Comment

by:billherde
Comment Utility
Yes prep tool was completed also.
0
 
LVL 38

Expert Comment

by:Philip Elder
Comment Utility
Did you run the SBS BPA on the source?

Is AD in Journal Wrap (in logs).

Philip
0
 
LVL 13

Expert Comment

by:AustinComputerLabs
Comment Utility
Did the migration put the users into the SBS Users OU?
0
 
LVL 38

Expert Comment

by:Philip Elder
Comment Utility
While SBS 2008 this gives you the OU structure:

http://blog.mpecsinc.ca/2009/03/sbs-2008-mpecs-default-group-policy.html

Philip
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 3

Author Comment

by:billherde
Comment Utility
SBS BPA ran OK, and migration went through as I would have expected.  Email moved, FSMO moved, and current users moved into the SBS users folder.  It actually appeared to be all good until I started doing those just in case checks.
0
 
LVL 38

Expert Comment

by:Philip Elder
Comment Utility
Did you give the new admin account a real name (created before running the Migration Wizard) and a long pass phrase?

Philip
0
 
LVL 3

Author Comment

by:billherde
Comment Utility
Admin account had been renamed long ago with complex password.  Going offsite now, back in an hour.
0
 
LVL 5

Accepted Solution

by:
ccns earned 500 total points
Comment Utility
sounds like you need to manually move the FSMO roles to the new server. As if when you turn off the old machine that would suggest this, im on my phone right now so cant post a link.
Will try from memory,
moving ridmaster,pdc and inf master. Goto ad users and computers, right click domain and select operation masters role, to move to other server you will need to do this on the new pdc.
For the other two roles: schema and domain naming... Ad domains and trusts.... Same process.
Hope it helps
0
 
LVL 3

Assisted Solution

by:billherde
billherde earned 0 total points
Comment Utility
So far it seems my first hunch is where it is leading.  User is not appearing in ADUC on either server, AND replication is failing between them, with a warning instead of an error. (why would something of this much importance only flag a warning???)  So far, have found one extra DNS entry for the new server pointing to the wrong place, Server IP had been changed to accommodate remote users that have hard coded host files for use across VPN, and new server was claiming invalid time zone. Rebooting both servers now and then lets look at FRS event log again.
0
 
LVL 3

Assisted Solution

by:billherde
billherde earned 0 total points
Comment Utility
Still no replication happening.  Both DCs think FSMO are where they should be.  DS event log has a new error "the server is the owner of the FSMO role but does not consider it valid."  Proceeding with FSMO seize.  All 5 roles reported status of role could not be determined.  Seize completed OK.  Still no DS repl.  Attempt manual repl returns error "server is currently rejecting replication requests"  DCdiag reports "Replication has been explicitly disabled through server options" This looks like default SBS configuration, perhaps prep tool didn't do something?  repadmin /replicate /force suceeded, and the new user has appeared in ADUC!  Yay!  Still looking for how to enable repl as it is still not working and repadmin /options -disable_outbound_repl is not fixing it.
0
 
LVL 3

Assisted Solution

by:billherde
billherde earned 0 total points
Comment Utility
Found it.  Syntax error,  should be 'repadmin /options {DC} -disable_outbound_repl' then repadmin /options {DC} -disable_inbound_repl'.  Moral of the story, Not all warnings can be ignored when checking event logs.
0
 
LVL 3

Author Closing Comment

by:billherde
Comment Utility
CCNS was on the right track, but it was much deeper than expected.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

Companies that have implemented Microsoft’s Active Directory need to ensure that the Active Directory is configured and operating properly. If there are issues found and not resolved, it eventually leads the components to fail or stop working and fi…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now