We help IT Professionals succeed at work.

GPO Issue during migration to SBS 2008

kliler
kliler asked
on
We ran through a Swing Migration from SBS 2003 to SBS 2008. Right after the Migration mode install, we backed up, and then installed Microsoft Updates. During the first reboot, the server hung on applying update x of x. Sits there for hours. We tried multiple fixes and we end up restoring from the built in SBS 2008 backup. Everything seems fine.

Down the road, we find some warning or errors on workstations talking about being unable to access GPOs.
Event 1058
The processing of Group Policy failed. Windows attempted to read the file \\Domain.local\SysVol\DOMAIN\Policies\{C7CFB257-573C-41B7-B263-C0E507C42F86}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.


If we look in the SYSVOL folder there is a "NtFrs_PreExisting___See_EventLog" folder that appears to have some policies that don't show in the expected folder.

Can these be just copied back into the proper folder or is there something else that needs to be done here?

Any idea why this would happen? Is because of the secondary TempDC still on the domain during the restore?
Comment
Watch Question

Philip ElderTechnical Architect - HA/Compute/Storage

Commented:
Were there any warnings in AD about being in a Journal Wrap state?

Did the SBS Prep Tool run without issue?

What migration method was used? You mention TempDC so SBSMigration?

Philip

Author

Commented:
No issues with any tools.

TempDC with SBSMigration.
Philip ElderTechnical Architect - HA/Compute/Storage

Commented:
Check your migration steps. Make sure that the appropriate GPOs have been removed prior to.

TempDC should not create any issues.

Unless you have had the TempDC --> SBS new offline for a long time?

Jeff provides free support with his packages too btw.

Philip

Author

Commented:
Migration steps are followed strictly.

We're not aware of a journal wrap state.

We have been skipping support with Jeff unless it is critical. Support at this time has not been as expected.
Philip ElderTechnical Architect - HA/Compute/Storage

Commented:
Verify that all of the DNS for AD records (_msdcs.domain.local, domain.local\_msdcs, etc) are online and functioning correctly.

Make sure that SBS 11 is GC. Verify in ADUC and Sites (DSSite.msc) that all replication links and DNS server/SOA are as expected.

Verify that there are no SBS11 is being prevented from being a DC error messages in the logs. Look for SYSVOL replication messages.

Also, in DSSite.msc force replication between DCs and check for error messages.

Are the problematic GPOs the SBS 03, SBS 11, or custom GPOs? Verify the scope of the GPOs and that any SIDS/GUIDS are pulled for missing and/or legacy Security Groups/OUs.

Philip
Sandesh DubeyTechnical Lead
Top Expert 2011

Commented:

Author

Commented:
Still need to check on the server. Will update the conversation then.
Commented:
All DNS zones were online

We ended up stopping FRS, copying the moved policies back, and starting FRS. All the errors appear to have ceased. We could not join new workstations using the connect wizard until we copied the polices back into the SYSVOL folder.