Solved

Removing Exchange 2003 from Exchange 2010 Enviroment

Posted on 2012-04-02
28
226 Views
Last Modified: 2012-05-01
We recently installed a new Win2008R2x64 with Exchange 2010SP1 and connected it too our SBS2003 system.

This is all finally up and running, however we turned off our SBS2003 system and Exchange2010 immediatley stopped operating correctly, client disconnections, stopped sending mail externally.

What is the process for removing Exchange2003/SBS2003 server as I know Exchange2010 roots itself heavily into AD?
0
Comment
Question by:Killersmits
  • 15
  • 12
28 Comments
 
LVL 4

Expert Comment

by:sivanov
ID: 37799734
well - you did not say if you promote another DC in the envirement. If you did not this means that the SBS is the only DC and if it stops the expected behavior is that Exchagne will stop too (no DC, no DNS, :-) ).

There is a nice articke which explain what need to be done step by step :

http://demazter.wordpress.com/2010/04/29/migrate-small-business-server-2003-to-exchange-2010-and-windows-2008-r2/

Cheers
Svet.
0
 
LVL 9

Expert Comment

by:ash007
ID: 37799917
yes in SBS environment everthing is  on single server...
0
 
LVL 4

Expert Comment

by:sivanov
ID: 37801249
so you need another server to run as a DC before you get rid of the SBS
cheers
Svet.
0
 

Author Comment

by:Killersmits
ID: 37804119
Both SBS2003 & 2008 server are DC's and have moved DHCP over to 2008. All DNS and GC & AD functions are mirrored on both systems.

RID, PDC & Operations Master are set to SBS2003 as primary -  will change these over first  try to down the server again.
0
 
LVL 4

Expert Comment

by:sivanov
ID: 37804943
well just moving the roles would be not enough as a mimimum you need to clear the SBS from the AD and DNS on the win2008 server,
0
 

Author Comment

by:Killersmits
ID: 37853846
How do you demote an SBS2003 server from the domain?
0
 

Author Comment

by:Killersmits
ID: 37854343
Update - O.K we transferred the FSMO roles to the 2008 Server, and everything started going O.K again. So we turned off the old server to test just before we demote the SBS server.

This was O.K for a week or so then we started to get AD problems. Once we turned the 2003 server back on it was O.K.

I did some more reading and found out about the 7 day rule from Microsoft. You must have all 5 of the FSMO roles on the 2003 SBS server, or it would start to cause AD problems, and even to the point of the SBS server shutting itself down... Painful..

So now I think all we need to do is to demote the SBS server from the domain. I will do this ASAP.
0
 
LVL 4

Expert Comment

by:sivanov
ID: 37860018
trasfering FSOM is good, but since the old DC is still in the DNS/AD data there will be situation where he will be adressed for service.

make a good back-up and demote it
or
remove it from the net - clean the DNS /AD from from it (metadata cleanup)

keep us updated :-)
good luck
SV.
0
 

Author Comment

by:Killersmits
ID: 37877186
OK so another progress update.

So we have removed Exchange from the SBS box, and gone through all the steps where we now tried to dcpromo it and remove it from the domain.

Here we struck a problem, apparently the Win 2008/Exchange server isn't running as a DC, or at least isn't contactable.

It looks like the DC replication never worked properly in the first place.

When we ran DCPROMO On the 2003 SBS box, it errored saying that it couldn't contact any other DC's in the domain. Obviously we didn't continue.

But then we started looking into it further and discovered that the 2008 box hasn't got a sysvol, or netlogon share folder.

So im guessing that the initial replication wasn't successful. Even though the 2008 box says it is a GC.

So I don't know what to do now. I can't demote the 2008 box and repromo it, as that will kill our Exchange stuff.

So I need to find a way of either forcing the 2003 SBS box to replicate with the 2008 box sucessfully, or ....I don't know, configure another box, then promote it and hopefully at least get a working DC running in the domain (other than the soon to be dead 2003 SBS box) ASAP.

Suggestions?
0
 
LVL 4

Expert Comment

by:sivanov
ID: 37879561
WAW
first make sure that you make a backup of the running DC
in case the things go bad you need to have life saver

now - what about going in to AD site and services and check replication, any errors ?

are sysvol and netlogon missing at all or are not shared ?
0
 

Author Comment

by:Killersmits
ID: 37879586
We have been building a new server today, and we will have it up within 24 hours. In the mean time we have current backups of both the SBS2003 and Win 2008 server.

On the 2008 server the c:\windows\sysvol\sysvol\domain.local is there, but it is empty and is not shared.

It looks like the replication was initally partially successful, but not fully, and is not replicating.

So unless you have a miracle solution we will continue getting the new server up, and hopefully a successful replication of the 2003 SBS server.

It is strange though, I mean the AD info such as usernames, passwords, computers etc. replicated successfully, and continues to do so, just doesn't seem that the DC or GC components are replicating...
0
 
LVL 4

Expert Comment

by:sivanov
ID: 37879646
hm this is strange, but not unuslual :-),
i thing that there is even MS artickle for this, actually plenty of artickles :-)
 
in short setting d2 burflag on the sbs2003 should help, i expect journalwrap error there. but it will not harm to cehck the artickles below

i guess this one is pretty good :

Restoring and Rebuilding SYSVOL
http://technet.microsoft.com/en-us/library/cc816596(v=ws.10).aspx

an this is something like a sumary of the burflags

Using the BurFlags registry key to reinitialize File Replication Service replica sets
http://support.microsoft.com/default.aspx?scid=kb;en-us;290762&sd=tech


as there is much to read, you could also go to this one:

http://support.microsoft.com/kb/257338
and start cheking the steps one by one.
0
 
LVL 4

Expert Comment

by:sivanov
ID: 37879647
sorry but miss an important thing , check if FRS service is running on the sbs2003 - if not just start it and you could skip the kbs :-).
0
 

Author Comment

by:Killersmits
ID: 37879668
Well look at that... FRS was disabled! I enabled, started, and we will see what happens.

I'll let you know, and once again thank you for your valuable help.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 4

Expert Comment

by:sivanov
ID: 37879674
you are welcome :-), check on the sbs how big is the sysvol, it might take time replication to pass
0
 

Author Comment

by:Killersmits
ID: 37879703
The c:\windows\sysvol is only 72kb on disk so very small. But im not even going to start running tests now, I'll leave it over night and let the servers do what they do, it's never quick with AD and waiting for replication, or changes to happen, they seem to work on some mysterious Microsoft Time... ;)
0
 
LVL 4

Expert Comment

by:sivanov
ID: 37879719
well just go in ad sites and services , chose the site , the server, select NTDS settings,
right click on the connections on the rigth side and chose "replicate now"
if there is an issue you will get notification iimediately
0
 

Author Comment

by:Killersmits
ID: 37879731
I did that and both servers are able to replicate from one another. I then just out of curiosity went onto the SBS box and ran DCPROMO again, and went through the steps to remove it, but it still thinks it is the only DC on the domain.

So something still not right.
0
 

Author Comment

by:Killersmits
ID: 37879798
Im thinking now there is a DNS problem as well, I am running dcdiag /test:dns on 2008 box, and after changing the forwarders to my ISP DNS rather than the router, and removing the router as the secondary entry on the NIC is passed/warned on all tests, but unlike beoifre none failed. So that looks better.

I will monitor tomorrow, but still the new server will be up, and will give us a few more options.
0
 
LVL 4

Expert Comment

by:sivanov
ID: 37879826
..how you move the FSMO roles ?
by transfer or seize ?
check in the DNS the zone, you need to have there records for both DCs?
if the record is missing they 2008 will not find the sbs for sure :-)
0
 

Author Comment

by:Killersmits
ID: 37879845
the fsmo was transferred successfully.

I seem to have both the DC's listed in DNS. All the records I have checked under dc have both servers listed.

Below are the errors I get when running dcdiag on the 2008 box.

Doing initial required tests

   Testing server: Default-First-Site-Name\SERVER3
      Starting test: Connectivity
         ......................... SERVER3 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\SERVER3
      Starting test: Advertising
         Warning: DsGetDcName returned information for
         \\server1.domain.LOCAL, when we were trying to reach SERVER3.
         SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
         ......................... SERVER3 failed test Advertising
      Starting test: FrsEvent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... SERVER3 passed test FrsEvent
      Starting test: DFSREvent
         ......................... SERVER3 passed test DFSREvent
      Starting test: SysVolCheck
         ......................... SERVER3 passed test SysVolCheck
      Starting test: KccEvent
         ......................... SERVER3 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... SERVER3 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... SERVER3 passed test MachineAccount
      Starting test: NCSecDesc
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=ForestDnsZones,DC=domain,DC=LOCAL
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=DomainDnsZones,DC=domain,DC=LOCAL
         ......................... SERVER3 failed test NCSecDesc
      Starting test: NetLogons
         Unable to connect to the NETLOGON share! (\\SERVER3\netlogon)
         [SERVER3] An net use or LsaPolicy operation failed with error 67,
         Win32 Error 67.
         ......................... SERVER3 failed test NetLogons
      Starting test: ObjectsReplicated
         ......................... SERVER3 passed test ObjectsReplicated
      Starting test: Replications
         ......................... SERVER3 passed test Replications
      Starting test: RidManager
         ......................... SERVER3 passed test RidManager
      Starting test: Services
         ......................... SERVER3 passed test Services
      Starting test: SystemLog
         An Error Event occurred.  EventID: 0xC0002719
            Time Generated: 04/23/2012   17:35:54
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0xC0002719
            Time Generated: 04/23/2012   17:51:50
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0xC0002719
            Time Generated: 04/23/2012   17:52:32
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0xC0002719
            Time Generated: 04/23/2012   18:00:35
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0xC0002719
            Time Generated: 04/23/2012   18:00:41
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0xC0002719
            Time Generated: 04/23/2012   18:00:47
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0xC0002719
            Time Generated: 04/23/2012   18:01:30
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0xC0002719
            Time Generated: 04/23/2012   18:01:36
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0xC0002719
            Time Generated: 04/23/2012   18:01:42
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0xC0002719
            Time Generated: 04/23/2012   18:02:48
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0xC0002719
            Time Generated: 04/23/2012   18:02:54
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         ......................... SERVER3 failed test SystemLog
      Starting test: VerifyReferences
         ......................... SERVER3 passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : domain
      Starting test: CheckSDRefDom
         ......................... domain passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... domain passed test CrossRefValidation

   Running enterprise tests on : domain.LOCAL
      Starting test: LocatorCheck
         ......................... domain.LOCAL passed test LocatorCheck
      Starting test: Intersite
         ......................... domain.LOCAL passed test Intersite
0
 
LVL 4

Accepted Solution

by:
sivanov earned 500 total points
ID: 37880312
hi there,
well seems that i will be right.
the SBS 2003 is in journal wrap error and is not replicationg the sysvol

to be able to solve this you will need to go for authorative restore on the SBS2003 setting the D4 burflag, and on set D2 on the win2008

check this kb to confirm
and follow this to resolve :-)

290762  Using the BurFlags registry key to reinitialize File Replication Service replica sets
http://support.microsoft.com/default.aspx?scid=kb;EN-US;290762
0
 
LVL 4

Expert Comment

by:sivanov
ID: 37880315
ops i miss the first kb:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;925633
You cannot replicate files from a Windows Server 2003-based domain controller and events are logged in the File Replication Service log

you have here the events you most probably will found on the sbs
0
 
LVL 4

Expert Comment

by:sivanov
ID: 37885240
any success :-)
0
 

Author Comment

by:Killersmits
ID: 37885251
We are getting there. One of the other guys took your advice about the BurFlags I think it was and managed to get further along. The new server is up, and I think replicating correctly, but I have just been so busy today I haven't had time to test properly, but all our crucial things are working for the time being. I will keep you posted. We have a public holiday tomorrow, so I probably won't get much more done till Thursday/Friday.
0
 
LVL 4

Expert Comment

by:sivanov
ID: 37885254
well hope everyhing will be fine
Cheers
Svet.
0
 

Author Comment

by:Killersmits
ID: 37912692
Hi again. Well everything is well.

After enabling the FRS service on the SBS2003 box, we then ran the Burflags reg key on the remaining 2 DC's and they have replicated correctly and we sucessfully DCPromo'ed the SBS box out of the Domain.

Everything is now working as it should.

Svet you were a fantastic help and I would give you a million points if EE would let me. For now have 500.

Thanks again.
0
 
LVL 4

Expert Comment

by:sivanov
ID: 37918000
well glad to hear that you made it :-)
so beware of replicatino issues in the future and good luck
Svet. :-)
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now