Solved

Problem with domain after migrating SBS 2003 to SBS 2011

Posted on 2012-04-12
31
1,461 Views
Last Modified: 2013-12-02
I performed a migration from SBS 2003 to SBS 2011.  I've got all my users, groups, files, etc.  It seemed to go OK, but now when I run a DCDIAG on the 2011 server, I get
Starting test: Advertising
Warning: DsGetDcName returned information for \\OLDSERVER.domain.local., when we were trying to reach NEWSERVER.
SENDER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.

I can't demote my OLDSERVER because it tells me no other Active Directory domain controllers for that domain can be contacted.

Any help is greatly appreciated.  I'm under a tight time crunch here.
Thanks,
Rick
0
Comment
Question by:rickmills
  • 11
  • 11
  • 9
31 Comments
 
LVL 7

Expert Comment

by:BelushiLomax
ID: 37839720
First try restarting the netlogon services so the SRV records are published in AD DNS.
how did you create the newserver? Is it a VM or physical? Did you clone it?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37839750
Please post full IP / Subnet Mask / Gateway / DNS settings for both servers.
0
 

Author Comment

by:rickmills
ID: 37839762
I restarted both servers, but am having the same problem.
It is a physical server.  I ran the SBS wizard and selected to migrate from SBS 2003 to SBS 2011.  I ran each of the steps in the wizard, except migrating SharePoint (nothing to migrate) and one other, as we don't use either of them.
It migrated all the users over along with their Exchange mailboxes.
0
 
LVL 7

Expert Comment

by:BelushiLomax
ID: 37839795
How is NEWSERVER running? If you shut down OLDSERVER, does it interrupt anything?
If not, we can remove OLDSERVER from Metadata and clean it up a bit to get rid of traces of it.
0
 

Author Comment

by:rickmills
ID: 37839802
OLDSERVER
Windows IP Configuration

   Host Name . . . . . . . . . . . . : OLDSERVER
   Primary Dns Suffix  . . . . . . . : dts.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : dts.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . : 00-15-C5-E2-31-C8
   DHCP Enabled. . . . . . . . . . . : No
   IPv4 Address. . . . . . . . . . . : 192.168.0.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 192.168.0.3
                                               192.168.0.2
   Primary WINS Server . . . . . . . . . . 192.168.0.2

NEWSERVER
Windows IP Configuration

   Host Name . . . . . . . . . . . . : NEWSERVER
   Primary Dns Suffix  . . . . . . . : dts.local
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : dts.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5716C NetXtreme VBD Client) #35
   Physical Address. . . . . . . . . : 78-2B-CB-6D-15-FF
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.0.3(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 192.168.0.3
   NetBIOS over Tcpip. . . . . . . . : Enabled
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37839825
How exactly did you perform the migration?  Did you follow an article and if so - which one?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37839865
Have you run:

netdiag /fix

on both servers yet?

If not - please run it.
0
 

Author Comment

by:rickmills
ID: 37839869
I followed the steps provided by the SBS 2011 installation wizard.  It has numerous links to articles that discuss in detail what to do at each point.
I disconnected the network cable for OLDSERVER.  If I'm already logged in, things are OK.  However, I released the DHCP address on one workstation and restarted the computer.  It tells me the domain is not available.
0
 
LVL 7

Expert Comment

by:BelushiLomax
ID: 37839872
Add 192.168.0.2 to NEWSERVER dns, move it up in the order, ipconfig /flushdns then restart netlogon services. Try again.

Do you see anything in the eventlogs security or application?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37839884
What did you do prior to the Migration Wizard?  Were you following a single article for the steps to prepare the old server in readiness for the migration?

Please outline the steps you took from start to where you are now.

Thanks

Alan
0
 
LVL 7

Expert Comment

by:BelushiLomax
ID: 37839904
Go here:
HKLM/System/CCS/Services/NTDS/parameters and post the screenshot or export
0
 

Author Comment

by:rickmills
ID: 37839984
I'm afraid I didn't document every step I took, so I can't recreate it in that detail.
I can tell you I did an ADPREP32 /forestprep and ADPREP32 /domainprep / gpprep on the 2003 server.  
I then booted up the Dell server with SBS 2011 pre-installed.  It prompted for an installation method (new domain or existing).  I selected existing and then selected I was migrating from a SBS 2003 server.  That wizard gave me a checklist of items (Connect to Internet, Migrate Exchange, etc.).  I clicked on each step and followed the instructions provided.  I did not migrate SharePoint or Microsoft Fax, as there wasn't anything on the old server for those, so I selected Skip this Step.  All others I marked as completed.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37840006
Did you run the Migration Preparation Tool on the SBS 03 server?

Did you also run DCDIAG and fix any errors prior to turning on the SBS 2011 server?

Is the SBS 03 server running with a single NIC?

Did / does it have ISA server installed on it?
0
 

Author Comment

by:rickmills
ID: 37840054
BelushiLomax,
I added .2 to NEWSERVER and followed those steps.  

FPSERVER is the old server.   DTSERVER is the new server.  Easier to use their real names.
Here's the key your asked for.  This is on DTSERVER (new).

indows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NTDS\Parameters]
"Src Srv objectGuid"=hex:98,f1,26,63,2e,b8,98,40,b8,29,25,68,e6,a3,d2,56
"System Schema Version"=dword:0000002f
"Root Domain"="DC=dts,DC=local"
"Configuration NC"="CN=Configuration,DC=dts,DC=local"
"Machine DN Name"="CN=NTDS Settings,CN=DTSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dts,DC=local"
"Src Root Domain Srv"="FPSERVER.dts.local"
"DsaOptions"="0"
"DSA Working Directory"="C:\\Windows\\ntds"
"DSA Database file"="C:\\Windows\\ntds\\ntds.dit"
"Database backup path"="C:\\Windows\\ntds\\dsadata.bak"
"Database log files path"="C:\\Windows\\ntds"
"Hierarchy Table Recalculation interval (minutes)"=dword:000002d0
"Database logging/recovery"="ON"
"DS Drive Mappings"=hex(7):63,00,3a,00,5c,00,3d,00,5c,00,5c,00,3f,00,5c,00,56,\
  00,6f,00,6c,00,75,00,6d,00,65,00,7b,00,64,00,63,00,66,00,31,00,61,00,62,00,\
  32,00,36,00,2d,00,31,00,64,00,34,00,61,00,2d,00,31,00,31,00,65,00,31,00,2d,\
  00,62,00,65,00,63,00,33,00,2d,00,38,00,30,00,36,00,65,00,36,00,66,00,36,00,\
  65,00,36,00,39,00,36,00,33,00,7d,00,5c,00,00,00,00,00
"DSA Database Epoch"=dword:00007963
"Strict Replication Consistency"=dword:00000001
"Schema Version"=dword:0000002f
"ldapserverintegrity"=dword:00000001
"Global Catalog Promotion Complete"=dword:00000001
"NSPI interface protocol sequences"=hex(7):6e,00,63,00,61,00,63,00,6e,00,5f,00,\
  68,00,74,00,74,00,70,00,3a,00,36,00,30,00,30,00,34,00,00,00,00,00
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37840076
Please run the following from the SBS 2011 server Administrative Command Prompt:

netdom query fsmo

What does it show?
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:rickmills
ID: 37840096
Yes, I did the run the Migration Prep Tool on the 03 server.  Sorry, I forgot about that.
I did not run DCDIAG on the 03 server.
It has only 1 NIC and it is not running ISA.

netdom query fsmo shows DTSERVER (new) for all 5 roles.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37840112
Is the DNS Server Service still running on the SBS 03 server?

If not - which it shouldn't be - please remove 192.168.0.2 from the SBS 03 NIC properties.
0
 
LVL 7

Expert Comment

by:BelushiLomax
ID: 37840143
Have you hooked back up OLDSERVER? It seems that the new dc isnt taking care of the domain it thinks it's supposed to be, which could just be DNS or could be deeper. If you can hook up oldserver (CONFIRM netdom query fsmo does NOT return OLDSERVER when you run it on OLDSERVER BEFORE reattaching it to the network!).

And sorry, for me it's MUCH easier to think of them as OLD and NEW server :)
0
 

Author Comment

by:rickmills
ID: 37840158
I can see where OLD and NEW would be easier ;-)
Sorry, but I connected the old server backup a little while ago.  I did not have it disconnected for very long.  
When I run netdom query fsmo on the old server, it returns with NEW server for all 5 roles.
0
 
LVL 7

Expert Comment

by:BelushiLomax
ID: 37840198
Good to hear. I'm glad your users will get serviced with mundane stuff like dhcp, dns etc :)

Are the 2 servers in the same site & subnet? Has DNS fully replicated and is it AD Integrated?
Is the DHCP scope handing out the right IP addresses, gateways etc.
Do you have vlans that have IPhelper addresses pointing to OLD
Is the time correct on NEW?
Confirm you can turn off DHCP on OLD turn it on in NEW and you get ip's. If so, confirm the Scope/Server options in DHCP.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37840206
Is there anything left on the old server?

If not - then turn it off and then remove the old server using ntdsutil:

http://www.petri.co.il/delete_failed_dcs_from_ad.htm
0
 
LVL 7

Expert Comment

by:BelushiLomax
ID: 37840229
If he takes his old server totally offline and his new server wont work, he'll be in a mess of trouble. leave old for now until you get NEW doing what it's supposed to do. IMHO
0
 

Author Comment

by:rickmills
ID: 37840233
Same subnet, fully replicated and AD integrated.  
DHCP is handing out IPs just fine and the scope info is accurate.  
DHCP is disabled on the old server.
No vlans at all.  Extremely simple network.
The time on both servers are accurate and within 1 minute of each other.
0
 

Author Comment

by:rickmills
ID: 37840251
I hear both of you related to forcing the removal of OLD.  
The NEW server seems to be working just fine from everything I can tell.
It is authenticating users (I can login when OLD is disconnected).
It is handling DHCP and DNS just fine (as far as I can tell, as the new scope only lists NEW as the DNS server).
I don't want to jump the gun, but it is becoming tempting to force the removal of OLD.
What else can you suggest I check before making that leap of faith?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37840289
What do you see in Active Directory Sites and Services in respect of Servers under Default First Site> Servers?

Switch off the old server and leave it off and see if you have any problems with the new server for a week or so - if no problems, forcibly remove it as I described above.

The new server holds all FSMO roles, so must be a DC and everything else is happy, so a forced removal should not have any issues.
0
 

Author Comment

by:rickmills
ID: 37840315
I see both servers listed.  the NTDS Settings for NEW have it checked as a Global Catalog server.  That box is not checked for OLD.

I have had to run through that process of forcibly removing a DC before, but it was not on SBS.  That has me just a little more nervous.  Your suggestion makes sense.  I still have 20 days remaining for both SBS Servers to be up and running, so I'll shut down OLD and in a week or two I'll force its removal if no problems arise.
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 250 total points
ID: 37840321
Once the old one has been removed run dcdiag /v again and see where you are at.

You shouldn't be nervous - the old server is doing nothing, has no roles and is just holding you back.

Once it is removed - the New server can be tidied up if it needs to be.
0
 
LVL 7

Assisted Solution

by:BelushiLomax
BelushiLomax earned 250 total points
ID: 37840325
You're right. I see after re-reading it that the old dc may only be causing problems with the new dc. I misread thinking machines werent authenticating.
If everything works fine with OLD off, then on NEW in ADUC, and ADS&S Delete OLD.
It *should* take care of the metadata by itself, but you can confirm by running the ntdsutil:
From NEW after removing OLD in the 2 locations (assuming everything works fine with it off) do these steps in an elevated cmd prompt. All of this may not be needed if you dont see OLD in "List servers in site"


ntdsutil
metadata cleanup
connections
connect to server xxxxxx
quit
select operation target
list domains
select domain #
list sites
select site #
list servers in site
select server #
quit
remove selected server
quit
0
 

Author Comment

by:rickmills
ID: 37840359
Guys, I can't thank you enough for all the help today.
I'll split the points between, but wish I could give you both full credit.
Thank you!
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37840363
You are welcome - come back if there are any issues.

Alan
0
 
LVL 7

Expert Comment

by:BelushiLomax
ID: 37840399
my pleasure
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found listed in my profile here: http:…
This is a little timesaver I have been using for setting up Microsoft Small Business Server (SBS) in the simplest possible way. It may not be appropriate for every customer. However, when you get a situation where the person who owns the server is i…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now