Windows7 Client Won't Migrate from SBS2003 R2 to SBS2011 Standard

Posted on 2013-01-28
Last Modified: 2013-03-04
I've got an existing SBS 2003 R2 server called JANET.WORKNET.LOCAL with 2 NICS, one with IP 192.168.X.Y facing the WAN and the other with IP 10.20.X.Y facing the LAN. Attached to the LAN as DHCP clients are 4 workstations. They are confgured to get TCP/IP and DNS settings automatically. The WAN IP connects to a ISP router.

I have a new SBS 2011 Standard server called JANET.WORKNET.LOCAL with 4 NICS. (yes, the same name - bear with me).

One WAN NIC has IP 192.168.X.Y (yes, the same as the 2003 R2 machine - bear with me some more).
The LAN NIC has IP 10.20.X.Y.
The server is configured as a DC and provides automatic TCP/IP and DNS settings to clients.
This server is attached to a DIFFERENT ISP router which has a completely different internet facing IP address.

Both Servers have the same DHCP scope definitions, same DHCP reservation definitions, same certificates installed in the relevant certificate stores.

Everything should be the same except the operating systems.

I take a workstation client on the 2003 R2 network, remove it from the domain and put it into a workgroup. Unplug it from the 2003 R2 network, attach it to the 2011 network and try to get it to join the domain (using both the http://connect and USB options).

The problem is, although the workstation receives the correctly reserved IP address from the 2011 server, and the server can ping the workstation successfully, the workstation cannot ping the server correctly and on the workstation it says that the NIC has "no internet connectivity". I get the "warning" symbol on the "network and sharing center" task bar icon.

I can take the workstation back to the 2003 network and rejoin it, but I can't seem to get it to sit on the 2011 network successfully.

Any suggestions?
Question by:MarcusN
  • 8
  • 7
LVL 14

Expert Comment

ID: 38829303
What results do you get from
ipconfig /all
On the PC when it's on the SBS2011 domain?  You're very likely to run into problems as multiple NICs on SBS2011 is not supported. - have you manually configured the SBS2011 server to act as a router?
LVL 18

Assisted Solution

by:Don S.
Don S. earned 125 total points
ID: 38829381
I guess I would remove the second NIC, join it to the new SBS and then add the second NIC back in.  As previously mentioned, dual NICs are not supported and are infamous for causing thes kinds of problems.

Author Comment

ID: 38830998
Thanks for your help so far.

With respect to the observation about SBS2011 not supporting multiple NICS, I appreciate that but I don't undertand how that can be the issue. For instance;

a) I connect the workstation to LAN NIC with reservations and scope in DHCP and the workstation receives the correct IP/SubnetMask/DefaultGateway/DNS settings etc,
b) I ping server from workstation and that fails,
c) I ping workstation from server and that succeeds.

Downstream connectivity seems to work. Upstream connectivity seems to fail.

Surely this is a "trust" issue? What needs to be done for the server to trust the workstation (upstream connectivity) as the workstation seems to trust the server (downstream connectivity)?

Or are you saying this isn't a "trust" issue? If it's not a "trust" issue, what is it?

My HP ML330 server comes with 2 NICS and is SBS2011 compliant. Surely 2 NICS are not the issue here.
Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

LVL 14

Assisted Solution

BlueCompute earned 375 total points
ID: 38831164
The issue, most likely, is that the SBS2011 setup has bound some of it's services to the wrong network card, and/or the default firewall rules simply don't work in your 2 NIC environment. To use an ML330 on SBS2011, you should disable one of the network cards before running the SBS setup. Even if we manage to fix your DHCP issue, SBS2011 won't operate as a router in the way you're expecting, ie. sit between your PCs and your router - it's simply not designed to work that way. There's a fantastic SBS2011 setup guide here:
That sets out how your network should be set up.
 How far along your migration are you? The correct way to proceed here would be to re-do the SBS2011 install, butif you're already committed  you might have some success if you disable one of the NICs and re-run the following SBS setup wizards from the SBS management console:
Connect to the Internet
Set up your Internet address
Configure a Smart Host for Internet e-mail.
Add a trusted certificate
SBS won't work properly until you've run these wizards, and they won't complete properly in a multiple NIC setup. SBS2011 comprises a very large number of components tied together with a huge pile of script - if your environment doesn't match the expected setup, things will consistently go wrong - realize this might not be what you wanted to hear, but it's how is. It's not a trust issue (trust wont have any effect on low-level network connectivity), it's a networking or firewall issue. Again I'd like to see what you get from
ipconfig /all
But as is always the case with SBS, the fix is make your environment match the recommendations, then run the wizards.

Author Comment

ID: 38831786
I'll get you a "ipconfig /all" dump when I next connect a Workstation to the SBS2011 network.

Please take a look at the situation (in summary) in the attached figure. I have an "old" SBS2003 network (on the left) with a mix of endpoints on a network called WorkNet.local.

I want to reattach some endpoints to the "new" SBS2011 network (on the right) with some endpoints attached to "new" WorkNet.local and the others attaching to DevNet.local .

Why on Earth can't I do this?
LVL 14

Expert Comment

ID: 38831824
It doesn't work because the new network isn't a valid SBS2011 network configuration, I'm not sure what else to say about this to be honest. I realize I'm repeating myself but it really is that simple - what you're trying to do isn't supported by the software you're trying to do it with. Now if you set it up as it should be, and <i>still</i> get the problem, we'll look at that - at the moment we'd be wasting our time, and I'm 99.9% sure if you set the network up as SBS expects it to be, your client computers will work. Your migration procedure's peculiar, to say the least - the correct method (and ONLY supported method) for migrating SBS2003 to sBS2011 is this one:
I'm not sure I fully understand your 2 domain requirement either - SBS2011 can't serve 2 domains (worknet.local and devnet.local), it can only serve one of them - there really is only one way to run SBS2011, and it's not just the same way you ran 2003.
As i mentioned earlier, my best guess as to the exact reason it's not working as you expect at the moment is that the SBS Wizard was confused by the presence of 2 network cards (it will have warned you when running the wizards....) and has created a set of default firewall rules that don't work correctly as a result, but really it's irrelevant - even if we fixed that it still wouldn't ever work properly as it's currently configured. A quick google will show I'm not just being awkward - no-one's talking about using SBS2011 with 2 NICs, and every single MS article on the subject says 1 NIC only. There's loads of Microsoft documentation about preparing your network for SBS2011, and designing your deployment.

Author Comment

ID: 38831981
The problem with the "approved migration" process lies with the statement in the box on page 22, entitles "Destination Server Information".

Under "Destination Server Name" it says, "the source server name and destination server name must be different".

Under "Destination Server IP address" is says, "the IP address you want to assign to the destination server".

I want the source and destination server to have the same name (because of other licensed software that I have to migrate that requires the server name to stay the same) and the same IP address (because of other licensed software I have to migrate that requires the server IP to remain the same).

I can't connect a destination and source server to the router that the diagram suggests on page 12, even with a 21 day migration window, if they share these credentials.

If my business was only a Microsoft Shop with no 3rd party software that has particular configuration restrictions, the "standard" approach to migration might be OK. But for my business, which is a bit more complex, I need some installation thinking space, hence the current migration approach.

Everything (Exchange, websites, Sharepoint, AntiVirus, User Folders, Applications...) has been successfully installed on the SBS2011. The only hurdle is the connection of clients.

I really don't want to waste your time and I appreciate everything you have written so far. Had I also appreciated that SBS2011 could not function the way I require, I wouldn't have gone down this route. I'd probably have bitten the bullet and deploted a Windows Server 2012 stack - more expensive but does what I want.

Finally, where was it crystal clear on the MS SBS website that what I was trying to do was impossible? This is very irritating.
LVL 14

Assisted Solution

BlueCompute earned 375 total points
ID: 38832018
No problem dude, realize this stuff can get rather frustrating...
I can appreciate you've already chucked a bit of time getting the server as far as you have, so here's how I'd approach this to try and persuade it to play nice (no guarantees...):

Change the second DSL router to live on the 10.x.x.x range.
Disable the 192.x.x.x range/adapter  on the SBS2011 box. Configure SBS2011 with a single static IP in the 10.x.x.x range - presumably the 10.x.x.x address that your licensed software expects.
Re-run all 4 of the SBS2011 network setup wizards mentioned about (appreciate some of them ostensibly don't have anything to do with the settings we're changing, run them anyway.)
Ideally, test with a "clean" client that hasn't ever been a member of the old network - easy enough to provision a VM for this purpose.
Migrate your client PCs over if all working at this stage.

As a "side-by-side" migration configuration, it doesn't sound like what you've been doing is completely unworkable - if you get the SBS2011 side of this set up as it should be I think you can probably still get this to work, but you'll definitely need to make the "new" network into a single-subnet shared gateway network, then re-do the 2011 wizards. You could then re-enable the other NICs, I'd reccomend that you don't though, it'll cause pain in the long term.
Links talking about multiple NICs in SBS not being supported: (this one says the "extra" NICs will be disabled when you run the wizards - you haven't actually mentioned whether you've run the wizards then reconfigured your network cards, or simply not run them - neither's a good idea) - specifically reccomends disabling the extra NICs in HP Servers
It's certainly covered far more clearly in the setup guides than anywhere else, but Microsoft specifically decided from SBS2008 onwards to only support a single network topology.

Author Comment

ID: 38832361
Once again, thanks for the help. I have a couple of questions from your post.

1) You suggested changing the 2nd DSL router to function on the 10.x.x.x range and to configure the SBS 2011 NIC with a static address on that range, but in the MS migration document on page 12 is specifically says to use the 192.168.x.x range. Will I be creating new problems if I work on the 10.x.x.x range instead of the 192.168.x.x range?

2) Interestingly I have run all the wizards youmention on SBS 2011 and not a single complaint or failure to complete! I would have stopped long ago had these things failed. In fact, my SBS box has 6 NICS, so should I disable 5 of them or leave the wizards to deal with them as they are right now; enabled but not connected?

3) When do I activate the Hyper-V role? I need this but don't want to mess up the migration configuration.

I am prepared, whilst my users are at home tonight, to temporarily reconfigure the network like this (see attachment). Basically, on the right is something similar to what the migration document requires, whilst on the left remains the current network - all I have done is introduce a switch between the DSL router and the old server. My questions are;

a) Both of the servers are Domain Controllers - is ther not going to be some major problems with this? How do clients "know" which is in control?

b) The websites are actually hosted on the 2003R2 box. How do I ensure that the new websites on the new box are not published?

c) Exchange is live on the old box. How do I prevent Exchange on the new box from causing problems?

d) The special software we use expects to see clients with IP addresses in the 10.x.x.x range but the new configuration does not work in that range. Unless I do as you say and convert the DSL router and the NIC on the old server to work in that range too.

Author Comment

ID: 38832369
Doh, this time with the diagram...
LVL 14

Assisted Solution

BlueCompute earned 375 total points
ID: 38832465
Microsoft's migration method is an all-or-nothing solution, you can't just pick some bits. Either you follow the entire migration, or you never put the 2 boxes on the same network.
There's no reason not to use the 10.x.x.x range if you like, 192.168.x.x is conventional but everything will work fine either way.
Again hyper-v on top of sbs2011 is not supported, and will break. You'll need to convert the SBS2011 to virtual, and host all your VMs on a different hypervisor.
I really can't chuck more time at this to be honest - the hypervisor question google would tell you in a second - I've more then comprehensively answered your initial question, and several more, and an sbs2003 to 2011 migration would normally be a 3 or 4 day task, or a couple of grand's worth of work, and no-one here's getting paid.
Don't want to offend, and more than happy to help with specific questions if you open new ones, but I advise some reading, this task is non-trivial ;)

Accepted Solution

MarcusN earned 0 total points
ID: 38933422
I followed the advice to start the migration all over again.

This has been a major disaster.

Exchange 2010 didn't install in migration mode. I visited lots of on-line blogs, technical notes from Microsoft and so on. In the end I had to open a support ticket from

The technician (a most excellent guy called Kumar) worked on the Exchange matter for a long time. Despite all the SBS2003 Best Practice Analyzers and Pre-Deployment Analyzers and dcdiag.exe and netdiag.exe having no errors, warnings or issues the migration from a fully compliant SBS2003 configuration to a completely new physical machine was a disaster.

Conversely, I created a side-by-side install (not a migration) which went through perfectly. I manually moved the mailboxes and the user data files rather than using the migration wizard.

This time I followed the advice from Mr. BlueCompute and disabled all the NICs bar one during the install and have had no problems at all.

In conclusion, BlueCompute is right; the MS Migration Wizard is an all or nothing approach. I have now tried both the Wizard and a side-by-side approach and the best way for me was side-by-side.
LVL 14

Expert Comment

ID: 38933514
Glad you eventually got it working MarcusN, and sorry we couldn't help you more directly here - it's a migration I've done a several times now, and pretty much without fail it's involved some very long days and late nights...
On the other hand, I consistently here incredible things about the "swing" migrations documented by these guys: - given the headaches this migration can cause, if I were to do another I'd probably shell out the $375 they're after, pride be damned. Too late for your migration, but may well help others who find this post in the future!
LVL 14

Expert Comment

ID: 38933518
Just out of interest MarcusN, was that a paid support case with Microsoft that you opened? And did they eventually advise/assist with the side-by-side migration as they were unable to get the in-place upgrade to work?

Author Comment

ID: 38933910
It is paid support. They are still working on the migration failure (fortunately that's not a production server in my organisation and I can afford for it to be worked on by Microsoft).

The problem is more complex than it first appears as subsequent installation of Server Service Pack 1 fails in the migrated system. The "Eschange Server 2010 cannot be installed" errror leaves a lot of other things broken and a manual install needs to put all that right. This includes SharePoint, for instance.

The side-by-side installation was for a production domain and that works fine now that I have manually transferred the mailboxes, user data etc. It was relatively straightforward and a task that I performed in the middle of the night when the users were likely to be logged out.

The key was to disable all except one NIC (as you pointed out) perform the install, apply all updates (including the service packs) make sure all the required features and roles were installed and correctly functioning, run dcdiag.exe and netdiag.exe and clear all warnings, errors or events in the event log (there were no dcdiag or netdiag errors, so that was simple) and then enable any extra NICS for Hyper-V.

Author Closing Comment

ID: 38949113
The pros and cons of using the Migration Wizard versus a Side-By-Side migration need to be pointed out. The significance of a post migration error message stating "Exchange Server 2010 cannot be installed" should not be under-estimated. If a manual install is attempted, lots of other things need to be fixed as well. This is a big task and you'd need to be comfortable using PowerShell.

If you get that message, I would strongly recommend performing a Side-By-Side install and manually migrating mailboxes, SharePoint, user data and everything else.

On the 2 NIC point, the contribution was right this isn't a good configuration. If you want to use other NICs then install them AFTER the OS roles and features you want to use are fully installed and their service packs are up to date. DON'T install roles and features when more than one NIC is active - this WILL mess things up.

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

837 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question