Re: Forced Image Restore of Server Prior to Swing Migration Now having AD issues most likely due to missing secondary domain controller
- From: "Cris Hanna [SBS - MVP]" <crisnospamhanna@xxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 22 Jul 2009 13:49:11 -0500
I think you'll see most of this get resolved with the path your taking.
--
Cris Hanna [SBS - MVP]
Co-Contributor, Windows Small Business Server 2008 Unleashed
http://www.amazon.com/Windows-Small-Business-Server-Unleashed/dp/0672329573/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1217269967&sr=8-1
Owner, CPU Services, Belleville, IL
A Microsoft Registered Partner
------------------------------------
MVPs do not work for Microsoft
Please do not submit questions directly to me.
"Mike" <nospam@xxxxxxxx> wrote in message news:%23sC1m6uCKHA.3732@xxxxxxxxxxxxxxxxxxxxxxx
Thanks Cris. I already sent Jeff an email yesterday and I'm awaiting a response. I know he'll know (or have good advice), I just hate to bother him sinc this is an issue that is no longer a swing migration. As far as my current SBS server is concerned, there was a DC (named TempDC) that once was on the domain, then the server itself was restored from image to new physical hardware. Nothing really relating to the swing process.
I found that I don't have backups of my TempDC VM after joining the domain and promoting to a DC, but before Phase 2, Step C(seizure of roles offline). I have backups of the VM before and after, but not at that stage (I guess that was fine for my swing migration, but hurts now).
I'm currently working on restoring my server with these issues to a VM for testing. I'm going to see if I can resolve the issue by removing references to the TempDC. If it works in my VM testing environment then I'll try it on the production server.
Any other suggestions are welcome!
Thanks,
Mike
"Cris Hanna [SBS - MVP]" <crisnospamhanna@xxxxxxxxxxxxxxxxxxxxx> wrote in message news:%23sWEqLuCKHA.1380@xxxxxxxxxxxxxxxxxxxxxxx
Since you purchased the Swing Kit from SBS Migration, I'd contact them and see what recommendation they have. Jeff is an SBS MVP as well and if I had questions regarding these kinds of AD issues, that's where I'd go.
--
Cris Hanna [SBS - MVP]
Co-Contributor, Windows Small Business Server 2008 Unleashed
http://www.amazon.com/Windows-Small-Business-Server-Unleashed/dp/0672329573/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1217269967&sr=8-1
Owner, CPU Services, Belleville, IL
A Microsoft Registered Partner
------------------------------------
MVPs do not work for Microsoft
Please do not submit questions directly to me.
"Mike" <nospam@xxxxxxxx> wrote in message news:OxLvxHlCKHA.3800@xxxxxxxxxxxxxxxxxxxxxxx
I only thought the seize may be helpful becasue of the 2092 error.
The TempDC was a VM running on running on a PC. I still have it and saved it through various states, but I'm not onsite to see if I saved a state before seizing roles. if I did I could throw it on the network and let it sync, then demote using adprep.
I was doing this with an official swing kit (I have a 3 scenario package, this was a SBS2003 -> SBS2003), but like I said I never ended up completing the swing migration, but rather migrated to the new server hardware with an image based restore because I was forced to for lack of no better option when the original server completly failed about a week before the scheduled migration.
Any suggestions on where to go from here?
"Cris Hanna [SBS - MVP]" <crisnospamhanna@xxxxxxxxxxxxxxxxxxxxx> wrote in message news:u9awZVkCKHA.1336@xxxxxxxxxxxxxxxxxxxxxxx
You should not need to seize the roles as they never left the SBS 2003 server as far as it's concerned.
Guess the other part of my question would be...is the temp DC still up and did you do the Swing Migration with the official kit?
--
Cris Hanna [SBS - MVP]
Co-Contributor, Windows Small Business Server 2008 Unleashed
http://www.amazon.com/Windows-Small-Business-Server-Unleashed/dp/0672329573/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1217269967&sr=8-1
Owner, CPU Services, Belleville, IL
A Microsoft Registered Partner
------------------------------------
MVPs do not work for Microsoft
Please do not submit questions directly to me.
"Mike" <nospam@xxxxxxxx> wrote in message news:e%232DpIkCKHA.4376@xxxxxxxxxxxxxxxxxxxxxxx
Hi Cris,
Thanks for the response and sorry for the confusion.
I started the swing by adding a TempDC to the domain. It was removed and the Swing got through with only data migration left, but the old SBS server hardware failed. My only option was to take the new physical server and restore the image based backup from the old SBS server to it and negate all my work on the swing migration. This accomplished the whole goal of moving to the new physical server because of hardware issues with the old server.
To answer your questions, I only siezed roles DISCONNECTED from the production network (or CONNECTED to the migration network) before the server failure so that is not an issue.
Errors on the SBS server after physically disconnecting the TempDC from the domain were limited to NTDS Replication 1864, but then after the image restore I saw NTDS Replication 2087 which seemed to make sense, as well as 2092. I'm hoping this can all be reslolved either by: 1)following Step E (removing the references to TempDC) or Step C (seizing the roles) even though they shouldn't need to be seized.
Thanks in advance!
Mike
"Cris Hanna [SBS - MVP]" <crisnospamhanna@xxxxxxxxxxxxxxxxxxxxx> wrote in message news:elR055jCKHA.1488@xxxxxxxxxxxxxxxxxxxxxxx
A couple of points that need clarifying
You say you were going to do a swing but hardware failed before the swing was done.
But then you have a Temp DC which would indicate that that you started the swing? You also mention in Option 2 about having seized the FSMO roles. The FSMO roles should not have been seized until after you disconnected the Temp DC from the physical network so that the original SBS server can remain intact should there be issues.
So, did you start the swing and seize the FSMO roles while the TempDC was connected to the network?
--
Cris Hanna [SBS - MVP]
Co-Contributor, Windows Small Business Server 2008 Unleashed
http://www.amazon.com/Windows-Small-Business-Server-Unleashed/dp/0672329573/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1217269967&sr=8-1
Owner, CPU Services, Belleville, IL
A Microsoft Registered Partner
------------------------------------
MVPs do not work for Microsoft
Please do not submit questions directly to me.
"Mike" <nospam@xxxxxxxx> wrote in message news:e07sPyjCKHA.1380@xxxxxxxxxxxxxxxxxxxxxxx
About a week before I could do a swing migration to a new physical server
the original SBS server disk array failed. I had an image based backup
(symantec BESR) working on the original server so I was forced into
restoring the image to the new physical hardware (canceling out the swing
migration). The image product works well with dissimilar hardware restore
and things went well, aside from errors referencing the temporary domain
controller (NtFRS 13508 and NTDS Replication 1864 and 2092)
Now, because I restored the SBS server in it's original state while it still
had a reference to the temporary domain controller (TempDC was the name), I
can no longer add users or groups (among other AD issues). Error is
"Windows cannot creat the object --- becasue: The directory service was
unalbe to allocate a relative identifier." At least I think the problem is
from the secondary domain controller which is no longer present. I think the
problem is from restoring from image the SBS server when the second domain
controller wasn't present OR from not being able to sync for some time with
that second domain controller.
My SBS server does have the GC checked.
I'm thinking of doing 1 of 3 things to resolve.
Option 1- On the original SBS server on it's new hardware: remove DC role
references by using NTDSutil to cleanup the AD Metabase. to remove
references to the temporary domain controller (TempDC) hoping that this will
make the DS and FRS logs clean.
Option 2- Look and see if I have an image of the TempDC prior to seizing
roles. If I have that image I could rejoin the TempDC to the original SBS
server on it's new hardware and hope synchronization takes place, then
separate and follow my option 1.
Option 3 - I may need to use ntdsutil to seize the 5 FSMO roles on my
original SBS server on it's new hardware.
I'd prefer to do option 1, but realize once I remove the references there is
no path back! I'm welcome to other suggestions!
Thanks!
Mike
- References:
- Forced Image Restore of Server Prior to Swing Migration Now having AD issues most likely due to missing secondary domain controller
- From: Mike
- Re: Forced Image Restore of Server Prior to Swing Migration Now having AD issues most likely due to missing secondary domain controller
- From: Cris Hanna [SBS - MVP]
- Re: Forced Image Restore of Server Prior to Swing Migration Now having AD issues most likely due to missing secondary domain controller
- From: Mike
- Re: Forced Image Restore of Server Prior to Swing Migration Now having AD issues most likely due to missing secondary domain controller
- From: Cris Hanna [SBS - MVP]
- Re: Forced Image Restore of Server Prior to Swing Migration Now having AD issues most likely due to missing secondary domain controller
- From: Mike
- Re: Forced Image Restore of Server Prior to Swing Migration Now having AD issues most likely due to missing secondary domain controller
- From: Cris Hanna [SBS - MVP]
- Re: Forced Image Restore of Server Prior to Swing Migration Now having AD issues most likely due to missing secondary domain controller
- From: Mike
- Forced Image Restore of Server Prior to Swing Migration Now having AD issues most likely due to missing secondary domain controller
- Prev by Date: Re: DNS Settings Help
- Next by Date: Re: SMTP logging
- Previous by thread: Re: Forced Image Restore of Server Prior to Swing Migration Now having AD issues most likely due to missing secondary domain controller
- Next by thread: SBS 2008 - User Shares
- Index(es):
Relevant Pages
|
