>

DNS issues after a SBS 2003 to Windows server 2008 R2 migration

After finishing a successful server migration from SBS 2003 to multiple Windows Server 2008 R2 servers there were some DNS issues. After a restart of the domain controller it looked like DNS is not working as it should the servers are also signaling they don’t have an internet connection. Restarting the DNS service fixes all problems for that time, but after a new restart same problem comes back every time.

Looking at the system event log there are a lot warnings and error events from the Source: NETLOGON

Event ID: 5774

The dynamic registration of the DNS record ‘domain.local. 600 IN A 192.168.117.21’ failed on the following DNS server:

DNS server IP address: ::
Returned Response Code (RCODE): 0
Returned Status Code: 0

For computers and users to locate this domain controller, this record must be registered in DNS.

USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain controller, run ‘nltest.exe /dsregdns’ from the command prompt on the domain controller or restart Net Logon service.
Or, you can manually add this record to DNS, but it is not recommended.

ADDITIONAL DATA
Error Value: DNS name does not exist.

And:

Event ID: 5781

Dynamic registration or deletion of one or more DNS records associated with DNS domain ‘domain.local.’ failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).

Possible causes of failure include:
– TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers
– Specified preferred and alternate DNS servers are not running
– DNS server(s) primary for the records to be registered is not running
– Preferred or alternate DNS servers are configured with wrong root hints
– Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration

USER ACTION
Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running ‘nltest.exe /dsregdns’ from the command prompt on the domain controller or by restarting Net Logon service on the domain controller.

‘DomainDnsZones.domain.local.’
‘ForestDnsZones.domain.local.’

As we run DCDIAG /C before this didn’t give any error, but when we now run DCDIAG /test:dns we see the following result:

Running enterprise tests on : domain.local
Starting test: DNS
Test results for domain controllers:

DC: NewServer. domain.local
Domain: domain.local

TEST: Delegations (Del)
Error: DNS server: OLDSERVERNAME. domain.local.
IP: [Missing glue A record]

As you can see the test is trying to resolve the old servername at the Delegations test.

Solution:

At the end the problem was when looking in DNS manager and going to the domain.local – _msdcs subzone, the NS record had still the old servername entered.

Just change the record and change the data to the new server information. This resolved the first error, but the second stayed.

This error occures because there are one or more DNS zones are not correctly saved within Active Directory. You can easy see this by using the Registry editor regedit.exe and browse to HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ DNS Server \ Zones. All you dns zones should be located over here.

When you select a zone it would look like this:

As you can see there isn’t a REG_SZ value DirectoryPartition DomainDnsZones.domain.local or ForestDnsZones.domain.local these are the problem zones. I had to delete these zones (both were manual made zones in the past on the old DC) and recreate them. After recreation the REG_SZ value DirectoryPartition value was set and the event warnings didn’t come back as after restarts no problems have raised anymore.

Posted in Blog, Windows 2008R2 at January 7th, 2013. 7 Comments.

Exchange 2003 Mailbox Database object not found when moving mailboxes to an Exchange 2010 server

During an Exchange 2003 – 2010 transition, when moving a mailbox you see the database gives an “Object not found” message.

If you continue the mailbox move will fail with the following error: “Mailbox database “Servername\First Storage Group\Mailbox Store (SERVERNAME)” doesn’t exist.”

Probably you would also see some Event ID 3113, MSExchangeIS errors in your Application log indicating the Mailbox of Public Folder Store was not found in the directory. The item may have been deleted.

Solution: The problem is caused because the “Allow inheritable permissions from the parent to propagate to this object and all child objects. Include these with entries explicitly defined here.” is not set on the Exchange 2003 server object.

Open Exchange System Manager, browse to Administrative Groups, first administrative group, Servers and choose properties on your Server. Select the Security tab and choose advanced. Place a check at “Allow inheritable permissions from the parent to propagate to this object and all child objects. Include these with entries explicitly defined here.” and select OK.

If you cannot see the security tab you need create the ShowSecurityPage registry key. Open regedit browse to HKEY_Current_user\Software\Microsoft\Exchange\EXAdmin and create a new DWORD value ShowSecurityPage and set the value data to 1. Now restart Exchange system manager and you should be able to see the security page.

Posted in Blog, Exchange 2010 at June 14th, 2012. 4 Comments.

SBS Migration before you start

Because I get and see a lot of questions on the forums about migrations, how to’s but also about failures and people who don’t have backups to start over. So in this article I would put down some information what you could do to get your migration to a good end. Of course there is no one hundred percent guarantee, but there are some basics you should do that will help to bring it to a good end. I am writing this for a SBS migration but the steps can be used for most migration paths, SBS – SBS, Windows Server – SBS, SBS – Windows Server, Windows Server – Windows Server but also for Exchange migrations. It would be wise to read all information before you start your migration.

Backup

First thing before you even start should be to make sure you have a good backup. Make sure you have tested your server backup, so might something go wrong during migration you always can go back to the original situation. It sounds like something you should take for granted, but you would not be the first one that starts the migration and something went wrong and would go for recovery and then they came to the conclusion there wasn’t a good backup at all. So always test it before you start!

If your original server is a SBS 2003 server you can use the built in backup solution, see this document how to use it: Backing Up and Restoring Windows Small Business Server 2003.

Getting familiar with the migration process

Second before you even start with the migration would be getting yourself familiar with the migration process. What migration you are going to do (there are more guides available) you should at least read through the complete guide so you know what you can expect. Better would be to do a test migration, make a copy of your original server (backup or image) to another physical or virtual machine in a separated network environment and complete the migration process. Than you know exactly what you can expect during the migration. If you do not get a good feeling by the process just do it over and over again or get yourself some help by another it professional before you start the migration for real.

If you are not familiar with SBS 2011 there is a lot of online material (video’s, click thru’s, hands-on labs, etc) that can help you getting familiar with the configuration: Link 1, Link 2

Check the health of your source server

Next thing to do is to make sure your source (original) server is in a clean state and configured correctly. If the source server has already got problems before you start the migration, this will certainly end up in problems or failures.

What you at least should do, make sure your server is up to date with updates, service packs, fixes, etc. Run the best practice or health analyzers for your product(s), it will give you all kind of information about what is configured wrong. Run tools like dcdiag.exe and netdiag.exe to check your server configuration. Check your servers even logs for warning en error messages.
Make sure you fix all problems before you start the migration!

Beside the information given in the migration guides, these articles will give you some good advice about preparing your source server:

Setup phase

When your server is completely healthy, configured right, read all information in the previous steps and you are prepared. Make sure you follow your migration guide step by step and only continue when you are absolute sure you’ve completed the step entirely. Take your time; no one will notice anything from the migration until you are going to move data.

There are still some issues you could run into during the setup phase:

One of the problems that could give a failure is there is a time or time zone difference between the source and destination server. Make sure the time on the destination server is setup correctly in the bios.
Do not choose to install updates during the installation, this would take a lot of extra time and can give all kind of troubles during the installation / migration. It is best practice to install updates after you completed the installation.

Also see this article for some other known issues: SBS Team keys to success part 2 the setup phase.
When you run into a “Cannot connect to the domain” error message in the early stage of the installation there are still some steps you could do, see this article.

Now the actual installation can start, please not that this will take a couple of hours, so when the blue progress bar appears you could leave the server alone for a while.

Post Setup phase

When installation went successful you will see a screen Installation Finished, Run the Migration Wizard to continue migrating to Windows SBS. But if you ran into any problem, error or something else goes wrong, don’t just continue; make sure you completely understand what your problem is. Look at the SBS Team keys to success part 3 post setup and common failures for some known issues and resolutions. If your error is not there and you have no clue, ask some professional or try some community forum like: SBS Technet Forum or Expert Exchange they might have a solution. Otherwise it would be good to start over because continue with errors will in most cases end up in a bigger unresolvable problem.

Guides:

Here you will find some links to additional useful information and migration guides:

For a different migration approach with support you also take a look at SBS migration.

For a lot of SBS 2011 information also take a look at my SBS 2011 index file with a lot of installation and configuration and all kind of other information.

.

Posted in Blog, SBS 2008, SBS 2011 at January 12th, 2012. 5 Comments.

File Replication Journal Wrap and Sysvol errors with Small Business Server migration

When doing a migration from Small Business Server (SBS) 2003 to SBS 2008, SBS 2011 or Windows server standard version, one of the first things you should do is run the SBS 2003 Best Practices Analyzer and of course check your event log for known problems.

One of the issues I see often is the sysvol, journal wrap Event ID 13568, Source NtFrs in the File Replication Eventlog.

———————————————————————————————————————————–
The File Replication Service has detected that the replica set “DOMAIN SYSTEM VOLUME (SYSVOL SHARE)” is in JRNL_WRAP_ERROR.

Replica set name is    : “DOMAIN SYSTEM VOLUME (SYSVOL SHARE)”
Replica root path is   : “c:\windows\sysvol\domain”
Replica root volume is : “\\.\C:”
A Replica set hits JRNL_WRAP_ERROR when the record that it is trying to read from the NTFS USN journal is not found.  This can occur because of one of the following reasons.

[1] Volume “\\.\C:” has been formatted.
[2] The NTFS USN journal on volume “\\.\C:” has been deleted.
[3] The NTFS USN journal on volume “\\.\C:” has been truncated. Chkdsk can truncate the journal if it finds corrupt entries at the end of the journal.
[4] File Replication Service was not running on this computer for a long time.
[5] File Replication Service could not keep up with the rate of Disk IO activity on “\\.\C:”.
Setting the “Enable Journal Wrap Automatic Restore” registry parameter to 1 will cause the following recovery steps to be taken to automatically recover from this error state.
[1] At the first poll, which will occur in 5 minutes, this computer will be deleted from the replica set. If you do not want to wait 5 minutes, then run “net stop ntfrs” followed by “net start ntfrs” to restart the File Replication Service.
[2] At the poll following the deletion this computer will be re-added to the replica set. The re-addition will trigger a full tree sync for the replica set.

WARNING: During the recovery process data in the replica tree may be unavailable. You should reset the registry parameter described above to 0 to prevent automatic recovery from making the data unexpectedly unavailable if this error condition occurs again.

To change this registry parameter, run regedit.

Click on Start, Run and type regedit.

Expand HKEY_LOCAL_MACHINE.
Click down the key path:
   “System\CurrentControlSet\Services\NtFrs\Parameters”
Double click on the value name
   “Enable Journal Wrap Automatic Restore”
and update the value.

If the value name is not present you may add it with the New->DWORD Value function under the Edit Menu item. Type the value name exactly as shown above.———————————————————————————————————————————–

Fixing this issue is in most cases relative simple just add the “Enable Journal Wrap Automatic Restore” registry key noted in the event log and change the value to “1” and restart the “File Replication Service” service.

Before changing the registry key I would recommend to make a backup from the C:\Windows\Sysvol folder.

But after doing that there appeared a new warning message in the File Replication Eventlog, Event ID 13566, Source Ntfrs.

———————————————————————————————————————————–
File Replication Service is scanning the data in the system volume. computer <domain name> cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL.

To check for the SYSVOL share, at the command prompt, type:
net share

When File Replication Service completes the scanning process, the SYSVOL share will appear.

The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume.———————————————————————————————————————————–

As stated you have to wait a while, but I could wait as long as I want but the sysvol share doesn’t appear.

Solution: At the end the solution seems to be that the ntfrs jet database was corrupted. To solve the problem:

Stop the “File Replication Service” service

Rename the “C:\windows\ntfrs\jet” folder

Start the “File Replication Service” service

One other thing that could happen is the folders under Windows\Sysvol are moved to a subfolder called “NtFrs_PreExisting_See_EventLog”. If you have more than one domain controller this is no problem and the folders will be replicated from another domain controller, but if you only have one domain controller which is mostly the case when using SBS. You can copy the right folders back from the backup you made before, or just move them out of the “NtFrs_PreExisting_See_EventLog” folder to one level up.

Solve these problems before you are starting your migration otherwise you will run into replication errors.

Posted in Blog, SBS 2008, SBS 2011 at April 7th, 2011. 29 Comments.

Migrating to Windows Small Business Server 2011 Standard

As microsoft already released documentation about migrating from SBS 2003 to SBS 2011, now they released some more migration scenarios. Here a overview of al released scenarios:

Migrate to Windows Small Business Server 2011 Standard from Windows Small Business Server 2003

Migrate to Windows Small Business Server 2011 Standard from Windows Small Business Server 2008

Migrate Windows Small Business Server 2011 Standard to New Hardware

Move all SharePoint Foundation 2010 databases for Windows SBS 2011 Standard to another server

Posted in Blog, SBS 2011 at February 4th, 2011. No Comments.

SBS 2003 logon error “The local policy of this system does not permit you to logon interactively”

When you try to logon to your SBS 2003 server you get the following error:

“The local policy of this system does not permit you to logon interactively”

Solution: This only happens when you try to logon locally to your Windows 2003 SBS server. This is caused when the account you try to logon with is member of the “Domain Power Users” or “Remote Operators” security group. For these groups by default there is a deny set on log on locally policy.

More information can be found here: kb841188

Posted in Blog at December 1st, 2010. 1 Comment.

Migrating printers using printbrm(ui) gives print monitor is unknown error

For migrating printer drivers and setting from a Windows 2003 SBS server to a Windows 2008 SBS server. I first updated all printers on the Windows 2003 SBS server so they have x64 drivers installed. After that I used printbrm(ui) on a Windows 2008 server to export all drivers and settings to a export file. This file I copied to my new Windows 2008 SBS server and tried to import it using printbrm(ui). When finished I got a lot of warnings and errors and most printers were not created. The following event id 37 was logged:

“Printbrm.exe (the Printer Migration Wizard or the command-line tool) could not restore driver HP LaserJet 4200 PCL 6 (Windows NT x86) while restoring print queues from a file. Error reported: 0x80070bb8. The specified print monitor is unknown.
. This can occur if the driver requires a file that Printbrm.exe did not back up or if the user does not have permission to install drivers on the destination computer.”

The problem was not the driver or not enough permissions. But when you take a look at the Windows 2003 SBS server in the printer properties, advanced tab, Print Processor properties, for the failing printers the print processor didn’t use the winprint – raw processor, but a HP and some characters – raw processor.

Solution: For some strange reason the export function doesn’t export the print processor. Change the print processor to winprint raw, make a new export and import that file everything works fine.

After importing if needed it self chooses to use a other print processor available at the new server.

Posted in Blog, SBS 2008, Windows 2008 at July 28th, 2010. No Comments.

Sharing Buttons by Linksku