Migration
5 TopicsTrying to complete migration from Win 2012 Essentials to Win 2022 Essentials
Hi.. In the process of migrating from a Windows Server 2012 Essentials server, to a new Windows Server 2022 Essentials server. I added the DC roles to the new machine, joined it to the domain, confirmed the pre DFS stuff was in the fourth disabled state, and then moved across fsmo roles. I'll admit I'm running a little blind as this is not an area of Windows Server I generally have to play with. Where I'm up to is that the new DC won't provide SYSVOL and NETLOGON shares. Status query so far says it's in "initial sync". There is a quirk in the network, in that due to constraints on the router, to provide guest WiFi, the router needs to provide its own DNS server in the DHCP response, not that of DCs, so the router DNS server (dnsmasq) has a redirect on the DC domain to the IP of one of the DCs, the new DC right now.. but this can be changed easily. Yes, the domain uses a ".local" domain, and yes, I know this can mess with broadcast DNS, but this was set before it was really a thing. JPTDC01 ~ $ dcdiag Directory Server Diagnosis Performing initial setup: Trying to find home server... Home Server = JPTDC01 * Identified AD Forest. Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\JPTDC01 Starting test: Connectivity ......................... JPTDC01 passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\JPTDC01 Starting test: Advertising ......................... JPTDC01 passed test Advertising Starting test: FrsEvent ......................... JPTDC01 passed test FrsEvent Starting test: DFSREvent There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems. ......................... JPTDC01 failed test DFSREvent Starting test: SysVolCheck ......................... JPTDC01 passed test SysVolCheck Starting test: KccEvent ......................... JPTDC01 passed test KccEvent Starting test: KnowsOfRoleHolders ......................... JPTDC01 passed test KnowsOfRoleHolders Starting test: MachineAccount ......................... JPTDC01 passed test MachineAccount Starting test: NCSecDesc ......................... JPTDC01 passed test NCSecDesc Starting test: NetLogons ......................... JPTDC01 passed test NetLogons Starting test: ObjectsReplicated ......................... JPTDC01 passed test ObjectsReplicated Starting test: Replications ......................... JPTDC01 passed test Replications Starting test: RidManager ......................... JPTDC01 passed test RidManager Starting test: Services ......................... JPTDC01 passed test Services Starting test: SystemLog An error event occurred. EventID: 0x00009017 Time Generated: 03/25/2024 10:41:48 Event String: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70. An error event occurred. EventID: 0x00009017 Time Generated: 03/25/2024 10:41:48 Event String: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40. An error event occurred. EventID: 0x00009017 Time Generated: 03/25/2024 10:41:48 Event String: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70. An error event occurred. EventID: 0x00009017 Time Generated: 03/25/2024 10:41:48 Event String: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40. A warning event occurred. EventID: 0x00000458 Time Generated: 03/25/2024 10:51:24 Event String: The Group Policy Client Side Extension Group Policy Drive Maps was unable to apply one or more settings because the changes must be processed before system startup or user logon. The system will wait for Group Policy processing to finish completely before the next startup or logon for this user, and this may result in slow startup and boot performance. A warning event occurred. EventID: 0x00000458 Time Generated: 03/25/2024 11:32:15 Event String: The Group Policy Client Side Extension Group Policy Drive Maps was unable to apply one or more settings because the changes must be processed before system startup or user logon. The system will wait for Group Policy processing to finish completely before the next startup or logon for this user, and this may result in slow startup and boot performance. A warning event occurred. EventID: 0x00000458 Time Generated: 03/25/2024 11:35:46 Event String: The Group Policy Client Side Extension Group Policy Drive Maps was unable to apply one or more settings because the changes must be processed before system startup or user logon. The system will wait for Group Policy processing to finish completely before the next startup or logon for this user, and this may result in slow startup and boot performance. ......................... JPTDC01 failed test SystemLog Starting test: VerifyReferences ......................... JPTDC01 passed test VerifyReferences Running partition tests on : ForestDnsZones Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Running partition tests on : DomainDnsZones Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Running partition tests on : Schema Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Running partition tests on : Configuration Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Running partition tests on : JPT Starting test: CheckSDRefDom ......................... JPT passed test CheckSDRefDom Starting test: CrossRefValidation ......................... JPT passed test CrossRefValidation Running enterprise tests on : JPT.local Starting test: LocatorCheck Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355 A Primary Domain Controller could not be located. The server holding the PDC role is down. ......................... JPT.local failed test LocatorCheck Starting test: Intersite ......................... JPT.local passed test Intersite JPTDC01 ~ $ netdom query fsmo Schema master JPTDC02.JPT.local Domain naming master JPTDC02.JPT.local PDC JPTDC02.JPT.local RID pool manager JPTDC02.JPT.local Infrastructure master JPTDC02.JPT.local The command completed successfully. New DC: JPTDC02 ~ $ dcdiag Directory Server Diagnosis Performing initial setup: Trying to find home server... Home Server = JPTDC02 * Identified AD Forest. Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\JPTDC02 Starting test: Connectivity ......................... JPTDC02 passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\JPTDC02 Starting test: Advertising Warning: DsGetDcName returned information for \\JPTDC01.JPT.local, when we were trying to reach JPTDC02. SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE. ......................... JPTDC02 failed test Advertising Starting test: FrsEvent ......................... JPTDC02 passed test FrsEvent Starting test: DFSREvent There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems. ......................... JPTDC02 failed test DFSREvent Starting test: SysVolCheck ......................... JPTDC02 passed test SysVolCheck Starting test: KccEvent ......................... JPTDC02 passed test KccEvent Starting test: KnowsOfRoleHolders ......................... JPTDC02 passed test KnowsOfRoleHolders Starting test: MachineAccount ......................... JPTDC02 passed test MachineAccount Starting test: NCSecDesc ......................... JPTDC02 passed test NCSecDesc Starting test: NetLogons Unable to connect to the NETLOGON share! (\\JPTDC02\netlogon) [JPTDC02] An net use or LsaPolicy operation failed with error 67, The network name cannot be found.. ......................... JPTDC02 failed test NetLogons Starting test: ObjectsReplicated ......................... JPTDC02 passed test ObjectsReplicated Starting test: Replications [Replications Check,JPTDC02] DsReplicaGetInfo(PENDING_OPS, NULL) failed, error 0x2105 "Replication access was denied." ......................... JPTDC02 failed test Replications Starting test: RidManager ......................... JPTDC02 passed test RidManager Starting test: Services Could not open NTDS Service on JPTDC02, error 0x5 "Access is denied." ......................... JPTDC02 failed test Services Starting test: SystemLog A warning event occurred. EventID: 0x00000024 Time Generated: 03/25/2024 10:26:01 Event String: The time service has not synchronized the system time for the last 7857 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients after 22847 seconds. The time service will continue to retry and sync time with its time sources. Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization. You can control the frequency of the time source rediscovery using ClockHoldoverPeriod W32time config setting. Modify the EventLogFlags W32time config setting if you wish to disable this message. ......................... JPTDC02 passed test SystemLog Starting test: VerifyReferences ......................... JPTDC02 passed test VerifyReferences Running partition tests on : ForestDnsZones Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Running partition tests on : DomainDnsZones Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Running partition tests on : Schema Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Running partition tests on : Configuration Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Running partition tests on : JPT Starting test: CheckSDRefDom ......................... JPT passed test CheckSDRefDom Starting test: CrossRefValidation ......................... JPT passed test CrossRefValidation Running enterprise tests on : JPT.local Starting test: LocatorCheck ......................... JPT.local passed test LocatorCheck Starting test: Intersite ......................... JPT.local passed test Intersite JPTDC02 ~ $ netdom query fsmo Schema master JPTDC02.JPT.local Domain naming master JPTDC02.JPT.local PDC JPTDC02.JPT.local RID pool manager JPTDC02.JPT.local Infrastructure master JPTDC02.JPT.local The command completed successfully. I see on the first DC, there's a complaint about user policy not being fully applied, so in an admin window, I ran "gpupdate /force", let it log me out, then logged back in again, and got the same error. What do I need to do to make JPTDC02 the master, and demote and remove JPTDC01. I am happy to RTFM where it gives the steps I need to complete. JPTDC01 is old, and on its last legs - I have all the user data, so if worst came to worst, I could just start again from scratch.. but I don't want to have to reconnect all the machines to a new domain, and mess with having to migrate user profiles (if that's even possible anymore). My group policy settings aren't that advanced, and I can lose them if I have to. Any help is appreciated.Solved820Views0likes1CommentADMT Migration Question
I have a question about an upcoming migration we are doing. I have gone over the documentation for ADMT and read the order in which to migrate is SERVICE ACCOUNTS, GROUPS, USERS, COMPUTERS. But if we were to migrate a server first and we have SID filtering disabled and enable SID history, if a file server is moved before any of the users or groups would users in the SOURCE domain still have access to the migrated server in the TARGET domain after it is moved since the ACL's still contain the SID's of the users in the SOURCE domain? Any help is greatly appreciated! Thanks836Views0likes0CommentsCross-forest roaming user profiles
hello , currently we have a forest A where citrix VDI solution are implemented and users are configured (via GPOs) to use roaming user profiles and folder redirect which are all stored in a fileserver cluster. we are doing a crossforest migration to forest B using ADMT and native exchange scripts. the goal is we want a migrated user(forest B) to log on Remote desktop session host on old domain (forest A) and access their user profiles and folders which is still on fileserver on forest A. all users are migrated with sidhistory. i have configured GPOs in new forest to configure roaming profiles and folder redirections to point to the same location (fileserver in forest a) . also enabled policy allow cross-forest policy and roaming profiles. still when a migrated user logs in (forestB\user) i receive an error ,failed to locate roaming profile and local copy is used. how can we achieve this scenario , i though that because sid history is migrated ,that the migrated user will have the same permissions to access profile and folders as the source user is (forest A\user) apperciate your help1.1KViews0likes0CommentsSBS 2008 w/ Exchange to Windows Server 2016
We have an old server and software and are currently looking to get everything upgraded. Right now we have SBS 2008 (not R2) w/ Exchange and Microsoft Office Suite 2007 and would like to upgrade to Windows Server 2016 w/ Exchange and Office 365 Business Premium. There are a few things I need to know. Does Server 2016 include Exchange with it like SBS did, or does it come with the 365 suite, or is this something that needs installed separately, and if so, is there an additional cost? We don't want cloud services and want to keep it on our local server. I would prefer to use Sever 2016 in Essential mode, but I've read that Exchange will not work with this, so I wanted to make sure before I go with Server Standard. Are there instructions on migrating from SBS 2008 server to 2016 server? From what I can read online from Microsoft, all the instructions are incorrect and people have wasted many hours following them. Thanks for any insight and help.3KViews0likes3CommentsServer 208R2 Standard to Server 2016 Essentials Migration
Hi all. I help out at a small charity with a handful of users. We have one DC (Server 208R2 Standard) and need to migrate to one new DC (Server 2016 Essentials). I have checked out these resources https://docs.microsoft.com/en-us/windows-server-essentials/migrate/migrate-server-data-to-windows-server-essentials but a lot of it is not relevant and I cant find Server 208R2 Standard mentioned. Am I asking the impossible? I just need to know what steps to take in what order to migrate FSMOs, AD, DHCP and DNS across. We dont have anything fancy on this server. Just users, shared areas and a shared printer, group policies and so on. Many thanks in advance. Jason1KViews0likes0Comments