Today I was performing a migration from SBS 2003 to SBS 2011. I performed all the checks and ensured I had all the updates in place. During the migration the SBS 2011 server failed the migration. Upon further investigation I noticed that only 1 role transferred over from the old DC to the new one. On the old SBS 2003 server I saw:
Upon doing some more research, I came across this hotfix from Microsoft http://support.microsoft.com/kb/981259 which does not specifically address Exception e0010004 but does address e0010005. I installed this hotfix and then proceeded to manually transfer all FSMO roles using NTDSUTIL on the SBS 2011 server from it’s self to it’s self . This might sound strange, but I wanted to do this per another article I read on Microsoft’s site. Once I confirmed that all the roles transferred over from the new SBS 2011 to it’s self. I then moved the roles back to the old SBS server. Then verifying event logs, everything looked clean and happy.
I also noticed this event on the old SBS 2003 server. This seemed odd to me because look at the user….it is a a SID with no matching name. This is not normal.
I then unpromoed the failed SBS 2011 server and removed it from the domain. I then decided to inspect the SBS 2003 DNS server. I noticed under GC’s that there were two entries. One was the current server, in this case 10.55.100.10 and another of 10.55.100.60. Well there was no other GC with an IP of this, so that stood out like a sore thumb. I then deleted this invalid entry and looked at all other entries, Name Servers, etc. to verify it was clean.
On the old SBS 2003 server, I followed Microsoft troubleshooting to increase my logging. To increase NTDS diagnostic logging, change the following REG_DWORD values in the registry of the destination domain controller under the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics
Set the value of the following subkeys to 5:
5 Replication Events
9 Internal Processing
Note Level 5 logging is extremely verbose and the values of both subkeys should be set back to the default of 0 after the problem is resolved. Filtering the Directory Services event log should be performed to isolate and identify these events.
I did this on the source controller even though it mentions to do this on the destination server. Next I restarted netlogon service via command prompt. NET STOP NETLOGON & NET START NETLOGON
I performed the migration again. It failed, but I was able to capture a lot more events in the event log. This time I saw
Event ID 1925: Attempt to establish a replication link failed due to DNS lookup problem. Following http://technet.microsoft.com/en-us/library/cc778061(WS.10).aspx I started looking at DNS as the issue. this lead me to http://technet.microsoft.com/en-us/library/cc785014(WS.10).aspx It turns out, that someone previous had turned of Zone transfers. The DNS server looked like this:
and this:
To fix it, it should look like this:
and
Make sure to also check the AD domain, in this case csg.local, as those settings were also modified.
I also noticed that they had DNS forwarders on, pointing to external address’s, but when I ran the original Internet Connection Wizard on the SBS 2003 server, it made no mention of this. Weird.
Ah, once I did this, I was able to migrate correctly.
Note, make sure to cleanup the old failed SBS 2011 servers from AD, Name servers and DNS so you get a clean migration.
As this was a new customer for me, I had no knowledge of the previous IT person’s skills or abilities, or how things were setup or should I say not setup correctly. Lesson learned is when you enter a situation where you don’t know what was done before, look at everything, even though it is time consuming, the troubleshooting takes even more time.
Recent Comments