|
|
Today I was performing a migration from SBS 2003 to SBS 2011. I performed all the checks and ensured I had all the updates in place. During the migration the SBS 2011 server failed the migration. Upon further investigation I noticed that only 1 role transferred over from the old DC to the new one. On the old SBS 2003 server I saw:
Upon doing some more research, I came across this hotfix from Microsoft http://support.microsoft.com/kb/981259 which does not specifically address Exception e0010004 but does address e0010005. I installed this hotfix and then proceeded to manually transfer all FSMO roles using NTDSUTIL on the SBS 2011 server from it’s self to it’s self . This might sound strange, but I wanted to do this per another article I read on Microsoft’s site. Once I confirmed that all the roles transferred over from the new SBS 2011 to it’s self. I then moved the roles back to the old SBS server. Then verifying event logs, everything looked clean and happy.
I also noticed this event on the old SBS 2003 server. This seemed odd to me because look at the user….it is a a SID with no matching name. This is not normal.
I then unpromoed the failed SBS 2011 server and removed it from the domain. I then decided to inspect the SBS 2003 DNS server. I noticed under GC’s that there were two entries. One was the current server, in this case 10.55.100.10 and another of 10.55.100.60. Well there was no other GC with an IP of this, so that stood out like a sore thumb. I then deleted this invalid entry and looked at all other entries, Name Servers, etc. to verify it was clean.
On the old SBS 2003 server, I followed Microsoft troubleshooting to increase my logging. To increase NTDS diagnostic logging, change the following REG_DWORD values in the registry of the destination domain controller under the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics
Set the value of the following subkeys to 5:
5 Replication Events
9 Internal Processing
Note Level 5 logging is extremely verbose and the values of both subkeys should be set back to the default of 0 after the problem is resolved. Filtering the Directory Services event log should be performed to isolate and identify these events.
I did this on the source controller even though it mentions to do this on the destination server. Next I restarted netlogon service via command prompt. NET STOP NETLOGON & NET START NETLOGON
I performed the migration again. It failed, but I was able to capture a lot more events in the event log. This time I saw
Event ID 1925: Attempt to establish a replication link failed due to DNS lookup problem. Following http://technet.microsoft.com/en-us/library/cc778061(WS.10).aspx I started looking at DNS as the issue. this lead me to http://technet.microsoft.com/en-us/library/cc785014(WS.10).aspx It turns out, that someone previous had turned of Zone transfers. The DNS server looked like this:
and this:
To fix it, it should look like this:
and
Make sure to also check the AD domain, in this case csg.local, as those settings were also modified.
I also noticed that they had DNS forwarders on, pointing to external address’s, but when I ran the original Internet Connection Wizard on the SBS 2003 server, it made no mention of this. Weird.
Ah, once I did this, I was able to migrate correctly.
Note, make sure to cleanup the old failed SBS 2011 servers from AD, Name servers and DNS so you get a clean migration.
As this was a new customer for me, I had no knowledge of the previous IT person’s skills or abilities, or how things were setup or should I say not setup correctly. Lesson learned is when you enter a situation where you don’t know what was done before, look at everything, even though it is time consuming, the troubleshooting takes even more time.
Microsoft released an update this week for the Windows Server Solutions BPA that covers a number of products, including:
- Small Business Server 2011 Standard Edition
- Small Business Server 2011 Essentials
- Windows Storage Server 2008 R2 Essentials
- Windows MultiPoint Server 2011
More information about this update is available on the Official SBS Blog page at http://blogs.technet.com/b/sbs/archive/2011/09/29/windows-server-solutions-bpa-updated-september-2011.aspx
So how do you get the update? First, make sure you have the Microsoft Baseline Configuration Analyzer 2.0 installed. To get it, go here. Next, make sure to download and install the Windows Server Solutions Best Practices Analyzer 1.0 here
During the install, you will be prompted with this screen:
Make sure to check this box during your install, or you will not be prompted to automatically update!
Once you have it installed, launch the BPA either via the SBS Console under security (if you selected to integrate it in the console) or when you launch it under the start menu. You will see in the system tray an icon/pop up stating to update, like this:
Select that, and a window will open
Close the BPA you have open and then wait about 5-10 seconds. The next box will change and allow you to click on it. That’s it, you are now updated!
Hey Lyle, I don’t see it prompting me. Why?
Ok, so you got it installed, but now you launch it and don’t see it prompting you for the update. No problem, here is how to fix this:
Open up the registry and navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsServerSolutions\BPA
Look for the DWORD item “Update”. It is probably set to a 0. We want to change it to a value of 1. It should now look like this:
Close out the BPA if you have it open. Now re-launch it and you will see it appear in the SysTray.
Well Microsoft’s new Office 365 solution goes down causing business disruption. Sometimes I wonder if this cloud nonsense is just another bad joke.
Today we received a batch of new Seagate Enterprise hard disks, which should have been model ST2000NM0011. It looks like someone in the label department in Thailand made a mistake, as the model number is shown with a 1 (1TB) and a 2 (2TB). After plugging it in, it was detected as a 1TB drive. Glad to know we can’t always rely on stickers.
Tonight I had a customer informing me that since we installed the latest rollup for Exchange 2010 SP1 their BlackBerry were sending duplicate messages. After doing some research into the issue, I came across this blog http://blogs.technet.com/b/exchange/archive/2011/03/14/exchange-2010-sp1-rollup-3-and-blackberrys-sending-duplicate-messages.aspx
For the time being, hold off on installing RU3 until Microsoft get’s this fixed. In fact, they state that they have pulled the Rollup for now. I suggest looking at the EHLO link above to confirm when it is fixed.
I am currently working on planning out a new data center that will be running Exchange 2010. I found a great tool from the Exchange team called Exchange 2010 Mailbox Server Role Requirements Calculator which is quite powerful. An updated version of this tool can also be located at http://blogs.technet.com/b/exchange/archive/2010/01/22/3409223.aspx
Enjoy.
Lyle Epstein
Kortek Solutions
Today my wife updated her Sprint Samsung Transform phone with the latest Android OS. I have been waiting for Sprint to push out this update as I found a very strange bug in the base OS that was shipped with the phone in November 2010.
For a list of versions and when they were shipped, see http://socialcompare.com/en/comparison/android-versions-comparison
The bug I identified was if you setup the phone to Sync with the Exchange server, in this case Exchange 2010 SP1 RU2 and then proceed to select a contact, change the picture of the contact to one that is on the device, and re-sync, you will now see the new picture in your Outlook. That is how it is suppose to work. The bug part comes in when you now edit that contact, say change the phone number or email address. Now sync the device, and you will notice the data doesn’t change in the device. The only way to fix it from my testing was to delete the contact via the phone. Once you do that, re-sync, and it will be gone from the Contacts in Outlook. Now go into your deleted items and you will see the contact. Move it back to your contacts, and re-sync the phone, and the contact is now correct on the phone. But if you make a change to the contact again, you will run into the same issue.
This was VERY annoying! I had found an update to the Android OS but it required rooting the phone, something I didn’t want to do. After the update came down today from Sprint, I retried my issue, and the bug has now been fixed. Other things I noticed in the new update is the support for OOF, or Out of Office. That is a nice touch as Active Sync get’s more aligned to the features in Exchange 2010 and EAS. I also noticed that the new update now enforces Active Sync’s security policies, including requiring a device password.
Now we wait for Microsoft’s own Windows Phone 7 to start supporting more Exchange EAS policies. If you are interested in knowing more about EAS, here is a chart by Marco Nielsen
Versions
The important versions of EAS usually follow the Exchange Server releases and they are are currently:
| EAS Version |
Server Release |
Comments |
| EAS 2.0 |
Exchange Server 2003 |
|
| EAS 2.5 |
Exchange Server 2003 SP2 |
|
| EAS 12 |
Exchange Server 2007 |
The Exchange software becomes part of Office release 12 aka Office 2007. |
| EAS 12.1 |
Exchange Server 2007 SP1 |
|
| EAS 14 |
Exchange Server 2010 |
The Office product team skips over number “13”. |
| EAS 14.1 |
Exchange Server 2010 SP1 |
|
More details can be found here.
Compatibility Comparisons
Due to the incremental versions, protocol licensing and various implementations on different mobile devices, OS platforms and software clients it is very hard to get a complete view of what features are supported on a given device. Even if the mobile device is running a specific OS platform, the OEM, and mobile operator (especially here in North America) can decide to make specific changes.
I have found several references that may help, but all will obviously become out of date as new platform versions, software and devices come out.
I take no responsibility for their accuracy or the content. All information should always be tested on the devices you have on hand. I also apologize if the links become dead after a given amount of time, please ping me and I can update.
| Name |
Hyperlink |
Comment |
|
Comparison of Exchange ActiveSync Clients
|
Link
|
Updated by the “public” on Wikipedia, has Android 3.0. |
|
Exchange ActiveSync Client Comparison Table
|
Link |
Updated table posted on Microsoft TechNet. Please notice the Nitrodesk Touchdown comparison. This can close many gaps on Android devices and also supported by MDM vendors. |
| Android and iPhone Exchange Activesync Policies |
Link |
Nice listing by Tom Basham in the UK. Points out some problems with the Wikipedia comparison on the CALs. |
| Android 2.2 and ActiveSync policies – a complete guide that works |
Link |
Only using a HTC Desire running Android 2.2 on Exchange 2007 SP1. But great play by play. |
| iPhone OS 4 and EAS – what really works? |
Link |
Only using an iPhone running iOS 4.2 on Exchange 2007 SP1. But another great play by play of all the policies. |
| More on Windows Phone 7 Security Policies |
Link |
Brief review from Tom Basham of the Windows Phone 7 related security policies. |
| Exchange ActiveSync Considerations When Using Windows Phone 7 Clients |
Link |
Detailed TechNet article on Windows Phone 7 supported features by Henrik Walther. |
This excellent chart was posted by Marco Nielsen at http://www.myitforum.com/absolutenm/templates/Articles.aspx?articleid=22540&zoneid=100
The White House is currently reviewing a new set of much tougher laws for software piracy, including jail time of up to 20 years. There are several other items in this list of recommendations that do not pertain to software, like drug offenses, but all fall in the intellectual property category. If you want to see what these new limits are about take a look at http://www.whitehouse.gov/sites/default/files/ip_white_paper.pdf
I am pretty sure this one will get signed into law. This is a good thing, as software piracy hurts everyone.
I began seeing this error on a migrated SBS 2011 Standard server in the event log Microsoft-Windows-Small Business Server/Operational section
In order to identify what originally happened in the migration, I went to C:\Program Files\Windows Small Business Server\Logs and viewed errors.log file. In this file, it showed ConfigureGP: Windows Small Business Server group policies cannot be configured. This was a good clue that this part of the migration got messed up. It is quite similar to the issue talked about on the official SBS Blog site
To fix the issue, follow the instructions on that site except the difference here is that this is a SBS 2011 server and that blog entry was written for SBS 2008. Instead of using the file gpofix.txt that is listed on that site, use the updated SBS 2011 file you can download here
I suggest before doing this, to backup your GPO’s, WMI filters and delete these GPO’s and WMI filters as they will be recreated with this script. if you don’t know how to backup your GPO’s, check out this site http://www.petri.co.il/backing-up-group-policy-objects.htm
When you run this updated script, it will create the following Group Policies objects
- Windows SBS Client – Windows 7 and Windows Vista Policy
- Windows SBS Client – Windows XP Policy
- Windows SBS Client Policy
- Windows SBS CSE Policy
- Windows SBS Users Policy
In addition, 3 WMI filters will be created
- Windows SBS Client
- Windows SBS Client – Windows 7 and Windows Vista
- Windows SBS Client – Windows XP
Everything else on the Official SBS Blog site is the same. To confirm that it was applied correctly, take a look at your Group Policy Manager and you will see the newly created ones with the current date and time.
Of course if you want to see even more details, open the file GPOTask.log at C:\Program Files\Windows Small Business Server\Logs and you can see each action that was taken. If you are not aware of this folder and logs, it is one of the standard places I look on a SBS 2008 or SBS 2011 server when troubleshooting SBS related issues.
Today I was troubleshooting a strange issue in the SBS 2011 Console. When I select Shared Folders from the SBS 2011 Console and click on Change Folder Permissions
the SBS Console crashes with Windows SBS 2011 Standard Console has stopped working, as shown below
After troubleshooting for several hours with Microsoft and not able to find a quick resolution I became more determined then ever to discover the cause and solution. In order to fix this situation, either change the Users Roles from one to the other and then back, or modify the existing Users Roles with a new setting like disabling the quota’s so that it re-applies the role to the users. You can then change this setting back and reapply it once again.
It appears that this happens on servers that are migrated and not new installations. In the SBS 2011 migration guide at http://technet.microsoft.com/en-us/library/gg615504.aspx it states
Upon further testing, I discovered that if you don’t Replace user permissions
and simply add to the existing permissions, it will not resolve the issue. Therefore, you MUST replace user permissions. If you have created custom security groups and didn’t add them to a custom user role, please make sure to write down the current security groups and distribution groups that the user is a member of as running it in replace mode WILL remove all other membership groups.
During my troubleshooting of this issue, I also discovered that all of my email enabled distribution groups showed no users via the SBS 2011 Console. I went into Exchange Management Console and attempted to view the distribution groups to see if members were listed, but upon expanding this node, EMC stated An error caused a change in the current set of Active Directory server settings. Restart the Exchange Management Console.
I then opened up each distribution group in the SBS 2011 Console and added the users to the correct groups. After that, EMC worked correctly and showed the groups with the correct members listed.
Another issue you will see by not replacing the user permissions via the Change User Role wizard is when you open up the Remote Web Access, you will see the following error stating There was a problem loading a gadget. Contact the person who manages your server.
This is also caused by the same issue. Rerun that Change User Role wizard and you will now see
In a future post I will document all of the troubleshooting steps I took including looking at many log files for hours.
|
|
Recent Comments