THE OFFICIAL BLOG OF THE SBS DIVA

F. On the Source server, make sure the Active Directory is healthy.

If there is only one DC, make sure the SYSVOL and NETLOGON shares are present. Also, check the File Replication Service event log to see if it is in Journal Wrap. The event below is an example of what to look for.

Event Type: Error
Event Source: NtFrs
Event ID: 13568
Description:
The File Replication Service has detected that the replica set "DOMAIN SYSTEM
VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR.

If there are multiple domain controllers in the source environment, force an Active Directory replication between them in Active Directory Sites and Services and verify it is successful.

You can also run the Microsoft IT Environment Health Scanner in the source environment to uncover any AD health issues.

Microsoft IT Environment Health Scanner

(I'll blog about that in a separate blog post)

An unhealthy Active Directory can result in the following setup errors:

• Windows Small Business Server group policies cannot be configured.
• Windows Server Update Services cannot be configured.

To fix this, you will need to restore the source server, resolve the AD Health issue(s) and start the migration all over again.

We're going to check this with a couple of things including this command:

1. The following are run from the command prompt to test Active Directory health:
2. DCDiag

•  
  • DCDiag [Enter]
  • DCDiag /test:DNS
  • DCDiag /? (List of switches)

1. DcDiag
   _______________________________________________
   
   Microsoft Windows [Version 5.2.3790]

(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>dcdiag

Domain Controller Diagnosis

Performing initial setup:

   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\DOMAIN

      Starting test: Connectivity

         ......................... DOMAIN passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\DOMAIN

      Starting test: Replications

         ......................... DOMAIN passed test Replications

      Starting test: NCSecDesc

         ......................... DOMAIN passed test NCSecDesc

      Starting test: NetLogons

         ......................... DOMAIN passed test NetLogons

      Starting test: Advertising

         ......................... DOMAIN passed test Advertising

      Starting test: KnowsOfRoleHolders

         ......................... DOMAIN passed test KnowsOfRoleHolders

      Starting test: RidManager

         ......................... DOMAIN passed test RidManager

      Starting test: MachineAccount

         ......................... DOMAIN passed test MachineAccount

      Starting test: Services

            IsmServ Service is stopped on [DOMAIN]  <<<< <this is okay and normal on a SBS box -- ignore this

         ......................... DOMAIN failed test Services

      Starting test: ObjectsReplicated

         ......................... DOMAIN passed test ObjectsReplicated

      Starting test: frssysvol

         ......................... DOMAIN passed test frssysvol

      Starting test: frsevent

         ......................... DOMAIN passed test frsevent

      Starting test: kccevent

         ......................... DOMAIN passed test kccevent

      Starting test: systemlog

         ......................... DOMAIN passed test systemlog

      Starting test: VerifyReferences

         ......................... DOMAIN passed test VerifyReferences

   Running partition tests on : ForestDnsZones

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : DOMAINNAME

      Starting test: CrossRefValidation

         ......................... DOMAINNAME passed test CrossRefValidation

      Starting test: CheckSDRefDom

         ......................... DOMAINNAME passed test CheckSDRefDom

   Running enterprise tests on : DOMAINNAME.lan

      Starting test: Intersite

         ......................... DOMAINNAME.lan passed test Intersite

      Starting test: FsmoCheck

         ......................... DOMAINNAME.lan passed test FsmoCheck

C:\Documents and Settings\Administrator>dcdiag /test:DNS

Domain Controller Diagnosis

Performing initial setup:

   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\DOMAIN

      Starting test: Connectivity

         ......................... DOMAIN passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\DOMAIN

DNS Tests are running and not hung. Please wait a few minutes...

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : DOMAINNAME

   Running enterprise tests on : DOMAINNAME.lan

      Starting test: DNS

         ......................... DOMAINNAME.lan passed test DNS

It should come back "clean"

Then do Netdiag

It starts out with a whole bunch of KBs listed... (hotfixes)

________________________________________________

Netcard queries test . . . . . . . : Passed

Per interface results:

    Adapter : Server Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : DOMAIN

        IP Address . . . . . . . . : 10.0.0.2  <<< I'm still at that original SBS 4.0 10.0.0.2 range btw

        Subnet Mask. . . . . . . . : 255.255.255.0

        Default Gateway. . . . . . :

        Primary WINS Server. . . . : 10.0.0.2

        Dns Servers. . . . . . . . : 10.0.0.2

        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Skipped

            [WARNING] No gateways defined for this adapter.

        NetBT name test. . . . . . : Passed

        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge

r Service', <20> 'WINS' names is missing.

            No remote names have been found.

        WINS service test. . . . . : Passed

    Adapter : Network Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : DOMAIN

        IP Address . . . . . . . . : 192.168.1.2

        Subnet Mask. . . . . . . . : 255.255.255.0

        Default Gateway. . . . . . : 192.168.1.254

        Primary WINS Server. . . . : 10.0.0.2

        NetBIOS over Tcpip . . . . : Disabled

        Dns Servers. . . . . . . . : 10.0.0.2 <<<< I still have two nics, I need to rerun this after I've removed ISA

        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Skipped

            NetBT is disabled on this interface. [Test skipped]

        WINS service test. . . . . : Skipped

            NetBT is disable on this interface. [Test skipped].

    Adapter : {A89DD362-5097-4A2B-AE4F-D7AB874ED971}

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : DOMAIN

        IP Address . . . . . . . . : 10.0.0.16  <<<< VPN connection going on here

        Subnet Mask. . . . . . . . : 255.255.255.255

        Default Gateway. . . . . . :

        NetBIOS over Tcpip . . . . : Disabled

        Dns Servers. . . . . . . . :

        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Skipped

            [WARNING] No gateways defined for this adapter.

        NetBT name test. . . . . . : Skipped

            NetBT is disabled on this interface. [Test skipped]

        WINS service test. . . . . : Skipped

            NetBT is disable on this interface. [Test skipped].

Global results:

Domain membership test . . . . . . : Passed

NetBT transports test. . . . . . . : Passed

    List of NetBt transports currently configured:

        NetBT_Tcpip_{31680511-DFA0-4A2D-A3A9-D1044337C37A}

    1 NetBt transport currently configured.

Autonet address test . . . . . . . : Passed

IP loopback ping test. . . . . . . : Passed

Default gateway test . . . . . . . : Passed

NetBT name test. . . . . . . . . . : Passed

    [WARNING] You don't have a single interface with the <00> 'WorkStation Servi

ce', <03> 'Messenger Service', <20> 'WINS' names defined.

Winsock test . . . . . . . . . . . : Passed

DNS test . . . . . . . . . . . . . : Passed

    PASS - All the DNS entries for DC are registered on DNS server '10.0.0.2'.

Redir and Browser test . . . . . . : Passed

    List of NetBt transports currently bound to the Redir

        NetBT_Tcpip_{31680511-DFA0-4A2D-A3A9-D1044337C37A}

    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser

        NetBT_Tcpip_{31680511-DFA0-4A2D-A3A9-D1044337C37A}

    The browser is bound to 1 NetBt transport.

DC discovery test. . . . . . . . . : Passed

DC list test . . . . . . . . . . . : Passed

Trust relationship test. . . . . . : Skipped

Kerberos test. . . . . . . . . . . : Passed

LDAP test. . . . . . . . . . . . . : Passed

Bindings test. . . . . . . . . . . : Passed

WAN configuration test . . . . . . : Skipped

    No active remote access connections.

Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information

The command completed successfully

C:\Documents and Settings\Administrator>

Next we'll do RepAdmin

1. RepAdmin

•  
  • RepAdmin /viewlist *
  • RepAdmin /SyncAll
  • RepAdmin /KCC

__________________________________________________

Microsoft Windows [Version 5.2.3790]

(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>repadmin /viewlist *

DC_LIST[1] = DOMAIN.DOMAINNAME.lan

C:\Documents and Settings\Administrator>repadmin /syncall

CALLBACK MESSAGE: SyncAll Finished.

SyncAll terminated with no errors.

C:\Documents and Settings\Administrator>repadmin /kcc

repadmin running command /kcc against server localhost

Consistency check on localhost successful.

Next we'll do NetDom /query FSMO

1. NetDom /query FSMO

____________________________

Microsoft Windows [Version 5.2.3790]

(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>netdom /query FSMO

Schema owner                DOMAIN.DOMAINNAME.lan

Domain role owner           DOMAIN.DOMAINNAME.lan

PDC role                    DOMAIN.DOMAINNAME.lan

RID pool manager            DOMAIN.DOMAINNAME.lan

Infrastructure owner        DOMAIN.DOMAINNAME.lan

The command completed successfully.

Other than reruning this after I remove ISA... AD using DCdiag looking fine.