THE OFFICIAL BLOG OF THE SBS DIVA

Happy new year to all.... we headed down to LA on the train today!

Create a migration answer file for Windows SBS 2011 Standard migration. An answer file is used by Windows SBS 2011 Standard Setup to automate the installation and run Setup in migration mode. This section introduces you to the migration answer file and guides you through using the Answer File Tool to create the migration answer file.

Next up is the step where you build an answer file.  While the setup in SBS 2011 is slightly different than SBS 2008 where it stops and asks if you are doing a clean install versus a migration – no need to try to guess when exactly the server wants that usb flash drive anymore – you still need to build this answer file.

It’s also where you see the difference between the Microsoft migration path and the www.sbsmigration path.  As it’s here where in the MS way your resulting SBS 2011 server will end up with a different name than the SBS 2003 it migrated from along with a different IP address.  However using the www.sbsmigration.com method, you’ll build a temporary DC that sucks over the AD information from the old SBS server, and then you’ll build the final migrated server  with the same name as the original SBS 2003 server (ergo why it’s called swing migration)

http://technet.microsoft.com/en-us/library/gg563799.aspx#BKMK_PlanToMigrateLineOfBusinessApplications

Plan to migrate line-of-business applications

http://technet.microsoft.com/en-us/library/gg563799.aspx#BKMK_RunTheMigrationPreparationTool

So now you are ready to run the migration prep tool

1. Insert Windows SBS 2011 Standard DVD1 in the DVD drive on the Source Server.

2. When the Windows SBS 2011 Standard installation wizard starts, click Install the Migration Preparation Tool. Choose the most recent version of the tool to install.

You need Powershell and the MS baseline config analyzer to install first.

A fyi in case you hit this error. 

The migration process kept getting stuck and demanding that the source server tool had not been run on the source server...but yet it had.

SBS 2008 Migration Error:
http://social.microsoft.com/Forums/en-US/partnerwinserversbs/thread/a3999cc6-07a7-41af-86b6-f2ce17ac42d7/

Turns out there was issues with the dcom communication:

Analysis

=======

From the LOG SNIPPET of the first post, seems the installation passed Schema Version, domain/forest level requirements, but it fails at the following point:

[2080] 101119.164128.3054: Setup: Caught exception: System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

This issue can occur if SBS2008 setup fails to make WMI query to the source server to get the OS version. To try to fix the issue, I suggest you do the following:

Action Plan

=========

Make sure DCOM and 'Impersonate a client after authentication' have been configured correctly.

Make sure DCOM is enabled and is working correctly, I understand that you have tried this before, but please double check to ensure it is correct.

1.) Launch Component Services (DCOMCNFG)

2.) Expand Component Services -> Computers -> My Computer

3.) Bring up the Properties dialog box for My Computer

4.) Click on Default Properties tab

5.) Check the box 'Enable Distributed COM on this computer'

6.) Make sure Default Authentication Level is set to 'Connect' and Default Impersonation Level to 'Impersonate'

7.) Click Apply, click Ok.

8.) Close the Component Services window.

Make sure the group policy 'Impersonate a client after authentication' has SERVICE account added to the list.

1.) Launch Local Computer Policy (GPEDIT.msc)

2.) Expand Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment

3.) Make sure the Group Policy 'Impersonate a client after authentication' has Administrators group and SERVICE account added to the list.

4.) Reboot the Source server

Reminder that December is the last month to order the Windows Essential Business Server Migration Kit - Windows Essential Business Server Team Blog - Site Home - TechNet Blogs:
http://blogs.technet.com/b/essentialbusinessserver/archive/2010/12/01/reminder-that-december-is-the-last-month-to-order-the-windows-essential-business-server-migration-kit.aspx

End your 2010 by ordering your kit tomorrow!

Coming in January.  Along with Word doc versions of the migration stuff.

So for now both you and I will be reading/practicing and blogging about SBS 2003 to SBS 2011 until then.

http://technet.microsoft.com/en-us/library/gg563799.aspx#BKMK_SynchronizeTheSourceServerTimeWithAnExternalTimeSource

Show me a failed migration from a physical box to HyperV and I'll show you a time zone/time sync to an external source problem.

The installation of Windows Small Business Server 2008 on a Hyper-V virtual machine fails if the time zone of the virtual machine differs from the time zone in the parent partition:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;956359

The problem is no different for SBS 2011.  It is so very very very key that you ensure that both the source server and the built migration server are exactly in time sync.  The reason is that Active Directory cannot replicate (talk to one another) if the time zone of the two machines are plus or minus 5 minutes apart.  This is a key Kerberos requirement and you'll have a barfed install if you have a time problem between the two servers.

I have personally found that the documents recommend that you do NOT enable the time integration in the hyperV, but instead ensure that the DC in a HyperV syncs with an external source.  And here's the rub... then I've found the HyperV's drift a bit.  So here's my resolution.  I personally found that following these commands on this blog post made my HyperV DC not drift.

Hyper-V, CPU Load and System Clock Drift:
http://jaylee.org/post/2009/10/14/Hyper-V-CPU-Load-and-System-Clock-Drift.aspx

All I can say is...it worked.

But bottom line, there's an EXTREMELY good reason that they recommend you make sure that the time is in sync.

http://technet.microsoft.com/en-us/library/gg563799.aspx#BKMK_OptimizeExchangeServer2003MailboxSizes

 Optimize Exchange Server 2003 mailbox sizes

Your migration will be made a ton easier if the mailboxes and not too big, nicely defragmented and ready to go.

http://technet.microsoft.com/en-us/library/gg563799.aspx#BKMK_UseWindowsBestPracticeAnalyzer

If you don't know what I mean when I say have you run your SBSBPA? then go immediately and download the 2003 version of the SBSBPA.  While you can find it on the download site, I parked a link at www.sbsbpa.com to make it easier.

There are some bpa items you can just ignore... and others you'd be wise to follow:

Ignore the network interface alert

Ignore the allocated memory alert

Ignore the fact that this is a virtual machine and I have DHCP running on the router (it should be running on the server but for purposes of this blog ignore the alert)

I'd recommend that you install the hotfix from http://support.microsoft.com/kb/939820

Now if you have the issue where you can't run the CEICW because the SBS says it's not a SBS box try this hotfix:

You receive an error message when you try to run a Server Management
wizard in Windows Small Business Server 2003:
http://support.microsoft.com/kb/940318
On a computer that is running Microsoft Windows Small Business Server
2003, you receive one of the following error messages when you try to
run a wizard in the Server Management console.
This wizard can only be run on a Small Business Server computer.

http://technet.microsoft.com/en-us/library/gg563799.aspx#BKMK_VerifyTheNetworkConfigurationToPrepareForMigration

Reconfiguring your existing network

http://technet.microsoft.com/en-us/library/gg563799.aspx#BKMK_InstallTheMostRecentServicePacksToPrepareForMigration

You must install the latest service packs on the Source Server prior to migration. If updates or service packs are missed, the Source Server will not be eligible for migration, and the Migration Preparation Tool will report the problem and ask you to install the necessary updates before proceeding.

If you've been keeping the SBS 2003 up to date you can skip this step as you would have already done this.

If you haven't, make sure you have a good backup of the server and a maintenance window.

If the server does not have SBS 2003 sp1 (the five part service pack) ensure you've budgeted time for that deployment.

A nicely supported server shouldn't need this step.

A really badly/not well maintained one will need lots of updates and might be a decision factor that some use to do a clean install.

Microsoft Small Business Server 2011 - what's in it for you? • Channel Register:
http://www.channelregister.co.uk/2010/12/22/sbs_review/

A few clarifications:

The updated Remote Web App – formerly Remote Web Workplace – is now a SharePoint application that gives access to shared folders as well as email, remote desktop, and the internal web site.

As far as I'm aware... the Remote Web Application is not a SharePoint application, but just a web site.

The wizard for joining client computers to the SBS domain, called Connect Computer, now automatically migrates pre-existing profiles along with their data. It sounds a small detail, but this makes the process significantly smoother for users with existing PCs.

That connect wizard has been able to do that since SBS 2003 as long as they aren't on a domain already.

http://www.asymco.com/2010/12/27/apple-has-accepted-nearly-400000-apps-in-2-5-years/

Half a million apps! 

Yeah…but… me the iphone owner says… how many apps are really good ones and how many are crappy ones or just another means of advertising that pale over time and then become an unused icon on a page.

On my phone the number one app I use is AuthAnvil, a two factor authentication app.  After that it’s Messages, Photos, the Camera, Gas Cubby for keeping track of gas mileage, maps  (and it’s amazing how many times we end up using the best of two out of three phones or gps units as they tend to not agree on locations and directions, but I digress).  Then, okay so I have the Kindle app on there but I really have to be bored to use it as the iphone is too small to read from.  Even Elena Kagan reads court briefs on her Kindle (see http://blogs.abcnews.com/thenote/2010/12/justice-elena-kagan-kindle-over-ipad-and-other-supreme-court-insights.html) but I bet she’s not doing it on her iPhone but on the actual Kindle. 

Then there’s Logmein on my iPhone, better known as iAmReallyDesperateAndMustNotHaveMyLaptopWithMe as it’s really painful to use for remote access.  Scroll, scroll scroll finger expand finger expand… etc.etc….

Maybe Tweetdeck, but only for reading tweets, not posting them.  Sigalert … better known as.. the web page that reminds me why you don’t want to live in Los Angeles… is a web page, not an app. 

When I'm traveling AroundMe is helpful to know what is around me...but when I'm at home I already know what is around me so I don't use it around me.

If I was more into ebay (I'm not) I'd find the ebay app to be of use.  My sister uses it and is one of those annoying people that swoops in at the end of the bidding. 

So for all of those 400,000 apps on the iphone download page, there’s about 395,000 that really aren’t very good.  Of the 5,000 apps that are left, the vast majority of them are games.    

So really.. in the ecosystem of applications that are in a smart phone inventory… honestly?  Is even 1% of those apps ones that you use on a long term regular basis at all times?  Or are the vast majority of them marketing and advertising related that end up on you iPhone for a rainy day that you get bored?

Sure there’s 400,000 apps.. but is the ecosystem of apps filled with really GOOD apps or just a lot of marketing and ‘let’s build an app and get rich quick’ kind of apps?

Can you name me 10 apps that you use DAILY?  A screenful that you do daily?  And are the rest only there for rare use? 

Is that ecosystem of 400,000 apps a really healthy one of GOOD solidly developed applications?  Sometimes I wonder.

I'd recommend that in addition to the backup you do before you migrate - http://technet.microsoft.com/en-us/library/gg563799.aspx that you make sure you do a plain old ntbackup system state backup.

That one backup will save your bacon. 

This is the time of the year that I donate to a site I like...

Krebs on Security:
http://krebsonsecurity.com/

On the right hand side is a paypal button. 

If you like good security information, I'd urge you to donate as well!

Looking for blog resources for "the cloud"?

TalkinCloud | the IT channel's cloud conversation starts here:
http://www.talkincloud.com/
Looks Cloudy - The Future of IT Service:
http://www.lookscloudy.com/

Check out those...

From a conversation that came up on the SBS2k@yahoogroups.com listserve....

http://technet.microsoft.com/en-us/library/gg563792.aspx 

When you get ready to migrate from SBS 2003 to SBS 2011 you need to decide how much you like your SharePoint data or if it's easier to just redo it and redesign it. 

This is the "how much do I really care about SharePoint or do I bail and redesign the SharePoint and just drag that data from the one server to the other" step.

If you care about sharepoint you'd probably already be using Sharepoint v3.

Otherwise if you want the data exactly moved over keeping the metadata of date stamps on the SharePoint you have to install Sharepoint v3, migrate the data from v2 to v3 and then migrate the data from the source servers v3 to SharePoint 2010.

In other words -- ugh.

So the alternative is to park the raw data out and redesign the Sharepoint new on the new server.

In my opinion, it's time to redesign SharePoint and start fresh.

Merry Christmas courtesy of Technet Plus...

http://technet.microsoft.com/en-us/subscriptions/downloads/default.aspx

SBS 2011 looks to now be available to ALL Technet levels

Available to Levels: TechNet Professional (SA); TechNet Professional with Media (Retail); TechNet Professional (Retail); TechNet Professional with Media (VL); TechNet Professional (VL); TechNet Professional (Certified Partner); TechNet for Microsoft Competency Partners; TechNet Plus Consumer Service Professional Pilot; TechNet Standard (VL); TechNet Standard (Retail); TechNet for Action Pack; TechNet Professional (NFR); TechNet Professional (NFR MCT); TechNet Professional (NFR MVP); TechNet Professional (NFR FTE); TechNet Professional (NFR Bundle); TechNet for Microsoft Competency Partners;

From the mailbag tonight...

   I've been very happy with the protection of Microsoft Security Essentials for my Small Business clients of 10 or less.  MSE has detected and removed viruses that other AV software doesn't catch.  However, what do I get for my SBS customers that have more than 10 PCs?  I looked at Forefront End Point 2010 but according to what I've read it requires Microsoft System Center Configuration Manager.  That's way too expensive.  What do you think?  I really like Microsoft's AV software but I need to know how I can get for my SBS networks.  Please help.

I'm right behind you.  I really like Forefront but the System Center Configuration Manager is too expensive and too bloated.  Right now I'm using the interface of the SBS 2008 console (also in SBS 2011) on the network/computer tab to keep track of a/v status.  You can buy "just" the agents and run them unmanaged.  Mind you, you do have to buy Forefront under a 3 year open value contract.  They do not make it easy to buy Forefront, lemme tell you.

But... I might have another solution... something that was just shown to me the other day that looks promising and maybe... just maybe... more SBSized.

http://www.truesec.se/lms/lms/LMS.html

Not yet released, but you might want to email them to get more information.