Windows Swing Migration

Notes from a successful swing migration from Windows 2000 to Windows 2003 of 300 users.

Prep:

• Windows Server 2003 R2 installation disk 2
• On any DC you use, make an MMC console with all the 4 AD MMC’s and DNS MMC in and save to the desktop that can aid this process. (you will need to perform “regsvr32 schmmgmt.dll” at cmd line to get the Schema MMC)

Steps:-

• [OldDC] Check the File Replication Service Event Log to see if there is a error saying that the replica root path has changed from it’s current location to it’s current location. If it has you need to do what it says and put a file with the name NTFRS_CMD_FILE_MOVE_ROOT in the new root path (Which is the path it gives) Then restart the File Replication service, which will put a warning in the event log saying it’s doing it, then you just need to wait until you get the two information messages in the event log saying it’s done
• [OldDC] Put Windows 2000 server in native mode.
  • Active Directory Domains and Trusts snap-in.
  • Right-click the domain you want to convert to native mode, and select Properties.
  • Select the General tab, click Change Mode, as the Screen shows.
• [OldDC] Before you can introduce Windows Server 2003 domain controllers, you must prepare the forest and domains with the ADPrep utility.
  • Place Windows Server 2003 R2 installation disk 2 in the CD drive

  • Drive:\CMPNENTS\R2\ADPREP\adprep.exe /forestprep on the [OldDC] (this is the schema master in your Windows 2000 forest)

  • Drive:\CMPNENTS\R2\ADPREP\adprep.exe /domainprep on the [OldDC] (this is the Infrastructure Master in each AD domain)

• [OldDC] Point DNS to OldDC and TempDC.
• [TempDC] Clean install a Windows 2003 Server (using SBS media) as a workgroup server only.
• [TempDC] Point DNS to OldDC and TempDC. Manually join it to the existing SBS domain, preparing this server as a TempDC.

  • Further information can be found here – http://www.petri.co.il/windows_2003_adprep.htm

• [TempDC] Install DNS, perform DCpromo and designate as a Global Catalog Server. http://support.microsoft.com/kb/313994

• [OldDC] Note DHCP values for configuration on new server.
• Replicate DNS and AD

  • To force AD Replicatation – Active Directory Sites and Services > Sites > Services > Servers > NTDS Settings > Right-click object in right pane – Replicate Now.

• [TempDC] Transfer all FSMO roles to TempDC (Domain Naming, RID,PDC,Infrastructure, Scheme Master)

  • Use ntdsutil http://support.microsoft.com/kb/255504 / http://www.petri.co.il/transferring_fsmo_roles.htm

  • or graphical – http://support.microsoft.com/kb/255690

  • Wait for replication to finish e.g. sysvol share to appear
• [OldDC] DCPROMO the OldDC to a standard member server
• [OldDC] Shutdown and disconnect

• [TempDC] If the DCPromo is unsuccessful, then check and Purge the Active Directory metabase AND DNS of all previous Domain Controllers, Exchange and DNS Server references

  • You may need to read http://support.microsoft.com/default.aspx?scid=kb;en-us;216498 if the demotion is unsuccessful.

• [FinalDC] Clean install Windows 2003 Server just as before, reuse the original SBS Server name and IP.
  • This server will look just like the previous SBS for name, IP, AD, and UNC/URL paths.
  • Point IP DNS to the TempDC and FinalDC
  • Manually join it to the domain.
• [FinalDC] Install DNS, then perform DCpromo, to designate as Global Catalog Server.
• [FinalDC] Replicate DNS and AD. Check the File Replication Event Log to make sure everything is replicating smoothly
• [FinalDC] Transfer all FSMO roles, from TempDC to FinalDC
  • [TempDC] DCPROMO the temp (then purge the Temp DC from DNS and AD is dcpromo isn’t clean)
  • [FinalDC] Change IP DNS settings and remove the TempDC
• [FinalDC] Finish normal SBS Setup using this Server.
• Complete the balance of all Data and shared resources
• Deploy Applications as normal for SBS.

Addendum Further steps after completion for Exchange scenario (not tested) :-

• Complete the balance of migration of Exchange,
• If desired, perform a migration of the intact Exchange Information Store as a direct mount of the previous Information Store as if it were an offline restore.
• Reconnect mailboxes.

Useful commands for checking AD
===============================

dcdiag /test:ridmanager
netdom query fsmo
dcdiag /e /c /v /s:DC_Name /f:c:\dcdiag.log
netdiag.exe /v > c:\netdiag.log
repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt

runPCrun – IT Support for London

Setup OWA redirection

http://support.microsoft.com/kb/555053

OWA Security and Redirection Enabling and enforcing SSL causes users to manually type the https:// portion or they get a 403;4 error page stating SSL is required. Additionally, users must manually add /exchange to the end of the website in order to connect to OWA.

How do I enable SSL and Form-based authentication? How can I automatically redirect requests from the http:// site to the https:// site? How can I automatically redirect the default website to the /exchange virtual directory?

The first step to configuring the server is to first obtain a certificate (purchased from Go Daddy) and assign that certificate to the server. This is performed on the Default Web Site properties, under the Directory Security Tab.

Once the certificate has been added, no additional configuration is needed on the Default Web Site. SSL does not need to be enabled. The following steps detail how to enable SSL, forms-based authentication and redirect the websites.

1. On the properties of the Exchange Virtual Directory, go to the same Directory Security tab and under the Secure Communications area, click on Edit. Choose Require Secure Channel (SSL) and check the box next to require 128-bit encryption. Follow the same steps for the Public Virtual Directory.

2. Now that you have enabled SSL, you can enable Forms-based authentication. Go into Exchange System Manager, and go to the properties of the Default HTTP Virtual Server. Under the Settings tab, check the box Enable Forms-based authentication. Optionally, modify the compression settings. Setting this to High will have the greatest performance improvement to users. Forms-based authentication will allow Exchange to display the OWA logon screen instead of the popup window asking for username and password.

3. Assuming that the only thing IIS does on your Exchange server is OWA, make the following change to redirect requests to the /exchange virtual directory. Open notepad and type the word redirect. Save the file with the name redirect.htm into the default web site directory, (wwwroot in C:\inetpub)

Now go to the properties of this file from within IIS Manager, and under the option The content for this resource should come from: choose A redirection to a URL. In the redirect to: box that is now able to be filled it, type /exchange.

*Note: If you have additional content on the default web site of your Exchange server and/or host other websites, be aware that after completing this step, requests to the default website will result in automatic redirection to the /exchange virtual directory. Make sure that you understand the impact of this change.

4. On the properties of your Default Web Site, go to the Documents Tab. Add redirect.htm to the list of documents, and move it to the top of the list. This ensures that the server checks for the redirect.htm file first and if it finds it, it will execute it.

5. Open up notepad again and paste the following code. Do not modify it. Save the file as owahttps.asp.

<%
If Request.ServerVariables("SERVER_PORT")=80 Then
Dim strSecureURL
strSecureURL = "https://"
strSecureURL = strSecureURL & Request.ServerVariables("SERVER_NAME")
strSecureURL = strSecureURL & "/exchange"
Response.Redirect strSecureURL
End If
%>

6. In Windows Explorer, navigate to the wwwroot folder (x:\inetpub\wwwroot where x is the drive IIS is installed) and create a new folder called owaasp. Place the owahttps.asp file into this directory. Once the directory is created, it should show up in IIS admin. (refresh or Add new virtual Directory seemed to make it appear)

7. The next step is to modify the Custom error for 403;4 (SSL required). Go into the properties of the Exchange Virtual Directory, and go to the Custom Errors tab. Scroll down and find 403;4 and choose Edit Properties. Change the message type to URL and in the URL, type, /owaasp/owahttps.asp.

8. Next, in IIS Admin, go to the properties of the owaasp folder and on the bottom, under the Application Pool, choose exchangeapplicationpool. If the Application Pool is not available, Click the Create button next to Application Name and then you will be able to select the Application Pool.

Once this is configured, requests to http://servername.domain.com will now be redirected to https://servername.domain.com/exchange.

Test this in IE.

runPCrun – IT Support for London

Rebuild DHCP database

If there are a lot of 1010, 1014, 1016 errors in the event log, it may be due to a corrupt DHCP database. You can recreate it by doing the following:

• Admin tools > DHCP

• Select the server

• Action > Backup to somewhere

• Action > Restore from that backup

• Properties > Advanced > Credentials then enter the admin username, domain and password

• Then restart the DHCP Server service and check the event logs

Or do it manually :

• Note down all settings for DHCP server
• Unauthorize and delete scope
• Stop DHCP server service
• Rename C:\WINDOWS\system32\dhcp\dhcp.mbd to dhcp.mdb.old
• Restart DHCP server service
• Recreate scope, activate and authorize

• Run netsh dhcp server set dnscredentials username domain password

Possible causes of this are :

• Out of disk space
• Indexing service scanning directory C:\WINDOWS\System32\dhcp
• Antivirus scanning directory C:\WINDOWS\System32\dhcp

runPCrun – IT Support for London

“Incompatible product on line”

We’ve come across this situation twice, and it’s quite ridiculous. We are trying to

When ordering ADSL or moving ADSL, if BT say there is “an incompatible product on the line” and the customer calls BT Retail, do not be fobbed off with excuses that they can’t tell you what it is and accept their statement that “it’s the new ISP’s responsibility to get it removed.”

• The new ISP does NOT own the contract for the existing PSTN line, so BT Wholesale will not discuss this with them.
• BT Openreach’s position is that “The End User will have to contact their telephone provider (BT Retail) to determine which incompatible product is being supplied on the line.”

They will try to fob you off, leaving you stuck between BT Retail, BT Openreach and your new ISP. Just keep on at BT Retail them down as nicely as possible and if necessary – ask for a supervisor.

runPCrun – IT Support for London

ActiveSync and iPhone

• iPhones and ActiveSync should just work out of the box if you’ve got OWA working as it uses HTTP/HTTPS

Setup

• On the iPhone go to Settings > Mail and Contacts > Add account

• Select Exchange
• Fill in the info and hit next
• Wait for it to complain and fill in the server address box that is now there
• Done! (In theory)

Problems

• If it doesn’t work and you’re only getting the Inbox folder showing, check the password as it’s very easy to mistype

• The exchange-oma directory in IIS can go missing (usually after installing RPC over HTTP) You can use method 2 in this KB article to get it back: http://support.microsoft.com/kb/817379

• Temp directory needs to have full permissions for the users (Adding everyone to the permissions is the easiest way) otherwise it will fill the directory with lots of .tmp files, w3wp.exe will eat lots of CPU and it won’t work correctly.

runPCrun – IT Support for London

Blackberry Problems

No email due to poor reception

If the blackberry has ‘gprs’ (without the capital letters) it is in ‘Sleeping gprs’; this indicates that service exists but your device cannot register on it. Try restarting the handset or the radio or moving to somewhere with better reception. Blackberries will not recieve email if they do not have GPRS.

Sync Issues

Unexpected error

• Check recurring events
• Check events with attachments

Also check out How to set up a Blackberry with Exchange (without using Blackberry Enterprise server)

runPCrun – IT Support for London

BT ADSL Settings

Common ADSL router Settings for all ISP’s on the BT network in the UK

• Encapsulation: PPPoA
• Multiplexing: VC Based
• VPI: 0
• VCI: 38

runPCrun – IT Support for London

Andrews and Arnold (AAISP) DNS Servers

• DNS1: 217.169.20.20 (dns1.aaisp.net.uk)
• DNS2: 217.169.20.21 (dns2.aaisp.net.uk)

runPCrun – IT Support for London

What is the runPCrun overflow blog?

There is a simple premise for this blog.

We have an IT support company in London that we already have a successful blog on, yet we also have a lot of information that doesn’t meet the criteria for this blog in one way or another. Either it isn’t ready and we don’t have the time to finish it, or it is only simply tiny excepts of information, or simply isn’t up to the standards we try to keep.

However the information could be useful to some people, so we thought “why keep it hidden away? If it’s useful the Google will show it up”

So this blog is going to be very rough and ready in places due to this fact, but we figure it’ll be better than no information at all for those that land here.

Regards
runPCrun – IT Support for London

DRAC 5 Ports

DRAC 5 Server Listening Ports

Port Number     Function

22*                     Secure Shell (SSH)
23*                     Telnet
80*                     HTTP
161                     SNMP Agent
443*                    HTTPS
623                     RMCP/RMCP+
3668*           Virtual Media server
3669*           Virtual Media Secure Service
5900*           Console Redirection keyboard/mouse
5901*           Console Redirection video

* Configurable port

DRAC 5 Client Ports
Port Number     Function
25                      SMTP
53                      DNS
68                      DHCP-assigned IP address
69                      TFTP
162                     SNMP trap
636                     LDAPS
3269                    LDAPS for global catalog (GC)

runPCrun – IT Support for London