Condividi tramite


SBS 2011 Standard Migrations – Keys to Success

[Today's post comes to us courtesy of Chris Puckett, John Bay and Damian Leibaschoff from Commercial Technical Support]

The purpose of this post is to help you complete your Windows/SBS 2003/SBS 2008 migrations to SBS 2011 Standard successfully on the first attempt. Furthermore, on subsequent posts we will cover documentation and tips to help you recover if you have encountered an issue.

If you are already experiencing a setup failure, please check the post-setup with failures section in our third post of this series SBS 2011 Standard Migration – Keys to Success – Part 3: Post Setup and Common Failures for further troubleshooting information first.

The content on this blog extends on content found here: Prepare your Source Server for Windows SBS 2011 Standard migration.

An older version of this post can be found in: https://blogs.technet.com/b/sbs/archive/2009/02/19/sbs-2008-migrations-from-sbs-2003-keys-to-success.aspx

A. Read through the migration guide before starting.

Understand what setup will do for you and what you need to do manually. Leverage the TechNet Migration Center.

B. Watch the migration video demos and online training.

SBS 2011 Migration Demo and Interview.

C. Join the Small Business Server forum.

You might find an answer to a question you have, seek advice on your migration plan, or simply see what others have encountered that you might not have considered.

D. Practice a migration yourself in a test environment.

This way you know what to expect. This also allows you to test the hardware and verify you have the necessary BIOS updates and drivers.

E. On the Source server, run the SBS 2003 Best Practices Analyzer or SBS 2008 Best Practices Analyzer.

  • Make sure to allow the BPA to get updates when first launching.
  • Resolve any issues reported in the source environment ahead of time.
  • Do not ignore Warnings as they might impact the migrations too.
  • Know that SBS 2003 SP 1 is not the same as Windows 2003 SP 1 or SP 2. See item #4 for an explanation.

F. On the Source server, run the Exchange Pre-Deployment Analyzer.

The Exchange Pre-Deployment Analyzer performs an overall topology readiness scan of your environment and provides you with a list of decisions that need to be made before you deploy Exchange Server 2010.

G. On the Source server, make sure the Active Directory is healthy.

If there is only one DC, make sure the SYSVOL and NETLOGON shares are present. Also, check the File Replication Service event log to see if it is in Journal Wrap. The event below is an example of what to look for.

Event Type: Error
Event Source: NtFrs
Event ID: 13568
Description: The File Replication Service has detected that the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR.

If there are multiple domain controllers in the source environment, force an Active Directory replication between them in Active Directory Sites and Services and verify it is successful.

You can also run the Microsoft IT Environment Health Scanner in the source environment to uncover any AD health issues.

Microsoft IT Environment Health Scanner

An unhealthy Active Directory can result in an SBS 2011 Standard migration installation failure.

H. On the Source server, check the Primary group of the account you will use to install the SBS 2011 server into the domain.

Make sure the Primary group is set to something besides Domain Admins, Enterprise Admins, or Schema Admins. In the properties of the user account, click the Member Of tab, and at the bottom look for the Primary group.

  1. Make sure the Primary group IS NOT : Domain Admins or Enterprise Admins or Schema Admins.
  2. To change it, select Domain Users and click the Set Primary Group button.

I. Make sure the Admin account you are using for the migration has a STRONG password.

Strong passwords must meet the following minimum requirements:

  • Passwords cannot contain the user's account name or parts of the user's full name that exceed two consecutive characters.
  • Passwords must be at least six characters in length.
  • Passwords must contain characters from three of the following four categories:
  • English uppercase characters (A through Z).
  • English lowercase characters (a through z).
  • Base 10 digits (0 through 9).
  • Non-alphabetic characters (for example, !, $, #, %).

J. SBS 2003 must be on a class C subnet (subnet mask of 255.255.255.0).

SBS 2011, like SBS 2008, only supports a Class C Subnet. If your SBS 2003 server is not in a Class C subnet, it can cause communication problems during SBS 2011 Standard migration setup. Please see the following post for supported network topologies in SBS 2008, this applies to SBS 2011 Std.

K. Install the samsrv.dll update from KB 939820 on all Windows 2003 domain controllers in your environment, including the SBS 2003.

939820 Events 1925, 1006, 1645, 1055, 40961 on a Windows Server 2008-based domain controller or error message: "No authority could be contacted for authentication" when you use Remote Desktop Connection.

L. In the source domain, check for the existence of an account named Postmaster.

SBS setup tries to create a Distribution List with the SAM account name of Postmaster. If it already exists on your non-SBS or SBS 2003 source server, you need to rename it on the source server before the migration begins. This should not be very common but some third party anti-spam solutions may configure an account with that name.

M. Check Exchange Server 2003 policies and remove the following ones, if they exist:

  • Existing Mailbox Management policies
  • Duplicate SMTP addresses in recipient policies
  • Invalid SMTP addresses in recipient policies
How to check for Mailbox Management policies:

If you have Exchange 2003 or Exchange 2000 recipient policies that are ONLY Mailbox Manager policies and do not define e-mail addresses (they do not have an E-mail Addresses (Policy) tab), perform the following steps to delete the policies:

  1. In Exchange System Manager, expand Recipients, and then select Recipient Policies.
  2. To verify that a policy is only a Mailbox Manager policy, right-click the policy, and then select Properties. The Properties page must not have an E-Mail Addresses (Policy) tab.
  3. To delete the policy, right-click the policy, and then select Delete. Click OK and then click Yes.

If you have Exchange 2003 or Exchange 2000 policies that are BOTH E-mail Addresses and Mailbox Manager policies (they have both the Mailbox Manager Settings (Policy) tab and the E-mail Addresses (Policy) tab), perform the following steps to remove the mailbox manager portion of the policy:

  1. In Exchange System Manager, expand Recipients, and then select Recipient Policies.
  2. Right-click the policy, and then select Change property pages.
  3. Clear the Mailbox Manager Settings check box, and then click OK.
How to check for duplicate/invalid SMTP addresses in recipient policies:
  1. In Exchange System Manager, expand Recipients, and then select Recipient Policies.
  2. Right-click the policy, and then select E-Mail Addresses (Policy) tab.
  3. Inspect the SMTP Addresses for any that are unchecked. If you find any, place a check in the box or remove that address.
  4. Inspect the SMTP Addresses for any that have an IP address. For instance, @192.168.1.1. If you find any, remove those addresses that contain an IP address.
  5. Click OK.

N. Disable WSUS on Source domain prior to migration.

If you have a deadline set for a Windows 2008 R2 update in WSUS that is past-due, your SBS 2011 Standard setup can fail when the update is automatically installed and the SBS 2011 server is rebooted. Deadlines are not automatically set in SBS 2003 nor SBS 2008 but can be set by the Admin through the native WSUS console. We recommend disabling WSUS on the source server for the duration of the migration. For this, on the source server, open IIS Manager, and stop the “WSUS Administration” site

O. In the source domain, disable anything that may install software on machines added to the domain.

Similar to the point above, your SBS 2011 Standard setup can fail if something outside of it initiates a server restart while it’s in the middle of its setup routine. Things to keep an eye out for:

  • Logon Scripts
  • Group Policy
  • Remote Management Tools
  • Devices like printers that may install a driver that requires a reboot.

P. On the Source server, verify that the SBS organizational units are present.

If the source server is SBS 2003 or 2008, the MyBusiness OU needs to be present and contain the expected sub-containers. To verify:

  1. While logged in as an Administrator, launch Active Directory Users and Computers

  2. Expand your domain and look for an OU named “MyBusiness”

  3. Expand the MyBusiness OU and you should have the following OUs inside:

    image

Q. On the Source server, run the SBS 2011 Migration Preparation Tool.

This tool performs the following actions:

  1. Installs update 943494 on the SBS 2003 server to extend the migration grace period from 7 to 21 days.
  2. Runs ADPREP to update the forest, domain, and group policy object access control entries.
  3. Changes Exchange 2003 from Mixed mode to Native mode.
  4. Adds the Authenticated Users group to the Pre-Windows 2000 security group.
  5. Checks the health of the environment against common migration blockers.

Always select the option to get updates upon launching this tool to make sure you are getting the latest set of health check rules.

More information:
https://technet.microsoft.com/en-us/library/gg563799.aspx#BKMK_RunTheMigrationPreparationTool

2481235 List of rules for the Windows Small Business Server Migration Preparation Tool
https://support.microsoft.com/default.aspx?scid=kb;en-US;2481235

Common Issues:
2542156 SBS 2011 Standard Edition Source Tool Scan Fails
https://support.microsoft.com/default.aspx?scid=kb;en-US;2542156

R. Make a System State Backup of the source server.

For Windows/SBS 2003:
https://technet.microsoft.com/en-us/library/cc781353(WS.10).aspx

For Windows/SBS 2008:
https://blogs.technet.com/b/sbs/archive/2008/10/13/system-state-backups-and-sbs-2008.aspx

S. Do not make any changes on the network.

From now until the SBS 2011 Standard migration setup is complete, do not make any changes on the network. This is not a good time to be doing any of the following:

  • Changing passwords
  • Installing Software
  • Removing Domain Controllers
  • Changing out the network hardware
  • Restoring servers
  • Rebooting domain controllers
  • Re-wiring the network

T. For virtual installations of SBS 2011 Standard, verify the time zone of the parent and guest match.

Time zone of Hyper-V host: _________________________________

When installing SBS 2011 Standard as a Hyper-V guest, make sure to set the time zone to the one you noted in the field above.

U. Check the "Log on as Batch job" user right assignment on the Default Domain Controllers group policy.

Launch gpmc.msc
Expand Forest, Domains, your domain, Domain Controllers, and select the Default Domain Controllers Policy.
Click on the Settings tab and expand Computer Configuration, Policies, Windows Settings, Security Settings, Local Policies/User Rights Assignment
Find the "Log on as batch job" right, and make sure that you have an entry for BULTIN\Administrators

If you don't have that entry, do a right-click edit on top of the policy on the left pane, navigate to the location you just checked and edit the right to add the missing value.

Second Part: SBS 2011 Standard Migrations – Keys to Success – Part 2: The Setup Phase

Comments