Announcement

Collapse
No announcement yet.

Virtualized SBS 2000 Server Issue

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Virtualized SBS 2000 Server Issue

    Hello all..

    Here is a brain teaser for you VMWare/Server Guru's.

    I'll start off with a quick rundown of my current network setup:

    1. Fedweb is our SBS 2000 server (runs Exchange 2000, ISA 2000, DNS, no wins)
    2. FB-2k1 is our Windows 2000 Server (running SQL 2000, and where our user profiles are stored, and able to unlock network users when they lock themselves out).

    Recently we decided to go Virtual for DR purposes and backups primarily for our SBS 2000 server (Fedweb)

    After installing the VMWare Converter program on our SBS 2000 server i was able to successfully create a virtual image of our SBS 2000 server. After booting up that Virtual Image on our ESX server I found that everyone can log into the network, grab their profiles and continue on doing their jobs. Email worked like nothing changed, Exchange 2000 IM was a bit goofy, but a quick change fixed that, and everyone was able to access the internet and sites they use. (we use ISA to block all traffic but approved websites, cheap and easy to admin).

    Seeing that everything was fine, I went back down to our Data Center where our Windows 2000 server (FB-2k1) is located and then seen an issue that I cannot figure out.

    1. When I tried to log into FB-2k1 as administrator it stated that I could not access my desktop (profile issue I thought), but further inspection file replication was not working and was unable to connect to any UNC share name or directly typing the SBS 2000 server IP address\c$ to even get to it's C: drive.

    The strange thing is that Fedweb (our Virtualized SBS 2000 server) can access any shared folder on FB-2k1 (our Win2k Server) without any errors or such. Try from Fb-2k1 to Fedweb and the errors above kept coming up..

    I have rebooted FB-2k1 then re-login, but still access was denied. So for the time being I disconnected our ESX Server from the network after shutting it down, plugged in our old SBS 2000 box and everything is fine again.

    Would I need to DCPromo our Win2k Server down to a workstation and back up to a DC again to fix this issue? like I said everyone can login, grab their profiles, etc, but file replication, etc between Fedweb (SBS2000 virtual server) and FB-2k1(win2k server) stopped working when running the virtual SBS2000.

    I am leaning towards the NIC card change being the issue, but cannot confirm as endless search's didn't provide answers.

    thanks everyone..

  • #2
    Re: Virtualized SBS 2000 Server Issue

    No one with at least an idea what to checkout?

    Comment


    • #3
      Re: Virtualized SBS 2000 Server Issue

      You shouldn't be seeing these issues and you definitely shouldn't have to DCPROMO your DC. Don't go down that road.

      Speaking of which, what box is your Active Directory domain controller? I wasn't getting that from your post.

      You mentioned replication wasn't working. Troubleshoot that using conventional methods (looking at event logs, kb articles, etc.) and forget the fact that you're server is virtualized. Assume you're having the problem on a physical server (even though you actually are not).

      Your NIC MAC address will have changed during the P2V process but unless you're doing something extraordinary with ISA Server, that shouldn't be causing the problem.

      BTW...
      What version of ESX are you using?

      What version of Converter did you use? Hopefully the newest. Earlier versions were buggy to say the least.
      VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
      boche.net - VMware Virtualization Evangelist
      My advice has no warranties. Follow at your own risk.

      Comment


      • #4
        Re: Virtualized SBS 2000 Server Issue

        I am sorry to say but converting Domain Controllers (your SBS server) to a vm and then trying to work with it it not a good idea.

        I have only once in the past 3 years successfully p2v'ed a DC (and that was after struglling for more than 3 days to get the thing working...)

        If you have an option on installing this differently then I would.

        What you most probably are seeing is issues with domain computer accounts and Kerebros trusts between Server and the "DC".
        Maish
        ----------------------------------------------------------
        Technodrone|@maishsk|Author of VMware vSphere Design
        VMware vExpert 2013-2010,VCAP5-DCA/DCD,VCP
        MSCA 2000/2003, MCSE 2000/2003
        A proud husband and father of 3 girls
        ----------------------------------------------------------
        If you find the information useful please don't forget to give reputation points sigpic.

        Have a good one!!

        Comment


        • #5
          Re: Virtualized SBS 2000 Server Issue

          My experience is different. I have three Domain Controllers as VMs and have been running fine for a few years. One of my domain controllers that is virtualized is in Tel Aviv, Isreal separated by simulated minimal bandwidth to help with my Active Directory site simulations. (I throttle the bandwidth using VMware)

          I have heard a few rumors on this forum of problems running Domain Controllers on VMs but with no substantiated reasoning as to why. I consider it a myth.

          My 2 cents.
          VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
          boche.net - VMware Virtualization Evangelist
          My advice has no warranties. Follow at your own risk.

          Comment


          • #6
            Re: Virtualized SBS 2000 Server Issue

            Originally posted by jasonboche View Post
            You shouldn't be seeing these issues and you definitely shouldn't have to DCPROMO your DC. Don't go down that road.

            Speaking of which, what box is your Active Directory domain controller? I wasn't getting that from your post.

            You mentioned replication wasn't working. Troubleshoot that using conventional methods (looking at event logs, kb articles, etc.) and forget the fact that you're server is virtualized. Assume you're having the problem on a physical server (even though you actually are not).

            Your NIC MAC address will have changed during the P2V process but unless you're doing something extraordinary with ISA Server, that shouldn't be causing the problem.

            BTW...
            What version of ESX are you using?

            What version of Converter did you use? Hopefully the newest. Earlier versions were buggy to say the least.
            Just for info:

            SBS2000 server (Fedweb) is our primary server in our 2 server setup.

            Here is the netdom readout

            U:\>netdom query /domain:fednet fsmo
            Schema owner fedweb.fedweb.intranet.local
            Domain role owner fedweb.fedweb.intranet.local
            PDC role fedweb.fedweb.intranet.local
            RID pool manager fedweb.fedweb.intranet.local
            Infrastructure owner fedweb.fedweb.intranet.local
            The command completed successfully.

            The version used of the converter is (VMWare Converter 3.0.2u1 build-62456 )

            As for ISA 2000 (On the SBS2000) the only thing I am doing there is blocking all websites except the ones that are manually entered into an "Approved list".

            SBS2000 is in one subnet (10.3.129.4)
            W2k Server is in another subnet (10.3.128.1
            They are connectied between cities via a WWAN (40mb+/-)

            Here are some of the event logs from Fb-2k1 (W2k server 10.3.128.1 after we virtualized Fedweb (SBS2000 server) and FB-2k1 couldn't connect.

            Event Type: Warning
            Event Source: NtFrs
            Event Category: None
            Event ID: 13508
            Date: 5/28/2008
            Time: 2:21:27 AM
            User: N/A
            Computer: FB-2K1
            Description:
            The File Replication Service is having trouble enabling replication from FEDWEB to FB-2K1 for c:\winnt\sysvol\domain using the DNS name fedweb.fedweb.intranet.local. FRS will keep retrying.
            Following are some of the reasons you would see this warning.

            [1] FRS can not correctly resolve the DNS name fedweb.fedweb.intranet.local from this computer.
            [2] FRS is not running on fedweb.fedweb.intranet.local.
            [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.

            This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
            Data:
            0000: 21 07 00 00 !...


            Event Type: Warning
            Event Source: NTDS KCC
            Event Category: Knowledge Consistency Checker
            Event ID: 1566
            Date: 5/29/2008
            Time: 4:08:50 PM
            User: N/A
            Computer: FB-2K1
            Description:
            All servers in site CN=Washington,CN=Sites,CN=Configuration,DC=fedweb, DC=intranet,DC=local that can replicate partition CN=Configuration,DC=fedweb,DC=intranet,DC=local over transport CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=fedweb,DC= intranet,DC=local are currently unavailable.

            Event Type: Error
            Event Source: NTDS KCC
            Event Category: Knowledge Consistency Checker
            Event ID: 1311
            Date: 5/29/2008
            Time: 4:08:50 PM
            User: N/A
            Computer: FB-2K1
            Description:
            The Directory Service consistency checker has determined that either (a) there is not enough physical connectivity published via the Active Directory Sites and Services Manager to create a spanning tree connecting all the sites containing the Partition CN=Configuration,DC=fedweb,DC=intranet,DC=local, or (b) replication cannot be performed with one or more critical servers in order for changes to propagate across all sites (most often due to the servers being unreachable).

            For (a), please use the Active Directory Sites and Services Manager to do one of the following:
            1. Publish sufficient site connectivity information such that the system can infer a route by which this Partition can reach this site. This option is preferred.
            2. Add an ntdsConnection object to a Domain Controller that contains the Partition CN=Configuration,DC=fedweb,DC=intranet,DC=local in this site from a Domain Controller that contains the same Partition in another site.

            For (b), please see previous events logged by the NTDS KCC source that identify the servers that could not be contacted.


            After seeing that I was able to ping fedweb.fedweb.intranet.local just fine. and an NSlookup found it as well (did both of these from fb-2k1 (W2k server). I cannot reproduce those right now as we had to hook our non virtualized Fedweb (sbs2000 server) at the time and have not had our Viritual SBS running since then.

            Nothing was changed on the SBS2000 server when it was virtualized.. so some of these errors to me are faulty and points to something else, but as to what that is.. I am not sure.
            Last edited by Brian_G; 6th June 2008, 14:43.

            Comment


            • #7
              Re: Virtualized SBS 2000 Server Issue

              One thing (important now I think about it).. is that the SBS2000 virtual server's time was off when we booted it up in ESX.

              After setting the time on the SBS2000 and TS'ing into the W2k Server and making the times exact down to the mili second, the issue of the W2k not being able to connect to the virtual SBS2000 was still there...

              Perhaps there is more to this.

              Comment


              • #8
                Re: Virtualized SBS 2000 Server Issue

                Our Virtual SBS2000 is working now.

                Step1. Install latest VMWare Converter program. 3.0.3 (? was one I used) -reboot
                Step2. Turn off all Exchange/ISA/SQL and also Disable/Turn off any Intel services
                Step3. Run VMWare Converter and set settings how u want, etc.
                Step4. AFter Virtual SBS2000 Starts up, reconfigure Nic(s) (I had internal and external - dual homed).
                Step5. Restart server.


                We had some minor issues, but everything working good... Exchange Instant messenger is acting a bit goofy (i.e. users are not auto added to list when they sign on, etc. renamed the c:\program files\exchange\imdata folder restarted WWS service - that didn't fix it.

                Now thinking that our SBS2000 server [fedweb] has DNS records for itself for both of the nics -10.3.129.4 (internal interface) and 10.10.10.1 (external Interface) is the reason why the Instant message lists are not auto-updating when people login or log off instant message..

                Any thoughts on that would be helpful though.. that is the only thing not working like it did before the Conversion.

                Comment

                Working...
                X