• Home
  • Consulting
  • Contact Us
    • About this site
    • Contact Wayne
    • Media Room
    • Wayne’s Bio

SBSFAQ.COM

Supporting IT Pro's & MSP's since 2000

  • Blog
  • FAQs
  • Reviews
  • Downloads

How to mess up your network with virtualisation

May 22, 2009 by Wayne Small 1 Comment

Got a call from a friend yesterday. He had some problems with his network which essentially revolved around Active Directory being messed up. The exact details are a little unclear, but the long and short of it was that around a week back, their main DC had some hardware problems so they resolved it by transferring the system over to Hyper-V (not sure how they did this either). The AD problems continued and they dug deeper. Along the way (and I don t know where/when) they decided to DCPromo two of their non virtualised DC s down to member servers (one of them was their exchange server). Problems persisted. I was asked to look into it some more and found a few things. Netdiag was reporting all kinds of problems with DNS (which was AD integrated), and in the event logs for Directory Service we found just one error which suggested that they were in a USN Rollback scenario. USN Rollback scenarios are discussed here http://support.microsoft.com/?kbid=875495 .

The USN is an internal number that allows domain controllers to track where they are at with respect to replication of Active Directory information. If a DC detects that it has rolled back then it will stop replicating information to other DC s. It will also put the NETLOGON service into a paused state. It does this to protect the rest of the network. Ok so my friend being a developer (and having a couple of developers with him) saw the NETLOGON service was paused, so what did they do? They wrote a script to restart the NETLOGON service so it would not pause. Sheesh NEVER LET A DEVELOPER RUN YOUR NETWORK. 🙂

Ok so the way to fix a USN Rollback is to dcpromo the affected server down and then back up to a domain controller OR restore a system state backup. Only problem was that this was there last DC, and I was uncertain of the last system state backup. It turned out that it was only done AFTER they moved the virtualised DC from physical into virtual. Ouch. Digging deeper it follows that they did some form if image backup on the physical system while it was live unsure of what tool was used, but doing something like this is NEVER a good idea in a multiple domain controller environment.

It s now a few days since I started writing this blog post and my friend has had to accept defeat. He finally bit the bullet and called MS for support their only responses were as above restore the AD from backup which he didn t have a good backup of at all. He had to accept that he needed to rebuild his entire domain from scratch.

What caused it? Well I suspect that the way he moved the physical DC into a virtualised environment was the start of the problems. Not ensuring he had good / tested backups along the way was also part of the problem. Not calling on experienced resources early in the piece was a big problem too.

Long story short Microsoft have said that they don t support imaging of DCs live there are reasons behind that DON T DO IT. If you are out of your depth CALL FOR HELP. Backups are useful during a problem situation you can NEVER have too many of them.

Share this:

  • Click to share on Facebook (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to print (Opens in new window)

Filed Under: Blog Tagged With: Troubleshooting

About The Author

Wayne has been working with Microsoft Server products in the SMB market for over 20 years. He has a passion for technology and been a Microsoft MVP for over 15 years. Read More…

Comments

  1. Felix Burkhard says

    May 26, 2009 at 6:28 am

    Hi Wayne
    Thanks for your warning – however, I am facing a SBS 03>08 migration where we will need to use the same hardware. I was planning to take a snapshot of the 03 server and restore it onto a temporary (virtual?) server. Then build the existing server with 08. How do you propose to do this step, if you can’t snapshot a DC?
    Regards
    Felix

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Search

Connect Online With Us

  • Facebook
  • Twitter

Reviews

Splashtop – Cost Effective Remote Control Software

September 22, 2017 By Wayne Small 2 Comments

Western Digital DL4100 NAS

March 3, 2015 By Wayne Small Leave a Comment

SBS 2011 Configuring Certification Guide (70-169)

August 7, 2012 By Wayne Small 4 Comments

Site News

Exchange Bug Stops Mail Delivery in 2022

January 2, 2022

Huge bug found in Intel CPU that could permit hackers to steal your data

January 4, 2018

Recent Posts

  • MS Exchange Zero Day and RemotePowerShell Disabling on Admin accounts
  • Setup changes for Exchange 2016 and Exchange 2019
  • Bluetooth Mouse and Keyboard Randomly Stop Responding
  • Exchange Bug Stops Mail Delivery in 2022
  • How to open and search extremely large text log files

Tags

Antivirus Backup Business Focus Cloud Computing Community Conferences Disaster Recovery Exchange 2010 Exchange Server Future Products Hyper-V Installation Microsoft Migration Patches Personal Rants SBS 4.5 SBS 2000 SBS 2000 SP1 SBS 2003 SBS 2003 Premium SBS 2003 R2 SBS 2003 R2 Premium SBS 2003 R2 Standard SBS 2003 SP1 Premium SBS 2003 SP1 Standard SBS 2003 Standard SBS 2008 SBS 2008 R2 SBS 2011 SBS 2011 Essentials SBS 2011 Standard Security Service Packs ShadowProtect SMB Community Software Software I use StorageCraft Training TrendMicro Troubleshooting Virtualisation Windows Server 2012 Essentials

Terms of Use

Privacy Policy

Copyright © 2023 · Magazine Pro Theme on Genesis Framework · WordPress · Log in