[Today’s post comes to us courtesy of Ajay Sarkaria, Rituraj Choudhary, Harshal Charde and Sandeep Biswas from Global Business Support]
The purpose of this post is to help you successfully migrate from a previous Windows Server SKU, Small Business Server SKU, or a Windows Server Essentials SKU current in Product Lifecycle to Windows Server 2012 R2 Essentials.
If your business has up to 25 users and 50 devices, you may migrate to Windows Server 2012 R2 Essentials. If the count extends up to 100 users and 200 devices, to use the features empowered by Windows Server Essentials role, you must migrate to the Standard or Datacenter editions of Windows Server 2012 R2 and install the Windows Server Essentials Experience (ServerEssentials) role.
The content on this blog extends from the content found at Prepare your Source Server for Windows Server 2012 R2 Essentials migration. Use the following annotated checklist to keep you on track.
1. Read through the Migration Guide before starting.
Understand what setup will do for you and what you need to do manually.
2. Get hands-on experience with our Technical Training Series.
3. Join the Windows Server Essentials Forum.
You might find an answer to a question you have, seek advice on your migration plan, or simply see what others have encountered that you might not have considered.
4. Practice a migration yourself in a test environment.
This way you know what to expect. This also allows you to test the hardware and verify you have the necessary BIOS updates and drivers.
5. On the Source server, run the Best Practices Analyzer(s).
- Run the Best Practice Analyzer for the respective components, whether you are migrating from Windows Server or Windows Server Essentials or Small Business Server.
- Make sure to allow the BPA to get updates when first launching.
- Resolve any issues reported in the source environment ahead of time.
- Do not ignore Warnings as they might impact the migrations too.
- Know that SBS 2003 SP 1 is not the same as Windows 2003 SP 1 or SP 2.
- If you’re migrating from Windows Small Business Server 2003 or Windows Server 2003, delete the Log on as a service account setting from Group Policy.
6. Plan your Messaging Deployment options.
- If your source domain has Exchange Server installed, depending on the source Exchange Server version, you will have to plan the future deployment of Exchange Server or Office 365.
- Windows Server 2012 R2 Essentials supports integration of On-Premises Exchange server or an Integration with Office 365 Subscription.
- Compare Office 365 for business plans
7. On the Source server, make sure the Active Directory is healthy.
If there is only one DC, make sure the SYSVOL and NETLOGON shares are present. Also, check the File Replication Service event log to see if it is in Journal Wrap. The event below is an example of what to look for.
Event Type: Error
Event Source: NtFrs
Event ID: 13568
Description: The File Replication Service has detected that the replica set “DOMAIN SYSTEM VOLUME (SYSVOL SHARE)” is in JRNL_WRAP_ERROR.
If there are multiple domain controllers in the source environment, force an Active Directory replication between them in Active Directory Sites and Services and verify it is successful.
You can also run the Microsoft IT Environment Health Scanner in the source environment to uncover any AD health issues.
An unhealthy Active Directory can result in Windows Server 2012 R2 Essentials migration installation failure.
8. On the Source server, check the Primary group of the account you will use to install the Windows Server 2012 R2 Essentials server into the domain.
Make sure the Primary group is set to something besides Domain Admins, Enterprise Admins, or Schema Admins. In the properties of the user account, click the Member Of tab, and at the bottom look for the Primary group.
- Make sure the Primary group IS NOT: Domain Admins or Enterprise Admins or Schema Admins.
- To change it, select Domain Users and click the Set Primary Group button.
9. Make sure the Admin account you are using for the migration has a STRONG password.
- Strong passwords must meet the following minimum requirements:
- Passwords cannot contain the user’s account name or parts of the user’s full name that exceed two consecutive characters.
- Passwords must be at least six characters in length.
- Passwords must contain characters from three of the following four categories:
- English uppercase characters (A through Z).
- English lowercase characters (a through z).
- Base 10 digits (0 through 9).
- Non-alphabetic characters (for example, !, $, #, %).
10. Install the samsrv.dll update from KB 939820 on all Windows 2003 domain controllers in your environment, including the SBS 2003.
939820 Events 1925, 1006, 1645, 1055, 40961 on a Windows Server 2008-based domain controller or error message: “No authority could be contacted for authentication” when you use Remote Desktop Connection.
11. Disable WSUS on Source domain prior to migration.
If you have a deadline set for an update in WSUS that is past-due, your Windows Server 2012 R2 Essentials setup can fail when the update is automatically installed and the Windows Server 2012 R2 Essentials is rebooted. We recommend disabling WSUS on the source server for the duration of the migration. For this, on the source server, open IIS Manager, and stop the “WSUS Administration” site.
12. In the source domain, disable anything that may install software on machines added to the domain.
Similar to the point above, your Windows Server 2012 R2 Essentials setup can fail if something outside of it initiates a server restart while it’s in the middle of its setup routine. Things to keep an eye out for:
- Logon Scripts
- Group Policy
- Remote Management Tools
- Devices like printers that may install a driver that requires a reboot.
13. Make a System State Backup of the source server.
- We recommend a full backup of the source, however at least a system state backup of the source server is required to recover from any failures that may be encountered during the migration.
- We recommend you use native Windows Server Backup.
14. Do not make any changes on the network.
From now until the Windows Server 2012 R2 Essentials migration setup is complete, do not make any changes on the network. This is not a good time to be doing any of the following:
- Changing passwords
- Installing Software
- Removing Domain Controllers
- Changing out the network hardware
- Restoring servers
- Rebooting domain controllers
- Re-wiring the network
15. Check the “Log on as Batch job” user right assignment on the Default Domain Controllers group policy.
- Launch gpmc.msc
- Expand Forest, Domains, your domain, Domain Controllers, and select the Default Domain Controllers Policy.
- Click on the Settings tab and expand Computer Configuration, Policies, Windows Settings, Security Settings, Local Policies/User Rights Assignment.
- Find the “Log on as batch job” right, and make sure that you have an entry for BULTINAdministrators
If you don’t have that entry, do a right-click edit on top of the policy on the left pane, navigate to the location you just checked and edit the right to add the missing value.
16. Start the Migration Process
Depending on the Target Operating System edition, Follow one of the below blogs:
- Deploying Windows Server 2012 R2 Essentials in an Existing Active Directory Environment
- Deploying Windows Server 2012 R2 Standard/Datacenter with Windows Server Essentials Experience role in an Existing Active Directory Environment
On subsequent posts we will cover documentation and tips to help you recover if you have encountered an issue during or post migration.