Subscribe Feed (RSS)SBS2008 Migration: Active Directory replication is taking longer than expected.
December 25th, 2008 by Paul Sterley | Filed under Migration, Not in the Windows Box, Windows Server.Scenario: You are doing an SBS 2008 Migration from an SBS 2003 domain. You’ve created your answer file, you’ve gotten partway through setup, but it seems to sit forever at this screen:
Eventually, you get this pop-up dialog telling you at it is taking longer than expected, and asking if you want to keep waiting.
What now? Maybe you’ve clicked the yes button once or twice already and waited another 20 minutes with no positive results.
Well, this is what happened to me, and I’ll tell you what I found out about it. Your situation may be different, but check out what I found out, and look for it in yours. If it matches, you might want to give it a try. Hopefully you have a good backup.
After sitting at this screen for way too long, I decided to do some digging. I sent a ctrl-alt-del to the SBS 2008 server and brought up the Task Manager. From there, I opened a CMD prompt, and found my way to C:\Program Files\Windows Small Business Server\Logs. I copied the file to a UNC share on the source SBS server to read it (but you can just use the “type” command in the CMD window and read the last few lines if you want).
The last few lines looked like this:
[3212] 081225.202335.1592: Task: There are 0 pending replication operations. [3212] 081225.202335.2530: Setup: Attempting LDAP bind. [3212] 081225.202335.2530: Setup: Bind failed with: A local error occurred. [3212] 081225.202335.2530: Task: Waiting for replication to finish
That sequence repeated a few times. Definitely the choking point. I googled the hell out of that, and only found one item that looked remotely relevant. That guy was having the same symptom. He solved his problem by throwing away his SBS2003 domain and starting from scratch.
After MUCH digging, rebooting, retrying, and other things that I will spare you the pain of, I typed “eventvwr” at the CMD prompt, and looked through the event logs. I found, among other things, this event:
Source; GroupPolicy
Event ID: 1006
The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller (LDAP Bind function call failed).
Now we’re getting somewhere. I found numerous search results for that one, including a forum where some guys had this error, received a hotfix from Microsoft, and the problem went away. Apparently the problem is caused if you have ever done an authoritative restore on your 2003 domain. When that happens, the msDS-KeyVersionNumber property from the user object “krbtgt” is increased. Windows Server 2008 is not expecting this. Any 2008 DCs that are added to this domain have trouble binding to LDAP and authenticating to AD because of this.
There is a Microsoft KB article about a seemingly completely unrelated topic, with a hotfix link available for download. Microsoft PSS sent these guys this hotfix, and it made that problem go away. It needs to be installed on all Windows 2003 DCs.
I am doing this upgrade on a virtual server, I have a snapshot, so I figured “What the heck, let’s try it!” and downloaded the hotfix. I ran it on my SBS 2003 server, and said No to the reboot. Lo and Behold, my SBS 2008 migration is proceeding past the error point! It’s looking good!
Use this fix with caution. Your mileage may vary. Make sure you have backups and/or a snapshot before you do it. Best of luck!
Tags: Group Policy, Hotfix, LDAP, Migration, SBS 2008
You sir, are the man. I was having exactly the same problem, but during the install my AD was trashed and I had to restore the system state.
Tried again, same problem. Installed the fix linked to in your post and BAM, the installer continued past the point it had been stopping at.
Now I just have to find out why Exchange 2007 wouldn’t install.
Once again, thanks for your help!
Shane:
You’re most welcome. Thanks for leaving feedback! It’s good to know others are getting some benefit from my struggles.
Hi Paul
Thank you very much! I was having the same problem with the dialog popping up saying that replication is taking too long!
My solution to the problem was for different reasons (problems with File Replication Services) and slightly more complex, however your idea about looking at the entries in Event Viewer and SBSSetup.log helped me resolve the problems!
Scary that even though I had followed the Microsoft SBS Migration guide right down to every last step I encountered countless problems!
Thank you very much once again!
Ivan
You’re most welcome! Any time you join a new DC, especially one with a different OS, there are bound to be some systems that have replication problems. It’s understandable that MS wants this process to appear streamlined, but they really should have supplied some links in the “is taking longer than expected” page to help people with troubleshooting.
Tried this, didn’t work for me. Still would hang at the same point.
To Ivan: I have some errors about FRS not being able to replicate properly - was this what you were getting? Also, if it was, can you post your solution? Thanks!
Hi bbq
Well, my problem was that FRS was disabled and stopped on my 2003 box (don’t ask me why, certainly not something I did). Upon enabling it I found it was throwing some errors, which I picked up in Event Viewer. I read the KB article on how to fix those errors, restarted FRS and everything worked fine after that.
I doubt you are experiencing the same problem. The idea here is to hit CTRL+ALT+DEL on the 2008 box start task manager, event viewer and cmd. After which you can look at SBSSetup.log and Event Viewer and see what errors are being reported and act upon them.
Paul, I agree, I am just so glad I was patient and I kept clicking yes on the replication is taking longer than expected, do you want to wait box.
Had the same issues but the hotfix didnt work I changed the DNS on the SBS2008 box by hitting ctrl alt del and starting explorer and changing the dns on the nic to itself. went through fine after that.
thank you. You saved me alot of Googling!
[...] Yes. I was also facing the same problem. So, I followed the method which is explained in the below article. It worked for me. So, you also give a try. Hope, it may help you also. SBS2008 Migration: Active Directory replication is taking longer than expected. [...]
I was having the same issue- turned out to be a much simpler fix- The dual nic system had the static from the answer file on the nic that was not plugged in. (we had a 50/50 chance getting it right) swapped cables with the NIC and it worked. I then disabled the other NIC. Strange thing is - the first NIC got a DHCP address and set the DHCP address as secondary DNS and primary was the existing SBS 2003 server- so it worked fine at first.
Hey, that’s a good one. I’ll have to remember that.
We’ve had the same problem today whilst using the Swing Migration route and found that the problem to be that we had our TEMPDC (SBS 2003 box) to be pointing to the router for it’s DNS. Once we changed this back to 127.0.0.1 the installation progresses!
I ran into another scenario like this today.
I suspect that the issue was caused by the servers being out of time sync. Once I got them in sync, I did get them to replicate, but SBS 2008 was still not happy.
The SBS setup logs indicated that it was unhappy because the “nltest /dsgetdc:dzns.local” command returned the SBS 2003 server name instead of the SBS 2008 server name. In short, it was unhappy because SBS08 was not being recognized as the primary domain controller yet.
The reason it was not being recognized as a DC is because NTFRS (File Replication Service) had not yet made a replica of the SYSVOL folder and created the SYSVOL share. It had tried, and it had gotten an “Access is denied” error (Kerberos failure) because the clocks were out of sync. I suspect it would have gotten there eventually once I fixed the clock, but I jump-started that process by using a “net stop ntfrs & net start ntfrs” command on SBS08, whereupon it replicated the SYSVOL folder, and created the share.
Then the SBS migration proceeded smoothly.
Paul thank you so much for posting this, and thanks to the others that have contributed to this discussion!
Same symptom and like others it was NTFRS error on the source server that were the issue. I corrected those using the instructions in event viewer (wow! they actually worked) for the NTRFS error. I had to manually add the registry value for the NTRFS rebuild.
Guys, thanks a million! I am stuck out at a client’s shop right now and this saved the day!
Great article. It helped me track down the follwoing error:
The File Replication Service had a “Journal Wrap Error” on my source DC. To my surprise, the error in the event log gave precise instuctions on how to set a registry key to add/remove the source DC for replication and after having cleaned up the error, the migration continued on! It also mentioned some issue with SYSVOL…
I had already installed the hotfix so I am not sure if that also was part of the problem, but bottom line is check the SBSSetup.log on the destination DC and check the Event Logs on the source DC.
Thanks again!
My problem was that File Replication Service was turned off. Once turning on I had the same issue Salomon describes. Again following the instructions provided by the event viewer proved to solve my issues.
I did NOT install the hotfix before restarting the replication service so I can say it may not be required in all instances.
I would have been clicking Yes for days had it not been for this post!
Thanks!
Yes, the hotfix is only necessary for the specific scenario where an authoritative restore was done at some point on the 2003 server. It seems there are a number of problems which can cause this symptom, and we’re building a good respository of them here. Thanks to everyone who has posted their results. It’s very helpful!
This page saved the day for me, my very poorly SBS2003 system is on it’s last legs and the migration had got stuck at the Active Directory point. I had to apply both the hotfix and the replication registry key and all is good. Many thanks to the OP and those who discovered the replication fault.
Thank you Paul and Co. This is the only useful information I found relating to this issue. The Microsoft patch helped mye in my migration from Server 2003 to SBS 2008 after a bodged upgrade by the previous IT guy from SBS 2003. Thanks again
I found that I hade to disable all NIC’s but the One I wanted to Use. Then I noticed the dns was incorrect set all to dhcp and all is good.
Thanks everyone. I had the same problem, just sitting there waiting for the replication to complete. Checking the NTFRS logs on the source server showed a journal wrap error. I created new registry DWORD HKLM\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Enable Journal Wrap Automatic Restore and set value to 1. Restarted NTFRS service on source and waited about 10 minutes. The SBS Migration continued without any intervention on the destination server. Happy Days!
Thanks Paul the hotfix worked for us!
To anyone wondering, we only had to install the hotfix on our old 2003 sbs while the 2008 setup was still running.
We didn’t reboot the 2003 or the 2008 sbs. It simply started trucking on after the hotfix had been installed on 2003.
Also if you want to see the log files you should be able to use the UNC path to access the C$ share of your new 2008 SBS even while it’s still setting up. No need to ctrl+alt+del.
UGH I am having this problem but the log file is point to it being a CA issue…NO clue on this one…anyone?
I had the same problem with NTFRS replication “Journal Wrap Error”. The information in this site will put you on the right track for troubleshooting. Great insight guys - thanks!
All I did was go to the source server and change the DNS to point to the destination server and all went through without a problem.
Thank u guyz…. save my day…
1. I did install the hotfix to the source server (SBS 2003)
2. Edit the registy on SBS 2003 (thanks ZIPPY)
3. Stopped and started the service on SBS 2008 (net stop ntfrs & net start ntfrs” command on SBS08)
4. Change the Network cable to the 2nd.
Prgress Bar is moving…. Thanks Paul Sterley & Ur Valuable Team…
Worked for me too! Thanks
Your the best!
I had to do the following.
1. install hotfix
2. Add NTFRS_CMD_FILE_MOVE_ROOT to the SYSVol
3. restart ntfrs on 2003
4. restart ntfrs on 2008
the it worked!
links
http://www.petri.co.il/forums/showthread.php?t=21679
DUDE, THANK YOU!!!!!
I had the NTFRS replication “Journal Wrap Error”. I added the suggested registry key on the source 2003 server then restarted the ntfrs service on both servers. Now i am back on my way to making progress.
Cheers,
John
You. Guys. Are. Legends.
I owe you guys lunch…
I had exactly similar issues. The logs looked the same. You will notice that when you check the operation masters on 2003 SBS server they will show and ERROR on operation master and in AD sites and services the replication link will be missing on the 2008 server.
Out of frustration I rebooted the 2008 server during the setup and hell crashed on me. The source server was in the middle of migration and schema had been changed to a no comming back stage. I did a restore on the source server once when it crashed and started setup again with image on the source server.
I tried to do the install manaully without the answerfile but the same issue. The server is happy until I promote it to a Domain Controller. Then I get the following error message regarding Group Policy:
“The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.”
I started the setup again and got stuck at excatly the same spot. I pressed ctrl+alt+del on 2008 and started eventvwr from task manager. It showed the following errors.
Source; GroupPolicy
Event ID: 1006
The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller (LDAP Bind function call failed).
I then installed the hotfix from MS as mentioned in the article and everything was fine.
Thanks guys.
This is what I have learnt.
1. Check clocks are in sync.
2. Check FRS, DNS and DHCP on Source Server ( Some idiot had DNS set it to manual on my server).
3. I was prompted for 2003 SP1 not installed where as I had SP2 on it. ( I added the reg key manually on the 2003 ! Setup is dumb.
HKLM\SOFTWARE\Microsoft\SmallBusinessServer\ServicePackNumber ( = 1) )
4. Check Sysvol permissions.
5. Install the hotfix FIX 226580
http://support.microsoft.com/hotfix/KBHotfix.aspx?kbnum=939820&kbln=en-us
6. Always take an image backup of source before you start anything. There are things that can go terribly wrong as they went worng with me.
Cheers
Riddhim
Had the same issue with active directory replication taking longer than expected. LDAP bind ok but would keep saying it was trying to finish replication.
To cut a long story short this is what I had to do:
Aborted migration, restored sbs2003 box from backup and started again.
File replication service on sbs 2003 box had been set to manual: Set to automatic and started service. This created a journal wrap error condition because FRS had been disabled for so long. Implemented registry fix as specified in the event log.
Also installed MS hotfix with regards to problem being caused by previous authoritive restore. I have no idea if one had been done in the past but as MS say that it will stop the condition from occuring as well as fix the issue I thought better safe than sorry.
Restarted migration and locked up at same location but this time GP couldn’t be processed because of authentication issus (LDAP bind failed). I found a comment above where someone changed the DNS address on the sbs2008 box and thought I’d give it a try.
According to the network settings on the SBS2008 box the primary dns was the sbs2003 server and the secondary was the sbs 2008, I swapped these around making the SBS2008 box the primary for itself and hey presto off we go.
Please note though the progress bar didn’t just start moving immediatley afetr making this change, it actually took a good 10mins or more but if you watch the system event logs you should see an entry stating that Group Policy was successful and then a whole bunch of events will follow as things start to progress, so have a little patience after making these changes.
Thanks that helped me out a lot. I had to do the registry hack with SP1 as well because it wouldn’t let me past it. I was so frusterated I was about to reboot the SBS2008 server, glad I didn’t. Thanks again.
Did the hotfix and didn’t reboot the SBS2003 server and it kept going. What a hassle.
Karl
The hotfix and, the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Enable Journal Wrap Automatic Restore registry entry did the trick for me!
Thanks all!