Starting test: Advertising
Warning: Server-Name is not advertising as a time server.
......................... Server-Name failed test Advertising
Running enterprise tests on : PeteNetLive.com Starting test: Intersite ……………………. PeteNetLive.com passed test Intersite Starting test: FsmoCheck Warning: DcGetDcName(TIME_SERVER) call failed, error 1355 A Time Server could not be located. The server holding the PDC role is down. Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355 A Good Time Server could not be located. ……………………. PeteNetLive.com failed test FsmoCheck
Solution
Note: Any one of the things below can cause this problem, I suggest you retry running dcdiag after each step until it runs without error.
1. In a windows domain, clients normally get their time from the domain controller that holds the PDC Emulator role. Locate that server and log on.
3. If you have got this far, then should already have the windows time service running, check!
4. From command line, remove and reinstall the Windows time service with the following two commands.
[box]w32tm /unregister<br />w32tm /register[/box]
Note: It’s not unusual to see the following error after you issue a ‘w32tm /unregister’ command,
Error
The following error occurred: Access is denied (0x80070005)
If this happens don’t panic, open the services console (Press F5) and the Windows Time Service may have disappeared (if so re-register it). If not manually stop the Windows Time service and try to unregister again, then re-register.
WARNING: After doing this, you will need to set the time service to get reliable time from an NTP External Server again.
5. Press Windows Key+R > regedit {enter} > Navigate to the following registry key;
Ensure the Type value it set to NTP, the restart the Windows time service and check again.
5. Whilst still in the registry editor navigate to;
[box]HKLM > System > CurrentControlSet > services > W32Time > Config[/box]
Set the AnnounceFlags value to 5.
6. Whilst still in the registry editor navigate to;
[box]HKLM > System > CurrentControlSet > services > W32Time > Time Providers > NtpServer[/box]
Make sure the Enabled value is set to 1 (one).
7. If the problem persists, on the PDC Emulator run gpedit.msc > Navigate to;
[box]Computer Configuration > Administrative Templates > system > Windows Time Service[/box]
Make sure ‘Global Configuration Settings’ is set to ‘Not Configured’.
Navigate to;
[box]Computer Configuration > Administrative Templates > system > Windows Time Service > Time Providers[/box]
Make ALL the settings are to ‘Not Configured’.
If you changed anything, run ‘gpupdate /force’ and try again.
8. On the PDC Emulator, Open a command window (Note: You must Run as Administrator!) > In the Computer Settings section locate all the policies that are applying to the server.
Note: As a shortcut to find the offending policy, you could run ‘gpresult /v > c:gpresult.txt’ then search that text file, for any instance of w32tm, (here’s an example).
As above navigate to;
[box]Computer Configuration > Administrative Templates > system > Windows Time Service[/box]
Make sure Global Configuration Settings is set to ‘Not Configured’.
Navigate to;
[box]Computer Configuration > Administrative Templates > system > Windows Time Service > Time Providers[/box]
Make ALL the settings are set to ‘Not Configured’.
If you changed anything, run ‘gpupdate /force’ and try again.
Related Articles, References, Credits, or External Links
This is considerably less painfull than adding a 2008/2008 R2 domain controller to a 2003 domain was. You dont have to maually prep the schema on the schema master, or run forestprep and domainprep. The wizard does everything for you.
Solution
1. Launch server manager from the taskbar > Select Local Server > Manage > Add Roles and Features.
2. Role Based… > Next.
3. Select local server > Next.
4. Tick ‘Active Directory Domain Service’ > Next.
5. Accept the defaults > Next.
6. Next.
7. Install.
8. Installation may take a while.
9. When finished nothing appears to change, but it does say “Suceeded” > Close.
10. Now the role is on the server you just need to promote it, you can do this by selecting AD DS in the left hand menu > and click ‘More’.
11. ‘Promote the server to a domain controller’
12. By default it will fill in the domain you are already a member of > Next
13. Enter your directory servies restore mode password (DON’T ever lose this password!) > Next.
14. I dont want anyone outside my domain browsing my domain so I don’t care about the delegation error > Next.
15. If you want to reboot as soon at it’s finished tick the box, and (optionally) select a Dc to replicate from > Next.
16. Accept or change the paths as required > Next.
17. Heres a nice touch, now it preps the forest, schema, and domain for you > Next.
18. Next.
19. Install (I’d suggest a reboot when its done).
Related Articles, References, Credits, or External Links
To View RID MASTER, PDC EMULATOR and INFRASTRUCTURE MASTER
1. Go to a domain controller.
2. Start > run > dsa.msc {enter}
3. Right click domain name > Operations masters
Note: You can change the server holding these roles from this console.
To view the SCHEMA MASTER graphically do the following
1. Start > Run > regsvr32 schmmgmt.dll {enter} > OK
2. Start > run > mmc {enter}.
3. File > Add / Remove Snap-In > Add > Active Directory Schema > Add Close > OK
4. Right Click “Active Directory Schema” > Operations Master.
To View the DOMAIN NAMING MASTER
1. Start > Run > domain.msc {enter}
2. Right Click “Active Directory Domains and Trusts” > Operations Master.
General Rules for FSMO Placement
If you only have 1 domain in the forest everything goes in that one domain.
If not….
Forest Root Domain gets the Domain Naming Master, and the Schema Master roles
Each Domain gets The PDC Emulator, Infrastructure Master and RID Master roles.
Though not an FSMO role each logon location should have a Global Catalogue server
(Note: Yes you can cache logon requests and have Read only domain controllers now but in an ideal world I still place a GC at each site)
FSMO Placement
1. Do not put the Infrastructure Master on a Global Catalogue Server (see below for how to see if a domain controller is a global Catalogue server).
2. The PDC Emulator and RID Master should be on the same Server, If possible NOT on a Global Catalogue Server (though not essential).
3. The Schema Master and Domain Naming Master should be on the same machine that IS a Global Catalogue Server. (This is not true if your forest functional level is Windows Server 2003).
Locate Global Catalogue Servers
To check if a domain controller is also a global catalogue server:
1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Sites and Services.
2. Double-click Sites in the left pane, and then browse to the appropriate site or click Default-first-site-name if no other sites are available.
3. Open the Servers folder, and then click the domain controller.
4. In the domain controller’s folder, double-click NTDS Settings.
5. On the Action menu, click Properties.
6. On the General tab, locate the Global Catalogue check box to see if it is selected.
Related Articles, References, Credits, or External Links
If you are replacing a domain controller, or simply taking one offline for a while, you might want to transfer its FSMO roles to another Domain Controller.
There are 5 FSMO roles which are,
· Schema master – Forest-wide and one per forest. · Domain naming master – Forest-wide and one per forest. · RID master – Domain-specific and one for each domain. · PDC Emulator is domain-specific and one for each domain. · Infrastructure master – Domain-specific and one for each domain.
FSMO Roles Solution
Traditionally we either “Seized” or “Transferred” the FSMO roles from command line using the ntdsutil tool like THIS. But you can transfer the roles with the normal graphical consoles you have.
1. Start > Administrative tools > Active Directory Users and Computers.
2. Right click the domain > Operations Masters > Select each Tab in turn > Change > Yes > Repeat for the other two tabs.
Moving the Domain Naming Master
1. Start > Administrative tools > Active Directory Domains and Trusts.
2. Right click the top level entry > Operations Master > Change > Yes.
Moving the Schema Master.
1. In the Search/Run box type regsvr32 schmmgmt.dll {enter} > It should say that it succeeded.
2. Now in the Search/Run box type mmc {enter} > A Microsoft Management Console will open > File > Add/Remove Snap-in.
3. Select the “Active Directory Schema” Snap-in > Add.
4. By default you will connect to the Schema Master, you need to be connected to the server you are on, Expand the “Active Directory Schema” > Right click it > Select “Change Active Directory Domain Controller” > Select the NEW one > OK.
5. Now Right click again > Operations Masters > Change > Yes.
If you only have 1 domain in the forest everything goes in that one domain. If not….
Forest Root Domain gets the Domain Naming Master, and the Schema Master roles.
Each Domain gets The PDC Emulator, Infrastructure Master and RID Master roles.
Though not an FSMO role each logon location should have a Global Catalogue server
(Note: Yes you can cache logon requests and have Read only domain controllers now but in an ideal world I still place a GC at each site)
Placement
1. Do not put the Infrastructure Master on a Global Catalogue Server (see below for how to see if a domain controller is a global Catalogue server).
2. The PDC Emulator and RID Master should be on the same Server, If possible NOT on a Global Catalogue Server (though not essential).
3. The Schema Master and Domain Naming Master should be on the same machine that IS a Global Catalogue Server. (This is not true if your forest functional level is Windows Server 2003).
To check if a domain controller is also a global catalogue server
1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Sites and Services.
2. Double-click Sites in the left pane, and then browse to the appropriate site or click Default-first-site-name if no other sites are available.
3. Open the Servers folder, and then click the domain controller.
4. In the domain controller’s folder, double-click NTDS Settings.
5. On the Action menu, click Properties.
6. On the General tab, locate the Global Catalogue check box to see if it is selected.
Related Articles, References, Credits, or External Links
Part Two – Prerequisites for Windows Server 2008 R2
KB ID 0000717
Problem
Originally I was just going to write a ‘Prerequisite for Exchange 2013’ article, but the needs of Windows Server 2008 R2 are so much greater than those of Windows Server 2012, I split them up. With that in mind, Id suggest you use Window s server 2012 rather than 2008 R2. (It will be supported for longer).
But if you are determined read on.
Solution
Planning ‘Time spent on reconnaissance is seldom wasted’
If you are going to deploy Exchange 2013 within your organisation, then you either already have Exchange (or another mail server product), or it’s a ‘Greenfield Site’.
You already have Exchange
Coexistence with Exchange 2003 is not supported, before you consider bringing in Exchange 2013, you will need to migrate to Exchange 2010, (a migration to Exchange 2007 would also work, but Exchange 2010 would be more sensible). Exchange 2013 Server can coexist in the same Exchange environment with both Exchange 2007 and Exchange 2010.
Make Sure you have the DVD or ISO file for Exchange 2013, you don’t want to download a 3.5GB File at a clients site through a slow ADSL Link! Also the prerequisite software is pretty big, get all that burned to disk, or on a USB Drive before you start.
Software Requirements
Well we are installing on Server 2008 R2 (Standard/Enterprise or Datacenter, though if you plan to deploy this server as part of a DAG Group, it needs to be Enterprise/Datacenter), so what else would you need to worry about? How about backup software? Does your current backup solution support Exchange 2013? Also check with your anti-virus/antispam vendor that 2013 wont be a problem. Do you have any mail archiving software, custom email signature software etc? Take a good look at the software packages in your existing mail system to make sure.
Outlook Client Access: Be aware your clients need to be using the following versions of Outlook BEFORE you migrate them.
1. CPU: As you’re planning on deploying with Windows Server 2008 R2 you will already have a server with an x64 bit CPU to deploy Exchange 2013 on, though IA64 is NOT supported.
2. RAM: This is dependent on what roles the server will have, for a Client Access Server the recommendation is 4GB, for a Mailbox Server it’s 8GB. And if the server will hold both roles the figure remains at 8GB. Though if I were deploying an Exchange 2013 Server in anger I would start at 12GB for a small (less than 80 mailbox’s) deployment and work upwards.
3. Disk Space: The drive which will hold the Exchange program files needs 30GB free space (that seems like a lot!) then there are some smaller figures you need to add up,
500MB per Universal Massaging Pack Language you are going to deploy.
200MB free on the servers system (OS) drive.
500MB free on the drive that will house the message queue database.
If the server will be a Mailbox server then it will need sufficient room to store the mailbox/public folder databases.
4. DVDROM Drive: Actually this is not really a requirement, but I’m mentioning it because a few modern servers ship without DVDROM drives now. You don’t want to go to site with a disk and look like a clown! Exchange 2013 will deploy quite happily from an ISO image. (If in doubt use 7ZIP to extract the ISO to a folder, and take that with you).
Pre Deployment – Environment
1. The Windows 2008 R2 server should be at least SP1. (If in doubt, Windows Key+R > winver {enter}).
2. Your forest functional level should be at least Windows Server 2003. To see your forest functional level, Windows Key > Active Directory Domains and Trusts > Action > Raise Forest Functional Level.
3. The domain controller that is holding the Schema Master FSMO role in your domain, needs to be at least Windows Server 2003 SP2. To see which server is the schema master server, run the following command;
Note: In this example, I’m on a standalone server, that’s also a domain controller (not recommended for production environments!). In a live environment you may need to plan in some downtime to update the schema master.
4. The server you are deploying on, must already be a member of your domain.
5. Run Windows Update, and make sure the server is fully up to date.
6. You will need to install both .Net 4.5 and Windows Management Framework 3.0 (That’s new WMI and Powershell 3 in case you were wondering), and Windows Management Framework 3.0. (Note: you need the Windows6.1-KB2506143-x64 version).
Note: These two pieces of software are needed on the server that will prepare the Active Directory, so they are not strictly prerequisites for Exchange 2013.
7. The Exchange 2013 Server needs the ADDS (RSAT) administration tools installing. To do that simply run the following command;
[box]Add-WindowsFeature RSAT-ADDS[/box]
Note: If you skipped step 6 then you will see the following error;
The term ‘Add-WindowsFeature’ is not recognized as the name of a cmdlet function, script file, or operable program.
Pre Deployment – Roles Required
Like previous versions of Exchange, you need to add certain roles to the server before you can install the product. Which roles you need, depend on whether you are deploying a server with the client access server role, or the mailbox server role (Note: if the server will hold BOTH roles, then the roles for mailbox server will cover both.)
Mailbox Server (Or Mailbox Server with Client Access Sever) – Roles Required
Note: At time of writing there is no Office 2013 Filter pack. I suspect that when it is released, it will need installing instead of the Office 2010 version, (that’s what happened with Exchange 2010 anyway).
7. Then install the Knowledge Base article KB2619234 (Enable the Association Cookie/GUID that is used by RPC over HTTP to also be used at the RPC layer in Windows 7 and in Windows Server 2008). Note: This update requires a reboot.
8. Then install the Knowledge Base article KB2533623 (Insecure library loading could allow remote code execution). If you are fully up to date you may find that this update will not be applicable to your system, and you will see the following popup.
Client Access Server Only – Roles Required
The only difference for a server running the Client Access Role is that .Net 4.5 and the WindowsManagement Framework are not requirements. However if you have been following all the steps you will already have them installed. And having them installed will cause you no problems. So, follow all the same steps, and install all the roles and software that is required for the ‘Mailbox/Combined Mailbox and Client Access Server’.
Related Articles, References, Credits, or External Links
Originally I was just going to write a ‘Prerequisite for Exchange 2013’ article, but the needs of Windows Server 2008R2 are so much greater, I split them up.
Solution
Planning ‘Time spent on reconnaissance is seldom wasted’
If you are going to deploy Exchange 2013 within your organisation, then you either already have Exchange (or another mail server product), or it’s a ‘Greenfield Site’.
You already have Exchange
Coexistence with Exchange 2003 is not supported, before you consider bringing in Exchange 2013, you will need to migrate to Exchange 2010, (a migration to Exchange 2007 would also work, but Exchange 2010 would be more sensible). Exchange 2013 Server can coexist in the same Exchange environment with both Exchange 2007 and Exchange 2010.
Warning: Even at Exchange 2010 – You cannot upgrade to Exchange 2013 without Service Pack 3.
Make Sure you have the DVD or ISO file for Exchange 2013, you don’t want to download a 3.5GB File at a clients site through a slow ADSL Link! Also the prerequisite software is pretty big, get all that burned to disk, or on a USB Drive before you start.
Software Requirements
Well we are installing on Server 2012 (Standard or Datacenter) so what else would you need to worry about? How about backup software? Does your current backup solution support Exchange 2013? Also check with your anti-virus/antispam vendor that 2013 wont be a problem. Do you have any mail archiving software, custom email signature software etc? Take a good look at the software packages in your existing mail system to make sure.
Outlook Client Access: Be aware your clients need to be using the following versions of Outlook BEFORE you migrate them.
1. CPU: As you’re planning on deploying with Windows Server 2012 you will already have a server with an x64 bit CPU to deploy Exchange 2013 on, though IA64 is NOT supported.
2. RAM: This is dependent on what roles the server will have, for a Client Access Server the recommendation is 4GB, for a Mailbox Server it’s 8GB. And if the server will hold both roles the figure remains at 8GB. Though if I were deploying an Exchange 2013 Server in anger I would start at 12GB for a small (less than 80 mailbox’s) deployment and work upwards.
3. Disk Space: The drive which will hold the Exchange program files needs 30GB free space (that seems like a lot!) then there are some smaller figures you need to add up,
500MB per Universal Massaging Pack Language you are going to deploy.
200MB free on the servers system (OS) drive.
500MB free on the drive that will house the message queue database.
If the server will be a Mailbox server then it will need sufficient room to store the mailbox/public folder databases.
4. DVDROM Drive: Actually this is not really a requirement, but I’m mentioning it because a few modern servers ship without DVDROM drives now. You don’t want to go to site with a disk and look like a clown! Exchange 2013 will deploy quite happily from an ISO image. (If in doubt use 7ZIP to extract the ISO to a folder, and take that with you).
Pre Deployment – Environment
1. The Windows 2012 server should be at least RTM, and should NOT be pre-release (If in doubt, Windows Key+R > winver {enter}). The build number should be at least 9200.
2. Your forest functional level should be at least Windows Server 2003. To see your forest functional level, Windows Key > Active Directory Domains and Trusts > Action > Raise Forest Functional Level.
3. The domain controller that is holding the Schema Master FSMO role in your domain, needs to be at least Windows Server 2003 SP2. To see which server is the schema master server, run the following command;
Note: In this example, I’m on a standalone server, that’s also a domain controller (not recommended for production environments!). In a live environment you may need to plan in some downtime to update the schema master.
4. The server you are deploying on, must already be a member of your domain.
5. Run Windows Update, and make sure the server is fully up to date. You will find Windows Update in Server Manager > Local Server.
6. Windows Server 2012 comes pre installed with .Net 4.5 and Windows Management Framework 3.0 (That’s new WMI and Powershell 3 in case you were wondering). So there’s nothing to do for this step, I only mention it for completeness.
7. The Exchange 2013 Server needs the ADDS (RSAT) administration tools installing. To do that simply run the following command;
[box] Install-WindowsFeature RSAT-ADDS [/box]
Note: As previously stated, the server used in the example above is a domain controller, so it already had the tools installed, hence the NoChangeNeeded exit code.
Pre Deployment – Roles Required
Note: From THIS POINT FORWARD, all roles can now installed with the RTM release of Exchange 2012 during setup. The following will only need to be carried out if you are installing the pre-release version of Exchange 2013.
Like previous versions of Exchange, you need to add certain roles to the server before you can install the product. Which roles you need, depend on whether you are deploying a server with the client access server role, or the mailbox server role (Note: if the server will hold BOTH roles, then the roles for mailbox server will cover both.)
Note: At time of writing there is no Office 2013 Filter pack. I suspect that when it is released, it will need installing instead of the Office 2010 version, (that’s what happened with Exchange 2010 anyway).
Related Articles, References, Credits, or External Links
I got this error when attempting to bulk create users with CSVDE (see below). But you may simply see it when trying to create a user, or other AD object.
Unwilling To Perform
The server side error is “The directory service has exhausted the pool of relative identifiers.”
Solution
Well that is a scary looking error! Firstly make sure you can see all your FSMO role servers.
In my case, I tracked this down to an old DC that has been removed from the domain but was still referenced in DNS. Open your domain forward lookup zone, look in the _tcp container, for any SRV references to old/removed domain controllers and simply delete them.
Related Articles, References, Credits, or External Links