Error seen when attempting to add a new domain controller to an existing domain;
Verification of replica failed. The specified domain {Domain-Name} is still using the File Replication Service (FRS) to replicate the SYSVOL share. FRS is depreciated.
The server being promoted does not support FRS and cannot be promoted as a replica into the specified domain.
You MUST migrate the specified domain to use DFS Replication using the DFSRMIG command before continuing.
Solution: FRS is Depreciated
Before proceeding you MUST ensure all your existing domain controllers are AT LEAST Windows Server 2008. Your domain and forest functional levels should be at Windows Server 2008 (AL LEAST). It would also be a good move, to make sure all your DCs are replicating cleanly.
You need to go to one of your legacy (existing) domain controllers, and carry out the following PowerShell procedure.
First make sure that no one’s messed about with this before, issue the following command and make sure the migration process has not been previously started;
[box]
dfsrmig /getglobalstate
[/box]
Start the process.
[box]
dfsrmig /setglobalstate 1
[/box]
It can take a while, (even if you only have one Domain Controller!) Keep checking the status, with the command ‘dfsrmig /getmigrationstate’ until it says all the domain controllers have migrated to global state ‘Prepared‘.
Change the process to state 2 (Redirected).
[box]
dfsrmig /setglobalstate 2
[/box]
This typically completes a bit faster than the first state. Keep checking the status, with the command you originally used, until it says all the domain controllers have migrated to global state ‘Redirected‘.
Change the process to state 3 (Eliminated).
[box]
dfsrmig /setglobalstate 3
[/box]
As before, keep checking the status, with the command you originally used, until it says all the domain controllers have migrated to global state ‘Suceeded‘.
On the ‘Old‘ domain controllers, you need to disable the NTFRS service and stop it.
In a fit of lunacy Microsoft have called ‘their’ new browser Microsoft Edge, so we can spend the next few months confusing it with Edge. Plus every Google search for GPO settings, error messages etc will all now show search results for the old Edge Browser not the new Microsoft Edge browser! Perhaps the same doofus at Microsoft who called the Exchange sync Active Sync when Microsoft already had a product called Active Sync was involved?
Anyway I got a request from a client this week to have Microsoft Edge on their Citrix environment, there was some confusion (imagine that), because Edge does not work on server 2016, (and it’s not shipped as part of server 2016), but would Microsoft Edge work?
Installing Microsoft Edge on Server 2019/2016 (With IE11)
Why is Internet explorer still alive? Anyway If you want to install Edge on a modern Windows server firstly ensure you are fully up to date with updates! Then open IE. Internet Options > Security > Custom > Scripting > Enable Active Scripting > OK > Yes > Apply > OK.
The first test was, ‘would it run on Server 2016’, it detected the OS as Windows 10 (unsurprisingly), and installed fine;
Microsoft Edge on Remote Desktop Services
Well Citrix is really just Remote Desktop Services in a leather jacket, so the next test was,’ would it work in RDS?’ I span up an RDS farm on the bench, and was pleased to see I could select Microsoft Edge as a RemoteApp, (not that I needed to deploy it using RemoteApp, but it being detected was promising).
And in an RDS session it worked faultlessly.
Deploy Microsoft Edge on Citrix (Server 2016)
Here’s where we had a problem, it installed fine, but every time I went to open it, all I got was a ‘white screen’ for about 5 minutes, after this it burst into life, which I couldn’t really ask the client to put up with!
As this was happening when I launched the browser I ‘wrongly’ assumed it was a ‘first run‘ problem (for the uninitiated, previous Microsoft browsers got an annoying ‘how do you want to set the browser up’ routine, then finally dumped you on the MSN webpage, (does anyone actually use the MSN webpage?) While it didn’t cure my problem it’s worth mentioning how I stopped the first run dialog happening);
Controlling Microsoft Edge with Group Policies
If you are used to importing ADMX and ADML files then this will be a breeze to you. If you are really interested I cover the subject in great deal in the following post;
Computer configuration > Policies > Administrative Templates > Microsoft Edge
[/box]
Microsoft Edge: Stop Importing of Bookmarks/Favourites
Locate: ‘Automatically import another browser’s data and settings at first run‘ > Enable the policy, and select ‘Disable automatic import and the import section of the first run experience is skipped‘ > Apply > OK.
Microsoft Edge: First Run
This will disable the entire first run dialog;
Locate: ‘Hide the First-run experience and splash screen‘ > Enable the policy > Apply > OK.
As it was working in RDS and not working on Citrix, then the problem was probably Citrix*. Citrix is one of my weaker subjects, so credit for the actual fix should go to my colleague (Dan Brookes).
*After I had discounted existing group policies, and other installed applications.
Running Microsoft Edge while it was ‘hanging’ and looking at what was going on in ‘Process Monitor’ showed a lot of hook64.dll entries;
This pointed to the culprit, open the registry Editor (regedit) and navigate to;
[box]
HKEY_LOCAL_MACHINE > System > CurrentControlSet > Services > CtxUvi
[/box]
Locate the UviProcesExcludes REG_SZ value, edit it and add ‘msedge.exe;‘ to the end.
Theres probably one service you can restart, but I simply rebooted the server, (problem solved).
FSLogix and Microsoft Edge
If you are running FSLogix you should also add an ‘exclusion’ to the Redirections.xml file, (located in your \\{domain-name}\NETLOGON folder).
When attempting a File Server Migration why isn’t this better publicised? Did you know Microsoft have a set of Migration tools, and one of them is for file servers? Now traditionally I’d use RoboCopy or XCopy to migrate files and folders, and for ‘User Profiles’ I would normally back them up, and restore them to the new server. This is because the file permissions on ‘correctly deployed’ user profiles mean you can’t open them.
How about a tool, that migrates all the files, folders and profiles while maintaining all the NTFS permissions, AND Share permissions!
Windows File Server Migration Tools
Source Server Pre-requisites
Server 2003: .Net 2.0 (With SP1), and PowerShell 2.0, and 25MB free drive space.
Server 2008: PowerShell and 25Mb free drive space.
Server 2008 R2 and Newer: 25Mb free drive space.
All: UDP port 7000 needs to be open, from source to the destination server.
File Server Migration Server 2008 to Server 2019
File Server Migration from Server 2003!
Source Server: Windows Server 2003 Standard x64 (x86 supported as well)
Destination Server: Windows 2012 R2 Data Center 2012
Source Server: Here you can see my user profiles, I’ll do the migration with them, as usually they are the most ‘challenging’.
You need to create a shared folder on the Source Server, I’ve just granted everyone full control, (this is just for the migration tools).
Destination Server: Open a PowerShell windows and install the tools with the following command;
Open an administrative command window > Now you need to deploy the migrations tools to the share on the destination server, to do that use the following command;
Note: For x86 (32 bit) source servers use x86 instead of amd64. WS03 (Windows Server 2003), WS08 (Windows Server 2008), WS08R2 (Windows Server 2008 R2), and WS12 (Windows Server 2012).
Source Server: Open the folder you created earlier and within it you will find another folder that has the tools in. Open an administrative command window and change to this directory > then execute the following command;
[box]
.\smigdeploy
[/box]
Another PowerShell window will open, leave it open, and return to the destination server.
Destination Server: Here I’ve created a folder that I’m going to migrate into.
Destination Server: Open a PowerShell window and issue the following two commands;
If you are here, you have probably already found out that Dropbox is not supported on Windows Server platforms. You can install it and set it up happily but it stops working and needs to be relaunched all the time (manually).
I love dropbox! So much I actually pay for it! I run it on my management server and its handy for copying file up into my test network, so I can appreciate how annoying it is having to restart it all the time. So to fix the problem we have to use a piece of software that’s over 15 years old!
Running Dropbox as a Service on Windows Server
First you have to stop dropbox running.
Then download srvany and extract the executable to the Dropbox install directory (C:\Program Files (x86)\Dropbox). Note: This file is form the old Server 2003 resource kit.
Install-WindowsFeature : ArgumentNotValid: The role, role service, or feature name is not valid: ‘Desktop-Experience’. The name was not found. At line:1 char:1 + Install-WindowsFeature Desktop-Experience + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: (Desktop-Experience:String) [Install-WindowsFeature], Exception + FullyQualifiedErrorId : NameDoesNotExist,Microsoft.Windows.ServerManager.Commands.AddWindowsFeatureCommand
Success Restart Needed Exit Code Feature Result ——- ————– ——— ————– False No InvalidArgs {}
PS C:\Users\administrator.PNL>
[/box]
Solution
Note: You need Server Datacenter version to do this.
If you o to the flash website and it (wrongly,) thinks you are using Windows 10 (we it’s the same code, I’ll let them off,) and it also says “it’s already installed just enable it”, but it’s not there?
You need to install it with the following command;
Back in the day we just used the ‘At’ command to schedule a reboot, but starting with Server 2012 that was stopped! If you try it now you will see the following;
The AT command has been depreciated. Please use schtasks.exe instead
Solution (The Quick Way)
Execute the following command (change time and data accordingly);
You have a Windows 2019/2016, 2012, or 2008 server with plenty of storage space, and you would like to present that to an ESX/ESXi server as a datastore. You can configure a folder (or drive) as an NFS share and present it to VMware vSphere, so that it can be used as a datastore.
Note: For Server 2008 and vSphere 4/5 Scroll down.
Create NFS Shares on Windows Server 2019, 2016, and 2012
Essentially you need to add the ‘Server for NFS’ role, (Below “File and Storage Services“).
Create a folder to share, on its properties > NFS Sharing > Manage NFS Sharing.
Tick to share > Permissions.
You can add each host individually here, but I’m just changing the default rule to allow Read/Write to ALL MACHINES > Tick ‘Allow root access’ > OK.
VMWare vSphere 6 Connecting to Windows NFS Shares
Make Sure you have a VMKernel port on the same network as your NFS share.
DataStore View > Right click the ‘Cluster‘ > Storage > New Datastore > NFS > Next > NFS 3 > Next.
Give the datastore a name > Select the share name (prefix it with a forward slash, and remember they are case sensitive!) > Enter the IP or FQDN of the NFS server > Next > Next > Finish.
Create NFS Shares on Windows Server 2008
Gotchas
1. The system will not work if you do not have a vmkernel port, if you already have iSCSI or vmotion working then this will already be in place.
If not you will see an error like this,
Call “HostDatastoreSystem.CreateNasDatastore” for object “ha-datastoresystem” on ESX “{name or IP of ESX server}” failed.
2. Make sure TCP port 2049 is open between the NFS share and the ESX box. On an ESX 3.x servers you may need to run ” esxcfg-firewall -e nfsClient “.
Other Points
1. You CAN boot a windows VM from any NFS store (just because Windows cannot boot from NFS – does not mean a VM can’t).
Once upon a time, adding a domain controller that was running a newer version of the Windows Server family involved opening command line and schema prepping, and GP prepping etc. Now all this happens in the background when adding a 2019 domain controller and the wizard is doing the heavy lifting for you.
Solution
2008 to 2019 Domain Controller
2008 to 2016 Domain Controller
Obviously the server needs to be a domain member first!
For Server 2019 Forest and Domain Functional levels need to be at ‘Windows Server 2008‘. (The documentation says 2008 R2, but Server 2008 also works flawlessly).
For Server 2016 Forest and Domain Functional levels need to be at ‘Windows Server 2003‘.
Before You Start!
Remember if your ‘retiring’ domain controller is also a DNS/DHCP server you will also need to address that, and make sure you don’t have a service or device that queries the old domain controller directly (Radius Devices, Firewalls, RSA Appliances, Proxy Filters, Security door software, etc).
Procedure: Deploy a 2019 Domain Controller
With a vanilla install Server Manager will open every time you boot, (unless you’ve disabled it!) To open it manually, run ‘servermanager.exe’ > Manage > Add Roles and Features.
I usually tick the ‘Skip this page by default’ option > Next.
Role Based… > Next.
Ensure the local server is selected, (if you are managing another server, you can of course do the role install from here as well, but let’s keep things simple) > Next.
Select Active Directory Domain Services > Next.
Next.
Next.
Ensure ‘Restart’ is selected > Next.
Next.
Promote Windows Server To Domain Controller
Back in Server Manager > In the ‘Notifications’ section, click the warning triangle > ‘Promote This Server To Domain Controller’.
Assuming you already have a domain, and this is not a greenfield Install > Add a domain controller to an existing domain > Next.
Type and confirm a Directory Services Restore Mode Password (DSRM,) make it something you will remember in a crisis, or store it securely somewhere > Next.
This is fine, You see this error because it’s trying to create a delegation for this DNS zone, and there isn’t a Windows server above you in the DNS hierarchy. For example if your domain name is petelnetlive.co.uk > Then I do not have access to create a delegation in the .co domain space. (So you can safely ignore) > Next
If you have a backup of AD you can ‘Install From Media’. This used to be handy on remote sites that had awful bandwidth, as it saved you having to replicate a large Active Directly over a ‘pants’ connection > I’ve not had to do that in a long time > Next.
Unless you want to change the default AD install locations > Next.
Next.
Read any warnings > Install
Go have a coffee, we ticked ‘reboot’ earlier so it will complete, then reboot the server, which will come back up as a domain controller.
You will notice, (if you’re interested,) that your schema version is now 88 (Server 2019), or 87 (Server 2016).
Seen when attempting to deploy Window Server 2016, as an ‘Image‘ (Parent VM,) with VMware Horizon View.
‘VM With Unsupported Guest OS’
I double checked, and Server 2016 (Standard and DataCenter) were supported, as was Server 2019 (Standard and DataCenter.) The image also had a new version of the VMware Horizon View agent installed in it?
Solution
In my case this was an embarrassingly easy fix, previously I’d deployed Windows 7, 8, and 10 with Horizon View, this was the first time I’d ever deployed a server OS as a VDI image, (With Windows Server Datacenter, this works out cheaper, licensing wise).
By Default: VMware Horizon View does not allow server operating systems, (even though they are supported.) You just need to enable the feature! Launch Horizon Administrator, View Configuration > Global Settings > Edit > Tick ‘Enable Windows Server Desktops‘ > OK.
Doh! That cost me two hours, (hope it saved you some time).
Related Articles, References, Credits, or External Links
I got asked if I’d ever had to do this today, I vaguely remember having this problem in the past, but I can’t remember how I solved it. You set the ‘Partition Table Type‘ on a disk in Windows, when the drive is first initialised, like so;
And the default is MBR, so that usually gets ticked, the problem is MBR only supports disks up to 2TB in size. Now if it’s just a new disk, with no partitions on it, you can simply change it;
But if it’s got a partition on it, (and probably some live data) you cant!
Previously, (before Windows 10, and Server 2016,) The Microsoft solution was to delete the partitions and create a new one, which can be a little time consuming, especially if you have live data on it! So can you convert it to GPT Live with no data loss?
Solution
Yes! As usual, make sure you have a decent backup first, and if you are using a virtual environment, you can snapshot the virtual machine before hand, (I tested this in the lab, by taking a snapshot, converting a drive from MBR to GPT, then reverting to the snapshot, and it flipped back to MBR with no loss of data).
You need to know what disk number Windows has assigned to the drive, in disk management right click the drive, and select properties.
Windows 10 and Windows Server 2016
Using this method will require (after you have finished) you machine. is set to UEFI boot, otherwise it will work fine until you try and reboot, then the machine won’t boot! So if you are doing this on a Virtual Machine in Hyper-V MAKE SURE it’s a generations 2 VM!
You will find MBR2GPT.exe in C:\Windows\System32, if it’s not there do a full round of Windows updates! Simply open an Administrative command window and run the following commands;
[box]
cd c:\windows\system32
mbr2gpt /convert /disk:1 /allowfullOS
[/box]
Take note of the warning the machine should now be set to UEFI boot mode, so if its a VMware VM, then change this value;
For OLDER Vesions of Windows
Download and extract gptgen-1.1 then run the following command;
[box]gptgen.exe -w \\.\\physicaldrive1[/box]
Note: Where ‘1‘ is the disk number you took note of above.
Note: If you see “Block read failed, check permissions!” Then you might want to use MBR2GPT {above} instead.
That’s it done! In ‘disk management’ you will need to ‘Rescan Disks’ to see the change.
In the unlikely event that something exploded, you can ‘roll-back‘ to your snapshot.
Related Articles, References, Credits, or External Links