Re: Converting domain controllers - Netlogon Share

tgatesnc · ‎08-17-2007

I recently tried to use the Vmware converter to convert 2 of our Windows 2003 Server domain controllers to virtual to test a domain migration in an isolated environment. The process went fine with no errors. When I booted up these servers in test and began looking a little closer I noticed a lot of errors in their event viewers dealing with replication. Then I noticed that the group polices were missing from the Netlogon shares! I copied the polices from the production environment and then with a little work with ADSIEDIT I was able to get them to replicate again. Even after this, the test environment was not stable enough for a true migration test.

Is there any known problems with converting a 2003 Domain Controller to Virtual? Has anyone seen this before?

At this point it looks like the client is going to abandon VMware as a test environment because of these problems but I would like to know for future projects.

Environment:

Host:

Windows 2003 Server STD with SP2 and all updates.

VMWare ESX server and VMware converter.

Sources:

Windows 2003 Server STD with SP2

There are two domains involved. A parent domain and a child domain.

I converted the PDC emulator for each domain and a second domain controller for each domain. 4 total. All domain roles were included in these 4 servers.

Thanks in advance

rsa911 · ‎08-17-2007

>group polices were missing from the Netlogon shares!

huh ?

the netlogon share does not contain GPOs

maybe you're talking about the sysvol share ?

afaik there's no specific issues with vmware and DCs

I've run built from scratch DC and P2V DC on various vmware flavors without any issue...

all the DC were SP1, I never tried SP2

Note that W2K3SP2 is not officialy supported with ESX 3.01

Imho your issues are pure A.D. / DNS issues and not vmware related

tgatesnc · ‎08-17-2007

Yes, you are correct, it was the SysVol share not the Netlogon...

I agree that it seems to be a problem with the domains. This environment is quite a mess and therefore the migration is planned.

I was willing to try the converstion process again but it looks like the client has abandoned the VMware idea. They are purchasing 3 servers and reusing several old ones to build a physical test environment.

Thanks for the information.

Dooges · ‎09-07-2007

I experienced the same issue. I believe that FRS keeps track of the disk signature of the SYSVOL share. When the DC gets converted, FRS interprets this as a movement of SYSVOL to another location. I got an error in the eventlogs that SYSVOL moved from 'e:\sysvol' to 'e:\sysvol'.

See the following Technet article on moving SYSVOL.

http://support.microsoft.com/kb/842162

What I did was dcpromo the the dc to a member server and then re-promoted it. System is being used in a production environment and has been completely stable.

michaeltsa · ‎09-10-2007

As far as i know, the DC can't clone or converted to different hardware or virtual machines; the SIDs inside will be totally different after moving to another hardware.

jprior · ‎09-11-2007

i've converted two DC's without problems.

michaeltsa · ‎09-11-2007

Can you tell us what version of Windows are you using and how did you do that?

admin · ‎09-12-2007

When planning to use VMware Converter to import your current phyiscal DC server into a virtual machine, it would be a best practise to use the "Cold Clone" method. This method involves booting the server into the Converter bootable CD. The CD consists of a WinPe environment. This method of conversion will copy the entire contents of the DC server's hard disks over into the target VMDK using a "Disk-Level" method.

Because Domain Controllers are a dynamic system (constantly being updated, read from, written to) data integrity can be a problem. A Cold Clone would be the optimal way for the conversion as this would ensure that the target VM would be up to date and would not be missing any crucial data.