Jude's Blog

Exchange ECP Empty Results Issue in Internet Explorer

leave a comment »

When it comes to browser compatibility issues, it’s always about non-Microsoft browsers having issues with Exchange Servers. But in this particular case, the issue was vise-versa.

This was an Exchange 2013 environment, and the administrator reported that while using the ECP in Internet Explorer he was unable to view any data within sub windows and the links within were not clickable. However, when using Google Chrome or FireFox, this was not a problem.

The above image is what you get when you open a Recipient mailbox in ECP. As you can see, the values are all empty and I cannot click any of the action items on left side.

Now let’s see what type of an approach you should take in a scenario like this.

  • Check with multiple Internet Explorer versions/users. Plus clear your cache and cookies as well.
  • Check with compatibility mode on IE.
  • Check if the issue is for both internal and external users. Why I’m saying this is that in most of the cases your Exchange Servers may be placed behind many layers such as proxy, load balancers etc. So, we need to narrow this down to internal or external.
  • Check if the issue is for a single server only. Go to your exchange server, open Internet Explorer and check your ECP using localhost FQDN. By this, we can see if the issue is only for one Exchange Server or multiple servers.
  • Now that you have figured out where and which servers are affected, it’s time to refresh your IIS cache. We do this because that’s the first point where all web connections hit to. And I’ve seen that in most client connectivity issues, doing a simple refresh or may be a reset on IIS fixes the issue. Resetting IIS would be the last resort as it would drop all connections and users will not be able to connect until the service starts which can take some time.

Below are the steps that worked for me;

  1. Open IIS Manager and navigate to Application
    Pools.
  2. Under the list of pools, you can see the MSExchangeECPAppPool. This is responsible for ECP connections and we can easily refresh the cache.
  3. Right click the MSExchangeECPAppPool and click Recycle.

  4. Now IIS will refresh your specific app pool.
  5. Login back to the ECP and check if the issue is sorted.
  6. In my case, it was working again.

Written by judeperera

October 28, 2019 at 1:24 pm

Exchange 2016 CU Update error at “Mailbox role: Transport service”

leave a comment »

Well, this was a strange case that came across while installing the Exchange Server 2016 CU14 update. The setup goes all the way and throws an error at “Mailbox role: Transport service” component installation and exits.

Issue:

Error:

The following error was generated when "$error.Clear();

if ($RoleProductPlatform -eq "amd64")

{

try

{

# Need to configure the ETL traces before the fast service is installed. This will ensure that when the service comes up

# it will have the necessary trace session setting available to read from the registry

$fastPerfEtlTraceFolderPath = Join-Path -Path $RoleBinPath -ChildPath "\Search\Ceres\Diagnostics\ETLTraces"

$fastDiagnosticTracingRegKeyPath = 'HKLM:\SOFTWARE\Microsoft\Office Server\16.0\Search\Diagnostics\Tracing'

if(-not(Test-Path -Path $fastPerfEtlTraceFolderPath))

{

$null = New-Item $fastPerfEtlTraceFolderPath -Type 'Directory' -Force

}

if (-not(Test-Path -Path $fastDiagnosticTracingRegKeyPath))

{

$null = New-Item -Path $fastDiagnosticTracingRegKeyPath -Force

}

$null = New-ItemProperty -Path $fastDiagnosticTracingRegKeyPath -Name 'TracingPath' -PropertyType 'string' -Value $fastPerfEtlTraceFolderPath -Force

$null = New-ItemProperty -Path $fastDiagnosticTracingRegKeyPath -Name 'TracingFileName' -PropertyType 'string' -Value 'DocumentProcessingTrace' -Force

$null = New-ItemProperty -Path $fastDiagnosticTracingRegKeyPath -Name 'DocumentParserSuccessLogMessage' -PropertyType 'Dword' -Value 1 -Force

$null = New-ItemProperty -Path $fastDiagnosticTracingRegKeyPath -Name 'DocumentParserLoggingNoInitialisation' -PropertyType 'Dword' -Value 1 -Force

# Max trace folder size 50 * 100 = 5GB

$null = New-ItemProperty -Path $fastDiagnosticTracingRegKeyPath -Name 'MaxTraceFileSize' -PropertyType 'Dword' -Value 50 -Force

$null = New-ItemProperty -Path $fastDiagnosticTracingRegKeyPath -Name 'MaxTraceFileCount' -PropertyType 'Dword' -Value 100 -Force

$null = New-ItemProperty -Path $fastDiagnosticTracingRegKeyPath -Name 'UseGeneralSwitch' -PropertyType 'Dword' -Value 1 -Force

$null = New-ItemProperty -Path $fastDiagnosticTracingRegKeyPath -Name 'GeneralSwitch' -PropertyType 'Dword' -Value 0 -Force

}

catch

{

# ETl tracing is not critical. Info only log

Write-ExchangeSetupLog -Info ("An exception ocurred while trying to Configure the FAST ETL traces. Exception: " + $_.Exception.Message);

}

try

{

$fastFusionRegKeyPath = 'HKLM:\SOFTWARE\Microsoft\Office Server\16.0\Search\FlightControl'

if (Test-Path -Path $fastFusionRegKeyPath)

{

Remove-ItemProperty -Path $fastFusionRegKeyPath -Name 'fusion_new_enabled' -Force -ErrorAction SilentlyContinue

Remove-ItemProperty -Path $fastFusionRegKeyPath -Name 'fusion_old_enabled' -Force -ErrorAction SilentlyContinue

Remove-ItemProperty -Path $fastFusionRegKeyPath -Name 'fusion_compare_outputs' -Force -ErrorAction SilentlyContinue

}

}

catch

{

# Removing new fusion keys is not critical. Info only log

Write-ExchangeSetupLog -Info ("An exception ocurred while trying to remove the fast new fusion reg keys. Exception: " + $_.Exception.Message);

}

$fastInstallConfigPath = Join-Path -Path $RoleBinPath -ChildPath "Search\Ceres\Installer";

$command = Join-Path -Path $fastInstallConfigPath -ChildPath "InstallConfig.ps1";

$dataFolderPath = Join-Path -Path $RoleBinPath -ChildPath "Search\Ceres\HostController\Data";

# Remove previous SearchFoundation configuration

&$command -action u -silent;

try

{

if ([System.IO.Directory]::Exists($dataFolderPath))

{

[System.IO.Directory]::Delete($dataFolderPath, $true);

}

}

catch

{

$deleteErrorMsg = "Failure cleaning up SearchFoundation Data folder. - " + $dataFolderPath + " - " + $_.Exception.Message;

Write-ExchangeSetupLog -Error $deleteErrorMsg;

}

# Re-add the SearchFoundation configuration

try

{

# the BasePort value MUST be kept in sync with dev\Search\src\OperatorSchema\SearchConfig.cs

&$command -action i -baseport 3800 -dataFolder $dataFolderPath -silent;

}

catch

{

$errorMsg = "Failure configuring SearchFoundation through installconfig.ps1 - " + $_.Exception.Message;

Write-ExchangeSetupLog -Error $errorMsg;

# Clean up the failed configuration attempt.

&$command -action u -silent;

try

{

if ([System.IO.Directory]::Exists($dataFolderPath))

{

[System.IO.Directory]::Delete($dataFolderPath, $true);

}

}

catch

{

$deleteErrorMsg = "Failure cleaning up SearchFoundation Data folder. - " + $dataFolderPath + " - " + $_.Exception.Message;

Write-ExchangeSetupLog -Error $deleteErrorMsg;

}

}

# Set the PowerShell Snap-in's public key tokens

try

{

$PowerShellSnapinsPath = "HKLM:\SOFTWARE\Microsoft\PowerShell\1\PowerShellSnapIns\";

$FastSnapinNames = @("EnginePSSnapin", "HostControllerPSSnapIn", "InteractionEnginePSSnapIn", "JunoPSSnapin", "SearchCorePSSnapIn");

$officePublicKey = "71E9BCE111E9429C";

$exchangePublicKey = "31bf3856ad364e35";

foreach ($fastSnapinName in $FastSnapinNames)

{

$fastSnapinPath = $PowerShellSnapinsPath + $fastSnapinName;

$assemblyNameProperty = Get-ItemProperty -Path $fastSnapinPath -Name "AssemblyName" -ErrorAction SilentlyContinue;

if ($assemblyNameProperty -ne $null -and (-not [string]::IsNullOrEmpty($assemblyNameProperty.AssemblyName)))

{

$newAssemblyName = $assemblyNameProperty.AssemblyName -ireplace ($officePublicKey, $exchangePublicKey);

Set-ItemProperty -Path $fastSnapinPath -Name "AssemblyName" -Value $newAssemblyName;

}

}

}

catch

{

# Info only log

Write-ExchangeSetupLog -Info ("An exception ocurred while configuring Search Foundation PowerShell Snapin. Exception: " + $_.Exception.Message);

}

}

" was run: "System.Exception: Failure configuring SearchFoundation through installconfig.ps1 - Error occurred while configuring Search Foundation for Exchange.System.TimeoutException: This request operation sent to net.tcp://sandesha-b.cbsl.lk:3803/Management/AdminService did not receive a reply within the configured timeout (00:01:00). The time allotted to this operation may have been a portion of a longer timeout. This may be because the service is still processing the operation or because the service was unable to send a reply message. Please consider increasing the operation timeout (by casting the channel/proxy to IContextChannel and setting the OperationTimeout property) and ensure that the service is able to connect to the client.

Server stack trace:

at System.ServiceModel.Dispatcher.DuplexChannelBinder.Request(Message message, TimeSpan timeout)

at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)

at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)

at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:

at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)

at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)

at Microsoft.Ceres.CoreServices.Admin.IAdminServiceManagementAgent.UpdateConfiguration()

at Microsoft.Ceres.Exchange.PostSetup.NodeManager.AddNodeAndUpdateConfiguration(String node)

at Microsoft.Ceres.Exchange.PostSetup.NodeManager.DeployContentEngineNode()

at Microsoft.Ceres.Exchange.PostSetup.DeploymentManager.Install(String installDirectory, String dataDirectoryPath, Int32 basePort, String logFile, Boolean singleNode, String systemName, Boolean attachedMode)

at CallSite.Target(Closure , CallSite , RuntimeType , Object , Object , Object , Object , Object , Object , Boolean )

at Microsoft.Exchange.Configuration.Tasks.Task.ThrowError(Exception exception, ErrorCategory errorCategory, Object target, String helpUrl)

at Microsoft.Exchange.Management.Deployment.WriteExchangeSetupLog.InternalProcessRecord()

at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__91_1()

at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)".

 

Resolution:

We actually made a few changes from the server end and once we tried again, the setup ran without any issues. Therefore if you encounter such an error above, you might want to try this out and see if any of these will work;

  • Run the setup again and check
  • Check with Anti-virus software is disabled
  • Check with Firewall disabled
  • Check with setting the PowerShell Execution Policy of the server to ‘Unrestricted’ (Set-ExecutionPolicy Unrestricted)

Once you have done the above, give the installer another try and hopefully this will fix. In my case, I was able to finish the installation after doing the last three mentioned.

Happy Installations!!

Written by judeperera

October 16, 2019 at 3:36 am

Posted in Uncategorized

Fixing “451 4.7.0 Temporary server error. Please try again later. PRX4”

leave a comment »

Issue

In this scenario we are going to talk about an issue related to Exchange server not being able to accept any inbound SMTP connections. The client had one Edge server and two Exchange 2016 Mailbox servers. Out of nowhere, they have noticed that they are unable to send emails within the Exchange organization as well as all inbound emails from internet seemed to have stopped. In such a scenario, what we should do first is to identify the role that the issue might be at. In our case this is to with the SMTP mail flow thus the Hub Transport service should be involved.

Also, looking at the mail queues in the gateway and exchange servers, the Last Known Error message is shown as below;

451 4.7.0 Temporary server error. Please try again later. PRX4

Step 01:
Our first step should be to make sure that all Exchange Services are running on the servers. You can do this by going to the “Services” or opening up Exchange Powershell and running the below command to ensure that all required services are in “Running” state.

Get-ServerComponentState -Identity <ServerIdParameter>

Step 02:
Now that we know our services are working (at least showing that it’s working) let’s do a telnet and verify. You can do this by sending an email using ‘Telnet‘ from your other hops. In my case;

  • Edge server to Exchange server 01 – Gives error “451 4.7.0 Temporary server error. Please try again later. PRX4”
  • Exchange server 01 to Exchange server 01 – Gives error “451 4.7.0 Temporary server error. Please try again later. PRX4”
  • Exchange server 01 to Exchange server 01 – Gives error “451 4.7.0 Temporary server error. Please try again later. PRX4”
  • Exchange server 02 to Exchange server 02 – Gives error “451 4.7.0 Temporary server error. Please try again later. PRX4”
  • Exchange server 02 to Exchange server 01 – Gives error “451 4.7.0 Temporary server error. Please try again later. PRX4”
  • Exchange server 02 to Edge server 01 – Message relayed successfully
  • Exchange server 02 to Edge server 02 – Message relayed successfully

What does this say? Issue is on my internal Exchange Servers, ditto!

Step 03: Now that we have established where the issue occurs on which service, the next option was to check the AD connectivity. You can do this by checking the event log for “MSExchange
ADAccess” and confirm that Exchange and AD connection is working as expected.

Step 04: Check if the time is correct on all your Exchange servers along with the time of your AD.

Step 05: Verify that the entries in your DNS is correct and working by doing a NSLOOKUP from all Exchange servers.

Step 06: Verify that your certificates are valid and SMTP services are assigned properly.

In my scenario, all steps from 1-5 were perfectly fine except for step 6. I logged into my ECP, went to Servers and Certificates and in my list, I noticed that the certificate Status was showing as ‘Invalid‘. In addition, the certificate properties showed that the SMTP service was also assigned to this certificate.

 

Resolution

We can get an idea on what might the issue be. We have an Invalid certificate with SMTP assigned to it. And our issue is that the Exchange server is rejecting the SMTP connections. This seems to be a valid cause. Now check your other certificates too. In my case the certificate in issue was an older custom created one. But there was a proper certificate that was set to IIS,SMTP,POP,IMAP services. That means we can delete it. However, if the certificate is a built-in certificate or the only certificate that’s assigned to all services, ‘DO NOT DELETE’.

Before deleting, it’s always a good idea to take a backup of the certificate. To do this, follow the steps;

  1. Open MMC
  2. Click File and select Add/Remove Snap In
  3. Under the Available
    snapins, click on Certificates and Add
  4. Under Certificates snap-in select ‘Computer
    account’ and click Finish
  5. Select Local Computer to manage the snap-in
  6. Click OK to add the selected snap-in to console window
  7. Go to the MMC, under Personal Certificates store, right-click on your certificate that should be exported, and select All Tasks and click Export
  8. Proceed with exporting the certificate with the Private key.

Now that we have exported the certificate, we can go back to the ECP and delete the Invalid certificate.

  1. Login to Exchange
    Admin
    Center (ECP)
  2. Navigate to Servers and click on Certificates
  3. Select the server you want to list the certificates from the drop-down menu
  4. Select the certificate which is marked as Invalid that you want to delete
  5. Click on the delete icon (recycle-bin icon)
  6. If you have multiple servers, do steps 2-5

The next step is to restart the Microsoft Exchange Transport related services so that the service will now refresh its certificate and will only use the Valid certificate(s). Do this on all servers that you removed the certificate.

Give your services to run and the mail queues to automatically restart and you will be able to see that the mail Queue will now be delivered.

Written by judeperera

October 11, 2019 at 11:28 am

[Script] Shared Mailbox Convert and Enabling Sent Items Copy

leave a comment »

This is a simple script that will allow an administrator to achieve the below tasks;

  1. Convert a User mailbox to a Shared Mailbox
  2. Enable Messages sent from the shared mailbox to be saved to the Sent Items folder of the shared mailbox

Let’s take the below scenario;

User Mailbox – user@contoso.com
Shared Mailbox – shared@contoso.com (user@contoso.com has SendAs and FullAccess permissions)

In a case where if user(user@contoso.com) tries to send an email with SendAs/SendOnBehalfOf permissions for ‘shared@contoso.com‘, the sent email will only be available in the primary users ‘Sent Items‘ ONLY. In a business requirement where the mail should also be present in the ‘shared@contoso.com‘ shared mailbox, we would require the below permissions to be enabled. Once done, the email with SendAs/SendOnBehalfOf permission will be in both user@contoso.com and shared@contoso.com mailboxes’ Sent Items.

The MessageCopyForSendOnBehalfEnabled parameter specifies whether to copy the sender for messages that are sent from a mailbox by users that have the “send on behalf of” permission. In this script we will be enabling this by setting the value to $true; where when a user sends a message from the mailbox by using the “send on behalf of” permission, a copy of the message is sent to the sender’s mailbox.

The MessageCopyForSentAsEnabled parameter specifies whether to copy the sender for messages that are sent from a mailbox by users that have the “send as” permission. In this script we will be enabling this by setting the value to $true; where when a user sends a message from the mailbox by using the “send as” permission, a copy of the message is sent to the sender’s mailbox.

Want to give a try? you can get the script here..


 

Exchange Server 2019 Role Requirements Calculator – Download

with one comment

After much await Microsoft has decided to release the Role Requirements Calculator for Exchange Server 2019.

However unlike other versions, Microsoft has decided to make getting this extremely difficult. How? By including the file only inside the Exchange Server 2019 CU2 update. Yes, now you have to download a 5GB+ file just to get a 761KB file. Well that’s a bummer indeed.

Anyhow, if anyone wants to give a try, you can get the Exchange Server 2019 Role Requirements Calculator here..

download

Written by judeperera

June 27, 2019 at 8:20 am

Restore a Deleted User Mailbox

leave a comment »

Issue

In this scenario we are going to take an on-premise environment with a Windows Server 2012 R2 Active Directory and an Exchange Server 2016 environment. In our case, a user was accidentally deleted from the OU itself. (NOTE: It is always a best practice to enable ‘Protect object from accidental deletion‘ for your AD Objects.

You can also recover a deleted mailbox using backups. However, note that backups are not current. This will lead to restoring but will not give you the latest data once recovered.

Prerequisites

  1. First, we need to get the AD account restored. For this, you should have the Active Directory Recycle-bin enabled in your environment. If you don’t have this enabled already, you are in tough luck.
  2. Secondly, we need to make sure that you are within the time duration mentioned in the ‘Keep deleted mailboxes for (days)’ under Exchange database properties where the user was. In our case, it was 30 days as shown below;

Solution

  1. Restore the AD account from Active Directory
  2. Ensure that restored user accounts ‘User logon name‘ has the correct domain mentioned.
  3. Go to AD User properties page, note down the ‘Display Name‘ of the user (ex: Jude Perera).
  4. Open Exchange Control Panel (ECP), go to Recipients > Mailboxes. Click More
    Options icon, and then click Connect mailbox

  5. Click the deleted mailbox that you want to connect.
  6. Note down the ‘Display Name‘ of the user you want to restore (ex: Jude Perera).
  7. Open the Exchange PowerShell and run the below command;
    Connect-Mailbox -Identity "Jude Perera" -Database DB01 -User "Jude Perera" -Alias jude

    NOTE: The Identity parameter specifies the display name of the deleted mailbox retained in the mailbox database provided. The User parameter specifies the Active Directory user account to connect the mailbox to. Alias is what the users email alias is.

    Now we must get the identity and user attributes from the noted in steps 3 and 6 which is as below;

    Connect-Mailbox -Identity "Jude Perera" -Database DB01 -User "Jude Perera" -Alias jude

  8. Once you run the above command the mailbox will now be connected.
  9. To verify, go to the Exchange Admin Center and search for the user mailbox in the ‘Recipients‘. Your reconnected user will be shown.

Tip: In case you receive an error ‘Property expression “jude” isn’t valid. Valid values are: Strings that includes ‘@’, where ‘@’ cannot be the last character.’ Navigate to the AD user properties, select the ‘Account’ tab and verify that the User logon name has the domain selected properly.

Written by judeperera

March 22, 2019 at 10:45 am

SYSVOL migration from FRS to DFSR step by step

with 3 comments

If you have a Domain Controller environment that’s Windows server 2003, 2008 or 2008 R2 it is high time to get your environment upgraded to the latest Windows Server environment. However, if you are currently using an above operating system OR if you previously upgraded from a legacy domain controller environment such as 2003, you might want to perform some extra steps prior upgrading or migrating to the new Windows Server 2016+ domain controllers.

Here’s the background of the story.

File Replication Service (FRS) came into the picture with Windows Server 2000. Microsoft was using FRS to replicate the SYSVOL between its domain controller members. Later on with Windows Server 2008, Microsoft introduced Distributed File System Replication (DFSR) that was able to replicate SYSVOL.

However, environments which got migrated from legacy 2003 domain controllers tend to utilize FRS. However when an upgrade is in place for your domain controllers, one thing you need to consider is raising your Forest and Domain functional levels.

For an example, a Windows server 2008 R2 with a Windows Server 2003 Forest and Domain functional level may still be using FRS as the default SYSVOL replication method. In this environment if you are to upgrade your domain controllers to Windows Server 2016 you will come into issues with FRS.

Windows Server version 1709 can no longer be added as an Active Directory domain controller (DC) to an existing domain that is still using File Replication Service (FRS) for replication of the SYSVOL share.

When you try to add a Windows Server version 1709-based server as a DC to the domain, you receive the following error message:

  • The specified domain %1 is still using the File Replication Service (FRS) to replicate the SYSVOL share. FRS is deprecated.
  • The server being promoted does not support FRS and cannot be promoted as a replica into the specified domain.
  • You MUST migrate the specified domain to use DFS Replication using the DFSRMIG command before continuing.

How to overcome this? Well, there is only one way and that is to migrate the replication method of the SYSVOL to DFSR. Let’s see steps to perform the migration.

First thing you might want to do is to check what SYSVOL replication is used in your environment. To do this, open up the command prompt using administrator and run the below command;

dfsrmig /GetGlobalState

dfsrmig /GetMigrationState

What you need to focus on the result is the state mentioned Global state (‘<State>’).

  • In most cases, you will see “START” as the state, you are running FRS and is required to perform the migration.
  • If you have “ELIMINATED” as the state, you don’t have to worry as it will be using DFSR.

Prerequisites

This is a very important stage. Why? Well you are dealing with your SYSVOL and its better to start the migration process knowing that your domain environment is running in a healthy state.

  • You should have domain controllers running Windows Server 2008 or above ONLY. Any domain controller running windows server 2003 will not be able to perform the task as you won’t be able to raise the functional levels to 2008 or above.
  • You should be running Windows Server 2008 or above domain/forest functional levels. If you don’t, it’s time to raise the functional levels.
  • Make sure that you have installed all the updates; without updates, you might still be able to go through this but it’s always recommended.
  • Verify that the built-in Administrators group has the “Manage Auditing and Security Log” user right on all your domain controllers. You can check this via running a gpresult.exe command on your domain controllers.
  • Ensure that replication for your entire organization is in a healthy state. For this, use an administrator command prompt to run the below commands;
    • repadmin /syncall /AdeP – Initiate a full sync and wait
    • repadmin /replsum – See if replication was run and you are shown with a minimum time (most recent time would be the time where you ran the above command)
    • dcdiag /e /c /q – Provides you a summary of the errors on your directory configuration for the entire environment
    • dcdiag /e /test:sysvolcheck /test:advertising – This will ensure that SYSVOL is advertised among all domain controllers without any issues
    • If you encounter any abnormal issues, don’t proceed. Fix It!

Migration

In this document I will be taking you through the process of what we call a ‘Quick Migration’. This involves migrating in a slow, phase by phase method where you will have the option to roll back. This is always preferred.

The migration will take you through migrating to below levels step by step;

0 Start State

1 Prepared State

2 Redirected State

3 Eliminated State

For the next few steps, we will be using the command ‘dfsrmig /SetGlobalState <state>’ where the state can be chosen from the above numerical value 0-3.

Prepared State

As we saw earlier, you will be shown to be in the ‘Start State’. Our task is to migrate the DFSR state to ‘Prepared’. For this, open the command prompt as administrator and run the below command;

dfsrmig /SetGlobalState 1

What happens is that the initiated domain controller will start the migration task for the given state and will inform the rest of the servers. Therefore this will take time and depending on your links, the time to complete on each server may vary. Once the command is executed, wait for 15mins and run the below command to view the status of the migration process.

dfsrmig /GetMigrationState

As you can see, the state is still ‘Start’ in three of my servers. What you can do to speed up the process is;

  1. Wait till it completes by itself
  2. Run a repadmin /syncall /AdeP to manually invoke replication to each domain controllers

Once the migration is complete, you will receive the below message; Note that it says the state is now ‘Prepared

Also notice that you will have a new folder inside the NTDS for SYSVOL;

Redirected State

As we saw earlier, you will be shown to be in the ‘Start State’. Our task is to migrate the DFSR state to ‘Prepared’. For this, open the command prompt as administrator and run the below command;

dfsrmig /SetGlobalState 2

Once the command is executed, wait for 15mins and run the below command to view the status of the migration process.

dfsrmig /GetMigrationState

As you can see, the state is still ‘Start’ in three of my servers. What you can do to speed up the process is;

  1. Wait till it completes by itself
  2. Run a repadmin /syncall /AdeP to manually invoke replication to each domain controllers

Once the migration is complete, you will receive the below message; Note that it says the state is now ‘Redirected

Eliminated State

After the above task, you will be shown to be in the ‘Redirected State’. The next task would be the final task which is to migrate the DFSR state to ‘Eliminated’. For this, open the command prompt as administrator and run the below command;

dfsrmig /SetGlobalState 3

Once the command is executed, wait for a few mins and run the below command to view the status of the migration process.

dfsrmig /GetMigrationState

As you can see, the state is still ‘Start’ in three of my servers. What you can do to speed up the process is;

  1. Wait till it completes by itself
  2. Run a repadmin /syncall /AdeP to manually invoke replication to each domain controllers

Once the migration is complete, you will receive the below message; Note that it says the state is now ‘Eliminated’

With this, we conclude the migration of the SYSVOL to DFSR. You can monitor for awhile and check for any errors using DCDIAG and REPADMIN.

Really appreciate all your comments, especially if i have missed anything or made a mistake regarding the installation. 🙂

(c) Copyrights Reserved! Do not share or use any content in any way without approval from poster!

Written by judeperera

March 19, 2019 at 4:59 am