long time no post… been busy moving house (yay) and dealing with all the hassle and things that aren’y done around building a new house (boo)
Anyhoo – recently i assisted a client to move from exchange 2007 to exchange 2010…. the client had completed the install and come configuration, but wanted us to finish off due to time constraints – and also as a check over.
1st interesting bit – This client, for whatever reason, always has lotfs of whacky, non-standard settings. Im not sure what it is, but the lead tech seems to like to tinker a bit and make things non-standard…. and it always causes issues. In this case, he has 3 DC’s. The DC holding the FSMO roles is not a GC, by his doing. Most of you will be familiar with this – http://support.microsoft.com/kb/223346 – basically the only reason to have a non GC for the IM is in a multi-domain forest under certain conditions… outside of that, especially in a single domain & forest of this size (1000 users), just make your own and everyone elses life simple and make every DC a GC.
Anyhoo the schema master, as one of the FSMO roles, was on the DC that wasnt a GC…. so the Exchange 2010 SP2 schema prep just kept on running, doing the same thing over and over again (according to the logs). after it took a little while longer than normal (i.e. an hour!) i started investigating…. moved the schema master FSMO role to a DC that was a GC… worked. (and i have recommended to the guy that he makes the DC a GC etc)
2nd interesting bit – In order not to update the SMTP relay, he wanted to swap over IP’s…. fair enough. He did this overnight once the migration of mailboxes was finished. I remoted back in the next morning and found the databases on the 2007 box dismounted…. and they would not mount with error
Couldn’t mount the database that you specified. Specified database: x; Error code: An Active Manager operation failed. Error: The database action failed. Error: Operation failed with message: MapiExceptionNoAccess: Unable to mount database. (hr=0x80070005, ec=-2147024891
I ended up pulling my hair out over this for around 2 hours…. checking adsiedit permissions, file permissions, running the BPA, turning up IS logging etc…. and after all that… there was a hosts file specifying the name and IP of the local machine…. got rid of that, let the server re-register in DNS with its new IP, voila… all good.
hosts and lmhosts are things that should only ever be used in test enviornments for emulating a namespace etc…. they really have no place in production. There are always better ways of managing name registration etc than static files.
3rd interesting bit – Quite a while back i noticed on SCCM that if the Windows firewall service is disabled, SCCM has difficulty communicating… and ever since i have ensured the service is enabled and then the firewall state is set to allow SCCM traffic or disabled within control panel (but the service is still running) depending on the client preference.
Last week i moved a place to 2008 R2 DC’s from 2003 DC’s…. pretty simple affair…. apart from some odd errors showing up in DCDiag…. as if communication with other DC’s was problemsome. Sure enough, firewall service was disabled…. set that to automatic and started it, disabled the firewall through group policy – all good. Fairly obvious moral of the story…. fair enough if you want the firewall off…. but dont disable the service, disable it via group policy or control panel… but leave the service started.