Problems on Joining Windows Server 2022 to a domain controller forest functional level is not supported #winserv #AD #Azure

This is the first post in the new layout, personally I think I will change it again as the text frame is to small, but let me know your thoughts

When migration machines to Azure or to a different OS You will often face all kinds of errors and issues. that you think why and that is an old message and didn’t I do this already. Well In the AD there is also dfsrmig.exe yes the DFS migration tool in the old days you had only FRS for the sysvol folder replication. But If you have still a FRS than you can’t join a Windows server 2022 domain controller. In the following steps I’ll show you how to do this. I had to build a server 2003 domain again(painfull)

image

Joining a Windows server domain controller to a old 2000 domain it will fail.

image

Windows functional level and domain level are on windows 2000.  We need to raise the DFL and the FFL .

Going to the new ADPrep and it fill be fixed, as I had a greenfield AD site some items maybe different in the production site.

image

image

Now that the DFL is 2008 we can go the the next phase.

image

image

Windows Server 2003 and 2003 R2 uses File Replication Service (FRS) to replicate SYSVOL folder content to other domain controllers. But Windows server 2008 and later are using Distributed File System (DFS) for the replication.  DFS is better than FRS.

The dfsrmig.exe tool is supported only on domain controllers which are running in the Windows Server 2008 domain functional level DFL. This is because SYSVOL migration from FRS replication to the DFS Replication service is possible only on domain controllers running in the Windows Server 2008 domain functional level.

image

In the overview you can see all the options that can be used in the dfsrmig tool.

image

dfsrmig.exe /GetGlobalState

image

Now we can see the levels of the domain, and we raise the level , keep in mind a reboot is needed it is not mentioned but you need a reboot of the domain controllers.

imageimage

PS C:\Users\Administrator> dfsrmig.exe /GetGlobalState

Running the tool will give you the required information

The current domain functional level is not at least Windows Server 2008.
DFSRMig is only supported on at least Windows Server 2008 level domains.
PS C:\Users\Administrator> dfsrmig.exe /GetGlobalState

DFSR migration has not yet initialized. To start migration please
set global state to desired value.PS C:\Users\Administrator>

Global Migration States

0

‘START’ state

1

‘PREPARED’ state

2

‘REDIRECTED’ state

3

‘ELIMINATED’ state

In the 4 steps we gona transfer the FRS in DFS

dfsrmig.exe /setGlobalState 1

image

dfsrmig /getmigrationstate

image

When it is ready, we can check and go to the next step.

image

dfsrmig /setglobalstate 2

image

Type dfsrmig /getmigrationstate to confirm all domain controllers have reached redirected state. every step can be checked with the /getmigration state.

image

image

We can set the next step 3 dfsrmig /setglobalstate 3

image

After these steps we can check if all domain controllers are changed, remember this can take some time when you have multiple domain controllers and long replication schedules.

Checking the migration state is the best way to see if it has finished. dfsrmig /getmigrationstate to confirm all domain controllers have reached eliminated stateimage

Checking the proper state can be done with the sysvol share. This completes the migration.image

imageHere are the before and after status.

image

Also make sure in each domain controller FRS service is stopped and disabled.

Now it should all be good

image

Now the domain join should work.image

Got another error warning.

Verification of replica failed. The forest functional level is not supported

Let me get the Ad info get-adforestimage

As you can see the forest mode is still windows2000forest so we need to raise this. In domain and trust we can set this.

image image

Now that everything is fixed we can add a new Windows server 2022 domain controller to the existing domain. 

image

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Http://nl.linkedin.com/in/robertsmit

First hands-on Upgrading to Windows Server 2022 Domain Controller #Windows2022 #Windows2016 #winserv #CloudOS #WIMVP

Windows Server 2022 is built on the strong foundation of Windows Server 2019 and brings many innovations on three key themes: security, Azure hybrid integration and management, and application platform. Also, Windows Server 2022 Datacenter: Azure Edition helps you use the benefits of cloud to keep your VMs up to date while minimizing downtime.

https://docs.microsoft.com/en-us/windows-server/get-started/whats-new-in-windows-server-2022?WT.mc_id=AZ-MVP-4025011

As some of my Domain controllers are running on Server 2016 this is a great moment to upgrade them,Upgrading a domain controller is always tricky when you loos you AD, well I got a copy in Azure Winking smile

How ever Windows Server 2016 is supporting Rolling Upgrades Upgrading to Windows Server 2022 but this is only for a Cluster.

For other Servers you can upgrade your server or better reinstall. Bet you all choose for the Clean install. Well For a domain controller, it’s a quick process to redeploy but often there is ton’s of software on the DC that should not be there and makes it hard to loos the DC right ?

So my DC server 2016

image

Finding the FSMO roles

netdom query fsmo

image

You can’t upgrade the server when there is a FSMO role running on the server. Tested this and if failed So move the FSMO roles from your DC.

Yes I hear you you have only one DC well create a virtual second one and move the fsmo roles to that server upgrade and move the roles back and demote the Extra DC and you are back to a single DC.

my other DC is mvpdc22

image

I move the roles to my second DC

image

Quick and Smooth migration

Move-ADDirectoryServerOperationMasterRole -Identity “Your-DC” -OperationMasterRole SchemaMaster,RIDMaster,InfrastructureMaster,DomainNamingMaster,PDCEmulator

I mounted the ISO to the DC (virtual CD disk)

image

YEs I want to make the product better.

image

Use your Product key or if you are on hyber-v you can use the AVMA key https://docs.microsoft.com/en-us/windows-server/get-started-19/vm-activation-19?WT.mc_id=AZ-MVP-4025011

The following AVMA keys can be used for Windows Server 2022:

Datacenter
W3GNR-8DDXR-2TFRP-H8P33-DV9BG

Standard
YDFWN-MJ9JR-3DYRK-FXXRW-78VHK

image

I still love my gui So I install the desktop experience

image

Read the entire EULA and I agree.

image

My domain Controller desktop (remember this is my lab) Don’t use your DC for any other things than using it for a DC.

I want to keep My files

image

Yes Install

image

Let the Setup running

imageimage

So in just 20 min my DC was upgraded to 2022 lot’s of new stuff is there but that’s all for a next blog post. Hope it was usefull and remember make sure you have a backup things my fail in your environment

https://docs.microsoft.com/en-us/windows-server/get-started/whats-new-in-windows-server-2022?WT.mc_id=AZ-MVP-4025011

Flickr Tags: Windows Server 2016,CloudOS

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Http://nl.linkedin.com/in/robertsmit

 

Effective March 31, 2021, the Azure portal will no longer support Internet Explorer 11. Start using the new Microsoft Edge for speed, security and privacy

Well on every server or Windows device there is the Internet explorer and prepairing some server workloads you may need some browser and may need to connect to Azure. using an old browser is always an bad idea.

When setting up a new server what ever version it is I always remove the IE icon and install Msedge this works fine and gives me a more secure feeling.

Microsoft Edge

Opening the Azure portal with IE you will see a warning about non supported browser.

Microsoft Edge

With the option to download the Edge directly

Microsoft Edge

The portal still opens in IE but using some functions are not working sample as anything that will use HTML5

Microsoft Edge

Official Download links for Microsoft Edge Stable Enterprise

I’m not 100% sure it’s final but anyone who wishes/wants can test it.

Microsoft Edge Stable Enterprise

X64.msi
http://go.microsoft.com/fwlink/?LinkID=2093437

X86.msi
http://go.microsoft.com/fwlink/?LinkID=2093505

MicrosoftEdgePolicyTemplates.cab
http://go.microsoft.com/fwlink/?LinkID=2099616

MicrosoftEdgeIntunePolicyTemplate.cab
http://go.microsoft.com/fwlink/?LinkID=2099617

macOS.pkg
http://go.microsoft.com/fwlink/?LinkID=2093438

Blocker Toolkit to disable automatic delivery of Microsoft Edge
https://docs.microsoft.com/en-us/deployedge/microsoft-edge-blocker-toolkit

So when you want to auto mate this the following lines could be used to install quickly Microsoft Edge

#Create temp folder
New-Item -Path ‘C:\temp’ -ItemType Directory -Force | Out-Null

#Install Edge
Invoke-WebRequest  -Uri "
http://go.microsoft.com/fwlink/?LinkID=2093437" -OutFile ‘c:\temp\MicrosoftEdgeEnterpriseX64.msi’
Invoke-Expression -Command ‘C:\temp\MicrosoftEdgeEnterpriseX64.msi /quiet /norestart’

This will install Microsoft Edge and you can set this in a powershell script and in the GPO that way all new servers will get Microsoft Edge.

 

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google  : Robert Smit MVP profile

 

Step by Step Manage Windows Server in Azure with Windows Admin Center #servermgmt #winserv #MSIgnite #WindowsAdminCenter #Azure #AzOps

During Microsoft Ignite there was a lot on news about Windows Admin Center the latest build 2103 is now GA  http://aka.ms/wacdownload

I’m a big fan of #WAC already wrote a couple of blog items about the product. and testing for some time now WAC in Azure, and now it is in public preview to test for us all.

image

Running this in your own Datacenter or on a VM in the cloud but the best part is there is also an add on in Azure, How handy is that.

image

Using Windows Admin Center can be done on a Windows 10 system or use a Server(core or Gui) or build this on a cluster See also my blog post about that item Deploy Windows Admin Center High Availability running on a Windows Server 2019 Cluster #winserv #WAC #WindowsAdminCenter #AzureArc #Azure #Hybrid | Robert Smit MVP Blog (wordpress.com)

image

Windows Admin Center, your favorite server management tool, is now available in preview in Azure. This new capability enables seamless and granular management of your Windows Server Azure IaaS virtual machines (VMs) from within the Azure portal.

image

Here is a short video highlighting some of the capabilities included with Windows Admin Center in the Azure portal.

Windows Admin Center in the Azure portal is available to all Windows Server customers on Azure running Windows Server 2016 or higher virtual machines in the public cloud. Create a new virtual machine today or deploy Windows Admin Center on your existing infrastructure. You can begin managing your virtual machines in Azure using Windows Admin Center by navigating to the “Windows Admin Center (preview)” blade under “Settings” in the Virtual Machine Azure portal UI. In my demo I used a Windows Server 2022 (insider build)

image

How does it work in Azure, Well currently only in new created VM’s the Extension will be there.  When creating a fresh new VM (next next create) method the Windows admin center will be there.

image

Some things are clear if the VM is turned off you can’t use the WAC blade.

image

But keep in mind all your VM’s need a public IP and need a minimum of 3 GB memory so It won’t work for all your SKU’s

 

image

The configuration is easy the VM must be running and have an external IP to route the traffic make sure there are no open ends on the Internet with that IP address.

image

As you can see an NSG is placed around the VM to keep things secure. and the WAC port is been Added as inbound IP  on port 6516

image

Now that Azure WAC is configured we can login with the VM credentials.

image

and If you like Bastion but think it is to expensive for you, here is the free version Azure RDP in your browser.

image

no other extra ports needed to have a fully web browser web RDP.

image

All the Windows server options are there and easy to handle like Windows update in the Azure porter / wac blade I go to the Update section and select the Updates that I want to deploy and start it and move to the next one if needed. without logging on into the server with RDP.

 

image

Want to know more about WAC here are some links to get you started.

 

image

Want to see more about Windows Admin Center and use this in Azure go Azurewac to get all the details.

https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/manage-vm?WT.mc_id=AZ-MVP-4025011

https://robertsmit.wordpress.com/2020/09/01/make-windows-admin-center-high-available-running-on-a-windows-server-2019-cluster-winserv-runws2019-windowsadmincenter-windowsserver2019/

https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/overview

 

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google  : Robert Smit MVP profile

First Impressions Windows Server 2022 #Bug found Unable to Sysprep Windows Server 2022 #WindowsServer #WindowsServer2022 #WindowsInsiders #WinServ

Building a new Lab around Windows server 2022 brings all the basics again , new vm’s new image of wim to vhd , sysprep what ever option you do to build a new lab. In this case I want to sysprep the VM this failed as Edge was not installed for all users. As it is a insider build this probably will be fixed in the next releases.

Unable to Sysprep Windows Server 2022

Running sysprep I got the Following Error.

SYSPRP Package Microsoft.MicrosoftEdge.Stable_86.0.622.38_neutral__8wekyb3d8bbwe was installed for a user, but not provisioned for all users. This package will not function properly in the sysprep image.

 

 

SYSPRP Package Microsoft.MicrosoftEdge.Stable_86.0.622.38_neutral__8wekyb3d8bbwe was installed for a user, but not provisioned for all users. This package will not function properly in the sysprep image.
2021-03-01 14:21:06, Error                 SYSPRP Failed to remove apps for the current user: 0x80073cf2.
2021-03-01 14:21:06, Error                 SYSPRP Exit code of RemoveAllApps thread was 0x3cf2.
2021-03-01 14:21:06, Error                 SYSPRP ActionPlatform::LaunchModule: Failure occurred while executing ‘SysprepGeneralizeValidate’ from C:\Windows\System32\AppxSysprep.dll; dwRet = 0x3cf2
2021-03-01 14:21:06, Error                 SYSPRP SysprepSession::Validate: Error in validating actions from C:\Windows\System32\Sysprep\ActionFiles\Generalize.xml; dwRet = 0x3cf2
2021-03-01 14:21:06, Error                 SYSPRP RunPlatformActions:Failed while validating Sysprep session actions; dwRet = 0x3cf2

 

Unable to Sysprep Windows Server 2022

Uninstalling the MS Edge from the uninstall section

Microsoft.MicrosoftEdge.Stable_86.0.622.38_neutral__8wekyb3d8bbwe

 

Unable to Sysprep Windows Server 2022

Unable to Sysprep Windows Server 2022

It’s gone but the SysPrep still failed.

Unable to Sysprep Windows Server 2022

Ah it is a modern app  So we need to remove this, listing all the Microsoft Apps.

 

Unable to Sysprep Windows Server 2022

Getting the Proper Package and remove this

Microsoft.MicrosoftEdge.Stable_86.0.622.38_neutral__8wekyb3d8bbwe

Unable to Sysprep Windows Server 2022

 

Powershell Command :

Remove-AppxPackage -Package Microsoft.MicrosoftEdge.Stable_86.0.622.38_neutral__8wekyb3d8bbwe

After This is removed I did a Reboot and Installed the MS Edge for all users and the sysprep Went fine.

 

Installing Edge.

#Create temp folder
New-Item -Path ‘C:\temp’ -ItemType Directory -Force | Out-Null

#Install Edge

Invoke-WebRequest  -Uri "http://dl.delivery.mp.microsoft.com/filestreamingservice/files/c39f1d27-cd11-495a-b638-eac3775b469d/MicrosoftEdgeEnterpriseX64.msi" -OutFile ‘c:\temp\MicrosoftEdgeEnterpriseX64.msi’
Invoke-Expression -Command ‘C:\temp\MicrosoftEdgeEnterpriseX64.msi /quiet /norestart’

My syspreped Machine.  with edge

image

 

 

 

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google  : Robert Smit MVP profile