none
Project Server 2010 domain migration big issue RRS feed

  • Question

  • I have Project Server 2010 in one box server farm configuration running on domain A and we are moving it to domain B. In the meantime, domain A and B run side by side with all users with same AD Guid and passwords to allow users and service account work seamlessly.

    Look what we did and what we get:

    1. We did not use any tool to migrate the SQL Server, so we mapped all old accounts to new domain accounts,
    2. Entered all new domain in local admin group.
    3. Changed the old domain to new domain name, all resource pool acount of PWA and users of SharePoint.
    4. Moved the one box server to new domain.
    5. Changed the in Services the account of old domain to new domain.
    6. Changed the app pool accounts of IIS to new domain acounts.
    7. Changed the reporting services account to new domain acounts.
    8. Changed the analysis services, reporting services, etc server groups user accounts from old to the new accounts,
    9. In SharePoint Central Administration changed all service accounts to the new domain in Security session.
    10. Changed the Administration group to the new domain.
    11. Restarted the server.

    At this point everything was working riight, but we are not sure that we got rid of old accounts, Then I discovered the we lost the page of Manage Service Account in SharePoint Central Administration. when you click there appears the following error message:

    Error: Item has already been added. Key in dictionary <domain B>\<search service account> key been added to <domain B>\<search service account>,,,

    If I enter in the Managed Account Page appears the old and new domain farm administrator account and twice the seach service acount and it cannot be edited or deleted because appears the error message above.

    This issue very well described in the following question in SharePoint Forum:

    http://social.technet.microsoft.com/Forums/en-US/sharepoint2010programming/thread/a2297082-9ce6-4854-8c7b-7299827928d9

    In the meantime the security team started tp change the passwords of service accounts to check if we got rid of old accounts. Some features in PWA stop working, for instance, when I try to drill down in a project in Project Center viwe, appears a message that my account is not allowed to do it and I need to login using another account. Neither I nor any project manager can do this anymore in this page or in somo selected pages,

    I used the Powershell command to if any old service account where in use and for my surprise, the service accounts I changed from old to new domain such as Excel Service, SSS, SharePoint-80, etc using Manage Service Accounts in SharePoint Administration Center did not work!!!

    Only the accounts I changed in Service (Admin Tools) efectively changed.

    The link above shows that the only solution is to reinstall SharePoint (and Project Server).

    Does anybody have a better suggestion?

    Thank you,


    Best regards, Ricardo Segawa - Segawas Projetos / Microsoft Partner
    Monday, April 18, 2011 8:26 PM

Answers

All replies

  • I have Project Server 2010 in one box server farm configuration running on domain A and we are moving it to domain B. In the meantime, domain A and B run side by side with all users with same AD Guid and passwords to allow users and service account work seamlessly.

    Look what we did and what we get:

    1. We did not use any tool to migrate the SQL Server, so we mapped all old accounts to new domain accounts,
    2. Entered all new domain in local admin group.
    3. Changed the old domain to new domain name, all resource pool acount of PWA and users of SharePoint.
    4. Moved the one box server to new domain.
    5. Changed the in Services the account of old domain to new domain.
    6. Changed the app pool accounts of IIS to new domain acounts.
    7. Changed the reporting services account to new domain acounts.
    8. Changed the analysis services, reporting services, etc server groups user accounts from old to the new accounts,
    9. In SharePoint Central Administration changed all service accounts to the new domain in Security session.
    10. Changed the Administration group to the new domain.
    11. Restarted the server.

    At this point everything was working riight, but we are not sure that we got rid of old accounts, Then I discovered the we lost the page of Manage Service Account in SharePoint Central Administration. when you click there appears the following error message:

    Error: Item has already been added. Key in dictionary <domain B>\<search service account> key been added to <domain B>\<search service account>,,,

    If I enter in the Managed Account Page appears the old and new domain farm administrator account and twice the seach service acount and it cannot be edited or deleted because appears the error message above.

    This issue very well described in the following question in SharePoint Forum:

    http://social.technet.microsoft.com/Forums/en-US/sharepoint2010programming/thread/a2297082-9ce6-4854-8c7b-7299827928d9

    In the meantime the security team started tp change the passwords of service accounts to check if we got rid of old accounts. Some features in PWA stop working, for instance, when I try to drill down in a project in Project Center viwe, appears a message that my account is not allowed to do it and I need to login using another account. Neither I nor any project manager can do this anymore in this page or in somo selected pages,

    I used the Powershell command to if any old service account where in use and for my surprise, the service accounts I changed from old to new domain such as Excel Service, SSS, SharePoint-80, etc using Manage Service Accounts in SharePoint Administration Center did not work!!!

    Only the accounts I changed in Service (Admin Tools) efectively changed.

    The link above shows that the only solution is to reinstall SharePoint (and Project Server).

    Does anybody have a better suggestion?

    Thank you,


    Best regards, Ricardo Segawa - Segawas Projetos / Microsoft Partner


    I discovered also that the SSS security key is lost in this process. I entered the passphare and it recovered the key. So I could change the SSS and PerformancePoint service account to the new domain. Surplisingly after that the Manage Service Account page came alive again, but when I tried to change one old domain acount reappeared the "The item has already been added message...". I went back to SSS page and again the security key was lost.

    So there is a connection between SSS security key and manage service account page. The question is how to solve this issue. 


    Best regards, Ricardo Segawa - Segawas Projetos / Microsoft Partner
    Wednesday, April 20, 2011 12:07 PM
  • Hi everybody who read this thread.

    See the answer here:

    http://social.msdn.microsoft.com/Forums/en-US/projserv2010setup/thread/990fb9a7-20a6-4376-9262-ad886f594968

     


    Best regards, Ricardo Segawa - Segawas Projetos / Microsoft Partner
    • Marked as answer by R.Segawa Friday, May 27, 2011 6:14 PM
    Friday, May 27, 2011 6:13 PM