none
Physical to Virtual (P2V) conversion of a Windows 2008 SP1 AD Domain Controller Failure RRS feed

  • Question

  • Failure, Failure, and more Failure (literally, three different failures)

    • Attempted to do a Physical to Virtual (P2V) conversion of a Windows 2008 SP1 AD Domain Controller via Microsoft System Center Virtual Machine Manager 2008.
    • Per Microsoft documentation “To avoid USN rollbacks in the test environment, all domain controllers that are to be migrated from physical machines to virtual machines must be taken offline. (You can do this by stopping the ntds service or by restarting the computer in Directory Services Restore Mode (DSRM).)”
      i. Guess What!!!!, you can’t even get by the system scan section of the P2V wizard without the NTDS service running (or at least one of its dependencies). You will receive the following error: “Convert physical server fails with error 410: “Agent installation failed on <computer name> (Fatal error during installation (0x80070643)) Recommended Action Try the operation again. If the problem persists, install the agent locally and then add the managed computer.”  Per this Microsoft webpage http://technet.microsoft.com/en-us/library/bb740927.aspx  the solution is to install Windows Install 3.1 or greater.  I proceeded to install Windows Installer 4.5 (with a required reboot).  The result was the exact same error message.  Started the NTDS service and the system scan completed successfully.  After the system scan completed I again stopped the NTDS service.  At the end of the wizard I was warned by the wizard with the following message (mind you the NTDS service is stopped): Warning (13249) Online physical-to-virtual conversion of a domain controller is not recommended.  Recommended Action Run the Convert Physical Server Wizard again, and choose the Offline Conversion option on the Volume Configuration page.
    • I proceeded and since Microsoft’s documentation states that this is possible “ (You can do this by stopping the ntds service or by restarting the computer in Directory Services Restore Mode (DSRM).)” The result was a failed conversion. I was presented with the following error message:  Error (3110)VMM is unable to create a snapshot set on <computername>. An unexpected error occurred during the Volume Shadow Copy service operation.  (Unknown error (0x80042301)) Recommended Action Try the operation again.
    • OK so I think to myself there is a problem with the Volume Shadow copy service.  So I go and check the event logs on the source computer.  The following two same errors exist (Pay close attention to the error, because I will reference it again when attempting a conversion with the Windows in DSRM):  This machine is a Domain Controller with the Active Directory service (NTDS) stopped. Backup cannot be performed, nor can shadow copies be managed in this case. Either the NTDS must be started (net start ntds), or reboot in DSRM to enumerate shadow copies/providers/writers only.
    • What do I conclude from this:  What do believe!!!!?!?!?!  the statement that "it is possible to do a P2V conversion after stopping the NTDS or I have to reboot to DSRM and do a P2V conversion.  Well since stopping the NTDS failed in more than one way, lets try the other method….  Rebooting to DSRM


     

    • Rebooted the domain controller in DSRM (again per Microsoft’s documentation)
      a. Started the P2V conversion wizard
      b. Passed the system scan without any problems (GREAT)
      c. Finished the rest of the steps in the wizard without any warnings or recommendations (Wow this is really going to work)
      d. Started the conversion (FAILED instantly) with the following error: Error (3110) VMM is unable to create a snapshot set on <computername>. An unexpected error occurred during the Volume Shadow Copy service operation.  (Unknown error (0x80042301)) Recommended Action Try the operation again. (WOW THIS ERROR LOOKS FAMILIAR)
      e. So I go and check the event logs on the source computer AGAIN.  The following errors exist (remember above when I said to pay attention to the error. Contradicting Errors):  This machine is a Domain Controller in Directory Service Restore Mode (DSRM). Backup cannot be performed in this case, please reboot out of DSRM.

    Does anyone have any advice?
    The obvious answer is to do a Offline conversion (my definition of offline in this case is booting to WinPE environment).
    Can anyone provide instructions on how to do a offline P2V conversion (including the steps necessary to create and boot to the WinPE environment)?

    Thanks Again



    Update:  Found this tidbit of information on technet
    http://technet.microsoft.com/en-us/library/dd221390.aspx
    Offline P2V is the default mode for converting source machines with the Windows Server 2000 operating system. It is the only method to reliably convert an Active Directory domain controller or a source machine that contains FAT volumes.












    Background infromation listed below:
    Proper step for P2V domain controllers (test environment)

    I’m attempting to setup a test environment that mimics our production network. I have the necessary hardware in place for the test environment.  The test environment will be on an isolated network separate from our production network.

     

    I’ve read the Microsoft documentation server times and would like some feedback on how other users have did the conversion. http://technet.microsoft.com/en-us/library/dd348449(WS.10).aspx

     

    Our current production setup consists of two physical Windows 2008 domain controllers – ONLY ONE DOMAIN (severing AD, DNS, WIN, Time, and DHCP).

     

    During the P2V conversion process, the new virtual machine and the physical domain controller that is being migrated must not be on at the same time, to avoid a USN rollback (Understood)
    You should perform P2V conversion using offline mode so that the directory data is consistent when the domain controller is turned back on. (Does this mean both of our domain controllers should be offline when doing the P2V conversion?) 
                           No, you'll want your domain to continue to run uninterrupted.  Just take one DC offline for the P2V conversion.


    During P2V conversion, the virtual machine should not be connected to the network. The network interface card (NIC) of the virtual machine should be enabled only after the P2V conversion process is complete and verified. At this point, the physical source machine will be off. Do not bring the physical source machine back onto the network again before you reformat the hard disk. (Understood)
    Caution: To prevent issues with Active Directory replication, ensure that only one instance (physical or virtual) of a given domain controller exists on a given network at any point in time. (Understood)
    Using P2V Migration to Create Test Environments

    You can use P2V migration through the VMM to create test environments. You can migrate production domain controllers from physical machines to virtual machines to create a test environment without permanently bringing down the production domain controllers (What do they mean by permanently bringing down the production domain controllerS.  Does this mean that both domain controller, converted in Offline mode doesn’t mean permanent, or does this mean the P2V can be converted without put the domain controllerS in offline mode?)  

                        This means that when you take one DC offline to P2V it and subsequently put that VM into your Test environment, you can simply restart the "converted" physical DC as its normal Production self.  The VM created must remain separated within your Test environment.  Think of this as simply shutting down one DC for a few hours and restarting it...it will replicate any changes it has missed and be happy.


    One in-production domain controller from each domain is migrated to a test virtual machine using P2V according to the guidelines stated in the Physical-to-virtual migration section. The physical production machines and the test virtual machines must be in different networks when they are brought back online. (What I get out of this statement is that you should only convert one domain controller in any given domain.  I only concluded this after reading the last statement in the article. “Subsequent test domain controllers should be promoted as replicas in the test environment.”)
                   Agreed.  Additionally, I'd ensure that the DC you virtualize holds all the Operations Masters (FSMO) Roles. 
    Great care must be taken in the creation of test environments with P2V migration to avoid USN rollbacks that can affect your test and production environments. (I don’t understand how USN rollback can affect the production environment.  If I leave one domain controller ONline to answer request and bring the other domain controller OFFline to do a P2V conversion. After the conversion the same physical box will come back ONline and replicate the necessary change from the domain controller that remained ONline during the conversion.)
                          Correct...USN rollback could only occur if the virtualized DC was able to communicate with the Production network and the USN sequences were off
    One in-production domain controller from each domain is migrated to a test virtual machine using P2V according to the guidelines stated in the Physical-to-virtual migration section. The physical production machines and the test virtual machines must be in different networks when they are brought back online. To avoid USN rollbacks in the test environment, all domain controllers that are to be migrated from physical machines to virtual machines must be taken offline. (You can do this by stopping the ntds service or by restarting the computer in Directory Services Restore Mode (DSRM).) After the domain controllers are offline, no new updates should be introduced to the environment. The computers must remain offline during the P2V migration; none of the computers should be brought back online until all the computers have been fully migrated. To learn more about USN rollback, see Appendix A: Virtualized Domain Controllers and Replication Issues. (Maybe the easy way to convert our single domain –domain controllers, is to take both domain controllers offline via stopping the ntds service and doing a offline P2V conversion.   Or would I only convert one of the domain controllers and promote a second that I would build from scratch in the test environment?)
                   I'd only convert one to minimize service interruption; just make sure you have all the roles (as mentioned above).  If you don't, you'll have to seize roles in your Test environment. 

    I realize this is a long post, however due to the damage that may be caused by a P2V conversion I want to make sure I understand everything correctly.  I thank you for the time invested in reading this post and for any responses I may get.

    • Edited by J..C Monday, July 20, 2009 3:52 PM
    Monday, July 20, 2009 1:51 PM

Answers

  • I am sorry to hear that you faced all these issues.

    to make an offline p2v, all you have to do is to check offline conversion option in the volume configuration page of the wizard.
    VMM will create a winpe image and boot the phyical machine into that.

    Caglar --Posting is provided "AS IS" with no warranties, and confers no rights.
    Tuesday, August 4, 2009 5:57 PM