SBS2003 Change To Member Server Guide

Discussion in 'SBS' started by craigie, May 14, 2010.

  1. craigie

    craigie Terabyte Poster

    Within an SBS environment you can only have one Domain Controller by design, there is a core service called sbscrexe.exe which seeks out other DC's to ensure that it holds all the 5 FSMO Roles. If it finds another one, you are in a world of hurt (well it warns and shuts down). You can however have member servers and global catalog servers.

    I was in a position today, where one of my colleagues had performed a swing migration to SBS2008 at a clients site and needed to keep the SBS2003 Server in co-exisitance as it runs RSA Security for two factor authentication and then server cannot have any downtime.

    RSA isn't supported on Server 2008, so we didnt have that option to Hyper V and migrate.
    Anyway, we where past the 21 days grace period and started to recieve calls about remote users not being able to connect in. I investigated and the reason for this was due to the server shutting down every hour!

    So if you ever find yourself in this position (I hope not) as I was flying by my the seat of my pants, follow this guide:

    New SBS2008 Server

    - Check AD to ensure that it has all the FSMO roles.

    - You might need to run regsvr32 schmmgmt.dll to add the AD Schema MMC Snap In

    - Remove Network Cable(s) from Old Server and remove the Server & NTDS Settings from AD Sites & Services choosing Server Will Not Be Online Again.

    Old SBS 2003 Server

    - Download process explorer, which can be found here

    - Uninstall DHCP/DNS/Sharepoint (Add/Remove Programs > Windows Components > Network Servics). Reboot and disable any services relating to sharepoint/sql this includes disabling the Windows Internal Database service.

    - On the old SBSServer run dcpromo /forceremoval

    - Start Process Explorer find the process called sbscrexe.exe – right click and suspend it.

    - Run Regedit and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SBCore
    Right click this, hit permissions and give the "Administrators" group on the local machine full access ( don't forget to replace permissions on child nodes ). F5 in regedit and you'll see all of the values and data under this key). Note you may have to restart the SBS2003 Server to apply the permissions.

    - Select the "Start" DWORD and change it from 2 to 4 – this basically sets the service to the "Disabled" state as far as the MMC services snap-in (and windows for that matter) is concerned.

    - Adjust the permissions on the file C:\WINDOWS\system32\sbscrexe.exe so that EVERYONE account is denied any sort of access to this file.

    - Then go back to process explorer, and kill the sbscrexe.exe process. If it doesn’t restart happy days!

    - Run the services MMC snap-in and you should find that "SBS Core Services" is stopped and marked as Disabled.

    - Reboot the SBS2003 Server now start the SQL Services you wish to keep, remember NOT to start the following SQL Services

    SQL ServerAgent$SHAREPOINT

    Remove Exchange 2003

    As we are in dire straits, you would normally gracefully remove Exchange 2003 from the SBS2003 Console, but we need to remove it forcilby by doing the following:

    Disabled the following services:

    • Distributed Transaction Coordinator
    • Internet Information Services (IIS) Admin Service
    • Microsoft Exchange Event
    • Microsoft Exchange Internet Message Access Protocol (IMAP4)
    • Microsoft Exchange Information Store
    • Microsoft Exchange Management Service
    • Microsoft Exchange Message Transfer Agent (MTA) Stacks
    • Microsoft Exchange Post Office Protocol version 3 (POP3)
    • Microsoft Exchange Routing Engine
    • Microsoft Exchange Site Replication Service
    • Microsoft Exchange System Attendant
    • Network News Transfer Protocol (NNTP)
    • Simple Mail Transfer Protocol (SMTP)
    • World Wide Web Publishing Service

    Delete the following registry keys:

    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DAVEX WebDAV
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EXIFS Microsoft Exchange Installable File System
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ExIPC Epoxy
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EXOLEDB Exchange OLE DB
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IMAP4Svc Microsoft Exchange IMAP4
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeActiveSynchNotify Microsoft Exchange ActiveSynch Notifications
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeADDXA Microsoft Exchange Active Directory Connection Agreements
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeAL Microsoft Exchange Address Lists
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeDSAccess Microsoft Exchange access to Active Directory
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeES Microsoft Exchange Event
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeFBPublish Microsoft Exchange Publish Free/Busy
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS Microsoft Exchange Information Store
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeMGMT Microsoft Exchange Management
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeMTA Microsoft Exchange Message Transfer Agent Stacks
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeMU Microsoft Exchange Directory Service to Metabase
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeOMA Microsoft Exchange Outlook Mobile Access
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeSA Microsoft Exchange System Attendant
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeSRS Microsoft Exchange Site Replication Service
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeTransport Microsoft Exchange Message Routing
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeWEB Microsoft Exchange Outlook Web Access
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\POP3Svc Microsoft Exchange POP3
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RESvc

    Removed ASP.NET & IIS
    Renamed Exchange Folders to nameold

    Reboot the SBS2003 Server and rejoin back to the domain as a member server.

    VOILA :D
    Last edited: May 14, 2010
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  2. jiggy

    jiggy Nibble Poster

    yeah been in a similar position but was aware of the shutdown every hour thing. JUst wrote a simple batch file to reboot the server every 50 minutes which reset the shutdown counter. Wasnt ideal but got us through to the weekend where we could do a proper job of fixing it. Not pretty, but it worked :D
    Certifications: MCSE
    WIP: ABC's
  3. SimonD
    Honorary Member

    SimonD Terabyte Poster

    Would it not have been easier building up a 2003 server on it's own and transferring the RSA app to that? As it is I would guess that MS would argue that the current implementation isn't a licensed SBS server and falls outside of the SBS license anyway.
    Certifications: CNA | CNE | CCNA | MCP | MCP+I | MCSE NT4 | MCSA 2003 | Security+ | MCSA:S 2003 | MCSE:S 2003 | MCTS:SCCM 2007 | MCTS:Win 7 | MCITP:EDA7 | MCITP:SA | MCITP:EA | MCTS:Hyper-V | VCP 4 | ITIL v3 Foundation | VCP 5 DCV | VCP 5 Cloud | VCP6 NV | VCP6 DCV | VCAP 5.5 DCA
    WIP: VCP6-CMA, VCAP-DCD and Linux + (and possibly VCIX-NV).
  4. craigie

    craigie Terabyte Poster

    Thought about this, but it doesn't work in this scenario as VPN users being disconnected after 50 minutes work, would have ended in alot of complaints.

    Not sure if you are aware but the RAS Server also integrates with RRAS, so when the server is restarted everyone looses connection and there work.
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  5. craigie

    craigie Terabyte Poster

    In hindsight, yes, but we made a mistake at work and the 21 days was over looked.

    We are planning to do exactly this but need to agree this the client as the old server hardware will need to be re used, and it was a hybrid build so we think about 4 days to rebuild and test is right (including a weekend).

    The original plan was to Hyper V it into the new server, but to cut along story short, the new server wasn't brought by us but instead by the old IT company (who tried to perform an SBS AloMigration and bodged it, sold them alot of crummy new hardware then decided they wouldn't support them anymore).

    So, as mentioned this guide is to get you out of a bad situation, its not the ideal, but I'm more than happy to have it in my toolbox for the future.
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  6. jiggy

    jiggy Nibble Poster

    Yeah no VPN users here so wasnt a problem. Have you read the migration guide off technet? Quite a handy checklist of things in it.

    Certifications: MCSE
    WIP: ABC's

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.