Friday, March 8, 2013

Performing an In-Place Upgrade from Windows Server 2008 R2 to Windows Server 2012 on a Domain Controller

Preinstallation

First off, I highly recommend performing this in a test environment before you begin. Also, perform additional research to your environment if there are other software and roles/features installed on the domain controller.  Ensure all software and installed roles/features are compatible, with Windows Server 2012.  In simple terms: Know what you are doing before you do it.

Before adding a Windows Server 2012 domain controller to an existing Windows Server 2008 R2 or prior forest/domain, adprep must be run.
With a new installation of a Windows Server 2012 domain controller, the wizard will automatically perform the adprep requirements for you.  If you are doing an in-place upgrade it may not.  If it has not been run prior to performing an in-place upgrade, the prerequisite compatibility report will notify you and require that it be run before the installation will take place.

The adprep command can be run from the following directory found on the installation media \support\adprep\

The command adprep /forestprep must be run on the on a server that has network connectivity to the schema master domain controller, by a user that belongs to all of the following groups: Schema Admins, Enterprise Admins, and Domain Admins group of the forest root domain. After running, allow replication to occur throughout the forest, or force replication.
The command adprep /domainprep must be run on a server that has network connectivity to the infrastructure master domain controller, by a user that belongs to the Domain Admins group of the domain it is being run in.  After running, allow replication to occur throughout the forest, or force replication.
You can also run adprep /domainprep /gpprep if you have not already updated the Group Policy RSOP permissions back when you updated the schema for Server 2003 SP1.  It does not hurt to run /gpprep along with adprep /domainprep, if it has already been run it will not run it again.  After running, allow replication to occur throughout the forest, or force replication.

If you are running a virtual machine make sure the software and hardware on the vm is up-to-date with the latest version available for your hosts.

Performing the In-Place Upgrade

To perform the in place upgrade of a Windows Server 2008 R2 domain controller to Windows Server 2012, perform the following actions:
  1. Login to the domain controller that will be upgraded
  2. Insert installation media
  3. Run Setup.exe from installation media. 
  4. Click the Install now button at the Windows Setup window
  5. At the Get important updates for Windows Setup window, if you are connected to the internet select Go online to install updates now (recommended), otherwise you may choose not to, by selecting No thanks.
  6. At the Select the operating system you want to install window, choose the version of Server 2012 you will be upgrading to. Click Next
  7. Accept the terms if you agree with them. Click Next
  8. At the Which type of installation do you want? window, select Upgrade: Install Windows and keep files, settings, and applications
  9. A Compatibility report is generated (and saved to the desktop for future reference).  Verify and take note of any warnings or errors.  If errors occur prevent you from moving to the next step, resolve those errors and restart the setup process.  Click Next.
  10. You will now see the Upgrading Windows window that will routinely update and report the upgrade process. Wait patiently until it is done.
  11. Again, let it do its thing! Do not take any action unless you know there is an issue, if there is an issue research it before forcing a reboot or shutdown.
My lab environment upgrade took a little more than two hours, and it had a basic AD DS and DNS installation. My hardware is a bottleneck as well, so it may not take as long depending on your environment.

My production environment DC that holds the Infrastructure Master role, took a little under an hour.  It does not have DNS installed on it, just AD DS.

When in doubt, wait longer.  It will complete, and if it doesn't, you will figure it out.

Finishing Up and Verifying Domain Controller Operability

After the installation you want to make sure that everything is operating as designed and if it isn't take the corrective actions to fix any existent problems.
  • Verify network connectivity and disk space.
  • Let it sit and replicate enterprise wide.  Doing so, the replica domain controllers can get information from the DC about its latest version, copies the new SYSVOL, etc.  The server itself can also stabilize with the new changes.
  • Check Event Viewer for errors and correct them as needed.
  • Check the Server Manager Dashboard for errors. Refresh it if you believe services are in a Delayed Start state to see if they came up correctly or view what services are not starting and why.
  • Verify the Services have started.
  • Verify antivirus is operational, or reinstall the antivirus if it were uninstalled prior to the upgrade.
  • Activate it if you do not have KMS setup.  If KMS is setup make sure it does activate properly.
  • Reboot again, just for fun. This will give you a better starting point when checking the logs by comparing the time of the reboot to new errors.  My first restart after the upgrade and first login, took about 10 minutes on my vm.
  • Install Windows Updates
  • Run repadmin /replsum and verify replication is successful within the domain or forest to and from the DC. Resolve any replication issues.
  • If it is a VM also monitor the hardware resources and adjust as needed.

Problems


<message xmlns=""> Before continuing, make sure the app vendors support your applications on Windows Server 2012. Follow their specific recommendations before and after Windows installs. To make sure your app is compatible and to download tools and documentation, go to http://go.microsoft.com/fwlink/?LinkId=243105 Important: If the software isn't compatible with Windows Server 2012 or if the app vendor doesn't support the app, uninstall it before you install Windows. If you don't uninstall the applications, your system won't be supported, the app might not work, and settings or other information might be lost. </message>
<message xmlns=""> Windows won't install unless each of these things is taken care of. Close Windows Setup, take care of each one, and then restart Windows Setup to continue. </message>
<complianceissuepri1 xmlns=""> An error prevented a required compliance check from completing. Cancel the installation and try upgrading again.  </complianceissuepri1>

Assigning a drive letter to the System Reserved Boot Partition for some reason will let the upgrade compliance check complete successfully.



Your PC ran into a problem and needs to restart.  We're just collecting some error info, and then we'll restart for you. HAL_INITIALIZATION_FAILED.  

Since it wouldn't boot into Windows Server 2012 to continue the setup, at the next restart I chose to boot back into Windows 2008 R2. After login, the following information message came up. This version of Windows could not be installed.  Your previous version of Windows has been restored, and you can continue to use it.  Before trying to install this version of Windows again, check online to see if it is compatible with your computer.

This HAL_INITIALIZATION_FAILED error on initial reboot was a VMware hardware issue.  To resolve this issue I powered the server off and selected Upgrade Virtual Hardware on the virtual machine within vSphere to bring it up to version vmx-09.  Powered it back on, booted into Windows Server 2008 R2 and reran the setup.

Would I do this again?  Probably not.  In my opinion, our environment is large enough that it would be less of a headache for me to do a fresh install, then migrate whatever needs to be migrated, or allow the servers to replicate what is needed in some cases.

repadmin /replsum returns (1722) The RPC Server is Unavailable for the recently upgraded domain controller.  Everything was replicating fine but I was getting 33% failure in replsum.  I was at a loss.  Finally I decided to replace the VM network card from E1000 to vmnetx 3.  After installing the vmnetx3 card, applying the network addressing information, and rebooting I did not receive any more errors in repadmin /replsum... weird...

Good luck!