Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » USN Rollback
USN Rollback [message #159928] Wed, 12 August 2009 16:40 Go to next message
Elvis  is currently offline Elvis
Messages: 18
Registered: August 2009
Junior Member
Hi,

I am currently creating a test lab and importing multiple forests and
domains into a virtual envionrment so that I can test migration strategies. I
am not moving production into a virtual but reproducing it. No connection
between production and virtual.
I have taken P2V of the Server while it is online (no choice) and obviously
run into the USN rollback. Because this is a test lab, how can I change the
USN number so that it will start replicating again, going through dcpromo is
not an option. Is there a dirty way to resolve USN rollback, this is a test
environment.
Much appreciated.

Thanks

Steve
Re: USN Rollback [message #159929 is a reply to message #159928] Wed, 12 August 2009 16:58 Go to previous messageGo to next message
Marcin  is currently offline Marcin  United States
Messages: 273
Registered: July 2009
Senior Member
Have you considered changing your approach by restoring system state backup
of your DC to a similar hardware and then performing P2V while AD is
offline?

hth
Marcin

"Elvis" <Elvis@discussions.microsoft.com> wrote in message
news:7B43C446-64F1-4C79-884E-CA906ED1BD8B@microsoft.com...
> Hi,
>
> I am currently creating a test lab and importing multiple forests and
> domains into a virtual envionrment so that I can test migration
> strategies. I
> am not moving production into a virtual but reproducing it. No connection
> between production and virtual.
> I have taken P2V of the Server while it is online (no choice) and
> obviously
> run into the USN rollback. Because this is a test lab, how can I change
> the
> USN number so that it will start replicating again, going through dcpromo
> is
> not an option. Is there a dirty way to resolve USN rollback, this is a
> test
> environment.
> Much appreciated.
>
> Thanks
>
> Steve
Re: USN Rollback [message #159930 is a reply to message #159929] Wed, 12 August 2009 17:10 Go to previous messageGo to next message
Elvis  is currently offline Elvis
Messages: 18
Registered: August 2009
Junior Member
Hi,

I am working in a VM environment where USN is occuring. I do not have a
system state. I am looking at getting this resolved in the quickest easiest
way...if I loose a few Active Directory objects I dont care its a lab. My
only option is to do another P2V online. no choice
Your response is appreciated

Thanks



"Marcin" wrote:

> Have you considered changing your approach by restoring system state backup
> of your DC to a similar hardware and then performing P2V while AD is
> offline?
>
> hth
> Marcin
>
> "Elvis" <Elvis@discussions.microsoft.com> wrote in message
> news:7B43C446-64F1-4C79-884E-CA906ED1BD8B@microsoft.com...
> > Hi,
> >
> > I am currently creating a test lab and importing multiple forests and
> > domains into a virtual envionrment so that I can test migration
> > strategies. I
> > am not moving production into a virtual but reproducing it. No connection
> > between production and virtual.
> > I have taken P2V of the Server while it is online (no choice) and
> > obviously
> > run into the USN rollback. Because this is a test lab, how can I change
> > the
> > USN number so that it will start replicating again, going through dcpromo
> > is
> > not an option. Is there a dirty way to resolve USN rollback, this is a
> > test
> > environment.
> > Much appreciated.
> >
> > Thanks
> >
> > Steve
>
>
>
Re: USN Rollback [message #159931 is a reply to message #159930] Wed, 12 August 2009 17:17 Go to previous messageGo to next message
Marcin  is currently offline Marcin  United States
Messages: 273
Registered: July 2009
Senior Member
What I'm recommending is:
- perform a system state backup of your production DC
- restore it to a similar (preferably matching) hardware in the lab
- perform P2V using the newly restored DC

Alternatively, you can try restoring system state to a VM following the
procedure described in http://support.microsoft.com/kb/263532 but I'd expect
a few challenges along the way...

hth
Marcin

"Elvis" <Elvis@discussions.microsoft.com> wrote in message
news:FCDB3C7C-A162-482E-8177-FCC2C2ED92C4@microsoft.com...
> Hi,
>
> I am working in a VM environment where USN is occuring. I do not have a
> system state. I am looking at getting this resolved in the quickest
> easiest
> way...if I loose a few Active Directory objects I dont care its a lab. My
> only option is to do another P2V online. no choice
> Your response is appreciated
>
> Thanks
>
>
>
> "Marcin" wrote:
>
>> Have you considered changing your approach by restoring system state
>> backup
>> of your DC to a similar hardware and then performing P2V while AD is
>> offline?
>>
>> hth
>> Marcin
>>
>> "Elvis" <Elvis@discussions.microsoft.com> wrote in message
>> news:7B43C446-64F1-4C79-884E-CA906ED1BD8B@microsoft.com...
>> > Hi,
>> >
>> > I am currently creating a test lab and importing multiple forests and
>> > domains into a virtual envionrment so that I can test migration
>> > strategies. I
>> > am not moving production into a virtual but reproducing it. No
>> > connection
>> > between production and virtual.
>> > I have taken P2V of the Server while it is online (no choice) and
>> > obviously
>> > run into the USN rollback. Because this is a test lab, how can I change
>> > the
>> > USN number so that it will start replicating again, going through
>> > dcpromo
>> > is
>> > not an option. Is there a dirty way to resolve USN rollback, this is a
>> > test
>> > environment.
>> > Much appreciated.
>> >
>> > Thanks
>> >
>> > Steve
>>
>>
>>
Re: USN Rollback [message #159933 is a reply to message #159931] Wed, 12 August 2009 18:04 Go to previous messageGo to next message
Elvis  is currently offline Elvis
Messages: 18
Registered: August 2009
Junior Member
probably would be easier for me to take an image offline rather than go
through the process below, I was hoping that there would be a quick and dirty
way...I do NOT have a system state. I have ways to recover from the USN
rollback but they are all long and involved and dont feel it worth the effort
for a test lab.

"Marcin" wrote:

> What I'm recommending is:
> - perform a system state backup of your production DC
> - restore it to a similar (preferably matching) hardware in the lab
> - perform P2V using the newly restored DC
>
> Alternatively, you can try restoring system state to a VM following the
> procedure described in http://support.microsoft.com/kb/263532 but I'd expect
> a few challenges along the way...
>
> hth
> Marcin
>
> "Elvis" <Elvis@discussions.microsoft.com> wrote in message
> news:FCDB3C7C-A162-482E-8177-FCC2C2ED92C4@microsoft.com...
> > Hi,
> >
> > I am working in a VM environment where USN is occuring. I do not have a
> > system state. I am looking at getting this resolved in the quickest
> > easiest
> > way...if I loose a few Active Directory objects I dont care its a lab. My
> > only option is to do another P2V online. no choice
> > Your response is appreciated
> >
> > Thanks
> >
> >
> >
> > "Marcin" wrote:
> >
> >> Have you considered changing your approach by restoring system state
> >> backup
> >> of your DC to a similar hardware and then performing P2V while AD is
> >> offline?
> >>
> >> hth
> >> Marcin
> >>
> >> "Elvis" <Elvis@discussions.microsoft.com> wrote in message
> >> news:7B43C446-64F1-4C79-884E-CA906ED1BD8B@microsoft.com...
> >> > Hi,
> >> >
> >> > I am currently creating a test lab and importing multiple forests and
> >> > domains into a virtual envionrment so that I can test migration
> >> > strategies. I
> >> > am not moving production into a virtual but reproducing it. No
> >> > connection
> >> > between production and virtual.
> >> > I have taken P2V of the Server while it is online (no choice) and
> >> > obviously
> >> > run into the USN rollback. Because this is a test lab, how can I change
> >> > the
> >> > USN number so that it will start replicating again, going through
> >> > dcpromo
> >> > is
> >> > not an option. Is there a dirty way to resolve USN rollback, this is a
> >> > test
> >> > environment.
> >> > Much appreciated.
> >> >
> >> > Thanks
> >> >
> >> > Steve
> >>
> >>
> >>
>
>
>
Re: USN Rollback [message #159937 is a reply to message #159933] Wed, 12 August 2009 19:02 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Elvis" <Elvis@discussions.microsoft.com> wrote in message
news:FFBA4E21-253C-4098-B77F-ECBCCB28C92A@microsoft.com...
> probably would be easier for me to take an image offline rather than go
> through the process below, I was hoping that there would be a quick and
> dirty
> way...I do NOT have a system state. I have ways to recover from the USN
> rollback but they are all long and involved and dont feel it worth the
> effort
> for a test lab.

What ways are you referring to?

The following are my notes on imaging and DCs. Are the articles I listed
what you were referring to?

============================================================ ======
Drive imaging and rolling back of disks is not a supported Active Directory
recovery because it can cause a USN Rollback

How to detect and recover from a USN rollback in Windows Server 2003
http://support.microsoft.com/kb/875495/

Using Ghost or other imaging software for DCs (By Florian, MVP)
http://www.frickelsoft.net/blog/pictures/bart_blackboard.png :-)
============================================================ ======

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum to benefit from collaboration
among responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA Messaging
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.
Re: USN Rollback [message #159940 is a reply to message #159937] Wed, 12 August 2009 19:45 Go to previous messageGo to next message
Elvis  is currently offline Elvis
Messages: 18
Registered: August 2009
Junior Member
Hi Ace,

Like using the NTDTutil in DSRM and increase the USN value by 1000 000 on
all AD objects,
How would I go about this what ntdsutil command would I used to make these
changes. Increasing the USN on all objects will force a replication....if it
breaks, its only a test lab :)

Thanks

"Ace Fekay [MCT]" wrote:

> "Elvis" <Elvis@discussions.microsoft.com> wrote in message
> news:FFBA4E21-253C-4098-B77F-ECBCCB28C92A@microsoft.com...
> > probably would be easier for me to take an image offline rather than go
> > through the process below, I was hoping that there would be a quick and
> > dirty
> > way...I do NOT have a system state. I have ways to recover from the USN
> > rollback but they are all long and involved and dont feel it worth the
> > effort
> > for a test lab.
>
> What ways are you referring to?
>
> The following are my notes on imaging and DCs. Are the articles I listed
> what you were referring to?
>
> ============================================================ ======
> Drive imaging and rolling back of disks is not a supported Active Directory
> recovery because it can cause a USN Rollback
>
> How to detect and recover from a USN rollback in Windows Server 2003
> http://support.microsoft.com/kb/875495/
>
> Using Ghost or other imaging software for DCs (By Florian, MVP)
> http://www.frickelsoft.net/blog/pictures/bart_blackboard.png :-)
> ============================================================ ======
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Please reply back to the newsgroup or forum to benefit from collaboration
> among responding engineers, and to help others benefit from your resolution.
>
> Ace Fekay, MCT, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA Messaging
> Microsoft Certified Trainer
>
> For urgent issues, please contact Microsoft PSS directly. Please check
> http://support.microsoft.com for regional support phone numbers.
>
>
>
Re: USN Rollback [message #159941 is a reply to message #159940] Wed, 12 August 2009 19:55 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Elvis" <Elvis@discussions.microsoft.com> wrote in message
news:B0275C5A-0460-4705-A231-C45517288483@microsoft.com...
> Hi Ace,
>
> Like using the NTDTutil in DSRM and increase the USN value by 1000 000 on
> all AD objects,
> How would I go about this what ntdsutil command would I used to make these
> changes. Increasing the USN on all objects will force a replication....if
> it
> breaks, its only a test lab :)
>
> Thanks


That's actually designed for an Authoratative Restore, not to fix a
rollback. I guess you read that article I provided? It states that it's not
recoverable. However, no harm in trying your suggestion. I've never tried
it. After all, it is a test lab. I would be curious if it works.

If this is only one DC and you had more than one in the prod forest, I would
also run a Metadata Cleanup to remove references for ALL other DCs in the
forest, as well as seizing all FSMOs and make it a GC.

Ace
Re: USN Rollback [message #159982 is a reply to message #159941] Fri, 14 August 2009 08:08 Go to previous messageGo to next message
Elvis  is currently offline Elvis
Messages: 18
Registered: August 2009
Junior Member
Hi Ace,

some feedback, fix one problem and another arises
I decided to take an Nybackup sys state of the current server with USN
rollback error
I booted into DSRM and restored the sys state and did an authoritative
restore for the whole database, it increased by USN count on all objects, I
am not getting USN error anymore but now I am getting 1722 endpoint mapper
errors RPC unavailable, I have used port query and its listening on 135 etc
any ideas of this error: I have
read:http://support.microsoft.com/default.aspx/kb/839880
but no luck,

Thanks!

"Ace Fekay [MCT]" wrote:

> "Elvis" <Elvis@discussions.microsoft.com> wrote in message
> news:B0275C5A-0460-4705-A231-C45517288483@microsoft.com...
> > Hi Ace,
> >
> > Like using the NTDTutil in DSRM and increase the USN value by 1000 000 on
> > all AD objects,
> > How would I go about this what ntdsutil command would I used to make these
> > changes. Increasing the USN on all objects will force a replication....if
> > it
> > breaks, its only a test lab :)
> >
> > Thanks
>
>
> That's actually designed for an Authoratative Restore, not to fix a
> rollback. I guess you read that article I provided? It states that it's not
> recoverable. However, no harm in trying your suggestion. I've never tried
> it. After all, it is a test lab. I would be curious if it works.
>
> If this is only one DC and you had more than one in the prod forest, I would
> also run a Metadata Cleanup to remove references for ALL other DCs in the
> forest, as well as seizing all FSMOs and make it a GC.
>
> Ace
>
>
Re: USN Rollback [message #159993 is a reply to message #159982] Fri, 14 August 2009 12:11 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Elvis" <Elvis@discussions.microsoft.com> wrote in message
news:AD8F13D8-97FB-4C12-90F0-CC85D2DA7960@microsoft.com...
> Hi Ace,
>
> some feedback, fix one problem and another arises
> I decided to take an Nybackup sys state of the current server with USN
> rollback error
> I booted into DSRM and restored the sys state and did an authoritative
> restore for the whole database, it increased by USN count on all objects,
> I
> am not getting USN error anymore but now I am getting 1722 endpoint mapper
> errors RPC unavailable, I have used port query and its listening on 135
> etc
> any ideas of this error: I have
> read:http://support.microsoft.com/default.aspx/kb/839880
> but no luck,
>
> Thanks!
>

Interesting that worked.

Run:
dcdiag /v /fix
netdiag /v /fix

Post the errors plus an ipconfig /all.
Let's see what's going on.

I assume you've remove all the other DCs with a Metadata Cleanup from your
virtual environment, and seized the FSMOs over to it, since this will be the
only DC?

Ace
Re: USN Rollback [message #159999 is a reply to message #159993] Fri, 14 August 2009 15:14 Go to previous messageGo to next message
Elvis  is currently offline Elvis
Messages: 18
Registered: August 2009
Junior Member
Hi,

So finally after fighting for a day I took a system state of the Servers
with USN Rollback issues in its current stated, booted to DSRM, restored the
system state, ntdsutil to perform an authoritative restore on the database. I
booted back into normal mode and got end point mapper errors but they
eventually resolved and now my Servers are all replicating successfully,
checked using replmon
I wouldnt recommend doing this in a production environment!
Thanks for all the help,



"Ace Fekay [MCT]" wrote:

> "Elvis" <Elvis@discussions.microsoft.com> wrote in message
> news:AD8F13D8-97FB-4C12-90F0-CC85D2DA7960@microsoft.com...
> > Hi Ace,
> >
> > some feedback, fix one problem and another arises
> > I decided to take an Nybackup sys state of the current server with USN
> > rollback error
> > I booted into DSRM and restored the sys state and did an authoritative
> > restore for the whole database, it increased by USN count on all objects,
> > I
> > am not getting USN error anymore but now I am getting 1722 endpoint mapper
> > errors RPC unavailable, I have used port query and its listening on 135
> > etc
> > any ideas of this error: I have
> > read:http://support.microsoft.com/default.aspx/kb/839880
> > but no luck,
> >
> > Thanks!
> >
>
> Interesting that worked.
>
> Run:
> dcdiag /v /fix
> netdiag /v /fix
>
> Post the errors plus an ipconfig /all.
> Let's see what's going on.
>
> I assume you've remove all the other DCs with a Metadata Cleanup from your
> virtual environment, and seized the FSMOs over to it, since this will be the
> only DC?
>
> Ace
>
>
Re: USN Rollback [message #160005 is a reply to message #159999] Fri, 14 August 2009 19:11 Go to previous message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Elvis" <Elvis@discussions.microsoft.com> wrote in message
news:FEFCC8B5-F662-4216-8FE4-8D57A15A80CD@microsoft.com...
> Hi,
>
> So finally after fighting for a day I took a system state of the Servers
> with USN Rollback issues in its current stated, booted to DSRM, restored
> the
> system state, ntdsutil to perform an authoritative restore on the
> database. I
> booted back into normal mode and got end point mapper errors but they
> eventually resolved and now my Servers are all replicating successfully,
> checked using replmon
> I wouldnt recommend doing this in a production environment!
> Thanks for all the help,

You were persistent, but I must say it paid off. :-)

I'll have to remember this one if anyone else posts a similar problem. But I
agree, not for prime time! If only one server, maybe worth the effort, but
if there are multiple DCs, demote and re-promote is easier.

Cheers!

Ace
Previous Topic:Change user attribute through CSV file
Next Topic:Connect AD Server 636 to access LDAP SSL
Goto Forum:
  


Current Time: Tue Jan 16 10:36:48 MST 2018

Total time taken to generate the page: 0.04341 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software