Windows Server Migration Checklist - ServerMigrator

Before beginning a server migration project, a number of mandatory prerequisites are needed to be met in order to complete a server migration successfully.



These requirements are standards to meet both the requirements for Microsoft Windows server security and the Winzero ServerMigrator software.

Download the Server Migration Checklist

New Release: Winzero TakeControl

Winzero new product release: TakeControl allows administrators to gain administrative access to files, folders and shares without destroying the original permissions by appending the Administrators group SID to ACLs.

The Challenge
To gain access to files and folders, Administrators can take ownership and grant full access control permissions and rights to themselves if they want to modify, rename or delete these files or folders. During this process the original permissions are removed and must be reconstructed to maintain security.

The Solution
Grant Administrators full control to files, folders or shares without taking ownership or destroying the original permission using Winzero TakeControl.

Avoid Take Ownership

Using standard Windows functions, if you must access a file or a folder that you do not have rights to, you must take ownership of that file or folder. When you do this, you replace the security permissions that were originally created for the file or folder.

Winzero TakeControl uses an append process to add the Administrators group with full control to each folder ACL and file ACL. without changing the original NTFS permission.

Download a fully functional trial version or learn more how TakeControl can help with profile migration and server migration projects.

Access Denied Using Multiple Server Names (OptionalNames)

Bulletin: 022109

Software Effected:
ServerMigrator - multiple server name feature

Issue:
Using the multiple name feature (OptionalNames) in ServerMigrator to assign both the old and new server name to the target server, the new server name and the old server name are both reachable by ping, DNS is working correctly and the old server has been shut down however access is denied.
When clients try to connect to a share using the old server name. Access is denied. Logon Failure: target account name is incorrect.
The following error appears in the event viewer when accessing the old server UNC name:

The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/OldServerName/domainName. This indicates that the password used to encrypt the Kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm and the client realm. Please contact your system administrator.

Solution:
For Windows 2003 or newer servers, for the OptionalNames value to work correctly edit or add the following Registry entry.

HKLM\System\CurrenControlSet\Services\LanmanServer\Parameters
DisableStrictNameChecking
REG_DWORD=1
for DNS aliasing to work.

The final solution to this issue was finally resolved thanks to our client, Ken Jackson at Malco Products Inc., (www.malcopro.com) in Barberton, Ohio.
After using ServerMigrator to add additional names to a server, change the DNS setting of the old server to point to the new server IP address and verify that the registry settings are correct, Manually remove the old server name from the domain using the Active Directory User and Computers MMC. Once deleted, add the old server name to Active Directory again and reboot the server with the two names.

Once again our thanks go to Ken Jackson for his efforts in resolving this issue.