Our experiences with migration from windows 2003 R2 to Windows 2008 R2 Domain&Forest
Last week we migrated our domain/forest from windows 2003 R2 to Windows 2008 R2. I thought i share my experiences with you guys.
We had some issues with creating DFS domain namespaces. It seems that after installation we could create a windows 2008 namespace type. The enable windows 2008 mode was greyed out. Solved this by rebooting every domain controller that was used to hold the domain namespace.
The second issue we had with DFS is that we could not create new DFS namespaces since there we still old DFS namespaces residing in active directory. To resolve this issue I found this article
DFS Namespace Management: The namespace cannot be queried. The RPC server is unavailable. - Ivan Lu?i? - my blog
We needed to migrate our DHCP servers from windows R2 to Windows 2008 R2 as well.
We did this by using the netsh dhcp server export and import commands. DO NOT use these commands to migrate your DHCP Server. We had serious problems since it didnít migrate our reservations well and ended up with a corrupt DHCP Database. I also read various threads across the net that said the same. Use the following procedure to migrate it :
There is another issue I found with a Windows 2008 R2 DHCP that is not documented. It is not possible to create a reservation anymore in a scope that holds an ip address that is not used in that scope. For instance you have a scope from 10.10.10.1 to 10.10.10.100 and you want to create a reservation for a PC that needs IP 10.10.10.101. You get a nice error warning that this is not possible. Quite annoying for us since it was supported on a Windows 2003 R2 DHCP Server.
We have an ISA 2006 in our environment and after we migrated our domain to Windows 2008 R2 all PCís that had an ISA Firewall Client could not connect anymore to that ISA Server.
We got a warning : Could not detect ISA Server.
After investigation this we found out that Windows 2008 R2 DNS Services had a new feature called DNS Block list. The wpad entry was blocked by default so that was the reason that the Firewall client could not connect. You must remove the wpad entry from that block list.
Removing WPAD from DNS block list
About implementing WPAD
Hope this helps people out there.