First off a domain controller is always a scary thing to p2v but it can actually be a fairly straightforward process to complete.

In our network our DC’s also have other roles and services installed on them which made the easiest and proper way of just creating a new DC within the virtual environment then demoting and removing the old physical one rather difficult. So p2v was really our only option.

If you follow these instructions then you wont go far wrong with p2ving your domain controller.

1/ Investigate your domain controllers services and see if you also have any transactional databases on there as well or anything that may be sensitive to consistancy (such as SQL/Oracle/backup software or AV).

2/ Write down the services that are associated with any DB’s or picky software you may have.

3/ Run the vmware converter standalone install on the domain controller but choose the advanced install (client-server) and select only the agent to be installed.

4/ Once the install has completed Reboot your DC into DSRM mode by furiously hitting F8 at the appropriate point of the boot process.

5/ Input your DSRM Adminstrator password (remember at this point there are no domain accounts available on the DC).

6/ Open up the services.msc tool and stop and disable those servers you have listed previously as sensitive to change (db’s etc).

7/ Run the vmware vCenter Converter Standalone client on your own laptop or whatever you use to do p2v’s with.

8/ P2v the DC in the normal way running through the wizard (If you get the old multiple connections are not allowed message try inputting the IP of the DC instead of the DNS name or the other way round depending on what you have done first).

ii/ One thing you will need to think about if is your DC points to itself for primary DNS resolution then the conversion will fail and in the export logs you will see something similar to this  “Found dangling SSL error”. Change the server you are converting to point to an alternative DNS server that can resolve your ESXi servers and vCenter addresses.

9/ When the p2v process has completed from the ViClient make sure your vNic’s are disconnected from the network (so when the vm is powered on it wont be able to talk to the production network).

10/ Uninstall all the vendor installed helper drivers and apps etc, (hp/dell/IBM nic drivers and diag utils etc) and configure the networking also reenable and set the services back to automatic or whatever the previous state of the services were (SQL DB’s AVBackup software etc).

11/ shutdown the physical DC and also the virtual DC.

###WARNING AT THIS POINT THE PHYSICAL DC MUST NEVER EVER BE CONNECTED BACK TO THE PRODUCTION NETWORK EVER AGAIN###

12/ Reconnect your vm to the production network and power it on.

13/ When its booted give it a few minutes to calm down and then login and check the following

Event Logs (its handy to check the old ones pre p2v as well) just to make sure your not panicing about an error or message that existed previously.

Check replication by creating an object in AD (a user for example) on the other domain controller and check that it is replicated to the newly vm’d DC
Delete the newly created object and check that it is also deleted on the other DC.

Run DCDIAG and NETDIAG and pay attention to any errors or informational messages you may receive.

Check your backup software interface I know for sure that Backupexec disables the job and you have to run through the edit settings menu and reselect the drives/folders you want to backup.

Then all you need to do is monitor the situation and just periodically check the event logs etc for oddities.
The last and most important job of all is to go into your server room and decable the old physical server (for the sake of a couple of minutes this could save you hours of heartache if a well meaning tech powers the DC back on again by accident).

Tagged with:
 

Leave a Reply

Set your Twitter account name in your settings to use the TwitterBar Section.
%d bloggers like this: