Ask a question

The first step in the migration from Server 2012 to 2016 says to run a BPA scan and fix the reported issues. The scan results in 28 warnings or errors. I'm not sure if all have to be addressed prior to migration...the task seems daunting. I don't want to skip critical issues but also don't want to spend hours fixing issues that might not be relevant and also risk causing problems if I make a mistake.

Here are the items. Can someone give me direction on which ones can be left and which will be important or critical to address prior to migration?

Thanks!

--Art

CACDC1    Error    DNS: DNS servers on NIC1 should include the loopback address, but not as the first entry.    Configuration
CACDC1    Warning    DNS: NIC1 should be configured to use both a preferred and an alternate DNS server    Configuration
CACDC1    Error    DNS: RAS (Dial In) Interface must have configured DNS servers    Configuration
CACDC1    Warning    DNS: Valid network interfaces should precede invalid interfaces in the binding order.    Configuration
CACDC1    Warning    RRAS: Only one certificate for IKEv2 should have IP security IKE intermediate in its EKU property    Configuration
CACDC1    Warning    RRAS: The subject name of the certificate to be used for IKEv2 or SSTP must match the name of the RRAS server or the IP address of the external interface of the RRAS server    Configuration
CACDC1    Warning    Make sure that your certificates are current    Security
CACDC1    Warning    The RD Gateway server SSL certificate must be configured with a valid certificate subject name    Configuration
CACDC1    Error    DHCP: Credentials for DNS update should be configured if secure dynamic DNS update is enabled and the domain controller is on the same host as the DHCP server.    Configuration
CACDC1    Warning    Make sure that your certificates are current    Security
CACDC1    Error    DNS: Interface RAS (Dial In) Interface on the DNS server should be configured to register its IP addresses in DNS.    Configuration
CACDC1    Warning    DNS: The DNS server should have scavenging enabled.    Configuration
CACDC1    Error    Application pools should be set to run as application pool identities    Security
CACDC1    Warning    RRAS: The number of ports available for use by L2TP should be greater than 0    Configuration
CACDC1    Warning    Short file name creation should be disabled    Configuration
CACDC1    Warning    All domains should have at least two domain controllers for redundancy    Operation
CACDC1    Warning    The value of MaxPosPhaseCorrection on the domain controller CACDC1.CAC.local should be equal to 48 hours    Configuration
CACDC1    Warning    Network Policy Server (NPS) should be configured to use more secure authentication methods.    Configuration
CACDC1    Warning    User autoenrollment group policy is not enabled    Configuration
CACDC1    Warning    Computer autoenrollment group policy is not enabled    Configuration
CACDC1    Warning    CA database and log files should not be stored on the system drive    Configuration
CACDC1    Warning    RRAS: IPv4 routing should be enabled on the RRAS server for routing protocols like DHCP Relay, RIP and IGMP to run    Configuration
CACDC1    Warning    RRAS: IPv6 routing should be enabled on the RRAS server for routing protocols like DHCP Relay to run    Configuration
CACDC1    Warning    RRAS: The number of ports available for use by SSTP should be greater than 0    Configuration
CACDC1    Warning    RRAS: The network interface NIC2 on the RRAS server should be enabled    Configuration
CACDC1    Warning    The value of MaxNegPhaseCorrection on the domain controller CACDC1.CAC.local should be equal to 48 hours    Configuration
CACDC1    Warning    All OUs in this domain should be protected from accidental deletion    Configuration
CACDC1    Error    DirectAccess: DirectAccess must be configured to accept client connections    Configuration