SailingNut Posted April 8, 2011 Posted April 8, 2011 I'm very new with Windows server so if anyone can recommend articles to read that cover my questions, I'd appreciate it. I'm looking for a bit of a step by step "how to" on adding my new 2008R2 server to my 2003 domain then then making the 2008R2 machine the master and decomissioning the 2003 server. Thanks in advance! FYI So far I have installed 2008R2 on the new server and haven't done anything else. It's not joined to the 2003 domain and I have not added any server roles to the 2008R2 machine. (Currently my 2003 server had AD, DHCP, and DNS duties.) Quote
ICTCity Posted April 8, 2011 Posted April 8, 2011 When I did it, it worked fine. You can read both topics which may help you: http://social.technet.microsoft.com/Forums/en-US/winserverMigration/thread/dab33e51-25f4-476c-b173-7e65ee253373/ http://mobile.experts-exchange.com/Q_23582347.html simply add the role, promote to master and demote the old one :) Cheers Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
SailingNut Posted April 11, 2011 Author Posted April 11, 2011 When I did it, it worked fine. You can read both topics which may help you: http://social.technet.microsoft.com/Forums/en-US/winserverMigration/thread/dab33e51-25f4-476c-b173-7e65ee253373/ http://mobile.experts-exchange.com/Q_23582347.html simply add the role, promote to master and demote the old one :) Cheers Thanks for the info! I just had time to sit down and go over it. Unfortunately the 2nd link is on Expert's Exchange and I don't have an account. Can you suggest any other resources? Quote
ICTCity Posted April 11, 2011 Posted April 11, 2011 I think you have a PM... Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
SailingNut Posted April 12, 2011 Author Posted April 12, 2011 So I've gone through all of the steps and I THINK things are all set. How can I difinitively test to see if things are working properly with the new server? I've shut down the old server and rebooted one of the PCs in the domain. I then tried to see if it was logges into the domain or if it was just using cached credentials. A Google search told me to look for the LOGONSERVER environment variable. The thing that I'm a bit confuded about is that that variable holds the name of the old domain controller not the new one. Is that because the new one is "standing in" for the old one because the old one is the master? TIA for suggestions on how to do this! Quote
ICTCity Posted April 12, 2011 Posted April 12, 2011 When you move the primary domain, everything goes to the new server. For example in my case, we moved from 2k3 to 2k8 and we changed also the domain name. Anyway the domain is still the old one, this is not a big problem. What you can do is to set client's dns to point directly to the new server, regarding stored credentials depends on what you have to do. For example if you have a network drive which is mapped with stored credentials, you must remove and re-add with the new domain if you really need this. For example: OLD: MyUser@Old_Domain.local NEW: MyUser@New.Domain.Name In order to change that property, you can use a GP script which can looks like this: set LOGONSERVER=\\YourNewServer Or if you prefer, remove clients from domain and rejoin... I hope this can help you! Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
SailingNut Posted April 12, 2011 Author Posted April 12, 2011 What I'm really looking to do is to just verify ehat the new server has all of the proper roles in place and is working properly. Once I determine that I am going to denote the old w2k3 server and then rename the new server and set it's IP address to the same as the old one so that I don't have to make any changes on the clients. (One of the things you suggested as reading said that was a viable thing to do.) Quote
ICTCity Posted April 12, 2011 Posted April 12, 2011 You can simply add a DNS entry which redirect the old name to the new one. Instead of change the name which is not a great idea (for me). You can redirect also the IP. I don't know the expiration time of your domain, but you can do some tests for example by turning off the old server and from a client try this: ipconfig /flushdns nslookup a ">" appears, type: server IP_Or_Name_Of_Your_New_Dns (better the IP :P) then try: set type=all NameOfAMachineInsideYourNetwork then try: www.google.com If you have responses, it means your dns is working fine. Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
SailingNut Posted April 12, 2011 Author Posted April 12, 2011 I got that to work, had to set up forwarders on the new server. Any way that I can be sure that everything else has been transferred before I demote the old server? Quote
ICTCity Posted April 12, 2011 Posted April 12, 2011 Once the server is up and running is replicated with all the objects present in domain. Anyway, open the event viewer and check for DNS errors, also use this guide too: http://technet.microsoft.com/en-us/magazine/dd673658.aspx Finally you can use NETDIAG (I really don't understand if it's supported or not by Srv 2k8...). If you don't need IPv6, disable it, sometime it can cause problems. If your old server is turned off and you don't have troubles, you can simply demote it. I can't see where you could have troubles! Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
SailingNut Posted April 14, 2011 Author Posted April 14, 2011 OK, I demoted the old server and now the new server DFS replication service is complaining that it can't reach the old server. Also the AD service says it can't reach the global catalog. I looked back over the info in the PM and I followed all of the steps. Is there a missing step where I need to promote the new server to be the "master?" I'm getting really nervous that I messed up & I'm going to have big problems! Thanks for any and all help! Quote
ICTCity Posted April 14, 2011 Posted April 14, 2011 Mhhhh that's strange, can you post the output of "dcdiag"? Also, open DNS Manager, right click on your server and select PROPERTIES. Then click on FORWARDERS tab and tell me if there's something in there. Here's another topic, check if you did all the process, it's like the new DC doesn't know the old one doesn't exist anymore... http://social.technet.microsoft.com/Forums/en-US/winserverMigration/thread/592c270b-aa7b-4fe5-a230-5b8ae88483a0 Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
SailingNut Posted April 14, 2011 Author Posted April 14, 2011 Here's the output: Command Line: "dcdiag.exe /V /C /D /E /s:big-rig" Directory Server Diagnosis Performing initial setup: * Connecting to directory service on server big-rig. big-rig.currentTime = 20110414012827.0Z big-rig.highestCommittedUSN = 16409 big-rig.isSynchronized = 1 big-rig.isGlobalCatalogReady = 1 * Identified AD Forest. Collecting AD specific global data * Collecting site info. Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=wtbhome,DC=net,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),....... The previous call succeeded Iterating through the sites Looking at base site object: CN=NTDS Site Settings,CN=wtbhome,CN=Sites,CN=Configuration,DC=wtbhome,DC=net Getting ISTG and options for the site * Identifying all servers. Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=wtbhome,DC=net,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),....... The previous call succeeded.... The previous call succeeded Iterating through the list of servers Getting information for the server CN=NTDS Settings,CN=BIG-RIG2,CN=Servers,CN=wtbhome,CN=Sites,CN=Configuration,DC=wtbhome,DC=net objectGuid obtained InvocationID obtained dnsHostname obtained site info obtained All the info for the server collected BIG-RIG2.currentTime = 20110414012827.0Z BIG-RIG2.highestCommittedUSN = 16409 BIG-RIG2.isSynchronized = 1 BIG-RIG2.isGlobalCatalogReady = 1 * Identifying all NC cross-refs. * Found 1 DC(s). Testing 1 of them. Done gathering initial info. ===============================================Printing out pDsInfo GLOBAL: ulNumServers=1 pszRootDomain=wtbhome.net pszNC= pszRootDomainFQDN=DC=wtbhome,DC=net pszConfigNc=CN=Configuration,DC=wtbhome,DC=net pszPartitionsDn=CN=Partitions,CN=Configuration,DC=wtbhome,DC=net fAdam=0 iSiteOptions=0 dwTombstoneLifeTimeDays=60 dwForestBehaviorVersion=0 HomeServer=0, BIG-RIG2 SERVER: pServer[0].pszName=BIG-RIG2 pServer[0].pszGuidDNSName (binding str)=63fa3998-2396-4450-b046-a8ceb3bf85dc._msdcs.wtbhome.net pServer[0].pszDNSName=big-rig2.wtbhome.net pServer[0].pszLdapPort=(null) pServer[0].pszSslPort=(null) pServer[0].pszDn=CN=NTDS Settings,CN=BIG-RIG2,CN=Servers,CN=wtbhome,CN=Sites,CN=Configuration,DC=wtbhome,DC=net pServer[0].pszComputerAccountDn=CN=BIG-RIG2,OU=Domain Controllers,DC=wtbhome,DC=net pServer[0].uuidObjectGuid=63fa3998-2396-4450-b046-a8ceb3bf85dc pServer[0].uuidInvocationId=67c6ff80-efaf-447b-993e-68874af2d24a pServer[0].iSite=0 (wtbhome) pServer[0].iOptions=1 pServer[0].ftLocalAcquireTime=41338780 01cbfa43 pServer[0].ftRemoteConnectTime=40f8ef80 01cbfa43 pServer[0].ppszMaster/FullReplicaNCs: ppszMaster/FullReplicaNCs[0]=DC=ForestDnsZones,DC=wtbhome,DC=net ppszMaster/FullReplicaNCs[1]=DC=DomainDnsZones,DC=wtbhome,DC=net ppszMaster/FullReplicaNCs[2]=CN=Schema,CN=Configuration,DC=wtbhome,DC=net ppszMaster/FullReplicaNCs[3]=CN=Configuration,DC=wtbhome,DC=net ppszMaster/FullReplicaNCs[4]=DC=wtbhome,DC=net SITES: pSites[0].pszName=wtbhome pSites[0].pszSiteSettings=CN=NTDS Site Settings,CN=wtbhome,CN=Sites,CN=Configuration,DC=wtbhome,DC=net pSites[0].pszISTG=CN=NTDS Settings,CN=BIG-RIG2,CN=Servers,CN=wtbhome,CN=Sites,CN=Configuration,DC=wtbhome,DC=net pSites[0].iSiteOption=0 pSites[0].cServers=1 NC: pNCs[0].pszName=ForestDnsZones pNCs[0].pszDn=DC=ForestDnsZones,DC=wtbhome,DC=net pNCs[0].aCrInfo[0].dwFlags=0x00000201 pNCs[0].aCrInfo[0].pszDn=CN=69f924a9-5566-47ee-9225-1ba44631f0a3,CN=Partitions,CN=Configuration,DC=wtbhome,DC=net pNCs[0].aCrInfo[0].pszDnsRoot=ForestDnsZones.wtbhome.net pNCs[0].aCrInfo[0].iSourceServer=0 pNCs[0].aCrInfo[0].pszSourceServer=(null) pNCs[0].aCrInfo[0].ulSystemFlags=0x00000005 pNCs[0].aCrInfo[0].bEnabled=TRUE pNCs[0].aCrInfo[0].ftWhenCreated=00000000 00000000 pNCs[0].aCrInfo[0].pszSDReferenceDomain=(null) pNCs[0].aCrInfo[0].pszNetBiosName=(null) pNCs[0].aCrInfo[0].cReplicas=-1 pNCs[0].aCrInfo[0].aszReplicas= NC: pNCs[1].pszName=DomainDnsZones pNCs[1].pszDn=DC=DomainDnsZones,DC=wtbhome,DC=net pNCs[1].aCrInfo[0].dwFlags=0x00000201 pNCs[1].aCrInfo[0].pszDn=CN=8f4ba17b-95f8-4047-bf1c-57aaaf3e6092,CN=Partitions,CN=Configuration,DC=wtbhome,DC=net pNCs[1].aCrInfo[0].pszDnsRoot=DomainDnsZones.wtbhome.net pNCs[1].aCrInfo[0].iSourceServer=0 pNCs[1].aCrInfo[0].pszSourceServer=(null) pNCs[1].aCrInfo[0].ulSystemFlags=0x00000005 pNCs[1].aCrInfo[0].bEnabled=TRUE pNCs[1].aCrInfo[0].ftWhenCreated=00000000 00000000 pNCs[1].aCrInfo[0].pszSDReferenceDomain=(null) pNCs[1].aCrInfo[0].pszNetBiosName=(null) pNCs[1].aCrInfo[0].cReplicas=-1 pNCs[1].aCrInfo[0].aszReplicas= NC: pNCs[2].pszName=Schema pNCs[2].pszDn=CN=Schema,CN=Configuration,DC=wtbhome,DC=net pNCs[2].aCrInfo[0].dwFlags=0x00000201 pNCs[2].aCrInfo[0].pszDn=CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=wtbhome,DC=net pNCs[2].aCrInfo[0].pszDnsRoot=wtbhome.net pNCs[2].aCrInfo[0].iSourceServer=0 pNCs[2].aCrInfo[0].pszSourceServer=(null) pNCs[2].aCrInfo[0].ulSystemFlags=0x00000001 pNCs[2].aCrInfo[0].bEnabled=TRUE pNCs[2].aCrInfo[0].ftWhenCreated=00000000 00000000 pNCs[2].aCrInfo[0].pszSDReferenceDomain=(null) pNCs[2].aCrInfo[0].pszNetBiosName=(null) pNCs[2].aCrInfo[0].cReplicas=-1 pNCs[2].aCrInfo[0].aszReplicas= NC: pNCs[3].pszName=Configuration pNCs[3].pszDn=CN=Configuration,DC=wtbhome,DC=net pNCs[3].aCrInfo[0].dwFlags=0x00000201 pNCs[3].aCrInfo[0].pszDn=CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=wtbhome,DC=net pNCs[3].aCrInfo[0].pszDnsRoot=wtbhome.net pNCs[3].aCrInfo[0].iSourceServer=0 pNCs[3].aCrInfo[0].pszSourceServer=(null) pNCs[3].aCrInfo[0].ulSystemFlags=0x00000001 pNCs[3].aCrInfo[0].bEnabled=TRUE pNCs[3].aCrInfo[0].ftWhenCreated=00000000 00000000 pNCs[3].aCrInfo[0].pszSDReferenceDomain=(null) pNCs[3].aCrInfo[0].pszNetBiosName=(null) pNCs[3].aCrInfo[0].cReplicas=-1 pNCs[3].aCrInfo[0].aszReplicas= NC: pNCs[4].pszName=wtbhome pNCs[4].pszDn=DC=wtbhome,DC=net pNCs[4].aCrInfo[0].dwFlags=0x00000201 pNCs[4].aCrInfo[0].pszDn=CN=WTBHOME,CN=Partitions,CN=Configuration,DC=wtbhome,DC=net pNCs[4].aCrInfo[0].pszDnsRoot=wtbhome.net pNCs[4].aCrInfo[0].iSourceServer=0 pNCs[4].aCrInfo[0].pszSourceServer=(null) pNCs[4].aCrInfo[0].ulSystemFlags=0x00000003 pNCs[4].aCrInfo[0].bEnabled=TRUE pNCs[4].aCrInfo[0].ftWhenCreated=00000000 00000000 pNCs[4].aCrInfo[0].pszSDReferenceDomain=(null) pNCs[4].aCrInfo[0].pszNetBiosName=(null) pNCs[4].aCrInfo[0].cReplicas=-1 pNCs[4].aCrInfo[0].aszReplicas= 5 NC TARGETS: ForestDnsZones, DomainDnsZones, Schema, Configuration, wtbhome, 1 TARGETS: BIG-RIG2, =============================================Done Printing pDsInfo Doing initial required tests Testing server: wtbhome\BIG-RIG2 Starting test: Connectivity * Active Directory LDAP Services Check Determining IP4 connectivity Determining IP6 connectivity Failure Analysis: BIG-RIG2 ... OK. * Active Directory RPC Services Check ......................... BIG-RIG2 passed test Connectivity Doing primary tests Testing server: wtbhome\BIG-RIG2 Starting test: Advertising Fatal Error:DsGetDcName (BIG-RIG2) call failed, error 1717 The Locator could not find the server. RPC Extended Error Info not available. Use group policy on the local machine at "Computer Configuration/Administrative Templates/System/Remote Procedure Call" to enable it. ......................... BIG-RIG2 failed test Advertising Starting test: CheckSecurityError * Dr Auth: Beginning security errors check! No KDC found for domain wtbhome.net in site wtbhome (1355, NULL) [bIG-RIG2] Unable to contact a KDC for the destination domain in it's own site. This means either there are no available KDC's for this domain in the site, *including* the destination DC itself, or we're having network or packet fragmentation issues connecting to it. We'll check packet fragmentation connection to the destination DC, make recommendations, and continue. Checking UDP fragmentation issues to BIG-RIG2. The KDC on BIG-RIG2 isn't responsive, please verify that it's running and advertising. No KDC found for domain wtbhome.net in site (ALL SITES) (1355, NULL) [bIG-RIG2] Unable to contact a KDC for the destination domain. If no KDC for the destination domain is available, replication will be blocked! If there is some KDC for that domain available, check network connectivity issues or see possible packet fragmentation issues above. Checking machine account for DC BIG-RIG2 on DC BIG-RIG2. * SPN found :LDAP/big-rig2.wtbhome.net/wtbhome.net * SPN found :LDAP/big-rig2.wtbhome.net * SPN found :LDAP/BIG-RIG2 * SPN found :LDAP/big-rig2.wtbhome.net/WTBHOME * SPN found :LDAP/63fa3998-2396-4450-b046-a8ceb3bf85dc._msdcs.wtbhome.net * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/63fa3998-2396-4450-b046-a8ceb3bf85dc/wtbhome.net * SPN found :HOST/big-rig2.wtbhome.net/wtbhome.net * SPN found :HOST/big-rig2.wtbhome.net * SPN found :HOST/BIG-RIG2 * SPN found :HOST/big-rig2.wtbhome.net/WTBHOME * SPN found :GC/big-rig2.wtbhome.net/wtbhome.net [bIG-RIG2] No security related replication errors were found on this DC! To target the connection to a specific source DC use /ReplSource:. ......................... BIG-RIG2 passed test CheckSecurityError Starting test: CutoffServers * Configuration Topology Aliveness Check * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=wtbhome,DC=net. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=wtbhome,DC=net. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=wtbhome,DC=net. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the alive system replication topology for CN=Configuration,DC=wtbhome,DC=net. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the alive system replication topology for DC=wtbhome,DC=net. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. ......................... BIG-RIG2 passed test CutoffServers Starting test: FrsEvent * The File Replication Service Event log test There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems. A warning event occurred. EventID: 0x800034FA Time Generated: 04/13/2011 14:01:44 Event String: Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller big-rig.wtbhome.net for FRS replica set configuration information. Could not find computer object for this computer. Will try again at next polling cycle. ......................... BIG-RIG2 passed test FrsEvent Starting test: DFSREvent The DFS Replication Event Log. Skip the test because the server is running FRS. ......................... BIG-RIG2 passed test DFSREvent Starting test: SysVolCheck * The File Replication Service SYSVOL ready test File Replication Service's SYSVOL is ready ......................... BIG-RIG2 passed test SysVolCheck Starting test: FrsSysVol * The File Replication Service SYSVOL ready test File Replication Service's SYSVOL is ready ......................... BIG-RIG2 passed test FrsSysVol Starting test: KccEvent * The KCC Event log test An error event occurred. EventID: 0xC0000466 Time Generated: 04/13/2011 21:15:38 Event String: Active Directory Domain Services was unable to establish a connection with the global catalog. Additional Data Error value: 1792 An attempt was made to logon, but the network logon service was not started. Internal ID: 3200e25 User Action: Make sure a global catalog is available in the forest, and is reachable from this domain controller. You may use the nltest utility to diagnose this problem. A warning event occurred. EventID: 0x800004C8 Time Generated: 04/13/2011 21:15:43 Event String: An attempt by the local domain controller to automatically update information on one or more of the Computer object, the Settings object, or the Server object failed. This operation will be tried again at the following interval. Interval (minutes): 5 Additional Data Error value: 4294965695 [] Internal ID: 32b03dc ......................... BIG-RIG2 failed test KccEvent Starting test: KnowsOfRoleHolders Role Schema Owner = CN=NTDS Settings,CN=BIG-RIG2,CN=Servers,CN=wtbhome,CN=Sites,CN=Configuration,DC=wtbhome,DC=net Role Domain Owner = CN=NTDS Settings,CN=BIG-RIG2,CN=Servers,CN=wtbhome,CN=Sites,CN=Configuration,DC=wtbhome,DC=net Role PDC Owner = CN=NTDS Settings,CN=BIG-RIG2,CN=Servers,CN=wtbhome,CN=Sites,CN=Configuration,DC=wtbhome,DC=net Role Rid Owner = CN=NTDS Settings,CN=BIG-RIG2,CN=Servers,CN=wtbhome,CN=Sites,CN=Configuration,DC=wtbhome,DC=net Role Infrastructure Update Owner = CN=NTDS Settings,CN=BIG-RIG2,CN=Servers,CN=wtbhome,CN=Sites,CN=Configuration,DC=wtbhome,DC=net ......................... BIG-RIG2 passed test KnowsOfRoleHolders Starting test: MachineAccount Checking machine account for DC BIG-RIG2 on DC BIG-RIG2. * SPN found :LDAP/big-rig2.wtbhome.net/wtbhome.net * SPN found :LDAP/big-rig2.wtbhome.net * SPN found :LDAP/BIG-RIG2 * SPN found :LDAP/big-rig2.wtbhome.net/WTBHOME * SPN found :LDAP/63fa3998-2396-4450-b046-a8ceb3bf85dc._msdcs.wtbhome.net * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/63fa3998-2396-4450-b046-a8ceb3bf85dc/wtbhome.net * SPN found :HOST/big-rig2.wtbhome.net/wtbhome.net * SPN found :HOST/big-rig2.wtbhome.net * SPN found :HOST/BIG-RIG2 * SPN found :HOST/big-rig2.wtbhome.net/WTBHOME * SPN found :GC/big-rig2.wtbhome.net/wtbhome.net ......................... BIG-RIG2 passed test MachineAccount Starting test: NCSecDesc * Security Permissions check for all NC's on DC BIG-RIG2. The forest is not ready for RODC. Will skip checking ERODC ACEs. * Security Permissions Check for DC=ForestDnsZones,DC=wtbhome,DC=net (NDNC,Version 3) Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes In Filtered Set access rights for the naming context: DC=ForestDnsZones,DC=wtbhome,DC=net * Security Permissions Check for DC=DomainDnsZones,DC=wtbhome,DC=net (NDNC,Version 3) Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes In Filtered Set access rights for the naming context: DC=DomainDnsZones,DC=wtbhome,DC=net * Security Permissions Check for CN=Schema,CN=Configuration,DC=wtbhome,DC=net (Schema,Version 3) * Security Permissions Check for CN=Configuration,DC=wtbhome,DC=net (Configuration,Version 3) * Security Permissions Check for DC=wtbhome,DC=net (Domain,Version 3) ......................... BIG-RIG2 failed test NCSecDesc Starting test: NetLogons * Network Logons Privileges Check Verified share \\BIG-RIG2\netlogon Verified share \\BIG-RIG2\sysvol ......................... BIG-RIG2 passed test NetLogons Starting test: ObjectsReplicated BIG-RIG2 is in domain DC=wtbhome,DC=net Checking for CN=BIG-RIG2,OU=Domain Controllers,DC=wtbhome,DC=net in domain DC=wtbhome,DC=net on 1 servers Object is up-to-date on all servers. Checking for CN=NTDS Settings,CN=BIG-RIG2,CN=Servers,CN=wtbhome,CN=Sites,CN=Configuration,DC=wtbhome,DC=net in domain CN=Configuration,DC=wtbhome,DC=net on 1 servers Object is up-to-date on all servers. ......................... BIG-RIG2 passed test ObjectsReplicated Starting test: OutboundSecureChannels * The Outbound Secure Channels test ** Did not run Outbound Secure Channels test because /testdomain: was not entered ......................... BIG-RIG2 passed test OutboundSecureChannels Starting test: Replications * Replications Check DC=ForestDnsZones,DC=wtbhome,DC=net has 2 cursors. DC=DomainDnsZones,DC=wtbhome,DC=net has 2 cursors. CN=Schema,CN=Configuration,DC=wtbhome,DC=net has 3 cursors. CN=Configuration,DC=wtbhome,DC=net has 3 cursors. DC=wtbhome,DC=net has 3 cursors. * Replication Latency Check DC=ForestDnsZones,DC=wtbhome,DC=net Latency information for 1 entries in the vector were ignored. 1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). DC=DomainDnsZones,DC=wtbhome,DC=net Latency information for 1 entries in the vector were ignored. 1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). CN=Schema,CN=Configuration,DC=wtbhome,DC=net Latency information for 2 entries in the vector were ignored. 2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). CN=Configuration,DC=wtbhome,DC=net Latency information for 2 entries in the vector were ignored. 2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). DC=wtbhome,DC=net Latency information for 2 entries in the vector were ignored. 2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). * Replication Site Latency Check Site Settings = CN=NTDS Site Settings,CN=wtbhome,CN=Sites,CN=Configuration,DC=wtbhome,DC=net [0x904de,v=104252,t=2011-04-13 21:20:38,g=67c6ff80-efaf-447b-993e-68874af2d24a,orig=16409,local=16409] Elapsed time (sec) = 471 ......................... BIG-RIG2 passed test Replications Starting test: RidManager ridManagerReference = CN=RID Manager$,CN=System,DC=wtbhome,DC=net * Available RID Pool for the Domain is 2607 to 1073741823 fSMORoleOwner = CN=NTDS Settings,CN=BIG-RIG2,CN=Servers,CN=wtbhome,CN=Sites,CN=Configuration,DC=wtbhome,DC=net * big-rig2.wtbhome.net is the RID Master * DsBind with RID Master was successful rIDSetReferences = CN=RID Set,CN=BIG-RIG2,OU=Domain Controllers,DC=wtbhome,DC=net * rIDAllocationPool is 2107 to 2606 * rIDPreviousAllocationPool is 2107 to 2606 * rIDNextRID: 2107 ......................... BIG-RIG2 passed test RidManager Starting test: Services * Checking Service: EventSystem * Checking Service: RpcSs * Checking Service: NTDS * Checking Service: DnsCache * Checking Service: NtFrs * Checking Service: IsmServ * Checking Service: kdc * Checking Service: SamSs * Checking Service: LanmanServer * Checking Service: LanmanWorkstation * Checking Service: w32time w32time Service is stopped on [bIG-RIG2] * Checking Service: NETLOGON NETLOGON Service is stopped on [bIG-RIG2] ......................... BIG-RIG2 failed test Services Starting test: SystemLog * The System Event log test An error event occurred. EventID: 0xC00038D4 Time Generated: 04/13/2011 21:03:45 Event String: The DFS Namespace service could not initialize the trusted domain information on this domain controller, but it will periodically retry the operation. The return code is in the record data. An error event occurred. EventID: 0x000015E2 Time Generated: 04/13/2011 21:04:01 Event String: An internal error occurred while accessing the computer's local or network security database. An error event occurred. EventID: 0xC0001B6F Time Generated: 04/13/2011 21:04:01 Event String: The Netlogon service terminated with the following error: %%-1073741724 An error event occurred. EventID: 0x00000456 Time Generated: 04/13/2011 21:05:53 Event String: The processing of Group Policy failed. Windows could not determine if the user and computer accounts are in the same forest. Ensure the user domain name matches the name of a trusted domain that resides in the same forest as the computer account. ......................... BIG-RIG2 failed test SystemLog Starting test: Topology * Configuration Topology Integrity Check * Analyzing the connection topology for DC=ForestDnsZones,DC=wtbhome,DC=net. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the connection topology for DC=DomainDnsZones,DC=wtbhome,DC=net. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=wtbhome,DC=net. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the connection topology for CN=Configuration,DC=wtbhome,DC=net. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the connection topology for DC=wtbhome,DC=net. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. ......................... BIG-RIG2 passed test Topology Starting test: VerifyEnterpriseReferences ......................... BIG-RIG2 passed test VerifyEnterpriseReferences Starting test: VerifyReferences The system object reference (serverReference) CN=BIG-RIG2,OU=Domain Controllers,DC=wtbhome,DC=net and backlink on CN=BIG-RIG2,CN=Servers,CN=wtbhome,CN=Sites,CN=Configuration,DC=wtbhome,DC=net are correct. The system object reference (serverReferenceBL) CN=BIG-RIG2,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=wtbhome,DC=net and backlink on CN=NTDS Settings,CN=BIG-RIG2,CN=Servers,CN=wtbhome,CN=Sites,CN=Configuration,DC=wtbhome,DC=net are correct. The system object reference (frsComputerReferenceBL) CN=BIG-RIG2,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=wtbhome,DC=net and backlink on CN=BIG-RIG2,OU=Domain Controllers,DC=wtbhome,DC=net are correct. ......................... BIG-RIG2 passed test VerifyReferences Starting test: VerifyReplicas ......................... BIG-RIG2 passed test VerifyReplicas Starting test: DNS DNS Tests are running and not hung. Please wait a few minutes... NETLOGON Service is stopped on [bIG-RIG2] See DNS test in enterprise tests section for results ......................... BIG-RIG2 passed test DNS Running partition tests on : ForestDnsZones Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Running partition tests on : DomainDnsZones Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Running partition tests on : Schema Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Running partition tests on : Configuration Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Running partition tests on : wtbhome Starting test: CheckSDRefDom ......................... wtbhome passed test CheckSDRefDom Starting test: CrossRefValidation ......................... wtbhome passed test CrossRefValidation Running enterprise tests on : wtbhome.net Starting test: DNS Test results for domain controllers: DC: big-rig2.wtbhome.net Domain: wtbhome.net TEST: Authentication (Auth) Authentication test: Successfully completed TEST: Basic (Basc) The OS Microsoft Windows Server 2008 R2 Enterprise (Service Pack level: 1.0) is supported. Error: NETLOGON service is not running [Error details: 1062 (Type: Win32 - Description: The service has not been started.)] kdc service is running DNSCACHE service is running DNS service is running DC is a DNS server Network adapters information: Adapter [00000007] Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller: MAC address is BC:AE:C5:29:2C:12 IP Address is static IP address: 192.168.0.2, fe80::2873:578:ce44:eac9, fd47:dced:df9d:5a5f::1 DNS servers: 127.0.0.1 (BIG-RIG) [Valid] ::1 (BIG-RIG) [Valid] The A host record(s) for this DC was found The AAAA host record(s) for this DC was found The SOA record for the Active Directory zone was found The Active Directory zone on this DC/DNS server was found primary Root zone on this DC/DNS server was not found TEST: Forwarders/Root hints (Forw) Recursion is enabled Forwarders Information: 192.168.0.2 (BIG-RIG) [Valid] 71.242.0.12 () [Valid] 71.252.0.12 () [Valid] TEST: Delegations (Del) No delegations were found in this zone on this DNS server TEST: Dynamic update (Dyn) Test record dcdiag-test-record added successfully in zone wtbhome.net Test record dcdiag-test-record deleted successfully in zone wtbhome.net TEST: Records registration (RReg) Network Adapter [00000007] Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller: Matching CNAME record found at DNS server 192.168.0.2: 63fa3998-2396-4450-b046-a8ceb3bf85dc._msdcs.wtbhome.net Matching A record found at DNS server 192.168.0.2: big-rig2.wtbhome.net Matching AAAA record found at DNS server 192.168.0.2: big-rig2.wtbhome.net Matching SRV record found at DNS server 192.168.0.2: _ldap._tcp.wtbhome.net Matching SRV record found at DNS server 192.168.0.2: _ldap._tcp.d170d4c1-dda7-4565-b23c-024adc8e5aa9.domains._msdcs.wtbhome.net Matching SRV record found at DNS server 192.168.0.2: _kerberos._tcp.dc._msdcs.wtbhome.net Matching SRV record found at DNS server 192.168.0.2: _ldap._tcp.dc._msdcs.wtbhome.net Matching SRV record found at DNS server 192.168.0.2: _kerberos._tcp.wtbhome.net Matching SRV record found at DNS server 192.168.0.2: _kerberos._udp.wtbhome.net Matching SRV record found at DNS server 192.168.0.2: _kpasswd._tcp.wtbhome.net Matching SRV record found at DNS server 192.168.0.2: _ldap._tcp.wtbhome._sites.wtbhome.net Matching SRV record found at DNS server 192.168.0.2: _kerberos._tcp.wtbhome._sites.dc._msdcs.wtbhome.net Matching SRV record found at DNS server 192.168.0.2: _ldap._tcp.wtbhome._sites.dc._msdcs.wtbhome.net Matching SRV record found at DNS server 192.168.0.2: _kerberos._tcp.wtbhome._sites.wtbhome.net Matching SRV record found at DNS server 192.168.0.2: _ldap._tcp.gc._msdcs.wtbhome.net Matching A record found at DNS server 192.168.0.2: gc._msdcs.wtbhome.net Matching AAAA record found at DNS server 192.168.0.2: gc._msdcs.wtbhome.net Matching SRV record found at DNS server 192.168.0.2: _gc._tcp.wtbhome._sites.wtbhome.net Matching SRV record found at DNS server 192.168.0.2: _ldap._tcp.wtbhome._sites.gc._msdcs.wtbhome.net Matching SRV record found at DNS server 192.168.0.2: _ldap._tcp.pdc._msdcs.wtbhome.net Matching CNAME record found at DNS server ::1: 63fa3998-2396-4450-b046-a8ceb3bf85dc._msdcs.wtbhome.net Matching A record found at DNS server ::1: big-rig2.wtbhome.net Matching AAAA record found at DNS server ::1: big-rig2.wtbhome.net Matching SRV record found at DNS server ::1: _ldap._tcp.wtbhome.net Matching SRV record found at DNS server ::1: _ldap._tcp.d170d4c1-dda7-4565-b23c-024adc8e5aa9.domains._msdcs.wtbhome.net Matching SRV record found at DNS server ::1: _kerberos._tcp.dc._msdcs.wtbhome.net Matching SRV record found at DNS server ::1: _ldap._tcp.dc._msdcs.wtbhome.net Matching SRV record found at DNS server ::1: _kerberos._tcp.wtbhome.net Matching SRV record found at DNS server ::1: _kerberos._udp.wtbhome.net Matching SRV record found at DNS server ::1: _kpasswd._tcp.wtbhome.net Matching SRV record found at DNS server ::1: _ldap._tcp.wtbhome._sites.wtbhome.net Matching SRV record found at DNS server ::1: _kerberos._tcp.wtbhome._sites.dc._msdcs.wtbhome.net Matching SRV record found at DNS server ::1: _ldap._tcp.wtbhome._sites.dc._msdcs.wtbhome.net Matching SRV record found at DNS server ::1: _kerberos._tcp.wtbhome._sites.wtbhome.net Matching SRV record found at DNS server ::1: _ldap._tcp.gc._msdcs.wtbhome.net Matching A record found at DNS server ::1: gc._msdcs.wtbhome.net Matching AAAA record found at DNS server ::1: gc._msdcs.wtbhome.net Matching SRV record found at DNS server ::1: _gc._tcp.wtbhome._sites.wtbhome.net Matching SRV record found at DNS server ::1: _ldap._tcp.wtbhome._sites.gc._msdcs.wtbhome.net Matching SRV record found at DNS server ::1: _ldap._tcp.pdc._msdcs.wtbhome.net Total query time:0 min. 0 sec.. Total RPC connection time:0 min. 0 sec. Total WMI connection time:0 min. 44 sec. Total Netuse connection time:0 min. 0 sec. Summary of test results for DNS servers used by the above domain controllers: DNS server: 192.168.0.2 (BIG-RIG) All tests passed on this DNS server Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered Total query time:0 min. 0 sec., Total WMI connection time:0 min. 0 sec. DNS server: 71.242.0.12 () All tests passed on this DNS server Total query time:0 min. 0 sec., Total WMI connection time:0 min. 21 sec. DNS server: 71.252.0.12 () All tests passed on this DNS server Total query time:0 min. 0 sec., Total WMI connection time:0 min. 21 sec. DNS server: ::1 (BIG-RIG) All tests passed on this DNS server Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered Total query time:0 min. 0 sec., Total WMI connection time:0 min. 2 sec. Summary of DNS test results: Auth Basc Forw Del Dyn RReg Ext _________________________________________________________________ Domain: wtbhome.net big-rig2 PASS FAIL PASS PASS PASS PASS n/a Total Time taken to test all the DCs:0 min. 44 sec. ......................... wtbhome.net failed test DNS Starting test: LocatorCheck Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1717 A Global Catalog Server could not be located - All GC's are down. Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1717 A Primary Domain Controller could not be located. The server holding the PDC role is down. Warning: DcGetDcName(TIME_SERVER) call failed, error 1717 A Time Server could not be located. The server holding the PDC role is down. Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1717 A Good Time Server could not be located. Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1717 A KDC could not be located - All the KDCs are down. ......................... wtbhome.net failed test LocatorCheck Starting test: FsmoCheck Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1717 A Global Catalog Server could not be located - All GC's are down. Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1717 A Primary Domain Controller could not be located. The server holding the PDC role is down. Warning: DcGetDcName(TIME_SERVER) call failed, error 1717 A Time Server could not be located. The server holding the PDC role is down. Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1717 A Good Time Server could not be located. Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1717 A KDC could not be located - All the KDCs are down. ......................... wtbhome.net failed test FsmoCheck Starting test: Intersite Skipping site wtbhome, this site is outside the scope provided by the command line arguments provided. ......................... wtbhome.net passed test Intersite Quote
ICTCity Posted April 14, 2011 Posted April 14, 2011 Ok, something didn't worked during the migration... You have multiple problems, first of all you have services which aren't running: ntds kdc w32time netlogon Try start the manually and check if you have any error. By the way the most painful problem is here: Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1717 A Primary Domain Controller could not be located. The server holding the PDC role is down. The last part is telling you the problem: "The server HOLDING the PDC role is down", this means your DC (big-ring2) doesn't know that big-rig is no more there. Take a look here: http://support.microsoft.com/kb/255504 I'm just guessing what's happened during migration... Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
SailingNut Posted April 14, 2011 Author Posted April 14, 2011 Ok, something didn't worked during the migration... You have multiple problems, first of all you have services which aren't running: ntds kdc w32time netlogon Try start the manually and check if you have any error. By the way the most painful problem is here: Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1717 A Primary Domain Controller could not be located. The server holding the PDC role is down. The last part is telling you the problem: "The server HOLDING the PDC role is down", this means your DC (big-ring2) doesn't know that big-rig is no more there. Take a look here: http://support.microsoft.com/kb/255504 I'm just guessing what's happened during migration... I tried starting the services you said and the first two reported that they were already started. w32time failed to start with error 1792 netlogon failed to start with error 100 Those errors are from doing a net start from the command line. I looked at the link you gave me. Do you think I could cause any damage by seizing all of the FSMO roles even if the server already holds the role? Thanks SO much for all of your help! If you can get my server back in working order I need to send you a case of beer or something! You'll be my hero! Quote
ICTCity Posted April 14, 2011 Posted April 14, 2011 ok first try this: run services.msc and find NETLOGON, be sure it's set to AUTOMATIC (start) and not Manual o Delayed. Now open the command prompt and type: net start netlogon If the error code changes, post the new one, else, check the event viewer to find something more detailed (actually I don't now what does "100" mean...). If you don't have errors, start w32time again and tell me the result. Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
SailingNut Posted April 14, 2011 Author Posted April 14, 2011 netlogon is set to automatic. The error in the event viewer is as follows: EventID: 5602 "An internal error occurred while accessing the computer's local or network security database" Sounding to me like it's because it does not know it's the only DC left & it's maybe looking for the secutiry database on the old DC. Quote
ICTCity Posted April 14, 2011 Posted April 14, 2011 netlogon is set to automatic. The error in the event viewer is as follows: EventID: 5602 "An internal error occurred while accessing the computer's local or network security database" Sounding to me like it's because it does not know it's the only DC left & it's maybe looking for the secutiry database on the old DC. And MAYBE you're right. But I can't be sure and if this is not your case, you don't have to seizing your DC. So let's try other (and safer) test before. Post results: netdiag.exe /v repadmin.exe /showrepl dc* /verbose /all /intersite Thanks and sorry for all these tests, but it's not really easy to solve this kind of problems. Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
SailingNut Posted April 14, 2011 Author Posted April 14, 2011 No problem on doing more tests! Not doing enough of them is what got me into this predicament in the first place! I don't seem to have netdiag.exe on the server. repadmin is reporting an error when I run it. Here's the output: Repadmin experienced the following error trying to resolve the DSA_NAME: dc* If you are trying to connect to an AD LDS instance, you must use : If you are trying to connect to an AD LDS instance with wildcarding support, you must use the /homeserver option. Error: An error occurred: Win32 Error 8419(0x20e3): The DSA object could not be found. Quote
ICTCity Posted April 14, 2011 Posted April 14, 2011 No problem on doing more tests! Not doing enough of them is what got me into this predicament in the first place! I don't seem to have netdiag.exe on the server. repadmin is reporting an error when I run it. Here's the output: Repadmin experienced the following error trying to resolve the DSA_NAME: dc* If you are trying to connect to an AD LDS instance, you must use : If you are trying to connect to an AD LDS instance with wildcarding support, you must use the /homeserver option. Error: An error occurred: Win32 Error 8419(0x20e3): The DSA object could not be found. Ok, replace DC* with you domain controller's name. Then replace the domain controller's name with the old domain controller's name (I know it's turned off, but do it). Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.