Jump to content
Forum²

Recommended Posts

Posted

I'm very new with Windows server so if anyone can recommend articles to read that cover my questions, I'd appreciate it.

 

I'm looking for a bit of a step by step "how to" on adding my new 2008R2 server to my 2003 domain then then making the 2008R2 machine the master and decomissioning the 2003 server.

 

Thanks in advance!

 

FYI So far I have installed 2008R2 on the new server and haven't done anything else. It's not joined to the 2003 domain and I have not added any server roles to the 2008R2 machine. (Currently my 2003 server had AD, DHCP, and DNS duties.)

  • Replies 105
  • Created
  • Last Reply

Top Posters In This Topic

Posted

When I did it, it worked fine. You can read both topics which may help you:

 

http://social.technet.microsoft.com/Forums/en-US/winserverMigration/thread/dab33e51-25f4-476c-b173-7e65ee253373/

 

http://mobile.experts-exchange.com/Q_23582347.html

 

simply add the role, promote to master and demote the old one :)

 

 

Cheers

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Posted

When I did it, it worked fine. You can read both topics which may help you:

 

http://social.technet.microsoft.com/Forums/en-US/winserverMigration/thread/dab33e51-25f4-476c-b173-7e65ee253373/

 

http://mobile.experts-exchange.com/Q_23582347.html

 

simply add the role, promote to master and demote the old one :)

 

 

Cheers

 

 

Thanks for the info! I just had time to sit down and go over it.

 

Unfortunately the 2nd link is on Expert's Exchange and I don't have an account. Can you suggest any other resources?

Posted
I think you have a PM...

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Posted

So I've gone through all of the steps and I THINK things are all set.

 

How can I difinitively test to see if things are working properly with the new server? I've shut down the old server and rebooted one of the PCs in the domain. I then tried to see if it was logges into the domain or if it was just using cached credentials.

 

A Google search told me to look for the LOGONSERVER environment variable. The thing that I'm a bit confuded about is that that variable holds the name of the old domain controller not the new one. Is that because the new one is "standing in" for the old one because the old one is the master?

 

TIA for suggestions on how to do this!

Posted

When you move the primary domain, everything goes to the new server. For example in my case, we moved from 2k3 to 2k8 and we changed also the domain name. Anyway the domain is still the old one, this is not a big problem.

 

What you can do is to set client's dns to point directly to the new server, regarding stored credentials depends on what you have to do. For example if you have a network drive which is mapped with stored credentials, you must remove and re-add with the new domain if you really need this. For example:

 

OLD: MyUser@Old_Domain.local

NEW: MyUser@New.Domain.Name

 

In order to change that property, you can use a GP script which can looks like this:

 

set LOGONSERVER=\\YourNewServer 

 

Or if you prefer, remove clients from domain and rejoin...

 

 

I hope this can help you!

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Posted

What I'm really looking to do is to just verify ehat the new server has all of the proper roles in place and is working properly.

 

Once I determine that I am going to denote the old w2k3 server and then rename the new server and set it's IP address to the same as the old one so that I don't have to make any changes on the clients. (One of the things you suggested as reading said that was a viable thing to do.)

Posted

You can simply add a DNS entry which redirect the old name to the new one. Instead of change the name which is not a great idea (for me).

 

You can redirect also the IP.

 

I don't know the expiration time of your domain, but you can do some tests for example by turning off the old server and from a client try this:

 

ipconfig /flushdns
nslookup
a ">" appears, type:
server IP_Or_Name_Of_Your_New_Dns (better the IP :P)
then try:
set type=all
NameOfAMachineInsideYourNetwork
then try:
www.google.com

 

If you have responses, it means your dns is working fine.

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Posted

Once the server is up and running is replicated with all the objects present in domain.

 

Anyway, open the event viewer and check for DNS errors, also use this guide too:

 

http://technet.microsoft.com/en-us/magazine/dd673658.aspx

 

Finally you can use NETDIAG (I really don't understand if it's supported or not by Srv 2k8...).

 

If you don't need IPv6, disable it, sometime it can cause problems.

 

If your old server is turned off and you don't have troubles, you can simply demote it. I can't see where you could have troubles!

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Posted

OK, I demoted the old server and now the new server DFS replication service is complaining that it can't reach the old server. Also the AD service says it can't reach the global catalog.

 

I looked back over the info in the PM and I followed all of the steps. Is there a missing step where I need to promote the new server to be the "master?"

 

I'm getting really nervous that I messed up & I'm going to have big problems!

 

Thanks for any and all help!

Posted

Mhhhh that's strange, can you post the output of "dcdiag"?

 

Also, open DNS Manager, right click on your server and select PROPERTIES. Then click on FORWARDERS tab and tell me if there's something in there.

 

Here's another topic, check if you did all the process, it's like the new DC doesn't know the old one doesn't exist anymore...

 

http://social.technet.microsoft.com/Forums/en-US/winserverMigration/thread/592c270b-aa7b-4fe5-a230-5b8ae88483a0

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Posted

Here's the output:

 

Command Line: "dcdiag.exe 
/V /C /D /E /s:big-rig"

Directory Server Diagnosis


Performing initial setup:

* Connecting to directory service on server big-rig.

big-rig.currentTime = 20110414012827.0Z

big-rig.highestCommittedUSN = 16409

big-rig.isSynchronized = 1

big-rig.isGlobalCatalogReady = 1

* Identified AD Forest. 
Collecting AD specific global data 
* Collecting site info.

Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=wtbhome,DC=net,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded 
Iterating through the sites 
Looking at base site object: CN=NTDS Site Settings,CN=wtbhome,CN=Sites,CN=Configuration,DC=wtbhome,DC=net
Getting ISTG and options for the site
* Identifying all servers.

Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=wtbhome,DC=net,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers 
Getting information for the server CN=NTDS Settings,CN=BIG-RIG2,CN=Servers,CN=wtbhome,CN=Sites,CN=Configuration,DC=wtbhome,DC=net 
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
BIG-RIG2.currentTime = 20110414012827.0Z

BIG-RIG2.highestCommittedUSN = 16409

BIG-RIG2.isSynchronized = 1

BIG-RIG2.isGlobalCatalogReady = 1

* Identifying all NC cross-refs.

* Found 1 DC(s). Testing 1 of them.

Done gathering initial info.



===============================================Printing out pDsInfo

GLOBAL:
ulNumServers=1
pszRootDomain=wtbhome.net
pszNC=
pszRootDomainFQDN=DC=wtbhome,DC=net
pszConfigNc=CN=Configuration,DC=wtbhome,DC=net
pszPartitionsDn=CN=Partitions,CN=Configuration,DC=wtbhome,DC=net
fAdam=0
iSiteOptions=0
dwTombstoneLifeTimeDays=60

dwForestBehaviorVersion=0

HomeServer=0, BIG-RIG2

SERVER: pServer[0].pszName=BIG-RIG2
pServer[0].pszGuidDNSName (binding str)=63fa3998-2396-4450-b046-a8ceb3bf85dc._msdcs.wtbhome.net
pServer[0].pszDNSName=big-rig2.wtbhome.net
pServer[0].pszLdapPort=(null)
pServer[0].pszSslPort=(null)
pServer[0].pszDn=CN=NTDS Settings,CN=BIG-RIG2,CN=Servers,CN=wtbhome,CN=Sites,CN=Configuration,DC=wtbhome,DC=net
pServer[0].pszComputerAccountDn=CN=BIG-RIG2,OU=Domain Controllers,DC=wtbhome,DC=net
pServer[0].uuidObjectGuid=63fa3998-2396-4450-b046-a8ceb3bf85dc
pServer[0].uuidInvocationId=67c6ff80-efaf-447b-993e-68874af2d24a
pServer[0].iSite=0 (wtbhome)
pServer[0].iOptions=1
pServer[0].ftLocalAcquireTime=41338780 01cbfa43 

pServer[0].ftRemoteConnectTime=40f8ef80 01cbfa43 

pServer[0].ppszMaster/FullReplicaNCs:
ppszMaster/FullReplicaNCs[0]=DC=ForestDnsZones,DC=wtbhome,DC=net
ppszMaster/FullReplicaNCs[1]=DC=DomainDnsZones,DC=wtbhome,DC=net
ppszMaster/FullReplicaNCs[2]=CN=Schema,CN=Configuration,DC=wtbhome,DC=net
ppszMaster/FullReplicaNCs[3]=CN=Configuration,DC=wtbhome,DC=net
ppszMaster/FullReplicaNCs[4]=DC=wtbhome,DC=net

SITES: pSites[0].pszName=wtbhome
pSites[0].pszSiteSettings=CN=NTDS Site Settings,CN=wtbhome,CN=Sites,CN=Configuration,DC=wtbhome,DC=net
pSites[0].pszISTG=CN=NTDS Settings,CN=BIG-RIG2,CN=Servers,CN=wtbhome,CN=Sites,CN=Configuration,DC=wtbhome,DC=net
pSites[0].iSiteOption=0

pSites[0].cServers=1

NC: pNCs[0].pszName=ForestDnsZones
pNCs[0].pszDn=DC=ForestDnsZones,DC=wtbhome,DC=net

pNCs[0].aCrInfo[0].dwFlags=0x00000201
pNCs[0].aCrInfo[0].pszDn=CN=69f924a9-5566-47ee-9225-1ba44631f0a3,CN=Partitions,CN=Configuration,DC=wtbhome,DC=net
pNCs[0].aCrInfo[0].pszDnsRoot=ForestDnsZones.wtbhome.net
pNCs[0].aCrInfo[0].iSourceServer=0
pNCs[0].aCrInfo[0].pszSourceServer=(null)
pNCs[0].aCrInfo[0].ulSystemFlags=0x00000005
pNCs[0].aCrInfo[0].bEnabled=TRUE
pNCs[0].aCrInfo[0].ftWhenCreated=00000000 00000000 pNCs[0].aCrInfo[0].pszSDReferenceDomain=(null)
pNCs[0].aCrInfo[0].pszNetBiosName=(null)
pNCs[0].aCrInfo[0].cReplicas=-1
pNCs[0].aCrInfo[0].aszReplicas=


NC: pNCs[1].pszName=DomainDnsZones
pNCs[1].pszDn=DC=DomainDnsZones,DC=wtbhome,DC=net

pNCs[1].aCrInfo[0].dwFlags=0x00000201
pNCs[1].aCrInfo[0].pszDn=CN=8f4ba17b-95f8-4047-bf1c-57aaaf3e6092,CN=Partitions,CN=Configuration,DC=wtbhome,DC=net
pNCs[1].aCrInfo[0].pszDnsRoot=DomainDnsZones.wtbhome.net
pNCs[1].aCrInfo[0].iSourceServer=0
pNCs[1].aCrInfo[0].pszSourceServer=(null)
pNCs[1].aCrInfo[0].ulSystemFlags=0x00000005
pNCs[1].aCrInfo[0].bEnabled=TRUE
pNCs[1].aCrInfo[0].ftWhenCreated=00000000 00000000 pNCs[1].aCrInfo[0].pszSDReferenceDomain=(null)
pNCs[1].aCrInfo[0].pszNetBiosName=(null)
pNCs[1].aCrInfo[0].cReplicas=-1
pNCs[1].aCrInfo[0].aszReplicas=


NC: pNCs[2].pszName=Schema
pNCs[2].pszDn=CN=Schema,CN=Configuration,DC=wtbhome,DC=net

pNCs[2].aCrInfo[0].dwFlags=0x00000201
pNCs[2].aCrInfo[0].pszDn=CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=wtbhome,DC=net
pNCs[2].aCrInfo[0].pszDnsRoot=wtbhome.net
pNCs[2].aCrInfo[0].iSourceServer=0
pNCs[2].aCrInfo[0].pszSourceServer=(null)
pNCs[2].aCrInfo[0].ulSystemFlags=0x00000001
pNCs[2].aCrInfo[0].bEnabled=TRUE
pNCs[2].aCrInfo[0].ftWhenCreated=00000000 00000000 pNCs[2].aCrInfo[0].pszSDReferenceDomain=(null)
pNCs[2].aCrInfo[0].pszNetBiosName=(null)
pNCs[2].aCrInfo[0].cReplicas=-1
pNCs[2].aCrInfo[0].aszReplicas=


NC: pNCs[3].pszName=Configuration
pNCs[3].pszDn=CN=Configuration,DC=wtbhome,DC=net

pNCs[3].aCrInfo[0].dwFlags=0x00000201
pNCs[3].aCrInfo[0].pszDn=CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=wtbhome,DC=net
pNCs[3].aCrInfo[0].pszDnsRoot=wtbhome.net
pNCs[3].aCrInfo[0].iSourceServer=0
pNCs[3].aCrInfo[0].pszSourceServer=(null)
pNCs[3].aCrInfo[0].ulSystemFlags=0x00000001
pNCs[3].aCrInfo[0].bEnabled=TRUE
pNCs[3].aCrInfo[0].ftWhenCreated=00000000 00000000 pNCs[3].aCrInfo[0].pszSDReferenceDomain=(null)
pNCs[3].aCrInfo[0].pszNetBiosName=(null)
pNCs[3].aCrInfo[0].cReplicas=-1
pNCs[3].aCrInfo[0].aszReplicas=


NC: pNCs[4].pszName=wtbhome
pNCs[4].pszDn=DC=wtbhome,DC=net

pNCs[4].aCrInfo[0].dwFlags=0x00000201
pNCs[4].aCrInfo[0].pszDn=CN=WTBHOME,CN=Partitions,CN=Configuration,DC=wtbhome,DC=net
pNCs[4].aCrInfo[0].pszDnsRoot=wtbhome.net
pNCs[4].aCrInfo[0].iSourceServer=0
pNCs[4].aCrInfo[0].pszSourceServer=(null)
pNCs[4].aCrInfo[0].ulSystemFlags=0x00000003
pNCs[4].aCrInfo[0].bEnabled=TRUE
pNCs[4].aCrInfo[0].ftWhenCreated=00000000 00000000 pNCs[4].aCrInfo[0].pszSDReferenceDomain=(null)
pNCs[4].aCrInfo[0].pszNetBiosName=(null)
pNCs[4].aCrInfo[0].cReplicas=-1
pNCs[4].aCrInfo[0].aszReplicas=


5 NC TARGETS: ForestDnsZones, DomainDnsZones, Schema, Configuration, wtbhome, 
1 TARGETS: BIG-RIG2, 

=============================================Done Printing pDsInfo

Doing initial required tests


Testing server: wtbhome\BIG-RIG2

Starting test: Connectivity

* Active Directory LDAP Services Check
Determining IP4 connectivity 
Determining IP6 connectivity 
Failure Analysis: BIG-RIG2 ... OK.
* Active Directory RPC Services Check
......................... BIG-RIG2 passed test Connectivity



Doing primary tests


Testing server: wtbhome\BIG-RIG2

Starting test: Advertising

Fatal Error:DsGetDcName (BIG-RIG2) call failed, error 1717

The Locator could not find the server.

RPC Extended Error Info not available. Use group policy on the local

machine at "Computer Configuration/Administrative

Templates/System/Remote Procedure Call" to enable it.

......................... BIG-RIG2 failed test Advertising

Starting test: CheckSecurityError

* Dr Auth: Beginning security errors check!
No KDC found for domain wtbhome.net in site wtbhome (1355, NULL)

[bIG-RIG2] Unable to contact a KDC for the destination domain in it's

own site. This means either there are no available KDC's for this

domain in the site, *including* the destination DC itself, or we're

having network or packet fragmentation issues connecting to it. We'll

check packet fragmentation connection to the destination DC, make

recommendations, and continue.

Checking UDP fragmentation issues to BIG-RIG2.
The KDC on BIG-RIG2 isn't responsive, please verify that it's running

and advertising.

No KDC found for domain wtbhome.net in site (ALL SITES) (1355, NULL)

[bIG-RIG2] Unable to contact a KDC for the destination domain. If no

KDC for the destination domain is available, replication will be

blocked!

If there is some KDC for that domain available, check network

connectivity issues or see possible packet fragmentation issues above.

Checking machine account for DC BIG-RIG2 on DC BIG-RIG2.
* SPN found :LDAP/big-rig2.wtbhome.net/wtbhome.net
* SPN found :LDAP/big-rig2.wtbhome.net
* SPN found :LDAP/BIG-RIG2
* SPN found :LDAP/big-rig2.wtbhome.net/WTBHOME
* SPN found :LDAP/63fa3998-2396-4450-b046-a8ceb3bf85dc._msdcs.wtbhome.net
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/63fa3998-2396-4450-b046-a8ceb3bf85dc/wtbhome.net
* SPN found :HOST/big-rig2.wtbhome.net/wtbhome.net
* SPN found :HOST/big-rig2.wtbhome.net
* SPN found :HOST/BIG-RIG2
* SPN found :HOST/big-rig2.wtbhome.net/WTBHOME
* SPN found :GC/big-rig2.wtbhome.net/wtbhome.net
[bIG-RIG2] No security related replication errors were found on this

DC! To target the connection to a specific source DC use

/ReplSource:.

......................... BIG-RIG2 passed test CheckSecurityError

Starting test: CutoffServers

* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for DC=ForestDnsZones,DC=wtbhome,DC=net.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=DomainDnsZones,DC=wtbhome,DC=net.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=wtbhome,DC=net.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Configuration,DC=wtbhome,DC=net.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=wtbhome,DC=net.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... BIG-RIG2 passed test CutoffServers

Starting test: FrsEvent

* The File Replication Service Event log test 
There are warning or error events within the last 24 hours after the

SYSVOL has been shared. Failing SYSVOL replication problems may cause

Group Policy problems. 
A warning event occurred. EventID: 0x800034FA

Time Generated: 04/13/2011 14:01:44

Event String:

Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller big-rig.wtbhome.net for FRS replica set configuration information. 



Could not find computer object for this computer. Will try again at next polling cycle.





......................... BIG-RIG2 passed test FrsEvent

Starting test: DFSREvent

The DFS Replication Event Log. 
Skip the test because the server is running FRS.

......................... BIG-RIG2 passed test DFSREvent

Starting test: SysVolCheck

* The File Replication Service SYSVOL ready test 
File Replication Service's SYSVOL is ready 
......................... BIG-RIG2 passed test SysVolCheck

Starting test: FrsSysVol

* The File Replication Service SYSVOL ready test 
File Replication Service's SYSVOL is ready 
......................... BIG-RIG2 passed test FrsSysVol

Starting test: KccEvent

* The KCC Event log test
An error event occurred. EventID: 0xC0000466

Time Generated: 04/13/2011 21:15:38

Event String:

Active Directory Domain Services was unable to establish a connection with the global catalog. 



Additional Data 

Error value:

1792 An attempt was made to logon, but the network logon service was not started. 

Internal ID:

3200e25 



User Action: 

Make sure a global catalog is available in the forest, and is reachable from this domain controller. You may use the nltest utility to diagnose this problem.

A warning event occurred. EventID: 0x800004C8

Time Generated: 04/13/2011 21:15:43

Event String:

An attempt by the local domain controller to automatically update information on one or more of the Computer object, the Settings object, or the Server object failed. 



This operation will be tried again at the following interval. 



Interval (minutes):

5 



Additional Data 

Error value:

4294965695 []



Internal ID:

32b03dc

......................... BIG-RIG2 failed test KccEvent

Starting test: KnowsOfRoleHolders

Role Schema Owner = CN=NTDS Settings,CN=BIG-RIG2,CN=Servers,CN=wtbhome,CN=Sites,CN=Configuration,DC=wtbhome,DC=net
Role Domain Owner = CN=NTDS Settings,CN=BIG-RIG2,CN=Servers,CN=wtbhome,CN=Sites,CN=Configuration,DC=wtbhome,DC=net
Role PDC Owner = CN=NTDS Settings,CN=BIG-RIG2,CN=Servers,CN=wtbhome,CN=Sites,CN=Configuration,DC=wtbhome,DC=net
Role Rid Owner = CN=NTDS Settings,CN=BIG-RIG2,CN=Servers,CN=wtbhome,CN=Sites,CN=Configuration,DC=wtbhome,DC=net
Role Infrastructure Update Owner = CN=NTDS Settings,CN=BIG-RIG2,CN=Servers,CN=wtbhome,CN=Sites,CN=Configuration,DC=wtbhome,DC=net
......................... BIG-RIG2 passed test KnowsOfRoleHolders

Starting test: MachineAccount

Checking machine account for DC BIG-RIG2 on DC BIG-RIG2.
* SPN found :LDAP/big-rig2.wtbhome.net/wtbhome.net
* SPN found :LDAP/big-rig2.wtbhome.net
* SPN found :LDAP/BIG-RIG2
* SPN found :LDAP/big-rig2.wtbhome.net/WTBHOME
* SPN found :LDAP/63fa3998-2396-4450-b046-a8ceb3bf85dc._msdcs.wtbhome.net
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/63fa3998-2396-4450-b046-a8ceb3bf85dc/wtbhome.net
* SPN found :HOST/big-rig2.wtbhome.net/wtbhome.net
* SPN found :HOST/big-rig2.wtbhome.net
* SPN found :HOST/BIG-RIG2
* SPN found :HOST/big-rig2.wtbhome.net/WTBHOME
* SPN found :GC/big-rig2.wtbhome.net/wtbhome.net
......................... BIG-RIG2 passed test MachineAccount

Starting test: NCSecDesc

* Security Permissions check for all NC's on DC BIG-RIG2.
The forest is not ready for RODC. Will skip checking ERODC ACEs.
* Security Permissions Check for

DC=ForestDnsZones,DC=wtbhome,DC=net
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have 

Replicating Directory Changes In Filtered Set
access rights for the naming context:

DC=ForestDnsZones,DC=wtbhome,DC=net
* Security Permissions Check for

DC=DomainDnsZones,DC=wtbhome,DC=net
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have 

Replicating Directory Changes In Filtered Set
access rights for the naming context:

DC=DomainDnsZones,DC=wtbhome,DC=net
* Security Permissions Check for

CN=Schema,CN=Configuration,DC=wtbhome,DC=net
(Schema,Version 3)
* Security Permissions Check for

CN=Configuration,DC=wtbhome,DC=net
(Configuration,Version 3)
* Security Permissions Check for

DC=wtbhome,DC=net
(Domain,Version 3)
......................... BIG-RIG2 failed test NCSecDesc

Starting test: NetLogons

* Network Logons Privileges Check
Verified share \\BIG-RIG2\netlogon
Verified share \\BIG-RIG2\sysvol
......................... BIG-RIG2 passed test NetLogons

Starting test: ObjectsReplicated

BIG-RIG2 is in domain DC=wtbhome,DC=net
Checking for CN=BIG-RIG2,OU=Domain Controllers,DC=wtbhome,DC=net in domain DC=wtbhome,DC=net on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=BIG-RIG2,CN=Servers,CN=wtbhome,CN=Sites,CN=Configuration,DC=wtbhome,DC=net in domain CN=Configuration,DC=wtbhome,DC=net on 1 servers
Object is up-to-date on all servers.
......................... BIG-RIG2 passed test ObjectsReplicated

Starting test: OutboundSecureChannels

* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test because /testdomain: was

not entered

......................... BIG-RIG2 passed test OutboundSecureChannels

Starting test: Replications

* Replications Check
DC=ForestDnsZones,DC=wtbhome,DC=net has 2 cursors.
DC=DomainDnsZones,DC=wtbhome,DC=net has 2 cursors.
CN=Schema,CN=Configuration,DC=wtbhome,DC=net has 3 cursors.
CN=Configuration,DC=wtbhome,DC=net has 3 cursors.
DC=wtbhome,DC=net has 3 cursors.
* Replication Latency Check
DC=ForestDnsZones,DC=wtbhome,DC=net
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). 
DC=DomainDnsZones,DC=wtbhome,DC=net
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). 
CN=Schema,CN=Configuration,DC=wtbhome,DC=net
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). 
CN=Configuration,DC=wtbhome,DC=net
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). 
DC=wtbhome,DC=net
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). 
* Replication Site Latency Check 
Site Settings = CN=NTDS Site Settings,CN=wtbhome,CN=Sites,CN=Configuration,DC=wtbhome,DC=net
[0x904de,v=104252,t=2011-04-13 21:20:38,g=67c6ff80-efaf-447b-993e-68874af2d24a,orig=16409,local=16409]
Elapsed time (sec) = 471
......................... BIG-RIG2 passed test Replications

Starting test: RidManager

ridManagerReference = CN=RID Manager$,CN=System,DC=wtbhome,DC=net
* Available RID Pool for the Domain is 2607 to 1073741823
fSMORoleOwner = CN=NTDS Settings,CN=BIG-RIG2,CN=Servers,CN=wtbhome,CN=Sites,CN=Configuration,DC=wtbhome,DC=net
* big-rig2.wtbhome.net is the RID Master
* DsBind with RID Master was successful
rIDSetReferences = CN=RID Set,CN=BIG-RIG2,OU=Domain Controllers,DC=wtbhome,DC=net
* rIDAllocationPool is 2107 to 2606
* rIDPreviousAllocationPool is 2107 to 2606
* rIDNextRID: 2107
......................... BIG-RIG2 passed test RidManager

Starting test: Services

* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
w32time Service is stopped on [bIG-RIG2]

* Checking Service: NETLOGON
NETLOGON Service is stopped on [bIG-RIG2]

......................... BIG-RIG2 failed test Services

Starting test: SystemLog

* The System Event log test
An error event occurred. EventID: 0xC00038D4

Time Generated: 04/13/2011 21:03:45

Event String:

The DFS Namespace service could not initialize the trusted domain information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

An error event occurred. EventID: 0x000015E2

Time Generated: 04/13/2011 21:04:01

Event String:

An internal error occurred while accessing the computer's local or network security database.

An error event occurred. EventID: 0xC0001B6F

Time Generated: 04/13/2011 21:04:01

Event String:

The Netlogon service terminated with the following error: 

%%-1073741724

An error event occurred. EventID: 0x00000456

Time Generated: 04/13/2011 21:05:53

Event String:

The processing of Group Policy failed. Windows could not determine if the user and computer accounts are in the same forest. Ensure the user domain name matches the name of a trusted domain that resides in the same forest as the computer account.

......................... BIG-RIG2 failed test SystemLog

Starting test: Topology

* Configuration Topology Integrity Check
* Analyzing the connection topology for DC=ForestDnsZones,DC=wtbhome,DC=net.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=DomainDnsZones,DC=wtbhome,DC=net.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Schema,CN=Configuration,DC=wtbhome,DC=net.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Configuration,DC=wtbhome,DC=net.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=wtbhome,DC=net.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... BIG-RIG2 passed test Topology

Starting test: VerifyEnterpriseReferences

......................... BIG-RIG2 passed test

VerifyEnterpriseReferences

Starting test: VerifyReferences

The system object reference (serverReference)

CN=BIG-RIG2,OU=Domain Controllers,DC=wtbhome,DC=net and backlink on

CN=BIG-RIG2,CN=Servers,CN=wtbhome,CN=Sites,CN=Configuration,DC=wtbhome,DC=net

are correct. 
The system object reference (serverReferenceBL)

CN=BIG-RIG2,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=wtbhome,DC=net

and backlink on

CN=NTDS Settings,CN=BIG-RIG2,CN=Servers,CN=wtbhome,CN=Sites,CN=Configuration,DC=wtbhome,DC=net

are correct. 
The system object reference (frsComputerReferenceBL)

CN=BIG-RIG2,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=wtbhome,DC=net

and backlink on CN=BIG-RIG2,OU=Domain Controllers,DC=wtbhome,DC=net

are correct. 
......................... BIG-RIG2 passed test VerifyReferences

Starting test: VerifyReplicas

......................... BIG-RIG2 passed test VerifyReplicas


Starting test: DNS



DNS Tests are running and not hung. Please wait a few minutes...

NETLOGON Service is stopped on [bIG-RIG2]

See DNS test in enterprise tests section for results
......................... BIG-RIG2 passed test DNS


Running partition tests on : ForestDnsZones

Starting test: CheckSDRefDom

......................... ForestDnsZones passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... ForestDnsZones passed test

CrossRefValidation


Running partition tests on : DomainDnsZones

Starting test: CheckSDRefDom

......................... DomainDnsZones passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... DomainDnsZones passed test

CrossRefValidation


Running partition tests on : Schema

Starting test: CheckSDRefDom

......................... Schema passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... Schema passed test CrossRefValidation


Running partition tests on : Configuration

Starting test: CheckSDRefDom

......................... Configuration passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... Configuration passed test CrossRefValidation


Running partition tests on : wtbhome

Starting test: CheckSDRefDom

......................... wtbhome passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... wtbhome passed test CrossRefValidation


Running enterprise tests on : wtbhome.net

Starting test: DNS

Test results for domain controllers:


DC: big-rig2.wtbhome.net

Domain: wtbhome.net




TEST: Authentication (Auth)
Authentication test: Successfully completed

TEST: Basic (Basc)
The OS

Microsoft Windows Server 2008 R2 Enterprise (Service Pack level: 1.0)

is supported.

Error: NETLOGON service is not running
[Error details: 1062 (Type: Win32 - Description: The service has not been started.)]
kdc service is running

DNSCACHE service is running

DNS service is running

DC is a DNS server

Network adapters information:

Adapter

[00000007] Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller:



MAC address is BC:AE:C5:29:2C:12
IP Address is static 
IP address: 192.168.0.2, fe80::2873:578:ce44:eac9, fd47:dced:df9d:5a5f::1
DNS servers:

127.0.0.1 (BIG-RIG) [Valid]
::1 (BIG-RIG) [Valid]
The A host record(s) for this DC was found
The AAAA host record(s) for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found

TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information: 
192.168.0.2 (BIG-RIG) [Valid] 
71.242.0.12 () [Valid] 
71.252.0.12 () [Valid] 

TEST: Delegations (Del)
No delegations were found in this zone on this DNS server

TEST: Dynamic update (Dyn)
Test record dcdiag-test-record added successfully in zone wtbhome.net
Test record dcdiag-test-record deleted successfully in zone wtbhome.net

TEST: Records registration (RReg)
Network Adapter

[00000007] Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller:



Matching CNAME record found at DNS server 192.168.0.2:
63fa3998-2396-4450-b046-a8ceb3bf85dc._msdcs.wtbhome.net

Matching A record found at DNS server 192.168.0.2:
big-rig2.wtbhome.net

Matching AAAA record found at DNS server 192.168.0.2:
big-rig2.wtbhome.net

Matching SRV record found at DNS server 192.168.0.2:
_ldap._tcp.wtbhome.net

Matching SRV record found at DNS server 192.168.0.2:
_ldap._tcp.d170d4c1-dda7-4565-b23c-024adc8e5aa9.domains._msdcs.wtbhome.net

Matching SRV record found at DNS server 192.168.0.2:
_kerberos._tcp.dc._msdcs.wtbhome.net

Matching SRV record found at DNS server 192.168.0.2:
_ldap._tcp.dc._msdcs.wtbhome.net

Matching SRV record found at DNS server 192.168.0.2:
_kerberos._tcp.wtbhome.net

Matching SRV record found at DNS server 192.168.0.2:
_kerberos._udp.wtbhome.net

Matching SRV record found at DNS server 192.168.0.2:
_kpasswd._tcp.wtbhome.net

Matching SRV record found at DNS server 192.168.0.2:
_ldap._tcp.wtbhome._sites.wtbhome.net

Matching SRV record found at DNS server 192.168.0.2:
_kerberos._tcp.wtbhome._sites.dc._msdcs.wtbhome.net

Matching SRV record found at DNS server 192.168.0.2:
_ldap._tcp.wtbhome._sites.dc._msdcs.wtbhome.net

Matching SRV record found at DNS server 192.168.0.2:
_kerberos._tcp.wtbhome._sites.wtbhome.net

Matching SRV record found at DNS server 192.168.0.2:
_ldap._tcp.gc._msdcs.wtbhome.net

Matching A record found at DNS server 192.168.0.2:
gc._msdcs.wtbhome.net

Matching AAAA record found at DNS server 192.168.0.2:
gc._msdcs.wtbhome.net

Matching SRV record found at DNS server 192.168.0.2:
_gc._tcp.wtbhome._sites.wtbhome.net

Matching SRV record found at DNS server 192.168.0.2:
_ldap._tcp.wtbhome._sites.gc._msdcs.wtbhome.net

Matching SRV record found at DNS server 192.168.0.2:
_ldap._tcp.pdc._msdcs.wtbhome.net

Matching CNAME record found at DNS server ::1:
63fa3998-2396-4450-b046-a8ceb3bf85dc._msdcs.wtbhome.net

Matching A record found at DNS server ::1:
big-rig2.wtbhome.net

Matching AAAA record found at DNS server ::1:
big-rig2.wtbhome.net

Matching SRV record found at DNS server ::1:
_ldap._tcp.wtbhome.net

Matching SRV record found at DNS server ::1:
_ldap._tcp.d170d4c1-dda7-4565-b23c-024adc8e5aa9.domains._msdcs.wtbhome.net

Matching SRV record found at DNS server ::1:
_kerberos._tcp.dc._msdcs.wtbhome.net

Matching SRV record found at DNS server ::1:
_ldap._tcp.dc._msdcs.wtbhome.net

Matching SRV record found at DNS server ::1:
_kerberos._tcp.wtbhome.net

Matching SRV record found at DNS server ::1:
_kerberos._udp.wtbhome.net

Matching SRV record found at DNS server ::1:
_kpasswd._tcp.wtbhome.net

Matching SRV record found at DNS server ::1:
_ldap._tcp.wtbhome._sites.wtbhome.net

Matching SRV record found at DNS server ::1:
_kerberos._tcp.wtbhome._sites.dc._msdcs.wtbhome.net

Matching SRV record found at DNS server ::1:
_ldap._tcp.wtbhome._sites.dc._msdcs.wtbhome.net

Matching SRV record found at DNS server ::1:
_kerberos._tcp.wtbhome._sites.wtbhome.net

Matching SRV record found at DNS server ::1:
_ldap._tcp.gc._msdcs.wtbhome.net

Matching A record found at DNS server ::1:
gc._msdcs.wtbhome.net

Matching AAAA record found at DNS server ::1:
gc._msdcs.wtbhome.net

Matching SRV record found at DNS server ::1:
_gc._tcp.wtbhome._sites.wtbhome.net

Matching SRV record found at DNS server ::1:
_ldap._tcp.wtbhome._sites.gc._msdcs.wtbhome.net

Matching SRV record found at DNS server ::1:
_ldap._tcp.pdc._msdcs.wtbhome.net

Total query time:0 min. 0 sec.. Total RPC connection

time:0 min. 0 sec.

Total WMI connection time:0 min. 44 sec. Total Netuse connection

time:0 min. 0 sec.


Summary of test results for DNS servers used by the above domain

controllers:



DNS server: 192.168.0.2 (BIG-RIG)

All tests passed on this DNS server

Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered 
Total query time:0 min. 0 sec., Total WMI connection

time:0 min. 0 sec.


DNS server: 71.242.0.12 ()

All tests passed on this DNS server

Total query time:0 min. 0 sec., Total WMI connection

time:0 min. 21 sec.


DNS server: 71.252.0.12 ()

All tests passed on this DNS server

Total query time:0 min. 0 sec., Total WMI connection

time:0 min. 21 sec.


DNS server: ::1 (BIG-RIG)

All tests passed on this DNS server

Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered 
Total query time:0 min. 0 sec., Total WMI connection

time:0 min. 2 sec.


Summary of DNS test results:


Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: wtbhome.net

big-rig2 PASS FAIL PASS PASS PASS PASS n/a 

Total Time taken to test all the DCs:0 min. 44 sec.

......................... wtbhome.net failed test DNS

Starting test: LocatorCheck

Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1717

A Global Catalog Server could not be located - All GC's are down.

Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1717

A Primary Domain Controller could not be located.

The server holding the PDC role is down.

Warning: DcGetDcName(TIME_SERVER) call failed, error 1717

A Time Server could not be located.

The server holding the PDC role is down.

Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error

1717

A Good Time Server could not be located.

Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1717

A KDC could not be located - All the KDCs are down.

......................... wtbhome.net failed test LocatorCheck

Starting test: FsmoCheck

Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1717

A Global Catalog Server could not be located - All GC's are down.

Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1717

A Primary Domain Controller could not be located.

The server holding the PDC role is down.

Warning: DcGetDcName(TIME_SERVER) call failed, error 1717

A Time Server could not be located.

The server holding the PDC role is down.

Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error

1717

A Good Time Server could not be located.

Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1717

A KDC could not be located - All the KDCs are down.

......................... wtbhome.net failed test FsmoCheck

Starting test: Intersite

Skipping site wtbhome, this site is outside the scope provided by the

command line arguments provided. 
......................... wtbhome.net passed test Intersite

Posted

Ok, something didn't worked during the migration...

 

You have multiple problems, first of all you have services which aren't running:

 

ntds

kdc

w32time

netlogon

 

Try start the manually and check if you have any error.

 

By the way the most painful problem is here:

 

Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1717

A Primary Domain Controller could not be located.

The server holding the PDC role is down.

 

The last part is telling you the problem: "The server HOLDING the PDC role is down", this means your DC (big-ring2) doesn't know that big-rig is no more there.

 

Take a look here:

 

http://support.microsoft.com/kb/255504

 

I'm just guessing what's happened during migration...

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Posted

Ok, something didn't worked during the migration...

 

You have multiple problems, first of all you have services which aren't running:

 

ntds

kdc

w32time

netlogon

 

Try start the manually and check if you have any error.

 

By the way the most painful problem is here:

 

Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1717

A Primary Domain Controller could not be located.

The server holding the PDC role is down.

 

The last part is telling you the problem: "The server HOLDING the PDC role is down", this means your DC (big-ring2) doesn't know that big-rig is no more there.

 

Take a look here:

 

http://support.microsoft.com/kb/255504

 

I'm just guessing what's happened during migration...

 

I tried starting the services you said and the first two reported that they were already started.

 

w32time failed to start with error 1792

netlogon failed to start with error 100

 

Those errors are from doing a net start from the command line.

 

I looked at the link you gave me. Do you think I could cause any damage by seizing all of the FSMO roles even if the server already holds the role?

 

Thanks SO much for all of your help! If you can get my server back in working order I need to send you a case of beer or something! You'll be my hero!

Posted

ok first try this:

 

run services.msc and find NETLOGON, be sure it's set to AUTOMATIC (start) and not Manual o Delayed.

 

Now open the command prompt and type:

 

net start netlogon

 

If the error code changes, post the new one, else, check the event viewer to find something more detailed (actually I don't now what does "100" mean...).

 

If you don't have errors, start w32time again and tell me the result.

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Posted

netlogon is set to automatic. The error in the event viewer is as follows:

 

EventID: 5602 "An internal error occurred while accessing the computer's local or network security database"

 

Sounding to me like it's because it does not know it's the only DC left & it's maybe looking for the secutiry database on the old DC.

Posted

netlogon is set to automatic. The error in the event viewer is as follows:

 

EventID: 5602 "An internal error occurred while accessing the computer's local or network security database"

 

Sounding to me like it's because it does not know it's the only DC left & it's maybe looking for the secutiry database on the old DC.

 

And MAYBE you're right.

 

But I can't be sure and if this is not your case, you don't have to seizing your DC. So let's try other (and safer) test before.

 

Post results:

 

netdiag.exe /v

repadmin.exe /showrepl dc* /verbose /all /intersite

 

 

Thanks and sorry for all these tests, but it's not really easy to solve this kind of problems.

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Posted

No problem on doing more tests! Not doing enough of them is what got me into this predicament in the first place!

 

I don't seem to have netdiag.exe on the server.

 

repadmin is reporting an error when I run it. Here's the output:

 

Repadmin experienced the following error trying to resolve the DSA_NAME: dc*

If you are trying to connect to an AD LDS instance, you must use :

If you are trying to connect to an AD LDS instance with wildcarding support, you must use the /homeserver option.

Error: An error occurred:

Win32 Error 8419(0x20e3): The DSA object could not be found.



Posted

No problem on doing more tests! Not doing enough of them is what got me into this predicament in the first place!

 

I don't seem to have netdiag.exe on the server.

 

repadmin is reporting an error when I run it. Here's the output:

 

Repadmin experienced the following error trying to resolve the DSA_NAME: dc*

If you are trying to connect to an AD LDS instance, you must use :

If you are trying to connect to an AD LDS instance with wildcarding support, you must use the /homeserver option.

Error: An error occurred:

Win32 Error 8419(0x20e3): The DSA object could not be found.



 

Ok, replace DC* with you domain controller's name.

 

Then replace the domain controller's name with the old domain controller's name (I know it's turned off, but do it).

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...