Guest Paul Chow Posted September 9, 2008 Posted September 9, 2008 I am trying to migrate from an old W2K3 Active Directory domain controller to a new one. Eventually I want to remove the old server from the network. I have never done this before and it is a little bit out of my league so I Googled, read and hopefully followed several articles that I found, but am still getting some errors logged. The list of AD users, computers etc replicated over to the new server, but when I turn off the old one no one can log in and there is no Internet access. I think both of these problems are due to DNS (which I really understand about 1% of). There are no errors in the DNS log though (just info that the service started). Most of the computers have fixed IPs so DHCP isn't really an issue, but the DHCP service is also failing. I'm hoping from the log files someone can give me some specific things to try as opposed to links to articles that are above my understanding. Your help is much appreciated. System Log: Event ID 1059 The DHCP service failed to see a directory server for authorization. Directory Service Log: Event ID 2088 Active Directory could not use DNS to resolve the IP address of the source domain controller listed below. To maintain the consistency of Security groups, group policy, users and computers and their passwords, Active Directory successfully replicated using the NetBIOS or fully qualified computer name of the source domain controller. Invalid DNS configuration may be affecting other essential operations on member computers, domain controllers or application servers in this Active Directory forest, including logon authentication or access to network resources. (I cut out the rest of the error, let me know if it would be helpful to post the entire message) Event ID 1586 The Windows NT 4.0 or earlier replication checkpoint with the PDC emulator master was unsuccessful. A full synchronization of the security accounts manager (SAM) database to domain controllers running Windows NT 4.0 and earlier might take place if the PDC emulator master role is transferred to the local domain controller before the next successful checkpoint. Application Log: Event ID5 3258 MS DTC could not correctly process a DC Promotion/Demotion event. MS DTC will continue to function and will use the existing security settings. Error Specifics: %1 Event ID 53258 MS DTC could not correctly process a DC Promotion/Demotion event. MS DTC will continue to function and will use the existing security settings. Error Specifics: d:\nt\com\complus\dtc\dtc\adme\uiname.cpp:9351, Pid: 1160 No Callstack, CmdLine: C:\WINDOWS\system32\msdtc.exe
Guest Meinolf Weber Posted September 9, 2008 Posted September 9, 2008 Re: Problems migrating AD PDC Hello Paul, Did you install DNS also on the new server and point all clients to use it? Did you configure the FORWARDERS in the DNS management console under the server properties? Did you move all 5 FSMO roles to the new server? Did you make the new DC Global catalog server? Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > I am trying to migrate from an old W2K3 Active Directory domain > controller to a new one. Eventually I want to remove the old server > from the network. I have never done this before and it is a little bit > out of my league so I Googled, read and hopefully followed several > articles that I found, but am still getting some errors logged. > > The list of AD users, computers etc replicated over to the new server, > but when I turn off the old one no one can log in and there is no > Internet access. I think both of these problems are due to DNS (which > I really understand about 1% of). There are no errors in the DNS log > though (just info that the service started). > > Most of the computers have fixed IPs so DHCP isn't really an issue, > but the DHCP service is also failing. > > I'm hoping from the log files someone can give me some specific things > to try as opposed to links to articles that are above my > understanding. > > Your help is much appreciated. > > System Log: > > Event ID 1059 > The DHCP service failed to see a directory server for authorization. > Directory Service Log: > > Event ID 2088 > Active Directory could not use DNS to resolve the IP address of the > source > domain controller listed below. To maintain the consistency of > Security > groups, group policy, users and computers and their passwords, Active > Directory successfully replicated using the NetBIOS or fully qualified > computer name of the source domain controller. > Invalid DNS configuration may be affecting other essential operations > on > member computers, domain controllers or application servers in this > Active > Directory forest, including logon authentication or access to network > resources. > (I cut out the rest of the error, let me know if it would be helpful > to post > the entire message) > Event ID 1586 > The Windows NT 4.0 or earlier replication checkpoint with the PDC > emulator > master was unsuccessful. > A full synchronization of the security accounts manager (SAM) database > to domain controllers running Windows NT 4.0 and earlier might take > place if the PDC emulator master role is transferred to the local > domain controller before the next successful checkpoint. > > Application Log: > Event ID5 3258 > MS DTC could not correctly process a DC Promotion/Demotion event. MS > DTC > will continue to function and will use the existing security settings. > Error > Specifics: %1 > Event ID 53258 > MS DTC could not correctly process a DC Promotion/Demotion event. MS > DTC > will continue to function and will use the existing security settings. > Error > Specifics: d:\nt\com\complus\dtc\dtc\adme\uiname.cpp:9351, Pid: 1160 > No Callstack, CmdLine: C:\WINDOWS\system32\msdtc.exe
Guest Paul Chow Posted September 9, 2008 Posted September 9, 2008 Re: Problems migrating AD PDC Thanks for your reply. > Did you install DNS also on the new server and point all clients to use it? DNS is installed. After shutting down the old server I changed the new server to the old servers IP and rebooted. > Did you configure the FORWARDERS in the DNS management console under the > server properties? I dont think so. I just "poked" around in the DNS console and cant even find these settings. Is there a (easy) way to export the entire DNS setup from the old server? > Did you move all 5 FSMO roles to the new server? I dont know what this means, so probably not. > Did you make the new DC Global catalog server? Yes help... I'm over my head "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message news:ff16fb6666398cae0e32ae8ece8@msnews.microsoft.com... > Hello Paul, > > Did you install DNS also on the new server and point all clients to use it? > > Did you configure the FORWARDERS in the DNS management console under the > server properties? > > Did you move all 5 FSMO roles to the new server? > > Did you make the new DC Global catalog server? > > Best regards > > Meinolf Weber > Disclaimer: This posting is provided "AS IS" with no warranties, and confers > no rights. > ** Please do NOT email, only reply to Newsgroups > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > > > > I am trying to migrate from an old W2K3 Active Directory domain > > controller to a new one. Eventually I want to remove the old server > > from the network. I have never done this before and it is a little bit > > out of my league so I Googled, read and hopefully followed several > > articles that I found, but am still getting some errors logged. > > > > The list of AD users, computers etc replicated over to the new server, > > but when I turn off the old one no one can log in and there is no > > Internet access. I think both of these problems are due to DNS (which > > I really understand about 1% of). There are no errors in the DNS log > > though (just info that the service started). > > > > Most of the computers have fixed IPs so DHCP isn't really an issue, > > but the DHCP service is also failing. > > > > I'm hoping from the log files someone can give me some specific things > > to try as opposed to links to articles that are above my > > understanding. > > > > Your help is much appreciated. > > > > System Log: > > > > Event ID 1059 > > The DHCP service failed to see a directory server for authorization. > > Directory Service Log: > > > > Event ID 2088 > > Active Directory could not use DNS to resolve the IP address of the > > source > > domain controller listed below. To maintain the consistency of > > Security > > groups, group policy, users and computers and their passwords, Active > > Directory successfully replicated using the NetBIOS or fully qualified > > computer name of the source domain controller. > > Invalid DNS configuration may be affecting other essential operations > > on > > member computers, domain controllers or application servers in this > > Active > > Directory forest, including logon authentication or access to network > > resources. > > (I cut out the rest of the error, let me know if it would be helpful > > to post > > the entire message) > > Event ID 1586 > > The Windows NT 4.0 or earlier replication checkpoint with the PDC > > emulator > > master was unsuccessful. > > A full synchronization of the security accounts manager (SAM) database > > to domain controllers running Windows NT 4.0 and earlier might take > > place if the PDC emulator master role is transferred to the local > > domain controller before the next successful checkpoint. > > > > Application Log: > > Event ID5 3258 > > MS DTC could not correctly process a DC Promotion/Demotion event. MS > > DTC > > will continue to function and will use the existing security settings. > > Error > > Specifics: %1 > > Event ID 53258 > > MS DTC could not correctly process a DC Promotion/Demotion event. MS > > DTC > > will continue to function and will use the existing security settings. > > Error > > Specifics: d:\nt\com\complus\dtc\dtc\adme\uiname.cpp:9351, Pid: 1160 > > No Callstack, CmdLine: C:\WINDOWS\system32\msdtc.exe > >
Guest Meinolf Weber Posted September 10, 2008 Posted September 10, 2008 Re: Problems migrating AD PDC Hello Paul, Check this list for the steps you have done or not, if not do it now and leave the old DC still up and running during the time: - On the old server open DNS management console and check that you are running Active directory integrated zone (easier for replication, if you have more then one DNS server) - run replmon, dcdiag and netdiag on the old machine to check for errors, if you have some post the complete output from the command here or solve them first - run adprep /forestprep and adprep /domainprep from the 2003 installation disk against the 2000 server, with an account that is member of the Schema admins, to upgrade the schema to the new version - Install the new machine as a member server in your existing domain - configure a fixed ip and set the preferred DNS server to the old DNS server only - run dcpromo and follow the wizard to add the 2003 server to an existing domain - if you are prompted for DNS configuration choose Yes (also possible that no DNS preparation occur), then install DNS after the reboot - for DNS give the server time for replication, at least 15 minutes. Because you use Active directory integrated zones it will automatically replicate the zones to the new server. Open DNS management console to check that they appear - if the new machine is domain controller and DNS server run again replmon, dcdiag and netdiag on both domain controllers - if you have no errors, make the new server Global catalog server, open Active directory Sites and Services and then double-click sitename, double-click Servers, click your domain controller, right-click NTDS Settings, and then click Properties, on the General tab, click to select the Global catalog check box (http://support.microsoft.com/?id=313994) - Transfer, NOT seize the 5 FSMO roles to the new Domain controller (http://support.microsoft.com/kb/324801) - you can see in the event viewer (Directory service) that the roles are transferred, also give it some time - reconfigure the DNS configuration on your NIC of the 2003 server, preferred DNS itself, secondary the old one - if you use DHCP do not forget to reconfigure the scope settings to point to the new installed DNS server - export and import of DHCP database (if needed) http://support.microsoft.com/kb/325473 Demoting - reconfigure your clients/servers that they not longer point to the old DC/DNS server on the NIC - to be sure that everything runs fine, disconnect the old DC from the network and check with clients and servers the connectivity, logon and also with one client a restart to see that everything is ok - then run dcpromo to demote the old DC, if it works fine the machine will move from the DC's OU to the computers container, where you can delete it by hand. Can be that you got an error during demoting at the beginning, then uncheck the Global catalog on that DC and try again - check the DNS management console, that all entries from the machine are disappeared or delete them by hand if the machine is off the network for ever Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > Thanks for your reply. > >> Did you install DNS also on the new server and point all clients to >> use >> > it? > DNS is installed. After shutting down the old server I changed the new > server to the old servers IP and rebooted. >> Did you configure the FORWARDERS in the DNS management console under >> the server properties? >> > I dont think so. I just "poked" around in the DNS console and cant > even find > these settings. > Is there a (easy) way to export the entire DNS setup from the old > server? >> Did you move all 5 FSMO roles to the new server? >> > I dont know what this means, so probably not. > >> Did you make the new DC Global catalog server? >> > Yes > > help... I'm over my head > > "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message > news:ff16fb6666398cae0e32ae8ece8@msnews.microsoft.com... > >> Hello Paul, >> >> Did you install DNS also on the new server and point all clients to >> use >> > it? > >> Did you configure the FORWARDERS in the DNS management console under >> the server properties? >> >> Did you move all 5 FSMO roles to the new server? >> >> Did you make the new DC Global catalog server? >> >> Best regards >> >> Meinolf Weber >> Disclaimer: This posting is provided "AS IS" with no warranties, and > confers > >> no rights. >> ** Please do NOT email, only reply to Newsgroups >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm >>> I am trying to migrate from an old W2K3 Active Directory domain >>> controller to a new one. Eventually I want to remove the old server >>> from the network. I have never done this before and it is a little >>> bit out of my league so I Googled, read and hopefully followed >>> several articles that I found, but am still getting some errors >>> logged. >>> >>> The list of AD users, computers etc replicated over to the new >>> server, but when I turn off the old one no one can log in and there >>> is no Internet access. I think both of these problems are due to DNS >>> (which I really understand about 1% of). There are no errors in the >>> DNS log though (just info that the service started). >>> >>> Most of the computers have fixed IPs so DHCP isn't really an issue, >>> but the DHCP service is also failing. >>> >>> I'm hoping from the log files someone can give me some specific >>> things to try as opposed to links to articles that are above my >>> understanding. >>> >>> Your help is much appreciated. >>> >>> System Log: >>> >>> Event ID 1059 >>> The DHCP service failed to see a directory server for authorization. >>> Directory Service Log: >>> Event ID 2088 >>> Active Directory could not use DNS to resolve the IP address of the >>> source >>> domain controller listed below. To maintain the consistency of >>> Security >>> groups, group policy, users and computers and their passwords, >>> Active >>> Directory successfully replicated using the NetBIOS or fully >>> qualified >>> computer name of the source domain controller. >>> Invalid DNS configuration may be affecting other essential >>> operations >>> on >>> member computers, domain controllers or application servers in this >>> Active >>> Directory forest, including logon authentication or access to >>> network >>> resources. >>> (I cut out the rest of the error, let me know if it would be helpful >>> to post >>> the entire message) >>> Event ID 1586 >>> The Windows NT 4.0 or earlier replication checkpoint with the PDC >>> emulator >>> master was unsuccessful. >>> A full synchronization of the security accounts manager (SAM) >>> database >>> to domain controllers running Windows NT 4.0 and earlier might take >>> place if the PDC emulator master role is transferred to the local >>> domain controller before the next successful checkpoint. >>> Application Log: >>> Event ID5 3258 >>> MS DTC could not correctly process a DC Promotion/Demotion event. MS >>> DTC >>> will continue to function and will use the existing security >>> settings. >>> Error >>> Specifics: %1 >>> Event ID 53258 >>> MS DTC could not correctly process a DC Promotion/Demotion event. MS >>> DTC >>> will continue to function and will use the existing security >>> settings. >>> Error >>> Specifics: d:\nt\com\complus\dtc\dtc\adme\uiname.cpp:9351, Pid: 1160 >>> No Callstack, CmdLine: C:\WINDOWS\system32\msdtc.exe
Guest Paul Chow Posted September 11, 2008 Posted September 11, 2008 Re: Problems migrating AD PDC <Meinolf Weber> wrote in message news:ff16fb6666c48cae132945ad0f4@msnews.microsoft.com... > Hello Paul, > > Check this list for the steps you have done or not, if not do it now and > leave the old DC still up and running during the time: > > - On the old server open DNS management console and check that you are running > Active directory integrated zone (easier for replication, if you have more > then one DNS server) > > - run replmon, dcdiag and netdiag on the old machine to check for errors, > if you have some post the complete output from the command here or solve > them first > > - run adprep /forestprep and adprep /domainprep from the 2003 installation > disk against the 2000 server, with an account that is member of the Schema > admins, to upgrade the schema to the new version > > - Install the new machine as a member server in your existing domain > > - configure a fixed ip and set the preferred DNS server to the old DNS server > only > > - run dcpromo and follow the wizard to add the 2003 server to an existing > domain > > - if you are prompted for DNS configuration choose Yes (also possible that > no DNS preparation occur), then install DNS after the reboot > > - for DNS give the server time for replication, at least 15 minutes. Because > you use Active directory integrated zones it will automatically replicate > the zones to the new server. Open DNS management console to check that they > appear > > - if the new machine is domain controller and DNS server run again replmon, > dcdiag and netdiag on both domain controllers > > - if you have no errors, make the new server Global catalog server, open > Active directory Sites and Services and then double-click sitename, double-click > Servers, click your domain controller, right-click NTDS Settings, and then > click Properties, on the General tab, click to select the Global catalog > check box (http://support.microsoft.com/?id=313994) > > - Transfer, NOT seize the 5 FSMO roles to the new Domain controller (http://support.microsoft.com/kb/324801) > > - you can see in the event viewer (Directory service) that the roles are > transferred, also give it some time > > - reconfigure the DNS configuration on your NIC of the 2003 server, preferred > DNS itself, secondary the old one > > - if you use DHCP do not forget to reconfigure the scope settings to point > to the new installed DNS server > > - export and import of DHCP database (if needed) http://support.microsoft.com/kb/325473 > > > Demoting > > - reconfigure your clients/servers that they not longer point to the old > DC/DNS server on the NIC > > - to be sure that everything runs fine, disconnect the old DC from the network > and check with clients and servers the connectivity, logon and also with > one client a restart to see that everything is ok > > - then run dcpromo to demote the old DC, if it works fine the machine will > move from the DC's OU to the computers container, where you can delete it > by hand. Can be that you got an error during demoting at the beginning, then > uncheck the Global catalog on that DC and try again > > - check the DNS management console, that all entries from the machine are > disappeared or delete them by hand if the machine is off the network for ever > > > Best regards > > Meinolf Weber > Disclaimer: This posting is provided "AS IS" with no warranties, and confers > no rights. > ** Please do NOT email, only reply to Newsgroups > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > > > > Thanks for your reply. > > > >> Did you install DNS also on the new server and point all clients to > >> use > >> > > it? > > DNS is installed. After shutting down the old server I changed the new > > server to the old servers IP and rebooted. > >> Did you configure the FORWARDERS in the DNS management console under > >> the server properties? > >> > > I dont think so. I just "poked" around in the DNS console and cant > > even find > > these settings. > > Is there a (easy) way to export the entire DNS setup from the old > > server? > >> Did you move all 5 FSMO roles to the new server? > >> > > I dont know what this means, so probably not. > > > >> Did you make the new DC Global catalog server? > >> > > Yes > > > > help... I'm over my head > > > > "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message > > news:ff16fb6666398cae0e32ae8ece8@msnews.microsoft.com... > > > >> Hello Paul, > >> > >> Did you install DNS also on the new server and point all clients to > >> use > >> > > it? > > > >> Did you configure the FORWARDERS in the DNS management console under > >> the server properties? > >> > >> Did you move all 5 FSMO roles to the new server? > >> > >> Did you make the new DC Global catalog server? > >> > >> Best regards > >> > >> Meinolf Weber > >> Disclaimer: This posting is provided "AS IS" with no warranties, and > > confers > > > >> no rights. > >> ** Please do NOT email, only reply to Newsgroups > >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > >>> I am trying to migrate from an old W2K3 Active Directory domain > >>> controller to a new one. Eventually I want to remove the old server > >>> from the network. I have never done this before and it is a little > >>> bit out of my league so I Googled, read and hopefully followed > >>> several articles that I found, but am still getting some errors > >>> logged. > >>> > >>> The list of AD users, computers etc replicated over to the new > >>> server, but when I turn off the old one no one can log in and there > >>> is no Internet access. I think both of these problems are due to DNS > >>> (which I really understand about 1% of). There are no errors in the > >>> DNS log though (just info that the service started). > >>> > >>> Most of the computers have fixed IPs so DHCP isn't really an issue, > >>> but the DHCP service is also failing. > >>> > >>> I'm hoping from the log files someone can give me some specific > >>> things to try as opposed to links to articles that are above my > >>> understanding. > >>> > >>> Your help is much appreciated. > >>> > >>> System Log: > >>> > >>> Event ID 1059 > >>> The DHCP service failed to see a directory server for authorization. > >>> Directory Service Log: > >>> Event ID 2088 > >>> Active Directory could not use DNS to resolve the IP address of the > >>> source > >>> domain controller listed below. To maintain the consistency of > >>> Security > >>> groups, group policy, users and computers and their passwords, > >>> Active > >>> Directory successfully replicated using the NetBIOS or fully > >>> qualified > >>> computer name of the source domain controller. > >>> Invalid DNS configuration may be affecting other essential > >>> operations > >>> on > >>> member computers, domain controllers or application servers in this > >>> Active > >>> Directory forest, including logon authentication or access to > >>> network > >>> resources. > >>> (I cut out the rest of the error, let me know if it would be helpful > >>> to post > >>> the entire message) > >>> Event ID 1586 > >>> The Windows NT 4.0 or earlier replication checkpoint with the PDC > >>> emulator > >>> master was unsuccessful. > >>> A full synchronization of the security accounts manager (SAM) > >>> database > >>> to domain controllers running Windows NT 4.0 and earlier might take > >>> place if the PDC emulator master role is transferred to the local > >>> domain controller before the next successful checkpoint. > >>> Application Log: > >>> Event ID5 3258 > >>> MS DTC could not correctly process a DC Promotion/Demotion event. MS > >>> DTC > >>> will continue to function and will use the existing security > >>> settings. > >>> Error > >>> Specifics: %1 > >>> Event ID 53258 > >>> MS DTC could not correctly process a DC Promotion/Demotion event. MS > >>> DTC > >>> will continue to function and will use the existing security > >>> settings. > >>> Error > >>> Specifics: d:\nt\com\complus\dtc\dtc\adme\uiname.cpp:9351, Pid: 1160 > >>> No Callstack, CmdLine: C:\WINDOWS\system32\msdtc.exe > > Thanks. I'm going to work through this list and post back
Guest Paul Chow Posted September 18, 2008 Posted September 18, 2008 Re: Problems migrating AD PDC So I have been going through your list. I still have not been able to get rid of any of the original errors that I posted. When I try to Transfer FSMO roles (change operations master, change schema master, etc.) I get the following: "The transfer of the operations master role cannot be performed because the requested FSMO operation failed. The current FSMO holder could not be contacted" As I stated in an earlier post I know that there are DNS issues. 1. From the event logs 2. If I take the old server offline and point a workstation DNS setting to the new server I cant browse. I am sure that all of these issues are related, but not sure how to correct. I have no idea what to do next <Meinolf Weber> wrote in message news:ff16fb6666c48cae132945ad0f4@msnews.microsoft.com... > Hello Paul, > > Check this list for the steps you have done or not, if not do it now and > leave the old DC still up and running during the time: > > - On the old server open DNS management console and check that you are running > Active directory integrated zone (easier for replication, if you have more > then one DNS server) > > - run replmon, dcdiag and netdiag on the old machine to check for errors, > if you have some post the complete output from the command here or solve > them first > > - run adprep /forestprep and adprep /domainprep from the 2003 installation > disk against the 2000 server, with an account that is member of the Schema > admins, to upgrade the schema to the new version > > - Install the new machine as a member server in your existing domain > > - configure a fixed ip and set the preferred DNS server to the old DNS server > only > > - run dcpromo and follow the wizard to add the 2003 server to an existing > domain > > - if you are prompted for DNS configuration choose Yes (also possible that > no DNS preparation occur), then install DNS after the reboot > > - for DNS give the server time for replication, at least 15 minutes. Because > you use Active directory integrated zones it will automatically replicate > the zones to the new server. Open DNS management console to check that they > appear > > - if the new machine is domain controller and DNS server run again replmon, > dcdiag and netdiag on both domain controllers > > - if you have no errors, make the new server Global catalog server, open > Active directory Sites and Services and then double-click sitename, double-click > Servers, click your domain controller, right-click NTDS Settings, and then > click Properties, on the General tab, click to select the Global catalog > check box (http://support.microsoft.com/?id=313994) > > - Transfer, NOT seize the 5 FSMO roles to the new Domain controller (http://support.microsoft.com/kb/324801) > > - you can see in the event viewer (Directory service) that the roles are > transferred, also give it some time > > - reconfigure the DNS configuration on your NIC of the 2003 server, preferred > DNS itself, secondary the old one > > - if you use DHCP do not forget to reconfigure the scope settings to point > to the new installed DNS server > > - export and import of DHCP database (if needed) http://support.microsoft.com/kb/325473 > > > Demoting > > - reconfigure your clients/servers that they not longer point to the old > DC/DNS server on the NIC > > - to be sure that everything runs fine, disconnect the old DC from the network > and check with clients and servers the connectivity, logon and also with > one client a restart to see that everything is ok > > - then run dcpromo to demote the old DC, if it works fine the machine will > move from the DC's OU to the computers container, where you can delete it > by hand. Can be that you got an error during demoting at the beginning, then > uncheck the Global catalog on that DC and try again > > - check the DNS management console, that all entries from the machine are > disappeared or delete them by hand if the machine is off the network for ever > > > Best regards > > Meinolf Weber > Disclaimer: This posting is provided "AS IS" with no warranties, and confers > no rights. > ** Please do NOT email, only reply to Newsgroups > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > > > > Thanks for your reply. > > > >> Did you install DNS also on the new server and point all clients to > >> use > >> > > it? > > DNS is installed. After shutting down the old server I changed the new > > server to the old servers IP and rebooted. > >> Did you configure the FORWARDERS in the DNS management console under > >> the server properties? > >> > > I dont think so. I just "poked" around in the DNS console and cant > > even find > > these settings. > > Is there a (easy) way to export the entire DNS setup from the old > > server? > >> Did you move all 5 FSMO roles to the new server? > >> > > I dont know what this means, so probably not. > > > >> Did you make the new DC Global catalog server? > >> > > Yes > > > > help... I'm over my head > > > > "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message > > news:ff16fb6666398cae0e32ae8ece8@msnews.microsoft.com... > > > >> Hello Paul, > >> > >> Did you install DNS also on the new server and point all clients to > >> use > >> > > it? > > > >> Did you configure the FORWARDERS in the DNS management console under > >> the server properties? > >> > >> Did you move all 5 FSMO roles to the new server? > >> > >> Did you make the new DC Global catalog server? > >> > >> Best regards > >> > >> Meinolf Weber > >> Disclaimer: This posting is provided "AS IS" with no warranties, and > > confers > > > >> no rights. > >> ** Please do NOT email, only reply to Newsgroups > >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > >>> I am trying to migrate from an old W2K3 Active Directory domain > >>> controller to a new one. Eventually I want to remove the old server > >>> from the network. I have never done this before and it is a little > >>> bit out of my league so I Googled, read and hopefully followed > >>> several articles that I found, but am still getting some errors > >>> logged. > >>> > >>> The list of AD users, computers etc replicated over to the new > >>> server, but when I turn off the old one no one can log in and there > >>> is no Internet access. I think both of these problems are due to DNS > >>> (which I really understand about 1% of). There are no errors in the > >>> DNS log though (just info that the service started). > >>> > >>> Most of the computers have fixed IPs so DHCP isn't really an issue, > >>> but the DHCP service is also failing. > >>> > >>> I'm hoping from the log files someone can give me some specific > >>> things to try as opposed to links to articles that are above my > >>> understanding. > >>> > >>> Your help is much appreciated. > >>> > >>> System Log: > >>> > >>> Event ID 1059 > >>> The DHCP service failed to see a directory server for authorization. > >>> Directory Service Log: > >>> Event ID 2088 > >>> Active Directory could not use DNS to resolve the IP address of the > >>> source > >>> domain controller listed below. To maintain the consistency of > >>> Security > >>> groups, group policy, users and computers and their passwords, > >>> Active > >>> Directory successfully replicated using the NetBIOS or fully > >>> qualified > >>> computer name of the source domain controller. > >>> Invalid DNS configuration may be affecting other essential > >>> operations > >>> on > >>> member computers, domain controllers or application servers in this > >>> Active > >>> Directory forest, including logon authentication or access to > >>> network > >>> resources. > >>> (I cut out the rest of the error, let me know if it would be helpful > >>> to post > >>> the entire message) > >>> Event ID 1586 > >>> The Windows NT 4.0 or earlier replication checkpoint with the PDC > >>> emulator > >>> master was unsuccessful. > >>> A full synchronization of the security accounts manager (SAM) > >>> database > >>> to domain controllers running Windows NT 4.0 and earlier might take > >>> place if the PDC emulator master role is transferred to the local > >>> domain controller before the next successful checkpoint. > >>> Application Log: > >>> Event ID5 3258 > >>> MS DTC could not correctly process a DC Promotion/Demotion event. MS > >>> DTC > >>> will continue to function and will use the existing security > >>> settings. > >>> Error > >>> Specifics: %1 > >>> Event ID 53258 > >>> MS DTC could not correctly process a DC Promotion/Demotion event. MS > >>> DTC > >>> will continue to function and will use the existing security > >>> settings. > >>> Error > >>> Specifics: d:\nt\com\complus\dtc\dtc\adme\uiname.cpp:9351, Pid: 1160 > >>> No Callstack, CmdLine: C:\WINDOWS\system32\msdtc.exe > >
Guest Meinolf Weber Posted September 18, 2008 Posted September 18, 2008 Re: Problems migrating AD PDC Hello Paul, Please post an unedited ipconfig /all from both DC's. Did you configure the FORWARDERS in the DNS management console under the server properties? Did you move all 5 FSMO roles to the new server? Did you make the new DC Global catalog server? Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > So I have been going through your list. I still have not been able to > get rid of any of the original errors that I posted. > > When I try to Transfer FSMO roles (change operations master, change > schema master, etc.) I get the following: "The transfer of the > operations master role cannot be performed because the requested FSMO > operation failed. The current FSMO holder could not be contacted" > > As I stated in an earlier post I know that there are DNS issues. > 1. From the event logs > 2. If I take the old server offline and point a workstation DNS > setting to > the new server I cant browse. > I am sure that all of these issues are related, but not sure how to > correct. > > I have no idea what to do next > > <Meinolf Weber> wrote in message > news:ff16fb6666c48cae132945ad0f4@msnews.microsoft.com... >> Hello Paul, >> >> Check this list for the steps you have done or not, if not do it now >> and leave the old DC still up and running during the time: >> >> - On the old server open DNS management console and check that you >> are >> > running > >> Active directory integrated zone (easier for replication, if you have >> more then one DNS server) >> >> - run replmon, dcdiag and netdiag on the old machine to check for >> errors, if you have some post the complete output from the command >> here or solve them first >> >> - run adprep /forestprep and adprep /domainprep from the 2003 >> installation disk against the 2000 server, with an account that is >> member of the Schema admins, to upgrade the schema to the new version >> >> - Install the new machine as a member server in your existing domain >> >> - configure a fixed ip and set the preferred DNS server to the old >> DNS >> > server > >> only >> >> - run dcpromo and follow the wizard to add the 2003 server to an >> existing domain >> >> - if you are prompted for DNS configuration choose Yes (also possible >> that no DNS preparation occur), then install DNS after the reboot >> >> - for DNS give the server time for replication, at least 15 minutes. >> > Because > >> you use Active directory integrated zones it will automatically >> replicate the zones to the new server. Open DNS management console to >> check that >> > they > >> appear >> >> - if the new machine is domain controller and DNS server run again >> > replmon, > >> dcdiag and netdiag on both domain controllers >> >> - if you have no errors, make the new server Global catalog server, >> open Active directory Sites and Services and then double-click >> sitename, >> > double-click > >> Servers, click your domain controller, right-click NTDS Settings, and >> then click Properties, on the General tab, click to select the Global >> catalog check box (http://support.microsoft.com/?id=313994) >> >> - Transfer, NOT seize the 5 FSMO roles to the new Domain controller >> > (http://support.microsoft.com/kb/324801) > >> - you can see in the event viewer (Directory service) that the roles >> are transferred, also give it some time >> >> - reconfigure the DNS configuration on your NIC of the 2003 server, >> > preferred > >> DNS itself, secondary the old one >> >> - if you use DHCP do not forget to reconfigure the scope settings to >> point to the new installed DNS server >> >> - export and import of DHCP database (if needed) >> > http://support.microsoft.com/kb/325473 > >> Demoting >> >> - reconfigure your clients/servers that they not longer point to the >> old DC/DNS server on the NIC >> >> - to be sure that everything runs fine, disconnect the old DC from >> the >> > network > >> and check with clients and servers the connectivity, logon and also >> with one client a restart to see that everything is ok >> >> - then run dcpromo to demote the old DC, if it works fine the machine >> will move from the DC's OU to the computers container, where you can >> delete it by hand. Can be that you got an error during demoting at >> the beginning, >> > then > >> uncheck the Global catalog on that DC and try again >> >> - check the DNS management console, that all entries from the machine >> are disappeared or delete them by hand if the machine is off the >> network for >> > ever > >> Best regards >> >> Meinolf Weber >> Disclaimer: This posting is provided "AS IS" with no warranties, and > confers > >> no rights. >> ** Please do NOT email, only reply to Newsgroups >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm >>> Thanks for your reply. >>> >>>> Did you install DNS also on the new server and point all clients to >>>> use >>>> >>> it? >>> DNS is installed. After shutting down the old server I changed the >>> new >>> server to the old servers IP and rebooted. >>>> Did you configure the FORWARDERS in the DNS management console >>>> under the server properties? >>>> >>> I dont think so. I just "poked" around in the DNS console and cant >>> even find >>> these settings. >>> Is there a (easy) way to export the entire DNS setup from the old >>> server? >>>> Did you move all 5 FSMO roles to the new server? >>>> >>> I dont know what this means, so probably not. >>> >>>> Did you make the new DC Global catalog server? >>>> >>> Yes >>> >>> help... I'm over my head >>> >>> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message >>> news:ff16fb6666398cae0e32ae8ece8@msnews.microsoft.com... >>> >>>> Hello Paul, >>>> >>>> Did you install DNS also on the new server and point all clients to >>>> use >>>> >>> it? >>> >>>> Did you configure the FORWARDERS in the DNS management console >>>> under the server properties? >>>> >>>> Did you move all 5 FSMO roles to the new server? >>>> >>>> Did you make the new DC Global catalog server? >>>> >>>> Best regards >>>> >>>> Meinolf Weber >>>> Disclaimer: This posting is provided "AS IS" with no warranties, >>>> and >>> confers >>> >>>> no rights. >>>> ** Please do NOT email, only reply to Newsgroups >>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm >>>>> I am trying to migrate from an old W2K3 Active Directory domain >>>>> controller to a new one. Eventually I want to remove the old >>>>> server from the network. I have never done this before and it is a >>>>> little bit out of my league so I Googled, read and hopefully >>>>> followed several articles that I found, but am still getting some >>>>> errors logged. >>>>> >>>>> The list of AD users, computers etc replicated over to the new >>>>> server, but when I turn off the old one no one can log in and >>>>> there is no Internet access. I think both of these problems are >>>>> due to DNS (which I really understand about 1% of). There are no >>>>> errors in the DNS log though (just info that the service started). >>>>> >>>>> Most of the computers have fixed IPs so DHCP isn't really an >>>>> issue, but the DHCP service is also failing. >>>>> >>>>> I'm hoping from the log files someone can give me some specific >>>>> things to try as opposed to links to articles that are above my >>>>> understanding. >>>>> >>>>> Your help is much appreciated. >>>>> >>>>> System Log: >>>>> >>>>> Event ID 1059 >>>>> The DHCP service failed to see a directory server for >>>>> authorization. >>>>> Directory Service Log: >>>>> Event ID 2088 >>>>> Active Directory could not use DNS to resolve the IP address of >>>>> the >>>>> source >>>>> domain controller listed below. To maintain the consistency of >>>>> Security >>>>> groups, group policy, users and computers and their passwords, >>>>> Active >>>>> Directory successfully replicated using the NetBIOS or fully >>>>> qualified >>>>> computer name of the source domain controller. >>>>> Invalid DNS configuration may be affecting other essential >>>>> operations >>>>> on >>>>> member computers, domain controllers or application servers in >>>>> this >>>>> Active >>>>> Directory forest, including logon authentication or access to >>>>> network >>>>> resources. >>>>> (I cut out the rest of the error, let me know if it would be >>>>> helpful >>>>> to post >>>>> the entire message) >>>>> Event ID 1586 >>>>> The Windows NT 4.0 or earlier replication checkpoint with the PDC >>>>> emulator >>>>> master was unsuccessful. >>>>> A full synchronization of the security accounts manager (SAM) >>>>> database >>>>> to domain controllers running Windows NT 4.0 and earlier might >>>>> take >>>>> place if the PDC emulator master role is transferred to the local >>>>> domain controller before the next successful checkpoint. >>>>> Application Log: >>>>> Event ID5 3258 >>>>> MS DTC could not correctly process a DC Promotion/Demotion event. >>>>> MS >>>>> DTC >>>>> will continue to function and will use the existing security >>>>> settings. >>>>> Error >>>>> Specifics: %1 >>>>> Event ID 53258 >>>>> MS DTC could not correctly process a DC Promotion/Demotion event. >>>>> MS >>>>> DTC >>>>> will continue to function and will use the existing security >>>>> settings. >>>>> Error >>>>> Specifics: d:\nt\com\complus\dtc\dtc\adme\uiname.cpp:9351, Pid: >>>>> 1160 >>>>> No Callstack, CmdLine: C:\WINDOWS\system32\msdtc.exe
Guest Paul Chow Posted September 18, 2008 Posted September 18, 2008 Re: Problems migrating AD PDC > Did you configure the FORWARDERS in the DNS management console under the > server properties? Yes. I deleted the DNS forwarders and re-entered them. I am now able to browse if I point the new serve to itself as the DNS server. I think this part is fixed. Thanks for pointing me in the right direction on this :-) :-) (or what ever a super happy face is!) > Did you move all 5 FSMO roles to the new server? No, when I try I get "The transfer of the operations master role cannot be performed because the requested FSMO operation failed. The current FSMO holder could not be contacted" > Did you make the new DC Global catalog server? Yes Old Server: Windows IP Configuration Host Name . . . . . . . . . . . . : SERVER1 Primary Dns Suffix . . . . . . . : ars.local Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : Yes WINS Proxy Enabled. . . . . . . . : Yes DNS Suffix Search List. . . . . . : ars.local Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel® PRO/1000 XT Network Connection Physical Address. . . . . . . . . : 00-0D-56-FD-47-D9 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.0.1 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.254 DNS Servers . . . . . . . . . . . : 192.168.0.1 New Server: Windows IP Configuration Host Name . . . . . . . . . . . . : new-server Primary Dns Suffix . . . . . . . : ars.local Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : ars.local Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet Physical Address. . . . . . . . . : 00-1D-09-FF-97-24 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.0.185 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.254 DNS Servers . . . . . . . . . . . : 192.168.0.1 "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message news:ff16fb6676fb8cae77e58e6f198@msnews.microsoft.com... > Hello Paul, > > Please post an unedited ipconfig /all from both DC's. > > Did you configure the FORWARDERS in the DNS management console under the > server properties? > > Did you move all 5 FSMO roles to the new server? > > Did you make the new DC Global catalog server? > > > > Best regards > > Meinolf Weber > Disclaimer: This posting is provided "AS IS" with no warranties, and confers > no rights. > ** Please do NOT email, only reply to Newsgroups > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > > > > So I have been going through your list. I still have not been able to > > get rid of any of the original errors that I posted. > > > > When I try to Transfer FSMO roles (change operations master, change > > schema master, etc.) I get the following: "The transfer of the > > operations master role cannot be performed because the requested FSMO > > operation failed. The current FSMO holder could not be contacted" > > > > As I stated in an earlier post I know that there are DNS issues. > > 1. From the event logs > > 2. If I take the old server offline and point a workstation DNS > > setting to > > the new server I cant browse. > > I am sure that all of these issues are related, but not sure how to > > correct. > > > > I have no idea what to do next > > > > <Meinolf Weber> wrote in message > > news:ff16fb6666c48cae132945ad0f4@msnews.microsoft.com... > >> Hello Paul, > >> > >> Check this list for the steps you have done or not, if not do it now > >> and leave the old DC still up and running during the time: > >> > >> - On the old server open DNS management console and check that you > >> are > >> > > running > > > >> Active directory integrated zone (easier for replication, if you have > >> more then one DNS server) > >> > >> - run replmon, dcdiag and netdiag on the old machine to check for > >> errors, if you have some post the complete output from the command > >> here or solve them first > >> > >> - run adprep /forestprep and adprep /domainprep from the 2003 > >> installation disk against the 2000 server, with an account that is > >> member of the Schema admins, to upgrade the schema to the new version > >> > >> - Install the new machine as a member server in your existing domain > >> > >> - configure a fixed ip and set the preferred DNS server to the old > >> DNS > >> > > server > > > >> only > >> > >> - run dcpromo and follow the wizard to add the 2003 server to an > >> existing domain > >> > >> - if you are prompted for DNS configuration choose Yes (also possible > >> that no DNS preparation occur), then install DNS after the reboot > >> > >> - for DNS give the server time for replication, at least 15 minutes. > >> > > Because > > > >> you use Active directory integrated zones it will automatically > >> replicate the zones to the new server. Open DNS management console to > >> check that > >> > > they > > > >> appear > >> > >> - if the new machine is domain controller and DNS server run again > >> > > replmon, > > > >> dcdiag and netdiag on both domain controllers > >> > >> - if you have no errors, make the new server Global catalog server, > >> open Active directory Sites and Services and then double-click > >> sitename, > >> > > double-click > > > >> Servers, click your domain controller, right-click NTDS Settings, and > >> then click Properties, on the General tab, click to select the Global > >> catalog check box (http://support.microsoft.com/?id=313994) > >> > >> - Transfer, NOT seize the 5 FSMO roles to the new Domain controller > >> > > (http://support.microsoft.com/kb/324801) > > > >> - you can see in the event viewer (Directory service) that the roles > >> are transferred, also give it some time > >> > >> - reconfigure the DNS configuration on your NIC of the 2003 server, > >> > > preferred > > > >> DNS itself, secondary the old one > >> > >> - if you use DHCP do not forget to reconfigure the scope settings to > >> point to the new installed DNS server > >> > >> - export and import of DHCP database (if needed) > >> > > http://support.microsoft.com/kb/325473 > > > >> Demoting > >> > >> - reconfigure your clients/servers that they not longer point to the > >> old DC/DNS server on the NIC > >> > >> - to be sure that everything runs fine, disconnect the old DC from > >> the > >> > > network > > > >> and check with clients and servers the connectivity, logon and also > >> with one client a restart to see that everything is ok > >> > >> - then run dcpromo to demote the old DC, if it works fine the machine > >> will move from the DC's OU to the computers container, where you can > >> delete it by hand. Can be that you got an error during demoting at > >> the beginning, > >> > > then > > > >> uncheck the Global catalog on that DC and try again > >> > >> - check the DNS management console, that all entries from the machine > >> are disappeared or delete them by hand if the machine is off the > >> network for > >> > > ever > > > >> Best regards > >> > >> Meinolf Weber > >> Disclaimer: This posting is provided "AS IS" with no warranties, and > > confers > > > >> no rights. > >> ** Please do NOT email, only reply to Newsgroups > >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > >>> Thanks for your reply. > >>> > >>>> Did you install DNS also on the new server and point all clients to > >>>> use > >>>> > >>> it? > >>> DNS is installed. After shutting down the old server I changed the > >>> new > >>> server to the old servers IP and rebooted. > >>>> Did you configure the FORWARDERS in the DNS management console > >>>> under the server properties? > >>>> > >>> I dont think so. I just "poked" around in the DNS console and cant > >>> even find > >>> these settings. > >>> Is there a (easy) way to export the entire DNS setup from the old > >>> server? > >>>> Did you move all 5 FSMO roles to the new server? > >>>> > >>> I dont know what this means, so probably not. > >>> > >>>> Did you make the new DC Global catalog server? > >>>> > >>> Yes > >>> > >>> help... I'm over my head > >>> > >>> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message > >>> news:ff16fb6666398cae0e32ae8ece8@msnews.microsoft.com... > >>> > >>>> Hello Paul, > >>>> > >>>> Did you install DNS also on the new server and point all clients to > >>>> use > >>>> > >>> it? > >>> > >>>> Did you configure the FORWARDERS in the DNS management console > >>>> under the server properties? > >>>> > >>>> Did you move all 5 FSMO roles to the new server? > >>>> > >>>> Did you make the new DC Global catalog server? > >>>> > >>>> Best regards > >>>> > >>>> Meinolf Weber > >>>> Disclaimer: This posting is provided "AS IS" with no warranties, > >>>> and > >>> confers > >>> > >>>> no rights. > >>>> ** Please do NOT email, only reply to Newsgroups > >>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > >>>>> I am trying to migrate from an old W2K3 Active Directory domain > >>>>> controller to a new one. Eventually I want to remove the old > >>>>> server from the network. I have never done this before and it is a > >>>>> little bit out of my league so I Googled, read and hopefully > >>>>> followed several articles that I found, but am still getting some > >>>>> errors logged. > >>>>> > >>>>> The list of AD users, computers etc replicated over to the new > >>>>> server, but when I turn off the old one no one can log in and > >>>>> there is no Internet access. I think both of these problems are > >>>>> due to DNS (which I really understand about 1% of). There are no > >>>>> errors in the DNS log though (just info that the service started). > >>>>> > >>>>> Most of the computers have fixed IPs so DHCP isn't really an > >>>>> issue, but the DHCP service is also failing. > >>>>> > >>>>> I'm hoping from the log files someone can give me some specific > >>>>> things to try as opposed to links to articles that are above my > >>>>> understanding. > >>>>> > >>>>> Your help is much appreciated. > >>>>> > >>>>> System Log: > >>>>> > >>>>> Event ID 1059 > >>>>> The DHCP service failed to see a directory server for > >>>>> authorization. > >>>>> Directory Service Log: > >>>>> Event ID 2088 > >>>>> Active Directory could not use DNS to resolve the IP address of > >>>>> the > >>>>> source > >>>>> domain controller listed below. To maintain the consistency of > >>>>> Security > >>>>> groups, group policy, users and computers and their passwords, > >>>>> Active > >>>>> Directory successfully replicated using the NetBIOS or fully > >>>>> qualified > >>>>> computer name of the source domain controller. > >>>>> Invalid DNS configuration may be affecting other essential > >>>>> operations > >>>>> on > >>>>> member computers, domain controllers or application servers in > >>>>> this > >>>>> Active > >>>>> Directory forest, including logon authentication or access to > >>>>> network > >>>>> resources. > >>>>> (I cut out the rest of the error, let me know if it would be > >>>>> helpful > >>>>> to post > >>>>> the entire message) > >>>>> Event ID 1586 > >>>>> The Windows NT 4.0 or earlier replication checkpoint with the PDC > >>>>> emulator > >>>>> master was unsuccessful. > >>>>> A full synchronization of the security accounts manager (SAM) > >>>>> database > >>>>> to domain controllers running Windows NT 4.0 and earlier might > >>>>> take > >>>>> place if the PDC emulator master role is transferred to the local > >>>>> domain controller before the next successful checkpoint. > >>>>> Application Log: > >>>>> Event ID5 3258 > >>>>> MS DTC could not correctly process a DC Promotion/Demotion event. > >>>>> MS > >>>>> DTC > >>>>> will continue to function and will use the existing security > >>>>> settings. > >>>>> Error > >>>>> Specifics: %1 > >>>>> Event ID 53258 > >>>>> MS DTC could not correctly process a DC Promotion/Demotion event. > >>>>> MS > >>>>> DTC > >>>>> will continue to function and will use the existing security > >>>>> settings. > >>>>> Error > >>>>> Specifics: d:\nt\com\complus\dtc\dtc\adme\uiname.cpp:9351, Pid: > >>>>> 1160 > >>>>> No Callstack, CmdLine: C:\WINDOWS\system32\msdtc.exe > >
Guest Meinolf Weber Posted September 18, 2008 Posted September 18, 2008 Re: Problems migrating AD PDC Hello Paul, For the DNS settings choose also the other DC as secondary on the NIC. Also post the output in command window from "netdom query fsmo" without the quotes. Then run repadmin /showrepl and post the output also. Run dcdiag and netdiag on both DC's and if you get errors post also the complete output. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm >> Did you configure the FORWARDERS in the DNS management console under >> the server properties? >> > Yes. I deleted the DNS forwarders and re-entered them. I am now able > to browse if I point the new serve to itself as the DNS server. I > think this part is fixed. Thanks for pointing me in the right > direction on this :-) :-) (or what ever a super happy face is!) > >> Did you move all 5 FSMO roles to the new server? >> > No, when I try I get "The transfer of the operations master role > cannot be > performed because the requested FSMO > operation failed. The current FSMO holder could not be contacted" >> Did you make the new DC Global catalog server? >> > Yes > > Old Server: > Windows IP Configuration > Host Name . . . . . . . . . . . . : SERVER1 > Primary Dns Suffix . . . . . . . : ars.local > Node Type . . . . . . . . . . . . : Unknown > IP Routing Enabled. . . . . . . . : Yes > WINS Proxy Enabled. . . . . . . . : Yes > DNS Suffix Search List. . . . . . : ars.local > Ethernet adapter Local Area Connection: > > Connection-specific DNS Suffix . : > Description . . . . . . . . . . . : Intel® PRO/1000 XT Network > Connection > Physical Address. . . . . . . . . : 00-0D-56-FD-47-D9 > DHCP Enabled. . . . . . . . . . . : No > IP Address. . . . . . . . . . . . : 192.168.0.1 > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > Default Gateway . . . . . . . . . : 192.168.0.254 > DNS Servers . . . . . . . . . . . : 192.168.0.1 > New Server: > Windows IP Configuration > Host Name . . . . . . . . . . . . : new-server > Primary Dns Suffix . . . . . . . : ars.local > Node Type . . . . . . . . . . . . : Unknown > IP Routing Enabled. . . . . . . . : No > WINS Proxy Enabled. . . . . . . . : No > DNS Suffix Search List. . . . . . : ars.local > Ethernet adapter Local Area Connection: > > Connection-specific DNS Suffix . : > Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit > Ethernet > Physical Address. . . . . . . . . : 00-1D-09-FF-97-24 > DHCP Enabled. . . . . . . . . . . : No > IP Address. . . . . . . . . . . . : 192.168.0.185 > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > Default Gateway . . . . . . . . . : 192.168.0.254 > DNS Servers . . . . . . . . . . . : 192.168.0.1 > "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message > news:ff16fb6676fb8cae77e58e6f198@msnews.microsoft.com... > >> Hello Paul, >> >> Please post an unedited ipconfig /all from both DC's. >> >> Did you configure the FORWARDERS in the DNS management console under >> the server properties? >> >> Did you move all 5 FSMO roles to the new server? >> >> Did you make the new DC Global catalog server? >> >> Best regards >> >> Meinolf Weber >> Disclaimer: This posting is provided "AS IS" with no warranties, and > confers > >> no rights. >> ** Please do NOT email, only reply to Newsgroups >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm >>> So I have been going through your list. I still have not been able >>> to get rid of any of the original errors that I posted. >>> >>> When I try to Transfer FSMO roles (change operations master, change >>> schema master, etc.) I get the following: "The transfer of the >>> operations master role cannot be performed because the requested >>> FSMO operation failed. The current FSMO holder could not be >>> contacted" >>> >>> As I stated in an earlier post I know that there are DNS issues. >>> 1. From the event logs >>> 2. If I take the old server offline and point a workstation DNS >>> setting to >>> the new server I cant browse. >>> I am sure that all of these issues are related, but not sure how to >>> correct. >>> I have no idea what to do next >>> >>> <Meinolf Weber> wrote in message >>> news:ff16fb6666c48cae132945ad0f4@msnews.microsoft.com... >>>> Hello Paul, >>>> >>>> Check this list for the steps you have done or not, if not do it >>>> now and leave the old DC still up and running during the time: >>>> >>>> - On the old server open DNS management console and check that you >>>> are >>>> >>> running >>> >>>> Active directory integrated zone (easier for replication, if you >>>> have more then one DNS server) >>>> >>>> - run replmon, dcdiag and netdiag on the old machine to check for >>>> errors, if you have some post the complete output from the command >>>> here or solve them first >>>> >>>> - run adprep /forestprep and adprep /domainprep from the 2003 >>>> installation disk against the 2000 server, with an account that is >>>> member of the Schema admins, to upgrade the schema to the new >>>> version >>>> >>>> - Install the new machine as a member server in your existing >>>> domain >>>> >>>> - configure a fixed ip and set the preferred DNS server to the old >>>> DNS >>>> >>> server >>> >>>> only >>>> >>>> - run dcpromo and follow the wizard to add the 2003 server to an >>>> existing domain >>>> >>>> - if you are prompted for DNS configuration choose Yes (also >>>> possible that no DNS preparation occur), then install DNS after the >>>> reboot >>>> >>>> - for DNS give the server time for replication, at least 15 >>>> minutes. >>>> >>> Because >>> >>>> you use Active directory integrated zones it will automatically >>>> replicate the zones to the new server. Open DNS management console >>>> to check that >>>> >>> they >>> >>>> appear >>>> >>>> - if the new machine is domain controller and DNS server run again >>>> >>> replmon, >>> >>>> dcdiag and netdiag on both domain controllers >>>> >>>> - if you have no errors, make the new server Global catalog server, >>>> open Active directory Sites and Services and then double-click >>>> sitename, >>>> >>> double-click >>> >>>> Servers, click your domain controller, right-click NTDS Settings, >>>> and then click Properties, on the General tab, click to select the >>>> Global catalog check box (http://support.microsoft.com/?id=313994) >>>> >>>> - Transfer, NOT seize the 5 FSMO roles to the new Domain controller >>>> >>> (http://support.microsoft.com/kb/324801) >>> >>>> - you can see in the event viewer (Directory service) that the >>>> roles are transferred, also give it some time >>>> >>>> - reconfigure the DNS configuration on your NIC of the 2003 server, >>>> >>> preferred >>> >>>> DNS itself, secondary the old one >>>> >>>> - if you use DHCP do not forget to reconfigure the scope settings >>>> to point to the new installed DNS server >>>> >>>> - export and import of DHCP database (if needed) >>>> >>> http://support.microsoft.com/kb/325473 >>> >>>> Demoting >>>> >>>> - reconfigure your clients/servers that they not longer point to >>>> the old DC/DNS server on the NIC >>>> >>>> - to be sure that everything runs fine, disconnect the old DC from >>>> the >>>> >>> network >>> >>>> and check with clients and servers the connectivity, logon and also >>>> with one client a restart to see that everything is ok >>>> >>>> - then run dcpromo to demote the old DC, if it works fine the >>>> machine will move from the DC's OU to the computers container, >>>> where you can delete it by hand. Can be that you got an error >>>> during demoting at the beginning, >>>> >>> then >>> >>>> uncheck the Global catalog on that DC and try again >>>> >>>> - check the DNS management console, that all entries from the >>>> machine are disappeared or delete them by hand if the machine is >>>> off the network for >>>> >>> ever >>> >>>> Best regards >>>> >>>> Meinolf Weber >>>> Disclaimer: This posting is provided "AS IS" with no warranties, >>>> and >>> confers >>> >>>> no rights. >>>> ** Please do NOT email, only reply to Newsgroups >>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm >>>>> Thanks for your reply. >>>>> >>>>>> Did you install DNS also on the new server and point all clients >>>>>> to use >>>>>> >>>>> it? >>>>> DNS is installed. After shutting down the old server I changed the >>>>> new >>>>> server to the old servers IP and rebooted. >>>>>> Did you configure the FORWARDERS in the DNS management console >>>>>> under the server properties? >>>>>> >>>>> I dont think so. I just "poked" around in the DNS console and cant >>>>> even find >>>>> these settings. >>>>> Is there a (easy) way to export the entire DNS setup from the old >>>>> server? >>>>>> Did you move all 5 FSMO roles to the new server? >>>>>> >>>>> I dont know what this means, so probably not. >>>>> >>>>>> Did you make the new DC Global catalog server? >>>>>> >>>>> Yes >>>>> >>>>> help... I'm over my head >>>>> >>>>> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message >>>>> news:ff16fb6666398cae0e32ae8ece8@msnews.microsoft.com... >>>>> >>>>>> Hello Paul, >>>>>> >>>>>> Did you install DNS also on the new server and point all clients >>>>>> to use >>>>>> >>>>> it? >>>>> >>>>>> Did you configure the FORWARDERS in the DNS management console >>>>>> under the server properties? >>>>>> >>>>>> Did you move all 5 FSMO roles to the new server? >>>>>> >>>>>> Did you make the new DC Global catalog server? >>>>>> >>>>>> Best regards >>>>>> >>>>>> Meinolf Weber >>>>>> Disclaimer: This posting is provided "AS IS" with no warranties, >>>>>> and >>>>> confers >>>>> >>>>>> no rights. >>>>>> ** Please do NOT email, only reply to Newsgroups >>>>>> ** HELP us help YOU!!! >>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm >>>>>>> I am trying to migrate from an old W2K3 Active Directory domain >>>>>>> controller to a new one. Eventually I want to remove the old >>>>>>> server from the network. I have never done this before and it is >>>>>>> a little bit out of my league so I Googled, read and hopefully >>>>>>> followed several articles that I found, but am still getting >>>>>>> some errors logged. >>>>>>> >>>>>>> The list of AD users, computers etc replicated over to the new >>>>>>> server, but when I turn off the old one no one can log in and >>>>>>> there is no Internet access. I think both of these problems are >>>>>>> due to DNS (which I really understand about 1% of). There are no >>>>>>> errors in the DNS log though (just info that the service >>>>>>> started). >>>>>>> >>>>>>> Most of the computers have fixed IPs so DHCP isn't really an >>>>>>> issue, but the DHCP service is also failing. >>>>>>> >>>>>>> I'm hoping from the log files someone can give me some specific >>>>>>> things to try as opposed to links to articles that are above my >>>>>>> understanding. >>>>>>> >>>>>>> Your help is much appreciated. >>>>>>> >>>>>>> System Log: >>>>>>> >>>>>>> Event ID 1059 >>>>>>> The DHCP service failed to see a directory server for >>>>>>> authorization. >>>>>>> Directory Service Log: >>>>>>> Event ID 2088 >>>>>>> Active Directory could not use DNS to resolve the IP address of >>>>>>> the >>>>>>> source >>>>>>> domain controller listed below. To maintain the consistency of >>>>>>> Security >>>>>>> groups, group policy, users and computers and their passwords, >>>>>>> Active >>>>>>> Directory successfully replicated using the NetBIOS or fully >>>>>>> qualified >>>>>>> computer name of the source domain controller. >>>>>>> Invalid DNS configuration may be affecting other essential >>>>>>> operations >>>>>>> on >>>>>>> member computers, domain controllers or application servers in >>>>>>> this >>>>>>> Active >>>>>>> Directory forest, including logon authentication or access to >>>>>>> network >>>>>>> resources. >>>>>>> (I cut out the rest of the error, let me know if it would be >>>>>>> helpful >>>>>>> to post >>>>>>> the entire message) >>>>>>> Event ID 1586 >>>>>>> The Windows NT 4.0 or earlier replication checkpoint with the >>>>>>> PDC >>>>>>> emulator >>>>>>> master was unsuccessful. >>>>>>> A full synchronization of the security accounts manager (SAM) >>>>>>> database >>>>>>> to domain controllers running Windows NT 4.0 and earlier might >>>>>>> take >>>>>>> place if the PDC emulator master role is transferred to the >>>>>>> local >>>>>>> domain controller before the next successful checkpoint. >>>>>>> Application Log: >>>>>>> Event ID5 3258 >>>>>>> MS DTC could not correctly process a DC Promotion/Demotion >>>>>>> event. >>>>>>> MS >>>>>>> DTC >>>>>>> will continue to function and will use the existing security >>>>>>> settings. >>>>>>> Error >>>>>>> Specifics: %1 >>>>>>> Event ID 53258 >>>>>>> MS DTC could not correctly process a DC Promotion/Demotion >>>>>>> event. >>>>>>> MS >>>>>>> DTC >>>>>>> will continue to function and will use the existing security >>>>>>> settings. >>>>>>> Error >>>>>>> Specifics: d:\nt\com\complus\dtc\dtc\adme\uiname.cpp:9351, Pid: >>>>>>> 1160 >>>>>>> No Callstack, CmdLine: C:\WINDOWS\system32\msdtc.exe
Guest Jack B. Pollack Posted September 19, 2008 Posted September 19, 2008 Re: Problems migrating AD PDC I really appreciate all your help. Here are the outputs: Server1 is Old Server New-Server is new server netdom query fsmo: Schema owner SERVER1.ars.local Domain role owner SERVER1.ars.local PDC role new-server.ars.local RID pool manager SERVER1.ars.local Infrastructure owner SERVER1.ars.local The command completed successfully. repadmin running command /showrepl against server localhost Default-First-Site-Name\NEW-SERVER DC Options: IS_GC Site Options: (none) DC object GUID: bbd5e31c-ceaf-4c89-bbaf-be1245dbf679 DC invocationID: 56399df1-ebe1-4dd1-817a-fb046fcab5b8 ==== INBOUND NEIGHBORS ====================================== DC=ars,DC=local Default-First-Site-Name\SERVER1 via RPC DC object GUID: c834486a-c689-4f82-a4ec-85e81937e0f7 Last attempt @ 2008-09-18 20:58:20 was successful. CN=Configuration,DC=ars,DC=local Default-First-Site-Name\SERVER1 via RPC DC object GUID: c834486a-c689-4f82-a4ec-85e81937e0f7 Last attempt @ 2008-09-18 21:33:32 was successful. CN=Schema,CN=Configuration,DC=ars,DC=local Default-First-Site-Name\SERVER1 via RPC DC object GUID: c834486a-c689-4f82-a4ec-85e81937e0f7 Last attempt @ 2008-09-18 20:58:20 was successful. DC=ForestDnsZones,DC=ars,DC=local Default-First-Site-Name\SERVER1 via RPC DC object GUID: c834486a-c689-4f82-a4ec-85e81937e0f7 Last attempt @ 2008-09-18 20:58:20 was successful. DC=DomainDnsZones,DC=ars,DC=local Default-First-Site-Name\SERVER1 via RPC DC object GUID: c834486a-c689-4f82-a4ec-85e81937e0f7 Last attempt @ 2008-09-18 21:29:30 was successful. **************************************************************** DCDIAG on new server: Domain Controller Diagnosis Performing initial setup: Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\NEW-SERVER Starting test: Connectivity ......................... NEW-SERVER passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\NEW-SERVER Starting test: Replications [sERVER1] DsBindWithSpnEx() failed with error 1722, The RPC server is unavailable.. ......................... NEW-SERVER passed test Replications Starting test: NCSecDesc ......................... NEW-SERVER passed test NCSecDesc Starting test: NetLogons ......................... NEW-SERVER passed test NetLogons Starting test: Advertising ......................... NEW-SERVER passed test Advertising Starting test: KnowsOfRoleHolders Warning: SERVER1 is the Schema Owner, but is not responding to DS RPC B ind. [sERVER1] LDAP search failed with error 58, The specified server cannot perform the requested operation.. Warning: SERVER1 is the Schema Owner, but is not responding to LDAP Bin d. Warning: SERVER1 is the Domain Owner, but is not responding to DS RPC B ind. Warning: SERVER1 is the Domain Owner, but is not responding to LDAP Bin d. Warning: SERVER1 is the Rid Owner, but is not responding to DS RPC Bind .. Warning: SERVER1 is the Rid Owner, but is not responding to LDAP Bind. Warning: SERVER1 is the Infrastructure Update Owner, but is not respond ing to DS RPC Bind. Warning: SERVER1 is the Infrastructure Update Owner, but is not respond ing to LDAP Bind. ......................... NEW-SERVER failed test KnowsOfRoleHolders Starting test: RidManager ......................... NEW-SERVER failed test RidManager Starting test: MachineAccount ......................... NEW-SERVER passed test MachineAccount Starting test: Services ......................... NEW-SERVER passed test Services Starting test: ObjectsReplicated ......................... NEW-SERVER passed test ObjectsReplicated Starting test: frssysvol ......................... NEW-SERVER passed test frssysvol Starting test: frsevent ......................... NEW-SERVER passed test frsevent Starting test: kccevent ......................... NEW-SERVER passed test kccevent Starting test: systemlog An Error Event occured. EventID: 0xC00010E1 Time Generated: 09/18/2008 20:58:22 (Event String could not be retrieved) An Error Event occured. EventID: 0x0000166D Time Generated: 09/18/2008 20:58:22 Event String: Netlogon could not register the ARS<1B> name An Error Event occured. EventID: 0xC00010E1 Time Generated: 09/18/2008 21:13:22 (Event String could not be retrieved) An Error Event occured. EventID: 0xC00010E1 Time Generated: 09/18/2008 21:28:22 (Event String could not be retrieved) An Error Event occured. EventID: 0xC00010E1 Time Generated: 09/18/2008 21:43:22 (Event String could not be retrieved) ......................... NEW-SERVER failed test systemlog Starting test: VerifyReferences ......................... NEW-SERVER passed test VerifyReferences Running partition tests on : DomainDnsZones Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Running partition tests on : ForestDnsZones Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Running partition tests on : Schema Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Running partition tests on : Configuration Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Running partition tests on : ARS Starting test: CrossRefValidation ......................... ARS passed test CrossRefValidation Starting test: CheckSDRefDom ......................... ARS passed test CheckSDRefDom Running enterprise tests on : ARS.local Starting test: Intersite ......................... ARS.local passed test Intersite Starting test: FsmoCheck Error: The server returned by DsGetDcName() did not match DsListRoles() for the PDC ......................... ARS.local passed test FsmoCheck ********************************************************************** DCDIAG on Old Server: Domain Controller Diagnosis Performing initial setup: Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\SERVER1 Starting test: Connectivity The host c834486a-c689-4f82-a4ec-85e81937e0f7._msdcs.ars.local coul d not be resolved to an IP address. Check the DNS server, DHCP, server name, etc Although the Guid DNS name (c834486a-c689-4f82-a4ec-85e81937e0f7._msdcs.ars.local) couldn't be resolved, the server name (SERVER1.ars.local) resolved to the IP address (192.168.0.1) and was pingable. Check that the IP address is registered correctly with the DNS server. ......................... SERVER1 failed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\SERVER1 Skipping all tests, because server SERVER1 is not responding to directory service requests Running partition tests on : ForestDnsZones Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Running partition tests on : DomainDnsZones Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Running partition tests on : Schema Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Running partition tests on : Configuration Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Running partition tests on : ars Starting test: CrossRefValidation ......................... ars passed test CrossRefValidation Starting test: CheckSDRefDom ......................... ars passed test CheckSDRefDom Running enterprise tests on : ars.local Starting test: Intersite ......................... ars.local passed test Intersite Starting test: FsmoCheck Error: The server returned by DsGetDcName() did not match DsListRoles() for the PDC ......................... ars.local passed test FsmoCheck ************************************************************************ NETDIAG ON NEW SERVER: Computer Name: NEW-SERVER DNS Host Name: new-server.ars.local System info : Microsoft Windows Server 2003 (Build 3790) Processor : x86 Family 6 Model 15 Stepping 13, GenuineIntel List of installed hotfixes : Q147222 Netcard queries test . . . . . . . : Passed Per interface results: Adapter : Local Area Connection Netcard queries test . . . : Passed Host Name. . . . . . . . . : new-server IP Address . . . . . . . . : 192.168.0.185 Subnet Mask. . . . . . . . : 255.255.255.0 Default Gateway. . . . . . : 192.168.0.254 Dns Servers. . . . . . . . : 192.168.0.1 192.168.0.185 AutoConfiguration results. . . . . . : Passed Default gateway test . . . : Passed NetBT name test. . . . . . : Passed [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge r Service', <20> 'WINS' names is missing. WINS service test. . . . . : Skipped There are no WINS servers configured for this interface. Global results: Domain membership test . . . . . . : Passed NetBT transports test. . . . . . . : Passed List of NetBt transports currently configured: NetBT_Tcpip_{1564DF95-1390-4C84-8E00-D154F9AED25D} 1 NetBt transport currently configured. Autonet address test . . . . . . . : Passed IP loopback ping test. . . . . . . : Passed Default gateway test . . . . . . . : Passed NetBT name test. . . . . . . . . . : Passed [WARNING] You don't have a single interface with the <00> 'WorkStation Servi ce', <03> 'Messenger Service', <20> 'WINS' names defined. Winsock test . . . . . . . . . . . : Passed DNS test . . . . . . . . . . . . . : Failed [WARNING] The DNS entries for this DC are not registered correctly on DNS se rver '192.168.0.1'. Please wait for 30 minutes for DNS server replication. [WARNING] The DNS entries for this DC are not registered correctly on DNS se rver '192.168.0.185'. Please wait for 30 minutes for DNS server replication. [FATAL] No DNS servers have the DNS records for this DC registered. Redir and Browser test . . . . . . : Passed List of NetBt transports currently bound to the Redir NetBT_Tcpip_{1564DF95-1390-4C84-8E00-D154F9AED25D} The redir is bound to 1 NetBt transport. List of NetBt transports currently bound to the browser NetBT_Tcpip_{1564DF95-1390-4C84-8E00-D154F9AED25D} The browser is bound to 1 NetBt transport. DC discovery test. . . . . . . . . : Passed DC list test . . . . . . . . . . . : Passed Trust relationship test. . . . . . : Skipped Kerberos test. . . . . . . . . . . : Passed LDAP test. . . . . . . . . . . . . : Passed Bindings test. . . . . . . . . . . : Passed WAN configuration test . . . . . . : Skipped No active remote access connections. Modem diagnostics test . . . . . . : Passed IP Security test . . . . . . . . . : Skipped Note: run "netsh ipsec dynamic show /?" for more detailed information **************************************************************************** ** NETDIAG ON OLD SERVER: Computer Name: SERVER1 DNS Host Name: SERVER1.ars.local System info : Microsoft Windows Server 2003 (Build 3790) Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel Netcard queries test . . . . . . . : Failed GetStats failed for 'Intel® PRO/1000 XT Network Connection'. [ERROR_INVALI D_FUNCTION] [FATAL] - None of the netcard drivers provided satisfactory results. Per interface results: Adapter : Local Area Connection Netcard queries test . . . : Failed NetCard Status: UNKNOWN Host Name. . . . . . . . . : SERVER1 IP Address . . . . . . . . : 192.168.0.1 Subnet Mask. . . . . . . . : 255.255.255.0 Default Gateway. . . . . . : 192.168.0.254 Dns Servers. . . . . . . . : 192.168.0.1 192.168.0.185 AutoConfiguration results. . . . . . : Passed Default gateway test . . . : Passed NetBT name test. . . . . . : Passed [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge r Service', <20> 'WINS' names is missing. No remote names have been found. WINS service test. . . . . : Skipped There are no WINS servers configured for this interface. Global results: Domain membership test . . . . . . : Passed NetBT transports test. . . . . . . : Passed List of NetBt transports currently configured: NetBT_Tcpip_{E4FF46BE-FF6F-4E97-8825-A3B494203996} 1 NetBt transport currently configured. Autonet address test . . . . . . . : Passed IP loopback ping test. . . . . . . : Passed Default gateway test . . . . . . . : Passed NetBT name test. . . . . . . . . . : Passed [WARNING] You don't have a single interface with the <00> 'WorkStation Servi ce', <03> 'Messenger Service', <20> 'WINS' names defined. Winsock test . . . . . . . . . . . : Passed DNS test . . . . . . . . . . . . . : Failed [WARNING] The DNS entries for this DC are not registered correctly on DNS se rver '192.168.0.1'. Please wait for 30 minutes for DNS server replication. [WARNING] The DNS entries for this DC are not registered correctly on DNS se rver '192.168.0.185'. Please wait for 30 minutes for DNS server replication. [FATAL] No DNS servers have the DNS records for this DC registered. Redir and Browser test . . . . . . : Passed List of NetBt transports currently bound to the Redir NetBT_Tcpip_{E4FF46BE-FF6F-4E97-8825-A3B494203996} The redir is bound to 1 NetBt transport. List of NetBt transports currently bound to the browser NetBT_Tcpip_{E4FF46BE-FF6F-4E97-8825-A3B494203996} The browser is bound to 1 NetBt transport. DC discovery test. . . . . . . . . : Passed DC list test . . . . . . . . . . . : Passed Trust relationship test. . . . . . : Skipped Kerberos test. . . . . . . . . . . : Passed LDAP test. . . . . . . . . . . . . : Passed Bindings test. . . . . . . . . . . : Passed WAN configuration test . . . . . . : Skipped No active remote access connections. Modem diagnostics test . . . . . . : Passed IP Security test . . . . . . . . . : Skipped ************************************************************************** Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message news:ff16fb6678608cae7efe2fb2d9d@msnews.microsoft.com... > Hello Paul, > > For the DNS settings choose also the other DC as secondary on the NIC. Also > post the output in command window from "netdom query fsmo" without the quotes. > Then run repadmin /showrepl and post the output also. Run dcdiag and netdiag > on both DC's and if you get errors post also the complete output. > > Best regards > > Meinolf Weber > Disclaimer: This posting is provided "AS IS" with no warranties, and confers > no rights. > ** Please do NOT email, only reply to Newsgroups > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > > > >> Did you configure the FORWARDERS in the DNS management console under > >> the server properties? > >> > > Yes. I deleted the DNS forwarders and re-entered them. I am now able > > to browse if I point the new serve to itself as the DNS server. I > > think this part is fixed. Thanks for pointing me in the right > > direction on this :-) :-) (or what ever a super happy face is!) > > > >> Did you move all 5 FSMO roles to the new server? > >> > > No, when I try I get "The transfer of the operations master role > > cannot be > > performed because the requested FSMO > > operation failed. The current FSMO holder could not be contacted" > >> Did you make the new DC Global catalog server? > >> > > Yes > > > > Old Server: > > Windows IP Configuration > > Host Name . . . . . . . . . . . . : SERVER1 > > Primary Dns Suffix . . . . . . . : ars.local > > Node Type . . . . . . . . . . . . : Unknown > > IP Routing Enabled. . . . . . . . : Yes > > WINS Proxy Enabled. . . . . . . . : Yes > > DNS Suffix Search List. . . . . . : ars.local > > Ethernet adapter Local Area Connection: > > > > Connection-specific DNS Suffix . : > > Description . . . . . . . . . . . : Intel® PRO/1000 XT Network > > Connection > > Physical Address. . . . . . . . . : 00-0D-56-FD-47-D9 > > DHCP Enabled. . . . . . . . . . . : No > > IP Address. . . . . . . . . . . . : 192.168.0.1 > > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > > Default Gateway . . . . . . . . . : 192.168.0.254 > > DNS Servers . . . . . . . . . . . : 192.168.0.1 > > New Server: > > Windows IP Configuration > > Host Name . . . . . . . . . . . . : new-server > > Primary Dns Suffix . . . . . . . : ars.local > > Node Type . . . . . . . . . . . . : Unknown > > IP Routing Enabled. . . . . . . . : No > > WINS Proxy Enabled. . . . . . . . : No > > DNS Suffix Search List. . . . . . : ars.local > > Ethernet adapter Local Area Connection: > > > > Connection-specific DNS Suffix . : > > Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit > > Ethernet > > Physical Address. . . . . . . . . : 00-1D-09-FF-97-24 > > DHCP Enabled. . . . . . . . . . . : No > > IP Address. . . . . . . . . . . . : 192.168.0.185 > > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > > Default Gateway . . . . . . . . . : 192.168.0.254 > > DNS Servers . . . . . . . . . . . : 192.168.0.1 > > "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message > > news:ff16fb6676fb8cae77e58e6f198@msnews.microsoft.com... > > > >> Hello Paul, > >> > >> Please post an unedited ipconfig /all from both DC's. > >> > >> Did you configure the FORWARDERS in the DNS management console under > >> the server properties? > >> > >> Did you move all 5 FSMO roles to the new server? > >> > >> Did you make the new DC Global catalog server? > >> > >> Best regards > >> > >> Meinolf Weber > >> Disclaimer: This posting is provided "AS IS" with no warranties, and > > confers > > > >> no rights. > >> ** Please do NOT email, only reply to Newsgroups > >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > >>> So I have been going through your list. I still have not been able > >>> to get rid of any of the original errors that I posted. > >>> > >>> When I try to Transfer FSMO roles (change operations master, change > >>> schema master, etc.) I get the following: "The transfer of the > >>> operations master role cannot be performed because the requested > >>> FSMO operation failed. The current FSMO holder could not be > >>> contacted" > >>> > >>> As I stated in an earlier post I know that there are DNS issues. > >>> 1. From the event logs > >>> 2. If I take the old server offline and point a workstation DNS > >>> setting to > >>> the new server I cant browse. > >>> I am sure that all of these issues are related, but not sure how to > >>> correct. > >>> I have no idea what to do next > >>> > >>> <Meinolf Weber> wrote in message > >>> news:ff16fb6666c48cae132945ad0f4@msnews.microsoft.com... > >>>> Hello Paul, > >>>> > >>>> Check this list for the steps you have done or not, if not do it > >>>> now and leave the old DC still up and running during the time: > >>>> > >>>> - On the old server open DNS management console and check that you > >>>> are > >>>> > >>> running > >>> > >>>> Active directory integrated zone (easier for replication, if you > >>>> have more then one DNS server) > >>>> > >>>> - run replmon, dcdiag and netdiag on the old machine to check for > >>>> errors, if you have some post the complete output from the command > >>>> here or solve them first > >>>> > >>>> - run adprep /forestprep and adprep /domainprep from the 2003 > >>>> installation disk against the 2000 server, with an account that is > >>>> member of the Schema admins, to upgrade the schema to the new > >>>> version > >>>> > >>>> - Install the new machine as a member server in your existing > >>>> domain > >>>> > >>>> - configure a fixed ip and set the preferred DNS server to the old > >>>> DNS > >>>> > >>> server > >>> > >>>> only > >>>> > >>>> - run dcpromo and follow the wizard to add the 2003 server to an > >>>> existing domain > >>>> > >>>> - if you are prompted for DNS configuration choose Yes (also > >>>> possible that no DNS preparation occur), then install DNS after the > >>>> reboot > >>>> > >>>> - for DNS give the server time for replication, at least 15 > >>>> minutes. > >>>> > >>> Because > >>> > >>>> you use Active directory integrated zones it will automatically > >>>> replicate the zones to the new server. Open DNS management console > >>>> to check that > >>>> > >>> they > >>> > >>>> appear > >>>> > >>>> - if the new machine is domain controller and DNS server run again > >>>> > >>> replmon, > >>> > >>>> dcdiag and netdiag on both domain controllers > >>>> > >>>> - if you have no errors, make the new server Global catalog server, > >>>> open Active directory Sites and Services and then double-click > >>>> sitename, > >>>> > >>> double-click > >>> > >>>> Servers, click your domain controller, right-click NTDS Settings, > >>>> and then click Properties, on the General tab, click to select the > >>>> Global catalog check box (http://support.microsoft.com/?id=313994) > >>>> > >>>> - Transfer, NOT seize the 5 FSMO roles to the new Domain controller > >>>> > >>> (http://support.microsoft.com/kb/324801) > >>> > >>>> - you can see in the event viewer (Directory service) that the > >>>> roles are transferred, also give it some time > >>>> > >>>> - reconfigure the DNS configuration on your NIC of the 2003 server, > >>>> > >>> preferred > >>> > >>>> DNS itself, secondary the old one > >>>> > >>>> - if you use DHCP do not forget to reconfigure the scope settings > >>>> to point to the new installed DNS server > >>>> > >>>> - export and import of DHCP database (if needed) > >>>> > >>> http://support.microsoft.com/kb/325473 > >>> > >>>> Demoting > >>>> > >>>> - reconfigure your clients/servers that they not longer point to > >>>> the old DC/DNS server on the NIC > >>>> > >>>> - to be sure that everything runs fine, disconnect the old DC from > >>>> the > >>>> > >>> network > >>> > >>>> and check with clients and servers the connectivity, logon and also > >>>> with one client a restart to see that everything is ok > >>>> > >>>> - then run dcpromo to demote the old DC, if it works fine the > >>>> machine will move from the DC's OU to the computers container, > >>>> where you can delete it by hand. Can be that you got an error > >>>> during demoting at the beginning, > >>>> > >>> then > >>> > >>>> uncheck the Global catalog on that DC and try again > >>>> > >>>> - check the DNS management console, that all entries from the > >>>> machine are disappeared or delete them by hand if the machine is > >>>> off the network for > >>>> > >>> ever > >>> > >>>> Best regards > >>>> > >>>> Meinolf Weber > >>>> Disclaimer: This posting is provided "AS IS" with no warranties, > >>>> and > >>> confers > >>> > >>>> no rights. > >>>> ** Please do NOT email, only reply to Newsgroups > >>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > >>>>> Thanks for your reply. > >>>>> > >>>>>> Did you install DNS also on the new server and point all clients > >>>>>> to use > >>>>>> > >>>>> it? > >>>>> DNS is installed. After shutting down the old server I changed the > >>>>> new > >>>>> server to the old servers IP and rebooted. > >>>>>> Did you configure the FORWARDERS in the DNS management console > >>>>>> under the server properties? > >>>>>> > >>>>> I dont think so. I just "poked" around in the DNS console and cant > >>>>> even find > >>>>> these settings. > >>>>> Is there a (easy) way to export the entire DNS setup from the old > >>>>> server? > >>>>>> Did you move all 5 FSMO roles to the new server? > >>>>>> > >>>>> I dont know what this means, so probably not. > >>>>> > >>>>>> Did you make the new DC Global catalog server? > >>>>>> > >>>>> Yes > >>>>> > >>>>> help... I'm over my head > >>>>> > >>>>> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message > >>>>> news:ff16fb6666398cae0e32ae8ece8@msnews.microsoft.com... > >>>>> > >>>>>> Hello Paul, > >>>>>> > >>>>>> Did you install DNS also on the new server and point all clients > >>>>>> to use > >>>>>> > >>>>> it? > >>>>> > >>>>>> Did you configure the FORWARDERS in the DNS management console > >>>>>> under the server properties? > >>>>>> > >>>>>> Did you move all 5 FSMO roles to the new server? > >>>>>> > >>>>>> Did you make the new DC Global catalog server? > >>>>>> > >>>>>> Best regards > >>>>>> > >>>>>> Meinolf Weber > >>>>>> Disclaimer: This posting is provided "AS IS" with no warranties, > >>>>>> and > >>>>> confers > >>>>> > >>>>>> no rights. > >>>>>> ** Please do NOT email, only reply to Newsgroups > >>>>>> ** HELP us help YOU!!! > >>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm > >>>>>>> I am trying to migrate from an old W2K3 Active Directory domain > >>>>>>> controller to a new one. Eventually I want to remove the old > >>>>>>> server from the network. I have never done this before and it is > >>>>>>> a little bit out of my league so I Googled, read and hopefully > >>>>>>> followed several articles that I found, but am still getting > >>>>>>> some errors logged. > >>>>>>> > >>>>>>> The list of AD users, computers etc replicated over to the new > >>>>>>> server, but when I turn off the old one no one can log in and > >>>>>>> there is no Internet access. I think both of these problems are > >>>>>>> due to DNS (which I really understand about 1% of). There are no > >>>>>>> errors in the DNS log though (just info that the service > >>>>>>> started). > >>>>>>> > >>>>>>> Most of the computers have fixed IPs so DHCP isn't really an > >>>>>>> issue, but the DHCP service is also failing. > >>>>>>> > >>>>>>> I'm hoping from the log files someone can give me some specific > >>>>>>> things to try as opposed to links to articles that are above my > >>>>>>> understanding. > >>>>>>> > >>>>>>> Your help is much appreciated. > >>>>>>> > >>>>>>> System Log: > >>>>>>> > >>>>>>> Event ID 1059 > >>>>>>> The DHCP service failed to see a directory server for > >>>>>>> authorization. > >>>>>>> Directory Service Log: > >>>>>>> Event ID 2088 > >>>>>>> Active Directory could not use DNS to resolve the IP address of > >>>>>>> the > >>>>>>> source > >>>>>>> domain controller listed below. To maintain the consistency of > >>>>>>> Security > >>>>>>> groups, group policy, users and computers and their passwords, > >>>>>>> Active > >>>>>>> Directory successfully replicated using the NetBIOS or fully > >>>>>>> qualified > >>>>>>> computer name of the source domain controller. > >>>>>>> Invalid DNS configuration may be affecting other essential > >>>>>>> operations > >>>>>>> on > >>>>>>> member computers, domain controllers or application servers in > >>>>>>> this > >>>>>>> Active > >>>>>>> Directory forest, including logon authentication or access to > >>>>>>> network > >>>>>>> resources. > >>>>>>> (I cut out the rest of the error, let me know if it would be > >>>>>>> helpful > >>>>>>> to post > >>>>>>> the entire message) > >>>>>>> Event ID 1586 > >>>>>>> The Windows NT 4.0 or earlier replication checkpoint with the > >>>>>>> PDC > >>>>>>> emulator > >>>>>>> master was unsuccessful. > >>>>>>> A full synchronization of the security accounts manager (SAM) > >>>>>>> database > >>>>>>> to domain controllers running Windows NT 4.0 and earlier might > >>>>>>> take > >>>>>>> place if the PDC emulator master role is transferred to the > >>>>>>> local > >>>>>>> domain controller before the next successful checkpoint. > >>>>>>> Application Log: > >>>>>>> Event ID5 3258 > >>>>>>> MS DTC could not correctly process a DC Promotion/Demotion > >>>>>>> event. > >>>>>>> MS > >>>>>>> DTC > >>>>>>> will continue to function and will use the existing security > >>>>>>> settings. > >>>>>>> Error > >>>>>>> Specifics: %1 > >>>>>>> Event ID 53258 > >>>>>>> MS DTC could not correctly process a DC Promotion/Demotion > >>>>>>> event. > >>>>>>> MS > >>>>>>> DTC > >>>>>>> will continue to function and will use the existing security > >>>>>>> settings. > >>>>>>> Error > >>>>>>> Specifics: d:\nt\com\complus\dtc\dtc\adme\uiname.cpp:9351, Pid: > >>>>>>> 1160 > >>>>>>> No Callstack, CmdLine: C:\WINDOWS\system32\msdtc.exe > >
Guest Meinolf Weber Posted September 19, 2008 Posted September 19, 2008 Re: Problems migrating AD PDC Hello Jack, What kind of DNS zones are you using, AD integrated? Chekc that both server registered in the zones. Do you have also a Reverse lookup zone? Do you have no SP1 or SP2 on the 2003 installed? The NIC test on server 1 creates an error in netdiag output, make sure the drivers are up to date and also the NIC itself is correct built in. GetStats failed for 'Intel® PRO/1000 XT Network Connection'. [ERROR_INVALI D_FUNCTION] [FATAL] - None of the netcard drivers provided satisfactory results. Change the ip settings in new-server to: Host Name. . . . . . . . . : new-server IP Address . . . . . . . . : 192.168.0.185 Subnet Mask. . . . . . . . : 255.255.255.0 Default Gateway. . . . . . : 192.168.0.254 Dns Servers. . . . . . . . : 192.168.0.185 192.168.0.1 Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > I really appreciate all your help. Here are the outputs: > > Server1 is Old Server > New-Server is new server > netdom query fsmo: > Schema owner SERVER1.ars.local > Domain role owner SERVER1.ars.local > > PDC role new-server.ars.local > > RID pool manager SERVER1.ars.local > > Infrastructure owner SERVER1.ars.local > > The command completed successfully. > > repadmin running command /showrepl against server localhost > > Default-First-Site-Name\NEW-SERVER > DC Options: IS_GC > Site Options: (none) > DC object GUID: bbd5e31c-ceaf-4c89-bbaf-be1245dbf679 > DC invocationID: 56399df1-ebe1-4dd1-817a-fb046fcab5b8 > ==== INBOUND NEIGHBORS ====================================== > > DC=ars,DC=local > Default-First-Site-Name\SERVER1 via RPC > DC object GUID: c834486a-c689-4f82-a4ec-85e81937e0f7 > Last attempt @ 2008-09-18 20:58:20 was successful. > CN=Configuration,DC=ars,DC=local > Default-First-Site-Name\SERVER1 via RPC > DC object GUID: c834486a-c689-4f82-a4ec-85e81937e0f7 > Last attempt @ 2008-09-18 21:33:32 was successful. > CN=Schema,CN=Configuration,DC=ars,DC=local > Default-First-Site-Name\SERVER1 via RPC > DC object GUID: c834486a-c689-4f82-a4ec-85e81937e0f7 > Last attempt @ 2008-09-18 20:58:20 was successful. > DC=ForestDnsZones,DC=ars,DC=local > Default-First-Site-Name\SERVER1 via RPC > DC object GUID: c834486a-c689-4f82-a4ec-85e81937e0f7 > Last attempt @ 2008-09-18 20:58:20 was successful. > DC=DomainDnsZones,DC=ars,DC=local > Default-First-Site-Name\SERVER1 via RPC > DC object GUID: c834486a-c689-4f82-a4ec-85e81937e0f7 > Last attempt @ 2008-09-18 21:29:30 was successful. > **************************************************************** > > DCDIAG on new server: > > Domain Controller Diagnosis > > Performing initial setup: > Done gathering initial info. > Doing initial required tests > > Testing server: Default-First-Site-Name\NEW-SERVER > Starting test: Connectivity > ......................... NEW-SERVER passed test Connectivity > Doing primary tests > > Testing server: Default-First-Site-Name\NEW-SERVER > Starting test: Replications > [sERVER1] DsBindWithSpnEx() failed with error 1722, > The RPC server is unavailable.. > ......................... NEW-SERVER passed test Replications > Starting test: NCSecDesc > ......................... NEW-SERVER passed test NCSecDesc > Starting test: NetLogons > ......................... NEW-SERVER passed test NetLogons > Starting test: Advertising > ......................... NEW-SERVER passed test Advertising > Starting test: KnowsOfRoleHolders > Warning: SERVER1 is the Schema Owner, but is not responding > to DS > RPC B > ind. > [sERVER1] LDAP search failed with error 58, > The specified server cannot perform the requested operation.. > Warning: SERVER1 is the Schema Owner, but is not responding > to LDAP > Bin > d. > Warning: SERVER1 is the Domain Owner, but is not responding > to DS > RPC B > ind. > Warning: SERVER1 is the Domain Owner, but is not responding > to LDAP > Bin > d. > Warning: SERVER1 is the Rid Owner, but is not responding to > DS RPC > Bind > . > Warning: SERVER1 is the Rid Owner, but is not responding to > LDAP > Bind. > Warning: SERVER1 is the Infrastructure Update Owner, but is > not > respond > ing to DS RPC Bind. > Warning: SERVER1 is the Infrastructure Update Owner, but is > not > respond > ing to LDAP Bind. > ......................... NEW-SERVER failed test > KnowsOfRoleHolders > Starting test: RidManager > ......................... NEW-SERVER failed test RidManager > Starting test: MachineAccount > ......................... NEW-SERVER passed test > MachineAccount > Starting test: Services > ......................... NEW-SERVER passed test Services > Starting test: ObjectsReplicated > ......................... NEW-SERVER passed test > ObjectsReplicated > Starting test: frssysvol > ......................... NEW-SERVER passed test frssysvol > Starting test: frsevent > ......................... NEW-SERVER passed test frsevent > Starting test: kccevent > ......................... NEW-SERVER passed test kccevent > Starting test: systemlog > An Error Event occured. EventID: 0xC00010E1 > Time Generated: 09/18/2008 20:58:22 > (Event String could not be retrieved) > An Error Event occured. EventID: 0x0000166D > Time Generated: 09/18/2008 20:58:22 > Event String: Netlogon could not register the ARS<1B> name > An Error Event occured. EventID: 0xC00010E1 > Time Generated: 09/18/2008 21:13:22 > (Event String could not be retrieved) > An Error Event occured. EventID: 0xC00010E1 > Time Generated: 09/18/2008 21:28:22 > (Event String could not be retrieved) > An Error Event occured. EventID: 0xC00010E1 > Time Generated: 09/18/2008 21:43:22 > (Event String could not be retrieved) > ......................... NEW-SERVER failed test systemlog > Starting test: VerifyReferences > ......................... NEW-SERVER passed test > VerifyReferences > Running partition tests on : DomainDnsZones > Starting test: CrossRefValidation > ......................... DomainDnsZones passed test > CrossRefValidation > Starting test: CheckSDRefDom > ......................... DomainDnsZones passed test > CheckSDRefDom > Running partition tests on : ForestDnsZones > Starting test: CrossRefValidation > ......................... ForestDnsZones passed test > CrossRefValidation > Starting test: CheckSDRefDom > ......................... ForestDnsZones passed test > CheckSDRefDom > Running partition tests on : Schema > Starting test: CrossRefValidation > ......................... Schema passed test > CrossRefValidation > Starting test: CheckSDRefDom > ......................... Schema passed test CheckSDRefDom > Running partition tests on : Configuration > Starting test: CrossRefValidation > ......................... Configuration passed test > CrossRefValidation > Starting test: CheckSDRefDom > ......................... Configuration passed test > CheckSDRefDom > Running partition tests on : ARS > Starting test: CrossRefValidation > ......................... ARS passed test CrossRefValidation > Starting test: CheckSDRefDom > ......................... ARS passed test CheckSDRefDom > Running enterprise tests on : ARS.local > Starting test: Intersite > ......................... ARS.local passed test Intersite > Starting test: FsmoCheck > Error: The server returned by DsGetDcName() did not match > DsListRoles() > for the PDC > ......................... ARS.local passed test FsmoCheck > ********************************************************************** > > DCDIAG on Old Server: > > Domain Controller Diagnosis > > Performing initial setup: > Done gathering initial info. > Doing initial required tests > > Testing server: Default-First-Site-Name\SERVER1 > Starting test: Connectivity > The host > c834486a-c689-4f82-a4ec-85e81937e0f7._msdcs.ars.local coul > d not be resolved to an > IP address. Check the DNS server, DHCP, server name, etc > Although the Guid DNS name > (c834486a-c689-4f82-a4ec-85e81937e0f7._msdcs.ars.local) > couldn't > be resolved, the server name (SERVER1.ars.local) resolved to > the > IP address (192.168.0.1) and was pingable. Check that the IP > address > is registered correctly with the DNS server. > ......................... SERVER1 failed test Connectivity > Doing primary tests > > Testing server: Default-First-Site-Name\SERVER1 > Skipping all tests, because server SERVER1 is > not responding to directory service requests > Running partition tests on : ForestDnsZones > Starting test: CrossRefValidation > ......................... ForestDnsZones passed test > CrossRefValidation > Starting test: CheckSDRefDom > ......................... ForestDnsZones passed test > CheckSDRefDom > Running partition tests on : DomainDnsZones > Starting test: CrossRefValidation > ......................... DomainDnsZones passed test > CrossRefValidation > Starting test: CheckSDRefDom > ......................... DomainDnsZones passed test > CheckSDRefDom > Running partition tests on : Schema > Starting test: CrossRefValidation > ......................... Schema passed test > CrossRefValidation > Starting test: CheckSDRefDom > ......................... Schema passed test CheckSDRefDom > Running partition tests on : Configuration > Starting test: CrossRefValidation > ......................... Configuration passed test > CrossRefValidation > Starting test: CheckSDRefDom > ......................... Configuration passed test > CheckSDRefDom > Running partition tests on : ars > Starting test: CrossRefValidation > ......................... ars passed test CrossRefValidation > Starting test: CheckSDRefDom > ......................... ars passed test CheckSDRefDom > Running enterprise tests on : ars.local > Starting test: Intersite > ......................... ars.local passed test Intersite > Starting test: FsmoCheck > Error: The server returned by DsGetDcName() did not match > DsListRoles() > for the PDC > ......................... ars.local passed test FsmoCheck > ********************************************************************** > ** > > NETDIAG ON NEW SERVER: > > Computer Name: NEW-SERVER > DNS Host Name: new-server.ars.local > System info : Microsoft Windows Server 2003 (Build 3790) > Processor : x86 Family 6 Model 15 Stepping 13, GenuineIntel > List of installed hotfixes : > Q147222 > Netcard queries test . . . . . . . : Passed > > Per interface results: > > Adapter : Local Area Connection > > Netcard queries test . . . : Passed > > Host Name. . . . . . . . . : new-server > IP Address . . . . . . . . : 192.168.0.185 > Subnet Mask. . . . . . . . : 255.255.255.0 > Default Gateway. . . . . . : 192.168.0.254 > Dns Servers. . . . . . . . : 192.168.0.1 > 192.168.0.185 > AutoConfiguration results. . . . . . : Passed > > Default gateway test . . . : Passed > > NetBT name test. . . . . . : Passed > [WARNING] At least one of the <00> 'WorkStation Service', <03> > 'Messenge > r Service', <20> 'WINS' names is missing. > > WINS service test. . . . . : Skipped > There are no WINS servers configured for this interface. > Global results: > > Domain membership test . . . . . . : Passed > > NetBT transports test. . . . . . . : Passed > List of NetBt transports currently configured: > NetBT_Tcpip_{1564DF95-1390-4C84-8E00-D154F9AED25D} > 1 NetBt transport currently configured. > Autonet address test . . . . . . . : Passed > > IP loopback ping test. . . . . . . : Passed > > Default gateway test . . . . . . . : Passed > > NetBT name test. . . . . . . . . . : Passed > [WARNING] You don't have a single interface with the <00> > 'WorkStation > Servi > ce', <03> 'Messenger Service', <20> 'WINS' names defined. > > Winsock test . . . . . . . . . . . : Passed > > DNS test . . . . . . . . . . . . . : Failed > [WARNING] The DNS entries for this DC are not registered correctly > on > DNS se > rver '192.168.0.1'. Please wait for 30 minutes for DNS server > replication. > [WARNING] The DNS entries for this DC are not registered correctly > on > DNS se > rver '192.168.0.185'. Please wait for 30 minutes for DNS server > replication. > [FATAL] No DNS servers have the DNS records for this DC > registered. > Redir and Browser test . . . . . . : Passed > List of NetBt transports currently bound to the Redir > NetBT_Tcpip_{1564DF95-1390-4C84-8E00-D154F9AED25D} > The redir is bound to 1 NetBt transport. > List of NetBt transports currently bound to the browser > NetBT_Tcpip_{1564DF95-1390-4C84-8E00-D154F9AED25D} > The browser is bound to 1 NetBt transport. > DC discovery test. . . . . . . . . : Passed > > DC list test . . . . . . . . . . . : Passed > > Trust relationship test. . . . . . : Skipped > > Kerberos test. . . . . . . . . . . : Passed > > LDAP test. . . . . . . . . . . . . : Passed > > Bindings test. . . . . . . . . . . : Passed > > WAN configuration test . . . . . . : Skipped > No active remote access connections. > Modem diagnostics test . . . . . . : Passed > > IP Security test . . . . . . . . . : Skipped > > Note: run "netsh ipsec dynamic show /?" for more detailed > information > > ********************************************************************** > ****** ** > > NETDIAG ON OLD SERVER: > > Computer Name: SERVER1 > DNS Host Name: SERVER1.ars.local > System info : Microsoft Windows Server 2003 (Build 3790) > Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel > Netcard queries test . . . . . . . : Failed > GetStats failed for 'Intel® PRO/1000 XT Network Connection'. > [ERROR_INVALI > D_FUNCTION] > [FATAL] - None of the netcard drivers provided satisfactory > results. > Per interface results: > > Adapter : Local Area Connection > > Netcard queries test . . . : Failed > NetCard Status: UNKNOWN > Host Name. . . . . . . . . : SERVER1 > IP Address . . . . . . . . : 192.168.0.1 > Subnet Mask. . . . . . . . : 255.255.255.0 > Default Gateway. . . . . . : 192.168.0.254 > Dns Servers. . . . . . . . : 192.168.0.1 > 192.168.0.185 > AutoConfiguration results. . . . . . : Passed > > Default gateway test . . . : Passed > > NetBT name test. . . . . . : Passed > [WARNING] At least one of the <00> 'WorkStation Service', <03> > 'Messenge > r Service', <20> 'WINS' names is missing. > No remote names have been found. > WINS service test. . . . . : Skipped > There are no WINS servers configured for this interface. > Global results: > > Domain membership test . . . . . . : Passed > > NetBT transports test. . . . . . . : Passed > List of NetBt transports currently configured: > NetBT_Tcpip_{E4FF46BE-FF6F-4E97-8825-A3B494203996} > 1 NetBt transport currently configured. > Autonet address test . . . . . . . : Passed > > IP loopback ping test. . . . . . . : Passed > > Default gateway test . . . . . . . : Passed > > NetBT name test. . . . . . . . . . : Passed > [WARNING] You don't have a single interface with the <00> > 'WorkStation > Servi > ce', <03> 'Messenger Service', <20> 'WINS' names defined. > > Winsock test . . . . . . . . . . . : Passed > > DNS test . . . . . . . . . . . . . : Failed > [WARNING] The DNS entries for this DC are not registered correctly > on > DNS se > rver '192.168.0.1'. Please wait for 30 minutes for DNS server > replication. > [WARNING] The DNS entries for this DC are not registered correctly > on > DNS se > rver '192.168.0.185'. Please wait for 30 minutes for DNS server > replication. > [FATAL] No DNS servers have the DNS records for this DC > registered. > Redir and Browser test . . . . . . : Passed > List of NetBt transports currently bound to the Redir > NetBT_Tcpip_{E4FF46BE-FF6F-4E97-8825-A3B494203996} > The redir is bound to 1 NetBt transport. > List of NetBt transports currently bound to the browser > NetBT_Tcpip_{E4FF46BE-FF6F-4E97-8825-A3B494203996} > The browser is bound to 1 NetBt transport. > DC discovery test. . . . . . . . . : Passed > > DC list test . . . . . . . . . . . : Passed > > Trust relationship test. . . . . . : Skipped > > Kerberos test. . . . . . . . . . . : Passed > > LDAP test. . . . . . . . . . . . . : Passed > > Bindings test. . . . . . . . . . . : Passed > > WAN configuration test . . . . . . : Skipped > No active remote access connections. > Modem diagnostics test . . . . . . : Passed > > IP Security test . . . . . . . . . : Skipped > > ********************************************************************** > **** > > Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message > news:ff16fb6678608cae7efe2fb2d9d@msnews.microsoft.com... > >> Hello Paul, >> >> For the DNS settings choose also the other DC as secondary on the >> NIC. >> > Also > >> post the output in command window from "netdom query fsmo" without >> the >> > quotes. > >> Then run repadmin /showrepl and post the output also. Run dcdiag and >> > netdiag > >> on both DC's and if you get errors post also the complete output. >> >> Best regards >> >> Meinolf Weber >> Disclaimer: This posting is provided "AS IS" with no warranties, and > confers > >> no rights. >> ** Please do NOT email, only reply to Newsgroups >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm >>>> Did you configure the FORWARDERS in the DNS management console >>>> under the server properties? >>>> >>> Yes. I deleted the DNS forwarders and re-entered them. I am now able >>> to browse if I point the new serve to itself as the DNS server. I >>> think this part is fixed. Thanks for pointing me in the right >>> direction on this :-) :-) (or what ever a super happy face is!) >>> >>>> Did you move all 5 FSMO roles to the new server? >>>> >>> No, when I try I get "The transfer of the operations master role >>> cannot be >>> performed because the requested FSMO >>> operation failed. The current FSMO holder could not be contacted" >>>> Did you make the new DC Global catalog server? >>>> >>> Yes >>> >>> Old Server: >>> Windows IP Configuration >>> Host Name . . . . . . . . . . . . : SERVER1 >>> Primary Dns Suffix . . . . . . . : ars.local >>> Node Type . . . . . . . . . . . . : Unknown >>> IP Routing Enabled. . . . . . . . : Yes >>> WINS Proxy Enabled. . . . . . . . : Yes >>> DNS Suffix Search List. . . . . . : ars.local >>> Ethernet adapter Local Area Connection: >>> Connection-specific DNS Suffix . : >>> Description . . . . . . . . . . . : Intel® PRO/1000 XT Network >>> Connection >>> Physical Address. . . . . . . . . : 00-0D-56-FD-47-D9 >>> DHCP Enabled. . . . . . . . . . . : No >>> IP Address. . . . . . . . . . . . : 192.168.0.1 >>> Subnet Mask . . . . . . . . . . . : 255.255.255.0 >>> Default Gateway . . . . . . . . . : 192.168.0.254 >>> DNS Servers . . . . . . . . . . . : 192.168.0.1 >>> New Server: >>> Windows IP Configuration >>> Host Name . . . . . . . . . . . . : new-server >>> Primary Dns Suffix . . . . . . . : ars.local >>> Node Type . . . . . . . . . . . . : Unknown >>> IP Routing Enabled. . . . . . . . : No >>> WINS Proxy Enabled. . . . . . . . : No >>> DNS Suffix Search List. . . . . . : ars.local >>> Ethernet adapter Local Area Connection: >>> Connection-specific DNS Suffix . : >>> Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit >>> Ethernet >>> Physical Address. . . . . . . . . : 00-1D-09-FF-97-24 >>> DHCP Enabled. . . . . . . . . . . : No >>> IP Address. . . . . . . . . . . . : 192.168.0.185 >>> Subnet Mask . . . . . . . . . . . : 255.255.255.0 >>> Default Gateway . . . . . . . . . : 192.168.0.254 >>> DNS Servers . . . . . . . . . . . : 192.168.0.1 >>> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message >>> news:ff16fb6676fb8cae77e58e6f198@msnews.microsoft.com... >>>> Hello Paul, >>>> >>>> Please post an unedited ipconfig /all from both DC's. >>>> >>>> Did you configure the FORWARDERS in the DNS management console >>>> under the server properties? >>>> >>>> Did you move all 5 FSMO roles to the new server? >>>> >>>> Did you make the new DC Global catalog server? >>>> >>>> Best regards >>>> >>>> Meinolf Weber >>>> Disclaimer: This posting is provided "AS IS" with no warranties, >>>> and >>> confers >>> >>>> no rights. >>>> ** Please do NOT email, only reply to Newsgroups >>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm >>>>> So I have been going through your list. I still have not been able >>>>> to get rid of any of the original errors that I posted. >>>>> >>>>> When I try to Transfer FSMO roles (change operations master, >>>>> change schema master, etc.) I get the following: "The transfer of >>>>> the operations master role cannot be performed because the >>>>> requested FSMO operation failed. The current FSMO holder could not >>>>> be contacted" >>>>> >>>>> As I stated in an earlier post I know that there are DNS issues. >>>>> 1. From the event logs >>>>> 2. If I take the old server offline and point a workstation DNS >>>>> setting to >>>>> the new server I cant browse. >>>>> I am sure that all of these issues are related, but not sure how >>>>> to >>>>> correct. >>>>> I have no idea what to do next >>>>> <Meinolf Weber> wrote in message >>>>> news:ff16fb6666c48cae132945ad0f4@msnews.microsoft.com... >>>>>> Hello Paul, >>>>>> >>>>>> Check this list for the steps you have done or not, if not do it >>>>>> now and leave the old DC still up and running during the time: >>>>>> >>>>>> - On the old server open DNS management console and check that >>>>>> you are >>>>>> >>>>> running >>>>> >>>>>> Active directory integrated zone (easier for replication, if you >>>>>> have more then one DNS server) >>>>>> >>>>>> - run replmon, dcdiag and netdiag on the old machine to check for >>>>>> errors, if you have some post the complete output from the >>>>>> command here or solve them first >>>>>> >>>>>> - run adprep /forestprep and adprep /domainprep from the 2003 >>>>>> installation disk against the 2000 server, with an account that >>>>>> is member of the Schema admins, to upgrade the schema to the new >>>>>> version >>>>>> >>>>>> - Install the new machine as a member server in your existing >>>>>> domain >>>>>> >>>>>> - configure a fixed ip and set the preferred DNS server to the >>>>>> old DNS >>>>>> >>>>> server >>>>> >>>>>> only >>>>>> >>>>>> - run dcpromo and follow the wizard to add the 2003 server to an >>>>>> existing domain >>>>>> >>>>>> - if you are prompted for DNS configuration choose Yes (also >>>>>> possible that no DNS preparation occur), then install DNS after >>>>>> the reboot >>>>>> >>>>>> - for DNS give the server time for replication, at least 15 >>>>>> minutes. >>>>>> >>>>> Because >>>>> >>>>>> you use Active directory integrated zones it will automatically >>>>>> replicate the zones to the new server. Open DNS management >>>>>> console to check that >>>>>> >>>>> they >>>>> >>>>>> appear >>>>>> >>>>>> - if the new machine is domain controller and DNS server run >>>>>> again >>>>>> >>>>> replmon, >>>>> >>>>>> dcdiag and netdiag on both domain controllers >>>>>> >>>>>> - if you have no errors, make the new server Global catalog >>>>>> server, open Active directory Sites and Services and then >>>>>> double-click sitename, >>>>>> >>>>> double-click >>>>> >>>>>> Servers, click your domain controller, right-click NTDS Settings, >>>>>> and then click Properties, on the General tab, click to select >>>>>> the Global catalog check box >>>>>> (http://support.microsoft.com/?id=313994) >>>>>> >>>>>> - Transfer, NOT seize the 5 FSMO roles to the new Domain >>>>>> controller >>>>>> >>>>> (http://support.microsoft.com/kb/324801) >>>>> >>>>>> - you can see in the event viewer (Directory service) that the >>>>>> roles are transferred, also give it some time >>>>>> >>>>>> - reconfigure the DNS configuration on your NIC of the 2003 >>>>>> server, >>>>>> >>>>> preferred >>>>> >>>>>> DNS itself, secondary the old one >>>>>> >>>>>> - if you use DHCP do not forget to reconfigure the scope settings >>>>>> to point to the new installed DNS server >>>>>> >>>>>> - export and import of DHCP database (if needed) >>>>>> >>>>> http://support.microsoft.com/kb/325473 >>>>> >>>>>> Demoting >>>>>> >>>>>> - reconfigure your clients/servers that they not longer point to >>>>>> the old DC/DNS server on the NIC >>>>>> >>>>>> - to be sure that everything runs fine, disconnect the old DC >>>>>> from the >>>>>> >>>>> network >>>>> >>>>>> and check with clients and servers the connectivity, logon and >>>>>> also with one client a restart to see that everything is ok >>>>>> >>>>>> - then run dcpromo to demote the old DC, if it works fine the >>>>>> machine will move from the DC's OU to the computers container, >>>>>> where you can delete it by hand. Can be that you got an error >>>>>> during demoting at the beginning, >>>>>> >>>>> then >>>>> >>>>>> uncheck the Global catalog on that DC and try again >>>>>> >>>>>> - check the DNS management console, that all entries from the >>>>>> machine are disappeared or delete them by hand if the machine is >>>>>> off the network for >>>>>> >>>>> ever >>>>> >>>>>> Best regards >>>>>> >>>>>> Meinolf Weber >>>>>> Disclaimer: This posting is provided "AS IS" with no warranties, >>>>>> and >>>>> confers >>>>> >>>>>> no rights. >>>>>> ** Please do NOT email, only reply to Newsgroups >>>>>> ** HELP us help YOU!!! >>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm >>>>>>> Thanks for your reply. >>>>>>> >>>>>>>> Did you install DNS also on the new server and point all >>>>>>>> clients to use >>>>>>>> >>>>>>> it? >>>>>>> DNS is installed. After shutting down the old server I changed >>>>>>> the >>>>>>> new >>>>>>> server to the old servers IP and rebooted. >>>>>>>> Did you configure the FORWARDERS in the DNS management console >>>>>>>> under the server properties? >>>>>>>> >>>>>>> I dont think so. I just "poked" around in the DNS console and >>>>>>> cant >>>>>>> even find >>>>>>> these settings. >>>>>>> Is there a (easy) way to export the entire DNS setup from the >>>>>>> old >>>>>>> server? >>>>>>>> Did you move all 5 FSMO roles to the new server? >>>>>>>> >>>>>>> I dont know what this means, so probably not. >>>>>>> >>>>>>>> Did you make the new DC Global catalog server? >>>>>>>> >>>>>>> Yes >>>>>>> >>>>>>> help... I'm over my head >>>>>>> >>>>>>> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message >>>>>>> news:ff16fb6666398cae0e32ae8ece8@msnews.microsoft.com... >>>>>>> >>>>>>>> Hello Paul, >>>>>>>> >>>>>>>> Did you install DNS also on the new server and point all >>>>>>>> clients to use >>>>>>>> >>>>>>> it? >>>>>>> >>>>>>>> Did you configure the FORWARDERS in the DNS management console >>>>>>>> under the server properties? >>>>>>>> >>>>>>>> Did you move all 5 FSMO roles to the new server? >>>>>>>> >>>>>>>> Did you make the new DC Global catalog server? >>>>>>>> >>>>>>>> Best regards >>>>>>>> >>>>>>>> Meinolf Weber >>>>>>>> Disclaimer: This posting is provided "AS IS" with no >>>>>>>> warranties, >>>>>>>> and >>>>>>> confers >>>>>>> >>>>>>>> no rights. >>>>>>>> ** Please do NOT email, only reply to Newsgroups >>>>>>>> ** HELP us help YOU!!! >>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm >>>>>>>>> I am trying to migrate from an old W2K3 Active Directory >>>>>>>>> domain controller to a new one. Eventually I want to remove >>>>>>>>> the old server from the network. I have never done this before >>>>>>>>> and it is a little bit out of my league so I Googled, read >>>>>>>>> and hopefully followed several articles that I found, but am >>>>>>>>> still getting some errors logged. >>>>>>>>> >>>>>>>>> The list of AD users, computers etc replicated over to the new >>>>>>>>> server, but when I turn off the old one no one can log in and >>>>>>>>> there is no Internet access. I think both of these problems >>>>>>>>> are due to DNS (which I really understand about 1% of). There >>>>>>>>> are no errors in the DNS log though (just info that the >>>>>>>>> service started). >>>>>>>>> >>>>>>>>> Most of the computers have fixed IPs so DHCP isn't really an >>>>>>>>> issue, but the DHCP service is also failing. >>>>>>>>> >>>>>>>>> I'm hoping from the log files someone can give me some >>>>>>>>> specific things to try as opposed to links to articles that >>>>>>>>> are above my understanding. >>>>>>>>> >>>>>>>>> Your help is much appreciated. >>>>>>>>> >>>>>>>>> System Log: >>>>>>>>> >>>>>>>>> Event ID 1059 >>>>>>>>> The DHCP service failed to see a directory server for >>>>>>>>> authorization. >>>>>>>>> Directory Service Log: >>>>>>>>> Event ID 2088 >>>>>>>>> Active Directory could not use DNS to resolve the IP address >>>>>>>>> of >>>>>>>>> the >>>>>>>>> source >>>>>>>>> domain controller listed below. To maintain the consistency of >>>>>>>>> Security >>>>>>>>> groups, group policy, users and computers and their passwords, >>>>>>>>> Active >>>>>>>>> Directory successfully replicated using the NetBIOS or fully >>>>>>>>> qualified >>>>>>>>> computer name of the source domain controller. >>>>>>>>> Invalid DNS configuration may be affecting other essential >>>>>>>>> operations >>>>>>>>> on >>>>>>>>> member computers, domain controllers or application servers in >>>>>>>>> this >>>>>>>>> Active >>>>>>>>> Directory forest, including logon authentication or access to >>>>>>>>> network >>>>>>>>> resources. >>>>>>>>> (I cut out the rest of the error, let me know if it would be >>>>>>>>> helpful >>>>>>>>> to post >>>>>>>>> the entire message) >>>>>>>>> Event ID 1586 >>>>>>>>> The Windows NT 4.0 or earlier replication checkpoint with the >>>>>>>>> PDC >>>>>>>>> emulator >>>>>>>>> master was unsuccessful. >>>>>>>>> A full synchronization of the security accounts manager (SAM) >>>>>>>>> database >>>>>>>>> to domain controllers running Windows NT 4.0 and earlier might >>>>>>>>> take >>>>>>>>> place if the PDC emulator master role is transferred to the >>>>>>>>> local >>>>>>>>> domain controller before the next successful checkpoint. >>>>>>>>> Application Log: >>>>>>>>> Event ID5 3258 >>>>>>>>> MS DTC could not correctly process a DC Promotion/Demotion >>>>>>>>> event. >>>>>>>>> MS >>>>>>>>> DTC >>>>>>>>> will continue to function and will use the existing security >>>>>>>>> settings. >>>>>>>>> Error >>>>>>>>> Specifics: %1 >>>>>>>>> Event ID 53258 >>>>>>>>> MS DTC could not correctly process a DC Promotion/Demotion >>>>>>>>> event. >>>>>>>>> MS >>>>>>>>> DTC >>>>>>>>> will continue to function and will use the existing security >>>>>>>>> settings. >>>>>>>>> Error >>>>>>>>> Specifics: d:\nt\com\complus\dtc\dtc\adme\uiname.cpp:9351, >>>>>>>>> Pid: >>>>>>>>> 1160 >>>>>>>>> No Callstack, CmdLine: C:\WINDOWS\system32\msdtc.exe
Guest Paul Chow Posted September 19, 2008 Posted September 19, 2008 Re: Problems migrating AD PDC Again, Thank you so much for all of your help. I am not sure what I did but I successfully was able to transfer the 5 FSMO roles. Hopefully over the weekend I will shut down the old server and see what happens to the rest of the network. One last question: If everything is OK after shutting down the old server can I change the IP of the new server to the address of the old one or will that mess up things in DNS? "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message news:ff16fb66793a8cae8568972de15@msnews.microsoft.com... > Hello Jack, > > What kind of DNS zones are you using, AD integrated? Chekc that both server > registered in the zones. Do you have also a Reverse lookup zone? > > Do you have no SP1 or SP2 on the 2003 installed? > > The NIC test on server 1 creates an error in netdiag output, make sure the > drivers are up to date and also the NIC itself is correct built in. > GetStats failed for 'Intel® PRO/1000 XT Network Connection'. > [ERROR_INVALI > D_FUNCTION] > [FATAL] - None of the netcard drivers provided satisfactory results. > > > > Change the ip settings in new-server to: > Host Name. . . . . . . . . : new-server > IP Address . . . . . . . . : 192.168.0.185 > Subnet Mask. . . . . . . . : 255.255.255.0 > Default Gateway. . . . . . : 192.168.0.254 > Dns Servers. . . . . . . . : 192.168.0.185 > 192.168.0.1 > > > > Best regards > > Meinolf Weber > Disclaimer: This posting is provided "AS IS" with no warranties, and confers > no rights. > ** Please do NOT email, only reply to Newsgroups > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > > > > I really appreciate all your help. Here are the outputs: > > > > Server1 is Old Server > > New-Server is new server > > netdom query fsmo: > > Schema owner SERVER1.ars.local > > Domain role owner SERVER1.ars.local > > > > PDC role new-server.ars.local > > > > RID pool manager SERVER1.ars.local > > > > Infrastructure owner SERVER1.ars.local > > > > The command completed successfully. > > > > repadmin running command /showrepl against server localhost > > > > Default-First-Site-Name\NEW-SERVER > > DC Options: IS_GC > > Site Options: (none) > > DC object GUID: bbd5e31c-ceaf-4c89-bbaf-be1245dbf679 > > DC invocationID: 56399df1-ebe1-4dd1-817a-fb046fcab5b8 > > ==== INBOUND NEIGHBORS ====================================== > > > > DC=ars,DC=local > > Default-First-Site-Name\SERVER1 via RPC > > DC object GUID: c834486a-c689-4f82-a4ec-85e81937e0f7 > > Last attempt @ 2008-09-18 20:58:20 was successful. > > CN=Configuration,DC=ars,DC=local > > Default-First-Site-Name\SERVER1 via RPC > > DC object GUID: c834486a-c689-4f82-a4ec-85e81937e0f7 > > Last attempt @ 2008-09-18 21:33:32 was successful. > > CN=Schema,CN=Configuration,DC=ars,DC=local > > Default-First-Site-Name\SERVER1 via RPC > > DC object GUID: c834486a-c689-4f82-a4ec-85e81937e0f7 > > Last attempt @ 2008-09-18 20:58:20 was successful. > > DC=ForestDnsZones,DC=ars,DC=local > > Default-First-Site-Name\SERVER1 via RPC > > DC object GUID: c834486a-c689-4f82-a4ec-85e81937e0f7 > > Last attempt @ 2008-09-18 20:58:20 was successful. > > DC=DomainDnsZones,DC=ars,DC=local > > Default-First-Site-Name\SERVER1 via RPC > > DC object GUID: c834486a-c689-4f82-a4ec-85e81937e0f7 > > Last attempt @ 2008-09-18 21:29:30 was successful. > > **************************************************************** > > > > DCDIAG on new server: > > > > Domain Controller Diagnosis > > > > Performing initial setup: > > Done gathering initial info. > > Doing initial required tests > > > > Testing server: Default-First-Site-Name\NEW-SERVER > > Starting test: Connectivity > > ......................... NEW-SERVER passed test Connectivity > > Doing primary tests > > > > Testing server: Default-First-Site-Name\NEW-SERVER > > Starting test: Replications > > [sERVER1] DsBindWithSpnEx() failed with error 1722, > > The RPC server is unavailable.. > > ......................... NEW-SERVER passed test Replications > > Starting test: NCSecDesc > > ......................... NEW-SERVER passed test NCSecDesc > > Starting test: NetLogons > > ......................... NEW-SERVER passed test NetLogons > > Starting test: Advertising > > ......................... NEW-SERVER passed test Advertising > > Starting test: KnowsOfRoleHolders > > Warning: SERVER1 is the Schema Owner, but is not responding > > to DS > > RPC B > > ind. > > [sERVER1] LDAP search failed with error 58, > > The specified server cannot perform the requested operation.. > > Warning: SERVER1 is the Schema Owner, but is not responding > > to LDAP > > Bin > > d. > > Warning: SERVER1 is the Domain Owner, but is not responding > > to DS > > RPC B > > ind. > > Warning: SERVER1 is the Domain Owner, but is not responding > > to LDAP > > Bin > > d. > > Warning: SERVER1 is the Rid Owner, but is not responding to > > DS RPC > > Bind > > . > > Warning: SERVER1 is the Rid Owner, but is not responding to > > LDAP > > Bind. > > Warning: SERVER1 is the Infrastructure Update Owner, but is > > not > > respond > > ing to DS RPC Bind. > > Warning: SERVER1 is the Infrastructure Update Owner, but is > > not > > respond > > ing to LDAP Bind. > > ......................... NEW-SERVER failed test > > KnowsOfRoleHolders > > Starting test: RidManager > > ......................... NEW-SERVER failed test RidManager > > Starting test: MachineAccount > > ......................... NEW-SERVER passed test > > MachineAccount > > Starting test: Services > > ......................... NEW-SERVER passed test Services > > Starting test: ObjectsReplicated > > ......................... NEW-SERVER passed test > > ObjectsReplicated > > Starting test: frssysvol > > ......................... NEW-SERVER passed test frssysvol > > Starting test: frsevent > > ......................... NEW-SERVER passed test frsevent > > Starting test: kccevent > > ......................... NEW-SERVER passed test kccevent > > Starting test: systemlog > > An Error Event occured. EventID: 0xC00010E1 > > Time Generated: 09/18/2008 20:58:22 > > (Event String could not be retrieved) > > An Error Event occured. EventID: 0x0000166D > > Time Generated: 09/18/2008 20:58:22 > > Event String: Netlogon could not register the ARS<1B> name > > An Error Event occured. EventID: 0xC00010E1 > > Time Generated: 09/18/2008 21:13:22 > > (Event String could not be retrieved) > > An Error Event occured. EventID: 0xC00010E1 > > Time Generated: 09/18/2008 21:28:22 > > (Event String could not be retrieved) > > An Error Event occured. EventID: 0xC00010E1 > > Time Generated: 09/18/2008 21:43:22 > > (Event String could not be retrieved) > > ......................... NEW-SERVER failed test systemlog > > Starting test: VerifyReferences > > ......................... NEW-SERVER passed test > > VerifyReferences > > Running partition tests on : DomainDnsZones > > Starting test: CrossRefValidation > > ......................... DomainDnsZones passed test > > CrossRefValidation > > Starting test: CheckSDRefDom > > ......................... DomainDnsZones passed test > > CheckSDRefDom > > Running partition tests on : ForestDnsZones > > Starting test: CrossRefValidation > > ......................... ForestDnsZones passed test > > CrossRefValidation > > Starting test: CheckSDRefDom > > ......................... ForestDnsZones passed test > > CheckSDRefDom > > Running partition tests on : Schema > > Starting test: CrossRefValidation > > ......................... Schema passed test > > CrossRefValidation > > Starting test: CheckSDRefDom > > ......................... Schema passed test CheckSDRefDom > > Running partition tests on : Configuration > > Starting test: CrossRefValidation > > ......................... Configuration passed test > > CrossRefValidation > > Starting test: CheckSDRefDom > > ......................... Configuration passed test > > CheckSDRefDom > > Running partition tests on : ARS > > Starting test: CrossRefValidation > > ......................... ARS passed test CrossRefValidation > > Starting test: CheckSDRefDom > > ......................... ARS passed test CheckSDRefDom > > Running enterprise tests on : ARS.local > > Starting test: Intersite > > ......................... ARS.local passed test Intersite > > Starting test: FsmoCheck > > Error: The server returned by DsGetDcName() did not match > > DsListRoles() > > for the PDC > > ......................... ARS.local passed test FsmoCheck > > ********************************************************************** > > > > DCDIAG on Old Server: > > > > Domain Controller Diagnosis > > > > Performing initial setup: > > Done gathering initial info. > > Doing initial required tests > > > > Testing server: Default-First-Site-Name\SERVER1 > > Starting test: Connectivity > > The host > > c834486a-c689-4f82-a4ec-85e81937e0f7._msdcs.ars.local coul > > d not be resolved to an > > IP address. Check the DNS server, DHCP, server name, etc > > Although the Guid DNS name > > (c834486a-c689-4f82-a4ec-85e81937e0f7._msdcs.ars.local) > > couldn't > > be resolved, the server name (SERVER1.ars.local) resolved to > > the > > IP address (192.168.0.1) and was pingable. Check that the IP > > address > > is registered correctly with the DNS server. > > ......................... SERVER1 failed test Connectivity > > Doing primary tests > > > > Testing server: Default-First-Site-Name\SERVER1 > > Skipping all tests, because server SERVER1 is > > not responding to directory service requests > > Running partition tests on : ForestDnsZones > > Starting test: CrossRefValidation > > ......................... ForestDnsZones passed test > > CrossRefValidation > > Starting test: CheckSDRefDom > > ......................... ForestDnsZones passed test > > CheckSDRefDom > > Running partition tests on : DomainDnsZones > > Starting test: CrossRefValidation > > ......................... DomainDnsZones passed test > > CrossRefValidation > > Starting test: CheckSDRefDom > > ......................... DomainDnsZones passed test > > CheckSDRefDom > > Running partition tests on : Schema > > Starting test: CrossRefValidation > > ......................... Schema passed test > > CrossRefValidation > > Starting test: CheckSDRefDom > > ......................... Schema passed test CheckSDRefDom > > Running partition tests on : Configuration > > Starting test: CrossRefValidation > > ......................... Configuration passed test > > CrossRefValidation > > Starting test: CheckSDRefDom > > ......................... Configuration passed test > > CheckSDRefDom > > Running partition tests on : ars > > Starting test: CrossRefValidation > > ......................... ars passed test CrossRefValidation > > Starting test: CheckSDRefDom > > ......................... ars passed test CheckSDRefDom > > Running enterprise tests on : ars.local > > Starting test: Intersite > > ......................... ars.local passed test Intersite > > Starting test: FsmoCheck > > Error: The server returned by DsGetDcName() did not match > > DsListRoles() > > for the PDC > > ......................... ars.local passed test FsmoCheck > > ********************************************************************** > > ** > > > > NETDIAG ON NEW SERVER: > > > > Computer Name: NEW-SERVER > > DNS Host Name: new-server.ars.local > > System info : Microsoft Windows Server 2003 (Build 3790) > > Processor : x86 Family 6 Model 15 Stepping 13, GenuineIntel > > List of installed hotfixes : > > Q147222 > > Netcard queries test . . . . . . . : Passed > > > > Per interface results: > > > > Adapter : Local Area Connection > > > > Netcard queries test . . . : Passed > > > > Host Name. . . . . . . . . : new-server > > IP Address . . . . . . . . : 192.168.0.185 > > Subnet Mask. . . . . . . . : 255.255.255.0 > > Default Gateway. . . . . . : 192.168.0.254 > > Dns Servers. . . . . . . . : 192.168.0.1 > > 192.168.0.185 > > AutoConfiguration results. . . . . . : Passed > > > > Default gateway test . . . : Passed > > > > NetBT name test. . . . . . : Passed > > [WARNING] At least one of the <00> 'WorkStation Service', <03> > > 'Messenge > > r Service', <20> 'WINS' names is missing. > > > > WINS service test. . . . . : Skipped > > There are no WINS servers configured for this interface. > > Global results: > > > > Domain membership test . . . . . . : Passed > > > > NetBT transports test. . . . . . . : Passed > > List of NetBt transports currently configured: > > NetBT_Tcpip_{1564DF95-1390-4C84-8E00-D154F9AED25D} > > 1 NetBt transport currently configured. > > Autonet address test . . . . . . . : Passed > > > > IP loopback ping test. . . . . . . : Passed > > > > Default gateway test . . . . . . . : Passed > > > > NetBT name test. . . . . . . . . . : Passed > > [WARNING] You don't have a single interface with the <00> > > 'WorkStation > > Servi > > ce', <03> 'Messenger Service', <20> 'WINS' names defined. > > > > Winsock test . . . . . . . . . . . : Passed > > > > DNS test . . . . . . . . . . . . . : Failed > > [WARNING] The DNS entries for this DC are not registered correctly > > on > > DNS se > > rver '192.168.0.1'. Please wait for 30 minutes for DNS server > > replication. > > [WARNING] The DNS entries for this DC are not registered correctly > > on > > DNS se > > rver '192.168.0.185'. Please wait for 30 minutes for DNS server > > replication. > > [FATAL] No DNS servers have the DNS records for this DC > > registered. > > Redir and Browser test . . . . . . : Passed > > List of NetBt transports currently bound to the Redir > > NetBT_Tcpip_{1564DF95-1390-4C84-8E00-D154F9AED25D} > > The redir is bound to 1 NetBt transport. > > List of NetBt transports currently bound to the browser > > NetBT_Tcpip_{1564DF95-1390-4C84-8E00-D154F9AED25D} > > The browser is bound to 1 NetBt transport. > > DC discovery test. . . . . . . . . : Passed > > > > DC list test . . . . . . . . . . . : Passed > > > > Trust relationship test. . . . . . : Skipped > > > > Kerberos test. . . . . . . . . . . : Passed > > > > LDAP test. . . . . . . . . . . . . : Passed > > > > Bindings test. . . . . . . . . . . : Passed > > > > WAN configuration test . . . . . . : Skipped > > No active remote access connections. > > Modem diagnostics test . . . . . . : Passed > > > > IP Security test . . . . . . . . . : Skipped > > > > Note: run "netsh ipsec dynamic show /?" for more detailed > > information > > > > ********************************************************************** > > ****** ** > > > > NETDIAG ON OLD SERVER: > > > > Computer Name: SERVER1 > > DNS Host Name: SERVER1.ars.local > > System info : Microsoft Windows Server 2003 (Build 3790) > > Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel > > Netcard queries test . . . . . . . : Failed > > GetStats failed for 'Intel® PRO/1000 XT Network Connection'. > > [ERROR_INVALI > > D_FUNCTION] > > [FATAL] - None of the netcard drivers provided satisfactory > > results. > > Per interface results: > > > > Adapter : Local Area Connection > > > > Netcard queries test . . . : Failed > > NetCard Status: UNKNOWN > > Host Name. . . . . . . . . : SERVER1 > > IP Address . . . . . . . . : 192.168.0.1 > > Subnet Mask. . . . . . . . : 255.255.255.0 > > Default Gateway. . . . . . : 192.168.0.254 > > Dns Servers. . . . . . . . : 192.168.0.1 > > 192.168.0.185 > > AutoConfiguration results. . . . . . : Passed > > > > Default gateway test . . . : Passed > > > > NetBT name test. . . . . . : Passed > > [WARNING] At least one of the <00> 'WorkStation Service', <03> > > 'Messenge > > r Service', <20> 'WINS' names is missing. > > No remote names have been found. > > WINS service test. . . . . : Skipped > > There are no WINS servers configured for this interface. > > Global results: > > > > Domain membership test . . . . . . : Passed > > > > NetBT transports test. . . . . . . : Passed > > List of NetBt transports currently configured: > > NetBT_Tcpip_{E4FF46BE-FF6F-4E97-8825-A3B494203996} > > 1 NetBt transport currently configured. > > Autonet address test . . . . . . . : Passed > > > > IP loopback ping test. . . . . . . : Passed > > > > Default gateway test . . . . . . . : Passed > > > > NetBT name test. . . . . . . . . . : Passed > > [WARNING] You don't have a single interface with the <00> > > 'WorkStation > > Servi > > ce', <03> 'Messenger Service', <20> 'WINS' names defined. > > > > Winsock test . . . . . . . . . . . : Passed > > > > DNS test . . . . . . . . . . . . . : Failed > > [WARNING] The DNS entries for this DC are not registered correctly > > on > > DNS se > > rver '192.168.0.1'. Please wait for 30 minutes for DNS server > > replication. > > [WARNING] The DNS entries for this DC are not registered correctly > > on > > DNS se > > rver '192.168.0.185'. Please wait for 30 minutes for DNS server > > replication. > > [FATAL] No DNS servers have the DNS records for this DC > > registered. > > Redir and Browser test . . . . . . : Passed > > List of NetBt transports currently bound to the Redir > > NetBT_Tcpip_{E4FF46BE-FF6F-4E97-8825-A3B494203996} > > The redir is bound to 1 NetBt transport. > > List of NetBt transports currently bound to the browser > > NetBT_Tcpip_{E4FF46BE-FF6F-4E97-8825-A3B494203996} > > The browser is bound to 1 NetBt transport. > > DC discovery test. . . . . . . . . : Passed > > > > DC list test . . . . . . . . . . . : Passed > > > > Trust relationship test. . . . . . : Skipped > > > > Kerberos test. . . . . . . . . . . : Passed > > > > LDAP test. . . . . . . . . . . . . : Passed > > > > Bindings test. . . . . . . . . . . : Passed > > > > WAN configuration test . . . . . . : Skipped > > No active remote access connections. > > Modem diagnostics test . . . . . . : Passed > > > > IP Security test . . . . . . . . . : Skipped > > > > ********************************************************************** > > **** > > > > Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message > > news:ff16fb6678608cae7efe2fb2d9d@msnews.microsoft.com... > > > >> Hello Paul, > >> > >> For the DNS settings choose also the other DC as secondary on the > >> NIC. > >> > > Also > > > >> post the output in command window from "netdom query fsmo" without > >> the > >> > > quotes. > > > >> Then run repadmin /showrepl and post the output also. Run dcdiag and > >> > > netdiag > > > >> on both DC's and if you get errors post also the complete output. > >> > >> Best regards > >> > >> Meinolf Weber > >> Disclaimer: This posting is provided "AS IS" with no warranties, and > > confers > > > >> no rights. > >> ** Please do NOT email, only reply to Newsgroups > >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > >>>> Did you configure the FORWARDERS in the DNS management console > >>>> under the server properties? > >>>> > >>> Yes. I deleted the DNS forwarders and re-entered them. I am now able > >>> to browse if I point the new serve to itself as the DNS server. I > >>> think this part is fixed. Thanks for pointing me in the right > >>> direction on this :-) :-) (or what ever a super happy face is!) > >>> > >>>> Did you move all 5 FSMO roles to the new server? > >>>> > >>> No, when I try I get "The transfer of the operations master role > >>> cannot be > >>> performed because the requested FSMO > >>> operation failed. The current FSMO holder could not be contacted" > >>>> Did you make the new DC Global catalog server? > >>>> > >>> Yes > >>> > >>> Old Server: > >>> Windows IP Configuration > >>> Host Name . . . . . . . . . . . . : SERVER1 > >>> Primary Dns Suffix . . . . . . . : ars.local > >>> Node Type . . . . . . . . . . . . : Unknown > >>> IP Routing Enabled. . . . . . . . : Yes > >>> WINS Proxy Enabled. . . . . . . . : Yes > >>> DNS Suffix Search List. . . . . . : ars.local > >>> Ethernet adapter Local Area Connection: > >>> Connection-specific DNS Suffix . : > >>> Description . . . . . . . . . . . : Intel® PRO/1000 XT Network > >>> Connection > >>> Physical Address. . . . . . . . . : 00-0D-56-FD-47-D9 > >>> DHCP Enabled. . . . . . . . . . . : No > >>> IP Address. . . . . . . . . . . . : 192.168.0.1 > >>> Subnet Mask . . . . . . . . . . . : 255.255.255.0 > >>> Default Gateway . . . . . . . . . : 192.168.0.254 > >>> DNS Servers . . . . . . . . . . . : 192.168.0.1 > >>> New Server: > >>> Windows IP Configuration > >>> Host Name . . . . . . . . . . . . : new-server > >>> Primary Dns Suffix . . . . . . . : ars.local > >>> Node Type . . . . . . . . . . . . : Unknown > >>> IP Routing Enabled. . . . . . . . : No > >>> WINS Proxy Enabled. . . . . . . . : No > >>> DNS Suffix Search List. . . . . . : ars.local > >>> Ethernet adapter Local Area Connection: > >>> Connection-specific DNS Suffix . : > >>> Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit > >>> Ethernet > >>> Physical Address. . . . . . . . . : 00-1D-09-FF-97-24 > >>> DHCP Enabled. . . . . . . . . . . : No > >>> IP Address. . . . . . . . . . . . : 192.168.0.185 > >>> Subnet Mask . . . . . . . . . . . : 255.255.255.0 > >>> Default Gateway . . . . . . . . . : 192.168.0.254 > >>> DNS Servers . . . . . . . . . . . : 192.168.0.1 > >>> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message > >>> news:ff16fb6676fb8cae77e58e6f198@msnews.microsoft.com... > >>>> Hello Paul, > >>>> > >>>> Please post an unedited ipconfig /all from both DC's. > >>>> > >>>> Did you configure the FORWARDERS in the DNS management console > >>>> under the server properties? > >>>> > >>>> Did you move all 5 FSMO roles to the new server? > >>>> > >>>> Did you make the new DC Global catalog server? > >>>> > >>>> Best regards > >>>> > >>>> Meinolf Weber > >>>> Disclaimer: This posting is provided "AS IS" with no warranties, > >>>> and > >>> confers > >>> > >>>> no rights. > >>>> ** Please do NOT email, only reply to Newsgroups > >>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > >>>>> So I have been going through your list. I still have not been able > >>>>> to get rid of any of the original errors that I posted. > >>>>> > >>>>> When I try to Transfer FSMO roles (change operations master, > >>>>> change schema master, etc.) I get the following: "The transfer of > >>>>> the operations master role cannot be performed because the > >>>>> requested FSMO operation failed. The current FSMO holder could not > >>>>> be contacted" > >>>>> > >>>>> As I stated in an earlier post I know that there are DNS issues. > >>>>> 1. From the event logs > >>>>> 2. If I take the old server offline and point a workstation DNS > >>>>> setting to > >>>>> the new server I cant browse. > >>>>> I am sure that all of these issues are related, but not sure how > >>>>> to > >>>>> correct. > >>>>> I have no idea what to do next > >>>>> <Meinolf Weber> wrote in message > >>>>> news:ff16fb6666c48cae132945ad0f4@msnews.microsoft.com... > >>>>>> Hello Paul, > >>>>>> > >>>>>> Check this list for the steps you have done or not, if not do it > >>>>>> now and leave the old DC still up and running during the time: > >>>>>> > >>>>>> - On the old server open DNS management console and check that > >>>>>> you are > >>>>>> > >>>>> running > >>>>> > >>>>>> Active directory integrated zone (easier for replication, if you > >>>>>> have more then one DNS server) > >>>>>> > >>>>>> - run replmon, dcdiag and netdiag on the old machine to check for > >>>>>> errors, if you have some post the complete output from the > >>>>>> command here or solve them first > >>>>>> > >>>>>> - run adprep /forestprep and adprep /domainprep from the 2003 > >>>>>> installation disk against the 2000 server, with an account that > >>>>>> is member of the Schema admins, to upgrade the schema to the new > >>>>>> version > >>>>>> > >>>>>> - Install the new machine as a member server in your existing > >>>>>> domain > >>>>>> > >>>>>> - configure a fixed ip and set the preferred DNS server to the > >>>>>> old DNS > >>>>>> > >>>>> server > >>>>> > >>>>>> only > >>>>>> > >>>>>> - run dcpromo and follow the wizard to add the 2003 server to an > >>>>>> existing domain > >>>>>> > >>>>>> - if you are prompted for DNS configuration choose Yes (also > >>>>>> possible that no DNS preparation occur), then install DNS after > >>>>>> the reboot > >>>>>> > >>>>>> - for DNS give the server time for replication, at least 15 > >>>>>> minutes. > >>>>>> > >>>>> Because > >>>>> > >>>>>> you use Active directory integrated zones it will automatically > >>>>>> replicate the zones to the new server. Open DNS management > >>>>>> console to check that > >>>>>> > >>>>> they > >>>>> > >>>>>> appear > >>>>>> > >>>>>> - if the new machine is domain controller and DNS server run > >>>>>> again > >>>>>> > >>>>> replmon, > >>>>> > >>>>>> dcdiag and netdiag on both domain controllers > >>>>>> > >>>>>> - if you have no errors, make the new server Global catalog > >>>>>> server, open Active directory Sites and Services and then > >>>>>> double-click sitename, > >>>>>> > >>>>> double-click > >>>>> > >>>>>> Servers, click your domain controller, right-click NTDS Settings, > >>>>>> and then click Properties, on the General tab, click to select > >>>>>> the Global catalog check box > >>>>>> (http://support.microsoft.com/?id=313994) > >>>>>> > >>>>>> - Transfer, NOT seize the 5 FSMO roles to the new Domain > >>>>>> controller > >>>>>> > >>>>> (http://support.microsoft.com/kb/324801) > >>>>> > >>>>>> - you can see in the event viewer (Directory service) that the > >>>>>> roles are transferred, also give it some time > >>>>>> > >>>>>> - reconfigure the DNS configuration on your NIC of the 2003 > >>>>>> server, > >>>>>> > >>>>> preferred > >>>>> > >>>>>> DNS itself, secondary the old one > >>>>>> > >>>>>> - if you use DHCP do not forget to reconfigure the scope settings > >>>>>> to point to the new installed DNS server > >>>>>> > >>>>>> - export and import of DHCP database (if needed) > >>>>>> > >>>>> http://support.microsoft.com/kb/325473 > >>>>> > >>>>>> Demoting > >>>>>> > >>>>>> - reconfigure your clients/servers that they not longer point to > >>>>>> the old DC/DNS server on the NIC > >>>>>> > >>>>>> - to be sure that everything runs fine, disconnect the old DC > >>>>>> from the > >>>>>> > >>>>> network > >>>>> > >>>>>> and check with clients and servers the connectivity, logon and > >>>>>> also with one client a restart to see that everything is ok > >>>>>> > >>>>>> - then run dcpromo to demote the old DC, if it works fine the > >>>>>> machine will move from the DC's OU to the computers container, > >>>>>> where you can delete it by hand. Can be that you got an error > >>>>>> during demoting at the beginning, > >>>>>> > >>>>> then > >>>>> > >>>>>> uncheck the Global catalog on that DC and try again > >>>>>> > >>>>>> - check the DNS management console, that all entries from the > >>>>>> machine are disappeared or delete them by hand if the machine is > >>>>>> off the network for > >>>>>> > >>>>> ever > >>>>> > >>>>>> Best regards > >>>>>> > >>>>>> Meinolf Weber > >>>>>> Disclaimer: This posting is provided "AS IS" with no warranties, > >>>>>> and > >>>>> confers > >>>>> > >>>>>> no rights. > >>>>>> ** Please do NOT email, only reply to Newsgroups > >>>>>> ** HELP us help YOU!!! > >>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm > >>>>>>> Thanks for your reply. > >>>>>>> > >>>>>>>> Did you install DNS also on the new server and point all > >>>>>>>> clients to use > >>>>>>>> > >>>>>>> it? > >>>>>>> DNS is installed. After shutting down the old server I changed > >>>>>>> the > >>>>>>> new > >>>>>>> server to the old servers IP and rebooted. > >>>>>>>> Did you configure the FORWARDERS in the DNS management console > >>>>>>>> under the server properties? > >>>>>>>> > >>>>>>> I dont think so. I just "poked" around in the DNS console and > >>>>>>> cant > >>>>>>> even find > >>>>>>> these settings. > >>>>>>> Is there a (easy) way to export the entire DNS setup from the > >>>>>>> old > >>>>>>> server? > >>>>>>>> Did you move all 5 FSMO roles to the new server? > >>>>>>>> > >>>>>>> I dont know what this means, so probably not. > >>>>>>> > >>>>>>>> Did you make the new DC Global catalog server? > >>>>>>>> > >>>>>>> Yes > >>>>>>> > >>>>>>> help... I'm over my head > >>>>>>> > >>>>>>> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message > >>>>>>> news:ff16fb6666398cae0e32ae8ece8@msnews.microsoft.com... > >>>>>>> > >>>>>>>> Hello Paul, > >>>>>>>> > >>>>>>>> Did you install DNS also on the new server and point all > >>>>>>>> clients to use > >>>>>>>> > >>>>>>> it? > >>>>>>> > >>>>>>>> Did you configure the FORWARDERS in the DNS management console > >>>>>>>> under the server properties? > >>>>>>>> > >>>>>>>> Did you move all 5 FSMO roles to the new server? > >>>>>>>> > >>>>>>>> Did you make the new DC Global catalog server? > >>>>>>>> > >>>>>>>> Best regards > >>>>>>>> > >>>>>>>> Meinolf Weber > >>>>>>>> Disclaimer: This posting is provided "AS IS" with no > >>>>>>>> warranties, > >>>>>>>> and > >>>>>>> confers > >>>>>>> > >>>>>>>> no rights. > >>>>>>>> ** Please do NOT email, only reply to Newsgroups > >>>>>>>> ** HELP us help YOU!!! > >>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm > >>>>>>>>> I am trying to migrate from an old W2K3 Active Directory > >>>>>>>>> domain controller to a new one. Eventually I want to remove > >>>>>>>>> the old server from the network. I have never done this before > >>>>>>>>> and it is a little bit out of my league so I Googled, read > >>>>>>>>> and hopefully followed several articles that I found, but am > >>>>>>>>> still getting some errors logged. > >>>>>>>>> > >>>>>>>>> The list of AD users, computers etc replicated over to the new > >>>>>>>>> server, but when I turn off the old one no one can log in and > >>>>>>>>> there is no Internet access. I think both of these problems > >>>>>>>>> are due to DNS (which I really understand about 1% of). There > >>>>>>>>> are no errors in the DNS log though (just info that the > >>>>>>>>> service started). > >>>>>>>>> > >>>>>>>>> Most of the computers have fixed IPs so DHCP isn't really an > >>>>>>>>> issue, but the DHCP service is also failing. > >>>>>>>>> > >>>>>>>>> I'm hoping from the log files someone can give me some > >>>>>>>>> specific things to try as opposed to links to articles that > >>>>>>>>> are above my understanding. > >>>>>>>>> > >>>>>>>>> Your help is much appreciated. > >>>>>>>>> > >>>>>>>>> System Log: > >>>>>>>>> > >>>>>>>>> Event ID 1059 > >>>>>>>>> The DHCP service failed to see a directory server for > >>>>>>>>> authorization. > >>>>>>>>> Directory Service Log: > >>>>>>>>> Event ID 2088 > >>>>>>>>> Active Directory could not use DNS to resolve the IP address > >>>>>>>>> of > >>>>>>>>> the > >>>>>>>>> source > >>>>>>>>> domain controller listed below. To maintain the consistency of > >>>>>>>>> Security > >>>>>>>>> groups, group policy, users and computers and their passwords, > >>>>>>>>> Active > >>>>>>>>> Directory successfully replicated using the NetBIOS or fully > >>>>>>>>> qualified > >>>>>>>>> computer name of the source domain controller. > >>>>>>>>> Invalid DNS configuration may be affecting other essential > >>>>>>>>> operations > >>>>>>>>> on > >>>>>>>>> member computers, domain controllers or application servers in > >>>>>>>>> this > >>>>>>>>> Active > >>>>>>>>> Directory forest, including logon authentication or access to > >>>>>>>>> network > >>>>>>>>> resources. > >>>>>>>>> (I cut out the rest of the error, let me know if it would be > >>>>>>>>> helpful > >>>>>>>>> to post > >>>>>>>>> the entire message) > >>>>>>>>> Event ID 1586 > >>>>>>>>> The Windows NT 4.0 or earlier replication checkpoint with the > >>>>>>>>> PDC > >>>>>>>>> emulator > >>>>>>>>> master was unsuccessful. > >>>>>>>>> A full synchronization of the security accounts manager (SAM) > >>>>>>>>> database > >>>>>>>>> to domain controllers running Windows NT 4.0 and earlier might > >>>>>>>>> take > >>>>>>>>> place if the PDC emulator master role is transferred to the > >>>>>>>>> local > >>>>>>>>> domain controller before the next successful checkpoint. > >>>>>>>>> Application Log: > >>>>>>>>> Event ID5 3258 > >>>>>>>>> MS DTC could not correctly process a DC Promotion/Demotion > >>>>>>>>> event. > >>>>>>>>> MS > >>>>>>>>> DTC > >>>>>>>>> will continue to function and will use the existing security > >>>>>>>>> settings. > >>>>>>>>> Error > >>>>>>>>> Specifics: %1 > >>>>>>>>> Event ID 53258 > >>>>>>>>> MS DTC could not correctly process a DC Promotion/Demotion > >>>>>>>>> event. > >>>>>>>>> MS > >>>>>>>>> DTC > >>>>>>>>> will continue to function and will use the existing security > >>>>>>>>> settings. > >>>>>>>>> Error > >>>>>>>>> Specifics: d:\nt\com\complus\dtc\dtc\adme\uiname.cpp:9351, > >>>>>>>>> Pid: > >>>>>>>>> 1160 > >>>>>>>>> No Callstack, CmdLine: C:\WINDOWS\system32\msdtc.exe > >
Guest Meinolf Weber Posted September 20, 2008 Posted September 20, 2008 Re: Problems migrating AD PDC Hello Paul, Before going on with removing the old server, you have to make sure everything is working correctly. If you think all is fine, i would clear all event logs and run dcdiag /v, netdiag /v and repadmin /showrepl Save the output to a file, let the DC's run 2/3 days and run the tools again. Check then also the event viewer for errors. Also i would create test users/groups/OU's and andworkstations in the domain and check that they are replicated to the other DC. If everything is fine and no errors especially for the replication and DNS i would start with the change/removal of the old machine. Demoting the old DC - in non working time from the users, change the ip from the old DC to a free one and reboot it. Check in DNS on both DNS servers that is registered again with the new address. Then change the ip of the new DC and also reboot and check DNS on both servers. Give some time for replication of the addresses in DNS. - run ipconfig /flushdns on a workstation and ping both DC's with the new addresses, computer names and FQDN to be sure all answers are correct. - to be sure that everything runs fine, disconnect the old DC from the network and check with clients and servers the connectivity, logon and also with one client a restart to see that everything is ok, maybe 2 working days after you made yourself a test before the users are back for work, so you are sure nothing is different for the users accessing there resources. Reconnect after this test the old DC - then run dcpromo to demote the old DC, if it works fine the machine will move from the DC's OU to the computers container, where you can delete it by hand. Can be that you got an error during demoting at the beginning, then uncheck the Global catalog on that DC and try again - check the DNS management console, that all entries from the machine are disappeared or delete them by hand if the machine is off the network for ever - also you have to start AD sites and services and delete the old servername under the site, this will not be done during promotion Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > Again, Thank you so much for all of your help. I am not sure what I > did but I successfully was able to transfer the 5 FSMO roles. > Hopefully over the weekend I will shut down the old server and see > what happens to the rest of the network. > > One last question: If everything is OK after shutting down the old > server can I change the IP of the new server to the address of the old > one or will that mess up things in DNS? > > "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message > news:ff16fb66793a8cae8568972de15@msnews.microsoft.com... > >> Hello Jack, >> >> What kind of DNS zones are you using, AD integrated? Chekc that both >> > server > >> registered in the zones. Do you have also a Reverse lookup zone? >> >> Do you have no SP1 or SP2 on the 2003 installed? >> >> The NIC test on server 1 creates an error in netdiag output, make >> sure the >> drivers are up to date and also the NIC itself is correct built in. >> GetStats failed for 'Intel® PRO/1000 XT Network Connection'. >> [ERROR_INVALI >> D_FUNCTION] >> [FATAL] - None of the netcard drivers provided satisfactory results. >> Change the ip settings in new-server to: >> Host Name. . . . . . . . . : new-server >> IP Address . . . . . . . . : 192.168.0.185 >> Subnet Mask. . . . . . . . : 255.255.255.0 >> Default Gateway. . . . . . : 192.168.0.254 >> Dns Servers. . . . . . . . : 192.168.0.185 >> 192.168.0.1 >> Best regards >> >> Meinolf Weber >> Disclaimer: This posting is provided "AS IS" with no warranties, and > confers > >> no rights. >> ** Please do NOT email, only reply to Newsgroups >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm >>> I really appreciate all your help. Here are the outputs: >>> >>> Server1 is Old Server >>> New-Server is new server >>> netdom query fsmo: >>> Schema owner SERVER1.ars.local >>> Domain role owner SERVER1.ars.local >>> PDC role new-server.ars.local >>> >>> RID pool manager SERVER1.ars.local >>> >>> Infrastructure owner SERVER1.ars.local >>> >>> The command completed successfully. >>> >>> repadmin running command /showrepl against server localhost >>> >>> Default-First-Site-Name\NEW-SERVER >>> DC Options: IS_GC >>> Site Options: (none) >>> DC object GUID: bbd5e31c-ceaf-4c89-bbaf-be1245dbf679 >>> DC invocationID: 56399df1-ebe1-4dd1-817a-fb046fcab5b8 >>> ==== INBOUND NEIGHBORS ====================================== >>> DC=ars,DC=local >>> Default-First-Site-Name\SERVER1 via RPC >>> DC object GUID: c834486a-c689-4f82-a4ec-85e81937e0f7 >>> Last attempt @ 2008-09-18 20:58:20 was successful. >>> CN=Configuration,DC=ars,DC=local >>> Default-First-Site-Name\SERVER1 via RPC >>> DC object GUID: c834486a-c689-4f82-a4ec-85e81937e0f7 >>> Last attempt @ 2008-09-18 21:33:32 was successful. >>> CN=Schema,CN=Configuration,DC=ars,DC=local >>> Default-First-Site-Name\SERVER1 via RPC >>> DC object GUID: c834486a-c689-4f82-a4ec-85e81937e0f7 >>> Last attempt @ 2008-09-18 20:58:20 was successful. >>> DC=ForestDnsZones,DC=ars,DC=local >>> Default-First-Site-Name\SERVER1 via RPC >>> DC object GUID: c834486a-c689-4f82-a4ec-85e81937e0f7 >>> Last attempt @ 2008-09-18 20:58:20 was successful. >>> DC=DomainDnsZones,DC=ars,DC=local >>> Default-First-Site-Name\SERVER1 via RPC >>> DC object GUID: c834486a-c689-4f82-a4ec-85e81937e0f7 >>> Last attempt @ 2008-09-18 21:29:30 was successful. >>> **************************************************************** >>> DCDIAG on new server: >>> >>> Domain Controller Diagnosis >>> >>> Performing initial setup: >>> Done gathering initial info. >>> Doing initial required tests >>> Testing server: Default-First-Site-Name\NEW-SERVER >>> Starting test: Connectivity >>> ......................... NEW-SERVER passed test Connectivity >>> Doing primary tests >>> Testing server: Default-First-Site-Name\NEW-SERVER >>> Starting test: Replications >>> [sERVER1] DsBindWithSpnEx() failed with error 1722, >>> The RPC server is unavailable.. >>> ......................... NEW-SERVER passed test Replications >>> Starting test: NCSecDesc >>> ......................... NEW-SERVER passed test NCSecDesc >>> Starting test: NetLogons >>> ......................... NEW-SERVER passed test NetLogons >>> Starting test: Advertising >>> ......................... NEW-SERVER passed test Advertising >>> Starting test: KnowsOfRoleHolders >>> Warning: SERVER1 is the Schema Owner, but is not responding >>> to DS >>> RPC B >>> ind. >>> [sERVER1] LDAP search failed with error 58, >>> The specified server cannot perform the requested operation.. >>> Warning: SERVER1 is the Schema Owner, but is not responding >>> to LDAP >>> Bin >>> d. >>> Warning: SERVER1 is the Domain Owner, but is not responding >>> to DS >>> RPC B >>> ind. >>> Warning: SERVER1 is the Domain Owner, but is not responding >>> to LDAP >>> Bin >>> d. >>> Warning: SERVER1 is the Rid Owner, but is not responding to >>> DS RPC >>> Bind >>> . >>> Warning: SERVER1 is the Rid Owner, but is not responding to >>> LDAP >>> Bind. >>> Warning: SERVER1 is the Infrastructure Update Owner, but is >>> not >>> respond >>> ing to DS RPC Bind. >>> Warning: SERVER1 is the Infrastructure Update Owner, but is >>> not >>> respond >>> ing to LDAP Bind. >>> ......................... NEW-SERVER failed test >>> KnowsOfRoleHolders >>> Starting test: RidManager >>> ......................... NEW-SERVER failed test RidManager >>> Starting test: MachineAccount >>> ......................... NEW-SERVER passed test >>> MachineAccount >>> Starting test: Services >>> ......................... NEW-SERVER passed test Services >>> Starting test: ObjectsReplicated >>> ......................... NEW-SERVER passed test >>> ObjectsReplicated >>> Starting test: frssysvol >>> ......................... NEW-SERVER passed test frssysvol >>> Starting test: frsevent >>> ......................... NEW-SERVER passed test frsevent >>> Starting test: kccevent >>> ......................... NEW-SERVER passed test kccevent >>> Starting test: systemlog >>> An Error Event occured. EventID: 0xC00010E1 >>> Time Generated: 09/18/2008 20:58:22 >>> (Event String could not be retrieved) >>> An Error Event occured. EventID: 0x0000166D >>> Time Generated: 09/18/2008 20:58:22 >>> Event String: Netlogon could not register the ARS<1B> name >>> An Error Event occured. EventID: 0xC00010E1 >>> Time Generated: 09/18/2008 21:13:22 >>> (Event String could not be retrieved) >>> An Error Event occured. EventID: 0xC00010E1 >>> Time Generated: 09/18/2008 21:28:22 >>> (Event String could not be retrieved) >>> An Error Event occured. EventID: 0xC00010E1 >>> Time Generated: 09/18/2008 21:43:22 >>> (Event String could not be retrieved) >>> ......................... NEW-SERVER failed test systemlog >>> Starting test: VerifyReferences >>> ......................... NEW-SERVER passed test >>> VerifyReferences >>> Running partition tests on : DomainDnsZones >>> Starting test: CrossRefValidation >>> ......................... DomainDnsZones passed test >>> CrossRefValidation >>> Starting test: CheckSDRefDom >>> ......................... DomainDnsZones passed test >>> CheckSDRefDom >>> Running partition tests on : ForestDnsZones >>> Starting test: CrossRefValidation >>> ......................... ForestDnsZones passed test >>> CrossRefValidation >>> Starting test: CheckSDRefDom >>> ......................... ForestDnsZones passed test >>> CheckSDRefDom >>> Running partition tests on : Schema >>> Starting test: CrossRefValidation >>> ......................... Schema passed test >>> CrossRefValidation >>> Starting test: CheckSDRefDom >>> ......................... Schema passed test CheckSDRefDom >>> Running partition tests on : Configuration >>> Starting test: CrossRefValidation >>> ......................... Configuration passed test >>> CrossRefValidation >>> Starting test: CheckSDRefDom >>> ......................... Configuration passed test >>> CheckSDRefDom >>> Running partition tests on : ARS >>> Starting test: CrossRefValidation >>> ......................... ARS passed test CrossRefValidation >>> Starting test: CheckSDRefDom >>> ......................... ARS passed test CheckSDRefDom >>> Running enterprise tests on : ARS.local >>> Starting test: Intersite >>> ......................... ARS.local passed test Intersite >>> Starting test: FsmoCheck >>> Error: The server returned by DsGetDcName() did not match >>> DsListRoles() >>> for the PDC >>> ......................... ARS.local passed test FsmoCheck >>> ******************************************************************** >>> ** >>> DCDIAG on Old Server: >>> >>> Domain Controller Diagnosis >>> >>> Performing initial setup: >>> Done gathering initial info. >>> Doing initial required tests >>> Testing server: Default-First-Site-Name\SERVER1 >>> Starting test: Connectivity >>> The host >>> c834486a-c689-4f82-a4ec-85e81937e0f7._msdcs.ars.local coul >>> d not be resolved to an >>> IP address. Check the DNS server, DHCP, server name, etc >>> Although the Guid DNS name >>> (c834486a-c689-4f82-a4ec-85e81937e0f7._msdcs.ars.local) >>> couldn't >>> be resolved, the server name (SERVER1.ars.local) resolved to >>> the >>> IP address (192.168.0.1) and was pingable. Check that the IP >>> address >>> is registered correctly with the DNS server. >>> ......................... SERVER1 failed test Connectivity >>> Doing primary tests >>> Testing server: Default-First-Site-Name\SERVER1 >>> Skipping all tests, because server SERVER1 is >>> not responding to directory service requests >>> Running partition tests on : ForestDnsZones >>> Starting test: CrossRefValidation >>> ......................... ForestDnsZones passed test >>> CrossRefValidation >>> Starting test: CheckSDRefDom >>> ......................... ForestDnsZones passed test >>> CheckSDRefDom >>> Running partition tests on : DomainDnsZones >>> Starting test: CrossRefValidation >>> ......................... DomainDnsZones passed test >>> CrossRefValidation >>> Starting test: CheckSDRefDom >>> ......................... DomainDnsZones passed test >>> CheckSDRefDom >>> Running partition tests on : Schema >>> Starting test: CrossRefValidation >>> ......................... Schema passed test >>> CrossRefValidation >>> Starting test: CheckSDRefDom >>> ......................... Schema passed test CheckSDRefDom >>> Running partition tests on : Configuration >>> Starting test: CrossRefValidation >>> ......................... Configuration passed test >>> CrossRefValidation >>> Starting test: CheckSDRefDom >>> ......................... Configuration passed test >>> CheckSDRefDom >>> Running partition tests on : ars >>> Starting test: CrossRefValidation >>> ......................... ars passed test CrossRefValidation >>> Starting test: CheckSDRefDom >>> ......................... ars passed test CheckSDRefDom >>> Running enterprise tests on : ars.local >>> Starting test: Intersite >>> ......................... ars.local passed test Intersite >>> Starting test: FsmoCheck >>> Error: The server returned by DsGetDcName() did not match >>> DsListRoles() >>> for the PDC >>> ......................... ars.local passed test FsmoCheck >>> ******************************************************************** >>> ** >>> ** >>> NETDIAG ON NEW SERVER: >>> >>> Computer Name: NEW-SERVER >>> DNS Host Name: new-server.ars.local >>> System info : Microsoft Windows Server 2003 (Build 3790) >>> Processor : x86 Family 6 Model 15 Stepping 13, GenuineIntel >>> List of installed hotfixes : >>> Q147222 >>> Netcard queries test . . . . . . . : Passed >>> Per interface results: >>> >>> Adapter : Local Area Connection >>> >>> Netcard queries test . . . : Passed >>> >>> Host Name. . . . . . . . . : new-server >>> IP Address . . . . . . . . : 192.168.0.185 >>> Subnet Mask. . . . . . . . : 255.255.255.0 >>> Default Gateway. . . . . . : 192.168.0.254 >>> Dns Servers. . . . . . . . : 192.168.0.1 >>> 192.168.0.185 >>> AutoConfiguration results. . . . . . : Passed >>> Default gateway test . . . : Passed >>> >>> NetBT name test. . . . . . : Passed >>> [WARNING] At least one of the <00> 'WorkStation Service', <03> >>> 'Messenge >>> r Service', <20> 'WINS' names is missing. >>> WINS service test. . . . . : Skipped >>> There are no WINS servers configured for this interface. >>> Global results: >>> Domain membership test . . . . . . : Passed >>> >>> NetBT transports test. . . . . . . : Passed >>> List of NetBt transports currently configured: >>> NetBT_Tcpip_{1564DF95-1390-4C84-8E00-D154F9AED25D} >>> 1 NetBt transport currently configured. >>> Autonet address test . . . . . . . : Passed >>> IP loopback ping test. . . . . . . : Passed >>> >>> Default gateway test . . . . . . . : Passed >>> >>> NetBT name test. . . . . . . . . . : Passed >>> [WARNING] You don't have a single interface with the <00> >>> 'WorkStation >>> Servi >>> ce', <03> 'Messenger Service', <20> 'WINS' names defined. >>> Winsock test . . . . . . . . . . . : Passed >>> >>> DNS test . . . . . . . . . . . . . : Failed >>> [WARNING] The DNS entries for this DC are not registered correctly >>> on >>> DNS se >>> rver '192.168.0.1'. Please wait for 30 minutes for DNS server >>> replication. >>> [WARNING] The DNS entries for this DC are not registered correctly >>> on >>> DNS se >>> rver '192.168.0.185'. Please wait for 30 minutes for DNS server >>> replication. >>> [FATAL] No DNS servers have the DNS records for this DC >>> registered. >>> Redir and Browser test . . . . . . : Passed >>> List of NetBt transports currently bound to the Redir >>> NetBT_Tcpip_{1564DF95-1390-4C84-8E00-D154F9AED25D} >>> The redir is bound to 1 NetBt transport. >>> List of NetBt transports currently bound to the browser >>> NetBT_Tcpip_{1564DF95-1390-4C84-8E00-D154F9AED25D} >>> The browser is bound to 1 NetBt transport. >>> DC discovery test. . . . . . . . . : Passed >>> DC list test . . . . . . . . . . . : Passed >>> >>> Trust relationship test. . . . . . : Skipped >>> >>> Kerberos test. . . . . . . . . . . : Passed >>> >>> LDAP test. . . . . . . . . . . . . : Passed >>> >>> Bindings test. . . . . . . . . . . : Passed >>> >>> WAN configuration test . . . . . . : Skipped >>> No active remote access connections. >>> Modem diagnostics test . . . . . . : Passed >>> IP Security test . . . . . . . . . : Skipped >>> >>> Note: run "netsh ipsec dynamic show /?" for more detailed >>> information >>> >>> ******************************************************************** >>> ** ****** ** >>> >>> NETDIAG ON OLD SERVER: >>> >>> Computer Name: SERVER1 >>> DNS Host Name: SERVER1.ars.local >>> System info : Microsoft Windows Server 2003 (Build 3790) >>> Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel >>> Netcard queries test . . . . . . . : Failed >>> GetStats failed for 'Intel® PRO/1000 XT Network Connection'. >>> [ERROR_INVALI >>> D_FUNCTION] >>> [FATAL] - None of the netcard drivers provided satisfactory >>> results. >>> Per interface results: >>> Adapter : Local Area Connection >>> >>> Netcard queries test . . . : Failed >>> NetCard Status: UNKNOWN >>> Host Name. . . . . . . . . : SERVER1 >>> IP Address . . . . . . . . : 192.168.0.1 >>> Subnet Mask. . . . . . . . : 255.255.255.0 >>> Default Gateway. . . . . . : 192.168.0.254 >>> Dns Servers. . . . . . . . : 192.168.0.1 >>> 192.168.0.185 >>> AutoConfiguration results. . . . . . : Passed >>> Default gateway test . . . : Passed >>> >>> NetBT name test. . . . . . : Passed >>> [WARNING] At least one of the <00> 'WorkStation Service', <03> >>> 'Messenge >>> r Service', <20> 'WINS' names is missing. >>> No remote names have been found. >>> WINS service test. . . . . : Skipped >>> There are no WINS servers configured for this interface. >>> Global results: >>> Domain membership test . . . . . . : Passed >>> >>> NetBT transports test. . . . . . . : Passed >>> List of NetBt transports currently configured: >>> NetBT_Tcpip_{E4FF46BE-FF6F-4E97-8825-A3B494203996} >>> 1 NetBt transport currently configured. >>> Autonet address test . . . . . . . : Passed >>> IP loopback ping test. . . . . . . : Passed >>> >>> Default gateway test . . . . . . . : Passed >>> >>> NetBT name test. . . . . . . . . . : Passed >>> [WARNING] You don't have a single interface with the <00> >>> 'WorkStation >>> Servi >>> ce', <03> 'Messenger Service', <20> 'WINS' names defined. >>> Winsock test . . . . . . . . . . . : Passed >>> >>> DNS test . . . . . . . . . . . . . : Failed >>> [WARNING] The DNS entries for this DC are not registered correctly >>> on >>> DNS se >>> rver '192.168.0.1'. Please wait for 30 minutes for DNS server >>> replication. >>> [WARNING] The DNS entries for this DC are not registered correctly >>> on >>> DNS se >>> rver '192.168.0.185'. Please wait for 30 minutes for DNS server >>> replication. >>> [FATAL] No DNS servers have the DNS records for this DC >>> registered. >>> Redir and Browser test . . . . . . : Passed >>> List of NetBt transports currently bound to the Redir >>> NetBT_Tcpip_{E4FF46BE-FF6F-4E97-8825-A3B494203996} >>> The redir is bound to 1 NetBt transport. >>> List of NetBt transports currently bound to the browser >>> NetBT_Tcpip_{E4FF46BE-FF6F-4E97-8825-A3B494203996} >>> The browser is bound to 1 NetBt transport. >>> DC discovery test. . . . . . . . . : Passed >>> DC list test . . . . . . . . . . . : Passed >>> >>> Trust relationship test. . . . . . : Skipped >>> >>> Kerberos test. . . . . . . . . . . : Passed >>> >>> LDAP test. . . . . . . . . . . . . : Passed >>> >>> Bindings test. . . . . . . . . . . : Passed >>> >>> WAN configuration test . . . . . . : Skipped >>> No active remote access connections. >>> Modem diagnostics test . . . . . . : Passed >>> IP Security test . . . . . . . . . : Skipped >>> >>> ******************************************************************** >>> ** **** >>> >>> Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message >>> news:ff16fb6678608cae7efe2fb2d9d@msnews.microsoft.com... >>> >>>> Hello Paul, >>>> >>>> For the DNS settings choose also the other DC as secondary on the >>>> NIC. >>>> >>> Also >>> >>>> post the output in command window from "netdom query fsmo" without >>>> the >>>> >>> quotes. >>> >>>> Then run repadmin /showrepl and post the output also. Run dcdiag >>>> and >>>> >>> netdiag >>> >>>> on both DC's and if you get errors post also the complete output. >>>> >>>> Best regards >>>> >>>> Meinolf Weber >>>> Disclaimer: This posting is provided "AS IS" with no warranties, >>>> and >>> confers >>> >>>> no rights. >>>> ** Please do NOT email, only reply to Newsgroups >>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm >>>>>> Did you configure the FORWARDERS in the DNS management console >>>>>> under the server properties? >>>>>> >>>>> Yes. I deleted the DNS forwarders and re-entered them. I am now >>>>> able to browse if I point the new serve to itself as the DNS >>>>> server. I think this part is fixed. Thanks for pointing me in the >>>>> right direction on this :-) :-) (or what ever a super happy face >>>>> is!) >>>>> >>>>>> Did you move all 5 FSMO roles to the new server? >>>>>> >>>>> No, when I try I get "The transfer of the operations master role >>>>> cannot be >>>>> performed because the requested FSMO >>>>> operation failed. The current FSMO holder could not be contacted" >>>>>> Did you make the new DC Global catalog server? >>>>>> >>>>> Yes >>>>> >>>>> Old Server: >>>>> Windows IP Configuration >>>>> Host Name . . . . . . . . . . . . : SERVER1 >>>>> Primary Dns Suffix . . . . . . . : ars.local >>>>> Node Type . . . . . . . . . . . . : Unknown >>>>> IP Routing Enabled. . . . . . . . : Yes >>>>> WINS Proxy Enabled. . . . . . . . : Yes >>>>> DNS Suffix Search List. . . . . . : ars.local >>>>> Ethernet adapter Local Area Connection: >>>>> Connection-specific DNS Suffix . : >>>>> Description . . . . . . . . . . . : Intel® PRO/1000 XT Network >>>>> Connection >>>>> Physical Address. . . . . . . . . : 00-0D-56-FD-47-D9 >>>>> DHCP Enabled. . . . . . . . . . . : No >>>>> IP Address. . . . . . . . . . . . : 192.168.0.1 >>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0 >>>>> Default Gateway . . . . . . . . . : 192.168.0.254 >>>>> DNS Servers . . . . . . . . . . . : 192.168.0.1 >>>>> New Server: >>>>> Windows IP Configuration >>>>> Host Name . . . . . . . . . . . . : new-server >>>>> Primary Dns Suffix . . . . . . . : ars.local >>>>> Node Type . . . . . . . . . . . . : Unknown >>>>> IP Routing Enabled. . . . . . . . : No >>>>> WINS Proxy Enabled. . . . . . . . : No >>>>> DNS Suffix Search List. . . . . . : ars.local >>>>> Ethernet adapter Local Area Connection: >>>>> Connection-specific DNS Suffix . : >>>>> Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit >>>>> Ethernet >>>>> Physical Address. . . . . . . . . : 00-1D-09-FF-97-24 >>>>> DHCP Enabled. . . . . . . . . . . : No >>>>> IP Address. . . . . . . . . . . . : 192.168.0.185 >>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0 >>>>> Default Gateway . . . . . . . . . : 192.168.0.254 >>>>> DNS Servers . . . . . . . . . . . : 192.168.0.1 >>>>> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message >>>>> news:ff16fb6676fb8cae77e58e6f198@msnews.microsoft.com... >>>>>> Hello Paul, >>>>>> >>>>>> Please post an unedited ipconfig /all from both DC's. >>>>>> >>>>>> Did you configure the FORWARDERS in the DNS management console >>>>>> under the server properties? >>>>>> >>>>>> Did you move all 5 FSMO roles to the new server? >>>>>> >>>>>> Did you make the new DC Global catalog server? >>>>>> >>>>>> Best regards >>>>>> >>>>>> Meinolf Weber >>>>>> Disclaimer: This posting is provided "AS IS" with no warranties, >>>>>> and >>>>> confers >>>>> >>>>>> no rights. >>>>>> ** Please do NOT email, only reply to Newsgroups >>>>>> ** HELP us help YOU!!! >>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm >>>>>>> So I have been going through your list. I still have not been >>>>>>> able to get rid of any of the original errors that I posted. >>>>>>> >>>>>>> When I try to Transfer FSMO roles (change operations master, >>>>>>> change schema master, etc.) I get the following: "The transfer >>>>>>> of the operations master role cannot be performed because the >>>>>>> requested FSMO operation failed. The current FSMO holder could >>>>>>> not be contacted" >>>>>>> >>>>>>> As I stated in an earlier post I know that there are DNS issues. >>>>>>> 1. From the event logs >>>>>>> 2. If I take the old server offline and point a workstation DNS >>>>>>> setting to >>>>>>> the new server I cant browse. >>>>>>> I am sure that all of these issues are related, but not sure how >>>>>>> to >>>>>>> correct. >>>>>>> I have no idea what to do next >>>>>>> <Meinolf Weber> wrote in message >>>>>>> news:ff16fb6666c48cae132945ad0f4@msnews.microsoft.com... >>>>>>>> Hello Paul, >>>>>>>> >>>>>>>> Check this list for the steps you have done or not, if not do >>>>>>>> it now and leave the old DC still up and running during the >>>>>>>> time: >>>>>>>> >>>>>>>> - On the old server open DNS management console and check that >>>>>>>> you are >>>>>>>> >>>>>>> running >>>>>>> >>>>>>>> Active directory integrated zone (easier for replication, if >>>>>>>> you have more then one DNS server) >>>>>>>> >>>>>>>> - run replmon, dcdiag and netdiag on the old machine to check >>>>>>>> for errors, if you have some post the complete output from the >>>>>>>> command here or solve them first >>>>>>>> >>>>>>>> - run adprep /forestprep and adprep /domainprep from the 2003 >>>>>>>> installation disk against the 2000 server, with an account that >>>>>>>> is member of the Schema admins, to upgrade the schema to the >>>>>>>> new version >>>>>>>> >>>>>>>> - Install the new machine as a member server in your existing >>>>>>>> domain >>>>>>>> >>>>>>>> - configure a fixed ip and set the preferred DNS server to the >>>>>>>> old DNS >>>>>>>> >>>>>>> server >>>>>>> >>>>>>>> only >>>>>>>> >>>>>>>> - run dcpromo and follow the wizard to add the 2003 server to >>>>>>>> an existing domain >>>>>>>> >>>>>>>> - if you are prompted for DNS configuration choose Yes (also >>>>>>>> possible that no DNS preparation occur), then install DNS after >>>>>>>> the reboot >>>>>>>> >>>>>>>> - for DNS give the server time for replication, at least 15 >>>>>>>> minutes. >>>>>>>> >>>>>>> Because >>>>>>> >>>>>>>> you use Active directory integrated zones it will automatically >>>>>>>> replicate the zones to the new server. Open DNS management >>>>>>>> console to check that >>>>>>>> >>>>>>> they >>>>>>> >>>>>>>> appear >>>>>>>> >>>>>>>> - if the new machine is domain controller and DNS server run >>>>>>>> again >>>>>>>> >>>>>>> replmon, >>>>>>> >>>>>>>> dcdiag and netdiag on both domain controllers >>>>>>>> >>>>>>>> - if you have no errors, make the new server Global catalog >>>>>>>> server, open Active directory Sites and Services and then >>>>>>>> double-click sitename, >>>>>>>> >>>>>>> double-click >>>>>>> >>>>>>>> Servers, click your domain controller, right-click NTDS >>>>>>>> Settings, and then click Properties, on the General tab, click >>>>>>>> to select the Global catalog check box >>>>>>>> (http://support.microsoft.com/?id=313994) >>>>>>>> >>>>>>>> - Transfer, NOT seize the 5 FSMO roles to the new Domain >>>>>>>> controller >>>>>>>> >>>>>>> (http://support.microsoft.com/kb/324801) >>>>>>> >>>>>>>> - you can see in the event viewer (Directory service) that the >>>>>>>> roles are transferred, also give it some time >>>>>>>> >>>>>>>> - reconfigure the DNS configuration on your NIC of the 2003 >>>>>>>> server, >>>>>>>> >>>>>>> preferred >>>>>>> >>>>>>>> DNS itself, secondary the old one >>>>>>>> >>>>>>>> - if you use DHCP do not forget to reconfigure the scope >>>>>>>> settings to point to the new installed DNS server >>>>>>>> >>>>>>>> - export and import of DHCP database (if needed) >>>>>>>> >>>>>>> http://support.microsoft.com/kb/325473 >>>>>>> >>>>>>>> Demoting >>>>>>>> >>>>>>>> - reconfigure your clients/servers that they not longer point >>>>>>>> to the old DC/DNS server on the NIC >>>>>>>> >>>>>>>> - to be sure that everything runs fine, disconnect the old DC >>>>>>>> from the >>>>>>>> >>>>>>> network >>>>>>> >>>>>>>> and check with clients and servers the connectivity, logon and >>>>>>>> also with one client a restart to see that everything is ok >>>>>>>> >>>>>>>> - then run dcpromo to demote the old DC, if it works fine the >>>>>>>> machine will move from the DC's OU to the computers container, >>>>>>>> where you can delete it by hand. Can be that you got an error >>>>>>>> during demoting at the beginning, >>>>>>>> >>>>>>> then >>>>>>> >>>>>>>> uncheck the Global catalog on that DC and try again >>>>>>>> >>>>>>>> - check the DNS management console, that all entries from the >>>>>>>> machine are disappeared or delete them by hand if the machine >>>>>>>> is off the network for >>>>>>>> >>>>>>> ever >>>>>>> >>>>>>>> Best regards >>>>>>>> >>>>>>>> Meinolf Weber >>>>>>>> Disclaimer: This posting is provided "AS IS" with no >>>>>>>> warranties, >>>>>>>> and >>>>>>> confers >>>>>>> >>>>>>>> no rights. >>>>>>>> ** Please do NOT email, only reply to Newsgroups >>>>>>>> ** HELP us help YOU!!! >>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm >>>>>>>>> Thanks for your reply. >>>>>>>>> >>>>>>>>>> Did you install DNS also on the new server and point all >>>>>>>>>> clients to use >>>>>>>>>> >>>>>>>>> it? >>>>>>>>> DNS is installed. After shutting down the old server I changed >>>>>>>>> the >>>>>>>>> new >>>>>>>>> server to the old servers IP and rebooted. >>>>>>>>>> Did you configure the FORWARDERS in the DNS management >>>>>>>>>> console under the server properties? >>>>>>>>>> >>>>>>>>> I dont think so. I just "poked" around in the DNS console and >>>>>>>>> cant >>>>>>>>> even find >>>>>>>>> these settings. >>>>>>>>> Is there a (easy) way to export the entire DNS setup from the >>>>>>>>> old >>>>>>>>> server? >>>>>>>>>> Did you move all 5 FSMO roles to the new server? >>>>>>>>>> >>>>>>>>> I dont know what this means, so probably not. >>>>>>>>> >>>>>>>>>> Did you make the new DC Global catalog server? >>>>>>>>>> >>>>>>>>> Yes >>>>>>>>> >>>>>>>>> help... I'm over my head >>>>>>>>> >>>>>>>>> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message >>>>>>>>> news:ff16fb6666398cae0e32ae8ece8@msnews.microsoft.com... >>>>>>>>> >>>>>>>>>> Hello Paul, >>>>>>>>>> >>>>>>>>>> Did you install DNS also on the new server and point all >>>>>>>>>> clients to use >>>>>>>>>> >>>>>>>>> it? >>>>>>>>> >>>>>>>>>> Did you configure the FORWARDERS in the DNS management >>>>>>>>>> console under the server properties? >>>>>>>>>> >>>>>>>>>> Did you move all 5 FSMO roles to the new server? >>>>>>>>>> >>>>>>>>>> Did you make the new DC Global catalog server? >>>>>>>>>> >>>>>>>>>> Best regards >>>>>>>>>> >>>>>>>>>> Meinolf Weber >>>>>>>>>> Disclaimer: This posting is provided "AS IS" with no >>>>>>>>>> warranties, >>>>>>>>>> and >>>>>>>>> confers >>>>>>>>> >>>>>>>>>> no rights. >>>>>>>>>> ** Please do NOT email, only reply to Newsgroups >>>>>>>>>> ** HELP us help YOU!!! >>>>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm >>>>>>>>>>> I am trying to migrate from an old W2K3 Active Directory >>>>>>>>>>> domain controller to a new one. Eventually I want to remove >>>>>>>>>>> the old server from the network. I have never done this >>>>>>>>>>> before and it is a little bit out of my league so I >>>>>>>>>>> Googled, read and hopefully followed several articles that I >>>>>>>>>>> found, but am still getting some errors logged. >>>>>>>>>>> >>>>>>>>>>> The list of AD users, computers etc replicated over to the >>>>>>>>>>> new server, but when I turn off the old one no one can log >>>>>>>>>>> in and there is no Internet access. I think both of these >>>>>>>>>>> problems are due to DNS (which I really understand about 1% >>>>>>>>>>> of). There are no errors in the DNS log though (just info >>>>>>>>>>> that the service started). >>>>>>>>>>> >>>>>>>>>>> Most of the computers have fixed IPs so DHCP isn't really an >>>>>>>>>>> issue, but the DHCP service is also failing. >>>>>>>>>>> >>>>>>>>>>> I'm hoping from the log files someone can give me some >>>>>>>>>>> specific things to try as opposed to links to articles that >>>>>>>>>>> are above my understanding. >>>>>>>>>>> >>>>>>>>>>> Your help is much appreciated. >>>>>>>>>>> >>>>>>>>>>> System Log: >>>>>>>>>>> >>>>>>>>>>> Event ID 1059 >>>>>>>>>>> The DHCP service failed to see a directory server for >>>>>>>>>>> authorization. >>>>>>>>>>> Directory Service Log: >>>>>>>>>>> Event ID 2088 >>>>>>>>>>> Active Directory could not use DNS to resolve the IP address >>>>>>>>>>> of >>>>>>>>>>> the >>>>>>>>>>> source >>>>>>>>>>> domain controller listed below. To maintain the consistency >>>>>>>>>>> of >>>>>>>>>>> Security >>>>>>>>>>> groups, group policy, users and computers and their >>>>>>>>>>> passwords, >>>>>>>>>>> Active >>>>>>>>>>> Directory successfully replicated using the NetBIOS or fully >>>>>>>>>>> qualified >>>>>>>>>>> computer name of the source domain controller. >>>>>>>>>>> Invalid DNS configuration may be affecting other essential >>>>>>>>>>> operations >>>>>>>>>>> on >>>>>>>>>>> member computers, domain controllers or application servers >>>>>>>>>>> in >>>>>>>>>>> this >>>>>>>>>>> Active >>>>>>>>>>> Directory forest, including logon authentication or access >>>>>>>>>>> to >>>>>>>>>>> network >>>>>>>>>>> resources. >>>>>>>>>>> (I cut out the rest of the error, let me know if it would be >>>>>>>>>>> helpful >>>>>>>>>>> to post >>>>>>>>>>> the entire message) >>>>>>>>>>> Event ID 1586 >>>>>>>>>>> The Windows NT 4.0 or earlier replication checkpoint with >>>>>>>>>>> the >>>>>>>>>>> PDC >>>>>>>>>>> emulator >>>>>>>>>>> master was unsuccessful. >>>>>>>>>>> A full synchronization of the security accounts manager >>>>>>>>>>> (SAM) >>>>>>>>>>> database >>>>>>>>>>> to domain controllers running Windows NT 4.0 and earlier >>>>>>>>>>> might >>>>>>>>>>> take >>>>>>>>>>> place if the PDC emulator master role is transferred to the >>>>>>>>>>> local >>>>>>>>>>> domain controller before the next successful checkpoint. >>>>>>>>>>> Application Log: >>>>>>>>>>> Event ID5 3258 >>>>>>>>>>> MS DTC could not correctly process a DC Promotion/Demotion >>>>>>>>>>> event. >>>>>>>>>>> MS >>>>>>>>>>> DTC >>>>>>>>>>> will continue to function and will use the existing security >>>>>>>>>>> settings. >>>>>>>>>>> Error >>>>>>>>>>> Specifics: %1 >>>>>>>>>>> Event ID 53258 >>>>>>>>>>> MS DTC could not correctly process a DC Promotion/Demotion >>>>>>>>>>> event. >>>>>>>>>>> MS >>>>>>>>>>> DTC >>>>>>>>>>> will continue to function and will use the existing security >>>>>>>>>>> settings. >>>>>>>>>>> Error >>>>>>>>>>> Specifics: d:\nt\com\complus\dtc\dtc\adme\uiname.cpp:9351, >>>>>>>>>>> Pid: >>>>>>>>>>> 1160 >>>>>>>>>>> No Callstack, CmdLine: C:\WINDOWS\system32\msdtc.exe
Guest Paul Chow Posted September 20, 2008 Posted September 20, 2008 Re: Problems migrating AD PDC Thanks. Will do "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message news:ff16fb667ac78cae936907bd40b@msnews.microsoft.com... > Hello Paul, > > Before going on with removing the old server, you have to make sure everything > is working correctly. If you think all is fine, i would clear all event logs > and run dcdiag /v, netdiag /v and repadmin /showrepl Save the output to a > file, let the DC's run 2/3 days and run the tools again. Check then also > the event viewer for errors. Also i would create test users/groups/OU's and > andworkstations in the domain and check that they are replicated to the other > DC. > > If everything is fine and no errors especially for the replication and DNS > i would start with the change/removal of the old machine. > > Demoting the old DC > > - in non working time from the users, change the ip from the old DC to a > free one and reboot it. Check in DNS on both DNS servers that is registered > again with the new address. Then change the ip of the new DC and also reboot > and check DNS on both servers. Give some time for replication of the addresses > in DNS. > > - run ipconfig /flushdns on a workstation and ping both DC's with the new > addresses, computer names and FQDN to be sure all answers are correct. > > - to be sure that everything runs fine, disconnect the old DC from the network > and check with clients and servers the connectivity, logon and also with > one client a restart to see that everything is ok, maybe 2 working days after > you made yourself a test before the users are back for work, so you are sure > nothing is different for the users accessing there resources. Reconnect after > this test the old DC > > - then run dcpromo to demote the old DC, if it works fine the machine will > move from the DC's OU to the computers container, where you can delete it > by hand. Can be that you got an error during demoting at the beginning, then > uncheck the Global catalog on that DC and try again > > - check the DNS management console, that all entries from the machine are > disappeared or delete them by hand if the machine is off the network for ever > > - also you have to start AD sites and services and delete the old servername > under the site, this will not be done during promotion > > Best regards > > Meinolf Weber > Disclaimer: This posting is provided "AS IS" with no warranties, and confers > no rights. > ** Please do NOT email, only reply to Newsgroups > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > > > > Again, Thank you so much for all of your help. I am not sure what I > > did but I successfully was able to transfer the 5 FSMO roles. > > Hopefully over the weekend I will shut down the old server and see > > what happens to the rest of the network. > > > > One last question: If everything is OK after shutting down the old > > server can I change the IP of the new server to the address of the old > > one or will that mess up things in DNS? > > > > "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message > > news:ff16fb66793a8cae8568972de15@msnews.microsoft.com... > > > >> Hello Jack, > >> > >> What kind of DNS zones are you using, AD integrated? Chekc that both > >> > > server > > > >> registered in the zones. Do you have also a Reverse lookup zone? > >> > >> Do you have no SP1 or SP2 on the 2003 installed? > >> > >> The NIC test on server 1 creates an error in netdiag output, make > >> sure the > >> drivers are up to date and also the NIC itself is correct built in. > >> GetStats failed for 'Intel® PRO/1000 XT Network Connection'. > >> [ERROR_INVALI > >> D_FUNCTION] > >> [FATAL] - None of the netcard drivers provided satisfactory results. > >> Change the ip settings in new-server to: > >> Host Name. . . . . . . . . : new-server > >> IP Address . . . . . . . . : 192.168.0.185 > >> Subnet Mask. . . . . . . . : 255.255.255.0 > >> Default Gateway. . . . . . : 192.168.0.254 > >> Dns Servers. . . . . . . . : 192.168.0.185 > >> 192.168.0.1 > >> Best regards > >> > >> Meinolf Weber > >> Disclaimer: This posting is provided "AS IS" with no warranties, and > > confers > > > >> no rights. > >> ** Please do NOT email, only reply to Newsgroups > >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > >>> I really appreciate all your help. Here are the outputs: > >>> > >>> Server1 is Old Server > >>> New-Server is new server > >>> netdom query fsmo: > >>> Schema owner SERVER1.ars.local > >>> Domain role owner SERVER1.ars.local > >>> PDC role new-server.ars.local > >>> > >>> RID pool manager SERVER1.ars.local > >>> > >>> Infrastructure owner SERVER1.ars.local > >>> > >>> The command completed successfully. > >>> > >>> repadmin running command /showrepl against server localhost > >>> > >>> Default-First-Site-Name\NEW-SERVER > >>> DC Options: IS_GC > >>> Site Options: (none) > >>> DC object GUID: bbd5e31c-ceaf-4c89-bbaf-be1245dbf679 > >>> DC invocationID: 56399df1-ebe1-4dd1-817a-fb046fcab5b8 > >>> ==== INBOUND NEIGHBORS ====================================== > >>> DC=ars,DC=local > >>> Default-First-Site-Name\SERVER1 via RPC > >>> DC object GUID: c834486a-c689-4f82-a4ec-85e81937e0f7 > >>> Last attempt @ 2008-09-18 20:58:20 was successful. > >>> CN=Configuration,DC=ars,DC=local > >>> Default-First-Site-Name\SERVER1 via RPC > >>> DC object GUID: c834486a-c689-4f82-a4ec-85e81937e0f7 > >>> Last attempt @ 2008-09-18 21:33:32 was successful. > >>> CN=Schema,CN=Configuration,DC=ars,DC=local > >>> Default-First-Site-Name\SERVER1 via RPC > >>> DC object GUID: c834486a-c689-4f82-a4ec-85e81937e0f7 > >>> Last attempt @ 2008-09-18 20:58:20 was successful. > >>> DC=ForestDnsZones,DC=ars,DC=local > >>> Default-First-Site-Name\SERVER1 via RPC > >>> DC object GUID: c834486a-c689-4f82-a4ec-85e81937e0f7 > >>> Last attempt @ 2008-09-18 20:58:20 was successful. > >>> DC=DomainDnsZones,DC=ars,DC=local > >>> Default-First-Site-Name\SERVER1 via RPC > >>> DC object GUID: c834486a-c689-4f82-a4ec-85e81937e0f7 > >>> Last attempt @ 2008-09-18 21:29:30 was successful. > >>> **************************************************************** > >>> DCDIAG on new server: > >>> > >>> Domain Controller Diagnosis > >>> > >>> Performing initial setup: > >>> Done gathering initial info. > >>> Doing initial required tests > >>> Testing server: Default-First-Site-Name\NEW-SERVER > >>> Starting test: Connectivity > >>> ......................... NEW-SERVER passed test Connectivity > >>> Doing primary tests > >>> Testing server: Default-First-Site-Name\NEW-SERVER > >>> Starting test: Replications > >>> [sERVER1] DsBindWithSpnEx() failed with error 1722, > >>> The RPC server is unavailable.. > >>> ......................... NEW-SERVER passed test Replications > >>> Starting test: NCSecDesc > >>> ......................... NEW-SERVER passed test NCSecDesc > >>> Starting test: NetLogons > >>> ......................... NEW-SERVER passed test NetLogons > >>> Starting test: Advertising > >>> ......................... NEW-SERVER passed test Advertising > >>> Starting test: KnowsOfRoleHolders > >>> Warning: SERVER1 is the Schema Owner, but is not responding > >>> to DS > >>> RPC B > >>> ind. > >>> [sERVER1] LDAP search failed with error 58, > >>> The specified server cannot perform the requested operation.. > >>> Warning: SERVER1 is the Schema Owner, but is not responding > >>> to LDAP > >>> Bin > >>> d. > >>> Warning: SERVER1 is the Domain Owner, but is not responding > >>> to DS > >>> RPC B > >>> ind. > >>> Warning: SERVER1 is the Domain Owner, but is not responding > >>> to LDAP > >>> Bin > >>> d. > >>> Warning: SERVER1 is the Rid Owner, but is not responding to > >>> DS RPC > >>> Bind > >>> . > >>> Warning: SERVER1 is the Rid Owner, but is not responding to > >>> LDAP > >>> Bind. > >>> Warning: SERVER1 is the Infrastructure Update Owner, but is > >>> not > >>> respond > >>> ing to DS RPC Bind. > >>> Warning: SERVER1 is the Infrastructure Update Owner, but is > >>> not > >>> respond > >>> ing to LDAP Bind. > >>> ......................... NEW-SERVER failed test > >>> KnowsOfRoleHolders > >>> Starting test: RidManager > >>> ......................... NEW-SERVER failed test RidManager > >>> Starting test: MachineAccount > >>> ......................... NEW-SERVER passed test > >>> MachineAccount > >>> Starting test: Services > >>> ......................... NEW-SERVER passed test Services > >>> Starting test: ObjectsReplicated > >>> ......................... NEW-SERVER passed test > >>> ObjectsReplicated > >>> Starting test: frssysvol > >>> ......................... NEW-SERVER passed test frssysvol > >>> Starting test: frsevent > >>> ......................... NEW-SERVER passed test frsevent > >>> Starting test: kccevent > >>> ......................... NEW-SERVER passed test kccevent > >>> Starting test: systemlog > >>> An Error Event occured. EventID: 0xC00010E1 > >>> Time Generated: 09/18/2008 20:58:22 > >>> (Event String could not be retrieved) > >>> An Error Event occured. EventID: 0x0000166D > >>> Time Generated: 09/18/2008 20:58:22 > >>> Event String: Netlogon could not register the ARS<1B> name > >>> An Error Event occured. EventID: 0xC00010E1 > >>> Time Generated: 09/18/2008 21:13:22 > >>> (Event String could not be retrieved) > >>> An Error Event occured. EventID: 0xC00010E1 > >>> Time Generated: 09/18/2008 21:28:22 > >>> (Event String could not be retrieved) > >>> An Error Event occured. EventID: 0xC00010E1 > >>> Time Generated: 09/18/2008 21:43:22 > >>> (Event String could not be retrieved) > >>> ......................... NEW-SERVER failed test systemlog > >>> Starting test: VerifyReferences > >>> ......................... NEW-SERVER passed test > >>> VerifyReferences > >>> Running partition tests on : DomainDnsZones > >>> Starting test: CrossRefValidation > >>> ......................... DomainDnsZones passed test > >>> CrossRefValidation > >>> Starting test: CheckSDRefDom > >>> ......................... DomainDnsZones passed test > >>> CheckSDRefDom > >>> Running partition tests on : ForestDnsZones > >>> Starting test: CrossRefValidation > >>> ......................... ForestDnsZones passed test > >>> CrossRefValidation > >>> Starting test: CheckSDRefDom > >>> ......................... ForestDnsZones passed test > >>> CheckSDRefDom > >>> Running partition tests on : Schema > >>> Starting test: CrossRefValidation > >>> ......................... Schema passed test > >>> CrossRefValidation > >>> Starting test: CheckSDRefDom > >>> ......................... Schema passed test CheckSDRefDom > >>> Running partition tests on : Configuration > >>> Starting test: CrossRefValidation > >>> ......................... Configuration passed test > >>> CrossRefValidation > >>> Starting test: CheckSDRefDom > >>> ......................... Configuration passed test > >>> CheckSDRefDom > >>> Running partition tests on : ARS > >>> Starting test: CrossRefValidation > >>> ......................... ARS passed test CrossRefValidation > >>> Starting test: CheckSDRefDom > >>> ......................... ARS passed test CheckSDRefDom > >>> Running enterprise tests on : ARS.local > >>> Starting test: Intersite > >>> ......................... ARS.local passed test Intersite > >>> Starting test: FsmoCheck > >>> Error: The server returned by DsGetDcName() did not match > >>> DsListRoles() > >>> for the PDC > >>> ......................... ARS.local passed test FsmoCheck > >>> ******************************************************************** > >>> ** > >>> DCDIAG on Old Server: > >>> > >>> Domain Controller Diagnosis > >>> > >>> Performing initial setup: > >>> Done gathering initial info. > >>> Doing initial required tests > >>> Testing server: Default-First-Site-Name\SERVER1 > >>> Starting test: Connectivity > >>> The host > >>> c834486a-c689-4f82-a4ec-85e81937e0f7._msdcs.ars.local coul > >>> d not be resolved to an > >>> IP address. Check the DNS server, DHCP, server name, etc > >>> Although the Guid DNS name > >>> (c834486a-c689-4f82-a4ec-85e81937e0f7._msdcs.ars.local) > >>> couldn't > >>> be resolved, the server name (SERVER1.ars.local) resolved to > >>> the > >>> IP address (192.168.0.1) and was pingable. Check that the IP > >>> address > >>> is registered correctly with the DNS server. > >>> ......................... SERVER1 failed test Connectivity > >>> Doing primary tests > >>> Testing server: Default-First-Site-Name\SERVER1 > >>> Skipping all tests, because server SERVER1 is > >>> not responding to directory service requests > >>> Running partition tests on : ForestDnsZones > >>> Starting test: CrossRefValidation > >>> ......................... ForestDnsZones passed test > >>> CrossRefValidation > >>> Starting test: CheckSDRefDom > >>> ......................... ForestDnsZones passed test > >>> CheckSDRefDom > >>> Running partition tests on : DomainDnsZones > >>> Starting test: CrossRefValidation > >>> ......................... DomainDnsZones passed test > >>> CrossRefValidation > >>> Starting test: CheckSDRefDom > >>> ......................... DomainDnsZones passed test > >>> CheckSDRefDom > >>> Running partition tests on : Schema > >>> Starting test: CrossRefValidation > >>> ......................... Schema passed test > >>> CrossRefValidation > >>> Starting test: CheckSDRefDom > >>> ......................... Schema passed test CheckSDRefDom > >>> Running partition tests on : Configuration > >>> Starting test: CrossRefValidation > >>> ......................... Configuration passed test > >>> CrossRefValidation > >>> Starting test: CheckSDRefDom > >>> ......................... Configuration passed test > >>> CheckSDRefDom > >>> Running partition tests on : ars > >>> Starting test: CrossRefValidation > >>> ......................... ars passed test CrossRefValidation > >>> Starting test: CheckSDRefDom > >>> ......................... ars passed test CheckSDRefDom > >>> Running enterprise tests on : ars.local > >>> Starting test: Intersite > >>> ......................... ars.local passed test Intersite > >>> Starting test: FsmoCheck > >>> Error: The server returned by DsGetDcName() did not match > >>> DsListRoles() > >>> for the PDC > >>> ......................... ars.local passed test FsmoCheck > >>> ******************************************************************** > >>> ** > >>> ** > >>> NETDIAG ON NEW SERVER: > >>> > >>> Computer Name: NEW-SERVER > >>> DNS Host Name: new-server.ars.local > >>> System info : Microsoft Windows Server 2003 (Build 3790) > >>> Processor : x86 Family 6 Model 15 Stepping 13, GenuineIntel > >>> List of installed hotfixes : > >>> Q147222 > >>> Netcard queries test . . . . . . . : Passed > >>> Per interface results: > >>> > >>> Adapter : Local Area Connection > >>> > >>> Netcard queries test . . . : Passed > >>> > >>> Host Name. . . . . . . . . : new-server > >>> IP Address . . . . . . . . : 192.168.0.185 > >>> Subnet Mask. . . . . . . . : 255.255.255.0 > >>> Default Gateway. . . . . . : 192.168.0.254 > >>> Dns Servers. . . . . . . . : 192.168.0.1 > >>> 192.168.0.185 > >>> AutoConfiguration results. . . . . . : Passed > >>> Default gateway test . . . : Passed > >>> > >>> NetBT name test. . . . . . : Passed > >>> [WARNING] At least one of the <00> 'WorkStation Service', <03> > >>> 'Messenge > >>> r Service', <20> 'WINS' names is missing. > >>> WINS service test. . . . . : Skipped > >>> There are no WINS servers configured for this interface. > >>> Global results: > >>> Domain membership test . . . . . . : Passed > >>> > >>> NetBT transports test. . . . . . . : Passed > >>> List of NetBt transports currently configured: > >>> NetBT_Tcpip_{1564DF95-1390-4C84-8E00-D154F9AED25D} > >>> 1 NetBt transport currently configured. > >>> Autonet address test . . . . . . . : Passed > >>> IP loopback ping test. . . . . . . : Passed > >>> > >>> Default gateway test . . . . . . . : Passed > >>> > >>> NetBT name test. . . . . . . . . . : Passed > >>> [WARNING] You don't have a single interface with the <00> > >>> 'WorkStation > >>> Servi > >>> ce', <03> 'Messenger Service', <20> 'WINS' names defined. > >>> Winsock test . . . . . . . . . . . : Passed > >>> > >>> DNS test . . . . . . . . . . . . . : Failed > >>> [WARNING] The DNS entries for this DC are not registered correctly > >>> on > >>> DNS se > >>> rver '192.168.0.1'. Please wait for 30 minutes for DNS server > >>> replication. > >>> [WARNING] The DNS entries for this DC are not registered correctly > >>> on > >>> DNS se > >>> rver '192.168.0.185'. Please wait for 30 minutes for DNS server > >>> replication. > >>> [FATAL] No DNS servers have the DNS records for this DC > >>> registered. > >>> Redir and Browser test . . . . . . : Passed > >>> List of NetBt transports currently bound to the Redir > >>> NetBT_Tcpip_{1564DF95-1390-4C84-8E00-D154F9AED25D} > >>> The redir is bound to 1 NetBt transport. > >>> List of NetBt transports currently bound to the browser > >>> NetBT_Tcpip_{1564DF95-1390-4C84-8E00-D154F9AED25D} > >>> The browser is bound to 1 NetBt transport. > >>> DC discovery test. . . . . . . . . : Passed > >>> DC list test . . . . . . . . . . . : Passed > >>> > >>> Trust relationship test. . . . . . : Skipped > >>> > >>> Kerberos test. . . . . . . . . . . : Passed > >>> > >>> LDAP test. . . . . . . . . . . . . : Passed > >>> > >>> Bindings test. . . . . . . . . . . : Passed > >>> > >>> WAN configuration test . . . . . . : Skipped > >>> No active remote access connections. > >>> Modem diagnostics test . . . . . . : Passed > >>> IP Security test . . . . . . . . . : Skipped > >>> > >>> Note: run "netsh ipsec dynamic show /?" for more detailed > >>> information > >>> > >>> ******************************************************************** > >>> ** ****** ** > >>> > >>> NETDIAG ON OLD SERVER: > >>> > >>> Computer Name: SERVER1 > >>> DNS Host Name: SERVER1.ars.local > >>> System info : Microsoft Windows Server 2003 (Build 3790) > >>> Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel > >>> Netcard queries test . . . . . . . : Failed > >>> GetStats failed for 'Intel® PRO/1000 XT Network Connection'. > >>> [ERROR_INVALI > >>> D_FUNCTION] > >>> [FATAL] - None of the netcard drivers provided satisfactory > >>> results. > >>> Per interface results: > >>> Adapter : Local Area Connection > >>> > >>> Netcard queries test . . . : Failed > >>> NetCard Status: UNKNOWN > >>> Host Name. . . . . . . . . : SERVER1 > >>> IP Address . . . . . . . . : 192.168.0.1 > >>> Subnet Mask. . . . . . . . : 255.255.255.0 > >>> Default Gateway. . . . . . : 192.168.0.254 > >>> Dns Servers. . . . . . . . : 192.168.0.1 > >>> 192.168.0.185 > >>> AutoConfiguration results. . . . . . : Passed > >>> Default gateway test . . . : Passed > >>> > >>> NetBT name test. . . . . . : Passed > >>> [WARNING] At least one of the <00> 'WorkStation Service', <03> > >>> 'Messenge > >>> r Service', <20> 'WINS' names is missing. > >>> No remote names have been found. > >>> WINS service test. . . . . : Skipped > >>> There are no WINS servers configured for this interface. > >>> Global results: > >>> Domain membership test . . . . . . : Passed > >>> > >>> NetBT transports test. . . . . . . : Passed > >>> List of NetBt transports currently configured: > >>> NetBT_Tcpip_{E4FF46BE-FF6F-4E97-8825-A3B494203996} > >>> 1 NetBt transport currently configured. > >>> Autonet address test . . . . . . . : Passed > >>> IP loopback ping test. . . . . . . : Passed > >>> > >>> Default gateway test . . . . . . . : Passed > >>> > >>> NetBT name test. . . . . . . . . . : Passed > >>> [WARNING] You don't have a single interface with the <00> > >>> 'WorkStation > >>> Servi > >>> ce', <03> 'Messenger Service', <20> 'WINS' names defined. > >>> Winsock test . . . . . . . . . . . : Passed > >>> > >>> DNS test . . . . . . . . . . . . . : Failed > >>> [WARNING] The DNS entries for this DC are not registered correctly > >>> on > >>> DNS se > >>> rver '192.168.0.1'. Please wait for 30 minutes for DNS server > >>> replication. > >>> [WARNING] The DNS entries for this DC are not registered correctly > >>> on > >>> DNS se > >>> rver '192.168.0.185'. Please wait for 30 minutes for DNS server > >>> replication. > >>> [FATAL] No DNS servers have the DNS records for this DC > >>> registered. > >>> Redir and Browser test . . . . . . : Passed > >>> List of NetBt transports currently bound to the Redir > >>> NetBT_Tcpip_{E4FF46BE-FF6F-4E97-8825-A3B494203996} > >>> The redir is bound to 1 NetBt transport. > >>> List of NetBt transports currently bound to the browser > >>> NetBT_Tcpip_{E4FF46BE-FF6F-4E97-8825-A3B494203996} > >>> The browser is bound to 1 NetBt transport. > >>> DC discovery test. . . . . . . . . : Passed > >>> DC list test . . . . . . . . . . . : Passed > >>> > >>> Trust relationship test. . . . . . : Skipped > >>> > >>> Kerberos test. . . . . . . . . . . : Passed > >>> > >>> LDAP test. . . . . . . . . . . . . : Passed > >>> > >>> Bindings test. . . . . . . . . . . : Passed > >>> > >>> WAN configuration test . . . . . . : Skipped > >>> No active remote access connections. > >>> Modem diagnostics test . . . . . . : Passed > >>> IP Security test . . . . . . . . . : Skipped > >>> > >>> ******************************************************************** > >>> ** **** > >>> > >>> Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message > >>> news:ff16fb6678608cae7efe2fb2d9d@msnews.microsoft.com... > >>> > >>>> Hello Paul, > >>>> > >>>> For the DNS settings choose also the other DC as secondary on the > >>>> NIC. > >>>> > >>> Also > >>> > >>>> post the output in command window from "netdom query fsmo" without > >>>> the > >>>> > >>> quotes. > >>> > >>>> Then run repadmin /showrepl and post the output also. Run dcdiag > >>>> and > >>>> > >>> netdiag > >>> > >>>> on both DC's and if you get errors post also the complete output. > >>>> > >>>> Best regards > >>>> > >>>> Meinolf Weber > >>>> Disclaimer: This posting is provided "AS IS" with no warranties, > >>>> and > >>> confers > >>> > >>>> no rights. > >>>> ** Please do NOT email, only reply to Newsgroups > >>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > >>>>>> Did you configure the FORWARDERS in the DNS management console > >>>>>> under the server properties? > >>>>>> > >>>>> Yes. I deleted the DNS forwarders and re-entered them. I am now > >>>>> able to browse if I point the new serve to itself as the DNS > >>>>> server. I think this part is fixed. Thanks for pointing me in the > >>>>> right direction on this :-) :-) (or what ever a super happy face > >>>>> is!) > >>>>> > >>>>>> Did you move all 5 FSMO roles to the new server? > >>>>>> > >>>>> No, when I try I get "The transfer of the operations master role > >>>>> cannot be > >>>>> performed because the requested FSMO > >>>>> operation failed. The current FSMO holder could not be contacted" > >>>>>> Did you make the new DC Global catalog server? > >>>>>> > >>>>> Yes > >>>>> > >>>>> Old Server: > >>>>> Windows IP Configuration > >>>>> Host Name . . . . . . . . . . . . : SERVER1 > >>>>> Primary Dns Suffix . . . . . . . : ars.local > >>>>> Node Type . . . . . . . . . . . . : Unknown > >>>>> IP Routing Enabled. . . . . . . . : Yes > >>>>> WINS Proxy Enabled. . . . . . . . : Yes > >>>>> DNS Suffix Search List. . . . . . : ars.local > >>>>> Ethernet adapter Local Area Connection: > >>>>> Connection-specific DNS Suffix . : > >>>>> Description . . . . . . . . . . . : Intel® PRO/1000 XT Network > >>>>> Connection > >>>>> Physical Address. . . . . . . . . : 00-0D-56-FD-47-D9 > >>>>> DHCP Enabled. . . . . . . . . . . : No > >>>>> IP Address. . . . . . . . . . . . : 192.168.0.1 > >>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0 > >>>>> Default Gateway . . . . . . . . . : 192.168.0.254 > >>>>> DNS Servers . . . . . . . . . . . : 192.168.0.1 > >>>>> New Server: > >>>>> Windows IP Configuration > >>>>> Host Name . . . . . . . . . . . . : new-server > >>>>> Primary Dns Suffix . . . . . . . : ars.local > >>>>> Node Type . . . . . . . . . . . . : Unknown > >>>>> IP Routing Enabled. . . . . . . . : No > >>>>> WINS Proxy Enabled. . . . . . . . : No > >>>>> DNS Suffix Search List. . . . . . : ars.local > >>>>> Ethernet adapter Local Area Connection: > >>>>> Connection-specific DNS Suffix . : > >>>>> Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit > >>>>> Ethernet > >>>>> Physical Address. . . . . . . . . : 00-1D-09-FF-97-24 > >>>>> DHCP Enabled. . . . . . . . . . . : No > >>>>> IP Address. . . . . . . . . . . . : 192.168.0.185 > >>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0 > >>>>> Default Gateway . . . . . . . . . : 192.168.0.254 > >>>>> DNS Servers . . . . . . . . . . . : 192.168.0.1 > >>>>> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message > >>>>> news:ff16fb6676fb8cae77e58e6f198@msnews.microsoft.com... > >>>>>> Hello Paul, > >>>>>> > >>>>>> Please post an unedited ipconfig /all from both DC's. > >>>>>> > >>>>>> Did you configure the FORWARDERS in the DNS management console > >>>>>> under the server properties? > >>>>>> > >>>>>> Did you move all 5 FSMO roles to the new server? > >>>>>> > >>>>>> Did you make the new DC Global catalog server? > >>>>>> > >>>>>> Best regards > >>>>>> > >>>>>> Meinolf Weber > >>>>>> Disclaimer: This posting is provided "AS IS" with no warranties, > >>>>>> and > >>>>> confers > >>>>> > >>>>>> no rights. > >>>>>> ** Please do NOT email, only reply to Newsgroups > >>>>>> ** HELP us help YOU!!! > >>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm > >>>>>>> So I have been going through your list. I still have not been > >>>>>>> able to get rid of any of the original errors that I posted. > >>>>>>> > >>>>>>> When I try to Transfer FSMO roles (change operations master, > >>>>>>> change schema master, etc.) I get the following: "The transfer > >>>>>>> of the operations master role cannot be performed because the > >>>>>>> requested FSMO operation failed. The current FSMO holder could > >>>>>>> not be contacted" > >>>>>>> > >>>>>>> As I stated in an earlier post I know that there are DNS issues. > >>>>>>> 1. From the event logs > >>>>>>> 2. If I take the old server offline and point a workstation DNS > >>>>>>> setting to > >>>>>>> the new server I cant browse. > >>>>>>> I am sure that all of these issues are related, but not sure how > >>>>>>> to > >>>>>>> correct. > >>>>>>> I have no idea what to do next > >>>>>>> <Meinolf Weber> wrote in message > >>>>>>> news:ff16fb6666c48cae132945ad0f4@msnews.microsoft.com... > >>>>>>>> Hello Paul, > >>>>>>>> > >>>>>>>> Check this list for the steps you have done or not, if not do > >>>>>>>> it now and leave the old DC still up and running during the > >>>>>>>> time: > >>>>>>>> > >>>>>>>> - On the old server open DNS management console and check that > >>>>>>>> you are > >>>>>>>> > >>>>>>> running > >>>>>>> > >>>>>>>> Active directory integrated zone (easier for replication, if > >>>>>>>> you have more then one DNS server) > >>>>>>>> > >>>>>>>> - run replmon, dcdiag and netdiag on the old machine to check > >>>>>>>> for errors, if you have some post the complete output from the > >>>>>>>> command here or solve them first > >>>>>>>> > >>>>>>>> - run adprep /forestprep and adprep /domainprep from the 2003 > >>>>>>>> installation disk against the 2000 server, with an account that > >>>>>>>> is member of the Schema admins, to upgrade the schema to the > >>>>>>>> new version > >>>>>>>> > >>>>>>>> - Install the new machine as a member server in your existing > >>>>>>>> domain > >>>>>>>> > >>>>>>>> - configure a fixed ip and set the preferred DNS server to the > >>>>>>>> old DNS > >>>>>>>> > >>>>>>> server > >>>>>>> > >>>>>>>> only > >>>>>>>> > >>>>>>>> - run dcpromo and follow the wizard to add the 2003 server to > >>>>>>>> an existing domain > >>>>>>>> > >>>>>>>> - if you are prompted for DNS configuration choose Yes (also > >>>>>>>> possible that no DNS preparation occur), then install DNS after > >>>>>>>> the reboot > >>>>>>>> > >>>>>>>> - for DNS give the server time for replication, at least 15 > >>>>>>>> minutes. > >>>>>>>> > >>>>>>> Because > >>>>>>> > >>>>>>>> you use Active directory integrated zones it will automatically > >>>>>>>> replicate the zones to the new server. Open DNS management > >>>>>>>> console to check that > >>>>>>>> > >>>>>>> they > >>>>>>> > >>>>>>>> appear > >>>>>>>> > >>>>>>>> - if the new machine is domain controller and DNS server run > >>>>>>>> again > >>>>>>>> > >>>>>>> replmon, > >>>>>>> > >>>>>>>> dcdiag and netdiag on both domain controllers > >>>>>>>> > >>>>>>>> - if you have no errors, make the new server Global catalog > >>>>>>>> server, open Active directory Sites and Services and then > >>>>>>>> double-click sitename, > >>>>>>>> > >>>>>>> double-click > >>>>>>> > >>>>>>>> Servers, click your domain controller, right-click NTDS > >>>>>>>> Settings, and then click Properties, on the General tab, click > >>>>>>>> to select the Global catalog check box > >>>>>>>> (http://support.microsoft.com/?id=313994) > >>>>>>>> > >>>>>>>> - Transfer, NOT seize the 5 FSMO roles to the new Domain > >>>>>>>> controller > >>>>>>>> > >>>>>>> (http://support.microsoft.com/kb/324801) > >>>>>>> > >>>>>>>> - you can see in the event viewer (Directory service) that the > >>>>>>>> roles are transferred, also give it some time > >>>>>>>> > >>>>>>>> - reconfigure the DNS configuration on your NIC of the 2003 > >>>>>>>> server, > >>>>>>>> > >>>>>>> preferred > >>>>>>> > >>>>>>>> DNS itself, secondary the old one > >>>>>>>> > >>>>>>>> - if you use DHCP do not forget to reconfigure the scope > >>>>>>>> settings to point to the new installed DNS server > >>>>>>>> > >>>>>>>> - export and import of DHCP database (if needed) > >>>>>>>> > >>>>>>> http://support.microsoft.com/kb/325473 > >>>>>>> > >>>>>>>> Demoting > >>>>>>>> > >>>>>>>> - reconfigure your clients/servers that they not longer point > >>>>>>>> to the old DC/DNS server on the NIC > >>>>>>>> > >>>>>>>> - to be sure that everything runs fine, disconnect the old DC > >>>>>>>> from the > >>>>>>>> > >>>>>>> network > >>>>>>> > >>>>>>>> and check with clients and servers the connectivity, logon and > >>>>>>>> also with one client a restart to see that everything is ok > >>>>>>>> > >>>>>>>> - then run dcpromo to demote the old DC, if it works fine the > >>>>>>>> machine will move from the DC's OU to the computers container, > >>>>>>>> where you can delete it by hand. Can be that you got an error > >>>>>>>> during demoting at the beginning, > >>>>>>>> > >>>>>>> then > >>>>>>> > >>>>>>>> uncheck the Global catalog on that DC and try again > >>>>>>>> > >>>>>>>> - check the DNS management console, that all entries from the > >>>>>>>> machine are disappeared or delete them by hand if the machine > >>>>>>>> is off the network for > >>>>>>>> > >>>>>>> ever > >>>>>>> > >>>>>>>> Best regards > >>>>>>>> > >>>>>>>> Meinolf Weber > >>>>>>>> Disclaimer: This posting is provided "AS IS" with no > >>>>>>>> warranties, > >>>>>>>> and > >>>>>>> confers > >>>>>>> > >>>>>>>> no rights. > >>>>>>>> ** Please do NOT email, only reply to Newsgroups > >>>>>>>> ** HELP us help YOU!!! > >>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm > >>>>>>>>> Thanks for your reply. > >>>>>>>>> > >>>>>>>>>> Did you install DNS also on the new server and point all > >>>>>>>>>> clients to use > >>>>>>>>>> > >>>>>>>>> it? > >>>>>>>>> DNS is installed. After shutting down the old server I changed > >>>>>>>>> the > >>>>>>>>> new > >>>>>>>>> server to the old servers IP and rebooted. > >>>>>>>>>> Did you configure the FORWARDERS in the DNS management > >>>>>>>>>> console under the server properties? > >>>>>>>>>> > >>>>>>>>> I dont think so. I just "poked" around in the DNS console and > >>>>>>>>> cant > >>>>>>>>> even find > >>>>>>>>> these settings. > >>>>>>>>> Is there a (easy) way to export the entire DNS setup from the > >>>>>>>>> old > >>>>>>>>> server? > >>>>>>>>>> Did you move all 5 FSMO roles to the new server? > >>>>>>>>>> > >>>>>>>>> I dont know what this means, so probably not. > >>>>>>>>> > >>>>>>>>>> Did you make the new DC Global catalog server? > >>>>>>>>>> > >>>>>>>>> Yes > >>>>>>>>> > >>>>>>>>> help... I'm over my head > >>>>>>>>> > >>>>>>>>> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message > >>>>>>>>> news:ff16fb6666398cae0e32ae8ece8@msnews.microsoft.com... > >>>>>>>>> > >>>>>>>>>> Hello Paul, > >>>>>>>>>> > >>>>>>>>>> Did you install DNS also on the new server and point all > >>>>>>>>>> clients to use > >>>>>>>>>> > >>>>>>>>> it? > >>>>>>>>> > >>>>>>>>>> Did you configure the FORWARDERS in the DNS management > >>>>>>>>>> console under the server properties? > >>>>>>>>>> > >>>>>>>>>> Did you move all 5 FSMO roles to the new server? > >>>>>>>>>> > >>>>>>>>>> Did you make the new DC Global catalog server? > >>>>>>>>>> > >>>>>>>>>> Best regards > >>>>>>>>>> > >>>>>>>>>> Meinolf Weber > >>>>>>>>>> Disclaimer: This posting is provided "AS IS" with no > >>>>>>>>>> warranties, > >>>>>>>>>> and > >>>>>>>>> confers > >>>>>>>>> > >>>>>>>>>> no rights. > >>>>>>>>>> ** Please do NOT email, only reply to Newsgroups > >>>>>>>>>> ** HELP us help YOU!!! > >>>>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm > >>>>>>>>>>> I am trying to migrate from an old W2K3 Active Directory > >>>>>>>>>>> domain controller to a new one. Eventually I want to remove > >>>>>>>>>>> the old server from the network. I have never done this > >>>>>>>>>>> before and it is a little bit out of my league so I > >>>>>>>>>>> Googled, read and hopefully followed several articles that I > >>>>>>>>>>> found, but am still getting some errors logged. > >>>>>>>>>>> > >>>>>>>>>>> The list of AD users, computers etc replicated over to the > >>>>>>>>>>> new server, but when I turn off the old one no one can log > >>>>>>>>>>> in and there is no Internet access. I think both of these > >>>>>>>>>>> problems are due to DNS (which I really understand about 1% > >>>>>>>>>>> of). There are no errors in the DNS log though (just info > >>>>>>>>>>> that the service started). > >>>>>>>>>>> > >>>>>>>>>>> Most of the computers have fixed IPs so DHCP isn't really an > >>>>>>>>>>> issue, but the DHCP service is also failing. > >>>>>>>>>>> > >>>>>>>>>>> I'm hoping from the log files someone can give me some > >>>>>>>>>>> specific things to try as opposed to links to articles that > >>>>>>>>>>> are above my understanding. > >>>>>>>>>>> > >>>>>>>>>>> Your help is much appreciated. > >>>>>>>>>>> > >>>>>>>>>>> System Log: > >>>>>>>>>>> > >>>>>>>>>>> Event ID 1059 > >>>>>>>>>>> The DHCP service failed to see a directory server for > >>>>>>>>>>> authorization. > >>>>>>>>>>> Directory Service Log: > >>>>>>>>>>> Event ID 2088 > >>>>>>>>>>> Active Directory could not use DNS to resolve the IP address > >>>>>>>>>>> of > >>>>>>>>>>> the > >>>>>>>>>>> source > >>>>>>>>>>> domain controller listed below. To maintain the consistency > >>>>>>>>>>> of > >>>>>>>>>>> Security > >>>>>>>>>>> groups, group policy, users and computers and their > >>>>>>>>>>> passwords, > >>>>>>>>>>> Active > >>>>>>>>>>> Directory successfully replicated using the NetBIOS or fully > >>>>>>>>>>> qualified > >>>>>>>>>>> computer name of the source domain controller. > >>>>>>>>>>> Invalid DNS configuration may be affecting other essential > >>>>>>>>>>> operations > >>>>>>>>>>> on > >>>>>>>>>>> member computers, domain controllers or application servers > >>>>>>>>>>> in > >>>>>>>>>>> this > >>>>>>>>>>> Active > >>>>>>>>>>> Directory forest, including logon authentication or access > >>>>>>>>>>> to > >>>>>>>>>>> network > >>>>>>>>>>> resources. > >>>>>>>>>>> (I cut out the rest of the error, let me know if it would be > >>>>>>>>>>> helpful > >>>>>>>>>>> to post > >>>>>>>>>>> the entire message) > >>>>>>>>>>> Event ID 1586 > >>>>>>>>>>> The Windows NT 4.0 or earlier replication checkpoint with > >>>>>>>>>>> the > >>>>>>>>>>> PDC > >>>>>>>>>>> emulator > >>>>>>>>>>> master was unsuccessful. > >>>>>>>>>>> A full synchronization of the security accounts manager > >>>>>>>>>>> (SAM) > >>>>>>>>>>> database > >>>>>>>>>>> to domain controllers running Windows NT 4.0 and earlier > >>>>>>>>>>> might > >>>>>>>>>>> take > >>>>>>>>>>> place if the PDC emulator master role is transferred to the > >>>>>>>>>>> local > >>>>>>>>>>> domain controller before the next successful checkpoint. > >>>>>>>>>>> Application Log: > >>>>>>>>>>> Event ID5 3258 > >>>>>>>>>>> MS DTC could not correctly process a DC Promotion/Demotion > >>>>>>>>>>> event. > >>>>>>>>>>> MS > >>>>>>>>>>> DTC > >>>>>>>>>>> will continue to function and will use the existing security > >>>>>>>>>>> settings. > >>>>>>>>>>> Error > >>>>>>>>>>> Specifics: %1 > >>>>>>>>>>> Event ID 53258 > >>>>>>>>>>> MS DTC could not correctly process a DC Promotion/Demotion > >>>>>>>>>>> event. > >>>>>>>>>>> MS > >>>>>>>>>>> DTC > >>>>>>>>>>> will continue to function and will use the existing security > >>>>>>>>>>> settings. > >>>>>>>>>>> Error > >>>>>>>>>>> Specifics: d:\nt\com\complus\dtc\dtc\adme\uiname.cpp:9351, > >>>>>>>>>>> Pid: > >>>>>>>>>>> 1160 > >>>>>>>>>>> No Callstack, CmdLine: C:\WINDOWS\system32\msdtc.exe > >
Recommended Posts