Error not able to loging after upgrading domain controller

Hi


I tried upgrading my windows 2000 domain controller (with sp4) to windows
2003 (with sp2) domain controller.I have single domain controller in my
organisation.I have made my windows 2003 as additonal domain controller and
tried moving the fsmo roles via ntdsutil tool. i got succes, After shutting
down my old windows 2000 server i tried login from test server and pc's i was
not able to login.I get a error message no domain server found.if i start my
old 2000 server all my pc are able to login.

I am ataching the error log which i genrated from both the server (win 2000
& 2003) via dcdiag tool.Need help to resolve this problem
Regards
Alexyy

error log from both the server

WINDOWS 2003 SERVER Error


C:\Documents and Settings\Administrator.ABMAURI>dcdiag

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\DATASERVER
Starting test: Connectivity
The host 8915e3e5-0e71-4c9f-a92a-6b3c1a2f9781._msdcs.abmauri.int
could
not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(8915e3e5-0e71-4c9f-a92a-6b3c1a2f9781._msdcs.abmauri.int) couldn't be
resolved, the server name (dataserver.abmauri.int) resolved to the IP
address (192.168.0.11) and was pingable. Check that the IP address
is
registered correctly with the DNS server.
......................... DATASERVER failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\DATASERVER
Skipping all tests, because server DATASERVER is
not responding to directory service requests

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation

Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation

Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : abmauri
Starting test: CrossRefValidation
......................... abmauri passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... abmauri passed test CheckSDRefDom

Running enterprise tests on : abmauri.int
Starting test: Intersite
......................... abmauri.int passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
......................... abmauri.int failed test FsmoCheck

C:\Documents and Settings\Administrator.ABMAURI>
C:\Documents and Settings\Administrator.ABMAURI>
================================================== ================================================== ====


WINDOWS 2000 SERVER Error



C:\Program Files\Support Tools>dcdiag

DC Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial non skippeable tests

Testing server: Default-First-Site-Name\MAINSERVER
Starting test: Connectivity
MAINSERVER's server GUID DNS name could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(f6395252-5abc-4524-bd9f-5c8688aabfda._msdcs.abmauri.int) couldn't be
resolved, the server name (mainserver.abmauri.int) resolved to the IP
address (192.168.0.5) and was pingable. Check that the IP address is
registered correctly with the DNS server.
......................... MAINSERVER failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\MAINSERVER
Skipping all tests, because server MAINSERVER is
not responding to directory service requests

Running enterprise tests on : abmauri.int
Starting test: Intersite
......................... abmauri.int passed test Intersite
Starting test: FsmoCheck
Error: The server returned by DsGetDcName() did not match
DsListRoles()
for the PDC
......................... abmauri.int passed test FsmoCheck

C:\Program Files\Support Tools>

Hello Alexyy,

Is the new DC also DNS server and are all machines configured to use it on
the NIC, sounds not? Also make it Global catalog server, you need the new
DC to be also GC when you will remove the old one.

Check with this steps if you followed them:
!!!NEVER START BEFORE HAVING CREATED AND TESTED A BACKUP OF YOUR DATA/MACHINE!!!

One question first:
Is the old server also Exchange server and will it be taken out of the domain
forever, when the new server is running?

- On the old server open DNS management console and check that you are running
Active directory integrated zone (easier for replication, if you have more
then one DNS server)

- run replmon from the run line or repadmin /showreps (only if more then
one DC exist), dcdiag and netdiag from the command prompt on the old machine
to check for errors, if you have some post the complete output from the command
here or solve them first. For this tools you have to install the support\tools\suptools.msi
from the 2000 or 2003 installation disk.

- run adprep /forestprep and adprep /domainprep from the 2003 installation
disk against the 2000 server, with an account that is member of the Schema
admins, to upgrade the schema to the new version

- Install the new machine as a member server in your existing domain

- configure a fixed ip and set the preferred DNS server to the old DNS server
only

- run dcpromo and follow the wizard to add the 2003 server to an existing
domain

- if you are prompted for DNS configuration choose Yes (also possible that
no DNS preparation occur), then install DNS after the reboot

- for DNS give the server time for replication, at least 15 minutes. Because
you use Active directory integrated zones it will automatically replicate
the zones to the new server. Open DNS management console to check that they
appear

- if the new machine is domain controller and DNS server run again replmon,
dcdiag and netdiag on both domain controllers

- if you have no errors, make the new server Global catalog server, open
Active directory Sites and Services and then double-click sitename, double-click
Servers, click your domain controller, right-click NTDS Settings, and then
click Properties, on the General tab, click to select the Global catalog
check box (http://support.microsoft.com/?id=313994)

- Transfer, NOT seize the 5 FSMO roles to the new Domain controller (http://support.microsoft.com/kb/324801)

- you can see in the event viewer (Directory service) that the roles are
transferred, also give it some time

- reconfigure the DNS configuration on your NIC of the 2003 server, preferred
DNS itself, secondary the old one

- if you use DHCP do not forget to reconfigure the scope settings to point
to the new installed DNS server

- export and import of DHCP database (if needed) (http://support.microsoft.com/kb/325473)

- backup WINS (http://technet.microsoft.com/en-us/l.../cc727901.aspx)

- restore WINS (http://technet.microsoft.com/en-us/l.../cc727960.aspx)


Demoting the old DC (if needed)

- reconfigure your clients/servers that they not longer point to the old
DC/DNS server on the NIC

- to be sure that everything runs fine, disconnect the old DC from the network
and check with clients and servers the connectivity, logon and also with
one client a restart to see that everything is ok

- then run dcpromo to demote the old DC, if it works fine the machine will
move from the DC's OU to the computers container, where you can delete it
by hand. Can be that you got an error during demoting at the beginning, then
uncheck the Global catalog on that DC and try again

- check the DNS management console, that all entries from the machine are
disappeared or delete them by hand if the machine is off the network for ever

- also you have to start AD sites and services and delete the old servername
under the site, this will not be done during demotion

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hi
>
> I tried upgrading my windows 2000 domain controller (with sp4) to
> windows 2003 (with sp2) domain controller.I have single domain
> controller in my organisation.I have made my windows 2003 as additonal
> domain controller and tried moving the fsmo roles via ntdsutil tool. i
> got succes, After shutting down my old windows 2000 server i tried
> login from test server and pc's i was not able to login.I get a error
> message no domain server found.if i start my old 2000 server all my
> pc are able to login.
>
> I am ataching the error log which i genrated from both the server (win
> 2000
> & 2003) via dcdiag tool.Need help to resolve this problem
> Regards
> Alexyy
> error log from both the server
>
> WINDOWS 2003 SERVER Error
>
> C:\Documents and Settings\Administrator.ABMAURI>dcdiag
>
> Domain Controller Diagnosis
>
> Performing initial setup:
> Done gathering initial info.
> Doing initial required tests
>
> Testing server: Default-First-Site-Name\DATASERVER
> Starting test: Connectivity
> The host
> 8915e3e5-0e71-4c9f-a92a-6b3c1a2f9781._msdcs.abmauri.int
> could
> not be resolved to an
> IP address. Check the DNS server, DHCP, server name, etc
> Although the Guid DNS name
> (8915e3e5-0e71-4c9f-a92a-6b3c1a2f9781._msdcs.abmauri.int)
> couldn't be
> resolved, the server name (dataserver.abmauri.int) resolved
> to the IP
> address (192.168.0.11) and was pingable. Check that the IP
> address
> is
> registered correctly with the DNS server.
> ......................... DATASERVER failed test Connectivity
> Doing primary tests
>
> Testing server: Default-First-Site-Name\DATASERVER
> Skipping all tests, because server DATASERVER is
> not responding to directory service requests
> Running partition tests on : ForestDnsZones
> Starting test: CrossRefValidation
> ......................... ForestDnsZones passed test
> CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... ForestDnsZones passed test
> CheckSDRefDom
> Running partition tests on : DomainDnsZones
> Starting test: CrossRefValidation
> ......................... DomainDnsZones passed test
> CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... DomainDnsZones passed test
> CheckSDRefDom
> Running partition tests on : Schema
> Starting test: CrossRefValidation
> ......................... Schema passed test
> CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... Schema passed test CheckSDRefDom
> Running partition tests on : Configuration
> Starting test: CrossRefValidation
> ......................... Configuration passed test
> CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... Configuration passed test
> CheckSDRefDom
> Running partition tests on : abmauri
> Starting test: CrossRefValidation
> ......................... abmauri passed test
> CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... abmauri passed test CheckSDRefDom
> Running enterprise tests on : abmauri.int
> Starting test: Intersite
> ......................... abmauri.int passed test Intersite
> Starting test: FsmoCheck
> Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error
> 1355
> A Global Catalog Server could not be located - All GC's are
> down.
> Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
> A Time Server could not be located.
> The server holding the PDC role is down.
> Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
> A KDC could not be located - All the KDCs are down.
> ......................... abmauri.int failed test FsmoCheck
> C:\Documents and Settings\Administrator.ABMAURI>
> C:\Documents and Settings\Administrator.ABMAURI>
> ================================================== ====================
> ==================================
> WINDOWS 2000 SERVER Error
>
> C:\Program Files\Support Tools>dcdiag
>
> DC Diagnosis
>
> Performing initial setup:
> Done gathering initial info.
> Doing initial non skippeable tests
>
> Testing server: Default-First-Site-Name\MAINSERVER
> Starting test: Connectivity
> MAINSERVER's server GUID DNS name could not be resolved to an
> IP address. Check the DNS server, DHCP, server name, etc
> Although the Guid DNS name
> (f6395252-5abc-4524-bd9f-5c8688aabfda._msdcs.abmauri.int)
> couldn't be
> resolved, the server name (mainserver.abmauri.int) resolved
> to the IP
> address (192.168.0.5) and was pingable. Check that the IP
> address is
> registered correctly with the DNS server.
> ......................... MAINSERVER failed test Connectivity
> Doing primary tests
>
> Testing server: Default-First-Site-Name\MAINSERVER
> Skipping all tests, because server MAINSERVER is
> not responding to directory service requests
> Running enterprise tests on : abmauri.int
> Starting test: Intersite
> ......................... abmauri.int passed test Intersite
> Starting test: FsmoCheck
> Error: The server returned by DsGetDcName() did not match
> DsListRoles()
> for the PDC
> ......................... abmauri.int passed test FsmoCheck
> C:\Program Files\Support Tools>
>

Check out an article I have on Decommissioning a DC at:
http://www.pbbergs.com/windows/articles.htm

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Alexyy" <> wrote in message
news:C02A0D79-B6DA-4A41-9D8F-...
> Hi
>
>
> I tried upgrading my windows 2000 domain controller (with sp4) to windows
> 2003 (with sp2) domain controller.I have single domain controller in my
> organisation.I have made my windows 2003 as additonal domain controller
> and
> tried moving the fsmo roles via ntdsutil tool. i got succes, After
> shutting
> down my old windows 2000 server i tried login from test server and pc's i
> was
> not able to login.I get a error message no domain server found.if i start
> my
> old 2000 server all my pc are able to login.
>
> I am ataching the error log which i genrated from both the server (win
> 2000
> & 2003) via dcdiag tool.Need help to resolve this problem
> Regards
> Alexyy
>
> error log from both the server
>
> WINDOWS 2003 SERVER Error
>
>
> C:\Documents and Settings\Administrator.ABMAURI>dcdiag
>
> Domain Controller Diagnosis
>
> Performing initial setup:
> Done gathering initial info.
>
> Doing initial required tests
>
> Testing server: Default-First-Site-Name\DATASERVER
> Starting test: Connectivity
> The host 8915e3e5-0e71-4c9f-a92a-6b3c1a2f9781._msdcs.abmauri.int
> could
> not be resolved to an
> IP address. Check the DNS server, DHCP, server name, etc
> Although the Guid DNS name
> (8915e3e5-0e71-4c9f-a92a-6b3c1a2f9781._msdcs.abmauri.int) couldn't
> be
> resolved, the server name (dataserver.abmauri.int) resolved to the
> IP
> address (192.168.0.11) and was pingable. Check that the IP
> address
> is
> registered correctly with the DNS server.
> ......................... DATASERVER failed test Connectivity
>
> Doing primary tests
>
> Testing server: Default-First-Site-Name\DATASERVER
> Skipping all tests, because server DATASERVER is
> not responding to directory service requests
>
> Running partition tests on : ForestDnsZones
> Starting test: CrossRefValidation
> ......................... ForestDnsZones passed test
> CrossRefValidation
>
> Starting test: CheckSDRefDom
> ......................... ForestDnsZones passed test CheckSDRefDom
>
> Running partition tests on : DomainDnsZones
> Starting test: CrossRefValidation
> ......................... DomainDnsZones passed test
> CrossRefValidation
>
> Starting test: CheckSDRefDom
> ......................... DomainDnsZones passed test CheckSDRefDom
>
> Running partition tests on : Schema
> Starting test: CrossRefValidation
> ......................... Schema passed test CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... Schema passed test CheckSDRefDom
>
> Running partition tests on : Configuration
> Starting test: CrossRefValidation
> ......................... Configuration passed test
> CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... Configuration passed test CheckSDRefDom
>
> Running partition tests on : abmauri
> Starting test: CrossRefValidation
> ......................... abmauri passed test CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... abmauri passed test CheckSDRefDom
>
> Running enterprise tests on : abmauri.int
> Starting test: Intersite
> ......................... abmauri.int passed test Intersite
> Starting test: FsmoCheck
> Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
> A Global Catalog Server could not be located - All GC's are down.
> Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
> A Time Server could not be located.
> The server holding the PDC role is down.
> Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
> A KDC could not be located - All the KDCs are down.
> ......................... abmauri.int failed test FsmoCheck
>
> C:\Documents and Settings\Administrator.ABMAURI>
> C:\Documents and Settings\Administrator.ABMAURI>
> ================================================== ================================================== ====
>
>
> WINDOWS 2000 SERVER Error
>
>
>
> C:\Program Files\Support Tools>dcdiag
>
> DC Diagnosis
>
> Performing initial setup:
> Done gathering initial info.
>
> Doing initial non skippeable tests
>
> Testing server: Default-First-Site-Name\MAINSERVER
> Starting test: Connectivity
> MAINSERVER's server GUID DNS name could not be resolved to an
> IP address. Check the DNS server, DHCP, server name, etc
> Although the Guid DNS name
> (f6395252-5abc-4524-bd9f-5c8688aabfda._msdcs.abmauri.int) couldn't
> be
> resolved, the server name (mainserver.abmauri.int) resolved to the
> IP
> address (192.168.0.5) and was pingable. Check that the IP address
> is
> registered correctly with the DNS server.
> ......................... MAINSERVER failed test Connectivity
>
> Doing primary tests
>
> Testing server: Default-First-Site-Name\MAINSERVER
> Skipping all tests, because server MAINSERVER is
> not responding to directory service requests
>
> Running enterprise tests on : abmauri.int
> Starting test: Intersite
> ......................... abmauri.int passed test Intersite
> Starting test: FsmoCheck
> Error: The server returned by DsGetDcName() did not match
> DsListRoles()
> for the PDC
> ......................... abmauri.int passed test FsmoCheck
>
> C:\Program Files\Support Tools>
>

Hi Meinolf !!!

I have exact problem.

I did everything mentioned here, but problem still exists !

In order to replace old win 2000 sp4 dc (DC1), Last year I did migration based on explanation I found on Petri's site, which is exactly as you mentioned here !

So I mirrored, so to speak, the new win 2003 r2 dc (DC2) with file structure, and active directory exactly like it is on DC1, along with group policy rules, but when I turned off DC1, problem arises: no production user can log in !!! I noticed that, when I was logged in on DC2 which is now main DC, that I couldn't access for some time on the location SYSVOL !!!!

I think that a dns is making this problem although I checked all main services, dns, dhcp, ad, gpolicy.

I also noticed, that when I created new domain user, having DC1 turned off, above problem DOES NOT EXIST (!?!?!?) in other words, problem exists ONLY with production users !!!

Please help, I am in big trouble,...



Alexyy wrote:

Error not able to loging after upgrading domain controller
22-Oct-09

H

I tried upgrading my windows 2000 domain controller (with sp4) to window
2003 (with sp2) domain controller.I have single domain controller in m
organisation.I have made my windows 2003 as additonal domain controller an
tried moving the fsmo roles via ntdsutil tool. i got succes, After shuttin
down my old windows 2000 server i tried login from test server and pc's i wa
not able to login.I get a error message no domain server found.if i start m
old 2000 server all my pc are able to login

I am ataching the error log which i genrated from both the server (win 200
& 2003) via dcdiag tool.Need help to resolve this proble
Regard
Alexy

error log from both the serve

WINDOWS 2003 SERVER Erro

C:\Documents and Settings\Administrator.ABMAURI>dcdia

Domain Controller Diagnosi

Performing initial setup
Done gathering initial info

Doing initial required test

Testing server: Default-First-Site-Name\DATASERVE
Starting test: Connectivit
The host 8915e3e5-0e71-4c9f-a92a-6b3c1a2f9781._msdcs.abmauri.in
coul
not be resolved to a
IP address. Check the DNS server, DHCP, server name, et
Although the Guid DNS nam
(8915e3e5-0e71-4c9f-a92a-6b3c1a2f9781._msdcs.abmauri.int) could not b
resolved, the server name (dataserver.abmauri.int) resolved to the I
address (192.168.0.11) and was pingable. Check that the IP addres
i
registered correctly with the DNS server
.......................... DATASERVER failed test Connectivit

Doing primary test

Testing server: Default-First-Site-Name\DATASERVE
Skipping all tests, because server DATASERVER i
not responding to directory service request

Running partition tests on : ForestDnsZone
Starting test: CrossRefValidatio
.......................... ForestDnsZones passed tes
CrossRefValidatio

Starting test: CheckSDRefDo
.......................... ForestDnsZones passed test CheckSDRefDo

Running partition tests on : DomainDnsZone
Starting test: CrossRefValidatio
.......................... DomainDnsZones passed tes
CrossRefValidatio

Starting test: CheckSDRefDo
.......................... DomainDnsZones passed test CheckSDRefDo

Running partition tests on : Schem
Starting test: CrossRefValidatio
.......................... Schema passed test CrossRefValidatio
Starting test: CheckSDRefDo
.......................... Schema passed test CheckSDRefDo

Running partition tests on : Configuratio
Starting test: CrossRefValidatio
.......................... Configuration passed tes
CrossRefValidatio
Starting test: CheckSDRefDo
.......................... Configuration passed test CheckSDRefDo

Running partition tests on : abmaur
Starting test: CrossRefValidatio
.......................... abmauri passed test CrossRefValidatio
Starting test: CheckSDRefDo
.......................... abmauri passed test CheckSDRefDo

Running enterprise tests on : abmauri.in
Starting test: Intersit
.......................... abmauri.int passed test Intersit
Starting test: FsmoChec
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 135
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
.......................... abmauri.int failed test FsmoCheck

C:\Documents and Settings\Administrator.ABMAURI>
C:\Documents and Settings\Administrator.ABMAURI>
================================================== ================================================== ====

Previous Posts In This Thread:

On Thursday, October 22, 2009 1:03 PM
Alexyy wrote:

Error not able to loging after upgrading domain controller
Hi


I tried upgrading my windows 2000 domain controller (with sp4) to windows
2003 (with sp2) domain controller.I have single domain controller in my
organisation.I have made my windows 2003 as additonal domain controller and
tried moving the fsmo roles via ntdsutil tool. i got succes, After shutting
down my old windows 2000 server i tried login from test server and pc's i was
not able to login.I get a error message no domain server found.if i start my
old 2000 server all my pc are able to login.

I am ataching the error log which i genrated from both the server (win 2000
& 2003) via dcdiag tool.Need help to resolve this problem
Regards
Alexyy

error log from both the server

WINDOWS 2003 SERVER Error


C:\Documents and Settings\Administrator.ABMAURI>dcdiag

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\DATASERVER
Starting test: Connectivity
The host 8915e3e5-0e71-4c9f-a92a-6b3c1a2f9781._msdcs.abmauri.int
could
not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(8915e3e5-0e71-4c9f-a92a-6b3c1a2f9781._msdcs.abmauri.int) could not be
resolved, the server name (dataserver.abmauri.int) resolved to the IP
address (192.168.0.11) and was pingable. Check that the IP address
is
registered correctly with the DNS server.
.......................... DATASERVER failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\DATASERVER
Skipping all tests, because server DATASERVER is
not responding to directory service requests

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
.......................... ForestDnsZones passed test
CrossRefValidation

Starting test: CheckSDRefDom
.......................... ForestDnsZones passed test CheckSDRefDom

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
.......................... DomainDnsZones passed test
CrossRefValidation

Starting test: CheckSDRefDom
.......................... DomainDnsZones passed test CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
.......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
.......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
.......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
.......................... Configuration passed test CheckSDRefDom

Running partition tests on : abmauri
Starting test: CrossRefValidation
.......................... abmauri passed test CrossRefValidation
Starting test: CheckSDRefDom
.......................... abmauri passed test CheckSDRefDom

Running enterprise tests on : abmauri.int
Starting test: Intersite
.......................... abmauri.int passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
.......................... abmauri.int failed test FsmoCheck

C:\Documents and Settings\Administrator.ABMAURI>
C:\Documents and Settings\Administrator.ABMAURI>
================================================== ================================================== ====

On Friday, October 23, 2009 5:34 AM
Meinolf Weber [MVP-DS] wrote:

Hello Alexyy,Is the new DC also DNS server and are all machines configured to
Hello Alexyy,

Is the new DC also DNS server and are all machines configured to use it on
the NIC, sounds not? Also make it Global catalog server, you need the new
DC to be also GC when you will remove the old one.

Check with this steps if you followed them:
!!!NEVER START BEFORE HAVING CREATED AND TESTED A BACKUP OF YOUR DATA/MACHINE!!!

One question first:
Is the old server also Exchange server and will it be taken out of the domain
forever, when the new server is running?

- On the old server open DNS management console and check that you are running
Active directory integrated zone (easier for replication, if you have more
then one DNS server)

- run replmon from the run line or repadmin /showreps (only if more then
one DC exist), dcdiag and netdiag from the command prompt on the old machine
to check for errors, if you have some post the complete output from the command
here or solve them first. For this tools you have to install the support\tools\suptools.msi
from the 2000 or 2003 installation disk.

- run adprep /forestprep and adprep /domainprep from the 2003 installation
disk against the 2000 server, with an account that is member of the Schema
admins, to upgrade the schema to the new version

- Install the new machine as a member server in your existing domain

- configure a fixed ip and set the preferred DNS server to the old DNS server
only

- run dcpromo and follow the wizard to add the 2003 server to an existing
domain

- if you are prompted for DNS configuration choose Yes (also possible that
no DNS preparation occur), then install DNS after the reboot

- for DNS give the server time for replication, at least 15 minutes. Because
you use Active directory integrated zones it will automatically replicate
the zones to the new server. Open DNS management console to check that they
appear

- if the new machine is domain controller and DNS server run again replmon,
dcdiag and netdiag on both domain controllers

- if you have no errors, make the new server Global catalog server, open
Active directory Sites and Services and then double-click sitename, double-click
Servers, click your domain controller, right-click NTDS Settings, and then
click Properties, on the General tab, click to select the Global catalog
check box (http://support.microsoft.com/?id=313994)

- Transfer, NOT seize the 5 FSMO roles to the new Domain controller (http://support.microsoft.com/kb/324801)

- you can see in the event viewer (Directory service) that the roles are
transferred, also give it some time

- reconfigure the DNS configuration on your NIC of the 2003 server, preferred
DNS itself, secondary the old one

- if you use DHCP do not forget to reconfigure the scope settings to point
to the new installed DNS server

- export and import of DHCP database (if needed) (http://support.microsoft.com/kb/325473)

- backup WINS (http://technet.microsoft.com/en-us/l.../cc727901.aspx)

- restore WINS (http://technet.microsoft.com/en-us/l.../cc727960.aspx)


Demoting the old DC (if needed)

- reconfigure your clients/servers that they not longer point to the old
DC/DNS server on the NIC

- to be sure that everything runs fine, disconnect the old DC from the network
and check with clients and servers the connectivity, logon and also with
one client a restart to see that everything is ok

- then run dcpromo to demote the old DC, if it works fine the machine will
move from the DC's OU to the computers container, where you can delete it
by hand. Can be that you got an error during demoting at the beginning, then
uncheck the Global catalog on that DC and try again

- check the DNS management console, that all entries from the machine are
disappeared or delete them by hand if the machine is off the network for ever

- also you have to start AD sites and services and delete the old servername
under the site, this will not be done during demotion

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

On Friday, October 23, 2009 8:24 AM
Paul Bergson [MVP-DS] wrote:

Check out an article I have on Decommissioning a DC at:http://www.pbbergs.
Check out an article I have on Decommissioning a DC at:
http://www.pbbergs.com/windows/articles.htm

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

EggHeadCafe - Software Developer Portal of Choice
BASICS: ObjectDataSource Control
http://www.eggheadcafe.com/tutorials...atasource.aspx

Hello dobrivoje,

Please post an unedited repadmin /showrepl from both DCs, an unedited ipconfig
/all. Exist on the 2003 DC the sysvol and netlogon share, run net share and
post the output also?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hi Meinolf !!!
>
> I have exact problem.
>
> I did everything mentioned here, but problem still exists !
>
> In order to replace old win 2000 sp4 dc (DC1), Last year I did
> migration based on explanation I found on Petri's site, which is
> exactly as you mentioned here !
>
> So I mirrored, so to speak, the new win 2003 r2 dc (DC2) with file
> structure, and active directory exactly like it is on DC1, along with
> group policy rules, but when I turned off DC1, problem arises: no
> production user can log in !!! I noticed that, when I was logged in on
> DC2 which is now main DC, that I couldn't access for some time on the
> location SYSVOL !!!!
>
> I think that a dns is making this problem although I checked all main
> services, dns, dhcp, ad, gpolicy.
>
> I also noticed, that when I created new domain user, having DC1 turned
> off, above problem DOES NOT EXIST (!?!?!?) in other words, problem
> exists ONLY with production users !!!
>
> Please help, I am in big trouble,...
>

Dear all,

I issued DCDIAG command on the old win 2000 dc server (KOMERC=DC1) and got output below.
Just to mention that TRINITY (DC2) is win 2003 r2 first dc, and KOMERC is win 2000 dc :



Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\KOMERC
Starting test: Connectivity
.......................... KOMERC passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\KOMERC
Starting test: Replications
[TRINITY] DsBind() failed with error -2146893006,
The security context could not be established due to a failure in the requested quality of service (e.g. mutual authentication or delegation)..
.......................... KOMERC passed test Replications
Starting test: NCSecDesc
.......................... KOMERC passed test NCSecDesc
Starting test: NetLogons
.......................... KOMERC passed test NetLogons
Starting test: Advertising
.......................... KOMERC passed test Advertising
Starting test: KnowsOfRoleHolders
Warning: TRINITY is the Schema Owner, but is not responding to DS RPC Bind.
Warning: TRINITY is the Domain Owner, but is not responding to DS RPC Bind.
Warning: TRINITY is the PDC Owner, but is not responding to DS RPC Bind.
Warning: TRINITY is the Rid Owner, but is not responding to DS RPC Bind.
Warning: TRINITY is the Infrastructure Update Owner, but is not responding to DS RPC Bind.
.......................... KOMERC failed test KnowsOfRoleHolders
Starting test: RidManager
[KOMERC] DsBindWithCred() failed with error -2146893006. The security context could not be established due to a failure in the requested quality of service (e.g. mutual authentication or delegation).
.......................... KOMERC failed test RidManager
Starting test: MachineAccount
.......................... KOMERC passed test MachineAccount
Starting test: Services
.......................... KOMERC passed test Services
Starting test: ObjectsReplicated
.......................... KOMERC passed test ObjectsReplicated
Starting test: frssysvol
.......................... KOMERC passed test frssysvol
Starting test: kccevent
.......................... KOMERC passed test kccevent
Starting test: systemlog
.......................... KOMERC passed test systemlog

Running enterprise tests on : akk_domain.com
Starting test: Intersite
.......................... akk_domain.com passed test Intersite
Starting test: FsmoCheck
.......................... akk_domain.com passed test FsmoCheck



dobrivoje wrote:

after shutting down domain controller
09-Nov-09

Hi Meinolf !!!

I have exact problem.

I did everything mentioned here, but problem still exists !

In order to replace old win 2000 sp4 dc (DC1), Last year I did migration based on explanation I found on Petri's site, which is exactly as you mentioned here !

So I mirrored, so to speak, the new win 2003 r2 dc (DC2) with file structure, and active directory exactly like it is on DC1, along with group policy rules, but when I turned off DC1, problem arises: no production user can log in !!! I noticed that, when I was logged in on DC2 which is now main DC, that I couldn't access for some time on the location SYSVOL !!!!

I think that a dns is making this problem although I checked all main services, dns, dhcp, ad, gpolicy.

I also noticed, that when I created new domain user, having DC1 turned off, above problem DOES NOT EXIST (!?!?!?) in other words, problem exists ONLY with production users !!!

Please help, I am in big trouble,...

Previous Posts In This Thread:

EggHeadCafe - Software Developer Portal of Choice
SMTP Client Library / Mail Server Authentication
http://www.eggheadcafe.com/tutorials...rary--mai.aspx

Hello dobrivoje,

Please answer also the missing questions. Additional see this one:
http://support.microsoft.com/kb/249256

Can you ping between the DCs with ip address, computername and FQDN?

Any firewall running between them?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Dear all,
>
> I issued DCDIAG command on the old win 2000 dc server (KOMERC=DC1) and
> got output below. Just to mention that TRINITY (DC2) is win 2003 r2
> first dc, and KOMERC is win 2000 dc :
>
> Domain Controller Diagnosis
>
> Performing initial setup:
> Done gathering initial info.
> Doing initial required tests
>
> Testing server: Default-First-Site-Name\KOMERC
> Starting test: Connectivity
> ......................... KOMERC passed test Connectivity
> Doing primary tests
>
> Testing server: Default-First-Site-Name\KOMERC
>
> Starting test: Replications
>
> [TRINITY] DsBind() failed with error -2146893006,
>
> The security context could not be established due to a failure in the
> requested quality of service (e.g. mutual authentication or
> delegation)..
>
> ......................... KOMERC passed test Replications
>
> Starting test: NCSecDesc
>
> ......................... KOMERC passed test NCSecDesc
>
> Starting test: NetLogons
>
> ......................... KOMERC passed test NetLogons
>
> Starting test: Advertising
>
> ......................... KOMERC passed test Advertising
>
> Starting test: KnowsOfRoleHolders
>
> Warning: TRINITY is the Schema Owner, but is not responding to DS RPC
> Bind.
>
> Warning: TRINITY is the Domain Owner, but is not responding to DS RPC
> Bind.
>
> Warning: TRINITY is the PDC Owner, but is not responding to DS RPC
> Bind.
>
> Warning: TRINITY is the Rid Owner, but is not responding to DS RPC
> Bind.
>
> Warning: TRINITY is the Infrastructure Update Owner, but is not
> responding to DS RPC Bind.
>
> ......................... KOMERC failed test KnowsOfRoleHolders
>
> Starting test: RidManager
>
> [KOMERC] DsBindWithCred() failed with error -2146893006. The security
> context could not be established due to a failure in the requested
> quality of service (e.g. mutual authentication or delegation).
>
> ......................... KOMERC failed test RidManager
>
> Starting test: MachineAccount
>
> ......................... KOMERC passed test MachineAccount
>
> Starting test: Services
>
> ......................... KOMERC passed test Services
>
> Starting test: ObjectsReplicated
>
> ......................... KOMERC passed test ObjectsReplicated
>
> Starting test: frssysvol
>
> ......................... KOMERC passed test frssysvol
>
> Starting test: kccevent
>
> ......................... KOMERC passed test kccevent
>
> Starting test: systemlog
>
> ......................... KOMERC passed test systemlog
>
> Running enterprise tests on : akk_domain.com
> Starting test: Intersite
> ......................... akk_domain.com passed test Intersite
> Starting test: FsmoCheck
> ......................... akk_domain.com passed test FsmoCheck
> dobrivoje wrote:
>
> after shutting down domain controller
> 09-Nov-09
> Hi Meinolf !!!
>
> I have exact problem.
>
> I did everything mentioned here, but problem still exists !
>
> In order to replace old win 2000 sp4 dc (DC1), Last year I did
> migration based on explanation I found on Petri's site, which is
> exactly as you mentioned here !
>
> So I mirrored, so to speak, the new win 2003 r2 dc (DC2) with file
> structure, and active directory exactly like it is on DC1, along with
> group policy rules, but when I turned off DC1, problem arises: no
> production user can log in !!! I noticed that, when I was logged in on
> DC2 which is now main DC, that I couldn't access for some time on the
> location SYSVOL !!!!
>
> I think that a dns is making this problem although I checked all main
> services, dns, dhcp, ad, gpolicy.
>
> I also noticed, that when I created new domain user, having DC1 turned
> off, above problem DOES NOT EXIST (!?!?!?) in other words, problem
> exists ONLY with production users !!!
>
> Please help, I am in big trouble,...
>
> Previous Posts In This Thread:
>
> EggHeadCafe - Software Developer Portal of Choice
>
> SMTP Client Library / Mail Server Authentication
>
> http://www.eggheadcafe.com/tutorials...1-41bb-ad9e-27
> a975a37b3b/smtp-client-library--mai.aspx
>