Please Help.... Server 2003 and 2008 domain controller problems...

Hi,

I'm replacing servers on my network with with new servers running server
2008. I'm removing the 2 old server 2003 domain controllers. One of them
crashed and I I seized all rolls and removed all records of that server with
ntdsutil. That left me with one 2003 domain controller. I then added 2 new
2008 servers and promoted them to DCs. I transfered all FSMO roles to the
new DCs and made them global catalogs, DNS servers and DHCP servers. I
pointed all DCs to themselves and eachother for DNS. I then tried to demote
the old 2003 DC to a member server to remove it from the network. It fails
with and error that says that the "last domain controller in domain" check
box in not checked, but no other DC could be contacted.

I ran dcdiag....it says that no global catalog could be contacted.....all
GCs are down. replmon showed an error but I think I got that resolved. It
seemed like replication was working, but not 100% sure....brain is mush at
this point.

Exchange 2003 is running on another 2003 server. In Exchange managment
console, it only shows the one 2003 DC as well, nothing about the 2008 DCs.

I looks like a DNS error somewhere, but I can't find the problem.

Forest and Domain functional level are set to 2003.

Please help if anyone has suggestions.

Thanks so much.

Hello DKB,

Make sure the 2003 DC is using the new DNS servers and also that all entries
are listed in the DNS zones. Uncheck the GC on the 2003 DC and try again.

Is the 2003 on the same subnet?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hi,
>
> I'm replacing servers on my network with with new servers running
> server 2008. I'm removing the 2 old server 2003 domain controllers.
> One of them crashed and I I seized all rolls and removed all records
> of that server with ntdsutil. That left me with one 2003 domain
> controller. I then added 2 new 2008 servers and promoted them to DCs.
> I transfered all FSMO roles to the new DCs and made them global
> catalogs, DNS servers and DHCP servers. I pointed all DCs to
> themselves and eachother for DNS. I then tried to demote the old 2003
> DC to a member server to remove it from the network. It fails with
> and error that says that the "last domain controller in domain" check
> box in not checked, but no other DC could be contacted.
>
> I ran dcdiag....it says that no global catalog could be
> contacted.....all GCs are down. replmon showed an error but I think I
> got that resolved. It seemed like replication was working, but not
> 100% sure....brain is mush at this point.
>
> Exchange 2003 is running on another 2003 server. In Exchange
> managment console, it only shows the one 2003 DC as well, nothing
> about the 2008 DCs.
>
> I looks like a DNS error somewhere, but I can't find the problem.
>
> Forest and Domain functional level are set to 2003.
>
> Please help if anyone has suggestions.
>
> Thanks so much.
>

Hi
Ok, first change the DNS config on all DCs. Point the preferred DNS server
to the same DC in all DCs NIC. Then restart netlogon service, after that do
from cmd "dcdiag /fix" in the 3 DCs. Do a manuall replication using repadmin
"repadmin /syncall /A /e /P" or using Active Directory Sites and Services
"NTDSSettings - Connection objects"

Wait a little, and check for errors. Additionally run dcdiag and check for
output errors. Then try again, what are the results?
--

I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MCSE, MVP Directory Services

"DKB" <> wrote in message
news:C94E4C4C-C613-415C-9732-...
> Hi,
>
> I'm replacing servers on my network with with new servers running server
> 2008. I'm removing the 2 old server 2003 domain controllers. One of them
> crashed and I I seized all rolls and removed all records of that server
> with ntdsutil. That left me with one 2003 domain controller. I then
> added 2 new 2008 servers and promoted them to DCs. I transfered all FSMO
> roles to the new DCs and made them global catalogs, DNS servers and DHCP
> servers. I pointed all DCs to themselves and eachother for DNS. I then
> tried to demote the old 2003 DC to a member server to remove it from the
> network. It fails with and error that says that the "last domain
> controller in domain" check box in not checked, but no other DC could be
> contacted.
>
> I ran dcdiag....it says that no global catalog could be contacted.....all
> GCs are down. replmon showed an error but I think I got that resolved.
> It seemed like replication was working, but not 100% sure....brain is mush
> at this point.
>
> Exchange 2003 is running on another 2003 server. In Exchange managment
> console, it only shows the one 2003 DC as well, nothing about the 2008
> DCs.
>
> I looks like a DNS error somewhere, but I can't find the problem.
>
> Forest and Domain functional level are set to 2003.
>
> Please help if anyone has suggestions.
>
> Thanks so much.

Hi
Ok, first change the DNS config on all DCs. Point the preferred DNS server
to the same DC in all DCs NIC. Then restart netlogon service, after that do
from cmd "dcdiag /fix" in the 3 DCs. Do a manuall replication using repadmin
"repadmin /syncall /A /e /P" or using Active Directory Sites and Services
"NTDSSettings - Connection objects"

Wait a little, and check for errors. Additionally run dcdiag and check for
output errors. Then try again, what are the results?

--

I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MCSE, MVP Directory Services

"DKB" <> wrote in message
news:C94E4C4C-C613-415C-9732-...
> Hi,
>
> I'm replacing servers on my network with with new servers running server
> 2008. I'm removing the 2 old server 2003 domain controllers. One of them
> crashed and I I seized all rolls and removed all records of that server
> with ntdsutil. That left me with one 2003 domain controller. I then
> added 2 new 2008 servers and promoted them to DCs. I transfered all FSMO
> roles to the new DCs and made them global catalogs, DNS servers and DHCP
> servers. I pointed all DCs to themselves and eachother for DNS. I then
> tried to demote the old 2003 DC to a member server to remove it from the
> network. It fails with and error that says that the "last domain
> controller in domain" check box in not checked, but no other DC could be
> contacted.
>
> I ran dcdiag....it says that no global catalog could be contacted.....all
> GCs are down. replmon showed an error but I think I got that resolved.
> It seemed like replication was working, but not 100% sure....brain is mush
> at this point.
>
> Exchange 2003 is running on another 2003 server. In Exchange managment
> console, it only shows the one 2003 DC as well, nothing about the 2008
> DCs.
>
> I looks like a DNS error somewhere, but I can't find the problem.
>
> Forest and Domain functional level are set to 2003.
>
> Please help if anyone has suggestions.
>
> Thanks so much.

Did you run adprep before introducing the two new 2008 dc's? If you run
ADUC on the 2008 dc's do you see the same objects you see on your 2003
server?

DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log

Post the results (Before posting modify anything that might disclose
internal info)

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.


"DKB" <> wrote in message
news:C94E4C4C-C613-415C-9732-...
> Hi,
>
> I'm replacing servers on my network with with new servers running server
> 2008. I'm removing the 2 old server 2003 domain controllers. One of them
> crashed and I I seized all rolls and removed all records of that server
> with ntdsutil. That left me with one 2003 domain controller. I then
> added 2 new 2008 servers and promoted them to DCs. I transfered all FSMO
> roles to the new DCs and made them global catalogs, DNS servers and DHCP
> servers. I pointed all DCs to themselves and eachother for DNS. I then
> tried to demote the old 2003 DC to a member server to remove it from the
> network. It fails with and error that says that the "last domain
> controller in domain" check box in not checked, but no other DC could be
> contacted.
>
> I ran dcdiag....it says that no global catalog could be contacted.....all
> GCs are down. replmon showed an error but I think I got that resolved.
> It seemed like replication was working, but not 100% sure....brain is mush
> at this point.
>
> Exchange 2003 is running on another 2003 server. In Exchange managment
> console, it only shows the one 2003 DC as well, nothing about the 2008
> DCs.
>
> I looks like a DNS error somewhere, but I can't find the problem.
>
> Forest and Domain functional level are set to 2003.
>
> Please help if anyone has suggestions.
>
> Thanks so much.

Yep, 2003 was pointed to the 2008 DC DNS. I uninstalled DNS from the 2003
DC. I unchecked GC on the 2003 DC. I checked the DNS zones, it all looked
good to me. You said "all entries"...which are you referring to? Just want
to make sure I don't miss anything. Yes, it's all on the same subnet.

I'm kicking around the idea of starting fresh with a whole new domain.
Would I be opening an ugly can of worms by doing that?


"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
news: .com...
> Hello DKB,
>
> Make sure the 2003 DC is using the new DNS servers and also that all
> entries are listed in the DNS zones. Uncheck the GC on the 2003 DC and try
> again.
>
> Is the 2003 on the same subnet?
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> Hi,
>>
>> I'm replacing servers on my network with with new servers running
>> server 2008. I'm removing the 2 old server 2003 domain controllers.
>> One of them crashed and I I seized all rolls and removed all records
>> of that server with ntdsutil. That left me with one 2003 domain
>> controller. I then added 2 new 2008 servers and promoted them to DCs.
>> I transfered all FSMO roles to the new DCs and made them global
>> catalogs, DNS servers and DHCP servers. I pointed all DCs to
>> themselves and eachother for DNS. I then tried to demote the old 2003
>> DC to a member server to remove it from the network. It fails with
>> and error that says that the "last domain controller in domain" check
>> box in not checked, but no other DC could be contacted.
>>
>> I ran dcdiag....it says that no global catalog could be
>> contacted.....all GCs are down. replmon showed an error but I think I
>> got that resolved. It seemed like replication was working, but not
>> 100% sure....brain is mush at this point.
>>
>> Exchange 2003 is running on another 2003 server. In Exchange
>> managment console, it only shows the one 2003 DC as well, nothing
>> about the 2008 DCs.
>>
>> I looks like a DNS error somewhere, but I can't find the problem.
>>
>> Forest and Domain functional level are set to 2003.
>>
>> Please help if anyone has suggestions.
>>
>> Thanks so much.
>>
>
>

I will give this a try, but it will be a few days until I can get to it. I
will post back the results.

Thanks!

"Jorge Silva" <> wrote in message
news:228B1947-718C-478D-85FF-...
> Hi
> Ok, first change the DNS config on all DCs. Point the preferred DNS server
> to the same DC in all DCs NIC. Then restart netlogon service, after that
> do from cmd "dcdiag /fix" in the 3 DCs. Do a manuall replication using
> repadmin "repadmin /syncall /A /e /P" or using Active Directory Sites and
> Services "NTDSSettings - Connection objects"
>
> Wait a little, and check for errors. Additionally run dcdiag and check for
> output errors. Then try again, what are the results?
> --
>
> I hope that the information above helps you.
> Have a Nice day.
>
> Jorge Silva
> MCSE, MVP Directory Services
>
> "DKB" <> wrote in message
> news:C94E4C4C-C613-415C-9732-...
>> Hi,
>>
>> I'm replacing servers on my network with with new servers running server
>> 2008. I'm removing the 2 old server 2003 domain controllers. One of
>> them crashed and I I seized all rolls and removed all records of that
>> server with ntdsutil. That left me with one 2003 domain controller. I
>> then added 2 new 2008 servers and promoted them to DCs. I transfered all
>> FSMO roles to the new DCs and made them global catalogs, DNS servers and
>> DHCP servers. I pointed all DCs to themselves and eachother for DNS. I
>> then tried to demote the old 2003 DC to a member server to remove it from
>> the network. It fails with and error that says that the "last domain
>> controller in domain" check box in not checked, but no other DC could be
>> contacted.
>>
>> I ran dcdiag....it says that no global catalog could be contacted.....all
>> GCs are down. replmon showed an error but I think I got that resolved.
>> It seemed like replication was working, but not 100% sure....brain is
>> mush at this point.
>>
>> Exchange 2003 is running on another 2003 server. In Exchange managment
>> console, it only shows the one 2003 DC as well, nothing about the 2008
>> DCs.
>>
>> I looks like a DNS error somewhere, but I can't find the problem.
>>
>> Forest and Domain functional level are set to 2003.
>>
>> Please help if anyone has suggestions.
>>
>> Thanks so much.
>

Hello Dan,

You can migrate to a new domain if you like with ADMTv3.1, but why? If you
do not have the real need, because your system is total screwed up or you
have to change to a new domain name, it will be lot more work and testing
needed instead of adding new DC's and removing the old one.

In ESM you have to change manual from the 2003 DC to one of the 2008 DC's
under Recipient update service. Or what do you mean with the Exchange part?
Missed it in the first answer.

As Jorge said, check replication between the DC's. And alos run on all DC's
dcdiag /v and netdiag /v to check for errors.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Yep, 2003 was pointed to the 2008 DC DNS. I uninstalled DNS from the
> 2003 DC. I unchecked GC on the 2003 DC. I checked the DNS zones, it
> all looked good to me. You said "all entries"...which are you
> referring to? Just want to make sure I don't miss anything. Yes,
> it's all on the same subnet.
>
> I'm kicking around the idea of starting fresh with a whole new domain.
> Would I be opening an ugly can of worms by doing that?
>
> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
> news: .com...
>
>> Hello DKB,
>>
>> Make sure the 2003 DC is using the new DNS servers and also that all
>> entries are listed in the DNS zones. Uncheck the GC on the 2003 DC
>> and try again.
>>
>> Is the 2003 on the same subnet?
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> Hi,
>>>
>>> I'm replacing servers on my network with with new servers running
>>> server 2008. I'm removing the 2 old server 2003 domain controllers.
>>> One of them crashed and I I seized all rolls and removed all records
>>> of that server with ntdsutil. That left me with one 2003 domain
>>> controller. I then added 2 new 2008 servers and promoted them to
>>> DCs. I transfered all FSMO roles to the new DCs and made them global
>>> catalogs, DNS servers and DHCP servers. I pointed all DCs to
>>> themselves and eachother for DNS. I then tried to demote the old
>>> 2003 DC to a member server to remove it from the network. It fails
>>> with and error that says that the "last domain controller in domain"
>>> check box in not checked, but no other DC could be contacted.
>>>
>>> I ran dcdiag....it says that no global catalog could be
>>> contacted.....all GCs are down. replmon showed an error but I think
>>> I got that resolved. It seemed like replication was working, but
>>> not 100% sure....brain is mush at this point.
>>>
>>> Exchange 2003 is running on another 2003 server. In Exchange
>>> managment console, it only shows the one 2003 DC as well, nothing
>>> about the 2008 DCs.
>>>
>>> I looks like a DNS error somewhere, but I can't find the problem.
>>>
>>> Forest and Domain functional level are set to 2003.
>>>
>>> Please help if anyone has suggestions.
>>>
>>> Thanks so much.
>>>

I will try these things tonight and see what happens. Thanks for the help
so far. I will post back results.


"Paul Bergson [MVP-DS]" <pbbergs@nopspam_msn.com> wrote in message
news:0FC4C87D-4138-44C8-B7BF-...
> Did you run adprep before introducing the two new 2008 dc's? If you run
> ADUC on the 2008 dc's do you see the same objects you see on your 2003
> server?
>
> DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log
>
> Post the results (Before posting modify anything that might disclose
> internal info)
>
> --
> Paul Bergson
> MVP - Directory Services
> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
> 2008, 2003, 2000 (Early Achiever), NT4
>
> http://www.pbbergs.com
>
> Please no e-mails, any questions should be posted in the NewsGroup This
> posting is provided "AS IS" with no warranties, and confers no rights.
>
>
> "DKB" <> wrote in message
> news:C94E4C4C-C613-415C-9732-...
>> Hi,
>>
>> I'm replacing servers on my network with with new servers running server
>> 2008. I'm removing the 2 old server 2003 domain controllers. One of
>> them crashed and I I seized all rolls and removed all records of that
>> server with ntdsutil. That left me with one 2003 domain controller. I
>> then added 2 new 2008 servers and promoted them to DCs. I transfered all
>> FSMO roles to the new DCs and made them global catalogs, DNS servers and
>> DHCP servers. I pointed all DCs to themselves and eachother for DNS. I
>> then tried to demote the old 2003 DC to a member server to remove it from
>> the network. It fails with and error that says that the "last domain
>> controller in domain" check box in not checked, but no other DC could be
>> contacted.
>>
>> I ran dcdiag....it says that no global catalog could be contacted.....all
>> GCs are down. replmon showed an error but I think I got that resolved.
>> It seemed like replication was working, but not 100% sure....brain is
>> mush at this point.
>>
>> Exchange 2003 is running on another 2003 server. In Exchange managment
>> console, it only shows the one 2003 DC as well, nothing about the 2008
>> DCs.
>>
>> I looks like a DNS error somewhere, but I can't find the problem.
>>
>> Forest and Domain functional level are set to 2003.
>>
>> Please help if anyone has suggestions.
>>
>> Thanks so much.
>

best of luck

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.


"Dan B" <> wrote in message
news:...
>I will try these things tonight and see what happens. Thanks for the help
>so far. I will post back results.
>
>
> "Paul Bergson [MVP-DS]" <pbbergs@nopspam_msn.com> wrote in message
> news:0FC4C87D-4138-44C8-B7BF-...
>> Did you run adprep before introducing the two new 2008 dc's? If you run
>> ADUC on the 2008 dc's do you see the same objects you see on your 2003
>> server?
>>
>> DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log
>>
>> Post the results (Before posting modify anything that might disclose
>> internal info)
>>
>> --
>> Paul Bergson
>> MVP - Directory Services
>> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
>> 2008, 2003, 2000 (Early Achiever), NT4
>>
>> http://www.pbbergs.com
>>
>> Please no e-mails, any questions should be posted in the NewsGroup This
>> posting is provided "AS IS" with no warranties, and confers no rights.
>>
>>
>> "DKB" <> wrote in message
>> news:C94E4C4C-C613-415C-9732-...
>>> Hi,
>>>
>>> I'm replacing servers on my network with with new servers running server
>>> 2008. I'm removing the 2 old server 2003 domain controllers. One of
>>> them crashed and I I seized all rolls and removed all records of that
>>> server with ntdsutil. That left me with one 2003 domain controller. I
>>> then added 2 new 2008 servers and promoted them to DCs. I transfered
>>> all FSMO roles to the new DCs and made them global catalogs, DNS servers
>>> and DHCP servers. I pointed all DCs to themselves and eachother for
>>> DNS. I then tried to demote the old 2003 DC to a member server to
>>> remove it from the network. It fails with and error that says that the
>>> "last domain controller in domain" check box in not checked, but no
>>> other DC could be contacted.
>>>
>>> I ran dcdiag....it says that no global catalog could be
>>> contacted.....all GCs are down. replmon showed an error but I think I
>>> got that resolved. It seemed like replication was working, but not 100%
>>> sure....brain is mush at this point.
>>>
>>> Exchange 2003 is running on another 2003 server. In Exchange managment
>>> console, it only shows the one 2003 DC as well, nothing about the 2008
>>> DCs.
>>>
>>> I looks like a DNS error somewhere, but I can't find the problem.
>>>
>>> Forest and Domain functional level are set to 2003.
>>>
>>> Please help if anyone has suggestions.
>>>
>>> Thanks so much.
>>
>
>