Re: After adding 2008 DC to existing 2003 Domain

"Frankster" <> wrote in message
news: ...
> DHCP Client service fails to start on 2008. Access Denied message.
>
> Ideas?
>
> I found one MS article that suggested to add Network Service/Allow Full to
> the registry of HKLM/System/CurrentControlSet/DHCP and
> HKLM/System/CurrentControlSet/tcpip.
>
> I did that, but no-joy.
>
> -Frank
>

I assume the DC has one NIC and one IP configured, and RRAS is not enabled.

There are a couple of different error EventID#s associated with this error.
Is it EventID# 7023? If not, please post the EventID# of any errors you are
receiving.

Was this machine upgraded, or a new installation?

Have you tranferred the Domain Name Master, Schema Master and PDC Emulator
role to it, as well as made it a GC? I read one thread where the folks got
it running by transferring the FSMO roles to it, but I can't see that being
the issue, however the newer DC needs to be Schema Admin, Domain Name Master
and PDC Emulator, as well as be a GC.
http://www.experts-exchange.com/OS/M..._21961235.html

Was the tech article you were referrring to, the following?
The DHCP Client service does not start after you upgrade a Windows...
http://support.microsoft.com/kb/895149

Possibly try to disable IPv6 and disable the TCP Chimney feature.

TCP Chimney and RSS Features May Cause Slow File Transfers or Cause
Connectivity Problems
http://msmvps.com/blogs/acefekay/arc...-problems.aspx

I've recently heard that this can also be caused by the Conficker virus.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA
2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.

"Frankster" <> wrote in message
news:wMudnacNnv-...
>
> "Frankster" <> wrote in message
> news: ...
>>
>> "Ace Fekay [MCT]" <> wrote in message
>> news:...
>>> "Frankster" <> wrote in message
>>> news: ...
>>>> DHCP Client service fails to start on 2008. Access Denied message.
>>>>
>>>> Ideas?
>>>>
>>>> I found one MS article that suggested to add Network Service/Allow Full
>>>> to the registry of HKLM/System/CurrentControlSet/DHCP and
>>>> HKLM/System/CurrentControlSet/tcpip.
>>>>
>>>> I did that, but no-joy.
>>>>
>>>> -Frank
>>>>
>>>
>>> I assume the DC has one NIC and one IP configured, and RRAS is not
>>> enabled.
>>>
>>> There are a couple of different error EventID#s associated with this
>>> error. Is it EventID# 7023? If not, please post the EventID# of any
>>> errors you are receiving.
>>>
>>> Was this machine upgraded, or a new installation?
>>>
>>> Have you tranferred the Domain Name Master, Schema Master and PDC
>>> Emulator role to it, as well as made it a GC? I read one thread where
>>> the folks got it running by transferring the FSMO roles to it, but I
>>> can't see that being the issue, however the newer DC needs to be Schema
>>> Admin, Domain Name Master and PDC Emulator, as well as be a GC.
>>> http://www.experts-exchange.com/OS/M..._21961235.html
>>>
>>> Was the tech article you were referrring to, the following?
>>> The DHCP Client service does not start after you upgrade a Windows...
>>> http://support.microsoft.com/kb/895149
>>>
>>> Possibly try to disable IPv6 and disable the TCP Chimney feature.
>>>
>>> TCP Chimney and RSS Features May Cause Slow File Transfers or Cause
>>> Connectivity Problems
>>> http://msmvps.com/blogs/acefekay/arc...-problems.aspx
>>>
>>> I've recently heard that this can also be caused by the Conficker virus.
>>>
>>> --
>>> Ace
>>>
>>> This posting is provided "AS-IS" with no warranties or guarantees and
>>> confers no rights.
>>>
>>> Please reply back to the newsgroup or forum for collaboration benefit
>>> among responding engineers, and to help others benefit from your
>>> resolution.
>>>
>>> Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA
>>> 2003/2000, MCSA Messaging 2003
>>> Microsoft Certified Trainer
>>>
>>> For urgent issues, please contact Microsoft PSS directly. Please check
>>> http://support.microsoft.com for regional support phone numbers.
>>>
>>
>> Hi Ace, thanks for responding.
>>
>> Just a couple of things... This 2008 DC (have two new machines actually)
>> is destined to replace my two existing 2003 DCs in my home office
>> network. Therefore, there are not many users or machines to worry about
>> (about 5 users and 10 machines). So I can start a new Forrest/Domain
>> from scratch without too much worry if needed. That may be the quickest
>> simplest path.
>>
>> Yes, the article you quoted is the one I tried. Sorry, I left out part of
>> the registry path in my OP (services).
>>
>> Although this 2008 DC is destined to receive all the FSMO roles and then
>> completely replace the existing PDC Emulator/FSMO, I have not transferred
>> the roles yet because I didn't want to become dependent on this new unit
>> until I knew it was functioning properly. In other words, I wanted to
>> ability to reload until I got it right (LOL). I've reloaded twice so
>> far, each time removing it from the domain and starting over with a fresh
>> format/boot.
>>
>> Yes, this is an upgrade. My current 2003 DCs were upgraded from 2000DCs
>> themselves. Maybe even NT before that, I can't remember now... I guess
>> this might be part of the problem too. Although, I had no issues with
>> adprep.
>>
>> Yes, each DC (old and new) have only one NIC.
>>
>> About IPv6 - yes, I was worried about that. I haven't been using IPv6 up
>> to now and don't need it. First I tried just going through the 2008
>> dcpromo and allowing the IPv6 to remain "obtain all automatically". Then
>> I tried just disabling IPv6 via un-checking the protocol box in the
>> TCP/IP v6 properties. Neither seemed to work. And yes, the IPv4 IP is
>> static.
>>
>> I will check out your TCP Chimney article later today or tomorrow.
>> Thanks.
>>
>> If I don't come up with an answer reasonably soon, I'll probably just
>> start a new fresh 2008 Forest. Might be a good idea anyway, I dunno...
>>
>> I also read about the Confiker virus, but I highly doubt that. This has
>> happened two times now with a fresh out-of-the-box 2008 Standard load
>> (not updates or fixes). I've also tried applying the fixes and no-joy.
>> Admittedly, it does NOT OCCUR until AFTER I run dcpromo. Before that,
>> all is fine.
>>
>> What is the real PITA is that I "Activated" each time I reloaded (twice
>> so far) because I thought I was out of the woods. Next time I reload I'll
>> prolly have to call MS. PITA.
>>
>> Again, thanks for your consideration. Thankfully this is not a client's
>> site, so I have time to muck with it
>>
>> -Frank
>
> Oh... forgot... the Event log Error is 7023 DHCP Client Service failed to
> start. Access is Denied.
>
> -Frank


Wow, upgraded possibly from NT4 to 2000, 2003 and onward to 2008? How old
is the machine? The machine can actually handle 2008?

If it is an upgrade, if I may suggest, you don't necessarily have to start a
fresh forest, rather just reinstall the system from scratch and then promote
it. I think the whole issue is due to upgrading the machine. After seeing
issues with upgrades from the old 3.1 to Windows 95 path way back when, I've
never felt comfortable with upgrades. It's like painting a room that has
been wallpapered over the years with multiple layers, as well as lots of
*stuff* in the crevices that don't go away.

:-)

Ace

"Frankster" <> wrote in message
news: ...
>
> "Ace Fekay [MCT]" <> wrote in message
> news:...
>> "Frankster" <> wrote in message
>> news:wMudnacNnv-...
>>>
>>> "Frankster" <> wrote in message
>>> news: ...
>>>>
>>>> "Ace Fekay [MCT]" <> wrote in message
>>>> news:...
>>>>> "Frankster" <> wrote in message
>>>>> news: ...
>>>>>> DHCP Client service fails to start on 2008. Access Denied message.
>>>>>>
>>>>>> Ideas?
>>>>>>
>>>>>> I found one MS article that suggested to add Network Service/Allow
>>>>>> Full to the registry of HKLM/System/CurrentControlSet/DHCP and
>>>>>> HKLM/System/CurrentControlSet/tcpip.
>>>>>>
>>>>>> I did that, but no-joy.
>>>>>>
>>>>>> -Frank
>>>>>>
>>>>>
>>>>> I assume the DC has one NIC and one IP configured, and RRAS is not
>>>>> enabled.
>>>>>
>>>>> There are a couple of different error EventID#s associated with this
>>>>> error. Is it EventID# 7023? If not, please post the EventID# of any
>>>>> errors you are receiving.
>>>>>
>>>>> Was this machine upgraded, or a new installation?
>>>>>
>>>>> Have you tranferred the Domain Name Master, Schema Master and PDC
>>>>> Emulator role to it, as well as made it a GC? I read one thread where
>>>>> the folks got it running by transferring the FSMO roles to it, but I
>>>>> can't see that being the issue, however the newer DC needs to be
>>>>> Schema Admin, Domain Name Master and PDC Emulator, as well as be a GC.
>>>>> http://www.experts-exchange.com/OS/M..._21961235.html
>>>>>
>>>>> Was the tech article you were referrring to, the following?
>>>>> The DHCP Client service does not start after you upgrade a Windows...
>>>>> http://support.microsoft.com/kb/895149
>>>>>
>>>>> Possibly try to disable IPv6 and disable the TCP Chimney feature.
>>>>>
>>>>> TCP Chimney and RSS Features May Cause Slow File Transfers or Cause
>>>>> Connectivity Problems
>>>>> http://msmvps.com/blogs/acefekay/arc...-problems.aspx
>>>>>
>>>>> I've recently heard that this can also be caused by the Conficker
>>>>> virus.
>>>>>
>>>>> --
>>>>> Ace
>>>>>
>>>>> This posting is provided "AS-IS" with no warranties or guarantees and
>>>>> confers no rights.
>>>>>
>>>>> Please reply back to the newsgroup or forum for collaboration benefit
>>>>> among responding engineers, and to help others benefit from your
>>>>> resolution.
>>>>>
>>>>> Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
>>>>> MCSA 2003/2000, MCSA Messaging 2003
>>>>> Microsoft Certified Trainer
>>>>>
>>>>> For urgent issues, please contact Microsoft PSS directly. Please check
>>>>> http://support.microsoft.com for regional support phone numbers.
>>>>>
>>>>
>>>> Hi Ace, thanks for responding.
>>>>
>>>> Just a couple of things... This 2008 DC (have two new machines
>>>> actually) is destined to replace my two existing 2003 DCs in my home
>>>> office network. Therefore, there are not many users or machines to
>>>> worry about (about 5 users and 10 machines). So I can start a new
>>>> Forrest/Domain from scratch without too much worry if needed. That may
>>>> be the quickest simplest path.
>>>>
>>>> Yes, the article you quoted is the one I tried. Sorry, I left out part
>>>> of the registry path in my OP (services).
>>>>
>>>> Although this 2008 DC is destined to receive all the FSMO roles and
>>>> then completely replace the existing PDC Emulator/FSMO, I have not
>>>> transferred the roles yet because I didn't want to become dependent on
>>>> this new unit until I knew it was functioning properly. In other
>>>> words, I wanted to ability to reload until I got it right (LOL). I've
>>>> reloaded twice so far, each time removing it from the domain and
>>>> starting over with a fresh format/boot.
>>>>
>>>> Yes, this is an upgrade. My current 2003 DCs were upgraded from 2000DCs
>>>> themselves. Maybe even NT before that, I can't remember now... I guess
>>>> this might be part of the problem too. Although, I had no issues with
>>>> adprep.
>>>>
>>>> Yes, each DC (old and new) have only one NIC.
>>>>
>>>> About IPv6 - yes, I was worried about that. I haven't been using IPv6
>>>> up to now and don't need it. First I tried just going through the 2008
>>>> dcpromo and allowing the IPv6 to remain "obtain all automatically".
>>>> Then I tried just disabling IPv6 via un-checking the protocol box in
>>>> the TCP/IP v6 properties. Neither seemed to work. And yes, the IPv4 IP
>>>> is static.
>>>>
>>>> I will check out your TCP Chimney article later today or tomorrow.
>>>> Thanks.
>>>>
>>>> If I don't come up with an answer reasonably soon, I'll probably just
>>>> start a new fresh 2008 Forest. Might be a good idea anyway, I dunno...
>>>>
>>>> I also read about the Confiker virus, but I highly doubt that. This has
>>>> happened two times now with a fresh out-of-the-box 2008 Standard load
>>>> (not updates or fixes). I've also tried applying the fixes and no-joy.
>>>> Admittedly, it does NOT OCCUR until AFTER I run dcpromo. Before that,
>>>> all is fine.
>>>>
>>>> What is the real PITA is that I "Activated" each time I reloaded (twice
>>>> so far) because I thought I was out of the woods. Next time I reload
>>>> I'll prolly have to call MS. PITA.
>>>>
>>>> Again, thanks for your consideration. Thankfully this is not a
>>>> client's site, so I have time to muck with it
>>>>
>>>> -Frank
>>>
>>> Oh... forgot... the Event log Error is 7023 DHCP Client Service failed
>>> to start. Access is Denied.
>>>
>>> -Frank
>>
>>
>> Wow, upgraded possibly from NT4 to 2000, 2003 and onward to 2008? How
>> old is the machine? The machine can actually handle 2008?
>>
>> If it is an upgrade, if I may suggest, you don't necessarily have to
>> start a fresh forest, rather just reinstall the system from scratch and
>> then promote it. I think the whole issue is due to upgrading the machine.
>> After seeing issues with upgrades from the old 3.1 to Windows 95 path way
>> back when, I've never felt comfortable with upgrades. It's like painting
>> a room that has been wallpapered over the years with multiple layers, as
>> well as lots of *stuff* in the crevices that don't go away.
>>
>> :-)
>>
>> Ace
>>
>
> I guess didn't make myself clear... sorry. All the "upgrades" have been
> to new machine hardware. Via the method of introducing the new DCs (with
> new hardware) into the old Domain and decommissioning the old OS and
> machines.
>
> The current Domain is a 2003 Domain and I want to have a totally 2008
> Domain on all new hardware (2 new DCs). Then I will decommission the old
> 2003 OS and hardware. I use the term "upgrade" loosely. Just upgrading
> hardware actually.
>
> The reason I say maybe I might as well start a new Forest is just that I
> mean start from scratch with the new OS and new hardware without bringing
> the old Domain's skeletons with me. In other words, don't dcpromo my new
> machine into my existing Domain, but just begin anew by dcpromo'ing it as
> the "1st" (and only) DC, and scrap my old forest/domain. Then add the
> second new hardware 2008 DC afterward. This would come up with a
> completely fresh (default) 2008 structure without any NT/2000/2003 legacy
> users/groups/file permissions, etc. After all this time, maybe that's the
> way to go.
>
> -Frank


Ok, thanks for clearing that up. If you can do this, that would be the
cleanest method of action.

Cheers!

Ace

"Frankster" <> wrote in message
news: ...
>>> The reason I say maybe I might as well start a new Forest is just that I
>>> mean start from scratch with the new OS and new hardware without
>>> bringing the old Domain's skeletons with me. In other words, don't
>>> dcpromo my new machine into my existing Domain, but just begin anew by
>>> dcpromo'ing it as the "1st" (and only) DC, and scrap my old
>>> forest/domain. Then add the second new hardware 2008 DC afterward.
>>> This would come up with a completely fresh (default) 2008 structure
>>> without any NT/2000/2003 legacy users/groups/file permissions, etc.
>>> After all this time, maybe that's the way to go.
>>>
>>> -Frank
>>
>>
>> Ok, thanks for clearing that up. If you can do this, that would be the
>> cleanest method of action.
>>
>> Cheers!
>>
>> Ace
>>
>
> Yep! Almost done already. The new DCs are in place, DHCP configured,
> activated (I did have to call) and functioning. Old ones decomissioned.
> Just a few trivial steps to go.
>
> Thanks!
>
> -Frank


Good to hear. :-)

And you are welcome!

Ace