Re: Problems migrating AD PDC

Hello Jack,

What kind of DNS zones are you using, AD integrated? Chekc that both server
registered in the zones. Do you have also a Reverse lookup zone?

Do you have no SP1 or SP2 on the 2003 installed?

The NIC test on server 1 creates an error in netdiag output, make sure the
drivers are up to date and also the NIC itself is correct built in.
GetStats failed for 'Intel(R) PRO/1000 XT Network Connection'.
[ERROR_INVALI
D_FUNCTION]
[FATAL] - None of the netcard drivers provided satisfactory results.



Change the ip settings in new-server to:
Host Name. . . . . . . . . : new-server
IP Address . . . . . . . . : 192.168.0.185
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.0.254
Dns Servers. . . . . . . . : 192.168.0.185
192.168.0.1



Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> I really appreciate all your help. Here are the outputs:
>
> Server1 is Old Server
> New-Server is new server
> netdom query fsmo:
> Schema owner SERVER1.ars.local
> Domain role owner SERVER1.ars.local
>
> PDC role new-server.ars.local
>
> RID pool manager SERVER1.ars.local
>
> Infrastructure owner SERVER1.ars.local
>
> The command completed successfully.
>
> repadmin running command /showrepl against server localhost
>
> Default-First-Site-Name\NEW-SERVER
> DC Options: IS_GC
> Site Options: (none)
> DC object GUID: bbd5e31c-ceaf-4c89-bbaf-be1245dbf679
> DC invocationID: 56399df1-ebe1-4dd1-817a-fb046fcab5b8
> ==== INBOUND NEIGHBORS ======================================
>
> DC=ars,DC=local
> Default-First-Site-Name\SERVER1 via RPC
> DC object GUID: c834486a-c689-4f82-a4ec-85e81937e0f7
> Last attempt @ 2008-09-18 20:58:20 was successful.
> CN=Configuration,DC=ars,DC=local
> Default-First-Site-Name\SERVER1 via RPC
> DC object GUID: c834486a-c689-4f82-a4ec-85e81937e0f7
> Last attempt @ 2008-09-18 21:33:32 was successful.
> CN=Schema,CN=Configuration,DC=ars,DC=local
> Default-First-Site-Name\SERVER1 via RPC
> DC object GUID: c834486a-c689-4f82-a4ec-85e81937e0f7
> Last attempt @ 2008-09-18 20:58:20 was successful.
> DC=ForestDnsZones,DC=ars,DC=local
> Default-First-Site-Name\SERVER1 via RPC
> DC object GUID: c834486a-c689-4f82-a4ec-85e81937e0f7
> Last attempt @ 2008-09-18 20:58:20 was successful.
> DC=DomainDnsZones,DC=ars,DC=local
> Default-First-Site-Name\SERVER1 via RPC
> DC object GUID: c834486a-c689-4f82-a4ec-85e81937e0f7
> Last attempt @ 2008-09-18 21:29:30 was successful.
> ************************************************** **************
>
> DCDIAG on new server:
>
> Domain Controller Diagnosis
>
> Performing initial setup:
> Done gathering initial info.
> Doing initial required tests
>
> Testing server: Default-First-Site-Name\NEW-SERVER
> Starting test: Connectivity
> ......................... NEW-SERVER passed test Connectivity
> Doing primary tests
>
> Testing server: Default-First-Site-Name\NEW-SERVER
> Starting test: Replications
> [SERVER1] DsBindWithSpnEx() failed with error 1722,
> The RPC server is unavailable..
> ......................... NEW-SERVER passed test Replications
> Starting test: NCSecDesc
> ......................... NEW-SERVER passed test NCSecDesc
> Starting test: NetLogons
> ......................... NEW-SERVER passed test NetLogons
> Starting test: Advertising
> ......................... NEW-SERVER passed test Advertising
> Starting test: KnowsOfRoleHolders
> Warning: SERVER1 is the Schema Owner, but is not responding
> to DS
> RPC B
> ind.
> [SERVER1] LDAP search failed with error 58,
> The specified server cannot perform the requested operation..
> Warning: SERVER1 is the Schema Owner, but is not responding
> to LDAP
> Bin
> d.
> Warning: SERVER1 is the Domain Owner, but is not responding
> to DS
> RPC B
> ind.
> Warning: SERVER1 is the Domain Owner, but is not responding
> to LDAP
> Bin
> d.
> Warning: SERVER1 is the Rid Owner, but is not responding to
> DS RPC
> Bind
> .
> Warning: SERVER1 is the Rid Owner, but is not responding to
> LDAP
> Bind.
> Warning: SERVER1 is the Infrastructure Update Owner, but is
> not
> respond
> ing to DS RPC Bind.
> Warning: SERVER1 is the Infrastructure Update Owner, but is
> not
> respond
> ing to LDAP Bind.
> ......................... NEW-SERVER failed test
> KnowsOfRoleHolders
> Starting test: RidManager
> ......................... NEW-SERVER failed test RidManager
> Starting test: MachineAccount
> ......................... NEW-SERVER passed test
> MachineAccount
> Starting test: Services
> ......................... NEW-SERVER passed test Services
> Starting test: ObjectsReplicated
> ......................... NEW-SERVER passed test
> ObjectsReplicated
> Starting test: frssysvol
> ......................... NEW-SERVER passed test frssysvol
> Starting test: frsevent
> ......................... NEW-SERVER passed test frsevent
> Starting test: kccevent
> ......................... NEW-SERVER passed test kccevent
> Starting test: systemlog
> An Error Event occured. EventID: 0xC00010E1
> Time Generated: 09/18/2008 20:58:22
> (Event String could not be retrieved)
> An Error Event occured. EventID: 0x0000166D
> Time Generated: 09/18/2008 20:58:22
> Event String: Netlogon could not register the ARS<1B> name
> An Error Event occured. EventID: 0xC00010E1
> Time Generated: 09/18/2008 21:13:22
> (Event String could not be retrieved)
> An Error Event occured. EventID: 0xC00010E1
> Time Generated: 09/18/2008 21:28:22
> (Event String could not be retrieved)
> An Error Event occured. EventID: 0xC00010E1
> Time Generated: 09/18/2008 21:43:22
> (Event String could not be retrieved)
> ......................... NEW-SERVER failed test systemlog
> Starting test: VerifyReferences
> ......................... NEW-SERVER passed test
> VerifyReferences
> Running partition tests on : DomainDnsZones
> Starting test: CrossRefValidation
> ......................... DomainDnsZones passed test
> CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... DomainDnsZones passed test
> CheckSDRefDom
> Running partition tests on : ForestDnsZones
> Starting test: CrossRefValidation
> ......................... ForestDnsZones passed test
> CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... ForestDnsZones passed test
> CheckSDRefDom
> Running partition tests on : Schema
> Starting test: CrossRefValidation
> ......................... Schema passed test
> CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... Schema passed test CheckSDRefDom
> Running partition tests on : Configuration
> Starting test: CrossRefValidation
> ......................... Configuration passed test
> CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... Configuration passed test
> CheckSDRefDom
> Running partition tests on : ARS
> Starting test: CrossRefValidation
> ......................... ARS passed test CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... ARS passed test CheckSDRefDom
> Running enterprise tests on : ARS.local
> Starting test: Intersite
> ......................... ARS.local passed test Intersite
> Starting test: FsmoCheck
> Error: The server returned by DsGetDcName() did not match
> DsListRoles()
> for the PDC
> ......................... ARS.local passed test FsmoCheck
> ************************************************** ********************
>
> DCDIAG on Old Server:
>
> Domain Controller Diagnosis
>
> Performing initial setup:
> Done gathering initial info.
> Doing initial required tests
>
> Testing server: Default-First-Site-Name\SERVER1
> Starting test: Connectivity
> The host
> c834486a-c689-4f82-a4ec-85e81937e0f7._msdcs.ars.local coul
> d not be resolved to an
> IP address. Check the DNS server, DHCP, server name, etc
> Although the Guid DNS name
> (c834486a-c689-4f82-a4ec-85e81937e0f7._msdcs.ars.local)
> couldn't
> be resolved, the server name (SERVER1.ars.local) resolved to
> the
> IP address (192.168.0.1) and was pingable. Check that the IP
> address
> is registered correctly with the DNS server.
> ......................... SERVER1 failed test Connectivity
> Doing primary tests
>
> Testing server: Default-First-Site-Name\SERVER1
> Skipping all tests, because server SERVER1 is
> not responding to directory service requests
> Running partition tests on : ForestDnsZones
> Starting test: CrossRefValidation
> ......................... ForestDnsZones passed test
> CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... ForestDnsZones passed test
> CheckSDRefDom
> Running partition tests on : DomainDnsZones
> Starting test: CrossRefValidation
> ......................... DomainDnsZones passed test
> CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... DomainDnsZones passed test
> CheckSDRefDom
> Running partition tests on : Schema
> Starting test: CrossRefValidation
> ......................... Schema passed test
> CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... Schema passed test CheckSDRefDom
> Running partition tests on : Configuration
> Starting test: CrossRefValidation
> ......................... Configuration passed test
> CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... Configuration passed test
> CheckSDRefDom
> Running partition tests on : ars
> Starting test: CrossRefValidation
> ......................... ars passed test CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... ars passed test CheckSDRefDom
> Running enterprise tests on : ars.local
> Starting test: Intersite
> ......................... ars.local passed test Intersite
> Starting test: FsmoCheck
> Error: The server returned by DsGetDcName() did not match
> DsListRoles()
> for the PDC
> ......................... ars.local passed test FsmoCheck
> ************************************************** ********************
> **
>
> NETDIAG ON NEW SERVER:
>
> Computer Name: NEW-SERVER
> DNS Host Name: new-server.ars.local
> System info : Microsoft Windows Server 2003 (Build 3790)
> Processor : x86 Family 6 Model 15 Stepping 13, GenuineIntel
> List of installed hotfixes :
> Q147222
> Netcard queries test . . . . . . . : Passed
>
> Per interface results:
>
> Adapter : Local Area Connection
>
> Netcard queries test . . . : Passed
>
> Host Name. . . . . . . . . : new-server
> IP Address . . . . . . . . : 192.168.0.185
> Subnet Mask. . . . . . . . : 255.255.255.0
> Default Gateway. . . . . . : 192.168.0.254
> Dns Servers. . . . . . . . : 192.168.0.1
> 192.168.0.185
> AutoConfiguration results. . . . . . : Passed
>
> Default gateway test . . . : Passed
>
> NetBT name test. . . . . . : Passed
> [WARNING] At least one of the <00> 'WorkStation Service', <03>
> 'Messenge
> r Service', <20> 'WINS' names is missing.
>
> WINS service test. . . . . : Skipped
> There are no WINS servers configured for this interface.
> Global results:
>
> Domain membership test . . . . . . : Passed
>
> NetBT transports test. . . . . . . : Passed
> List of NetBt transports currently configured:
> NetBT_Tcpip_{1564DF95-1390-4C84-8E00-D154F9AED25D}
> 1 NetBt transport currently configured.
> Autonet address test . . . . . . . : Passed
>
> IP loopback ping test. . . . . . . : Passed
>
> Default gateway test . . . . . . . : Passed
>
> NetBT name test. . . . . . . . . . : Passed
> [WARNING] You don't have a single interface with the <00>
> 'WorkStation
> Servi
> ce', <03> 'Messenger Service', <20> 'WINS' names defined.
>
> Winsock test . . . . . . . . . . . : Passed
>
> DNS test . . . . . . . . . . . . . : Failed
> [WARNING] The DNS entries for this DC are not registered correctly
> on
> DNS se
> rver '192.168.0.1'. Please wait for 30 minutes for DNS server
> replication.
> [WARNING] The DNS entries for this DC are not registered correctly
> on
> DNS se
> rver '192.168.0.185'. Please wait for 30 minutes for DNS server
> replication.
> [FATAL] No DNS servers have the DNS records for this DC
> registered.
> Redir and Browser test . . . . . . : Passed
> List of NetBt transports currently bound to the Redir
> NetBT_Tcpip_{1564DF95-1390-4C84-8E00-D154F9AED25D}
> The redir is bound to 1 NetBt transport.
> List of NetBt transports currently bound to the browser
> NetBT_Tcpip_{1564DF95-1390-4C84-8E00-D154F9AED25D}
> The browser is bound to 1 NetBt transport.
> DC discovery test. . . . . . . . . : Passed
>
> DC list test . . . . . . . . . . . : Passed
>
> Trust relationship test. . . . . . : Skipped
>
> Kerberos test. . . . . . . . . . . : Passed
>
> LDAP test. . . . . . . . . . . . . : Passed
>
> Bindings test. . . . . . . . . . . : Passed
>
> WAN configuration test . . . . . . : Skipped
> No active remote access connections.
> Modem diagnostics test . . . . . . : Passed
>
> IP Security test . . . . . . . . . : Skipped
>
> Note: run "netsh ipsec dynamic show /?" for more detailed
> information
>
> ************************************************** ********************
> ****** **
>
> NETDIAG ON OLD SERVER:
>
> Computer Name: SERVER1
> DNS Host Name: SERVER1.ars.local
> System info : Microsoft Windows Server 2003 (Build 3790)
> Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel
> Netcard queries test . . . . . . . : Failed
> GetStats failed for 'Intel(R) PRO/1000 XT Network Connection'.
> [ERROR_INVALI
> D_FUNCTION]
> [FATAL] - None of the netcard drivers provided satisfactory
> results.
> Per interface results:
>
> Adapter : Local Area Connection
>
> Netcard queries test . . . : Failed
> NetCard Status: UNKNOWN
> Host Name. . . . . . . . . : SERVER1
> IP Address . . . . . . . . : 192.168.0.1
> Subnet Mask. . . . . . . . : 255.255.255.0
> Default Gateway. . . . . . : 192.168.0.254
> Dns Servers. . . . . . . . : 192.168.0.1
> 192.168.0.185
> AutoConfiguration results. . . . . . : Passed
>
> Default gateway test . . . : Passed
>
> NetBT name test. . . . . . : Passed
> [WARNING] At least one of the <00> 'WorkStation Service', <03>
> 'Messenge
> r Service', <20> 'WINS' names is missing.
> No remote names have been found.
> WINS service test. . . . . : Skipped
> There are no WINS servers configured for this interface.
> Global results:
>
> Domain membership test . . . . . . : Passed
>
> NetBT transports test. . . . . . . : Passed
> List of NetBt transports currently configured:
> NetBT_Tcpip_{E4FF46BE-FF6F-4E97-8825-A3B494203996}
> 1 NetBt transport currently configured.
> Autonet address test . . . . . . . : Passed
>
> IP loopback ping test. . . . . . . : Passed
>
> Default gateway test . . . . . . . : Passed
>
> NetBT name test. . . . . . . . . . : Passed
> [WARNING] You don't have a single interface with the <00>
> 'WorkStation
> Servi
> ce', <03> 'Messenger Service', <20> 'WINS' names defined.
>
> Winsock test . . . . . . . . . . . : Passed
>
> DNS test . . . . . . . . . . . . . : Failed
> [WARNING] The DNS entries for this DC are not registered correctly
> on
> DNS se
> rver '192.168.0.1'. Please wait for 30 minutes for DNS server
> replication.
> [WARNING] The DNS entries for this DC are not registered correctly
> on
> DNS se
> rver '192.168.0.185'. Please wait for 30 minutes for DNS server
> replication.
> [FATAL] No DNS servers have the DNS records for this DC
> registered.
> Redir and Browser test . . . . . . : Passed
> List of NetBt transports currently bound to the Redir
> NetBT_Tcpip_{E4FF46BE-FF6F-4E97-8825-A3B494203996}
> The redir is bound to 1 NetBt transport.
> List of NetBt transports currently bound to the browser
> NetBT_Tcpip_{E4FF46BE-FF6F-4E97-8825-A3B494203996}
> The browser is bound to 1 NetBt transport.
> DC discovery test. . . . . . . . . : Passed
>
> DC list test . . . . . . . . . . . : Passed
>
> Trust relationship test. . . . . . : Skipped
>
> Kerberos test. . . . . . . . . . . : Passed
>
> LDAP test. . . . . . . . . . . . . : Passed
>
> Bindings test. . . . . . . . . . . : Passed
>
> WAN configuration test . . . . . . : Skipped
> No active remote access connections.
> Modem diagnostics test . . . . . . : Passed
>
> IP Security test . . . . . . . . . : Skipped
>
> ************************************************** ********************
> ****
>
> Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
> news:. com...
>
>> Hello Paul,
>>
>> For the DNS settings choose also the other DC as secondary on the
>> NIC.
>>
> Also
>
>> post the output in command window from "netdom query fsmo" without
>> the
>>
> quotes.
>
>> Then run repadmin /showrepl and post the output also. Run dcdiag and
>>
> netdiag
>
>> on both DC's and if you get errors post also the complete output.
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers
>
>> no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>> Did you configure the FORWARDERS in the DNS management console
>>>> under the server properties?
>>>>
>>> Yes. I deleted the DNS forwarders and re-entered them. I am now able
>>> to browse if I point the new serve to itself as the DNS server. I
>>> think this part is fixed. Thanks for pointing me in the right
>>> direction on this :-) :-) (or what ever a super happy face is!)
>>>
>>>> Did you move all 5 FSMO roles to the new server?
>>>>
>>> No, when I try I get "The transfer of the operations master role
>>> cannot be
>>> performed because the requested FSMO
>>> operation failed. The current FSMO holder could not be contacted"
>>>> Did you make the new DC Global catalog server?
>>>>
>>> Yes
>>>
>>> Old Server:
>>> Windows IP Configuration
>>> Host Name . . . . . . . . . . . . : SERVER1
>>> Primary Dns Suffix . . . . . . . : ars.local
>>> Node Type . . . . . . . . . . . . : Unknown
>>> IP Routing Enabled. . . . . . . . : Yes
>>> WINS Proxy Enabled. . . . . . . . : Yes
>>> DNS Suffix Search List. . . . . . : ars.local
>>> Ethernet adapter Local Area Connection:
>>> Connection-specific DNS Suffix . :
>>> Description . . . . . . . . . . . : Intel(R) PRO/1000 XT Network
>>> Connection
>>> Physical Address. . . . . . . . . : 00-0D-56-FD-47-D9
>>> DHCP Enabled. . . . . . . . . . . : No
>>> IP Address. . . . . . . . . . . . : 192.168.0.1
>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>> Default Gateway . . . . . . . . . : 192.168.0.254
>>> DNS Servers . . . . . . . . . . . : 192.168.0.1
>>> New Server:
>>> Windows IP Configuration
>>> Host Name . . . . . . . . . . . . : new-server
>>> Primary Dns Suffix . . . . . . . : ars.local
>>> Node Type . . . . . . . . . . . . : Unknown
>>> IP Routing Enabled. . . . . . . . : No
>>> WINS Proxy Enabled. . . . . . . . : No
>>> DNS Suffix Search List. . . . . . : ars.local
>>> Ethernet adapter Local Area Connection:
>>> Connection-specific DNS Suffix . :
>>> Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
>>> Ethernet
>>> Physical Address. . . . . . . . . : 00-1D-09-FF-97-24
>>> DHCP Enabled. . . . . . . . . . . : No
>>> IP Address. . . . . . . . . . . . : 192.168.0.185
>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>> Default Gateway . . . . . . . . . : 192.168.0.254
>>> DNS Servers . . . . . . . . . . . : 192.168.0.1
>>> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
>>> news:. com...
>>>> Hello Paul,
>>>>
>>>> Please post an unedited ipconfig /all from both DC's.
>>>>
>>>> Did you configure the FORWARDERS in the DNS management console
>>>> under the server properties?
>>>>
>>>> Did you move all 5 FSMO roles to the new server?
>>>>
>>>> Did you make the new DC Global catalog server?
>>>>
>>>> Best regards
>>>>
>>>> Meinolf Weber
>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>> and
>>> confers
>>>
>>>> no rights.
>>>> ** Please do NOT email, only reply to Newsgroups
>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>> So I have been going through your list. I still have not been able
>>>>> to get rid of any of the original errors that I posted.
>>>>>
>>>>> When I try to Transfer FSMO roles (change operations master,
>>>>> change schema master, etc.) I get the following: "The transfer of
>>>>> the operations master role cannot be performed because the
>>>>> requested FSMO operation failed. The current FSMO holder could not
>>>>> be contacted"
>>>>>
>>>>> As I stated in an earlier post I know that there are DNS issues.
>>>>> 1. From the event logs
>>>>> 2. If I take the old server offline and point a workstation DNS
>>>>> setting to
>>>>> the new server I cant browse.
>>>>> I am sure that all of these issues are related, but not sure how
>>>>> to
>>>>> correct.
>>>>> I have no idea what to do next
>>>>> <Meinolf Weber> wrote in message
>>>>> news:. com...
>>>>>> Hello Paul,
>>>>>>
>>>>>> Check this list for the steps you have done or not, if not do it
>>>>>> now and leave the old DC still up and running during the time:
>>>>>>
>>>>>> - On the old server open DNS management console and check that
>>>>>> you are
>>>>>>
>>>>> running
>>>>>
>>>>>> Active directory integrated zone (easier for replication, if you
>>>>>> have more then one DNS server)
>>>>>>
>>>>>> - run replmon, dcdiag and netdiag on the old machine to check for
>>>>>> errors, if you have some post the complete output from the
>>>>>> command here or solve them first
>>>>>>
>>>>>> - run adprep /forestprep and adprep /domainprep from the 2003
>>>>>> installation disk against the 2000 server, with an account that
>>>>>> is member of the Schema admins, to upgrade the schema to the new
>>>>>> version
>>>>>>
>>>>>> - Install the new machine as a member server in your existing
>>>>>> domain
>>>>>>
>>>>>> - configure a fixed ip and set the preferred DNS server to the
>>>>>> old DNS
>>>>>>
>>>>> server
>>>>>
>>>>>> only
>>>>>>
>>>>>> - run dcpromo and follow the wizard to add the 2003 server to an
>>>>>> existing domain
>>>>>>
>>>>>> - if you are prompted for DNS configuration choose Yes (also
>>>>>> possible that no DNS preparation occur), then install DNS after
>>>>>> the reboot
>>>>>>
>>>>>> - for DNS give the server time for replication, at least 15
>>>>>> minutes.
>>>>>>
>>>>> Because
>>>>>
>>>>>> you use Active directory integrated zones it will automatically
>>>>>> replicate the zones to the new server. Open DNS management
>>>>>> console to check that
>>>>>>
>>>>> they
>>>>>
>>>>>> appear
>>>>>>
>>>>>> - if the new machine is domain controller and DNS server run
>>>>>> again
>>>>>>
>>>>> replmon,
>>>>>
>>>>>> dcdiag and netdiag on both domain controllers
>>>>>>
>>>>>> - if you have no errors, make the new server Global catalog
>>>>>> server, open Active directory Sites and Services and then
>>>>>> double-click sitename,
>>>>>>
>>>>> double-click
>>>>>
>>>>>> Servers, click your domain controller, right-click NTDS Settings,
>>>>>> and then click Properties, on the General tab, click to select
>>>>>> the Global catalog check box
>>>>>> (http://support.microsoft.com/?id=313994)
>>>>>>
>>>>>> - Transfer, NOT seize the 5 FSMO roles to the new Domain
>>>>>> controller
>>>>>>
>>>>> (http://support.microsoft.com/kb/324801)
>>>>>
>>>>>> - you can see in the event viewer (Directory service) that the
>>>>>> roles are transferred, also give it some time
>>>>>>
>>>>>> - reconfigure the DNS configuration on your NIC of the 2003
>>>>>> server,
>>>>>>
>>>>> preferred
>>>>>
>>>>>> DNS itself, secondary the old one
>>>>>>
>>>>>> - if you use DHCP do not forget to reconfigure the scope settings
>>>>>> to point to the new installed DNS server
>>>>>>
>>>>>> - export and import of DHCP database (if needed)
>>>>>>
>>>>> http://support.microsoft.com/kb/325473
>>>>>
>>>>>> Demoting
>>>>>>
>>>>>> - reconfigure your clients/servers that they not longer point to
>>>>>> the old DC/DNS server on the NIC
>>>>>>
>>>>>> - to be sure that everything runs fine, disconnect the old DC
>>>>>> from the
>>>>>>
>>>>> network
>>>>>
>>>>>> and check with clients and servers the connectivity, logon and
>>>>>> also with one client a restart to see that everything is ok
>>>>>>
>>>>>> - then run dcpromo to demote the old DC, if it works fine the
>>>>>> machine will move from the DC's OU to the computers container,
>>>>>> where you can delete it by hand. Can be that you got an error
>>>>>> during demoting at the beginning,
>>>>>>
>>>>> then
>>>>>
>>>>>> uncheck the Global catalog on that DC and try again
>>>>>>
>>>>>> - check the DNS management console, that all entries from the
>>>>>> machine are disappeared or delete them by hand if the machine is
>>>>>> off the network for
>>>>>>
>>>>> ever
>>>>>
>>>>>> Best regards
>>>>>>
>>>>>> Meinolf Weber
>>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>>>> and
>>>>> confers
>>>>>
>>>>>> no rights.
>>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>>> ** HELP us help YOU!!!
>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>>> Thanks for your reply.
>>>>>>>
>>>>>>>> Did you install DNS also on the new server and point all
>>>>>>>> clients to use
>>>>>>>>
>>>>>>> it?
>>>>>>> DNS is installed. After shutting down the old server I changed
>>>>>>> the
>>>>>>> new
>>>>>>> server to the old servers IP and rebooted.
>>>>>>>> Did you configure the FORWARDERS in the DNS management console
>>>>>>>> under the server properties?
>>>>>>>>
>>>>>>> I dont think so. I just "poked" around in the DNS console and
>>>>>>> cant
>>>>>>> even find
>>>>>>> these settings.
>>>>>>> Is there a (easy) way to export the entire DNS setup from the
>>>>>>> old
>>>>>>> server?
>>>>>>>> Did you move all 5 FSMO roles to the new server?
>>>>>>>>
>>>>>>> I dont know what this means, so probably not.
>>>>>>>
>>>>>>>> Did you make the new DC Global catalog server?
>>>>>>>>
>>>>>>> Yes
>>>>>>>
>>>>>>> help... I'm over my head
>>>>>>>
>>>>>>> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
>>>>>>> news:. com...
>>>>>>>
>>>>>>>> Hello Paul,
>>>>>>>>
>>>>>>>> Did you install DNS also on the new server and point all
>>>>>>>> clients to use
>>>>>>>>
>>>>>>> it?
>>>>>>>
>>>>>>>> Did you configure the FORWARDERS in the DNS management console
>>>>>>>> under the server properties?
>>>>>>>>
>>>>>>>> Did you move all 5 FSMO roles to the new server?
>>>>>>>>
>>>>>>>> Did you make the new DC Global catalog server?
>>>>>>>>
>>>>>>>> Best regards
>>>>>>>>
>>>>>>>> Meinolf Weber
>>>>>>>> Disclaimer: This posting is provided "AS IS" with no
>>>>>>>> warranties,
>>>>>>>> and
>>>>>>> confers
>>>>>>>
>>>>>>>> no rights.
>>>>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>>>>> ** HELP us help YOU!!!
>>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>>>>> I am trying to migrate from an old W2K3 Active Directory
>>>>>>>>> domain controller to a new one. Eventually I want to remove
>>>>>>>>> the old server from the network. I have never done this before
>>>>>>>>> and it is a little bit out of my league so I Googled, read
>>>>>>>>> and hopefully followed several articles that I found, but am
>>>>>>>>> still getting some errors logged.
>>>>>>>>>
>>>>>>>>> The list of AD users, computers etc replicated over to the new
>>>>>>>>> server, but when I turn off the old one no one can log in and
>>>>>>>>> there is no Internet access. I think both of these problems
>>>>>>>>> are due to DNS (which I really understand about 1% of). There
>>>>>>>>> are no errors in the DNS log though (just info that the
>>>>>>>>> service started).
>>>>>>>>>
>>>>>>>>> Most of the computers have fixed IPs so DHCP isn't really an
>>>>>>>>> issue, but the DHCP service is also failing.
>>>>>>>>>
>>>>>>>>> I'm hoping from the log files someone can give me some
>>>>>>>>> specific things to try as opposed to links to articles that
>>>>>>>>> are above my understanding.
>>>>>>>>>
>>>>>>>>> Your help is much appreciated.
>>>>>>>>>
>>>>>>>>> System Log:
>>>>>>>>>
>>>>>>>>> Event ID 1059
>>>>>>>>> The DHCP service failed to see a directory server for
>>>>>>>>> authorization.
>>>>>>>>> Directory Service Log:
>>>>>>>>> Event ID 2088
>>>>>>>>> Active Directory could not use DNS to resolve the IP address
>>>>>>>>> of
>>>>>>>>> the
>>>>>>>>> source
>>>>>>>>> domain controller listed below. To maintain the consistency of
>>>>>>>>> Security
>>>>>>>>> groups, group policy, users and computers and their passwords,
>>>>>>>>> Active
>>>>>>>>> Directory successfully replicated using the NetBIOS or fully
>>>>>>>>> qualified
>>>>>>>>> computer name of the source domain controller.
>>>>>>>>> Invalid DNS configuration may be affecting other essential
>>>>>>>>> operations
>>>>>>>>> on
>>>>>>>>> member computers, domain controllers or application servers in
>>>>>>>>> this
>>>>>>>>> Active
>>>>>>>>> Directory forest, including logon authentication or access to
>>>>>>>>> network
>>>>>>>>> resources.
>>>>>>>>> (I cut out the rest of the error, let me know if it would be
>>>>>>>>> helpful
>>>>>>>>> to post
>>>>>>>>> the entire message)
>>>>>>>>> Event ID 1586
>>>>>>>>> The Windows NT 4.0 or earlier replication checkpoint with the
>>>>>>>>> PDC
>>>>>>>>> emulator
>>>>>>>>> master was unsuccessful.
>>>>>>>>> A full synchronization of the security accounts manager (SAM)
>>>>>>>>> database
>>>>>>>>> to domain controllers running Windows NT 4.0 and earlier might
>>>>>>>>> take
>>>>>>>>> place if the PDC emulator master role is transferred to the
>>>>>>>>> local
>>>>>>>>> domain controller before the next successful checkpoint.
>>>>>>>>> Application Log:
>>>>>>>>> Event ID5 3258
>>>>>>>>> MS DTC could not correctly process a DC Promotion/Demotion
>>>>>>>>> event.
>>>>>>>>> MS
>>>>>>>>> DTC
>>>>>>>>> will continue to function and will use the existing security
>>>>>>>>> settings.
>>>>>>>>> Error
>>>>>>>>> Specifics: %1
>>>>>>>>> Event ID 53258
>>>>>>>>> MS DTC could not correctly process a DC Promotion/Demotion
>>>>>>>>> event.
>>>>>>>>> MS
>>>>>>>>> DTC
>>>>>>>>> will continue to function and will use the existing security
>>>>>>>>> settings.
>>>>>>>>> Error
>>>>>>>>> Specifics: d:\nt\com\complus\dtc\dtc\adme\uiname.cpp:9351,
>>>>>>>>> Pid:
>>>>>>>>> 1160
>>>>>>>>> No Callstack, CmdLine: C:\WINDOWS\system32\msdtc.exe

Again, Thank you so much for all of your help. I am not sure what I did but
I successfully was able to transfer the 5 FSMO roles. Hopefully over the
weekend I will shut down the old server and see what happens to the rest of
the network.

One last question: If everything is OK after shutting down the old server
can I change the IP of the new server to the address of the old one or will
that mess up things in DNS?


"Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
news:. com...
> Hello Jack,
>
> What kind of DNS zones are you using, AD integrated? Chekc that both
server
> registered in the zones. Do you have also a Reverse lookup zone?
>
> Do you have no SP1 or SP2 on the 2003 installed?
>
> The NIC test on server 1 creates an error in netdiag output, make sure the
> drivers are up to date and also the NIC itself is correct built in.
> GetStats failed for 'Intel(R) PRO/1000 XT Network Connection'.
> [ERROR_INVALI
> D_FUNCTION]
> [FATAL] - None of the netcard drivers provided satisfactory results.
>
>
>
> Change the ip settings in new-server to:
> Host Name. . . . . . . . . : new-server
> IP Address . . . . . . . . : 192.168.0.185
> Subnet Mask. . . . . . . . : 255.255.255.0
> Default Gateway. . . . . . : 192.168.0.254
> Dns Servers. . . . . . . . : 192.168.0.185
> 192.168.0.1
>
>
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > I really appreciate all your help. Here are the outputs:
> >
> > Server1 is Old Server
> > New-Server is new server
> > netdom query fsmo:
> > Schema owner SERVER1.ars.local
> > Domain role owner SERVER1.ars.local
> >
> > PDC role new-server.ars.local
> >
> > RID pool manager SERVER1.ars.local
> >
> > Infrastructure owner SERVER1.ars.local
> >
> > The command completed successfully.
> >
> > repadmin running command /showrepl against server localhost
> >
> > Default-First-Site-Name\NEW-SERVER
> > DC Options: IS_GC
> > Site Options: (none)
> > DC object GUID: bbd5e31c-ceaf-4c89-bbaf-be1245dbf679
> > DC invocationID: 56399df1-ebe1-4dd1-817a-fb046fcab5b8
> > ==== INBOUND NEIGHBORS ======================================
> >
> > DC=ars,DC=local
> > Default-First-Site-Name\SERVER1 via RPC
> > DC object GUID: c834486a-c689-4f82-a4ec-85e81937e0f7
> > Last attempt @ 2008-09-18 20:58:20 was successful.
> > CN=Configuration,DC=ars,DC=local
> > Default-First-Site-Name\SERVER1 via RPC
> > DC object GUID: c834486a-c689-4f82-a4ec-85e81937e0f7
> > Last attempt @ 2008-09-18 21:33:32 was successful.
> > CN=Schema,CN=Configuration,DC=ars,DC=local
> > Default-First-Site-Name\SERVER1 via RPC
> > DC object GUID: c834486a-c689-4f82-a4ec-85e81937e0f7
> > Last attempt @ 2008-09-18 20:58:20 was successful.
> > DC=ForestDnsZones,DC=ars,DC=local
> > Default-First-Site-Name\SERVER1 via RPC
> > DC object GUID: c834486a-c689-4f82-a4ec-85e81937e0f7
> > Last attempt @ 2008-09-18 20:58:20 was successful.
> > DC=DomainDnsZones,DC=ars,DC=local
> > Default-First-Site-Name\SERVER1 via RPC
> > DC object GUID: c834486a-c689-4f82-a4ec-85e81937e0f7
> > Last attempt @ 2008-09-18 21:29:30 was successful.
> > ************************************************** **************
> >
> > DCDIAG on new server:
> >
> > Domain Controller Diagnosis
> >
> > Performing initial setup:
> > Done gathering initial info.
> > Doing initial required tests
> >
> > Testing server: Default-First-Site-Name\NEW-SERVER
> > Starting test: Connectivity
> > ......................... NEW-SERVER passed test Connectivity
> > Doing primary tests
> >
> > Testing server: Default-First-Site-Name\NEW-SERVER
> > Starting test: Replications
> > [SERVER1] DsBindWithSpnEx() failed with error 1722,
> > The RPC server is unavailable..
> > ......................... NEW-SERVER passed test Replications
> > Starting test: NCSecDesc
> > ......................... NEW-SERVER passed test NCSecDesc
> > Starting test: NetLogons
> > ......................... NEW-SERVER passed test NetLogons
> > Starting test: Advertising
> > ......................... NEW-SERVER passed test Advertising
> > Starting test: KnowsOfRoleHolders
> > Warning: SERVER1 is the Schema Owner, but is not responding
> > to DS
> > RPC B
> > ind.
> > [SERVER1] LDAP search failed with error 58,
> > The specified server cannot perform the requested operation..
> > Warning: SERVER1 is the Schema Owner, but is not responding
> > to LDAP
> > Bin
> > d.
> > Warning: SERVER1 is the Domain Owner, but is not responding
> > to DS
> > RPC B
> > ind.
> > Warning: SERVER1 is the Domain Owner, but is not responding
> > to LDAP
> > Bin
> > d.
> > Warning: SERVER1 is the Rid Owner, but is not responding to
> > DS RPC
> > Bind
> > .
> > Warning: SERVER1 is the Rid Owner, but is not responding to
> > LDAP
> > Bind.
> > Warning: SERVER1 is the Infrastructure Update Owner, but is
> > not
> > respond
> > ing to DS RPC Bind.
> > Warning: SERVER1 is the Infrastructure Update Owner, but is
> > not
> > respond
> > ing to LDAP Bind.
> > ......................... NEW-SERVER failed test
> > KnowsOfRoleHolders
> > Starting test: RidManager
> > ......................... NEW-SERVER failed test RidManager
> > Starting test: MachineAccount
> > ......................... NEW-SERVER passed test
> > MachineAccount
> > Starting test: Services
> > ......................... NEW-SERVER passed test Services
> > Starting test: ObjectsReplicated
> > ......................... NEW-SERVER passed test
> > ObjectsReplicated
> > Starting test: frssysvol
> > ......................... NEW-SERVER passed test frssysvol
> > Starting test: frsevent
> > ......................... NEW-SERVER passed test frsevent
> > Starting test: kccevent
> > ......................... NEW-SERVER passed test kccevent
> > Starting test: systemlog
> > An Error Event occured. EventID: 0xC00010E1
> > Time Generated: 09/18/2008 20:58:22
> > (Event String could not be retrieved)
> > An Error Event occured. EventID: 0x0000166D
> > Time Generated: 09/18/2008 20:58:22
> > Event String: Netlogon could not register the ARS<1B> name
> > An Error Event occured. EventID: 0xC00010E1
> > Time Generated: 09/18/2008 21:13:22
> > (Event String could not be retrieved)
> > An Error Event occured. EventID: 0xC00010E1
> > Time Generated: 09/18/2008 21:28:22
> > (Event String could not be retrieved)
> > An Error Event occured. EventID: 0xC00010E1
> > Time Generated: 09/18/2008 21:43:22
> > (Event String could not be retrieved)
> > ......................... NEW-SERVER failed test systemlog
> > Starting test: VerifyReferences
> > ......................... NEW-SERVER passed test
> > VerifyReferences
> > Running partition tests on : DomainDnsZones
> > Starting test: CrossRefValidation
> > ......................... DomainDnsZones passed test
> > CrossRefValidation
> > Starting test: CheckSDRefDom
> > ......................... DomainDnsZones passed test
> > CheckSDRefDom
> > Running partition tests on : ForestDnsZones
> > Starting test: CrossRefValidation
> > ......................... ForestDnsZones passed test
> > CrossRefValidation
> > Starting test: CheckSDRefDom
> > ......................... ForestDnsZones passed test
> > CheckSDRefDom
> > Running partition tests on : Schema
> > Starting test: CrossRefValidation
> > ......................... Schema passed test
> > CrossRefValidation
> > Starting test: CheckSDRefDom
> > ......................... Schema passed test CheckSDRefDom
> > Running partition tests on : Configuration
> > Starting test: CrossRefValidation
> > ......................... Configuration passed test
> > CrossRefValidation
> > Starting test: CheckSDRefDom
> > ......................... Configuration passed test
> > CheckSDRefDom
> > Running partition tests on : ARS
> > Starting test: CrossRefValidation
> > ......................... ARS passed test CrossRefValidation
> > Starting test: CheckSDRefDom
> > ......................... ARS passed test CheckSDRefDom
> > Running enterprise tests on : ARS.local
> > Starting test: Intersite
> > ......................... ARS.local passed test Intersite
> > Starting test: FsmoCheck
> > Error: The server returned by DsGetDcName() did not match
> > DsListRoles()
> > for the PDC
> > ......................... ARS.local passed test FsmoCheck
> > ************************************************** ********************
> >
> > DCDIAG on Old Server:
> >
> > Domain Controller Diagnosis
> >
> > Performing initial setup:
> > Done gathering initial info.
> > Doing initial required tests
> >
> > Testing server: Default-First-Site-Name\SERVER1
> > Starting test: Connectivity
> > The host
> > c834486a-c689-4f82-a4ec-85e81937e0f7._msdcs.ars.local coul
> > d not be resolved to an
> > IP address. Check the DNS server, DHCP, server name, etc
> > Although the Guid DNS name
> > (c834486a-c689-4f82-a4ec-85e81937e0f7._msdcs.ars.local)
> > couldn't
> > be resolved, the server name (SERVER1.ars.local) resolved to
> > the
> > IP address (192.168.0.1) and was pingable. Check that the IP
> > address
> > is registered correctly with the DNS server.
> > ......................... SERVER1 failed test Connectivity
> > Doing primary tests
> >
> > Testing server: Default-First-Site-Name\SERVER1
> > Skipping all tests, because server SERVER1 is
> > not responding to directory service requests
> > Running partition tests on : ForestDnsZones
> > Starting test: CrossRefValidation
> > ......................... ForestDnsZones passed test
> > CrossRefValidation
> > Starting test: CheckSDRefDom
> > ......................... ForestDnsZones passed test
> > CheckSDRefDom
> > Running partition tests on : DomainDnsZones
> > Starting test: CrossRefValidation
> > ......................... DomainDnsZones passed test
> > CrossRefValidation
> > Starting test: CheckSDRefDom
> > ......................... DomainDnsZones passed test
> > CheckSDRefDom
> > Running partition tests on : Schema
> > Starting test: CrossRefValidation
> > ......................... Schema passed test
> > CrossRefValidation
> > Starting test: CheckSDRefDom
> > ......................... Schema passed test CheckSDRefDom
> > Running partition tests on : Configuration
> > Starting test: CrossRefValidation
> > ......................... Configuration passed test
> > CrossRefValidation
> > Starting test: CheckSDRefDom
> > ......................... Configuration passed test
> > CheckSDRefDom
> > Running partition tests on : ars
> > Starting test: CrossRefValidation
> > ......................... ars passed test CrossRefValidation
> > Starting test: CheckSDRefDom
> > ......................... ars passed test CheckSDRefDom
> > Running enterprise tests on : ars.local
> > Starting test: Intersite
> > ......................... ars.local passed test Intersite
> > Starting test: FsmoCheck
> > Error: The server returned by DsGetDcName() did not match
> > DsListRoles()
> > for the PDC
> > ......................... ars.local passed test FsmoCheck
> > ************************************************** ********************
> > **
> >
> > NETDIAG ON NEW SERVER:
> >
> > Computer Name: NEW-SERVER
> > DNS Host Name: new-server.ars.local
> > System info : Microsoft Windows Server 2003 (Build 3790)
> > Processor : x86 Family 6 Model 15 Stepping 13, GenuineIntel
> > List of installed hotfixes :
> > Q147222
> > Netcard queries test . . . . . . . : Passed
> >
> > Per interface results:
> >
> > Adapter : Local Area Connection
> >
> > Netcard queries test . . . : Passed
> >
> > Host Name. . . . . . . . . : new-server
> > IP Address . . . . . . . . : 192.168.0.185
> > Subnet Mask. . . . . . . . : 255.255.255.0
> > Default Gateway. . . . . . : 192.168.0.254
> > Dns Servers. . . . . . . . : 192.168.0.1
> > 192.168.0.185
> > AutoConfiguration results. . . . . . : Passed
> >
> > Default gateway test . . . : Passed
> >
> > NetBT name test. . . . . . : Passed
> > [WARNING] At least one of the <00> 'WorkStation Service', <03>
> > 'Messenge
> > r Service', <20> 'WINS' names is missing.
> >
> > WINS service test. . . . . : Skipped
> > There are no WINS servers configured for this interface.
> > Global results:
> >
> > Domain membership test . . . . . . : Passed
> >
> > NetBT transports test. . . . . . . : Passed
> > List of NetBt transports currently configured:
> > NetBT_Tcpip_{1564DF95-1390-4C84-8E00-D154F9AED25D}
> > 1 NetBt transport currently configured.
> > Autonet address test . . . . . . . : Passed
> >
> > IP loopback ping test. . . . . . . : Passed
> >
> > Default gateway test . . . . . . . : Passed
> >
> > NetBT name test. . . . . . . . . . : Passed
> > [WARNING] You don't have a single interface with the <00>
> > 'WorkStation
> > Servi
> > ce', <03> 'Messenger Service', <20> 'WINS' names defined.
> >
> > Winsock test . . . . . . . . . . . : Passed
> >
> > DNS test . . . . . . . . . . . . . : Failed
> > [WARNING] The DNS entries for this DC are not registered correctly
> > on
> > DNS se
> > rver '192.168.0.1'. Please wait for 30 minutes for DNS server
> > replication.
> > [WARNING] The DNS entries for this DC are not registered correctly
> > on
> > DNS se
> > rver '192.168.0.185'. Please wait for 30 minutes for DNS server
> > replication.
> > [FATAL] No DNS servers have the DNS records for this DC
> > registered.
> > Redir and Browser test . . . . . . : Passed
> > List of NetBt transports currently bound to the Redir
> > NetBT_Tcpip_{1564DF95-1390-4C84-8E00-D154F9AED25D}
> > The redir is bound to 1 NetBt transport.
> > List of NetBt transports currently bound to the browser
> > NetBT_Tcpip_{1564DF95-1390-4C84-8E00-D154F9AED25D}
> > The browser is bound to 1 NetBt transport.
> > DC discovery test. . . . . . . . . : Passed
> >
> > DC list test . . . . . . . . . . . : Passed
> >
> > Trust relationship test. . . . . . : Skipped
> >
> > Kerberos test. . . . . . . . . . . : Passed
> >
> > LDAP test. . . . . . . . . . . . . : Passed
> >
> > Bindings test. . . . . . . . . . . : Passed
> >
> > WAN configuration test . . . . . . : Skipped
> > No active remote access connections.
> > Modem diagnostics test . . . . . . : Passed
> >
> > IP Security test . . . . . . . . . : Skipped
> >
> > Note: run "netsh ipsec dynamic show /?" for more detailed
> > information
> >
> > ************************************************** ********************
> > ****** **
> >
> > NETDIAG ON OLD SERVER:
> >
> > Computer Name: SERVER1
> > DNS Host Name: SERVER1.ars.local
> > System info : Microsoft Windows Server 2003 (Build 3790)
> > Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel
> > Netcard queries test . . . . . . . : Failed
> > GetStats failed for 'Intel(R) PRO/1000 XT Network Connection'.
> > [ERROR_INVALI
> > D_FUNCTION]
> > [FATAL] - None of the netcard drivers provided satisfactory
> > results.
> > Per interface results:
> >
> > Adapter : Local Area Connection
> >
> > Netcard queries test . . . : Failed
> > NetCard Status: UNKNOWN
> > Host Name. . . . . . . . . : SERVER1
> > IP Address . . . . . . . . : 192.168.0.1
> > Subnet Mask. . . . . . . . : 255.255.255.0
> > Default Gateway. . . . . . : 192.168.0.254
> > Dns Servers. . . . . . . . : 192.168.0.1
> > 192.168.0.185
> > AutoConfiguration results. . . . . . : Passed
> >
> > Default gateway test . . . : Passed
> >
> > NetBT name test. . . . . . : Passed
> > [WARNING] At least one of the <00> 'WorkStation Service', <03>
> > 'Messenge
> > r Service', <20> 'WINS' names is missing.
> > No remote names have been found.
> > WINS service test. . . . . : Skipped
> > There are no WINS servers configured for this interface.
> > Global results:
> >
> > Domain membership test . . . . . . : Passed
> >
> > NetBT transports test. . . . . . . : Passed
> > List of NetBt transports currently configured:
> > NetBT_Tcpip_{E4FF46BE-FF6F-4E97-8825-A3B494203996}
> > 1 NetBt transport currently configured.
> > Autonet address test . . . . . . . : Passed
> >
> > IP loopback ping test. . . . . . . : Passed
> >
> > Default gateway test . . . . . . . : Passed
> >
> > NetBT name test. . . . . . . . . . : Passed
> > [WARNING] You don't have a single interface with the <00>
> > 'WorkStation
> > Servi
> > ce', <03> 'Messenger Service', <20> 'WINS' names defined.
> >
> > Winsock test . . . . . . . . . . . : Passed
> >
> > DNS test . . . . . . . . . . . . . : Failed
> > [WARNING] The DNS entries for this DC are not registered correctly
> > on
> > DNS se
> > rver '192.168.0.1'. Please wait for 30 minutes for DNS server
> > replication.
> > [WARNING] The DNS entries for this DC are not registered correctly
> > on
> > DNS se
> > rver '192.168.0.185'. Please wait for 30 minutes for DNS server
> > replication.
> > [FATAL] No DNS servers have the DNS records for this DC
> > registered.
> > Redir and Browser test . . . . . . : Passed
> > List of NetBt transports currently bound to the Redir
> > NetBT_Tcpip_{E4FF46BE-FF6F-4E97-8825-A3B494203996}
> > The redir is bound to 1 NetBt transport.
> > List of NetBt transports currently bound to the browser
> > NetBT_Tcpip_{E4FF46BE-FF6F-4E97-8825-A3B494203996}
> > The browser is bound to 1 NetBt transport.
> > DC discovery test. . . . . . . . . : Passed
> >
> > DC list test . . . . . . . . . . . : Passed
> >
> > Trust relationship test. . . . . . : Skipped
> >
> > Kerberos test. . . . . . . . . . . : Passed
> >
> > LDAP test. . . . . . . . . . . . . : Passed
> >
> > Bindings test. . . . . . . . . . . : Passed
> >
> > WAN configuration test . . . . . . : Skipped
> > No active remote access connections.
> > Modem diagnostics test . . . . . . : Passed
> >
> > IP Security test . . . . . . . . . : Skipped
> >
> > ************************************************** ********************
> > ****
> >
> > Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
> > news:. com...
> >
> >> Hello Paul,
> >>
> >> For the DNS settings choose also the other DC as secondary on the
> >> NIC.
> >>
> > Also
> >
> >> post the output in command window from "netdom query fsmo" without
> >> the
> >>
> > quotes.
> >
> >> Then run repadmin /showrepl and post the output also. Run dcdiag and
> >>
> > netdiag
> >
> >> on both DC's and if you get errors post also the complete output.
> >>
> >> Best regards
> >>
> >> Meinolf Weber
> >> Disclaimer: This posting is provided "AS IS" with no warranties, and
> > confers
> >
> >> no rights.
> >> ** Please do NOT email, only reply to Newsgroups
> >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> >>>> Did you configure the FORWARDERS in the DNS management console
> >>>> under the server properties?
> >>>>
> >>> Yes. I deleted the DNS forwarders and re-entered them. I am now able
> >>> to browse if I point the new serve to itself as the DNS server. I
> >>> think this part is fixed. Thanks for pointing me in the right
> >>> direction on this :-) :-) (or what ever a super happy face is!)
> >>>
> >>>> Did you move all 5 FSMO roles to the new server?
> >>>>
> >>> No, when I try I get "The transfer of the operations master role
> >>> cannot be
> >>> performed because the requested FSMO
> >>> operation failed. The current FSMO holder could not be contacted"
> >>>> Did you make the new DC Global catalog server?
> >>>>
> >>> Yes
> >>>
> >>> Old Server:
> >>> Windows IP Configuration
> >>> Host Name . . . . . . . . . . . . : SERVER1
> >>> Primary Dns Suffix . . . . . . . : ars.local
> >>> Node Type . . . . . . . . . . . . : Unknown
> >>> IP Routing Enabled. . . . . . . . : Yes
> >>> WINS Proxy Enabled. . . . . . . . : Yes
> >>> DNS Suffix Search List. . . . . . : ars.local
> >>> Ethernet adapter Local Area Connection:
> >>> Connection-specific DNS Suffix . :
> >>> Description . . . . . . . . . . . : Intel(R) PRO/1000 XT Network
> >>> Connection
> >>> Physical Address. . . . . . . . . : 00-0D-56-FD-47-D9
> >>> DHCP Enabled. . . . . . . . . . . : No
> >>> IP Address. . . . . . . . . . . . : 192.168.0.1
> >>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> >>> Default Gateway . . . . . . . . . : 192.168.0.254
> >>> DNS Servers . . . . . . . . . . . : 192.168.0.1
> >>> New Server:
> >>> Windows IP Configuration
> >>> Host Name . . . . . . . . . . . . : new-server
> >>> Primary Dns Suffix . . . . . . . : ars.local
> >>> Node Type . . . . . . . . . . . . : Unknown
> >>> IP Routing Enabled. . . . . . . . : No
> >>> WINS Proxy Enabled. . . . . . . . : No
> >>> DNS Suffix Search List. . . . . . : ars.local
> >>> Ethernet adapter Local Area Connection:
> >>> Connection-specific DNS Suffix . :
> >>> Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
> >>> Ethernet
> >>> Physical Address. . . . . . . . . : 00-1D-09-FF-97-24
> >>> DHCP Enabled. . . . . . . . . . . : No
> >>> IP Address. . . . . . . . . . . . : 192.168.0.185
> >>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> >>> Default Gateway . . . . . . . . . : 192.168.0.254
> >>> DNS Servers . . . . . . . . . . . : 192.168.0.1
> >>> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
> >>> news:. com...
> >>>> Hello Paul,
> >>>>
> >>>> Please post an unedited ipconfig /all from both DC's.
> >>>>
> >>>> Did you configure the FORWARDERS in the DNS management console
> >>>> under the server properties?
> >>>>
> >>>> Did you move all 5 FSMO roles to the new server?
> >>>>
> >>>> Did you make the new DC Global catalog server?
> >>>>
> >>>> Best regards
> >>>>
> >>>> Meinolf Weber
> >>>> Disclaimer: This posting is provided "AS IS" with no warranties,
> >>>> and
> >>> confers
> >>>
> >>>> no rights.
> >>>> ** Please do NOT email, only reply to Newsgroups
> >>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> >>>>> So I have been going through your list. I still have not been able
> >>>>> to get rid of any of the original errors that I posted.
> >>>>>
> >>>>> When I try to Transfer FSMO roles (change operations master,
> >>>>> change schema master, etc.) I get the following: "The transfer of
> >>>>> the operations master role cannot be performed because the
> >>>>> requested FSMO operation failed. The current FSMO holder could not
> >>>>> be contacted"
> >>>>>
> >>>>> As I stated in an earlier post I know that there are DNS issues.
> >>>>> 1. From the event logs
> >>>>> 2. If I take the old server offline and point a workstation DNS
> >>>>> setting to
> >>>>> the new server I cant browse.
> >>>>> I am sure that all of these issues are related, but not sure how
> >>>>> to
> >>>>> correct.
> >>>>> I have no idea what to do next
> >>>>> <Meinolf Weber> wrote in message
> >>>>> news:. com...
> >>>>>> Hello Paul,
> >>>>>>
> >>>>>> Check this list for the steps you have done or not, if not do it
> >>>>>> now and leave the old DC still up and running during the time:
> >>>>>>
> >>>>>> - On the old server open DNS management console and check that
> >>>>>> you are
> >>>>>>
> >>>>> running
> >>>>>
> >>>>>> Active directory integrated zone (easier for replication, if you
> >>>>>> have more then one DNS server)
> >>>>>>
> >>>>>> - run replmon, dcdiag and netdiag on the old machine to check for
> >>>>>> errors, if you have some post the complete output from the
> >>>>>> command here or solve them first
> >>>>>>
> >>>>>> - run adprep /forestprep and adprep /domainprep from the 2003
> >>>>>> installation disk against the 2000 server, with an account that
> >>>>>> is member of the Schema admins, to upgrade the schema to the new
> >>>>>> version
> >>>>>>
> >>>>>> - Install the new machine as a member server in your existing
> >>>>>> domain
> >>>>>>
> >>>>>> - configure a fixed ip and set the preferred DNS server to the
> >>>>>> old DNS
> >>>>>>
> >>>>> server
> >>>>>
> >>>>>> only
> >>>>>>
> >>>>>> - run dcpromo and follow the wizard to add the 2003 server to an
> >>>>>> existing domain
> >>>>>>
> >>>>>> - if you are prompted for DNS configuration choose Yes (also
> >>>>>> possible that no DNS preparation occur), then install DNS after
> >>>>>> the reboot
> >>>>>>
> >>>>>> - for DNS give the server time for replication, at least 15
> >>>>>> minutes.
> >>>>>>
> >>>>> Because
> >>>>>
> >>>>>> you use Active directory integrated zones it will automatically
> >>>>>> replicate the zones to the new server. Open DNS management
> >>>>>> console to check that
> >>>>>>
> >>>>> they
> >>>>>
> >>>>>> appear
> >>>>>>
> >>>>>> - if the new machine is domain controller and DNS server run
> >>>>>> again
> >>>>>>
> >>>>> replmon,
> >>>>>
> >>>>>> dcdiag and netdiag on both domain controllers
> >>>>>>
> >>>>>> - if you have no errors, make the new server Global catalog
> >>>>>> server, open Active directory Sites and Services and then
> >>>>>> double-click sitename,
> >>>>>>
> >>>>> double-click
> >>>>>
> >>>>>> Servers, click your domain controller, right-click NTDS Settings,
> >>>>>> and then click Properties, on the General tab, click to select
> >>>>>> the Global catalog check box
> >>>>>> (http://support.microsoft.com/?id=313994)
> >>>>>>
> >>>>>> - Transfer, NOT seize the 5 FSMO roles to the new Domain
> >>>>>> controller
> >>>>>>
> >>>>> (http://support.microsoft.com/kb/324801)
> >>>>>
> >>>>>> - you can see in the event viewer (Directory service) that the
> >>>>>> roles are transferred, also give it some time
> >>>>>>
> >>>>>> - reconfigure the DNS configuration on your NIC of the 2003
> >>>>>> server,
> >>>>>>
> >>>>> preferred
> >>>>>
> >>>>>> DNS itself, secondary the old one
> >>>>>>
> >>>>>> - if you use DHCP do not forget to reconfigure the scope settings
> >>>>>> to point to the new installed DNS server
> >>>>>>
> >>>>>> - export and import of DHCP database (if needed)
> >>>>>>
> >>>>> http://support.microsoft.com/kb/325473
> >>>>>
> >>>>>> Demoting
> >>>>>>
> >>>>>> - reconfigure your clients/servers that they not longer point to
> >>>>>> the old DC/DNS server on the NIC
> >>>>>>
> >>>>>> - to be sure that everything runs fine, disconnect the old DC
> >>>>>> from the
> >>>>>>
> >>>>> network
> >>>>>
> >>>>>> and check with clients and servers the connectivity, logon and
> >>>>>> also with one client a restart to see that everything is ok
> >>>>>>
> >>>>>> - then run dcpromo to demote the old DC, if it works fine the
> >>>>>> machine will move from the DC's OU to the computers container,
> >>>>>> where you can delete it by hand. Can be that you got an error
> >>>>>> during demoting at the beginning,
> >>>>>>
> >>>>> then
> >>>>>
> >>>>>> uncheck the Global catalog on that DC and try again
> >>>>>>
> >>>>>> - check the DNS management console, that all entries from the
> >>>>>> machine are disappeared or delete them by hand if the machine is
> >>>>>> off the network for
> >>>>>>
> >>>>> ever
> >>>>>
> >>>>>> Best regards
> >>>>>>
> >>>>>> Meinolf Weber
> >>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
> >>>>>> and
> >>>>> confers
> >>>>>
> >>>>>> no rights.
> >>>>>> ** Please do NOT email, only reply to Newsgroups
> >>>>>> ** HELP us help YOU!!!
> >>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
> >>>>>>> Thanks for your reply.
> >>>>>>>
> >>>>>>>> Did you install DNS also on the new server and point all
> >>>>>>>> clients to use
> >>>>>>>>
> >>>>>>> it?
> >>>>>>> DNS is installed. After shutting down the old server I changed
> >>>>>>> the
> >>>>>>> new
> >>>>>>> server to the old servers IP and rebooted.
> >>>>>>>> Did you configure the FORWARDERS in the DNS management console
> >>>>>>>> under the server properties?
> >>>>>>>>
> >>>>>>> I dont think so. I just "poked" around in the DNS console and
> >>>>>>> cant
> >>>>>>> even find
> >>>>>>> these settings.
> >>>>>>> Is there a (easy) way to export the entire DNS setup from the
> >>>>>>> old
> >>>>>>> server?
> >>>>>>>> Did you move all 5 FSMO roles to the new server?
> >>>>>>>>
> >>>>>>> I dont know what this means, so probably not.
> >>>>>>>
> >>>>>>>> Did you make the new DC Global catalog server?
> >>>>>>>>
> >>>>>>> Yes
> >>>>>>>
> >>>>>>> help... I'm over my head
> >>>>>>>
> >>>>>>> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
> >>>>>>> news:. com...
> >>>>>>>
> >>>>>>>> Hello Paul,
> >>>>>>>>
> >>>>>>>> Did you install DNS also on the new server and point all
> >>>>>>>> clients to use
> >>>>>>>>
> >>>>>>> it?
> >>>>>>>
> >>>>>>>> Did you configure the FORWARDERS in the DNS management console
> >>>>>>>> under the server properties?
> >>>>>>>>
> >>>>>>>> Did you move all 5 FSMO roles to the new server?
> >>>>>>>>
> >>>>>>>> Did you make the new DC Global catalog server?
> >>>>>>>>
> >>>>>>>> Best regards
> >>>>>>>>
> >>>>>>>> Meinolf Weber
> >>>>>>>> Disclaimer: This posting is provided "AS IS" with no
> >>>>>>>> warranties,
> >>>>>>>> and
> >>>>>>> confers
> >>>>>>>
> >>>>>>>> no rights.
> >>>>>>>> ** Please do NOT email, only reply to Newsgroups
> >>>>>>>> ** HELP us help YOU!!!
> >>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
> >>>>>>>>> I am trying to migrate from an old W2K3 Active Directory
> >>>>>>>>> domain controller to a new one. Eventually I want to remove
> >>>>>>>>> the old server from the network. I have never done this before
> >>>>>>>>> and it is a little bit out of my league so I Googled, read
> >>>>>>>>> and hopefully followed several articles that I found, but am
> >>>>>>>>> still getting some errors logged.
> >>>>>>>>>
> >>>>>>>>> The list of AD users, computers etc replicated over to the new
> >>>>>>>>> server, but when I turn off the old one no one can log in and
> >>>>>>>>> there is no Internet access. I think both of these problems
> >>>>>>>>> are due to DNS (which I really understand about 1% of). There
> >>>>>>>>> are no errors in the DNS log though (just info that the
> >>>>>>>>> service started).
> >>>>>>>>>
> >>>>>>>>> Most of the computers have fixed IPs so DHCP isn't really an
> >>>>>>>>> issue, but the DHCP service is also failing.
> >>>>>>>>>
> >>>>>>>>> I'm hoping from the log files someone can give me some
> >>>>>>>>> specific things to try as opposed to links to articles that
> >>>>>>>>> are above my understanding.
> >>>>>>>>>
> >>>>>>>>> Your help is much appreciated.
> >>>>>>>>>
> >>>>>>>>> System Log:
> >>>>>>>>>
> >>>>>>>>> Event ID 1059
> >>>>>>>>> The DHCP service failed to see a directory server for
> >>>>>>>>> authorization.
> >>>>>>>>> Directory Service Log:
> >>>>>>>>> Event ID 2088
> >>>>>>>>> Active Directory could not use DNS to resolve the IP address
> >>>>>>>>> of
> >>>>>>>>> the
> >>>>>>>>> source
> >>>>>>>>> domain controller listed below. To maintain the consistency of
> >>>>>>>>> Security
> >>>>>>>>> groups, group policy, users and computers and their passwords,
> >>>>>>>>> Active
> >>>>>>>>> Directory successfully replicated using the NetBIOS or fully
> >>>>>>>>> qualified
> >>>>>>>>> computer name of the source domain controller.
> >>>>>>>>> Invalid DNS configuration may be affecting other essential
> >>>>>>>>> operations
> >>>>>>>>> on
> >>>>>>>>> member computers, domain controllers or application servers in
> >>>>>>>>> this
> >>>>>>>>> Active
> >>>>>>>>> Directory forest, including logon authentication or access to
> >>>>>>>>> network
> >>>>>>>>> resources.
> >>>>>>>>> (I cut out the rest of the error, let me know if it would be
> >>>>>>>>> helpful
> >>>>>>>>> to post
> >>>>>>>>> the entire message)
> >>>>>>>>> Event ID 1586
> >>>>>>>>> The Windows NT 4.0 or earlier replication checkpoint with the
> >>>>>>>>> PDC
> >>>>>>>>> emulator
> >>>>>>>>> master was unsuccessful.
> >>>>>>>>> A full synchronization of the security accounts manager (SAM)
> >>>>>>>>> database
> >>>>>>>>> to domain controllers running Windows NT 4.0 and earlier might
> >>>>>>>>> take
> >>>>>>>>> place if the PDC emulator master role is transferred to the
> >>>>>>>>> local
> >>>>>>>>> domain controller before the next successful checkpoint.
> >>>>>>>>> Application Log:
> >>>>>>>>> Event ID5 3258
> >>>>>>>>> MS DTC could not correctly process a DC Promotion/Demotion
> >>>>>>>>> event.
> >>>>>>>>> MS
> >>>>>>>>> DTC
> >>>>>>>>> will continue to function and will use the existing security
> >>>>>>>>> settings.
> >>>>>>>>> Error
> >>>>>>>>> Specifics: %1
> >>>>>>>>> Event ID 53258
> >>>>>>>>> MS DTC could not correctly process a DC Promotion/Demotion
> >>>>>>>>> event.
> >>>>>>>>> MS
> >>>>>>>>> DTC
> >>>>>>>>> will continue to function and will use the existing security
> >>>>>>>>> settings.
> >>>>>>>>> Error
> >>>>>>>>> Specifics: d:\nt\com\complus\dtc\dtc\adme\uiname.cpp:9351,
> >>>>>>>>> Pid:
> >>>>>>>>> 1160
> >>>>>>>>> No Callstack, CmdLine: C:\WINDOWS\system32\msdtc.exe
>
>

Hello Paul,

Before going on with removing the old server, you have to make sure everything
is working correctly. If you think all is fine, i would clear all event logs
and run dcdiag /v, netdiag /v and repadmin /showrepl Save the output to a
file, let the DC's run 2/3 days and run the tools again. Check then also
the event viewer for errors. Also i would create test users/groups/OU's and
andworkstations in the domain and check that they are replicated to the other
DC.

If everything is fine and no errors especially for the replication and DNS
i would start with the change/removal of the old machine.

Demoting the old DC

- in non working time from the users, change the ip from the old DC to a
free one and reboot it. Check in DNS on both DNS servers that is registered
again with the new address. Then change the ip of the new DC and also reboot
and check DNS on both servers. Give some time for replication of the addresses
in DNS.

- run ipconfig /flushdns on a workstation and ping both DC's with the new
addresses, computer names and FQDN to be sure all answers are correct.

- to be sure that everything runs fine, disconnect the old DC from the network
and check with clients and servers the connectivity, logon and also with
one client a restart to see that everything is ok, maybe 2 working days after
you made yourself a test before the users are back for work, so you are sure
nothing is different for the users accessing there resources. Reconnect after
this test the old DC

- then run dcpromo to demote the old DC, if it works fine the machine will
move from the DC's OU to the computers container, where you can delete it
by hand. Can be that you got an error during demoting at the beginning, then
uncheck the Global catalog on that DC and try again

- check the DNS management console, that all entries from the machine are
disappeared or delete them by hand if the machine is off the network for ever

- also you have to start AD sites and services and delete the old servername
under the site, this will not be done during promotion

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Again, Thank you so much for all of your help. I am not sure what I
> did but I successfully was able to transfer the 5 FSMO roles.
> Hopefully over the weekend I will shut down the old server and see
> what happens to the rest of the network.
>
> One last question: If everything is OK after shutting down the old
> server can I change the IP of the new server to the address of the old
> one or will that mess up things in DNS?
>
> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
> news:. com...
>
>> Hello Jack,
>>
>> What kind of DNS zones are you using, AD integrated? Chekc that both
>>
> server
>
>> registered in the zones. Do you have also a Reverse lookup zone?
>>
>> Do you have no SP1 or SP2 on the 2003 installed?
>>
>> The NIC test on server 1 creates an error in netdiag output, make
>> sure the
>> drivers are up to date and also the NIC itself is correct built in.
>> GetStats failed for 'Intel(R) PRO/1000 XT Network Connection'.
>> [ERROR_INVALI
>> D_FUNCTION]
>> [FATAL] - None of the netcard drivers provided satisfactory results.
>> Change the ip settings in new-server to:
>> Host Name. . . . . . . . . : new-server
>> IP Address . . . . . . . . : 192.168.0.185
>> Subnet Mask. . . . . . . . : 255.255.255.0
>> Default Gateway. . . . . . : 192.168.0.254
>> Dns Servers. . . . . . . . : 192.168.0.185
>> 192.168.0.1
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers
>
>> no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> I really appreciate all your help. Here are the outputs:
>>>
>>> Server1 is Old Server
>>> New-Server is new server
>>> netdom query fsmo:
>>> Schema owner SERVER1.ars.local
>>> Domain role owner SERVER1.ars.local
>>> PDC role new-server.ars.local
>>>
>>> RID pool manager SERVER1.ars.local
>>>
>>> Infrastructure owner SERVER1.ars.local
>>>
>>> The command completed successfully.
>>>
>>> repadmin running command /showrepl against server localhost
>>>
>>> Default-First-Site-Name\NEW-SERVER
>>> DC Options: IS_GC
>>> Site Options: (none)
>>> DC object GUID: bbd5e31c-ceaf-4c89-bbaf-be1245dbf679
>>> DC invocationID: 56399df1-ebe1-4dd1-817a-fb046fcab5b8
>>> ==== INBOUND NEIGHBORS ======================================
>>> DC=ars,DC=local
>>> Default-First-Site-Name\SERVER1 via RPC
>>> DC object GUID: c834486a-c689-4f82-a4ec-85e81937e0f7
>>> Last attempt @ 2008-09-18 20:58:20 was successful.
>>> CN=Configuration,DC=ars,DC=local
>>> Default-First-Site-Name\SERVER1 via RPC
>>> DC object GUID: c834486a-c689-4f82-a4ec-85e81937e0f7
>>> Last attempt @ 2008-09-18 21:33:32 was successful.
>>> CN=Schema,CN=Configuration,DC=ars,DC=local
>>> Default-First-Site-Name\SERVER1 via RPC
>>> DC object GUID: c834486a-c689-4f82-a4ec-85e81937e0f7
>>> Last attempt @ 2008-09-18 20:58:20 was successful.
>>> DC=ForestDnsZones,DC=ars,DC=local
>>> Default-First-Site-Name\SERVER1 via RPC
>>> DC object GUID: c834486a-c689-4f82-a4ec-85e81937e0f7
>>> Last attempt @ 2008-09-18 20:58:20 was successful.
>>> DC=DomainDnsZones,DC=ars,DC=local
>>> Default-First-Site-Name\SERVER1 via RPC
>>> DC object GUID: c834486a-c689-4f82-a4ec-85e81937e0f7
>>> Last attempt @ 2008-09-18 21:29:30 was successful.
>>> ************************************************** **************
>>> DCDIAG on new server:
>>>
>>> Domain Controller Diagnosis
>>>
>>> Performing initial setup:
>>> Done gathering initial info.
>>> Doing initial required tests
>>> Testing server: Default-First-Site-Name\NEW-SERVER
>>> Starting test: Connectivity
>>> ......................... NEW-SERVER passed test Connectivity
>>> Doing primary tests
>>> Testing server: Default-First-Site-Name\NEW-SERVER
>>> Starting test: Replications
>>> [SERVER1] DsBindWithSpnEx() failed with error 1722,
>>> The RPC server is unavailable..
>>> ......................... NEW-SERVER passed test Replications
>>> Starting test: NCSecDesc
>>> ......................... NEW-SERVER passed test NCSecDesc
>>> Starting test: NetLogons
>>> ......................... NEW-SERVER passed test NetLogons
>>> Starting test: Advertising
>>> ......................... NEW-SERVER passed test Advertising
>>> Starting test: KnowsOfRoleHolders
>>> Warning: SERVER1 is the Schema Owner, but is not responding
>>> to DS
>>> RPC B
>>> ind.
>>> [SERVER1] LDAP search failed with error 58,
>>> The specified server cannot perform the requested operation..
>>> Warning: SERVER1 is the Schema Owner, but is not responding
>>> to LDAP
>>> Bin
>>> d.
>>> Warning: SERVER1 is the Domain Owner, but is not responding
>>> to DS
>>> RPC B
>>> ind.
>>> Warning: SERVER1 is the Domain Owner, but is not responding
>>> to LDAP
>>> Bin
>>> d.
>>> Warning: SERVER1 is the Rid Owner, but is not responding to
>>> DS RPC
>>> Bind
>>> .
>>> Warning: SERVER1 is the Rid Owner, but is not responding to
>>> LDAP
>>> Bind.
>>> Warning: SERVER1 is the Infrastructure Update Owner, but is
>>> not
>>> respond
>>> ing to DS RPC Bind.
>>> Warning: SERVER1 is the Infrastructure Update Owner, but is
>>> not
>>> respond
>>> ing to LDAP Bind.
>>> ......................... NEW-SERVER failed test
>>> KnowsOfRoleHolders
>>> Starting test: RidManager
>>> ......................... NEW-SERVER failed test RidManager
>>> Starting test: MachineAccount
>>> ......................... NEW-SERVER passed test
>>> MachineAccount
>>> Starting test: Services
>>> ......................... NEW-SERVER passed test Services
>>> Starting test: ObjectsReplicated
>>> ......................... NEW-SERVER passed test
>>> ObjectsReplicated
>>> Starting test: frssysvol
>>> ......................... NEW-SERVER passed test frssysvol
>>> Starting test: frsevent
>>> ......................... NEW-SERVER passed test frsevent
>>> Starting test: kccevent
>>> ......................... NEW-SERVER passed test kccevent
>>> Starting test: systemlog
>>> An Error Event occured. EventID: 0xC00010E1
>>> Time Generated: 09/18/2008 20:58:22
>>> (Event String could not be retrieved)
>>> An Error Event occured. EventID: 0x0000166D
>>> Time Generated: 09/18/2008 20:58:22
>>> Event String: Netlogon could not register the ARS<1B> name
>>> An Error Event occured. EventID: 0xC00010E1
>>> Time Generated: 09/18/2008 21:13:22
>>> (Event String could not be retrieved)
>>> An Error Event occured. EventID: 0xC00010E1
>>> Time Generated: 09/18/2008 21:28:22
>>> (Event String could not be retrieved)
>>> An Error Event occured. EventID: 0xC00010E1
>>> Time Generated: 09/18/2008 21:43:22
>>> (Event String could not be retrieved)
>>> ......................... NEW-SERVER failed test systemlog
>>> Starting test: VerifyReferences
>>> ......................... NEW-SERVER passed test
>>> VerifyReferences
>>> Running partition tests on : DomainDnsZones
>>> Starting test: CrossRefValidation
>>> ......................... DomainDnsZones passed test
>>> CrossRefValidation
>>> Starting test: CheckSDRefDom
>>> ......................... DomainDnsZones passed test
>>> CheckSDRefDom
>>> Running partition tests on : ForestDnsZones
>>> Starting test: CrossRefValidation
>>> ......................... ForestDnsZones passed test
>>> CrossRefValidation
>>> Starting test: CheckSDRefDom
>>> ......................... ForestDnsZones passed test
>>> CheckSDRefDom
>>> Running partition tests on : Schema
>>> Starting test: CrossRefValidation
>>> ......................... Schema passed test
>>> CrossRefValidation
>>> Starting test: CheckSDRefDom
>>> ......................... Schema passed test CheckSDRefDom
>>> Running partition tests on : Configuration
>>> Starting test: CrossRefValidation
>>> ......................... Configuration passed test
>>> CrossRefValidation
>>> Starting test: CheckSDRefDom
>>> ......................... Configuration passed test
>>> CheckSDRefDom
>>> Running partition tests on : ARS
>>> Starting test: CrossRefValidation
>>> ......................... ARS passed test CrossRefValidation
>>> Starting test: CheckSDRefDom
>>> ......................... ARS passed test CheckSDRefDom
>>> Running enterprise tests on : ARS.local
>>> Starting test: Intersite
>>> ......................... ARS.local passed test Intersite
>>> Starting test: FsmoCheck
>>> Error: The server returned by DsGetDcName() did not match
>>> DsListRoles()
>>> for the PDC
>>> ......................... ARS.local passed test FsmoCheck
>>> ************************************************** ******************
>>> **
>>> DCDIAG on Old Server:
>>>
>>> Domain Controller Diagnosis
>>>
>>> Performing initial setup:
>>> Done gathering initial info.
>>> Doing initial required tests
>>> Testing server: Default-First-Site-Name\SERVER1
>>> Starting test: Connectivity
>>> The host
>>> c834486a-c689-4f82-a4ec-85e81937e0f7._msdcs.ars.local coul
>>> d not be resolved to an
>>> IP address. Check the DNS server, DHCP, server name, etc
>>> Although the Guid DNS name
>>> (c834486a-c689-4f82-a4ec-85e81937e0f7._msdcs.ars.local)
>>> couldn't
>>> be resolved, the server name (SERVER1.ars.local) resolved to
>>> the
>>> IP address (192.168.0.1) and was pingable. Check that the IP
>>> address
>>> is registered correctly with the DNS server.
>>> ......................... SERVER1 failed test Connectivity
>>> Doing primary tests
>>> Testing server: Default-First-Site-Name\SERVER1
>>> Skipping all tests, because server SERVER1 is
>>> not responding to directory service requests
>>> Running partition tests on : ForestDnsZones
>>> Starting test: CrossRefValidation
>>> ......................... ForestDnsZones passed test
>>> CrossRefValidation
>>> Starting test: CheckSDRefDom
>>> ......................... ForestDnsZones passed test
>>> CheckSDRefDom
>>> Running partition tests on : DomainDnsZones
>>> Starting test: CrossRefValidation
>>> ......................... DomainDnsZones passed test
>>> CrossRefValidation
>>> Starting test: CheckSDRefDom
>>> ......................... DomainDnsZones passed test
>>> CheckSDRefDom
>>> Running partition tests on : Schema
>>> Starting test: CrossRefValidation
>>> ......................... Schema passed test
>>> CrossRefValidation
>>> Starting test: CheckSDRefDom
>>> ......................... Schema passed test CheckSDRefDom
>>> Running partition tests on : Configuration
>>> Starting test: CrossRefValidation
>>> ......................... Configuration passed test
>>> CrossRefValidation
>>> Starting test: CheckSDRefDom
>>> ......................... Configuration passed test
>>> CheckSDRefDom
>>> Running partition tests on : ars
>>> Starting test: CrossRefValidation
>>> ......................... ars passed test CrossRefValidation
>>> Starting test: CheckSDRefDom
>>> ......................... ars passed test CheckSDRefDom
>>> Running enterprise tests on : ars.local
>>> Starting test: Intersite
>>> ......................... ars.local passed test Intersite
>>> Starting test: FsmoCheck
>>> Error: The server returned by DsGetDcName() did not match
>>> DsListRoles()
>>> for the PDC
>>> ......................... ars.local passed test FsmoCheck
>>> ************************************************** ******************
>>> **
>>> **
>>> NETDIAG ON NEW SERVER:
>>>
>>> Computer Name: NEW-SERVER
>>> DNS Host Name: new-server.ars.local
>>> System info : Microsoft Windows Server 2003 (Build 3790)
>>> Processor : x86 Family 6 Model 15 Stepping 13, GenuineIntel
>>> List of installed hotfixes :
>>> Q147222
>>> Netcard queries test . . . . . . . : Passed
>>> Per interface results:
>>>
>>> Adapter : Local Area Connection
>>>
>>> Netcard queries test . . . : Passed
>>>
>>> Host Name. . . . . . . . . : new-server
>>> IP Address . . . . . . . . : 192.168.0.185
>>> Subnet Mask. . . . . . . . : 255.255.255.0
>>> Default Gateway. . . . . . : 192.168.0.254
>>> Dns Servers. . . . . . . . : 192.168.0.1
>>> 192.168.0.185
>>> AutoConfiguration results. . . . . . : Passed
>>> Default gateway test . . . : Passed
>>>
>>> NetBT name test. . . . . . : Passed
>>> [WARNING] At least one of the <00> 'WorkStation Service', <03>
>>> 'Messenge
>>> r Service', <20> 'WINS' names is missing.
>>> WINS service test. . . . . : Skipped
>>> There are no WINS servers configured for this interface.
>>> Global results:
>>> Domain membership test . . . . . . : Passed
>>>
>>> NetBT transports test. . . . . . . : Passed
>>> List of NetBt transports currently configured:
>>> NetBT_Tcpip_{1564DF95-1390-4C84-8E00-D154F9AED25D}
>>> 1 NetBt transport currently configured.
>>> Autonet address test . . . . . . . : Passed
>>> IP loopback ping test. . . . . . . : Passed
>>>
>>> Default gateway test . . . . . . . : Passed
>>>
>>> NetBT name test. . . . . . . . . . : Passed
>>> [WARNING] You don't have a single interface with the <00>
>>> 'WorkStation
>>> Servi
>>> ce', <03> 'Messenger Service', <20> 'WINS' names defined.
>>> Winsock test . . . . . . . . . . . : Passed
>>>
>>> DNS test . . . . . . . . . . . . . : Failed
>>> [WARNING] The DNS entries for this DC are not registered correctly
>>> on
>>> DNS se
>>> rver '192.168.0.1'. Please wait for 30 minutes for DNS server
>>> replication.
>>> [WARNING] The DNS entries for this DC are not registered correctly
>>> on
>>> DNS se
>>> rver '192.168.0.185'. Please wait for 30 minutes for DNS server
>>> replication.
>>> [FATAL] No DNS servers have the DNS records for this DC
>>> registered.
>>> Redir and Browser test . . . . . . : Passed
>>> List of NetBt transports currently bound to the Redir
>>> NetBT_Tcpip_{1564DF95-1390-4C84-8E00-D154F9AED25D}
>>> The redir is bound to 1 NetBt transport.
>>> List of NetBt transports currently bound to the browser
>>> NetBT_Tcpip_{1564DF95-1390-4C84-8E00-D154F9AED25D}
>>> The browser is bound to 1 NetBt transport.
>>> DC discovery test. . . . . . . . . : Passed
>>> DC list test . . . . . . . . . . . : Passed
>>>
>>> Trust relationship test. . . . . . : Skipped
>>>
>>> Kerberos test. . . . . . . . . . . : Passed
>>>
>>> LDAP test. . . . . . . . . . . . . : Passed
>>>
>>> Bindings test. . . . . . . . . . . : Passed
>>>
>>> WAN configuration test . . . . . . : Skipped
>>> No active remote access connections.
>>> Modem diagnostics test . . . . . . : Passed
>>> IP Security test . . . . . . . . . : Skipped
>>>
>>> Note: run "netsh ipsec dynamic show /?" for more detailed
>>> information
>>>
>>> ************************************************** ******************
>>> ** ****** **
>>>
>>> NETDIAG ON OLD SERVER:
>>>
>>> Computer Name: SERVER1
>>> DNS Host Name: SERVER1.ars.local
>>> System info : Microsoft Windows Server 2003 (Build 3790)
>>> Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel
>>> Netcard queries test . . . . . . . : Failed
>>> GetStats failed for 'Intel(R) PRO/1000 XT Network Connection'.
>>> [ERROR_INVALI
>>> D_FUNCTION]
>>> [FATAL] - None of the netcard drivers provided satisfactory
>>> results.
>>> Per interface results:
>>> Adapter : Local Area Connection
>>>
>>> Netcard queries test . . . : Failed
>>> NetCard Status: UNKNOWN
>>> Host Name. . . . . . . . . : SERVER1
>>> IP Address . . . . . . . . : 192.168.0.1
>>> Subnet Mask. . . . . . . . : 255.255.255.0
>>> Default Gateway. . . . . . : 192.168.0.254
>>> Dns Servers. . . . . . . . : 192.168.0.1
>>> 192.168.0.185
>>> AutoConfiguration results. . . . . . : Passed
>>> Default gateway test . . . : Passed
>>>
>>> NetBT name test. . . . . . : Passed
>>> [WARNING] At least one of the <00> 'WorkStation Service', <03>
>>> 'Messenge
>>> r Service', <20> 'WINS' names is missing.
>>> No remote names have been found.
>>> WINS service test. . . . . : Skipped
>>> There are no WINS servers configured for this interface.
>>> Global results:
>>> Domain membership test . . . . . . : Passed
>>>
>>> NetBT transports test. . . . . . . : Passed
>>> List of NetBt transports currently configured:
>>> NetBT_Tcpip_{E4FF46BE-FF6F-4E97-8825-A3B494203996}
>>> 1 NetBt transport currently configured.
>>> Autonet address test . . . . . . . : Passed
>>> IP loopback ping test. . . . . . . : Passed
>>>
>>> Default gateway test . . . . . . . : Passed
>>>
>>> NetBT name test. . . . . . . . . . : Passed
>>> [WARNING] You don't have a single interface with the <00>
>>> 'WorkStation
>>> Servi
>>> ce', <03> 'Messenger Service', <20> 'WINS' names defined.
>>> Winsock test . . . . . . . . . . . : Passed
>>>
>>> DNS test . . . . . . . . . . . . . : Failed
>>> [WARNING] The DNS entries for this DC are not registered correctly
>>> on
>>> DNS se
>>> rver '192.168.0.1'. Please wait for 30 minutes for DNS server
>>> replication.
>>> [WARNING] The DNS entries for this DC are not registered correctly
>>> on
>>> DNS se
>>> rver '192.168.0.185'. Please wait for 30 minutes for DNS server
>>> replication.
>>> [FATAL] No DNS servers have the DNS records for this DC
>>> registered.
>>> Redir and Browser test . . . . . . : Passed
>>> List of NetBt transports currently bound to the Redir
>>> NetBT_Tcpip_{E4FF46BE-FF6F-4E97-8825-A3B494203996}
>>> The redir is bound to 1 NetBt transport.
>>> List of NetBt transports currently bound to the browser
>>> NetBT_Tcpip_{E4FF46BE-FF6F-4E97-8825-A3B494203996}
>>> The browser is bound to 1 NetBt transport.
>>> DC discovery test. . . . . . . . . : Passed
>>> DC list test . . . . . . . . . . . : Passed
>>>
>>> Trust relationship test. . . . . . : Skipped
>>>
>>> Kerberos test. . . . . . . . . . . : Passed
>>>
>>> LDAP test. . . . . . . . . . . . . : Passed
>>>
>>> Bindings test. . . . . . . . . . . : Passed
>>>
>>> WAN configuration test . . . . . . : Skipped
>>> No active remote access connections.
>>> Modem diagnostics test . . . . . . : Passed
>>> IP Security test . . . . . . . . . : Skipped
>>>
>>> ************************************************** ******************
>>> ** ****
>>>
>>> Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
>>> news:. com...
>>>
>>>> Hello Paul,
>>>>
>>>> For the DNS settings choose also the other DC as secondary on the
>>>> NIC.
>>>>
>>> Also
>>>
>>>> post the output in command window from "netdom query fsmo" without
>>>> the
>>>>
>>> quotes.
>>>
>>>> Then run repadmin /showrepl and post the output also. Run dcdiag
>>>> and
>>>>
>>> netdiag
>>>
>>>> on both DC's and if you get errors post also the complete output.
>>>>
>>>> Best regards
>>>>
>>>> Meinolf Weber
>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>> and
>>> confers
>>>
>>>> no rights.
>>>> ** Please do NOT email, only reply to Newsgroups
>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>> Did you configure the FORWARDERS in the DNS management console
>>>>>> under the server properties?
>>>>>>
>>>>> Yes. I deleted the DNS forwarders and re-entered them. I am now
>>>>> able to browse if I point the new serve to itself as the DNS
>>>>> server. I think this part is fixed. Thanks for pointing me in the
>>>>> right direction on this :-) :-) (or what ever a super happy face
>>>>> is!)
>>>>>
>>>>>> Did you move all 5 FSMO roles to the new server?
>>>>>>
>>>>> No, when I try I get "The transfer of the operations master role
>>>>> cannot be
>>>>> performed because the requested FSMO
>>>>> operation failed. The current FSMO holder could not be contacted"
>>>>>> Did you make the new DC Global catalog server?
>>>>>>
>>>>> Yes
>>>>>
>>>>> Old Server:
>>>>> Windows IP Configuration
>>>>> Host Name . . . . . . . . . . . . : SERVER1
>>>>> Primary Dns Suffix . . . . . . . : ars.local
>>>>> Node Type . . . . . . . . . . . . : Unknown
>>>>> IP Routing Enabled. . . . . . . . : Yes
>>>>> WINS Proxy Enabled. . . . . . . . : Yes
>>>>> DNS Suffix Search List. . . . . . : ars.local
>>>>> Ethernet adapter Local Area Connection:
>>>>> Connection-specific DNS Suffix . :
>>>>> Description . . . . . . . . . . . : Intel(R) PRO/1000 XT Network
>>>>> Connection
>>>>> Physical Address. . . . . . . . . : 00-0D-56-FD-47-D9
>>>>> DHCP Enabled. . . . . . . . . . . : No
>>>>> IP Address. . . . . . . . . . . . : 192.168.0.1
>>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>>>> Default Gateway . . . . . . . . . : 192.168.0.254
>>>>> DNS Servers . . . . . . . . . . . : 192.168.0.1
>>>>> New Server:
>>>>> Windows IP Configuration
>>>>> Host Name . . . . . . . . . . . . : new-server
>>>>> Primary Dns Suffix . . . . . . . : ars.local
>>>>> Node Type . . . . . . . . . . . . : Unknown
>>>>> IP Routing Enabled. . . . . . . . : No
>>>>> WINS Proxy Enabled. . . . . . . . : No
>>>>> DNS Suffix Search List. . . . . . : ars.local
>>>>> Ethernet adapter Local Area Connection:
>>>>> Connection-specific DNS Suffix . :
>>>>> Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
>>>>> Ethernet
>>>>> Physical Address. . . . . . . . . : 00-1D-09-FF-97-24
>>>>> DHCP Enabled. . . . . . . . . . . : No
>>>>> IP Address. . . . . . . . . . . . : 192.168.0.185
>>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>>>> Default Gateway . . . . . . . . . : 192.168.0.254
>>>>> DNS Servers . . . . . . . . . . . : 192.168.0.1
>>>>> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
>>>>> news:. com...
>>>>>> Hello Paul,
>>>>>>
>>>>>> Please post an unedited ipconfig /all from both DC's.
>>>>>>
>>>>>> Did you configure the FORWARDERS in the DNS management console
>>>>>> under the server properties?
>>>>>>
>>>>>> Did you move all 5 FSMO roles to the new server?
>>>>>>
>>>>>> Did you make the new DC Global catalog server?
>>>>>>
>>>>>> Best regards
>>>>>>
>>>>>> Meinolf Weber
>>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>>>> and
>>>>> confers
>>>>>
>>>>>> no rights.
>>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>>> ** HELP us help YOU!!!
>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>>> So I have been going through your list. I still have not been
>>>>>>> able to get rid of any of the original errors that I posted.
>>>>>>>
>>>>>>> When I try to Transfer FSMO roles (change operations master,
>>>>>>> change schema master, etc.) I get the following: "The transfer
>>>>>>> of the operations master role cannot be performed because the
>>>>>>> requested FSMO operation failed. The current FSMO holder could
>>>>>>> not be contacted"
>>>>>>>
>>>>>>> As I stated in an earlier post I know that there are DNS issues.
>>>>>>> 1. From the event logs
>>>>>>> 2. If I take the old server offline and point a workstation DNS
>>>>>>> setting to
>>>>>>> the new server I cant browse.
>>>>>>> I am sure that all of these issues are related, but not sure how
>>>>>>> to
>>>>>>> correct.
>>>>>>> I have no idea what to do next
>>>>>>> <Meinolf Weber> wrote in message
>>>>>>> news:. com...
>>>>>>>> Hello Paul,
>>>>>>>>
>>>>>>>> Check this list for the steps you have done or not, if not do
>>>>>>>> it now and leave the old DC still up and running during the
>>>>>>>> time:
>>>>>>>>
>>>>>>>> - On the old server open DNS management console and check that
>>>>>>>> you are
>>>>>>>>
>>>>>>> running
>>>>>>>
>>>>>>>> Active directory integrated zone (easier for replication, if
>>>>>>>> you have more then one DNS server)
>>>>>>>>
>>>>>>>> - run replmon, dcdiag and netdiag on the old machine to check
>>>>>>>> for errors, if you have some post the complete output from the
>>>>>>>> command here or solve them first
>>>>>>>>
>>>>>>>> - run adprep /forestprep and adprep /domainprep from the 2003
>>>>>>>> installation disk against the 2000 server, with an account that
>>>>>>>> is member of the Schema admins, to upgrade the schema to the
>>>>>>>> new version
>>>>>>>>
>>>>>>>> - Install the new machine as a member server in your existing
>>>>>>>> domain
>>>>>>>>
>>>>>>>> - configure a fixed ip and set the preferred DNS server to the
>>>>>>>> old DNS
>>>>>>>>
>>>>>>> server
>>>>>>>
>>>>>>>> only
>>>>>>>>
>>>>>>>> - run dcpromo and follow the wizard to add the 2003 server to
>>>>>>>> an existing domain
>>>>>>>>
>>>>>>>> - if you are prompted for DNS configuration choose Yes (also
>>>>>>>> possible that no DNS preparation occur), then install DNS after
>>>>>>>> the reboot
>>>>>>>>
>>>>>>>> - for DNS give the server time for replication, at least 15
>>>>>>>> minutes.
>>>>>>>>
>>>>>>> Because
>>>>>>>
>>>>>>>> you use Active directory integrated zones it will automatically
>>>>>>>> replicate the zones to the new server. Open DNS management
>>>>>>>> console to check that
>>>>>>>>
>>>>>>> they
>>>>>>>
>>>>>>>> appear
>>>>>>>>
>>>>>>>> - if the new machine is domain controller and DNS server run
>>>>>>>> again
>>>>>>>>
>>>>>>> replmon,
>>>>>>>
>>>>>>>> dcdiag and netdiag on both domain controllers
>>>>>>>>
>>>>>>>> - if you have no errors, make the new server Global catalog
>>>>>>>> server, open Active directory Sites and Services and then
>>>>>>>> double-click sitename,
>>>>>>>>
>>>>>>> double-click
>>>>>>>
>>>>>>>> Servers, click your domain controller, right-click NTDS
>>>>>>>> Settings, and then click Properties, on the General tab, click
>>>>>>>> to select the Global catalog check box
>>>>>>>> (http://support.microsoft.com/?id=313994)
>>>>>>>>
>>>>>>>> - Transfer, NOT seize the 5 FSMO roles to the new Domain
>>>>>>>> controller
>>>>>>>>
>>>>>>> (http://support.microsoft.com/kb/324801)
>>>>>>>
>>>>>>>> - you can see in the event viewer (Directory service) that the
>>>>>>>> roles are transferred, also give it some time
>>>>>>>>
>>>>>>>> - reconfigure the DNS configuration on your NIC of the 2003
>>>>>>>> server,
>>>>>>>>
>>>>>>> preferred
>>>>>>>
>>>>>>>> DNS itself, secondary the old one
>>>>>>>>
>>>>>>>> - if you use DHCP do not forget to reconfigure the scope
>>>>>>>> settings to point to the new installed DNS server
>>>>>>>>
>>>>>>>> - export and import of DHCP database (if needed)
>>>>>>>>
>>>>>>> http://support.microsoft.com/kb/325473
>>>>>>>
>>>>>>>> Demoting
>>>>>>>>
>>>>>>>> - reconfigure your clients/servers that they not longer point
>>>>>>>> to the old DC/DNS server on the NIC
>>>>>>>>
>>>>>>>> - to be sure that everything runs fine, disconnect the old DC
>>>>>>>> from the
>>>>>>>>
>>>>>>> network
>>>>>>>
>>>>>>>> and check with clients and servers the connectivity, logon and
>>>>>>>> also with one client a restart to see that everything is ok
>>>>>>>>
>>>>>>>> - then run dcpromo to demote the old DC, if it works fine the
>>>>>>>> machine will move from the DC's OU to the computers container,
>>>>>>>> where you can delete it by hand. Can be that you got an error
>>>>>>>> during demoting at the beginning,
>>>>>>>>
>>>>>>> then
>>>>>>>
>>>>>>>> uncheck the Global catalog on that DC and try again
>>>>>>>>
>>>>>>>> - check the DNS management console, that all entries from the
>>>>>>>> machine are disappeared or delete them by hand if the machine
>>>>>>>> is off the network for
>>>>>>>>
>>>>>>> ever
>>>>>>>
>>>>>>>> Best regards
>>>>>>>>
>>>>>>>> Meinolf Weber
>>>>>>>> Disclaimer: This posting is provided "AS IS" with no
>>>>>>>> warranties,
>>>>>>>> and
>>>>>>> confers
>>>>>>>
>>>>>>>> no rights.
>>>>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>>>>> ** HELP us help YOU!!!
>>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>>>>> Thanks for your reply.
>>>>>>>>>
>>>>>>>>>> Did you install DNS also on the new server and point all
>>>>>>>>>> clients to use
>>>>>>>>>>
>>>>>>>>> it?
>>>>>>>>> DNS is installed. After shutting down the old server I changed
>>>>>>>>> the
>>>>>>>>> new
>>>>>>>>> server to the old servers IP and rebooted.
>>>>>>>>>> Did you configure the FORWARDERS in the DNS management
>>>>>>>>>> console under the server properties?
>>>>>>>>>>
>>>>>>>>> I dont think so. I just "poked" around in the DNS console and
>>>>>>>>> cant
>>>>>>>>> even find
>>>>>>>>> these settings.
>>>>>>>>> Is there a (easy) way to export the entire DNS setup from the
>>>>>>>>> old
>>>>>>>>> server?
>>>>>>>>>> Did you move all 5 FSMO roles to the new server?
>>>>>>>>>>
>>>>>>>>> I dont know what this means, so probably not.
>>>>>>>>>
>>>>>>>>>> Did you make the new DC Global catalog server?
>>>>>>>>>>
>>>>>>>>> Yes
>>>>>>>>>
>>>>>>>>> help... I'm over my head
>>>>>>>>>
>>>>>>>>> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
>>>>>>>>> news:. com...
>>>>>>>>>
>>>>>>>>>> Hello Paul,
>>>>>>>>>>
>>>>>>>>>> Did you install DNS also on the new server and point all
>>>>>>>>>> clients to use
>>>>>>>>>>
>>>>>>>>> it?
>>>>>>>>>
>>>>>>>>>> Did you configure the FORWARDERS in the DNS management
>>>>>>>>>> console under the server properties?
>>>>>>>>>>
>>>>>>>>>> Did you move all 5 FSMO roles to the new server?
>>>>>>>>>>
>>>>>>>>>> Did you make the new DC Global catalog server?
>>>>>>>>>>
>>>>>>>>>> Best regards
>>>>>>>>>>
>>>>>>>>>> Meinolf Weber
>>>>>>>>>> Disclaimer: This posting is provided "AS IS" with no
>>>>>>>>>> warranties,
>>>>>>>>>> and
>>>>>>>>> confers
>>>>>>>>>
>>>>>>>>>> no rights.
>>>>>>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>>>>>>> ** HELP us help YOU!!!
>>>>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>>>>>>> I am trying to migrate from an old W2K3 Active Directory
>>>>>>>>>>> domain controller to a new one. Eventually I want to remove
>>>>>>>>>>> the old server from the network. I have never done this
>>>>>>>>>>> before and it is a little bit out of my league so I
>>>>>>>>>>> Googled, read and hopefully followed several articles that I
>>>>>>>>>>> found, but am still getting some errors logged.
>>>>>>>>>>>
>>>>>>>>>>> The list of AD users, computers etc replicated over to the
>>>>>>>>>>> new server, but when I turn off the old one no one can log
>>>>>>>>>>> in and there is no Internet access. I think both of these
>>>>>>>>>>> problems are due to DNS (which I really understand about 1%
>>>>>>>>>>> of). There are no errors in the DNS log though (just info
>>>>>>>>>>> that the service started).
>>>>>>>>>>>
>>>>>>>>>>> Most of the computers have fixed IPs so DHCP isn't really an
>>>>>>>>>>> issue, but the DHCP service is also failing.
>>>>>>>>>>>
>>>>>>>>>>> I'm hoping from the log files someone can give me some
>>>>>>>>>>> specific things to try as opposed to links to articles that
>>>>>>>>>>> are above my understanding.
>>>>>>>>>>>
>>>>>>>>>>> Your help is much appreciated.
>>>>>>>>>>>
>>>>>>>>>>> System Log:
>>>>>>>>>>>
>>>>>>>>>>> Event ID 1059
>>>>>>>>>>> The DHCP service failed to see a directory server for
>>>>>>>>>>> authorization.
>>>>>>>>>>> Directory Service Log:
>>>>>>>>>>> Event ID 2088
>>>>>>>>>>> Active Directory could not use DNS to resolve the IP address
>>>>>>>>>>> of
>>>>>>>>>>> the
>>>>>>>>>>> source
>>>>>>>>>>> domain controller listed below. To maintain the consistency
>>>>>>>>>>> of
>>>>>>>>>>> Security
>>>>>>>>>>> groups, group policy, users and computers and their
>>>>>>>>>>> passwords,
>>>>>>>>>>> Active
>>>>>>>>>>> Directory successfully replicated using the NetBIOS or fully
>>>>>>>>>>> qualified
>>>>>>>>>>> computer name of the source domain controller.
>>>>>>>>>>> Invalid DNS configuration may be affecting other essential
>>>>>>>>>>> operations
>>>>>>>>>>> on
>>>>>>>>>>> member computers, domain controllers or application servers
>>>>>>>>>>> in
>>>>>>>>>>> this
>>>>>>>>>>> Active
>>>>>>>>>>> Directory forest, including logon authentication or access
>>>>>>>>>>> to
>>>>>>>>>>> network
>>>>>>>>>>> resources.
>>>>>>>>>>> (I cut out the rest of the error, let me know if it would be
>>>>>>>>>>> helpful
>>>>>>>>>>> to post
>>>>>>>>>>> the entire message)
>>>>>>>>>>> Event ID 1586
>>>>>>>>>>> The Windows NT 4.0 or earlier replication checkpoint with
>>>>>>>>>>> the
>>>>>>>>>>> PDC
>>>>>>>>>>> emulator
>>>>>>>>>>> master was unsuccessful.
>>>>>>>>>>> A full synchronization of the security accounts manager
>>>>>>>>>>> (SAM)
>>>>>>>>>>> database
>>>>>>>>>>> to domain controllers running Windows NT 4.0 and earlier
>>>>>>>>>>> might
>>>>>>>>>>> take
>>>>>>>>>>> place if the PDC emulator master role is transferred to the
>>>>>>>>>>> local
>>>>>>>>>>> domain controller before the next successful checkpoint.
>>>>>>>>>>> Application Log:
>>>>>>>>>>> Event ID5 3258
>>>>>>>>>>> MS DTC could not correctly process a DC Promotion/Demotion
>>>>>>>>>>> event.
>>>>>>>>>>> MS
>>>>>>>>>>> DTC
>>>>>>>>>>> will continue to function and will use the existing security
>>>>>>>>>>> settings.
>>>>>>>>>>> Error
>>>>>>>>>>> Specifics: %1
>>>>>>>>>>> Event ID 53258
>>>>>>>>>>> MS DTC could not correctly process a DC Promotion/Demotion
>>>>>>>>>>> event.
>>>>>>>>>>> MS
>>>>>>>>>>> DTC
>>>>>>>>>>> will continue to function and will use the existing security
>>>>>>>>>>> settings.
>>>>>>>>>>> Error
>>>>>>>>>>> Specifics: d:\nt\com\complus\dtc\dtc\adme\uiname.cpp:9351,
>>>>>>>>>>> Pid:
>>>>>>>>>>> 1160
>>>>>>>>>>> No Callstack, CmdLine: C:\WINDOWS\system32\msdtc.exe

Thanks.
Will do


"Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
news:. com...
> Hello Paul,
>
> Before going on with removing the old server, you have to make sure
everything
> is working correctly. If you think all is fine, i would clear all event
logs
> and run dcdiag /v, netdiag /v and repadmin /showrepl Save the output to a
> file, let the DC's run 2/3 days and run the tools again. Check then also
> the event viewer for errors. Also i would create test users/groups/OU's
and
> andworkstations in the domain and check that they are replicated to the
other
> DC.
>
> If everything is fine and no errors especially for the replication and DNS
> i would start with the change/removal of the old machine.
>
> Demoting the old DC
>
> - in non working time from the users, change the ip from the old DC to a
> free one and reboot it. Check in DNS on both DNS servers that is
registered
> again with the new address. Then change the ip of the new DC and also
reboot
> and check DNS on both servers. Give some time for replication of the
addresses
> in DNS.
>
> - run ipconfig /flushdns on a workstation and ping both DC's with the new
> addresses, computer names and FQDN to be sure all answers are correct.
>
> - to be sure that everything runs fine, disconnect the old DC from the
network
> and check with clients and servers the connectivity, logon and also with
> one client a restart to see that everything is ok, maybe 2 working days
after
> you made yourself a test before the users are back for work, so you are
sure
> nothing is different for the users accessing there resources. Reconnect
after
> this test the old DC
>
> - then run dcpromo to demote the old DC, if it works fine the machine will
> move from the DC's OU to the computers container, where you can delete it
> by hand. Can be that you got an error during demoting at the beginning,
then
> uncheck the Global catalog on that DC and try again
>
> - check the DNS management console, that all entries from the machine are
> disappeared or delete them by hand if the machine is off the network for
ever
>
> - also you have to start AD sites and services and delete the old
servername
> under the site, this will not be done during promotion
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > Again, Thank you so much for all of your help. I am not sure what I
> > did but I successfully was able to transfer the 5 FSMO roles.
> > Hopefully over the weekend I will shut down the old server and see
> > what happens to the rest of the network.
> >
> > One last question: If everything is OK after shutting down the old
> > server can I change the IP of the new server to the address of the old
> > one or will that mess up things in DNS?
> >
> > "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
> > news:. com...
> >
> >> Hello Jack,
> >>
> >> What kind of DNS zones are you using, AD integrated? Chekc that both
> >>
> > server
> >
> >> registered in the zones. Do you have also a Reverse lookup zone?
> >>
> >> Do you have no SP1 or SP2 on the 2003 installed?
> >>
> >> The NIC test on server 1 creates an error in netdiag output, make
> >> sure the
> >> drivers are up to date and also the NIC itself is correct built in.
> >> GetStats failed for 'Intel(R) PRO/1000 XT Network Connection'.
> >> [ERROR_INVALI
> >> D_FUNCTION]
> >> [FATAL] - None of the netcard drivers provided satisfactory results.
> >> Change the ip settings in new-server to:
> >> Host Name. . . . . . . . . : new-server
> >> IP Address . . . . . . . . : 192.168.0.185
> >> Subnet Mask. . . . . . . . : 255.255.255.0
> >> Default Gateway. . . . . . : 192.168.0.254
> >> Dns Servers. . . . . . . . : 192.168.0.185
> >> 192.168.0.1
> >> Best regards
> >>
> >> Meinolf Weber
> >> Disclaimer: This posting is provided "AS IS" with no warranties, and
> > confers
> >
> >> no rights.
> >> ** Please do NOT email, only reply to Newsgroups
> >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> >>> I really appreciate all your help. Here are the outputs:
> >>>
> >>> Server1 is Old Server
> >>> New-Server is new server
> >>> netdom query fsmo:
> >>> Schema owner SERVER1.ars.local
> >>> Domain role owner SERVER1.ars.local
> >>> PDC role new-server.ars.local
> >>>
> >>> RID pool manager SERVER1.ars.local
> >>>
> >>> Infrastructure owner SERVER1.ars.local
> >>>
> >>> The command completed successfully.
> >>>
> >>> repadmin running command /showrepl against server localhost
> >>>
> >>> Default-First-Site-Name\NEW-SERVER
> >>> DC Options: IS_GC
> >>> Site Options: (none)
> >>> DC object GUID: bbd5e31c-ceaf-4c89-bbaf-be1245dbf679
> >>> DC invocationID: 56399df1-ebe1-4dd1-817a-fb046fcab5b8
> >>> ==== INBOUND NEIGHBORS ======================================
> >>> DC=ars,DC=local
> >>> Default-First-Site-Name\SERVER1 via RPC
> >>> DC object GUID: c834486a-c689-4f82-a4ec-85e81937e0f7
> >>> Last attempt @ 2008-09-18 20:58:20 was successful.
> >>> CN=Configuration,DC=ars,DC=local
> >>> Default-First-Site-Name\SERVER1 via RPC
> >>> DC object GUID: c834486a-c689-4f82-a4ec-85e81937e0f7
> >>> Last attempt @ 2008-09-18 21:33:32 was successful.
> >>> CN=Schema,CN=Configuration,DC=ars,DC=local
> >>> Default-First-Site-Name\SERVER1 via RPC
> >>> DC object GUID: c834486a-c689-4f82-a4ec-85e81937e0f7
> >>> Last attempt @ 2008-09-18 20:58:20 was successful.
> >>> DC=ForestDnsZones,DC=ars,DC=local
> >>> Default-First-Site-Name\SERVER1 via RPC
> >>> DC object GUID: c834486a-c689-4f82-a4ec-85e81937e0f7
> >>> Last attempt @ 2008-09-18 20:58:20 was successful.
> >>> DC=DomainDnsZones,DC=ars,DC=local
> >>> Default-First-Site-Name\SERVER1 via RPC
> >>> DC object GUID: c834486a-c689-4f82-a4ec-85e81937e0f7
> >>> Last attempt @ 2008-09-18 21:29:30 was successful.
> >>> ************************************************** **************
> >>> DCDIAG on new server:
> >>>
> >>> Domain Controller Diagnosis
> >>>
> >>> Performing initial setup:
> >>> Done gathering initial info.
> >>> Doing initial required tests
> >>> Testing server: Default-First-Site-Name\NEW-SERVER
> >>> Starting test: Connectivity
> >>> ......................... NEW-SERVER passed test Connectivity
> >>> Doing primary tests
> >>> Testing server: Default-First-Site-Name\NEW-SERVER
> >>> Starting test: Replications
> >>> [SERVER1] DsBindWithSpnEx() failed with error 1722,
> >>> The RPC server is unavailable..
> >>> ......................... NEW-SERVER passed test Replications
> >>> Starting test: NCSecDesc
> >>> ......................... NEW-SERVER passed test NCSecDesc
> >>> Starting test: NetLogons
> >>> ......................... NEW-SERVER passed test NetLogons
> >>> Starting test: Advertising
> >>> ......................... NEW-SERVER passed test Advertising
> >>> Starting test: KnowsOfRoleHolders
> >>> Warning: SERVER1 is the Schema Owner, but is not responding
> >>> to DS
> >>> RPC B
> >>> ind.
> >>> [SERVER1] LDAP search failed with error 58,
> >>> The specified server cannot perform the requested operation..
> >>> Warning: SERVER1 is the Schema Owner, but is not responding
> >>> to LDAP
> >>> Bin
> >>> d.
> >>> Warning: SERVER1 is the Domain Owner, but is not responding
> >>> to DS
> >>> RPC B
> >>> ind.
> >>> Warning: SERVER1 is the Domain Owner, but is not responding
> >>> to LDAP
> >>> Bin
> >>> d.
> >>> Warning: SERVER1 is the Rid Owner, but is not responding to
> >>> DS RPC
> >>> Bind
> >>> .
> >>> Warning: SERVER1 is the Rid Owner, but is not responding to
> >>> LDAP
> >>> Bind.
> >>> Warning: SERVER1 is the Infrastructure Update Owner, but is
> >>> not
> >>> respond
> >>> ing to DS RPC Bind.
> >>> Warning: SERVER1 is the Infrastructure Update Owner, but is
> >>> not
> >>> respond
> >>> ing to LDAP Bind.
> >>> ......................... NEW-SERVER failed test
> >>> KnowsOfRoleHolders
> >>> Starting test: RidManager
> >>> ......................... NEW-SERVER failed test RidManager
> >>> Starting test: MachineAccount
> >>> ......................... NEW-SERVER passed test
> >>> MachineAccount
> >>> Starting test: Services
> >>> ......................... NEW-SERVER passed test Services
> >>> Starting test: ObjectsReplicated
> >>> ......................... NEW-SERVER passed test
> >>> ObjectsReplicated
> >>> Starting test: frssysvol
> >>> ......................... NEW-SERVER passed test frssysvol
> >>> Starting test: frsevent
> >>> ......................... NEW-SERVER passed test frsevent
> >>> Starting test: kccevent
> >>> ......................... NEW-SERVER passed test kccevent
> >>> Starting test: systemlog
> >>> An Error Event occured. EventID: 0xC00010E1
> >>> Time Generated: 09/18/2008 20:58:22
> >>> (Event String could not be retrieved)
> >>> An Error Event occured. EventID: 0x0000166D
> >>> Time Generated: 09/18/2008 20:58:22
> >>> Event String: Netlogon could not register the ARS<1B> name
> >>> An Error Event occured. EventID: 0xC00010E1
> >>> Time Generated: 09/18/2008 21:13:22
> >>> (Event String could not be retrieved)
> >>> An Error Event occured. EventID: 0xC00010E1
> >>> Time Generated: 09/18/2008 21:28:22
> >>> (Event String could not be retrieved)
> >>> An Error Event occured. EventID: 0xC00010E1
> >>> Time Generated: 09/18/2008 21:43:22
> >>> (Event String could not be retrieved)
> >>> ......................... NEW-SERVER failed test systemlog
> >>> Starting test: VerifyReferences
> >>> ......................... NEW-SERVER passed test
> >>> VerifyReferences
> >>> Running partition tests on : DomainDnsZones
> >>> Starting test: CrossRefValidation
> >>> ......................... DomainDnsZones passed test
> >>> CrossRefValidation
> >>> Starting test: CheckSDRefDom
> >>> ......................... DomainDnsZones passed test
> >>> CheckSDRefDom
> >>> Running partition tests on : ForestDnsZones
> >>> Starting test: CrossRefValidation
> >>> ......................... ForestDnsZones passed test
> >>> CrossRefValidation
> >>> Starting test: CheckSDRefDom
> >>> ......................... ForestDnsZones passed test
> >>> CheckSDRefDom
> >>> Running partition tests on : Schema
> >>> Starting test: CrossRefValidation
> >>> ......................... Schema passed test
> >>> CrossRefValidation
> >>> Starting test: CheckSDRefDom
> >>> ......................... Schema passed test CheckSDRefDom
> >>> Running partition tests on : Configuration
> >>> Starting test: CrossRefValidation
> >>> ......................... Configuration passed test
> >>> CrossRefValidation
> >>> Starting test: CheckSDRefDom
> >>> ......................... Configuration passed test
> >>> CheckSDRefDom
> >>> Running partition tests on : ARS
> >>> Starting test: CrossRefValidation
> >>> ......................... ARS passed test CrossRefValidation
> >>> Starting test: CheckSDRefDom
> >>> ......................... ARS passed test CheckSDRefDom
> >>> Running enterprise tests on : ARS.local
> >>> Starting test: Intersite
> >>> ......................... ARS.local passed test Intersite
> >>> Starting test: FsmoCheck
> >>> Error: The server returned by DsGetDcName() did not match
> >>> DsListRoles()
> >>> for the PDC
> >>> ......................... ARS.local passed test FsmoCheck
> >>> ************************************************** ******************
> >>> **
> >>> DCDIAG on Old Server:
> >>>
> >>> Domain Controller Diagnosis
> >>>
> >>> Performing initial setup:
> >>> Done gathering initial info.
> >>> Doing initial required tests
> >>> Testing server: Default-First-Site-Name\SERVER1
> >>> Starting test: Connectivity
> >>> The host
> >>> c834486a-c689-4f82-a4ec-85e81937e0f7._msdcs.ars.local coul
> >>> d not be resolved to an
> >>> IP address. Check the DNS server, DHCP, server name, etc
> >>> Although the Guid DNS name
> >>> (c834486a-c689-4f82-a4ec-85e81937e0f7._msdcs.ars.local)
> >>> couldn't
> >>> be resolved, the server name (SERVER1.ars.local) resolved to
> >>> the
> >>> IP address (192.168.0.1) and was pingable. Check that the IP
> >>> address
> >>> is registered correctly with the DNS server.
> >>> ......................... SERVER1 failed test Connectivity
> >>> Doing primary tests
> >>> Testing server: Default-First-Site-Name\SERVER1
> >>> Skipping all tests, because server SERVER1 is
> >>> not responding to directory service requests
> >>> Running partition tests on : ForestDnsZones
> >>> Starting test: CrossRefValidation
> >>> ......................... ForestDnsZones passed test
> >>> CrossRefValidation
> >>> Starting test: CheckSDRefDom
> >>> ......................... ForestDnsZones passed test
> >>> CheckSDRefDom
> >>> Running partition tests on : DomainDnsZones
> >>> Starting test: CrossRefValidation
> >>> ......................... DomainDnsZones passed test
> >>> CrossRefValidation
> >>> Starting test: CheckSDRefDom
> >>> ......................... DomainDnsZones passed test
> >>> CheckSDRefDom
> >>> Running partition tests on : Schema
> >>> Starting test: CrossRefValidation
> >>> ......................... Schema passed test
> >>> CrossRefValidation
> >>> Starting test: CheckSDRefDom
> >>> ......................... Schema passed test CheckSDRefDom
> >>> Running partition tests on : Configuration
> >>> Starting test: CrossRefValidation
> >>> ......................... Configuration passed test
> >>> CrossRefValidation
> >>> Starting test: CheckSDRefDom
> >>> ......................... Configuration passed test
> >>> CheckSDRefDom
> >>> Running partition tests on : ars
> >>> Starting test: CrossRefValidation
> >>> ......................... ars passed test CrossRefValidation
> >>> Starting test: CheckSDRefDom
> >>> ......................... ars passed test CheckSDRefDom
> >>> Running enterprise tests on : ars.local
> >>> Starting test: Intersite
> >>> ......................... ars.local passed test Intersite
> >>> Starting test: FsmoCheck
> >>> Error: The server returned by DsGetDcName() did not match
> >>> DsListRoles()
> >>> for the PDC
> >>> ......................... ars.local passed test FsmoCheck
> >>> ************************************************** ******************
> >>> **
> >>> **
> >>> NETDIAG ON NEW SERVER:
> >>>
> >>> Computer Name: NEW-SERVER
> >>> DNS Host Name: new-server.ars.local
> >>> System info : Microsoft Windows Server 2003 (Build 3790)
> >>> Processor : x86 Family 6 Model 15 Stepping 13, GenuineIntel
> >>> List of installed hotfixes :
> >>> Q147222
> >>> Netcard queries test . . . . . . . : Passed
> >>> Per interface results:
> >>>
> >>> Adapter : Local Area Connection
> >>>
> >>> Netcard queries test . . . : Passed
> >>>
> >>> Host Name. . . . . . . . . : new-server
> >>> IP Address . . . . . . . . : 192.168.0.185
> >>> Subnet Mask. . . . . . . . : 255.255.255.0
> >>> Default Gateway. . . . . . : 192.168.0.254
> >>> Dns Servers. . . . . . . . : 192.168.0.1
> >>> 192.168.0.185
> >>> AutoConfiguration results. . . . . . : Passed
> >>> Default gateway test . . . : Passed
> >>>
> >>> NetBT name test. . . . . . : Passed
> >>> [WARNING] At least one of the <00> 'WorkStation Service', <03>
> >>> 'Messenge
> >>> r Service', <20> 'WINS' names is missing.
> >>> WINS service test. . . . . : Skipped
> >>> There are no WINS servers configured for this interface.
> >>> Global results:
> >>> Domain membership test . . . . . . : Passed
> >>>
> >>> NetBT transports test. . . . . . . : Passed
> >>> List of NetBt transports currently configured:
> >>> NetBT_Tcpip_{1564DF95-1390-4C84-8E00-D154F9AED25D}
> >>> 1 NetBt transport currently configured.
> >>> Autonet address test . . . . . . . : Passed
> >>> IP loopback ping test. . . . . . . : Passed
> >>>
> >>> Default gateway test . . . . . . . : Passed
> >>>
> >>> NetBT name test. . . . . . . . . . : Passed
> >>> [WARNING] You don't have a single interface with the <00>
> >>> 'WorkStation
> >>> Servi
> >>> ce', <03> 'Messenger Service', <20> 'WINS' names defined.
> >>> Winsock test . . . . . . . . . . . : Passed
> >>>
> >>> DNS test . . . . . . . . . . . . . : Failed
> >>> [WARNING] The DNS entries for this DC are not registered correctly
> >>> on
> >>> DNS se
> >>> rver '192.168.0.1'. Please wait for 30 minutes for DNS server
> >>> replication.
> >>> [WARNING] The DNS entries for this DC are not registered correctly
> >>> on
> >>> DNS se
> >>> rver '192.168.0.185'. Please wait for 30 minutes for DNS server
> >>> replication.
> >>> [FATAL] No DNS servers have the DNS records for this DC
> >>> registered.
> >>> Redir and Browser test . . . . . . : Passed
> >>> List of NetBt transports currently bound to the Redir
> >>> NetBT_Tcpip_{1564DF95-1390-4C84-8E00-D154F9AED25D}
> >>> The redir is bound to 1 NetBt transport.
> >>> List of NetBt transports currently bound to the browser
> >>> NetBT_Tcpip_{1564DF95-1390-4C84-8E00-D154F9AED25D}
> >>> The browser is bound to 1 NetBt transport.
> >>> DC discovery test. . . . . . . . . : Passed
> >>> DC list test . . . . . . . . . . . : Passed
> >>>
> >>> Trust relationship test. . . . . . : Skipped
> >>>
> >>> Kerberos test. . . . . . . . . . . : Passed
> >>>
> >>> LDAP test. . . . . . . . . . . . . : Passed
> >>>
> >>> Bindings test. . . . . . . . . . . : Passed
> >>>
> >>> WAN configuration test . . . . . . : Skipped
> >>> No active remote access connections.
> >>> Modem diagnostics test . . . . . . : Passed
> >>> IP Security test . . . . . . . . . : Skipped
> >>>
> >>> Note: run "netsh ipsec dynamic show /?" for more detailed
> >>> information
> >>>
> >>> ************************************************** ******************
> >>> ** ****** **
> >>>
> >>> NETDIAG ON OLD SERVER:
> >>>
> >>> Computer Name: SERVER1
> >>> DNS Host Name: SERVER1.ars.local
> >>> System info : Microsoft Windows Server 2003 (Build 3790)
> >>> Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel
> >>> Netcard queries test . . . . . . . : Failed
> >>> GetStats failed for 'Intel(R) PRO/1000 XT Network Connection'.
> >>> [ERROR_INVALI
> >>> D_FUNCTION]
> >>> [FATAL] - None of the netcard drivers provided satisfactory
> >>> results.
> >>> Per interface results:
> >>> Adapter : Local Area Connection
> >>>
> >>> Netcard queries test . . . : Failed
> >>> NetCard Status: UNKNOWN
> >>> Host Name. . . . . . . . . : SERVER1
> >>> IP Address . . . . . . . . : 192.168.0.1
> >>> Subnet Mask. . . . . . . . : 255.255.255.0
> >>> Default Gateway. . . . . . : 192.168.0.254
> >>> Dns Servers. . . . . . . . : 192.168.0.1
> >>> 192.168.0.185
> >>> AutoConfiguration results. . . . . . : Passed
> >>> Default gateway test . . . : Passed
> >>>
> >>> NetBT name test. . . . . . : Passed
> >>> [WARNING] At least one of the <00> 'WorkStation Service', <03>
> >>> 'Messenge
> >>> r Service', <20> 'WINS' names is missing.
> >>> No remote names have been found.
> >>> WINS service test. . . . . : Skipped
> >>> There are no WINS servers configured for this interface.
> >>> Global results:
> >>> Domain membership test . . . . . . : Passed
> >>>
> >>> NetBT transports test. . . . . . . : Passed
> >>> List of NetBt transports currently configured:
> >>> NetBT_Tcpip_{E4FF46BE-FF6F-4E97-8825-A3B494203996}
> >>> 1 NetBt transport currently configured.
> >>> Autonet address test . . . . . . . : Passed
> >>> IP loopback ping test. . . . . . . : Passed
> >>>
> >>> Default gateway test . . . . . . . : Passed
> >>>
> >>> NetBT name test. . . . . . . . . . : Passed
> >>> [WARNING] You don't have a single interface with the <00>
> >>> 'WorkStation
> >>> Servi
> >>> ce', <03> 'Messenger Service', <20> 'WINS' names defined.
> >>> Winsock test . . . . . . . . . . . : Passed
> >>>
> >>> DNS test . . . . . . . . . . . . . : Failed
> >>> [WARNING] The DNS entries for this DC are not registered correctly
> >>> on
> >>> DNS se
> >>> rver '192.168.0.1'. Please wait for 30 minutes for DNS server
> >>> replication.
> >>> [WARNING] The DNS entries for this DC are not registered correctly
> >>> on
> >>> DNS se
> >>> rver '192.168.0.185'. Please wait for 30 minutes for DNS server
> >>> replication.
> >>> [FATAL] No DNS servers have the DNS records for this DC
> >>> registered.
> >>> Redir and Browser test . . . . . . : Passed
> >>> List of NetBt transports currently bound to the Redir
> >>> NetBT_Tcpip_{E4FF46BE-FF6F-4E97-8825-A3B494203996}
> >>> The redir is bound to 1 NetBt transport.
> >>> List of NetBt transports currently bound to the browser
> >>> NetBT_Tcpip_{E4FF46BE-FF6F-4E97-8825-A3B494203996}
> >>> The browser is bound to 1 NetBt transport.
> >>> DC discovery test. . . . . . . . . : Passed
> >>> DC list test . . . . . . . . . . . : Passed
> >>>
> >>> Trust relationship test. . . . . . : Skipped
> >>>
> >>> Kerberos test. . . . . . . . . . . : Passed
> >>>
> >>> LDAP test. . . . . . . . . . . . . : Passed
> >>>
> >>> Bindings test. . . . . . . . . . . : Passed
> >>>
> >>> WAN configuration test . . . . . . : Skipped
> >>> No active remote access connections.
> >>> Modem diagnostics test . . . . . . : Passed
> >>> IP Security test . . . . . . . . . : Skipped
> >>>
> >>> ************************************************** ******************
> >>> ** ****
> >>>
> >>> Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
> >>> news:. com...
> >>>
> >>>> Hello Paul,
> >>>>
> >>>> For the DNS settings choose also the other DC as secondary on the
> >>>> NIC.
> >>>>
> >>> Also
> >>>
> >>>> post the output in command window from "netdom query fsmo" without
> >>>> the
> >>>>
> >>> quotes.
> >>>
> >>>> Then run repadmin /showrepl and post the output also. Run dcdiag
> >>>> and
> >>>>
> >>> netdiag
> >>>
> >>>> on both DC's and if you get errors post also the complete output.
> >>>>
> >>>> Best regards
> >>>>
> >>>> Meinolf Weber
> >>>> Disclaimer: This posting is provided "AS IS" with no warranties,
> >>>> and
> >>> confers
> >>>
> >>>> no rights.
> >>>> ** Please do NOT email, only reply to Newsgroups
> >>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> >>>>>> Did you configure the FORWARDERS in the DNS management console
> >>>>>> under the server properties?
> >>>>>>
> >>>>> Yes. I deleted the DNS forwarders and re-entered them. I am now
> >>>>> able to browse if I point the new serve to itself as the DNS
> >>>>> server. I think this part is fixed. Thanks for pointing me in the
> >>>>> right direction on this :-) :-) (or what ever a super happy face
> >>>>> is!)
> >>>>>
> >>>>>> Did you move all 5 FSMO roles to the new server?
> >>>>>>
> >>>>> No, when I try I get "The transfer of the operations master role
> >>>>> cannot be
> >>>>> performed because the requested FSMO
> >>>>> operation failed. The current FSMO holder could not be contacted"
> >>>>>> Did you make the new DC Global catalog server?
> >>>>>>
> >>>>> Yes
> >>>>>
> >>>>> Old Server:
> >>>>> Windows IP Configuration
> >>>>> Host Name . . . . . . . . . . . . : SERVER1
> >>>>> Primary Dns Suffix . . . . . . . : ars.local
> >>>>> Node Type . . . . . . . . . . . . : Unknown
> >>>>> IP Routing Enabled. . . . . . . . : Yes
> >>>>> WINS Proxy Enabled. . . . . . . . : Yes
> >>>>> DNS Suffix Search List. . . . . . : ars.local
> >>>>> Ethernet adapter Local Area Connection:
> >>>>> Connection-specific DNS Suffix . :
> >>>>> Description . . . . . . . . . . . : Intel(R) PRO/1000 XT Network
> >>>>> Connection
> >>>>> Physical Address. . . . . . . . . : 00-0D-56-FD-47-D9
> >>>>> DHCP Enabled. . . . . . . . . . . : No
> >>>>> IP Address. . . . . . . . . . . . : 192.168.0.1
> >>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> >>>>> Default Gateway . . . . . . . . . : 192.168.0.254
> >>>>> DNS Servers . . . . . . . . . . . : 192.168.0.1
> >>>>> New Server:
> >>>>> Windows IP Configuration
> >>>>> Host Name . . . . . . . . . . . . : new-server
> >>>>> Primary Dns Suffix . . . . . . . : ars.local
> >>>>> Node Type . . . . . . . . . . . . : Unknown
> >>>>> IP Routing Enabled. . . . . . . . : No
> >>>>> WINS Proxy Enabled. . . . . . . . : No
> >>>>> DNS Suffix Search List. . . . . . : ars.local
> >>>>> Ethernet adapter Local Area Connection:
> >>>>> Connection-specific DNS Suffix . :
> >>>>> Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
> >>>>> Ethernet
> >>>>> Physical Address. . . . . . . . . : 00-1D-09-FF-97-24
> >>>>> DHCP Enabled. . . . . . . . . . . : No
> >>>>> IP Address. . . . . . . . . . . . : 192.168.0.185
> >>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> >>>>> Default Gateway . . . . . . . . . : 192.168.0.254
> >>>>> DNS Servers . . . . . . . . . . . : 192.168.0.1
> >>>>> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
> >>>>> news:. com...
> >>>>>> Hello Paul,
> >>>>>>
> >>>>>> Please post an unedited ipconfig /all from both DC's.
> >>>>>>
> >>>>>> Did you configure the FORWARDERS in the DNS management console
> >>>>>> under the server properties?
> >>>>>>
> >>>>>> Did you move all 5 FSMO roles to the new server?
> >>>>>>
> >>>>>> Did you make the new DC Global catalog server?
> >>>>>>
> >>>>>> Best regards
> >>>>>>
> >>>>>> Meinolf Weber
> >>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
> >>>>>> and
> >>>>> confers
> >>>>>
> >>>>>> no rights.
> >>>>>> ** Please do NOT email, only reply to Newsgroups
> >>>>>> ** HELP us help YOU!!!
> >>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
> >>>>>>> So I have been going through your list. I still have not been
> >>>>>>> able to get rid of any of the original errors that I posted.
> >>>>>>>
> >>>>>>> When I try to Transfer FSMO roles (change operations master,
> >>>>>>> change schema master, etc.) I get the following: "The transfer
> >>>>>>> of the operations master role cannot be performed because the
> >>>>>>> requested FSMO operation failed. The current FSMO holder could
> >>>>>>> not be contacted"
> >>>>>>>
> >>>>>>> As I stated in an earlier post I know that there are DNS issues.
> >>>>>>> 1. From the event logs
> >>>>>>> 2. If I take the old server offline and point a workstation DNS
> >>>>>>> setting to
> >>>>>>> the new server I cant browse.
> >>>>>>> I am sure that all of these issues are related, but not sure how
> >>>>>>> to
> >>>>>>> correct.
> >>>>>>> I have no idea what to do next
> >>>>>>> <Meinolf Weber> wrote in message
> >>>>>>> news:. com...
> >>>>>>>> Hello Paul,
> >>>>>>>>
> >>>>>>>> Check this list for the steps you have done or not, if not do
> >>>>>>>> it now and leave the old DC still up and running during the
> >>>>>>>> time:
> >>>>>>>>
> >>>>>>>> - On the old server open DNS management console and check that
> >>>>>>>> you are
> >>>>>>>>
> >>>>>>> running
> >>>>>>>
> >>>>>>>> Active directory integrated zone (easier for replication, if
> >>>>>>>> you have more then one DNS server)
> >>>>>>>>
> >>>>>>>> - run replmon, dcdiag and netdiag on the old machine to check
> >>>>>>>> for errors, if you have some post the complete output from the
> >>>>>>>> command here or solve them first
> >>>>>>>>
> >>>>>>>> - run adprep /forestprep and adprep /domainprep from the 2003
> >>>>>>>> installation disk against the 2000 server, with an account that
> >>>>>>>> is member of the Schema admins, to upgrade the schema to the
> >>>>>>>> new version
> >>>>>>>>
> >>>>>>>> - Install the new machine as a member server in your existing
> >>>>>>>> domain
> >>>>>>>>
> >>>>>>>> - configure a fixed ip and set the preferred DNS server to the
> >>>>>>>> old DNS
> >>>>>>>>
> >>>>>>> server
> >>>>>>>
> >>>>>>>> only
> >>>>>>>>
> >>>>>>>> - run dcpromo and follow the wizard to add the 2003 server to
> >>>>>>>> an existing domain
> >>>>>>>>
> >>>>>>>> - if you are prompted for DNS configuration choose Yes (also
> >>>>>>>> possible that no DNS preparation occur), then install DNS after
> >>>>>>>> the reboot
> >>>>>>>>
> >>>>>>>> - for DNS give the server time for replication, at least 15
> >>>>>>>> minutes.
> >>>>>>>>
> >>>>>>> Because
> >>>>>>>
> >>>>>>>> you use Active directory integrated zones it will automatically
> >>>>>>>> replicate the zones to the new server. Open DNS management
> >>>>>>>> console to check that
> >>>>>>>>
> >>>>>>> they
> >>>>>>>
> >>>>>>>> appear
> >>>>>>>>
> >>>>>>>> - if the new machine is domain controller and DNS server run
> >>>>>>>> again
> >>>>>>>>
> >>>>>>> replmon,
> >>>>>>>
> >>>>>>>> dcdiag and netdiag on both domain controllers
> >>>>>>>>
> >>>>>>>> - if you have no errors, make the new server Global catalog
> >>>>>>>> server, open Active directory Sites and Services and then
> >>>>>>>> double-click sitename,
> >>>>>>>>
> >>>>>>> double-click
> >>>>>>>
> >>>>>>>> Servers, click your domain controller, right-click NTDS
> >>>>>>>> Settings, and then click Properties, on the General tab, click
> >>>>>>>> to select the Global catalog check box
> >>>>>>>> (http://support.microsoft.com/?id=313994)
> >>>>>>>>
> >>>>>>>> - Transfer, NOT seize the 5 FSMO roles to the new Domain
> >>>>>>>> controller
> >>>>>>>>
> >>>>>>> (http://support.microsoft.com/kb/324801)
> >>>>>>>
> >>>>>>>> - you can see in the event viewer (Directory service) that the
> >>>>>>>> roles are transferred, also give it some time
> >>>>>>>>
> >>>>>>>> - reconfigure the DNS configuration on your NIC of the 2003
> >>>>>>>> server,
> >>>>>>>>
> >>>>>>> preferred
> >>>>>>>
> >>>>>>>> DNS itself, secondary the old one
> >>>>>>>>
> >>>>>>>> - if you use DHCP do not forget to reconfigure the scope
> >>>>>>>> settings to point to the new installed DNS server
> >>>>>>>>
> >>>>>>>> - export and import of DHCP database (if needed)
> >>>>>>>>
> >>>>>>> http://support.microsoft.com/kb/325473
> >>>>>>>
> >>>>>>>> Demoting
> >>>>>>>>
> >>>>>>>> - reconfigure your clients/servers that they not longer point
> >>>>>>>> to the old DC/DNS server on the NIC
> >>>>>>>>
> >>>>>>>> - to be sure that everything runs fine, disconnect the old DC
> >>>>>>>> from the
> >>>>>>>>
> >>>>>>> network
> >>>>>>>
> >>>>>>>> and check with clients and servers the connectivity, logon and
> >>>>>>>> also with one client a restart to see that everything is ok
> >>>>>>>>
> >>>>>>>> - then run dcpromo to demote the old DC, if it works fine the
> >>>>>>>> machine will move from the DC's OU to the computers container,
> >>>>>>>> where you can delete it by hand. Can be that you got an error
> >>>>>>>> during demoting at the beginning,
> >>>>>>>>
> >>>>>>> then
> >>>>>>>
> >>>>>>>> uncheck the Global catalog on that DC and try again
> >>>>>>>>
> >>>>>>>> - check the DNS management console, that all entries from the
> >>>>>>>> machine are disappeared or delete them by hand if the machine
> >>>>>>>> is off the network for
> >>>>>>>>
> >>>>>>> ever
> >>>>>>>
> >>>>>>>> Best regards
> >>>>>>>>
> >>>>>>>> Meinolf Weber
> >>>>>>>> Disclaimer: This posting is provided "AS IS" with no
> >>>>>>>> warranties,
> >>>>>>>> and
> >>>>>>> confers
> >>>>>>>
> >>>>>>>> no rights.
> >>>>>>>> ** Please do NOT email, only reply to Newsgroups
> >>>>>>>> ** HELP us help YOU!!!
> >>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
> >>>>>>>>> Thanks for your reply.
> >>>>>>>>>
> >>>>>>>>>> Did you install DNS also on the new server and point all
> >>>>>>>>>> clients to use
> >>>>>>>>>>
> >>>>>>>>> it?
> >>>>>>>>> DNS is installed. After shutting down the old server I changed
> >>>>>>>>> the
> >>>>>>>>> new
> >>>>>>>>> server to the old servers IP and rebooted.
> >>>>>>>>>> Did you configure the FORWARDERS in the DNS management
> >>>>>>>>>> console under the server properties?
> >>>>>>>>>>
> >>>>>>>>> I dont think so. I just "poked" around in the DNS console and
> >>>>>>>>> cant
> >>>>>>>>> even find
> >>>>>>>>> these settings.
> >>>>>>>>> Is there a (easy) way to export the entire DNS setup from the
> >>>>>>>>> old
> >>>>>>>>> server?
> >>>>>>>>>> Did you move all 5 FSMO roles to the new server?
> >>>>>>>>>>
> >>>>>>>>> I dont know what this means, so probably not.
> >>>>>>>>>
> >>>>>>>>>> Did you make the new DC Global catalog server?
> >>>>>>>>>>
> >>>>>>>>> Yes
> >>>>>>>>>
> >>>>>>>>> help... I'm over my head
> >>>>>>>>>
> >>>>>>>>> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
> >>>>>>>>> news:. com...
> >>>>>>>>>
> >>>>>>>>>> Hello Paul,
> >>>>>>>>>>
> >>>>>>>>>> Did you install DNS also on the new server and point all
> >>>>>>>>>> clients to use
> >>>>>>>>>>
> >>>>>>>>> it?
> >>>>>>>>>
> >>>>>>>>>> Did you configure the FORWARDERS in the DNS management
> >>>>>>>>>> console under the server properties?
> >>>>>>>>>>
> >>>>>>>>>> Did you move all 5 FSMO roles to the new server?
> >>>>>>>>>>
> >>>>>>>>>> Did you make the new DC Global catalog server?
> >>>>>>>>>>
> >>>>>>>>>> Best regards
> >>>>>>>>>>
> >>>>>>>>>> Meinolf Weber
> >>>>>>>>>> Disclaimer: This posting is provided "AS IS" with no
> >>>>>>>>>> warranties,
> >>>>>>>>>> and
> >>>>>>>>> confers
> >>>>>>>>>
> >>>>>>>>>> no rights.
> >>>>>>>>>> ** Please do NOT email, only reply to Newsgroups
> >>>>>>>>>> ** HELP us help YOU!!!
> >>>>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
> >>>>>>>>>>> I am trying to migrate from an old W2K3 Active Directory
> >>>>>>>>>>> domain controller to a new one. Eventually I want to remove
> >>>>>>>>>>> the old server from the network. I have never done this
> >>>>>>>>>>> before and it is a little bit out of my league so I
> >>>>>>>>>>> Googled, read and hopefully followed several articles that I
> >>>>>>>>>>> found, but am still getting some errors logged.
> >>>>>>>>>>>
> >>>>>>>>>>> The list of AD users, computers etc replicated over to the
> >>>>>>>>>>> new server, but when I turn off the old one no one can log
> >>>>>>>>>>> in and there is no Internet access. I think both of these
> >>>>>>>>>>> problems are due to DNS (which I really understand about 1%
> >>>>>>>>>>> of). There are no errors in the DNS log though (just info
> >>>>>>>>>>> that the service started).
> >>>>>>>>>>>
> >>>>>>>>>>> Most of the computers have fixed IPs so DHCP isn't really an
> >>>>>>>>>>> issue, but the DHCP service is also failing.
> >>>>>>>>>>>
> >>>>>>>>>>> I'm hoping from the log files someone can give me some
> >>>>>>>>>>> specific things to try as opposed to links to articles that
> >>>>>>>>>>> are above my understanding.
> >>>>>>>>>>>
> >>>>>>>>>>> Your help is much appreciated.
> >>>>>>>>>>>
> >>>>>>>>>>> System Log:
> >>>>>>>>>>>
> >>>>>>>>>>> Event ID 1059
> >>>>>>>>>>> The DHCP service failed to see a directory server for
> >>>>>>>>>>> authorization.
> >>>>>>>>>>> Directory Service Log:
> >>>>>>>>>>> Event ID 2088
> >>>>>>>>>>> Active Directory could not use DNS to resolve the IP address
> >>>>>>>>>>> of
> >>>>>>>>>>> the
> >>>>>>>>>>> source
> >>>>>>>>>>> domain controller listed below. To maintain the consistency
> >>>>>>>>>>> of
> >>>>>>>>>>> Security
> >>>>>>>>>>> groups, group policy, users and computers and their
> >>>>>>>>>>> passwords,
> >>>>>>>>>>> Active
> >>>>>>>>>>> Directory successfully replicated using the NetBIOS or fully
> >>>>>>>>>>> qualified
> >>>>>>>>>>> computer name of the source domain controller.
> >>>>>>>>>>> Invalid DNS configuration may be affecting other essential
> >>>>>>>>>>> operations
> >>>>>>>>>>> on
> >>>>>>>>>>> member computers, domain controllers or application servers
> >>>>>>>>>>> in
> >>>>>>>>>>> this
> >>>>>>>>>>> Active
> >>>>>>>>>>> Directory forest, including logon authentication or access
> >>>>>>>>>>> to
> >>>>>>>>>>> network
> >>>>>>>>>>> resources.
> >>>>>>>>>>> (I cut out the rest of the error, let me know if it would be
> >>>>>>>>>>> helpful
> >>>>>>>>>>> to post
> >>>>>>>>>>> the entire message)
> >>>>>>>>>>> Event ID 1586
> >>>>>>>>>>> The Windows NT 4.0 or earlier replication checkpoint with
> >>>>>>>>>>> the
> >>>>>>>>>>> PDC
> >>>>>>>>>>> emulator
> >>>>>>>>>>> master was unsuccessful.
> >>>>>>>>>>> A full synchronization of the security accounts manager
> >>>>>>>>>>> (SAM)
> >>>>>>>>>>> database
> >>>>>>>>>>> to domain controllers running Windows NT 4.0 and earlier
> >>>>>>>>>>> might
> >>>>>>>>>>> take
> >>>>>>>>>>> place if the PDC emulator master role is transferred to the
> >>>>>>>>>>> local
> >>>>>>>>>>> domain controller before the next successful checkpoint.
> >>>>>>>>>>> Application Log:
> >>>>>>>>>>> Event ID5 3258
> >>>>>>>>>>> MS DTC could not correctly process a DC Promotion/Demotion
> >>>>>>>>>>> event.
> >>>>>>>>>>> MS
> >>>>>>>>>>> DTC
> >>>>>>>>>>> will continue to function and will use the existing security
> >>>>>>>>>>> settings.
> >>>>>>>>>>> Error
> >>>>>>>>>>> Specifics: %1
> >>>>>>>>>>> Event ID 53258
> >>>>>>>>>>> MS DTC could not correctly process a DC Promotion/Demotion
> >>>>>>>>>>> event.
> >>>>>>>>>>> MS
> >>>>>>>>>>> DTC
> >>>>>>>>>>> will continue to function and will use the existing security
> >>>>>>>>>>> settings.
> >>>>>>>>>>> Error
> >>>>>>>>>>> Specifics: d:\nt\com\complus\dtc\dtc\adme\uiname.cpp:9351,
> >>>>>>>>>>> Pid:
> >>>>>>>>>>> 1160
> >>>>>>>>>>> No Callstack, CmdLine: C:\WINDOWS\system32\msdtc.exe
>
>