DNS Error after migration from win2000 server to windows server 20

Discussion in 'DNS Server' started by saqib ahmad, Aug 10, 2009.

  1. saqib ahmad

    saqib ahmad Guest

    Dear

    After migration of AD from windows server 2000 to AD DS with DNS on win2008
    Ent Server , my DNS server is not allowing to add any forwarders as when I
    take properties of DNS and goes to Forwarders tab where the edit button is
    not hilighted to make any changes. further iam getting this error on event

    The DNS server has encountered a critical error from the Active Directory.
    Check that the Active Directory is functioning properly. The extended error
    debug information (which may be empty) is "80090322: SvcErr: DSID-07020405,
    problem 5005 (UNABLE_TO_PROCEED), data 0". The event data contains the error.

    Please Help !
     
    saqib ahmad, Aug 10, 2009
    #1
    1. Advertisements

  2. Hello saqib,

    Please give some more details about the way you migrated to 2008, especially
    how you configured DNS in the domain, AD integrated zones?

    Please post an unedited ipconfig /all from both DCs.

    Best regards

    Meinolf Weber
     
    Meinolf Weber [MVP-DS], Aug 10, 2009
    #2
    1. Advertisements

  3. saqib ahmad

    saqib ahmad Guest

    Dear,

    DNS is AD integrated zones on old server and same as in 2008 server,

    Old server ip config:-

    C:\Documents and Settings\Administrator>ipconfig /all

    Windows 2000 IP Configuration

    Host Name . . . . . . . . . . . . : mppkw-database
    Primary DNS Suffix . . . . . . . : mediaphoneplus.com
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : mediaphoneplus.com

    Ethernet adapter Local Area Connection 2:

    Media State . . . . . . . . . . . : Cable Disconnected
    Description . . . . . . . . . . . : NETGEAR GA302T Gigabit Adapter
    Physical Address. . . . . . . . . : 00-09-5B-62-9E-71

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
    Ethernet
    Physical Address. . . . . . . . . : 00-0C-76-20-A5-38
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.0.1
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.0.211
    DNS Servers . . . . . . . . . . . : 192.168.0.1
     
    saqib ahmad, Aug 10, 2009
    #3

  4. Hello saqib ahmad,

    What Replication Scope is the zone set to on the 2008 machine?
    Which DNS is the 2008 using? (I'm asking because you didn't post the 2008's
    ipconfig.)
    Have you tried to administer the 2008 DNS from the 2000 server? To do so,
    just add the 2008 DNS to the 2000 DNS console.

    --
    Ace

    This posting is provided "AS-IS" with no warranties or guarantees and
    confers no rights.

    Please reply back to the newsgroup or forum to benefit from collaboration
    among responding engineers, and to help others benefit from your resolution.

    Ace Fekay, MCT, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA Messaging
    Microsoft Certified Trainer

    For urgent issues, please contact Microsoft PSS directly. Please check
    http://support.microsoft.com for regional support phone numbers.
     
    Ace Fekay [MCT], Aug 10, 2009
    #4
  5. saqib ahmad

    saqib ahmad Guest

    Ace,

    I just recentlly done the migration. first I installed win2k8 Ent , prepared
    scema on old Dc by adprep /forestprep and adprep /domainprep /gcprep then run
    dcpromo on new server after its sucsefful chaged the IPs , now having this
    error, we have only one DC with AD intigrated DNS zone.

    ip config of new DC

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : MPPKWDC
    Primary Dns Suffix . . . . . . . : mediaphoneplus.com
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : mediaphoneplus.com

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE
    (NDIS
    VBD Client)
    Physical Address. . . . . . . . . : 00-21-5E-73-CC-B8
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    IPv4 Address. . . . . . . . . . . : 192.168.0.1(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.0.211
    DNS Servers . . . . . . . . . . . : 192.168.0.1
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter Local Area Connection* 8:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . :
    isatap.{1DF7FF44-A192-4AF6-8A6E-9D9F72B98
    933}
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Further more if you want to check

    Command Line: "dcdiag.exe
    /V /C /D /E /s:mediaphoneplus.com"

    Directory Server Diagnosis

    Performing initial setup:
    * Connecting to directory service on server mediaphoneplus.com.
    mediaphoneplus.com.currentTime = 20090810124132.0Z
    mediaphoneplus.com.highestCommittedUSN = 132628
    mediaphoneplus.com.isSynchronized = 1
    mediaphoneplus.com.isGlobalCatalogReady = 1
    * Identified AD Forest.
    Collecting AD specific global data
    * Collecting site info.
    Calling
    ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=mediaphoneplus,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
    The previous call succeeded
    Iterating through the sites
    Looking at base site object: CN=NTDS Site
    Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mediaphoneplus,DC=com
    Getting ISTG and options for the site
    * Identifying all servers.
    Calling
    ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=mediaphoneplus,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
    The previous call succeeded....
    The previous call succeeded
    Iterating through the list of servers
    Getting information for the server CN=NTDS
    Settings,CN=MPPKW-DATABASE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mediaphoneplus,DC=com
    objectGuid obtained
    InvocationID obtained
    dnsHostname obtained
    site info obtained
    All the info for the server collected
    Getting information for the server CN=NTDS
    Settings,CN=MPPKWDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mediaphoneplus,DC=com
    objectGuid obtained
    InvocationID obtained
    dnsHostname obtained
    site info obtained
    All the info for the server collected
    MPPKWDC.currentTime = 20090810124132.0Z
    MPPKWDC.highestCommittedUSN = 132628
    MPPKWDC.isSynchronized = 1
    MPPKWDC.isGlobalCatalogReady = 1
    * Identifying all NC cross-refs.
    * Found 2 DC(s). Testing 2 of them.
    Done gathering initial info.


    ===============================================Printing out pDsInfo

    GLOBAL:
    ulNumServers=2
    pszRootDomain=mediaphoneplus.com
    pszNC=
    pszRootDomainFQDN=DC=mediaphoneplus,DC=com
    pszConfigNc=CN=Configuration,DC=mediaphoneplus,DC=com
    pszPartitionsDn=CN=Partitions,CN=Configuration,DC=mediaphoneplus,DC=com
    fAdam=0
    iSiteOptions=0
    dwTombstoneLifeTimeDays=60

    dwForestBehaviorVersion=0

    HomeServer=1, MPPKWDC

    SERVER: pServer[0].pszName=MPPKW-DATABASE
    pServer[0].pszGuidDNSName (binding
    str)=1bb7337a-0345-474f-b2f6-d529fd9e7b07._msdcs.mediaphoneplus.com
    pServer[0].pszDNSName=mppkw-database.mediaphoneplus.com
    pServer[0].pszLdapPort=(null)
    pServer[0].pszSslPort=(null)
    pServer[0].pszDn=CN=NTDS
    Settings,CN=MPPKW-DATABASE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mediaphoneplus,DC=com
    pServer[0].pszComputerAccountDn=CN=MPPKW-DATABASE,OU=Domain
    Controllers,DC=mediaphoneplus,DC=com
    pServer[0].uuidObjectGuid=1bb7337a-0345-474f-b2f6-d529fd9e7b07
    pServer[0].uuidInvocationId=1bb7337a-0345-474f-b2f6-d529fd9e7b07
    pServer[0].iSite=0 (Default-First-Site-Name)
    pServer[0].iOptions=1
    pServer[0].ftLocalAcquireTime=00000000 00000000

    pServer[0].ftRemoteConnectTime=00000000 00000000

    pServer[0].ppszMaster/FullReplicaNCs:
    ppszMaster/FullReplicaNCs[0]=CN=Schema,CN=Configuration,DC=mediaphoneplus,DC=com
    ppszMaster/FullReplicaNCs[1]=CN=Configuration,DC=mediaphoneplus,DC=com
    ppszMaster/FullReplicaNCs[2]=DC=mediaphoneplus,DC=com

    SERVER: pServer[1].pszName=MPPKWDC
    pServer[1].pszGuidDNSName (binding
    str)=ecd83b58-f0e1-40ce-afc8-87f85390f073._msdcs.mediaphoneplus.com
    pServer[1].pszDNSName=MPPKWDC.mediaphoneplus.com
    pServer[1].pszLdapPort=(null)
    pServer[1].pszSslPort=(null)
    pServer[1].pszDn=CN=NTDS
    Settings,CN=MPPKWDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mediaphoneplus,DC=com
    pServer[1].pszComputerAccountDn=CN=MPPKWDC,OU=Domain
    Controllers,DC=mediaphoneplus,DC=com
    pServer[1].uuidObjectGuid=ecd83b58-f0e1-40ce-afc8-87f85390f073
    pServer[1].uuidInvocationId=7ef52711-9b32-4a85-bd17-d31bdf56e08e
    pServer[1].iSite=0 (Default-First-Site-Name)
    pServer[1].iOptions=1
    pServer[1].ftLocalAcquireTime=e3d2c0f0 01ca19b7

    pServer[1].ftRemoteConnectTime=e37fe600 01ca19b7

    pServer[1].ppszMaster/FullReplicaNCs:
    ppszMaster/FullReplicaNCs[0]=CN=Schema,CN=Configuration,DC=mediaphoneplus,DC=com
    ppszMaster/FullReplicaNCs[1]=CN=Configuration,DC=mediaphoneplus,DC=com
    ppszMaster/FullReplicaNCs[2]=DC=mediaphoneplus,DC=com

    SITES: pSites[0].pszName=Default-First-Site-Name
    pSites[0].pszSiteSettings=CN=NTDS Site
    Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mediaphoneplus,DC=com
    pSites[0].pszISTG=CN=NTDS
    Settings,CN=MPPKWDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mediaphoneplus,DC=com
    pSites[0].iSiteOption=0

    pSites[0].cServers=2

    NC: pNCs[0].pszName=Schema
    pNCs[0].pszDn=CN=Schema,CN=Configuration,DC=mediaphoneplus,DC=com

    pNCs[0].aCrInfo[0].dwFlags=0x00000201
    pNCs[0].aCrInfo[0].pszDn=CN=Enterprise
    Schema,CN=Partitions,CN=Configuration,DC=mediaphoneplus,DC=com
    pNCs[0].aCrInfo[0].pszDnsRoot=mediaphoneplus.com
    pNCs[0].aCrInfo[0].iSourceServer=1
    pNCs[0].aCrInfo[0].pszSourceServer=(null)
    pNCs[0].aCrInfo[0].ulSystemFlags=0x00000001
    pNCs[0].aCrInfo[0].bEnabled=TRUE
    pNCs[0].aCrInfo[0].ftWhenCreated=00000000 00000000
    pNCs[0].aCrInfo[0].pszSDReferenceDomain=(null)
    pNCs[0].aCrInfo[0].pszNetBiosName=(null)
    pNCs[0].aCrInfo[0].cReplicas=-1
    pNCs[0].aCrInfo[0].aszReplicas=


    NC: pNCs[1].pszName=Configuration
    pNCs[1].pszDn=CN=Configuration,DC=mediaphoneplus,DC=com

    pNCs[1].aCrInfo[0].dwFlags=0x00000201
    pNCs[1].aCrInfo[0].pszDn=CN=Enterprise
    Configuration,CN=Partitions,CN=Configuration,DC=mediaphoneplus,DC=com
    pNCs[1].aCrInfo[0].pszDnsRoot=mediaphoneplus.com
    pNCs[1].aCrInfo[0].iSourceServer=1
    pNCs[1].aCrInfo[0].pszSourceServer=(null)
    pNCs[1].aCrInfo[0].ulSystemFlags=0x00000001
    pNCs[1].aCrInfo[0].bEnabled=TRUE
    pNCs[1].aCrInfo[0].ftWhenCreated=00000000 00000000
    pNCs[1].aCrInfo[0].pszSDReferenceDomain=(null)
    pNCs[1].aCrInfo[0].pszNetBiosName=(null)
    pNCs[1].aCrInfo[0].cReplicas=-1
    pNCs[1].aCrInfo[0].aszReplicas=


    NC: pNCs[2].pszName=mediaphoneplus
    pNCs[2].pszDn=DC=mediaphoneplus,DC=com

    pNCs[2].aCrInfo[0].dwFlags=0x00000201
    pNCs[2].aCrInfo[0].pszDn=CN=MEDIAPHONEPLUS,CN=Partitions,CN=Configuration,DC=mediaphoneplus,DC=com
    pNCs[2].aCrInfo[0].pszDnsRoot=mediaphoneplus.com
    pNCs[2].aCrInfo[0].iSourceServer=1
    pNCs[2].aCrInfo[0].pszSourceServer=(null)
    pNCs[2].aCrInfo[0].ulSystemFlags=0x00000003
    pNCs[2].aCrInfo[0].bEnabled=TRUE
    pNCs[2].aCrInfo[0].ftWhenCreated=00000000 00000000
    pNCs[2].aCrInfo[0].pszSDReferenceDomain=(null)
    pNCs[2].aCrInfo[0].pszNetBiosName=(null)
    pNCs[2].aCrInfo[0].cReplicas=-1
    pNCs[2].aCrInfo[0].aszReplicas=


    3 NC TARGETS: Schema, Configuration, mediaphoneplus,
    2 TARGETS: MPPKW-DATABASE, MPPKWDC,

    =============================================Done Printing pDsInfo

    Doing initial required tests

    Testing server: Default-First-Site-Name\MPPKW-DATABASE
    Starting test: Connectivity
    * Active Directory LDAP Services Check
    A directory service error has occurred..
    ......................... MPPKW-DATABASE failed test Connectivity

    Testing server: Default-First-Site-Name\MPPKWDC
    Starting test: Connectivity
    * Active Directory LDAP Services Check
    Determining IP4 connectivity
    Determining IP6 connectivity
    Failure Analysis: MPPKWDC ... OK.
    * Active Directory RPC Services Check
    ......................... MPPKWDC passed test Connectivity

    Doing primary tests

    Testing server: Default-First-Site-Name\MPPKW-DATABASE
    Skipping all tests, because server MPPKW-DATABASE is not responding to
    directory service requests.

    Testing server: Default-First-Site-Name\MPPKWDC
    Starting test: Advertising
    The DC MPPKWDC is advertising itself as a DC and having a DS.
    The DC MPPKWDC is advertising as an LDAP server
    The DC MPPKWDC is advertising as having a writeable directory
    The DC MPPKWDC is advertising as a Key Distribution Center
    The DC MPPKWDC is advertising as a time server
    The DS MPPKWDC is advertising as a GC.
    ......................... MPPKWDC passed test Advertising
    Starting test: CheckSecurityError
    * Dr Auth: Beginning security errors check!
    Found KDC MPPKWDC for domain mediaphoneplus.com in site
    Default-First-Site-Name
    Checking machine account for DC MPPKWDC on DC MPPKWDC.
    * SPN found :LDAP/MPPKWDC.mediaphoneplus.com/mediaphoneplus.com
    * SPN found :LDAP/MPPKWDC.mediaphoneplus.com
    * SPN found :LDAP/MPPKWDC
    * SPN found :LDAP/MPPKWDC.mediaphoneplus.com/MEDIAPHONEPLUS
    * SPN found
    :LDAP/ecd83b58-f0e1-40ce-afc8-87f85390f073._msdcs.mediaphoneplus.com
    * SPN found
    :E3514235-4B06-11D1-AB04-00C04FC2DCD2/ecd83b58-f0e1-40ce-afc8-87f85390f073/mediaphoneplus.com
    * SPN found :HOST/MPPKWDC.mediaphoneplus.com/mediaphoneplus.com
    * SPN found :HOST/MPPKWDC.mediaphoneplus.com
    * SPN found :HOST/MPPKWDC
    * SPN found :HOST/MPPKWDC.mediaphoneplus.com/MEDIAPHONEPLUS
    * SPN found :GC/MPPKWDC.mediaphoneplus.com/mediaphoneplus.com
    [MPPKWDC] No security related replication errors were found on this
    DC! To target the connection to a specific source DC use
    /ReplSource:<DC>.
    ......................... MPPKWDC passed test CheckSecurityError
    Starting test: CutoffServers
     
    saqib ahmad, Aug 10, 2009
    #5

  6. Hello saqib ahmad,

    I see a couple of problems. First is the Root zone. Why does the Root zone
    exist in DNS? That is a zone that only shows up with a dot (a period,
    actually). Please delete the zone.

    One of the other problems I see is:

    Please read the following articles on this issue

    "Logon failure: the target account name is incorrect" error when ..."Logon
    failure: the target account name is incorrect" error when promoting ....
    1396 mm/dd hh:mm:ss [ERROR] Failed to install to Directory Service (1396)
    ....
    http://support.microsoft.com/kb/296993 - Similar

    Fixing Replication Security Problems: Active DirectoryMar 2, 2005 ... Logon
    failure: unknown user name or bad password. 1396. Logon failure: The target
    account name is incorrect. ...
    http://technet.microsoft.com/en-us/library/cc780907(WS.10).aspx


    Also, you said you only have the one DC now? From your description I thought
    you have two DCs? So what happened to the other DC? Was it demoted? The
    following error indicates an issue with replication between the DCs. That's
    why I'm asking. Can you clear that up?

    Ace
     
    Ace Fekay [MCT], Aug 10, 2009
    #6
  7. saqib ahmad

    saqib ahmad Guest

    Ace,

    Well I didnt demoted it yet just turned it of for the testing of new DC as
    old DC hardware is also very old can not be run due to heating problem but in
    case i can turn it on anytime as it is still fixed in rack will be demoted
    after testing new DC.
    Further more please give step by step fixing now from where do I start as i
    think its all mess up now. i have lots of problems with GPOs and DNS .


     
    saqib ahmad, Aug 10, 2009
    #7

  8. The errors are simply beacuse the old box is turned off. You need to demote
    it, not unplug it. AD still thinks it's there, and wants to replicate, but
    it can't, hence why the replication problems and other errors. Turn it back
    on, allow replication to occur, re-check the event viewer, re-run the
    dcdiag. If all comes up clean, demote the old box, but DO NOT turn it off
    until so.

    Ace
     
    Ace Fekay [MCT], Aug 10, 2009
    #8
  9. saqib ahmad

    saqib ahmad Guest

    Ace,

    I Have deleted the .root zone now iam having this error :-

    The DNS server was unable to create the built-in directory partition
    ForestDnsZones.mediaphoneplus.com. The error was 9906.

    and

    The DNS server was unable to create the built-in directory partition
    DomainDnsZones.mediaphoneplus.com. The error was 9906.

    what to do with this i have tried to creat default application directory
    partition but it says the domain controller holding the domain naming master
    role is down or unable to service the request or is not runninf windows
    server 2003.


    Thanks
    Saqib
     
    saqib ahmad, Aug 11, 2009
    #9
  10. Did you turn on the old box, as I said? It's obviously lookinf for the
    Domain Naming Master FSMO role, which is on the other box.

    If you don't want the old machine, you will need to demote it, ensure FMSOs
    got transferred, and make the new machine a GC.

    Otherwise you will continue to have problems.

    Ace
     
    Ace Fekay [MCT], Aug 11, 2009
    #10
  11. Hello saqib,

    Ace already gave you the needed information to go on solving the problems.
    So waiting for your answer about what you have done.

    Best regards

    Meinolf Weber
     
    Meinolf Weber [MVP-DS], Aug 11, 2009
    #11
  12. saqib ahmad

    saqib ahmad Guest

    Dear,

    Okay now its done all roles transfered done

    C:\Users\it_admin>netdom query fsmo
    Schema master MPPKWDC.mediaphoneplus.com
    Domain naming master MPPKWDC.mediaphoneplus.com
    PDC MPPKWDC.mediaphoneplus.com
    RID pool manager MPPKWDC.mediaphoneplus.com
    Infrastructure master MPPKWDC.mediaphoneplus.com
    The command completed successfully.


    now check these error logs from dns


    The DNS server has encountered a critical error from the Active Directory.
    Check that the Active Directory is functioning properly. The extended error
    debug information (which may be empty) is "80090322: SvcErr: DSID-07020405,
    problem 5005 (UNABLE_TO_PROCEED), data 0". The event data contains the error.


    Please check and update
     
    saqib ahmad, Aug 13, 2009
    #12
  13. What is the EventID# for the error you posted ? Is it 4015, source = DNS?
    (please help us by providing necessary information).

    Also, did you transferred the roles while the other DC was online or
    offline?

    If Offline:
    Run the Metadata Cleanup procedure to remove its reference out of the AD
    database
    Delete its reference in Sites and Services
    Never bring up the old DC again.

    If online:
    If you don't want the machine anymore, demote it properly (run dcpromo and
    remove it)
    Delete its reference in Sites and Services.

    Please provide us with any other information that may have been excluded. If
    there are any other event log errors, always provide the EventID# and Source
    names, please.

    Ace
     
    Ace Fekay [MCT], Aug 13, 2009
    #13
  14. saqib ahmad

    saqib ahmad Guest

    Ace,

    EventID#4015, source = DNS

    and i transferred the roles while the other DC was online
     
    saqib ahmad, Aug 15, 2009
    #14

  15. Good to hear. Did you demote the old machine?
     
    Ace Fekay [MCT], Aug 15, 2009
    #15
  16. saqib ahmad

    saqib ahmad Guest

    Ace,

    I Have demoted the server and seams every thing fine now.

    Thanks everyone in this help.

    Saqib
     
    saqib ahmad, Aug 20, 2009
    #16
  17. Good to hear, Saqib! You are welcome.

    Ace
     
    Ace Fekay [MCT], Aug 20, 2009
    #17
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.