Migrate Win2000 to Win2003-R2

Discussion in 'Server Migration' started by vvii, May 7, 2007.

  1. vvii

    vvii Guest

    Hello all,

    I have 3 servers:
    Win2000 (all 5 FSMOs, DNS and DHCP)
    Win2003 (Exchange, File Server)
    Win2003-R2 (New Server X32)

    I am trying to migrating FSMOs rights, DNS and DHCP services from Win2000 to
    Win2003-R2. Win2000 will continue as a backup DNS and DHCP server.

    1) What tools or steps should I transfer all the FSMOs to the Win2003-R2?
    2) How can I make Win2003-R2 as a primary DNS and DHCP?
    3) How should I change the Win2000 from Primary role to a secondary backup
    DNS and DHCP roles.

    Thanks in advance.
     
    vvii, May 7, 2007
    #1
    1. Advertisements

  2. Hello,

    Thank you for using newsgroup!

    From your post, you may promote the Windows Server 2003 R2 to be a DC, then
    transfer the FSMO to Windows Server 2003 R2. For transfering FSMO, please
    refer to the following KB:
    How to view and transfer FSMO roles in Windows Server 2003
    http://support.microsoft.com/kb/324801/en-us

    DNS data doesn't need to be migrated, you may create an AD integrated zone
    on the new Server, DNS data will be replicated follow AD replication.

    For DHCP, you may follow this KB:
    How to move a DHCP database from a computer that is running Windows NT
    Server 4.0, Windows 2000, or Windows Server 2003 to a computer that is
    running Windows Server 2003
    http://support.microsoft.com/kb/325473/en-us

    DHCP doesn't allow two same pools of IP addresses on a given subnet. If you
    want to deploy two DHCP Server on single network , a common practice is to
    use the 80/20 design rule for balancing scope distribution of addresses.
    For more information, please refer to the following documents:
    DHCP Best Practices
    http://technet2.microsoft.com/windowsserver/en/library/85add012-1c2c-41bb-b1
    ae-11bc07485ee31033.mspx?mfr=true
    Configuring scopes
    http://technet2.microsoft.com/windowsserver/en/library/b9b1845d-19f2-4f13-8a
    7b-95ca35b021981033.mspx?mfr=true

    Hope this helps.

    Mike Luo

    Microsoft Online Partner Support
    Get Secure! - www.microsoft.com/security

    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Mike Luo [MSFT], May 8, 2007
    #2
    1. Advertisements

  3. vvii

    vvii Guest

    Thanks for your reply, now my Win2003-R2 has became a DC, and I also
    transferred all FSMOs to Win2003-R2.

    However, I remember that we should never place a GC and Infrastructure
    Master Role on a same server, it will cause the other servers never replicate
    or something like that, so should I place the Infrastructure Master Role on
    Win2003 instead of Win2003-R2? Should I separate those FSMOs in a different
    server?

    Current situation:
    Win2000 (Primary DNS and DHCP)
    Win2003 (Secondary DNS)
    Win2003-R2 (Nothing)

    Goal:
    Win2000 (Third backup only if possible) - not necessary
    Win2003 (Primary DNS and DHCP)
    Win2003-R2 (Secondary DNS and DHCP)

    How can I achieve the goal above?

    Thanks
    vvii
     
    vvii, May 8, 2007
    #3
  4. Hello,

    "we should never place a GC and Infrastructure Master Role on a same server
    " is for multiple domain environment. You may ignore this issue in the
    single domain.

    For migration issue, you may refer to the first post.

    Thanks & Regards,

    Mike Luo

    Microsoft Online Partner Support
    Get Secure! - www.microsoft.com/security

    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Mike Luo [MSFT], May 9, 2007
    #4
  5. vvii

    vvii Guest

    After I have transfer all the FSMOs to Win03-R2, when I check any of the
    operation master role, such as RID, PDC, it would said:

    Operations master: ERROR
    The current operations master is offline. The role cannot be transfer.

    And when I Open the "AD Domains and Trusts" to check the operations master,
    I have an error message:

    The following domain controller could not be contacted: Win03-R2. The RPC
    server is unavailable.
     
    vvii, May 10, 2007
    #5
  6. vvii

    vvii Guest

    After I have transfer all the FSMOs to Win03-R2, when I check any of the
    operation master role, such as RID, PDC, it would said:

    Operations master: ERROR
    The current operations master is offline. The role cannot be transfer.

    And when I Open the "AD Domains and Trusts" to check the operations master,
    I have an error message:

    The following domain controller could not be contacted: Win03-R2. The RPC
    server is unavailable.

    I am getting "NTDS KCC" message in the event viewer, is there something I
    have to do to my DNS???
     
    vvii, May 11, 2007
    #6
  7. Hello,

    I suggest you follow these steps to troubelshoot the problem:
    1. Ensure that Win03-R2 point to internal DNS, not to ISP's DNS.
    1. Ping Win03-R2 DNS Name, to see if the name can be resolve to the IP
    address.
    2. Ping it's IP address, make sure the network is fine.
    3. Run Dcdiag /v >c:\Dcdiag.txt and Netdiag /v >Netdiag.txt command to
    diagnose DC.
    4. Save the problematic computer's Application and System event log to .evt
    file, post these files into newsgroup, so we can perform future
    troubleshooting.

    Thanks & Regards,

    Mike Luo

    Microsoft Online Partner Support
    Get Secure! - www.microsoft.com/security

    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Mike Luo [MSFT], May 14, 2007
    #7
  8. vvii

    vvii Guest

    Just want to let you know that before I transfered the FSMOs from the WIN2000
    Server to the WIN03R2, I only ran the adprep /forestprep, but not the adprerp
    /domainprep.

    Today, I just make the WIN03R2 to be a globe catalog.

    Here are the result:

    Win03R2 Server can ping successfully against any other internal servers, go
    on website etc.

    Windows IP Configuration
    Host Name . . . . . . . . . . . . : Win03R2
    Primary Dns Suffix . . . . . . . : X.com
    Node Type . . . . . . . . . . . . : Unknown
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : X.com

    Ethernet adapter Local Area Connection 2:
    Connection-specific DNS Suffix . :
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.1.7
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.1.1
    DNS Servers . . . . . . . . . . . : 192.168.1.2
    192.168.1.4

    But none of the other server can ping against Win03R2

    Pinging 192.168.1.7 with 32 bytes of data:
    Request timed out.
    Request timed out.
    Request timed out.
    Request timed out.

    Ping statistics for 192.168.1.7:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

    Here is the result after I ran Dcdiag /v:

    Domain Controller Diagnosis

    Performing initial setup:
    * Verifying that the local machine WIN03R2, is a DC.
    * Connecting to directory service on server WIN03R2.
    * Collecting site info.
    * Identifying all servers.
    * Identifying all NC cross-refs.
    * Found 3 DC(s). Testing 1 of them.
    Done gathering initial info.

    Doing initial required tests

    Testing server: Default-First-Site-Name\WIN03R2
    Starting test: Connectivity
    * Active Directory LDAP Services Check
    * Active Directory RPC Services Check
    ......................... WIN03R2 passed test Connectivity

    Doing primary tests

    Testing server: Default-First-Site-Name\WIN03R2
    Starting test: Replications
    * Replications Check
    REPLICATION LATENCY WARNING
    ERROR: Expected notification link is missing.
    Source WIN2003
    Replication of new changes along this path will be delayed.
    This problem should self-correct on the next periodic sync.
    REPLICATION LATENCY WARNING
    ERROR: Expected notification link is missing.
    Source WIN2003
    Replication of new changes along this path will be delayed.
    This problem should self-correct on the next periodic sync.
    * Replication Latency Check
    * Replication Site Latency Check
    ......................... WIN03R2 passed test Replications
    Test omitted by user request: Topology
    Test omitted by user request: CutoffServers
    Starting test: NCSecDesc
    * Security Permissions check for all NC's on DC WIN03R2.
    * Security Permissions Check for
    CN=Schema,CN=Configuration,DC=X,DC=com
    (Schema,Version 2)
    * Security Permissions Check for
    CN=Configuration,DC=X,DC=com
    (Configuration,Version 2)
    * Security Permissions Check for
    DC=X,DC=com
    (Domain,Version 2)
    ......................... WIN03R2 passed test NCSecDesc
    Starting test: NetLogons
    * Network Logons Privileges Check
    Unable to connect to the NETLOGON share! (\\WIN03R2\netlogon)
    [WIN03R2] An net use or LsaPolicy operation failed with error 1203,
    No network provider accepted the given network path..
    ......................... WIN03R2 failed test NetLogons
    Starting test: Advertising
    Warning: DsGetDcName returned information for \\WIN2000.X.com, when
    we were trying to reach WIN03R2.
    Server is not responding or is not considered suitable.
    The DC WIN03R2 is advertising itself as a DC and having a DS.
    The DC WIN03R2 is advertising as an LDAP server
    The DC WIN03R2 is advertising as having a writeable directory
    The DC WIN03R2 is advertising as a Key Distribution Center
    The DC WIN03R2 is advertising as a time server
    ......................... WIN03R2 failed test Advertising
    Starting test: KnowsOfRoleHolders
    Role Schema Owner = CN=NTDS
    Settings,CN=WIN2000,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=X,DC=com
    Role Domain Owner = CN=NTDS
    Settings,CN=WIN03R2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=X,DC=com
    Role PDC Owner = CN=NTDS
    Settings,CN=WIN03R2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=X,DC=com
    Role Rid Owner = CN=NTDS
    Settings,CN=WIN03R2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=X,DC=com
    Role Infrastructure Update Owner = CN=NTDS
    Settings,CN=WIN03R2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=X,DC=com
    ......................... WIN03R2 passed test KnowsOfRoleHolders
    Starting test: RidManager
    * Available RID Pool for the Domain is 3106 to 1073741823
    * WIN03R2.X.com is the RID Master
    * DsBind with RID Master was successful
    * rIDAllocationPool is 2606 to 3105
    * rIDPreviousAllocationPool is 2606 to 3105
    * rIDNextRID: 2606
    ......................... WIN03R2 passed test RidManager
    Starting test: MachineAccount
    Checking machine account for DC WIN03R2 on DC WIN03R2 .
    * SPN found :LDAP/WIN03R2 .X.com/X.com
    * SPN found :LDAP/WIN03R2 .X.com
    * SPN found :LDAP/WIN03R2
    * SPN found :LDAP/WIN03R2.X.com/X
    * SPN found :LDAP/5ab0fa47-7945-4304-a016-4d61457fa000._msdcs.X.com
    * SPN found
    :E3514235-4B06-11D1-AB04-00C04FC2DCD2/5ab0fa47-7945-4304-a016-4d61457fa000/X.com
    * SPN found :HOST/WIN03R2.X.com/X.com
    * SPN found :HOST/WIN03R2.X.com
    * SPN found :HOST/WIN03R2
    * SPN found :HOST/WIN03R2.X.com/X
    * SPN found :GC/WIN03R2.X.com/X.com
    ......................... WIN03R2 passed test MachineAccount
    Starting test: Services
    * Checking Service: Dnscache
    * Checking Service: NtFrs
    * Checking Service: IsmServ
    * Checking Service: kdc
    * Checking Service: SamSs
    * Checking Service: LanmanServer
    * Checking Service: LanmanWorkstation
    * Checking Service: RpcSs
    * Checking Service: w32time
    * Checking Service: NETLOGON
    ......................... WIN03R2 passed test Services
    Test omitted by user request: OutboundSecureChannels
    Starting test: ObjectsReplicated
    WIN03R2 is in domain DC=X,DC=com
    Checking for CN=WIN03R2,OU=Domain Controllers,DC=X,DC=com in domain
    DC=X,DC=com on 1 servers
    Object is up-to-date on all servers.
    Checking for CN=NTDS
    Settings,CN=WIN03R2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=X,DC=com in domain CN=Configuration,DC=X,DC=com on 1 servers
    Object is up-to-date on all servers.
    ......................... WIN03R2 passed test ObjectsReplicated
    Starting test: frssysvol
    * The File Replication Service SYSVOL ready test
    The registry lookup failed to determine the state of the SYSVOL. The

    error returned was 0 (The operation completed successfully.). Check

    the FRS event log to see if the SYSVOL has successfully been shared.
    ......................... WIN03R2 passed test frssysvol
    Starting test: frsevent
    * The File Replication Service Event log test
    There are warning or error events within the last 24 hours after the

    SYSVOL has been shared. Failing SYSVOL replication problems may
    cause

    Group Policy problems.
    An Warning Event occured. EventID: 0x800034C4
    Time Generated: 05/13/2007 17:35:34
    (Event String could not be retrieved)
    An Warning Event occured. EventID: 0x800034C4
    Time Generated: 05/13/2007 19:12:07
    (Event String could not be retrieved)
    An Warning Event occured. EventID: 0x800034C4
    Time Generated: 05/13/2007 19:55:09
    (Event String could not be retrieved)
    ......................... WIN03R2 failed test frsevent
    Starting test: kccevent
    * The KCC Event log test
    Found no KCC errors in Directory Service Event log in the last 15
    minutes.
    ......................... WIN03R2 passed test kccevent
    Starting test: systemlog
    * The System Event log test
    An Error Event occured. EventID: 0x00000457
    Time Generated: 05/14/2007 08:59:08
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0x00000457
    Time Generated: 05/14/2007 08:59:09
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0x00000457
    Time Generated: 05/14/2007 08:59:09
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0x00000457
    Time Generated: 05/14/2007 09:05:25
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0x00000457
    Time Generated: 05/14/2007 09:05:25
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0x00000457
    Time Generated: 05/14/2007 09:05:25
    (Event String could not be retrieved)
    ......................... WIN03R2 failed test systemlog
    Test omitted by user request: VerifyReplicas
    Starting test: VerifyReferences
    The system object reference (serverReference)

    CN=WIN03R2,OU=Domain Controllers,DC=X,DC=com and backlink on


    CN=WIN03R2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=X,DC=com

    are correct.
    The system object reference (frsComputerReferenceBL)

    CN=WIN03R2,CN=Domain System Volume (SYSVOL share),CN=File
    Replication Service,CN=System,DC=X,DC=com

    and backlink on CN=WIN03R2,OU=Domain Controllers,DC=X,DC=com

    are correct.
    The system object reference (serverReferenceBL)

    CN=WIN03R2,CN=Domain System Volume (SYSVOL share),CN=File
    Replication Service,CN=System,DC=X,DC=com

    and backlink on

    CN=NTDS
    Settings,CN=WIN03R2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=X,DC=com

    are correct.
    ......................... WIN03R2 passed test VerifyReferences
    Test omitted by user request: VerifyEnterpriseReferences
    Test omitted by user request: CheckSecurityError

    Running partition tests on : Schema
    Starting test: CrossRefValidation
    ......................... Schema passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... Schema passed test CheckSDRefDom

    Running partition tests on : Configuration
    Starting test: CrossRefValidation
    ......................... Configuration passed test
    CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... Configuration passed test CheckSDRefDom

    Running partition tests on : X
    Starting test: CrossRefValidation
    ......................... X passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... X passed test CheckSDRefDom

    Running enterprise tests on : X.com
    Starting test: Intersite
    Skipping site Default-First-Site-Name, this site is outside the scope

    provided by the command line arguments provided.
    ......................... X.com passed test Intersite
    Starting test: FsmoCheck
    GC Name: \\WIN2000.X.com
    Locator Flags: 0xe00001fc
    PDC Name: \\WIN03R2.X.com
    Locator Flags: 0xe00001f9
    Time Server Name: \\WIN2000.X.com
    Locator Flags: 0xe00001fc
    Preferred Time Server Name: \\WIN2000.X.com
    Locator Flags: 0xe00001fc
    KDC Name: \\WIN2000.X.com
    Locator Flags: 0xe00001fc
    ......................... X.com passed test FsmoCheck
    Test omitted by user request: DNS
    Test omitted by user request: DNS
     
    vvii, May 14, 2007
    #8
  9. Hello,

    The result indicates the DC has trouble. Based on your upgrade process, you
    did not run adprerp /domainprep. In fact, the adprep /forestprep and
    adprerp /domainprep are required before the Windows Server 2003 joins to
    Windows 2000 domain. For more information, please refer to the following KB:
    How to upgrade Windows 2000 domain controllers to Windows Server 2003
    http://support.microsoft.com/kb/325379/en-us

    If you did not complete in upgrade, please follow the KB325379 to finish
    the domain upgrade.

    "can not ping this server from other" indicates there is a network problem.
    Perhapes the WIN03R2 is enabled Windows firewall. If so, please turn off
    the firewall, diagnose again. Post the result into newsgroup.

    Thanks & Regards,

    Mike Luo

    Microsoft Online Partner Support
    Get Secure! - www.microsoft.com/security

    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Mike Luo [MSFT], May 15, 2007
    #9
  10. vvii

    vvii Guest

    Thanks for your reply.

    I have read the link below for couple time, and it only tell you what you
    should do inorder to upgrade from 2000 to 2003, however, it doesn't tell you
    anything on what you should do, once I have transfered the FSMOs roles and
    getting fsr ERROR.

    It would be much appriate if you can direct me the right information. From
    what I understand, some of the information in my WIN03R2 is still in WIN2000
    format, since I didn't complete the adprep /domainprep command. so is there a
    way to correct this problems?

    Here is the result for netdiag /v on the command line:

    Domain membership test . . . . . . : Failed
    [WARNING] Ths system volume has not been completely replicated to the
    local machine. This machine is not working properly as a DC.
    Machine is a . . . . . . . . . : Primary Domain Controller Emulator
    Netbios Domain name. . . . . . : X
    Dns domain name. . . . . . . . : X.com
    Dns forest name. . . . . . . . : X.com
    Domain Guid. . . . . . . . . . : {F1C91614-11D2-4A2B-B600-D5AE9CCC4E0D}
    Domain Sid . . . . . . . . . . : S-1-5-21-117609710-789336058-1801674531
    Logon User . . . . . . . . . . : administrator
    Logon Domain . . . . . . . . . : X

    Here is the result for dcdiag /v on the command line:

    Testing server: Default-First-Site-Name\WIN03R2
    Starting test: Replications
    * Replications Check
    REPLICATION LATENCY WARNING
    ERROR: Expected notification link is missing.
    Source WIN2003
    Replication of new changes along this path will be delayed.
    This problem should self-correct on the next periodic sync.
    REPLICATION LATENCY WARNING
    ERROR: Expected notification link is missing.
    Source WIN2003
    Replication of new changes along this path will be delayed.
    This problem should self-correct on the next periodic sync.
    * Replication Latency Check
    * Replication Site Latency Check
    ......................... WIN03R2 passed test Replications
    Starting test: NetLogons
    * Network Logons Privileges Check
    Unable to connect to the NETLOGON share! (\\WIN03R2\netlogon)
    [WIN03R2] An net use or LsaPolicy operation failed with error 1203,
    No network provider accepted the given network path..
    ......................... WIN03R2 failed test NetLogons
    Starting test: Advertising
    Warning: DsGetDcName returned information for \\WIN2000.X.com, when
    we were trying to reach WIN03R2.
    Server is not responding or is not considered suitable.
    The DC WIN03R2 is advertising itself as a DC and having a DS.
    The DC WIN03R2 is advertising as an LDAP server
    The DC WIN03R2 is advertising as having a writeable directory
    The DC WIN03R2 is advertising as a Key Distribution Center
    The DC WIN03R2 is advertising as a time server
    The DS WIN03R2 is advertising as a GC.
    ......................... WIN03R2 failed test Advertising
    Starting test: KnowsOfRoleHolders
    Role Schema Owner = CN=NTDS
    Settings,CN=WIN2000,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=X,DC=com
    Role Domain Owner = CN=NTDS
    Settings,CN=WIN03R2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=X,DC=com
    Role PDC Owner = CN=NTDS
    Settings,CN=WIN03R2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=X,DC=com
    Role Rid Owner = CN=NTDS
    Settings,CN=WIN03R2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=X,DC=com
    Role Infrastructure Update Owner = CN=NTDS
    Settings,CN=WIN03R2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=X,DC=com
    ......................... WIN03R2 passed test KnowsOfRoleHolders
    Starting test: RidManager
    * Available RID Pool for the Domain is 3106 to 1073741823
    * WIN03R2.X.com is the RID Master
    * DsBind with RID Master was successful
    * rIDAllocationPool is 2606 to 3105
    * rIDPreviousAllocationPool is 2606 to 3105
    * rIDNextRID: 2606
    ......................... WIN03R2 passed test RidManager
    Starting test: MachineAccount
    Checking machine account for DC WIN03R2 on DC WIN03R2.
    * SPN found :LDAP/WIN03R2.X.com/X.com
    * SPN found :LDAP/WIN03R2.X.com
    * SPN found :LDAP/WIN03R2
    * SPN found :LDAP/WIN03R2.X.com/X
    * SPN found :LDAP/5ab0fa47-7945-4304-a016-4d61457fa000._msdcs.X.com
    * SPN found
    :E3514235-4B06-11D1-AB04-00C04FC2DCD2/5ab0fa47-7945-4304-a016-4d61457fa000/X.com
    * SPN found :HOST/WIN03R2.X.com/X.com
    * SPN found :HOST/WIN03R2.X.com
    * SPN found :HOST/WIN03R2
    * SPN found :HOST/WIN03R2.X.com/X
    * SPN found :GC/WIN03R2.X.com/X.com
    ......................... WIN03R2 passed test MachineAccount
    Starting test: Services
    * Checking Service: Dnscache
    * Checking Service: NtFrs
    * Checking Service: IsmServ
    * Checking Service: kdc
    * Checking Service: SamSs
    * Checking Service: LanmanServer
    * Checking Service: LanmanWorkstation
    * Checking Service: RpcSs
    * Checking Service: w32time
    * Checking Service: NETLOGON
    ......................... WIN03R2 passed test Services
    Test omitted by user request: OutboundSecureChannels
    Starting test: ObjectsReplicated
    WIN03R2 is in domain DC=X,DC=com
    Checking for CN=WIN03R2,OU=Domain Controllers,DC=X,DC=com in domain
    DC=X,DC=com on 1 servers
    Object is up-to-date on all servers.
    Checking for CN=NTDS
    Settings,CN=WIN03R2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=X,DC=com in domain CN=Configuration,DC=X,DC=com on 1 servers
    Object is up-to-date on all servers.
    ......................... WIN03R2 passed test ObjectsReplicated
    Starting test: frssysvol
    * The File Replication Service SYSVOL ready test
    The registry lookup failed to determine the state of the SYSVOL. The

    error returned was 0 (The operation completed successfully.). Check

    the FRS event log to see if the SYSVOL has successfully been shared.
    ......................... WIN03R2 passed test frssysvol
    Starting test: frsevent
    * The File Replication Service Event log test
    There are warning or error events within the last 24 hours after the

    SYSVOL has been shared. Failing SYSVOL replication problems may
    cause

    Group Policy problems.
    An Warning Event occured. EventID: 0x800034C4
    Time Generated: 05/14/2007 20:04:01
    (Event String could not be retrieved)
    An Warning Event occured. EventID: 0x800034C4
    Time Generated: 05/14/2007 20:54:16
    (Event String could not be retrieved)
    An Warning Event occured. EventID: 0x800034C4
    Time Generated: 05/14/2007 21:49:37
    (Event String could not be retrieved)
    An Warning Event occured. EventID: 0x800034C5
    Time Generated: 05/15/2007 09:26:59
    (Event String could not be retrieved)
    ......................... WIN03R2 failed test frsevent
    Running enterprise tests on : X.com
    Starting test: Intersite
    Skipping site Default-First-Site-Name, this site is outside the scope

    provided by the command line arguments provided.
    ......................... X.com passed test Intersite
    Starting test: FsmoCheck
    GC Name: \\WIN2000.X.com
    Locator Flags: 0xe00001fc
    PDC Name: \\WIN03R2.X.com
    Locator Flags: 0xe00001fd
    Time Server Name: \\WIN2000.X.com
    Locator Flags: 0xe00001fc
    Preferred Time Server Name: \\WIN2000.X.com
    Locator Flags: 0xe00001fc
    KDC Name: \\WIN2000.X.com
    Locator Flags: 0xe00001fc
    ......................... X.com passed test FsmoCheck
    Test omitted by user request: DNS
    Test omitted by user request: DNS
     
    vvii, May 15, 2007
    #10
  11. vvii

    vvii Guest

    Finally I got the PDC and Infrastructure roles fixed after running the adprep
    /domainprep /gpprep on the WIN03R2.

    The other 3 roles still have to be fix and when I run net share on WIN03R2,
    sysvol and net logon were not on the list.

    For RID role, When I try to transfer the role, I am getting "the requested
    FSMO operation failed. The current FSMO holder could not be contacted"

    As for Schema and Domain Naming roles, the change button was gray out and it
    have ERROR on the cuurent role.

    Thanks.
     
    vvii, May 16, 2007
    #11
  12. Hello,

    Thank you for the update!

    Missing SYSVOL and NETLOGON shares may occur because replication problem
    between DCs. Use Repadmin /showrepl to confirm that Active Directory
    replication. Post the result into newsgroup.

    If the replication is fine, the SYSVOL and NETLOGON shares still can not be
    created. I suggest you refer to the following KB to rebuild the share:
    How to rebuild the SYSVOL tree and its content in a domain
    http://support.microsoft.com/kb/315457/en-us

    Thanks & Regards,

    Mike Luo

    Microsoft Online Partner Support
    Get Secure! - www.microsoft.com/security

    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Mike Luo [MSFT], May 18, 2007
    #12
  13. vvii

    vvii Guest

    repadmin running command /showrepl against server localhost

    Default-First-Site-Name\WIN2003
    DC Options: IS_GC
    Site Options: (none)
    DC object GUID: 6cff8280-0bd8-471f-a412-3bbef5305ec9
    DC invocationID: 62c08448-cfe6-4305-820c-118e37afcb1a

    ==== INBOUND NEIGHBORS =====================
    DC=X,DC=com
    Default-First-Site-Name\WIN2000 via RPC
    DC object GUID: 44735c11-b90c-4824-b540-fc28abb8bd6e
    Last attempt @ 2007-05-18 09:15:03 was successful.

    CN=Configuration,DC=X,DC=com
    Default-First-Site-Name\WIN2000 via RPC
    DC object GUID: 44735c11-b90c-4824-b540-fc28abb8bd6e
    Last attempt @ 2007-05-18 09:07:52 was successful.

    CN=Schema,CN=Configuration,DC=X,DC=com
    Default-First-Site-Name\WIN2000 via RPC
    DC object GUID: 44735c11-b90c-4824-b540-fc28abb8bd6e
    Last attempt @ 2007-05-18 09:01:36 was successful.

    Source: Default-First-Site-Name\WIN2003R2
    ******* 791 CONSECUTIVE FAILURES since 2007-05-09 19:45:56
    Last error: 1722 (0x6ba):
    The RPC server is unavailable.

    Naming Context: CN=Configuration,DC=X,DC=com
    Source: Default-First-Site-Name\WIN03R2
    ******* WARNING: KCC could not add this REPLICA LINK due to error.

    Naming Context: CN=Schema,CN=Configuration,DC=X,DC=com
    Source: Default-First-Site-Name\WIN03R2
    ******* WARNING: KCC could not add this REPLICA LINK due to error.

    Naming Context: DC=X,DC=com
    Source: Default-First-Site-Name\WIN03R2
    ******* WARNING: KCC could not add this REPLICA LINK due to error.
     
    vvii, May 18, 2007
    #13
  14. Hello,

    The result indicates the replication is failed. I suggest you follow these
    steps:
    1. Check the Win2003-R2, make sure the Windows Firewall is turned off.
    2. Check if third party firewall is installed on Win2003-R2, if so, please
    unistall the firewall.
    3. Start up into safe more with network, ping the DNS name and IP of
    Win2003-R2 from Win2000, to verify the network connectivity.

    Thanks & Regards,

    Mike Luo

    Microsoft Online Partner Support
    Get Secure! - www.microsoft.com/security

    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Mike Luo [MSFT], May 21, 2007
    #14
  15. vvii

    vvii Guest

    After I un-installed McAfee VirusScan on WIN03R2 server, everything seems to
    be resloved. However, I still could not transfer the schema master role to
    other server, although it allow me to press the CHANGE button, but the target
    server always show WIN03R2. Is there some other I have to do in-order for me
    to transfer the schema master role?

    On the other hand, I am getting at least 20 of this message:

    The Record is different on DNS server '192.168.1.2'.
    DNS server has more than one entries for this name, usually this means there
    are multiple DCs for this domain.
    Your DC entry is one of them on DNS server '192.168.1.2', no need to
    re-register.

    After I ran the command: netdiag /v, here is partial of the output:

    +------------------------------------------------------+
    The record on your DC is:
    DNS NAME = X.com.
    DNS DATA =
    A 192.168.1.4

    The record on DNS server 192.168.1.2 is:
    DNS NAME = X.com
    DNS DATA =
    A 192.168.1.4
    A 192.168.1.7
    A 192.168.1.2
    A 192.168.1.70
    +------------------------------------------------------+

    The Record is different on DNS server '192.168.1.2'.
    DNS server has more than one entries for this name, usually this means there
    are multiple DCs for this domain.
    Your DC entry is one of them on DNS server '192.168.1.2', no need to
    re-register.

    +------------------------------------------------------+
    The record on your DC is:
    DNS NAME = _ldap._tcp.X.com.
    DNS DATA =
    SRV 0 100 389 WIN03.X.com.

    The record on DNS server 192.168.1.2 is:
    DNS NAME = _ldap._tcp.X.com
    DNS DATA =
    SRV 0 100 389 WIN03R2.X.com
    SRV 0 100 389 WIN2003.X.com
    SRV 0 100 389 WIN2000.X.com
    +------------------------------------------------------+

    The Record is different on DNS server '192.168.1.2'.
    DNS server has more than one entries for this name, usually this means there
    are multiple DCs for this domain.
    Your DC entry is one of them on DNS server '192.168.1.2', no need to
    re-register.

    +------------------------------------------------------+
     
    vvii, May 22, 2007
    #15
  16. Hello,

    You need to logon to the target DC, then you can change Schema role to the
    other DC. Or, you may logon to the current Schema role, then follow these
    steps:

    1. In the console tree, right-click Active Directory Schema, and then click
    Change Domain Controller.
    2. Click Specify Name, type the name of the domain controller that will be
    the new role holder, and then click OK.
    3. In the console tree, right-click Active Directory Schema, and then click
    Operations Master.
    4. Click Change.
    5. Click OK to confirm that you want to transfer the role, and then click
    Close.

    Thanks & Regards,

    Mike Luo

    Microsoft Online Partner Support
    Get Secure! - www.microsoft.com/security

    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Mike Luo [MSFT], May 23, 2007
    #16
  17. vvii

    vvii Guest

    Thanks for tons Mike.

    Now everything have been resolved !!!
     
    vvii, May 23, 2007
    #17
  18. Thank you for the confirm. Glad to know that everyting is OK now.

    If you need more help or have other concerns in the future, just post back
    into the newsgroup. It is always our pleasure to be of help. Have a nice
    day!

    Mike Luo

    Microsoft Online Partner Support
    Get Secure! - www.microsoft.com/security

    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Mike Luo [MSFT], May 24, 2007
    #18
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.