Problem with migrating SIDs

Discussion in 'Server Migration' started by Mirco Wilhelm, Apr 9, 2008.

  1. Hi,

    one of my problems, migrating this domain yesterday had been DNS resolution
    which I could finally solve last night. Today it doesn't seem to work...
    again.

    When trying to migrate user account I get the following message on the SID
    page of the migration wizard:

    "Could not verify auditing and TcpipClientSupport on domains. Will not be
    able to migrate SID's. The specified domain either does not exist or could
    not be contacted."

    Since I've known this error from previous migrations, I checked all
    necessary setting on the domain controllers and they all are as required by
    the manual (DomainMig.chm), but the error doesn't disappear.

    Using nslookup I can resolve all domain controllers of the source and the
    target domain from both sides.

    Did I miss anything?
     
    Mirco Wilhelm, Apr 9, 2008
    #1
    1. Advertisements

  2. Mirco Wilhelm

    Morgan che Guest

    Hi,

    Thanks for posting here.

    For the error message "Could not verify auditing and TcpipClientSupport on
    domains. Will not be able to migrate SID's. The specified domain either
    does not exist or could not be contacted.", it's probably caused by the
    following factors:

    1). TcpipClientSupport is not enabled and set to 1 on the source DC.

    2). Account Management Audit was not enabled on either the source domain or
    the target domain.

    3). Networking or DNS issue that caused domain resolution failure.

    Suggestion:
    ========

    <1> To enable "TcpipClientSupport", please do the following:

    1). While you are logged on to the PDC in the source domain, click Start,
    and then click Run.

    2). In Open, type regedit, and then click OK.

    3). In Registry Editor, navigate to the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA

    4). On the Edit menu, point to New, and then click DWORD Value.

    5). Type TcpipClientSupport in the name field, and then press ENTER.

    6). Double-click TcpipClientSupport.

    7). In Value data, type 1, and then click OK.

    8). Close Registry Editor, and then restart the computer.

    <2> To enable Audit on both DCs, please modify the Default domain
    Controller Policy as below:

    1). Log on as an administrator to any computer in the target domain.

    2). Click Start, point to All Programs, point to Administrative Tools, and
    then
    Click Active Directory Users and Computers.

    3). In the console tree, double-click the domain, right-click the Domain
    Controllers OU, and then click Properties.

    4). On the Group Policy tab, click Default Domain Controllers Policy, and
    then
    click Edit.

    5). Double-click Computer Configuration, double-click Windows Settings,
    double-click Security Settings, double-click Local Policies, and then click
    Audit Policy.

    6). Double-click Audit account management, and then select both the Success
    and
    Failure check boxes.

    7). Click Apply, and then click OK.

    8). Wait till the policy replicated to all DCs, then on DCs, run 'gpupdate
    /force' on the DCs to apply the policy.

    <3> For networking or DNS issues, please check run Dcdiag and Netdiag to
    test the network.

    For more information, about Dcdiag and Netdiag, you can refer to:

    Dcdiag Overview:
    http://technet2.microsoft.com/WindowsServer/en/library/f7396ad6-0baa-4e66-8d
    18-17f83c5e4e6c1033.mspx?mfr=true

    How to use Netdiag to test networking connectivity:
    http://support.microsoft.com/kb/321708/

    After performing the above steps, if this issue still persists, please get
    back to me with following information:

    1) what migration scenario you are involved in : from Windows Server 2000
    to 2003 or whatever?

    2) please also send me the latest migration log file as well as output of
    Netdiag /v and Dcdiag /e via
    .


    More information
    ===================

    ADMT v3 Migration Guide
    http://www.microsoft.com/downloads/details.aspx?familyid=D99EF770-3BBB-4B9E-
    A8BC-01E9F7EF7342&displaylang=en

    How to use Active Directory Migration Tool version 2 to migrate from
    Windows 2000 to Windows Server 2003
    http://support.microsoft.com/kb/326480/en-us

    I hope this helps. If anything is unclear, please feel free to post back.

    Have a nice day!



    Sincerely
    Morgan Che
    Microsoft Online Support
    Microsoft Global Technical Support Center

    Get Secure! - www.microsoft.com/security
    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.


    --------------------
    --->From: "Mirco Wilhelm" <>
    --->Subject: Problem with migrating SIDs
    --->Date: Wed, 9 Apr 2008 09:42:12 +0200
    --->Lines: 25
    --->Message-ID: <>
    --->MIME-Version: 1.0
    --->Content-Type: text/plain;
    ---> format=flowed;
    ---> charset="iso-8859-1";
    ---> reply-type=original
    --->Content-Transfer-Encoding: 7bit
    --->X-Priority: 3
    --->X-MSMail-Priority: Normal
    --->X-Newsreader: Microsoft Windows Mail 6.0.6001.18000
    --->X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18000
    --->X-MS-CommunityGroup-MessageCategory:
    {E4FCE0A9-75B4-4168-BFF9-16C22D8747EC}
    --->X-MS-CommunityGroup-PostID: {BA3E99CE-39ED-4CBE-938D-7ABC49A0DBF0}
    --->Newsgroups: microsoft.public.windows.server.migration
    --->Path: TK2MSFTNGHUB02.phx.gbl
    --->Xref: TK2MSFTNGHUB02.phx.gbl
    microsoft.public.windows.server.migration:3377
    --->NNTP-Posting-Host: TK2MSFTNGHUB02.phx.gbl 127.0.0.1
    --->X-Tomcat-NG: microsoft.public.windows.server.migration
    --->
    --->Hi,
    --->
    --->one of my problems, migrating this domain yesterday had been DNS
    resolution
    --->which I could finally solve last night. Today it doesn't seem to
    work...
    --->again.
    --->
    --->When trying to migrate user account I get the following message on the
    SID
    --->page of the migration wizard:
    --->
    --->"Could not verify auditing and TcpipClientSupport on domains. Will not
    be
    --->able to migrate SID's. The specified domain either does not exist or
    could
    --->not be contacted."
    --->
    --->Since I've known this error from previous migrations, I checked all
    --->necessary setting on the domain controllers and they all are as
    required by
    --->the manual (DomainMig.chm), but the error doesn't disappear.
    --->
    --->Using nslookup I can resolve all domain controllers of the source and
    the
    --->target domain from both sides.
    --->
    --->Did I miss anything?
    --->
    --->---
    --->mirco
    --->
    --->
     
    Morgan che, Apr 9, 2008
    #2
    1. Advertisements

  3. Actually we had to rebuilt the trust relationship, although all diagnostics
    said it was functional.

    As I posted we had already tried everything from the manual and
    troubleshooting guides.
     
    Mirco Wilhelm, Apr 9, 2008
    #3
  4. Mirco Wilhelm

    Morgan che Guest

    Hi,

    How are you?

    I am writing to see if you have any update about this post. If you
    encounter any difficulty and need assistance, please feel free to let me
    know.

    Have a good day!
    Sincerely
    Morgan Che
    Microsoft Online Support
    Microsoft Global Technical Support Center

    Get Secure! - www.microsoft.com/security
    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.


    --------------------
    --->From: "Mirco Wilhelm" <>
    --->References: <>
    <>
    --->In-Reply-To: <>
    --->Subject: Re: Problem with migrating SIDs
    --->Date: Wed, 9 Apr 2008 13:17:29 +0200
    --->Lines: 197
    --->Message-ID: <>
    --->MIME-Version: 1.0
    --->Content-Type: text/plain;
    ---> format=flowed;
    ---> charset="iso-8859-1";
    ---> reply-type=original
    --->Content-Transfer-Encoding: 7bit
    --->X-Priority: 3
    --->X-MSMail-Priority: Normal
    --->X-Newsreader: Microsoft Windows Mail 6.0.6001.18000
    --->X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18000
    --->X-MS-CommunityGroup-PostID: {9793E644-DD68-4E73-A997-0137CBDF1E4B}
    --->X-MS-CommunityGroup-ThreadID: 4CE50131-C1CD-436B-B181-3C7C774FECA8
    --->X-MS-CommunityGroup-ParentID: 89CFA89B-1AD4-466D-9692-55B848AB03DD
    --->Newsgroups: microsoft.public.windows.server.migration
    --->Path: TK2MSFTNGHUB02.phx.gbl
    --->Xref: TK2MSFTNGHUB02.phx.gbl
    microsoft.public.windows.server.migration:3379
    --->NNTP-Posting-Host: TK2MSFTNGHUB02.phx.gbl 127.0.0.1
    --->X-Tomcat-NG: microsoft.public.windows.server.migration
    --->
    --->Actually we had to rebuilt the trust relationship, although all
    diagnostics
    --->said it was functional.
    --->
    --->As I posted we had already tried everything from the manual and
    --->troubleshooting guides.
    --->
    --->---
    --->mirco
    --->
    Newsbeitrag
    --->--->> Hi,
    --->>
    --->> Thanks for posting here.
    --->>
    --->> For the error message "Could not verify auditing and
    TcpipClientSupport on
    --->> domains. Will not be able to migrate SID's. The specified domain
    either
    --->> does not exist or could not be contacted.", it's probably caused by
    the
    --->> following factors:
    --->>
    --->> 1). TcpipClientSupport is not enabled and set to 1 on the source DC.
    --->>
    --->> 2). Account Management Audit was not enabled on either the source
    domain
    --->> or
    --->> the target domain.
    --->>
    --->> 3). Networking or DNS issue that caused domain resolution failure.
    --->>
    --->> Suggestion:
    --->> ========
    --->>
    --->> <1> To enable "TcpipClientSupport", please do the following:
    --->>
    --->> 1). While you are logged on to the PDC in the source domain, click
    Start,
    --->> and then click Run.
    --->>
    --->> 2). In Open, type regedit, and then click OK.
    --->>
    --->> 3). In Registry Editor, navigate to the following registry subkey:
    --->> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA
    --->>
    --->> 4). On the Edit menu, point to New, and then click DWORD Value.
    --->>
    --->> 5). Type TcpipClientSupport in the name field, and then press ENTER.
    --->>
    --->> 6). Double-click TcpipClientSupport.
    --->>
    --->> 7). In Value data, type 1, and then click OK.
    --->>
    --->> 8). Close Registry Editor, and then restart the computer.
    --->>
    --->> <2> To enable Audit on both DCs, please modify the Default domain
    --->> Controller Policy as below:
    --->>
    --->> 1). Log on as an administrator to any computer in the target domain.
    --->>
    --->> 2). Click Start, point to All Programs, point to Administrative
    Tools, and
    --->> then
    --->> Click Active Directory Users and Computers.
    --->>
    --->> 3). In the console tree, double-click the domain, right-click the
    Domain
    --->> Controllers OU, and then click Properties.
    --->>
    --->> 4). On the Group Policy tab, click Default Domain Controllers Policy,
    and
    --->> then
    --->> click Edit.
    --->>
    --->> 5). Double-click Computer Configuration, double-click Windows
    Settings,
    --->> double-click Security Settings, double-click Local Policies, and then
    --->> click
    --->> Audit Policy.
    --->>
    --->> 6). Double-click Audit account management, and then select both the
    --->> Success
    --->> and
    --->> Failure check boxes.
    --->>
    --->> 7). Click Apply, and then click OK.
    --->>
    --->> 8). Wait till the policy replicated to all DCs, then on DCs, run
    'gpupdate
    --->> /force' on the DCs to apply the policy.
    --->>
    --->> <3> For networking or DNS issues, please check run Dcdiag and Netdiag
    to
    --->> test the network.
    --->>
    --->> For more information, about Dcdiag and Netdiag, you can refer to:
    --->>
    --->> Dcdiag Overview:
    --->>
    http://technet2.microsoft.com/WindowsServer/en/library/f7396ad6-0baa-4e66-8d
    --->> 18-17f83c5e4e6c1033.mspx?mfr=true
    --->>
    --->> How to use Netdiag to test networking connectivity:
    --->> http://support.microsoft.com/kb/321708/
    --->>
    --->> After performing the above steps, if this issue still persists,
    please get
    --->> back to me with following information:
    --->>
    --->> 1) what migration scenario you are involved in : from Windows Server
    2000
    --->> to 2003 or whatever?
    --->>
    --->> 2) please also send me the latest migration log file as well as
    output of
    --->> Netdiag /v and Dcdiag /e via
    --->> .
    --->>
    --->>
    --->> More information
    --->> ===================
    --->>
    --->> ADMT v3 Migration Guide
    --->>
    http://www.microsoft.com/downloads/details.aspx?familyid=D99EF770-3BBB-4B9E-
    --->> A8BC-01E9F7EF7342&displaylang=en
    --->>
    --->> How to use Active Directory Migration Tool version 2 to migrate from
    --->> Windows 2000 to Windows Server 2003
    --->> http://support.microsoft.com/kb/326480/en-us
    --->>
    --->> I hope this helps. If anything is unclear, please feel free to post
    back.
    --->>
    --->> Have a nice day!
    --->>
    --->>
    --->>
    --->> Sincerely
    --->> Morgan Che
    --->> Microsoft Online Support
    --->> Microsoft Global Technical Support Center
    --->>
    --->> Get Secure! - www.microsoft.com/security
    --->> =====================================================
    --->> When responding to posts, please "Reply to Group" via your newsreader
    so
    --->> that others may learn and benefit from your issue.
    --->> =====================================================
    --->> This posting is provided "AS IS" with no warranties, and confers no
    --->> rights.
    --->>
    --->>
    --->> --------------------
    --->> --->From: "Mirco Wilhelm" <>
    --->> --->Subject: Problem with migrating SIDs
    --->> --->Date: Wed, 9 Apr 2008 09:42:12 +0200
    --->> --->Lines: 25
    --->> --->Message-ID: <>
    --->> --->MIME-Version: 1.0
    --->> --->Content-Type: text/plain;
    --->> ---> format=flowed;
    --->> ---> charset="iso-8859-1";
    --->> ---> reply-type=original
    --->> --->Content-Transfer-Encoding: 7bit
    --->> --->X-Priority: 3
    --->> --->X-MSMail-Priority: Normal
    --->> --->X-Newsreader: Microsoft Windows Mail 6.0.6001.18000
    --->> --->X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18000
    --->> --->X-MS-CommunityGroup-MessageCategory:
    --->> {E4FCE0A9-75B4-4168-BFF9-16C22D8747EC}
    --->> --->X-MS-CommunityGroup-PostID: {BA3E99CE-39ED-4CBE-938D-7ABC49A0DBF0}
    --->> --->Newsgroups: microsoft.public.windows.server.migration
    --->> --->Path: TK2MSFTNGHUB02.phx.gbl
    --->> --->Xref: TK2MSFTNGHUB02.phx.gbl
    --->> microsoft.public.windows.server.migration:3377
    --->> --->NNTP-Posting-Host: TK2MSFTNGHUB02.phx.gbl 127.0.0.1
    --->> --->X-Tomcat-NG: microsoft.public.windows.server.migration
    --->> --->
    --->> --->Hi,
    --->> --->
    --->> --->one of my problems, migrating this domain yesterday had been DNS
    --->> resolution
    --->> --->which I could finally solve last night. Today it doesn't seem to
    --->> work...
    --->> --->again.
    --->> --->
    --->> --->When trying to migrate user account I get the following message
    on the
    --->> SID
    --->> --->page of the migration wizard:
    --->> --->
    --->> --->"Could not verify auditing and TcpipClientSupport on domains.
    Will not
    --->> be
    --->> --->able to migrate SID's. The specified domain either does not exist
    or
    --->> could
    --->> --->not be contacted."
    --->> --->
    --->> --->Since I've known this error from previous migrations, I checked
    all
    --->> --->necessary setting on the domain controllers and they all are as
    --->> required by
    --->> --->the manual (DomainMig.chm), but the error doesn't disappear.
    --->> --->
    --->> --->Using nslookup I can resolve all domain controllers of the source
    and
    --->> the
    --->> --->target domain from both sides.
    --->> --->
    --->> --->Did I miss anything?
    --->> --->
    --->> --->---
    --->> --->mirco
    --->> --->
    --->> --->
    --->>
    --->
    --->
     
    Morgan che, Apr 11, 2008
    #4
  5. Mirco Wilhelm

    Amal

    Joined:
    May 27, 2013
    Messages:
    1
    Likes Received:
    0
    possible solution

    I managed to fix this by using WireShark.
    I captured packets while running ADMT and filtered traffic between the two DCs (source and target). I managed to spot the DNS issue and fixed it my manually adding a missing record to the source domain DNS.
     
    Amal, May 27, 2013
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.