The specified domain either dose not exists or could not be contacted. (0x8007054B)

Discussion in 'Active Directory' started by polilop, Nov 4, 2009.

  1. polilop

    polilop Guest

    I have a 2003 r2 "dnsprivate" on my private network which is an active
    directory with a domain name "domain.com" ip adress 192.168.10.10
    i allso have a public domain "domain.com" ip 213.147.112.xxx
    Now i added a new server "dnslocal" 2008 SP2 on which i setup an Active
    directory with a domain "domain.local" ip adress 192.168.10.15
    and tried, with ADMT to migrate users from domain.com to domain.local but
    got stuck on the password export server, when i ran the command "admt key
    /opt:create /sd:domain.com /kf:c:\domain.com.pes /pwd * "
    i get
    "Unable to generate encryption key. The specified domain either dose not
    exists or could not be contacted. (0x8007054B)"
    Then i read that i have to creat a trust between the two DC's and found this
    "http://araihan.wordpress.com/2009/08/05/how-to-create-an-external-trust-between-two-domains/"
    after creating the trust, all is the same, whenever i try to ping
    domain.com from dnslocal i get the public ip adress.
    Then i added the private ip of domain.com (192.168.10.10) to the host file
    of dnslocal so now when i ping domain.com i get the internal domain adress
    (192.168.10.10) but still when trying to run admt i get the same message.
     
    polilop, Nov 4, 2009
    #1
    1. Advertisements

  2. Hello polilop,

    Please lets clarify what are you trying to achive at the end? A complete
    new domain with different domain name or do you like to keep the existing
    domain name and just upgrade/add a 2008 DC to the existing domain?

    Best regards

    Meinolf Weber
     
    Meinolf Weber [MVP-DS], Nov 4, 2009
    #2
    1. Advertisements

  3. polilop

    polilop Guest

    This is a complete new domain with different domain name.
    (local/private network)
    old domain name is : domain.com server 2003 R2 32bit name: eg dcold
    new domain named: domain.local server 2008 sp2 64bit name: eg dcnew

    (public)
    I allso have a public domain named: domain.local

    I resolved my problem below by adding the dcold to forwarders on dcnew, now
    i can generate the encryption key

    but when i go to the active directory migtration tool, User Account
    migration wizard
    for the source and target i only get to choose "domain" for which i get to
    choose the Domain controller: dcnew
    I cannot see the domain.com and dcold in the list?
     
    polilop, Nov 4, 2009
    #3
  4. Howdie!
    That's because you may be redirected to the _public_ domain domain.local
    that resolves to some webserver on the internet. I would test-wise
    remove forwarders to the public domain.local domain and see whether
    things run smoothly then.

    Although you can configure things to run in this situation, Microsoft
    doesn't recommend doing that:
    http://technet.microsoft.com/en-us/library/cc738121(WS.10).aspx

    Cheers,
    Florian
    --
    Microsoft MVP - Group Policy
    eMail: prename [at] frickelsoft [dot] net.
    blog: http://www.frickelsoft.net/blog.
    ANY advice you get on the Newsgroups should be tested thoroughly in your
    lab.
     
    Florian Frommherz [MVP], Nov 4, 2009
    #4
  5. polilop

    polilop Guest


    I am sorry i mistyped: the _public_ domain is domain.com (the purpose of
    this action is to get rid of
    the old domain controller which domain name is the same as the public
    domain)
    so i think that the forwarders are ok as now i can create the key, my only
    problem is:
    when i go to the active directory migtration tool, User Account
    migration wizard
    for the source and target i only get to choose from the drop down list
    "domain" for which i get
    to choose the Domain controller: \\dcnew
    and the domain.com and \\dcold are nowhere on the list ?
     
    polilop, Nov 4, 2009
    #5
  6. polilop

    polilop Guest

    As this is a new problem not refferd by the title of this thread, i will
    post it into a new thread.
    Thank you for your help

     
    polilop, Nov 5, 2009
    #6
  7. Hello polilop,

    For the trust between the domains you need a correct DNS setup. Either use
    conditional forwarders on BOTH sites of the trust or stub zones.

    Best regards

    Meinolf Weber


     
    Meinolf Weber [MVP-DS], Nov 5, 2009
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.