Exchange 2000 will not boot in a Server 03 domain

For some reason my Exchange 2000 box won't get past "applying computer settings" in my 2003 domain unless the 'old' 2000 DC is also active. SA fails to start up and the event viewer is chock full of vague errors.

Some background....Planning a migration to 2003, Exchange and Domain. I've set up a lab to test. I've copied my production AD and EX databases (a couple of small ones). After some heartache, the 2000 domain environment worked like a charm. I then successfully migrated the domain to 2003 and the following are done:

- Delt with the Exchange mangled attributes bug and THEN ran adprep from the 2003 disc.
- transferred all the roles to the new 2003 DC. it is now the Operations Master. Confirmed with a clean DCDIAG + NETDIAG and AD Domains & Trusts GUI....FRS is good to go. Event Viewer is clean.
- made the 2003 DC a GC and removed GC from the 2000 DC after waiting about 30 minutes.
- Unauthorized DHCP on the 2000 DC
- modified the Recipient Update Services in Exchange to point to the new 2003 DC Operations Master (OM)
- Changed the Directory Access in the server properties of Exchange to point to ONLY the new 2003 DC.
- Reinstalled the 2000 ADC on the 2003 DC. Didn't make much sense to use the 2003 ADC since i'm at that point yet.

The Exchange 2000 box will only boot if the 'old' 2000 DC is up. If i turn it off, it won't come up. If i dcpromo the 2000 box, Exchange STILL won't come up. Site name, ORG name, etc... is all the same in the ADC when comparing the 2003 ADC to the 2000 ADC. ADSI edit confirmed LDAPname... the same as my production environment which is why the Store even came up...I understand that Exchange cannot be 'moved' to a new domain, but this is the SAME domain, only upgraded. Am i doomed with a Microsoft bug forcing me to rebuild the impossible (for me anyway)? Or am i lucky and just missed a step? I have until Friday to present my migration plan...God i love I.T.!
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I don't think a rebuild is necessary.

It's very likely that Exchange is still trying to use the 2000 DC as a Global Catalog.  

Try stopping Exchange gracefully.
Go into DNS a remove ALL traces of the 2000 server from ALL containers in ALL zones.
Make sure there are no machines on the LAN pointing at the old server for DNS either.
Since this was an upgrade, I'm going to assume the _msdcs container is inside the domain.local container - is this correct?
If so, create a new Primary Forward Lookup zone for "_msdcs.domain.local" as a top-level zone.  Make it AD Integrated and set the replication scope for all DNS servers in the Forest.
Restart Netlogon services on all DCs - make sure the SRV records exist inside the new zone.
Also note that there will now be a "referral" record inside the domain.local zone now that points to the parent and that all the records now exist outside the domain.local zone.

Reboot the Exchange server (no need to restart Exchange services manually, they will restart on reboot).

Let us know.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
logicworkzAuthor Commented:
"Go into DNS a remove ALL traces of the 2000 server from ALL containers in ALL zones."

Does this mean remove DNS from the 2000 DC?

_msdcs contianer is in the the local domain zone. SVR records show both DCs in there. FQDNs are correct. I just switched the Replication Scope to "all DNS in AD forest." After my initial post i began to snoop around and found that in the event viewer for my exchange server and found:

"The system failed to register pointer(PTR) resource records (RRs) for network adapter...." DNS is screwy. So i ran DCDIAG /test:DNS and it looks like the DNS on my 2003 DC is forwarding the lookup for the local adapter to the root servers. Obviously it shouldn't be. I'm getting an Event ID:2088 stating that "Active Directory could not use DNS to resolve the IP address of the source domain controller listed below." It lists the HEX for the 2000 DC...Do i care since i will be demoting it?

The strangest part is that DNS is functioning normally otherwise. I can nslookup the local server without error. The one workstation i have on this network using the 2003 DC DNS can ping anything by name. DNS event viewer is clean...

So i ran netdiag on the exchange server to determine my domain secure connection and sure enough it's pointing to the old 2000 DC. I reset it with NLTEST /SC_RESET. Also changed my DNS and WINS to point to the new server. ( i know, bonehead mistake) and i reboot.
logicworkzAuthor Commented:
So exchange functions fine after the reboot. Eureka! But my DNS is still malfunctioning.
So i removed all traces of the 2000 DC from DNS using the 2003 DC snap-in and rebooted - as per netman. I have a new DNS error now and my event id 2088 still exists. I'm demoting the 2000 DC and see if that removes all traces. ADSI edit after that...
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

logicworkzAuthor Commented:
two reboots of  exchange and new more serious error has arisen. NetDiag is reporting "FATAL:Kerboros does not have a ticket for <ExchangeServerName>"
OK, you need to take all this slow and easy.  You've made a pile of changes that take some time to work themselves out of AD.

You can remove DNS from the 2000 Server, yes.  Just point it at the other DC running DNS.  Do not yet DCPROMO the 2000 server yet.

Where are you at right now?  Stop whatever you are doing and tell me what you've done so I can instruct you properly.

logicworkzAuthor Commented:
ok. Good thing i have images of all the servers LOL. Unfortunately i've been at this for 8 days and i'm becoming impatient. Please bare with me.

DCpromo ADSI led the way. Not ideal but i removed the old 2000 DC from FRS sites, Domain Controllers in Users and Comps, and from all containers in DNS. Rebooted. The directory service NTDS error is gone from the 2003 OM DC. In fact there's not one error in the event viewer.

DCDIAG /test:dns still fails and the NETDIAG kerberos ticket issue remains. Outlook client connects and can SEND/RECEIVE. DCDIAG alone runs clean. 2000 DC shut down. I've got to take my kids to go see a puppy. Maybe AD will work itself out by the time i get back? ;) Thanks for all your help netman. I hope you can figure this out. I won't make anymore changes until i hear back from you.
Alright, this much is good.

It's late here so I'll leave you with this info until I get back tomorrow.

1)  Check the new DC for what it think's are all the FSMO role holders and the GC.  You need to make sure it knows this much correctly.
2)  In DNS, under the _msdcs container should be subcontainers for: dc, domains, gc, and pdc - the SRV records for one server would be like so:

                                                 _kerberos       Service Location (SRV)  [0][100][88] your fqdn of server
                                                 _ldap     Service Location (SRV)  [0][100][389] your fqdn of server

            _kerberos       Service Location (SRV)  [0][100][88] your fqdn of server
            _ldap     Service Location (SRV)  [0][100][389] your fqdn of server

             {domain GUID}
                                     _ldap     Service Location (SRV)  [0][100][389] your fqdn of server

                                                 _ldap     Service Location (SRV)  [0][100][389] your fqdn of server

         _ldap     Service Location (SRV)  [0][100][389] your fqdn of server

           _ldap     Service Location (SRV)  [0][100][389] your fqdn of server

3)  Make sure all Services on the new server that are set to Automatic are actually started.

Let us know.
logicworkzAuthor Commented:
1) dont' know how to check FSMO holders except for DCDIAG, which runs clean. According to AD domains&trusts, my new DC is the OM. Checked Sites&Services and confirmed that my new server is indeed the GC.

2) all is where it should be

NETDIAG returns the follwoing errors:

NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.

 WINS service test. . . . . : Failed
     The test failed.  We were unable to query the WINS servers.

WINS service is running. MMC snap show green arrow and i can display the current "Active Registrations" without issue. My adapter had WINS configured to the local IP address - i changed it to the loopback but that didn't help. DNS test still failing.
How many interfaces on this server?

The ADC is not necessary this is normally for Ex 5.5 orgs to sync up with AD and the Exchange directory.

Make sure that NetBIOS over TCP/IP is enabled on the NIC.  It's on the Advanced properties of TCP/IP>WINS tab.

If you have 2 NICs, then the internal NIC should be at the top of the binding order.

logicworkzAuthor Commented:
Kerberos Ticket error worked itself out overnight...AD is alive i swear :)
logicworkzAuthor Commented:
i have only one interface, Dlink DGE-530T Gig. NetBIOS over TCP was not enabled. let's wait a half hour or so and see if that resolves anything.

I thought as much about the ADC. Thanks for confirming. This means i won't need to install the 2003 ADC when i do Exchange 2003???
logicworkzAuthor Commented:
since my original query has been answered i will close this and open another for my Exchange 2003 misadventures. Many thanks to netman!
Glad to help.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.