Windows 2003 SBS sp1 domain with Secondary DC loses Global Catalog when SBS is shut off or DNS is off on PDC
I had a Windows SBS 2003 sp1 server running our domain. I added a Windows 2003 R2 x64 EE server as a DC, and Global Catalog, with Exchange 2007. I have configured DNS on the second DC, and configured as AD Integrated. My goal is to DCPROMO SBS, and remove it from the domain.
I am experiencing issues when I shut DNS off on SBS DC, or power off the SBS DC. Exchange and other services cannot find a Global Catalog server. I could use some help figuring out why GC becomes unreachable, and also getting SBS properly DCPROMO out of the domain.
Thanks in Advance for any help.
I am experiencing issues when I shut DNS off on SBS DC, or power off the SBS DC. Exchange and other services cannot find a Global Catalog server. I could use some help figuring out why GC becomes unreachable, and also getting SBS properly DCPROMO out of the domain.
Thanks in Advance for any help.
Well, you've gone about it without regard to SBS's and Exchange Server 2007's functionality needs.
There is a very well written how-to for adding Exchange 2007 to a current SBS 2003 domain here:
http://www.msexchange.org/tutorials/Installing-Exchange-2007-Small-Business-Server-2003-domain-Part1.html
http://www.msexchange.org/tutorials/Installing-Exchange-2007-Small-Business-Server-2003-domain-Part2.html
Part of this process is to make the new server a GC server as well.
Then, you will need to seize all the FSMO roles from SBS per http://support.microsoft.com/kb/255504
Then, you will need to uninstall Exchange Server 2003 on SBS so that can be removed from the domain.
After that, you might be able to DCPROMO it out of the domain but if it fails, you will have to do a DC Cleanup following: http://support.microsoft.com/kb/216498
Jeff
TechSoEasy
There is a very well written how-to for adding Exchange 2007 to a current SBS 2003 domain here:
http://www.msexchange.org/tutorials/Installing-Exchange-2007-Small-Business-Server-2003-domain-Part1.html
http://www.msexchange.org/tutorials/Installing-Exchange-2007-Small-Business-Server-2003-domain-Part2.html
Part of this process is to make the new server a GC server as well.
Then, you will need to seize all the FSMO roles from SBS per http://support.microsoft.com/kb/255504
Then, you will need to uninstall Exchange Server 2003 on SBS so that can be removed from the domain.
After that, you might be able to DCPROMO it out of the domain but if it fails, you will have to do a DC Cleanup following: http://support.microsoft.com/kb/216498
Jeff
TechSoEasy
ASKER
The secondary DC is set as a GC correctly. I have had exchange 2007 running properly for over 3 months. I am trying to remove the SBS system from the domain now.
here is the output from dcdiag:
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\james>dcdiag
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\VE
Starting test: Connectivity
......................... VESTA passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\VE
Starting test: Replications
......................... VESTA passed test Replications
Starting test: NCSecDesc
......................... VESTA passed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\VESTA\netlogon)
[VESTA] An net use or LsaPolicy operation failed with error 1203, No ne
twork provider accepted the given network path..
......................... VESTA failed test NetLogons
Starting test: Advertising
Warning: DsGetDcName returned information for \\vulcan.InBalhq.local, w
hen we were trying to reach VESTA.
Server is not responding or is not considered suitable.
......................... VESTA failed test Advertising
Starting test: KnowsOfRoleHolders
......................... VESTA passed test KnowsOfRoleHolders
Starting test: RidManager
......................... VESTA passed test RidManager
Starting test: MachineAccount
......................... VESTA passed test MachineAccount
Starting test: Services
......................... VESTA passed test Services
Starting test: ObjectsReplicated
......................... VESTA passed test ObjectsReplicated
Starting test: frssysvol
......................... VESTA passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... VESTA failed test frsevent
Starting test: kccevent
......................... VESTA passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000457
Time Generated: 09/27/2007 20:51:38
(Event String could not be retrieved)
......................... VESTA failed test systemlog
Starting test: VerifyReferences
......................... VESTA passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : InBalhq
Starting test: CrossRefValidation
......................... InBalhq passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... InBalhq passed test CheckSDRefDom
Running enterprise tests on : InBalhq.local
Starting test: Intersite
......................... InBalhq.local passed test Intersite
Starting test: FsmoCheck
......................... InBalhq.local passed test FsmoCheck
here is the output from dcdiag:
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\james>dcdiag
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\VE
Starting test: Connectivity
......................... VESTA passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\VE
Starting test: Replications
......................... VESTA passed test Replications
Starting test: NCSecDesc
......................... VESTA passed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\VESTA\netlogon)
[VESTA] An net use or LsaPolicy operation failed with error 1203, No ne
twork provider accepted the given network path..
......................... VESTA failed test NetLogons
Starting test: Advertising
Warning: DsGetDcName returned information for \\vulcan.InBalhq.local, w
hen we were trying to reach VESTA.
Server is not responding or is not considered suitable.
......................... VESTA failed test Advertising
Starting test: KnowsOfRoleHolders
......................... VESTA passed test KnowsOfRoleHolders
Starting test: RidManager
......................... VESTA passed test RidManager
Starting test: MachineAccount
......................... VESTA passed test MachineAccount
Starting test: Services
......................... VESTA passed test Services
Starting test: ObjectsReplicated
......................... VESTA passed test ObjectsReplicated
Starting test: frssysvol
......................... VESTA passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... VESTA failed test frsevent
Starting test: kccevent
......................... VESTA passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000457
Time Generated: 09/27/2007 20:51:38
(Event String could not be retrieved)
......................... VESTA failed test systemlog
Starting test: VerifyReferences
......................... VESTA passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : InBalhq
Starting test: CrossRefValidation
......................... InBalhq passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... InBalhq passed test CheckSDRefDom
Running enterprise tests on : InBalhq.local
Starting test: Intersite
......................... InBalhq.local passed test Intersite
Starting test: FsmoCheck
......................... InBalhq.local passed test FsmoCheck
I see failures
let me mention that i dont have a lot of knowledge of SBS so check into what techsoeasy suggests.
However i do see some erros listed in dcdiag that i would get resolved.
I dont like this, it looks like its trying to reach vesta and getting vulcan..............any idea why? is vulcan the other dc or an old dc?
Starting test: Advertising
Warning: DsGetDcName returned information for \\vulcan.InBalhq.local, w
hen we were trying to reach VESTA.
However i do see some erros listed in dcdiag that i would get resolved.
I dont like this, it looks like its trying to reach vesta and getting vulcan..............any idea why? is vulcan the other dc or an old dc?
Starting test: Advertising
Warning: DsGetDcName returned information for \\vulcan.InBalhq.local, w
hen we were trying to reach VESTA.
ASKER
vulcan is the SBS DC. I am not sure whats going on there.
I also tried to run DCPROMO to remove the SBS system, and it gave an error saying it could not find any other DC's on the network. Very strange.
I also tried to run DCPROMO to remove the SBS system, and it gave an error saying it could not find any other DC's on the network. Very strange.
are they listed in dns correctly, correct ip and name
ASKER
yes they are listed correctly in DNS
ASKER
I can do a tracert against both server names and get the correct IP addresses. So looks like DNS is resolving correctly.
Well you say you get correct IP address but i would go to each server and verify the name and IP, make sure the name vulcan has vulcan ip and vesta has vesta name and ip. Ensure they didn't get mixed up somehow.
Post your event viewer errors i know you have 'em
Post your event viewer errors i know you have 'em
ASKER
if i do a nslookup on both servers i get these results:
nslookup vesta.inbalhq.local
Server: vesta.inbalhq.local
Address: 10.0.0.6
Name: vesta.inbalhq.local
Address: 10.0.0.6
nslookup vulcan.inbalhq.local
Server: vesta.inbalhq.local
Address: 10.0.0.6
Name: vulcan.inbalhq.local
Address: 10.0.0.5
What Event Viewer info do you want? I dont have any DNS errors from today.
nslookup vesta.inbalhq.local
Server: vesta.inbalhq.local
Address: 10.0.0.6
Name: vesta.inbalhq.local
Address: 10.0.0.6
nslookup vulcan.inbalhq.local
Server: vesta.inbalhq.local
Address: 10.0.0.6
Name: vulcan.inbalhq.local
Address: 10.0.0.5
What Event Viewer info do you want? I dont have any DNS errors from today.
Can you post a COMPLETE ipconfig /all from each server?
Jeff
TechSoEasy
Jeff
TechSoEasy
Also, please run the following:
DCdiag /test:Knowsofroleholders /v
and post the output here.
Jeff
TechSoEasy
DCdiag /test:Knowsofroleholders /v
and post the output here.
Jeff
TechSoEasy
Let me correct that... because we really will want to see the entire DCdiag /V, so you can run it as:
C:\>DCDiag /v >dcdiag.txt
this will output to a text file that you can copy & paste to post.
Jeff
TechSoEasy
C:\>DCDiag /v >dcdiag.txt
this will output to a text file that you can copy & paste to post.
Jeff
TechSoEasy
ASKER
ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : vulcan
Primary Dns Suffix . . . . . . . : InBalhq.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : InBalhq.local
Ethernet adapter Server Local Area Connection:
Connection-specific DNS Suffix . : inbalhq.local
Description . . . . . . . . . . . : Netelligent 10/100TX PCI Embedded UTP/AUI
Controller
Physical Address. . . . . . . . . : 00-50-8B-C8-7F-14
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.0.0.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.0.2
DNS Servers . . . . . . . . . . . : 10.0.0.6
__________________________
ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : vesta
Primary Dns Suffix . . . . . . . : InBalhq.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : InBalhq.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-18-8B-F9-0F-B5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Autoconfiguration IP Address. . . : 169.254.10.4
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet #2
Physical Address. . . . . . . . . : 00-18-8B-F9-0F-B4
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.0.0.6
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.0.2
DNS Servers . . . . . . . . . . . : 10.0.0.6
__________________________
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine vesta, is a DC.
* Connecting to directory service on server vesta.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\VE
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... VESTA passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\VE
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=InBal
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=InBal
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=InBalh
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=InBalhq,DC=local
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
......................... VESTA passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC VESTA.
* Security Permissions Check for
DC=ForestDnsZones,DC=InBal
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=InBal
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=InBalh
(Configuration,Version 2)
* Security Permissions Check for
DC=InBalhq,DC=local
(Domain,Version 2)
......................... VESTA passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Unable to connect to the NETLOGON share! (\\VESTA\netlogon)
[VESTA] An net use or LsaPolicy operation failed with error 1203, No network provider accepted the given network path..
......................... VESTA failed test NetLogons
Starting test: Advertising
Warning: DsGetDcName returned information for \\vulcan.InBalhq.local, when we were trying to reach VESTA.
Server is not responding or is not considered suitable.
The DC VESTA is advertising itself as a DC and having a DS.
The DC VESTA is advertising as an LDAP server
The DC VESTA is advertising as having a writeable directory
The DC VESTA is advertising as a Key Distribution Center
The DC VESTA is advertising as a time server
The DS VESTA is advertising as a GC.
......................... VESTA failed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=VESTA,CN=Serve
Role Domain Owner = CN=NTDS Settings,CN=VESTA,CN=Serve
Role PDC Owner = CN=NTDS Settings,CN=VESTA,CN=Serve
Role Rid Owner = CN=NTDS Settings,CN=VESTA,CN=Serve
Role Infrastructure Update Owner = CN=NTDS Settings,CN=VESTA,CN=Serve
......................... VESTA passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 3107 to 1073741823
* vesta.InBalhq.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 2607 to 3106
* rIDPreviousAllocationPool is 2607 to 3106
* rIDNextRID: 2628
......................... VESTA passed test RidManager
Starting test: MachineAccount
Checking machine account for DC VESTA on DC VESTA.
* SPN found :LDAP/vesta.InBalhq.local/
* SPN found :LDAP/vesta.InBalhq.local
* SPN found :LDAP/VESTA
* SPN found :LDAP/vesta.InBalhq.local/
* SPN found :LDAP/a1c14751-0120-4437-a
* SPN found :E3514235-4B06-11D1-AB04-0
* SPN found :HOST/vesta.InBalhq.local/
* SPN found :HOST/vesta.InBalhq.local
* SPN found :HOST/VESTA
* SPN found :HOST/vesta.InBalhq.local/
* SPN found :GC/vesta.InBalhq.local/In
......................... VESTA passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... VESTA passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
VESTA is in domain DC=InBalhq,DC=local
Checking for CN=VESTA,OU=Domain Controllers,DC=InBalhq,DC=
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=VESTA,CN=Serve
Object is up-to-date on all servers.
......................... VESTA passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
The registry lookup failed to determine the state of the SYSVOL. The
error returned was 0 (The operation completed successfully.). Check
the FRS event log to see if the SYSVOL has successfully been shared.
......................... VESTA passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Warning Event occured. EventID: 0x800034FE
Time Generated: 09/27/2007 18:37:57
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800034C4
Time Generated: 09/27/2007 18:48:21
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800034C4
Time Generated: 09/27/2007 18:56:21
(Event String could not be retrieved)
......................... VESTA failed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minutes.
......................... VESTA passed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0x00000457
Time Generated: 09/28/2007 00:38:51
(Event String could not be retrieved)
......................... VESTA failed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=VESTA,OU=Domain Controllers,DC=InBalhq,DC=
CN=VESTA,CN=Servers,CN=Def
are correct.
The system object reference (frsComputerReferenceBL)
CN=VESTA,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=InBal
and backlink on CN=VESTA,OU=Domain Controllers,DC=InBalhq,DC=
correct.
The system object reference (serverReferenceBL)
CN=VESTA,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=InBal
and backlink on
CN=NTDS Settings,CN=VESTA,CN=Serve
are correct.
......................... VESTA passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : InBalhq
Starting test: CrossRefValidation
......................... InBalhq passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... InBalhq passed test CheckSDRefDom
Running enterprise tests on : InBalhq.local
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... InBalhq.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\vulcan.InBalhq.local
Locator Flags: 0xe00001fc
PDC Name: \\vesta.InBalhq.local
Locator Flags: 0xe00003fd
Time Server Name: \\vulcan.InBalhq.local
Locator Flags: 0xe00001fc
Preferred Time Server Name: \\vulcan.InBalhq.local
Locator Flags: 0xe00001fc
KDC Name: \\vulcan.InBalhq.local
Locator Flags: 0xe00001fc
......................... InBalhq.local passed test FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS
Windows IP Configuration
Host Name . . . . . . . . . . . . : vulcan
Primary Dns Suffix . . . . . . . : InBalhq.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : InBalhq.local
Ethernet adapter Server Local Area Connection:
Connection-specific DNS Suffix . : inbalhq.local
Description . . . . . . . . . . . : Netelligent 10/100TX PCI Embedded UTP/AUI
Controller
Physical Address. . . . . . . . . : 00-50-8B-C8-7F-14
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.0.0.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.0.2
DNS Servers . . . . . . . . . . . : 10.0.0.6
__________________________
ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : vesta
Primary Dns Suffix . . . . . . . : InBalhq.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : InBalhq.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-18-8B-F9-0F-B5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Autoconfiguration IP Address. . . : 169.254.10.4
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet #2
Physical Address. . . . . . . . . : 00-18-8B-F9-0F-B4
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.0.0.6
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.0.2
DNS Servers . . . . . . . . . . . : 10.0.0.6
__________________________
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine vesta, is a DC.
* Connecting to directory service on server vesta.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\VE
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... VESTA passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\VE
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=InBal
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=InBal
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=InBalh
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=InBalhq,DC=local
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
......................... VESTA passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC VESTA.
* Security Permissions Check for
DC=ForestDnsZones,DC=InBal
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=InBal
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=InBalh
(Configuration,Version 2)
* Security Permissions Check for
DC=InBalhq,DC=local
(Domain,Version 2)
......................... VESTA passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Unable to connect to the NETLOGON share! (\\VESTA\netlogon)
[VESTA] An net use or LsaPolicy operation failed with error 1203, No network provider accepted the given network path..
......................... VESTA failed test NetLogons
Starting test: Advertising
Warning: DsGetDcName returned information for \\vulcan.InBalhq.local, when we were trying to reach VESTA.
Server is not responding or is not considered suitable.
The DC VESTA is advertising itself as a DC and having a DS.
The DC VESTA is advertising as an LDAP server
The DC VESTA is advertising as having a writeable directory
The DC VESTA is advertising as a Key Distribution Center
The DC VESTA is advertising as a time server
The DS VESTA is advertising as a GC.
......................... VESTA failed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=VESTA,CN=Serve
Role Domain Owner = CN=NTDS Settings,CN=VESTA,CN=Serve
Role PDC Owner = CN=NTDS Settings,CN=VESTA,CN=Serve
Role Rid Owner = CN=NTDS Settings,CN=VESTA,CN=Serve
Role Infrastructure Update Owner = CN=NTDS Settings,CN=VESTA,CN=Serve
......................... VESTA passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 3107 to 1073741823
* vesta.InBalhq.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 2607 to 3106
* rIDPreviousAllocationPool is 2607 to 3106
* rIDNextRID: 2628
......................... VESTA passed test RidManager
Starting test: MachineAccount
Checking machine account for DC VESTA on DC VESTA.
* SPN found :LDAP/vesta.InBalhq.local/
* SPN found :LDAP/vesta.InBalhq.local
* SPN found :LDAP/VESTA
* SPN found :LDAP/vesta.InBalhq.local/
* SPN found :LDAP/a1c14751-0120-4437-a
* SPN found :E3514235-4B06-11D1-AB04-0
* SPN found :HOST/vesta.InBalhq.local/
* SPN found :HOST/vesta.InBalhq.local
* SPN found :HOST/VESTA
* SPN found :HOST/vesta.InBalhq.local/
* SPN found :GC/vesta.InBalhq.local/In
......................... VESTA passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... VESTA passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
VESTA is in domain DC=InBalhq,DC=local
Checking for CN=VESTA,OU=Domain Controllers,DC=InBalhq,DC=
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=VESTA,CN=Serve
Object is up-to-date on all servers.
......................... VESTA passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
The registry lookup failed to determine the state of the SYSVOL. The
error returned was 0 (The operation completed successfully.). Check
the FRS event log to see if the SYSVOL has successfully been shared.
......................... VESTA passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Warning Event occured. EventID: 0x800034FE
Time Generated: 09/27/2007 18:37:57
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800034C4
Time Generated: 09/27/2007 18:48:21
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800034C4
Time Generated: 09/27/2007 18:56:21
(Event String could not be retrieved)
......................... VESTA failed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minutes.
......................... VESTA passed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0x00000457
Time Generated: 09/28/2007 00:38:51
(Event String could not be retrieved)
......................... VESTA failed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=VESTA,OU=Domain Controllers,DC=InBalhq,DC=
CN=VESTA,CN=Servers,CN=Def
are correct.
The system object reference (frsComputerReferenceBL)
CN=VESTA,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=InBal
and backlink on CN=VESTA,OU=Domain Controllers,DC=InBalhq,DC=
correct.
The system object reference (serverReferenceBL)
CN=VESTA,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=InBal
and backlink on
CN=NTDS Settings,CN=VESTA,CN=Serve
are correct.
......................... VESTA passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : InBalhq
Starting test: CrossRefValidation
......................... InBalhq passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... InBalhq passed test CheckSDRefDom
Running enterprise tests on : InBalhq.local
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... InBalhq.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\vulcan.InBalhq.local
Locator Flags: 0xe00001fc
PDC Name: \\vesta.InBalhq.local
Locator Flags: 0xe00003fd
Time Server Name: \\vulcan.InBalhq.local
Locator Flags: 0xe00001fc
Preferred Time Server Name: \\vulcan.InBalhq.local
Locator Flags: 0xe00001fc
KDC Name: \\vulcan.InBalhq.local
Locator Flags: 0xe00001fc
......................... InBalhq.local passed test FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS
So... you haven't seized the FSMO roles? or any of the things I first suggested?
Please go back to my first comment, http:#19976407 --- you need to follow those steps. You want VULCAN to not be listed anywhere in the above report when you run it again.
Jeff
TechSoEasy
Please go back to my first comment, http:#19976407 --- you need to follow those steps. You want VULCAN to not be listed anywhere in the above report when you run it again.
Jeff
TechSoEasy
ASKER
I didnt sieze the roles, but i did "transfer" the roles to vesta. Do I need to sieze them instead?
ASKER
i followed the instructions to seize the roles, with the exception of doing a dcpromo /forceremoval on SBS. I still get the same results from dcdiag.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Forced accept.
Computer101
EE Admin
Computer101
EE Admin
Make sure DNS is up and running, make sure the server is listed in dns with proper IP. You could run dcdiag see if that shows anything. post any errors in error log.