Solved

After Acronis restore of Windows Server 2003 Domain Controller to new box, Exchange server cannot see Domain Controller

Posted on 2008-06-17
121
3,881 Views
Last Modified: 2016-10-27
I performed an Acronis True Image Echo Enterprise Server with Universal Restore of my Windows Server 2003 Domain Controller onto a new box.   I was able to get into windows, check logs, check DNS, AD, etc.  Everything seems to be working.   I unplugged the network cable from my old DC, and plugged it into the new restored box.   Everything except exchange (hosted on another box) seems to be working.   Users are able to login to their workstations and autenticate against AD on the new DC, VPN works etc.   However the Exchange box stops working.   A review of the logs shows that it is unable to reach AD on the new DC.   If I swap the network cable back to the old DC, everything begins working with exchange again.   I could use some help figuring this issue out.  Why would the exchange server have issues seeing the DC when everything else works even when connecting from other systems?

thanks in advance  
0
Comment
Question by:James Glaubiger
  • 63
  • 28
  • 16
  • +2
121 Comments
 
LVL 12

Expert Comment

by:alikaz3
Comment Utility
My assumption would be that the exchange server doesn't like new server. Are the names identical? If they aren't that could cause trust account issues. Also, have you set the IP address to the same static IP of the old server?
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
Everything is identical, name, ip, etc.  

Only thing that was off during the restore was I has to put in the Windows Server 2003 CD1 and do a repair install of the OS to fix a BSOD issue.   How can I restore the exchange server's "trust" in my domain controller? :)
0
 
LVL 12

Expert Comment

by:alikaz3
Comment Utility
Well you first want to figure out what happened to it to begin with. Here's a ton of data on the "new" features of 2003 AD:

http://redmondmag.com/columns/article.asp?EditorialsID=593

I'd say what is happening, is the connection is already established between the old server and exchange, and when you swap in the new one, it doesn't accept the trust data, or it is asking the exchange server for it again. The traditional way to remake the trust is by leaving the domain and re-joining. You would have to do this to the exchange server. But I remember seeing an easier way to do this.. I am still looking
0
 
LVL 12

Expert Comment

by:alikaz3
Comment Utility
*2003 AD = 2003 trusts
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
I find it odd that every other workstation and server has no issue, just exchange.   I won't be able to try removing from the domain and then re adding it until after business hours.  Please do let me know if you find an easier way to do this.

thanks
0
 
LVL 12

Expert Comment

by:alikaz3
Comment Utility
I will keep searching
0
 
LVL 2

Expert Comment

by:junglecom
Comment Utility
Your best First steps are to rejoin your domain.

Then on AD, open the properties for the exchange computer profile.
Click on the Member Of tab and make sure these are in there:
Domain Computer
Exchange Installed Domain Server
Exchange Servers

Click on the Security tab and make sure these are in there:
Exchange Recipient Administrator (Full Control)
Exchange Servers (Full Control)

Try that and let us know.
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
Aha.  There is something more seriously wrong.   I am on the new DC and trying to open AD users and Computers and I get the error message:

"MMC cannot open the file c:\WINDOWS\system32\dsa.msc.

This may be because the file does not exist, is not an MMC console, or was created by a later version of MMC. This may also be because you do not have sufficient access rights to the file."

Other consoles give me the same type of  error.  The files exist in those locations but when i double click them I get the same error also.   Something is corrupt.   Any ideas?  
0
 
LVL 25

Expert Comment

by:kieran_b
Comment Utility
>>You would have to do this to the exchange server.
>>Your best First steps are to rejoin your domain.

That is dangerously incorrect advice - if you disjoin an Exchange server from the domain, kiss it goodbye.

Fix your DC problems and Exchange will pick up.  The times I have seen problems with this are when you have more than one DC, it gets mighty ugly.
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
I only have one DC.   Do you have any suggestions for my issues accessing MMC for AD etc?
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
Results of a     DCDiag /e /c /v /f:


_____________________________________________________

Domain Controller Diagnosis

Performing initial setup:
   * Verifying that the local machine vulcan, is a DC.
   * Connecting to directory service on server vulcan.
   * Collecting site info.
   * Identifying all servers.
   * Identifying all NC cross-refs.
   * Found 1 DC(s). Testing 1 of them.
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\VULCAN
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         * Active Directory RPC Services Check
         ......................... VULCAN passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\VULCAN
      Starting test: Replications
         * Replications Check
         * Replication Latency Check
            DC=ForestDnsZones,DC=InBalhq,DC=local
               Latency information for 2 entries in the vector were ignored.
                  2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=DomainDnsZones,DC=InBalhq,DC=local
               Latency information for 2 entries in the vector were ignored.
                  2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Schema,CN=Configuration,DC=InBalhq,DC=local
               Latency information for 2 entries in the vector were ignored.
                  2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Configuration,DC=InBalhq,DC=local
               Latency information for 2 entries in the vector were ignored.
                  2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=InBalhq,DC=local
               Latency information for 2 entries in the vector were ignored.
                  2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
         ......................... VULCAN passed test Replications
      Starting test: Topology
         * Configuration Topology Integrity Check
         * Analyzing the connection topology for DC=ForestDnsZones,DC=InBalhq,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=DomainDnsZones,DC=InBalhq,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=InBalhq,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Configuration,DC=InBalhq,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=InBalhq,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... VULCAN passed test Topology
      Starting test: CutoffServers
         * Configuration Topology Aliveness Check
         * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=InBalhq,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=InBalhq,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=InBalhq,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for CN=Configuration,DC=InBalhq,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for DC=InBalhq,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... VULCAN passed test CutoffServers
      Starting test: NCSecDesc
         * Security Permissions check for all NC's on DC VULCAN.
         * Security Permissions Check for
           DC=ForestDnsZones,DC=InBalhq,DC=local
            (NDNC,Version 2)
         * Security Permissions Check for
           DC=DomainDnsZones,DC=InBalhq,DC=local
            (NDNC,Version 2)
         * Security Permissions Check for
           CN=Schema,CN=Configuration,DC=InBalhq,DC=local
            (Schema,Version 2)
         * Security Permissions Check for
           CN=Configuration,DC=InBalhq,DC=local
            (Configuration,Version 2)
         * Security Permissions Check for
           DC=InBalhq,DC=local
            (Domain,Version 2)
         ......................... VULCAN passed test NCSecDesc
      Starting test: NetLogons
         * Network Logons Privileges Check
         Verified share \\VULCAN\netlogon
         Verified share \\VULCAN\sysvol
         ......................... VULCAN passed test NetLogons
      Starting test: Advertising
         The DC VULCAN is advertising itself as a DC and having a DS.
         The DC VULCAN is advertising as an LDAP server
         The DC VULCAN is advertising as having a writeable directory
         The DC VULCAN is advertising as a Key Distribution Center
         The DC VULCAN is advertising as a time server
         The DS VULCAN is advertising as a GC.
         ......................... VULCAN passed test Advertising
      Starting test: KnowsOfRoleHolders
         Role Schema Owner = CN=NTDS Settings,CN=VULCAN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=InBalhq,DC=local
         Role Domain Owner = CN=NTDS Settings,CN=VULCAN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=InBalhq,DC=local
         Role PDC Owner = CN=NTDS Settings,CN=VULCAN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=InBalhq,DC=local
         Role Rid Owner = CN=NTDS Settings,CN=VULCAN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=InBalhq,DC=local
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=VULCAN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=InBalhq,DC=local
         ......................... VULCAN passed test KnowsOfRoleHolders
      Starting test: RidManager
         * Available RID Pool for the Domain is 3107 to 1073741823
         * vulcan.InBalhq.local is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 1607 to 2106
         * rIDPreviousAllocationPool is 1107 to 1606
         * rIDNextRID: 1504
         ......................... VULCAN passed test RidManager
      Starting test: MachineAccount
         Checking machine account for DC VULCAN on DC VULCAN.
         * SPN found :LDAP/vulcan.InBalhq.local/InBalhq.local
         * SPN found :LDAP/vulcan.InBalhq.local
         * SPN found :LDAP/VULCAN
         * SPN found :LDAP/vulcan.InBalhq.local/INBALHQ
         * SPN found :LDAP/8df02afa-2445-4c77-81c8-cb8bd7c375fe._msdcs.InBalhq.local
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/8df02afa-2445-4c77-81c8-cb8bd7c375fe/InBalhq.local
         * SPN found :HOST/vulcan.InBalhq.local/InBalhq.local
         * SPN found :HOST/vulcan.InBalhq.local
         * SPN found :HOST/VULCAN
         * SPN found :HOST/vulcan.InBalhq.local/INBALHQ
         * SPN found :GC/vulcan.InBalhq.local/InBalhq.local
         ......................... VULCAN passed test MachineAccount
      Starting test: Services
         * Checking Service: Dnscache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: RpcSs
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... VULCAN passed test Services
      Starting test: OutboundSecureChannels
         * The Outbound Secure Channels test
         ** Did not run Outbound Secure Channels test
         because /testdomain: was not entered
         ......................... VULCAN passed test OutboundSecureChannels
      Starting test: ObjectsReplicated
         VULCAN is in domain DC=InBalhq,DC=local
         Checking for CN=VULCAN,OU=Domain Controllers,DC=InBalhq,DC=local in domain DC=InBalhq,DC=local on 1 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=VULCAN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=InBalhq,DC=local in domain CN=Configuration,DC=InBalhq,DC=local on 1 servers
            Object is up-to-date on all servers.
         ......................... VULCAN passed test ObjectsReplicated
      Starting test: frssysvol
         * The File Replication Service SYSVOL ready test
         File Replication Service's SYSVOL is ready
         ......................... VULCAN passed test frssysvol
      Starting test: frsevent
         * The File Replication Service Event log test
         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         An Warning Event occured.  EventID: 0x800034FA
            Time Generated: 06/17/2008   12:28:49
            Event String: Following is the summary of warnings and errors

encountered by File Replication Service while

polling the Domain Controller

vulcan.InBalhq.local for FRS replica set

configuration information.

 



The nTFRSReplicaSet object cn=domain system volume (sysvol share),cn=file replication service,cn=system,dc=inbalhq,dc=local has a invalid value for the attribute frsReplicaSetType.





 
         ......................... VULCAN failed test frsevent
      Starting test: kccevent
         * The KCC Event log test
         Found no KCC errors in Directory Service Event log in the last 15 minutes.
         ......................... VULCAN passed test kccevent
      Starting test: systemlog
         * The System Event log test
         An Error Event occured.  EventID: 0x825A0011
            Time Generated: 06/17/2008   15:39:11
            Event String: Time Provider NtpClient: An error occurred during

DNS lookup of the manually configured peer

'timekeeper.isi.edu'. NtpClient will try the DNS

lookup again in 120 minutes. The error was:

No such service is known. The service cannot be found in the specified name space. (0x8007277C)


         An Error Event occured.  EventID: 0x00000457
            Time Generated: 06/17/2008   16:08:14
            Event String: Driver HP Officejet 7400 series required for

printer !!Atlas!HP Officejet 7400 series is

unknown. Contact the administrator to install the

driver before you log in again.
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 06/17/2008   16:08:15
            Event String: Driver Microsoft Shared Fax Driver required for

printer Fax is unknown. Contact the administrator

to install the driver before you log in again.
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 06/17/2008   16:08:15
            Event String: Driver Microsoft XPS Document Writer required for

printer Microsoft XPS Document Writer is unknown.

Contact the administrator to install the driver

before you log in again.
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 06/17/2008   16:08:15
            Event String: Driver Send To Microsoft OneNote Driver required

for printer Send To OneNote 2007 is unknown.

Contact the administrator to install the driver

before you log in again.
         ......................... VULCAN failed test systemlog
      Starting test: VerifyReplicas
         ......................... VULCAN passed test VerifyReplicas
      Starting test: VerifyReferences
         The system object reference (serverReference)

         CN=VULCAN,OU=Domain Controllers,DC=InBalhq,DC=local and backlink on

         CN=VULCAN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=InBalhq,DC=local

         are correct.
         The system object reference (frsComputerReferenceBL)

         CN=VULCAN,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=InBalhq,DC=local

         and backlink on CN=VULCAN,OU=Domain Controllers,DC=InBalhq,DC=local

         are correct.
         The system object reference (serverReferenceBL)

         CN=VULCAN,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=InBalhq,DC=local

         and backlink on

         CN=NTDS Settings,CN=VULCAN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=InBalhq,DC=local

         are correct.
         ......................... VULCAN passed test VerifyReferences
      Starting test: VerifyEnterpriseReferences
         LDAP Error 0x5e (94) - No result present in message.
         ......................... VULCAN failed test VerifyEnterpriseReferences
      Starting test: CheckSecurityError
         * Dr Auth:  Beginning security errors check!
         Found KDC VULCAN for domain InBalhq.local in site Default-First-Site-Name
         Checking machine account for DC VULCAN on DC VULCAN.
         * SPN found :LDAP/vulcan.InBalhq.local/InBalhq.local
         * SPN found :LDAP/vulcan.InBalhq.local
         * SPN found :LDAP/VULCAN
         * SPN found :LDAP/vulcan.InBalhq.local/INBALHQ
         * SPN found :LDAP/8df02afa-2445-4c77-81c8-cb8bd7c375fe._msdcs.InBalhq.local
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/8df02afa-2445-4c77-81c8-cb8bd7c375fe/InBalhq.local
         * SPN found :HOST/vulcan.InBalhq.local/InBalhq.local
         * SPN found :HOST/vulcan.InBalhq.local
         * SPN found :HOST/VULCAN
         * SPN found :HOST/vulcan.InBalhq.local/INBALHQ
         * SPN found :GC/vulcan.InBalhq.local/InBalhq.local
         [VULCAN] No security related replication errors were found on this DC!  To target the connection to a specific source DC use /ReplSource:<DC>.
         ......................... VULCAN passed test CheckSecurityError
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : InBalhq
      Starting test: CrossRefValidation
         ......................... InBalhq passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... InBalhq passed test CheckSDRefDom
   
   Running enterprise tests on : InBalhq.local
      Starting test: Intersite
         Skipping site Default-First-Site-Name, this site is outside the scope

         provided by the command line arguments provided.
         ......................... InBalhq.local passed test Intersite
      Starting test: FsmoCheck
         GC Name: \\vulcan.InBalhq.local
         Locator Flags: 0xe00001fd
         PDC Name: \\vulcan.InBalhq.local
         Locator Flags: 0xe00001fd
         Time Server Name: \\vulcan.InBalhq.local
         Locator Flags: 0xe00001fd
         Preferred Time Server Name: \\vulcan.InBalhq.local
         Locator Flags: 0xe00001fd
         KDC Name: \\vulcan.InBalhq.local
         Locator Flags: 0xe00001fd
         ......................... InBalhq.local passed test FsmoCheck
      Starting test: DNS
         Test results for domain controllers:
           
            DC: vulcan.InBalhq.local
            Domain: InBalhq.local

                 
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
                 
               TEST: Basic (Basc)
                   Microsoft(R) Windows(R) Server 2003 for Small Business Server (Service Pack level: 0.0) is supported
                  NETLOGON service is running
                  kdc service is running
                  DNSCACHE service is running
                  DNS service is running
                  DC is a DNS server
                  Network adapters information:
                  Adapter [00000011] Intel(R) PRO/1000 MT Dual Port Network Connection:
                     MAC address is 00:07:E9:23:E5:09
                     IP address is static
                     IP address: 10.0.0.5
                     DNS servers:
                        10.0.0.5 (vulcan.inbalhq.local.) [Valid]
                  The A record for this DC was found
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found (primary)
                  Root zone on this DC/DNS server was not found
                 
               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders are not configured on this DNS server
                  Root hint Information:
                     Name: a.root-servers.net. IP: 198.41.0.4 [Valid]
                     Name: b.root-servers.net. IP: 192.228.79.201 [Valid]
                     Name: c.root-servers.net. IP: 192.33.4.12 [Valid]
                     Name: d.root-servers.net. IP: 128.8.10.90 [Valid]
                     Name: e.root-servers.net. IP: 192.203.230.10 [Valid]
                     Name: f.root-servers.net. IP: 192.5.5.241 [Valid]
                     Name: g.root-servers.net. IP: 192.112.36.4 [Valid]
                     Name: h.root-servers.net. IP: 128.63.2.53 [Valid]
                     Name: i.root-servers.net. IP: 192.36.148.17 [Valid]
                     Name: j.root-servers.net. IP: 192.58.128.30 [Valid]
                     Name: k.root-servers.net. IP: 193.0.14.129 [Valid]
                     Name: l.root-servers.net. IP: 198.32.64.12 [Invalid (unreachable)]
                     Name: l.root-servers.net. IP: 199.7.83.42 [Valid]
                     Name: m.root-servers.net. IP: 202.12.27.33 [Valid]
                 
               TEST: Delegations (Del)
                  Delegation information for the zone: InBalhq.local.
                     Delegated domain name: _msdcs.InBalhq.local.
                        DNS server: vulcan.inbalhq.local. IP:10.0.0.5 [Valid]
                 
               TEST: Dynamic update (Dyn)
                  Dynamic update is enabled on the zone InBalhq.local.
                  Test record _dcdiag_test_record added successfully in zone InBalhq.local.
                  Test record _dcdiag_test_record deleted successfully in zone InBalhq.local.
                 
               TEST: Records registration (RReg)
                  Network Adapter [00000011] Intel(R) PRO/1000 MT Dual Port Network Connection:
                     Matching A record found at DNS server 10.0.0.5:
                     vulcan.InBalhq.local

                     Matching CNAME record found at DNS server 10.0.0.5:
                     8df02afa-2445-4c77-81c8-cb8bd7c375fe._msdcs.InBalhq.local

                     Matching DC SRV record found at DNS server 10.0.0.5:
                     _ldap._tcp.dc._msdcs.InBalhq.local

                     Matching GC SRV record found at DNS server 10.0.0.5:
                     _ldap._tcp.gc._msdcs.InBalhq.local

                     Matching PDC SRV record found at DNS server 10.0.0.5:
                     _ldap._tcp.pdc._msdcs.InBalhq.local

         
         Summary of test results for DNS servers used by the above domain controllers:

            DNS server: 198.32.64.12 (l.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12
               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
            DNS server: 10.0.0.5 (vulcan.inbalhq.local.)
               All tests passed on this DNS server
               This is a valid DNS server
               Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered
               Delegation to the domain _msdcs.InBalhq.local. is operational
               
            DNS server: 128.63.2.53 (h.root-servers.net.)
               All tests passed on this DNS server
               This is a valid DNS server
               
            DNS server: 128.8.10.90 (d.root-servers.net.)
               All tests passed on this DNS server
               This is a valid DNS server
               
            DNS server: 192.112.36.4 (g.root-servers.net.)
               All tests passed on this DNS server
               This is a valid DNS server
               
            DNS server: 192.203.230.10 (e.root-servers.net.)
               All tests passed on this DNS server
               This is a valid DNS server
               
            DNS server: 192.228.79.201 (b.root-servers.net.)
               All tests passed on this DNS server
               This is a valid DNS server
               
            DNS server: 192.33.4.12 (c.root-servers.net.)
               All tests passed on this DNS server
               This is a valid DNS server
               
            DNS server: 192.36.148.17 (i.root-servers.net.)
               All tests passed on this DNS server
               This is a valid DNS server
               
            DNS server: 192.5.5.241 (f.root-servers.net.)
               All tests passed on this DNS server
               This is a valid DNS server
               
            DNS server: 192.58.128.30 (j.root-servers.net.)
               All tests passed on this DNS server
               This is a valid DNS server
               
            DNS server: 193.0.14.129 (k.root-servers.net.)
               All tests passed on this DNS server
               This is a valid DNS server
               
            DNS server: 198.41.0.4 (a.root-servers.net.)
               All tests passed on this DNS server
               This is a valid DNS server
               
            DNS server: 199.7.83.42 (l.root-servers.net.)
               All tests passed on this DNS server
               This is a valid DNS server
               
            DNS server: 202.12.27.33 (m.root-servers.net.)
               All tests passed on this DNS server
               This is a valid DNS server
               
         Summary of DNS test results:
         
                                            Auth Basc Forw Del  Dyn  RReg Ext  
               ________________________________________________________________
            Domain: InBalhq.local
               vulcan                       PASS PASS PASS PASS PASS PASS n/a  
         
         ......................... InBalhq.local passed test DNS
0
 
LVL 48

Expert Comment

by:Jay_Jay70
Comment Utility
you ran a windows repair on your DC? thats probably what killed it, you shouldnt image a DC, and you should never run a repair, Your secure channel between exchange and the server is rooted - it could be fixed, if you hadnt run the repair...

Got a system state backup around?
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
I still have the old server running.   Can I grab a system state backup from it and restore it to the new server?
0
 
LVL 48

Expert Comment

by:Jay_Jay70
Comment Utility
on the old server, if you turn the new one off and leave the old one running is your network ok?
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
Yes.   What I have been doing is simply moving the network cable between the old server and new one while I try to fix the issue.   With the old server plugged into the network everything works great.  When I swap the cable to the new server exchange stops working, and i get the odd issues with permissons and AD and MMC's not opening etc.

I can create a system state backup from the old server and restore it to the new one if you think that is worth a shot.   Or if you have any other ideas?  :)

thanks
0
 
LVL 25

Expert Comment

by:kieran_b
Comment Utility
Arp cache Jay?
0
 
LVL 48

Expert Comment

by:Jay_Jay70
Comment Utility
in that case you can get out of this easily - oh wait a sec - is this SBS???
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
Unfortunately this is an 2003 SBS DC.   Exchange 2007 is running on a seperate box.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
Comment Utility
Oh dear, well that blows everything i can do to help you out of the water, i dont deal in SBS in any way shape or form - i dislike it with a passion cause we cant do all the things we can do in normal server

put it that way, if you are getting blue screens when you reimage the box, then your image has problems...acronis should restore to new hardware without a hitch

The windows repair will destroy AD.....

My advice - work on that image (if you have to do it this way) until you get a smooth restore....any errors like you initially will destroy your network like this....
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
arp -a from Exchange server shows the correct MAC addresses for the new server when it is plugged in, and when the old server is plugged in it changes to the MAC address of that NIC.



0
 
LVL 25

Expert Comment

by:kieran_b
Comment Utility
There is really not a lot we can do here - if you didn't have e2k7 on another server, I would recommended you format the new server and then use the swing kit to go to the new box.  As it is, I doubt that will work...
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
I am not really sure what else to do with the image i am restoring.   I restored it several times with the same BSOD.  The BSOD flickers, and I cannot read it.   Then the system reboots itself.

Only thing I can think of at this point if no one has an idea of how to fix this repared install of SBS is to restore the image to a VM and see if I can get it working there.   My suspicion is the restored image is causing the BSOD when it tried to load a driver for hardware my new system does not have.   The old system had RAID, the new system does not.

What about that system state backup idea you had, is that worth a shot?
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
My other option is get rid of SBS, which I would love to do.  That box is only being used as the DC.  Everything else has been moved off of it.   But when I read about migrating from SBS to 2003 Std it looked ugly, and apparently I need to buy some Transitional Licensing pack in order to migrate AD to a new Std DC???  

I tried adding a secondary DC previously and it ended up not working, which is why I have been avoiding doing it again.  ;)

Any further thoughts?
0
 
LVL 25

Expert Comment

by:kieran_b
Comment Utility
Well, you could put a new DC on there, shut the SBS box down and seize the FSMO roles, but the path you are walking down is a whole lot of pain.

How many users are we talking about here and what is the importance - if you lost the structure and all data for a few days, how bad would things get?
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
There are only about 10 users.  The most important thing is that email be working.   I can't have email down for more than at night or over a weekend.   Everything else can be down for a day or two without issue.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
Comment Utility
yah i agree with kieran, but there is licence costs

Unfortunately the system state backup wont do you any good when dealing with SBS, or at least, i dont know how it will react!
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
Well this box is pretty much useless as is, so I will try the system state restore from a backup on the old server.  Worth a shot even if it doesnt work.  

I will post my results shortly and then see where to go from that point
0
 
LVL 48

Expert Comment

by:Jay_Jay70
Comment Utility
no worries mate - havent done system restore with SBS - let me know how it goes
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
I just had a thought about the BSOD  while the sys restore is running here.   My new system has Hyper Threading with Dual Xeons.   Does SBS have some odd restriction on the number of CPU's, is 2 the max?  Would it be possible that the BSOD was being caused by 4 CPU's registering when SBS was booting since HT was on?
0
 
LVL 25

Expert Comment

by:kieran_b
Comment Utility
Unlikely - SBS is limited to 2 physical processors - dual quadcores while being considered 8 processors, is still only 2
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
I keep getting an error saying the bkf file I am trying to restore is not the one it is looking for.   How to I do the restore from the command line and force it to accept the bkf file I want to use?
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
Take that back.  I got it working, forgot to add it to the catalog ;)

The restore is running now.   :fingers crossed:
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
After restoring the System State I get a BSOD.  So that did not work.

If I were to re write my orignal image back to the new server before doing a repair install of SBS, do you guys have any ideas of how to fix that image and make it bootable to get past my original BSOD?

OR Should I do a fresh install of 2003 Std on this new box and restore the image to a VM?  

Whats the best bet to get a working DC up on this box with the last amount of down time?

thanks again guys, I appreciate your help.

0
 
LVL 48

Expert Comment

by:Jay_Jay70
Comment Utility
the image is rooted - chances are its those RAID drives i think...

the best thing to do would be to setup an additional DC...on a clean install of windows - and migrate as many services as you can to it, then seize the roles and make it the king dingaling....could get messy and has its risks...

Thoughts on the exchange side of doing this Kieran?
0
 
LVL 25

Expert Comment

by:kieran_b
Comment Utility
Exchange shouldn't care, assuming the migration from 2003 to 2007 is complete...
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
do I need to buy the SBS transitional license pack?  What about running SBS as a VM and working to move the DC at that point in a test environment?  I am hesitant to do this in the production system in case something goes horribly wrong.
0
 
LVL 2

Expert Comment

by:junglecom
Comment Utility
"That is dangerously incorrect advice - if you disjoin an Exchange server from the domain, kiss it goodbye."

I have done this a few times with no problems.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
Comment Utility
your best option indeed would be to go the migration path - that way its nice and clean - it should only be a couple of hundred bucks from memory?
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
This is what I found online for the Transition Pack... do you guys know if this is what I need?

http://www.netkillersoft.com/windowssbscal2003englishmlp5transitionpakdevicecal-1.aspx

Or is the migration path something entirely different?
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
Another post in EE suggests this but I am not clear on what it is:

www.sbsmigration.com

0
 
LVL 25

Expert Comment

by:kieran_b
Comment Utility
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
How do I tell if my SBS is premium or Std?
0
 
LVL 25

Expert Comment

by:kieran_b
Comment Utility
That is a swing migration - i don't know how well it will go with an Exchange 2007 server in the mix though.  You can contact the author of it though, he is quite responsive.
0
 
LVL 25

Expert Comment

by:kieran_b
Comment Utility
>>I have done this a few times with no problems.

That does not change the fact that it is a) completely unsupported, b) accepted as a "known bad idea" (google it), c) reckless advice to give on an anonymous forum where you can simply walk away when this guys server is hosed.

I am not doubting that you have done it, and I am not doubting that it worked - I know folks who have dcpromo'd an Exchange server successfully, that doesn't mean that it is a good idea, considering it will kill the server 9/10 times.
0
 
LVL 25

Expert Comment

by:kieran_b
Comment Utility
Now this is getting confusing with the cross posts...

>>How do I tell if my SBS is premium or Std?

Do you have ISA?
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
Not sure.   How do I check?  I am not even sure this is an R2 install either.   I need to check both.
0
 
LVL 25

Expert Comment

by:kieran_b
Comment Utility
R2 don't worry about - you can't buy a non R2 transition pack

Still, I don't think the transition pack is what you want - it includes a full license for Exchange 2003, rather pointless considering you have Exchange 2007 now.

If you buy windows server 2003 standard (not SBS) and whatever CALs you need, it would probably work out cheaper than the Transition pack
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
I read another thread that said you need the transition pack to unlock SBS and transfer the DC, AD, FSMO roles to a new DC.  Is that just not true?  And what are those $40 transition packs I linked earlier, why wouldnt they work?
0
 
LVL 25

Expert Comment

by:kieran_b
Comment Utility
>>And what are those $40 transition packs I linked earlier, why wouldnt they work?

They are not the transition packs - those are just the CAL upgrades (you need them for each user)

You don't *need* the transition pack to transfer those roles - you just need it if you want to transfer them "gracefully"
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
ah ok.

I ran the SBS Best Practices Analyzer

Looks like I am running SBS 2003 Std w/ SP2, no R2 Technologies appear to be installed.

______________

Would it be possible for me to setup a VM with my SBS image on a isolated Router, then add in my new DC, promote it to primary, demote SBS and remove the VM.   Then unplug the production SBS and plug in the new Primary DC and have everything magically work? :)

Or does all this need to happen on the production system with all my other servers and exchange along for the ride?
0
 
LVL 25

Expert Comment

by:kieran_b
Comment Utility
>>Then unplug the production SBS and plug in the new Primary DC and have everything magically work? :)

You haven't learned yet have you >:)  Messing with images and VMs in production AD environments is pain, pure pain.

If you want to be a bit safer, you sound like you know VMs and imaging, so setup an isolated segment, and image the whole network to VM - then test it out.

It will take a bit longer, but at least you will see how it works out.
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
Your right.  I would rather try it out on the off chance it will work and play it safe for now.  I just remember my last attempt at adding a second DC to the SBS system and it took a week to put things back to normal and get email working.   ;)

Most other things just work, but when it comes to DC's I seem to have the worst luck.
0
 
LVL 25

Expert Comment

by:kieran_b
Comment Utility
Adding a DC to SBS should be no problem whatsoever - it is when you start taking things away from SBS that it all goes bad
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
The Secondary DC never worked correctly.  If SBS was shut off, nothing worked, just like how if I unplug SBS now and plug in my restored SBS on the new server not much works.  Exchange stops working, to the point that most of its services wont startup on a reboot, Exchange Information Store, Transport, System Attendant wont start etc.  Event Logs show they cant find AD or the GC.  :)

I will try to VM SBS and add a new DC to then remove SBS.   Another thought I had was if I can get SBS to even boot on the VM, maybe I can uninstall all the drivers and devices from the old system that are still lingering around (although I have no idea how to remove devices that are not in device manager since they do not exist in the box, any ideas here?) then reimage and restore to the new box.  Might fix my BSOD and boot, but equally might not.  ^_^

0
 
LVL 25

Expert Comment

by:kieran_b
Comment Utility
That is indicative of a misconfigured or misunderstood DC - Exchange wont just pick up, it needs up to 30 minutes to get itself together.  If it doesn't work on reboot, then we need to know if the second dc is a GC/DNS server
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
The second DC was GC & DNS at the time.   But I went down that road over a year ago and even has MS support remote in to assist since I was in over my head.   In the end we removed the second DC and put things back to SBS as DC1 GC/DNS, and exchange then was happy.

I will give my VM project a try tomorrow and post my results when I have them.

Any idea how to uninstall devices from a windows install when those devices do not exist?  For example on my image restored SBS on new hardware I still saw some devices and drivers existed, such as the old NIC.  I couldnt select the NIC or find it in Device Manager, but when I assigned NIC1 the IP information for the server, I got the error saying another NIC that is not currently present has the same IP information.   Uninstalling all those devices might get rid of my BSOD.   I may open a new thread on this issue.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
Comment Utility
that is not a bad path to trial, though i am not sure how you would remove the drivers....

We can help you with the forced destruction of SBS quite happily :)
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
Once I get the VM's setup I we can destroy without my hair going gray  ;)
0
 
LVL 25

Expert Comment

by:kieran_b
Comment Utility
>>Any idea how to uninstall devices from a windows install when those devices do not exist?

Do you have the universal restore option from Acronis?
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
Yes I have Universal Restore... and i used it when restoring over and over again.   I get that BSOD, then I did a repair install of SBS off the install CD1.  Once I got into SBS, I still saw that devices that were not in the Device Manager were still there.   I only realized this when I went to setup my NIC's. When I assigned NIC1 the IP information for the server, I got the error saying another NIC that is not currently present has the same IP information.   That NIC was the NIC from the original server.  If that device can still exist after a Universal Restore even though its not in device manager, i wouldnt be suprised if other devices made it across.   Uninstalling all those devices might get rid of my BSOD issue.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 12

Expert Comment

by:alikaz3
Comment Utility
Hey opster, I've been out of this one for a while, here goes:

have you tried disabling automatic reboot upon bluescreen, on the SBS server, before you make the image? I would think that then you would get a persistent blue screen on the new server that you could read, and then diagnose. How to do this:

-right click my computer
-properties>advanced>startup and recovery button
-uncheck system failure>automatically restart
-reboot, re-backup image
-reimage

let me know!
0
 
LVL 12

Expert Comment

by:alikaz3
Comment Utility
And at this point, would you consider nuking both servers and starting from scratch? Is there a way to backup the users/folders of the exchange server in a matter that can be opened by a fresh exchange install? (I don't know)
0
 
LVL 12

Expert Comment

by:alikaz3
Comment Utility
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
Well I did end up restoring my image to a VM.  I get a BSOD there as well.   And it does seem to be something with a driver or device, most likly the SCSI RAID controller from the old system.  

I downloaded Ultimate Boot CD 4 Win, and have booted into it on someones recommendation.   Any idea how I can remove devices and drivers from the system?
0
 
LVL 12

Expert Comment

by:alikaz3
Comment Utility
What if you took your original server, deleted/uninstalled the SCSI driver and any other possible offenders, shut down, then re-image the drive booted from an Acronis CD?

If you have trouble with Acronis finding the raid drive, you could first image the RAID to an IDE/single SATA drive, then boot off that drive and delete the drivers, reboot off Acronis cd, and re-image. That way you might be able to get your first plan working. I would say that would be the easiest if it works. Let me know if you have more questions about the procedure.
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
Well, I have had my fill of testing with the VM's.   The only way I seem to be able to get SBS to boot is by doing a Repair install from CD1.  This of course, destroys AD every time, even though most any other application seems to work just fine.

Tests Performed:

 (VM1) Restore Acronis Image of SBS to VM with two IDE hard disks configured.  Result BSOD.
 (VM2) Repair install of SBS on VM1.
 (SBSDC) Production SBS Server still working

* (VM2) Repair install of SBS on VM1.  Results, Boots into windows, I am able to login using Administrator, and some AD accounts.   Exchange does not work from seperate server.  Although I have only waited 20 minutes max before reverting.  Made copy of C:\Windows\System32\drivers and Registry

* On VM1 restored C:\Windows\System32\drivers and Registry. Nothing happens. No BSOD, just black screen after POST.  Revert.

* On VM2 restored a system state backup of SBSDC.  Results BSOD.



I am finally able to get a screenshot of the BSOD, by selecting F8 on boot and choosing the option "Disable Automatic Restart on System Failure".  The image is attached.

It tells me to run CHKDSK /F, which is not a valid switch/option when i run CHKDSK from the recovery console.

Anything else I should try with the VM's?  :)
bsod.jpg
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
Can anyone think of anything else I should test with the VM's before I embark on destroying SBS by adding a second DC?

Can anyone estimate how long it will take to destroy SBS and recover with a new Primary DC?

thanks again guys
0
 
LVL 48

Expert Comment

by:Jay_Jay70
Comment Utility
its driver errors that you arent going to get around i dont think
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
SO, if I go the route of setting up a new DC and killing SBS, my plan is the following steps (found on another post).  Let me know what you guys think, or if I am missing something:

Add the new W2k3 Std machine to the domain, promote it to DC.
Install DNS and whatever else needed.
Copy everything still needed from the SBS to the new machine.
Shutdown the SBS for good.

Seize the FSMO roles:
Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller
http://support.microsoft.com/?kbid=255504

Remove the SBS from AD:
How to remove data in Active Directory after an unsuccessful domain controller demotion
http://support.microsoft.com/?kbid=216498

Transfer the Licensing server to the new machine:
In AD Sites and Services, right-click "License Server" in the right pane, choose Properties, and move it to the new server.

Raise the functional level to W2k3:
How to raise domain and forest functional levels in Windows Server 2003
http://support.microsoft.com/?kbid=322692
0
 
LVL 48

Expert Comment

by:Jay_Jay70
Comment Utility
looks good to me - maybe Kieran has something else on the SBS side of things? but to me its looking like a good gung ho way of doing things

make sure that new DC is a GC as well - or you could have some fun :)
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
Is there a document for moving the GC?  I vaguely remember it being a check box somewhere.  Can you document the steps?
0
 
LVL 48

Expert Comment

by:Jay_Jay70
Comment Utility
its under the NTDS settings of the server (properties) in ADS&S
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
Well today is the day.  I have setup the new server with Windows Server 2003 Std and joined it to the domain.   I will be performing the steps below.  Just wanted to let everyone know.  I may be posting issus back here later today.  :)


Add the new W2k3 Std machine to the domain, promote it to DC.
Mark option for Global Catalog. - its under the NTDS settings of the server (properties) in ADS&S
Install DNS and whatever else needed.
Copy everything still needed from the SBS to the new machine.
Shutdown the SBS for good.

Seize the FSMO roles:
Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller
http://support.microsoft.com/?kbid=255504

Remove the SBS from AD:
How to remove data in Active Directory after an unsuccessful domain controller demotion
http://support.microsoft.com/?kbid=216498

Transfer the Licensing server to the new machine:
In AD Sites and Services, right-click "License Server" in the right pane, choose Properties, and move it to the new server.

Raise the functional level to W2k3:
How to raise domain and forest functional levels in Windows Server 2003
http://support.microsoft.com/?kbid=322692
0
 
LVL 12

Expert Comment

by:alikaz3
Comment Utility
Oy good luck to you, I have my eye on this thread again. Hopefully jay_jay will be joining us again as well!
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
After DCPROMO was successful I am getting an Auto Enrollment error:

Event Type:      Error
Event Source:      AutoEnrollment
Event Category:      None
Event ID:      13
Date:            7/14/2008
Time:            1:38:11 PM
User:            N/A
Computer:      SUN
Description:
Automatic certificate enrollment for local system failed to enroll for one Domain Controller certificate (0x80070005).  Access is denied.


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
I found this on EventID.Net posted by


Andrej Ota (Last update 1/23/2007):
- Error code: 0x80070005 - I have had just the same problem. I have a domain with two DCs and a separate CA server. CA auto-enrolled certificates for itself, but other domain servers, DCs and workstations (with an exception of two test Windows Vista Business workstations) just reported this error. I finally found an idea in TechNet article "Configuring and Troubleshooting Windows 2000 and Windows Server 2003 Certificate Services Web Enrollment" where invalid or missing SPN (service principal name) could cause authentication problems.
Sure enough, the CA server had only one SPN registered: "HOST/CA". I used the setspn utility from support tools to add "HOST/CA.my.domain", rebooted the server, and voila, autoenrollment started working throughout the domain. The only interesting lesson from this incident was a fact that Vista had no problems auto-enrolling. It seems that it can find proper SPN from AD and successfully authenticate to the CA server. This does not seem to work for Windows 2003 servers and Windows XP SP2 workstations.



Is that what I want to do?  Does anyone understand what he is saying and which machine I need to do this on?
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
Here is another event log for File Replication:

Event Type:      Warning
Event Source:      NtFrs
Event Category:      None
Event ID:      13565
Date:            7/14/2008
Time:            1:37:57 PM
User:            N/A
Computer:      SUN
Description:
File Replication Service is initializing the system volume with data from another domain controller. Computer SUN cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL.
 
To check for the SYSVOL share, at the command prompt, type:
net share
 
When File Replication Service completes the initialization process, the SYSVOL share will appear.
 
The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume, the availability of other domain controllers, and the replication interval between domain controllers.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.




I checked net share and SYSVOL is still not shared.  Could use some help guys, looks like the new DC issnt replicating from SBS properly.
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
I have now installed DNS onto the new DC named "SUN" and configured for Global Catalog.

DNS appears to be ok and replicated to the new server.

However when I unplug SBS from the network, users cannot login and exchange stops sending/recieving emails.   So this Secondary DC certianly issnt taking over at this point.   Should I be worried about that?  Or continue with my plan?
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
Hey guys, I am holding out for your suggestions at this point.   Please post back if you have time.
0
 
LVL 12

Expert Comment

by:alikaz3
Comment Utility
Ok so you installed exchange on the new server as well? I am not sure how exchange works with primary/secondary DCs and fault tolerance...

But users not being able to log in... that should be covered by active directory. So you have the new server running as the DHCP/DNS and it works as long as the SBS server is connected?
0
 
LVL 12

Expert Comment

by:alikaz3
Comment Utility
DNS is the first place I'd look.
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
Exchange is actually running on its own seperate server, and does stop working when SBS is unplugged.

Yes the new SUN server is configured as Secondary DC, DHCP/DNS, GC.   When SBS is unplugged, logging in gets stuck on "Applying Settings", and hangs there for 10 minutes or longer.  If SBS is plugged back in, all logins occur immidiatly.
0
 
LVL 12

Expert Comment

by:alikaz3
Comment Utility
Oy...

what about running DCDIAG and NETDIAG on the new server and posting the result?
0
 
LVL 12

Expert Comment

by:alikaz3
Comment Utility
You may need to download and install the Windows Server Support tools for those to work.
0
 
LVL 12

Expert Comment

by:alikaz3
Comment Utility
And what about running "set log" from the workstations (tells you what logon server is contacted). And also do you have both servers as GCs?
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
Yes both servers are GC's.   I am downloading the Suppot Tools now and will post my results shortly.
0
 
LVL 12

Expert Comment

by:alikaz3
Comment Utility
kk
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
I have posted the outputs of DCDIAG, NETDIAG, and SET LOG.   First set of results are with SBS plugged in, and the second are with SBS unplugged, just to see if there is a difference.....
__________________________________________________________________
DCDIAG output: (SBS plugged in)


Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\SUN
      Starting test: Connectivity
         ......................... SUN passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\SUN
      Starting test: Replications
         ......................... SUN passed test Replications
      Starting test: NCSecDesc
         ......................... SUN passed test NCSecDesc
      Starting test: NetLogons
         Unable to connect to the NETLOGON share! (\\SUN\netlogon)
         [SUN] An net use or LsaPolicy operation failed with error 1203, No network provider accepted the given network path..
         ......................... SUN failed test NetLogons
      Starting test: Advertising
         Warning: DsGetDcName returned information for \\vulcan.InBalhq.local, when we were trying to reach SUN.
         Server is not responding or is not considered suitable.
         ......................... SUN failed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... SUN passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... SUN passed test RidManager
      Starting test: MachineAccount
         ......................... SUN passed test MachineAccount
      Starting test: Services
         ......................... SUN passed test Services
      Starting test: ObjectsReplicated
         ......................... SUN passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... SUN passed test frssysvol
      Starting test: frsevent
         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         ......................... SUN failed test frsevent
      Starting test: kccevent
         ......................... SUN passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   11:07:41
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   11:07:42
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   11:07:42
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   11:07:43
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   11:11:44
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   11:11:45
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   11:11:45
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   11:11:46
            (Event String could not be retrieved)
         ......................... SUN failed test systemlog
      Starting test: VerifyReferences
         ......................... SUN passed test VerifyReferences
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : InBalhq
      Starting test: CrossRefValidation
         ......................... InBalhq passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... InBalhq passed test CheckSDRefDom
   
   Running enterprise tests on : InBalhq.local
      Starting test: Intersite
         ......................... InBalhq.local passed test Intersite
      Starting test: FsmoCheck
         ......................... InBalhq.local passed test FsmoCheck
____________________________________________________________________
NETDIAG output: (SBS plugged in)


....................................

    Computer Name: SUN
    DNS Host Name: sun.InBalhq.local
    System info : Microsoft Windows Server 2003 R2 (Build 3790)
    Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel
    List of installed hotfixes :
        KB924667-v2
        KB925398_WMP64
        KB925902
        KB926122
        KB927891
        KB929123
        KB930178
        KB931784
        KB932168
        KB933729
        KB933854
        KB935839
        KB935840
        KB936021
        KB936357
        KB936782
        KB938127
        KB941202
        KB941569
        KB941693
        KB942763
        KB943055
        KB943460
        KB943485
        KB944338
        KB944653
        KB945553
        KB946026
        KB948496
        KB948590
        KB950759
        KB950760
        KB950762
        KB951698
        KB951748
        Q147222


Netcard queries test . . . . . . . : Passed
    [WARNING] The net card 'Intel(R) PRO/1000 MT Dual Port Network Connection' may not be working.



Per interface results:

    Adapter : Local Area Connection 2

        Netcard queries test . . . : Failed
        NetCard Status:          DISCONNECTED
            Some tests will be skipped on this interface.

        Host Name. . . . . . . . . : sun
        Autoconfiguration IP Address : 169.254.135.179
        Subnet Mask. . . . . . . . : 255.255.0.0
        Default Gateway. . . . . . :
        Dns Servers. . . . . . . . :


    Adapter : Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : sun
        IP Address . . . . . . . . : 10.0.0.4
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 10.0.0.2
        Dns Servers. . . . . . . . : 10.0.0.4


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Failed
    [WARNING] Ths system volume has not been completely replicated to the local machine. This machine is not working properly as a DC.


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{E392105B-4761-4437-8A90-FB582DD3E435}
        NetBT_Tcpip_{75626131-0B7F-49BB-A351-3F6167186237}
    2 NetBt transports currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
          [WARNING] Cannot find a primary authoritative DNS server for the name
            'sun.InBalhq.local.'. [ERROR_TIMEOUT]
            The name 'sun.InBalhq.local.' may not be registered in DNS.
    PASS - All the DNS entries for DC are registered on DNS server '10.0.0.4' and other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{E392105B-4761-4437-8A90-FB582DD3E435}
        NetBT_Tcpip_{75626131-0B7F-49BB-A351-3F6167186237}
    The redir is bound to 2 NetBt transports.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{75626131-0B7F-49BB-A351-3F6167186237}
        NetBT_Tcpip_{E392105B-4761-4437-8A90-FB582DD3E435}
    The browser is bound to 2 NetBt transports.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Passed
    Secure channel for domain 'INBALHQ' is to '\\vulcan.InBalhq.local'.


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully
_____________________________________________________________

SET LOG output:

LOGONSERVER=\\VULCAN

_____________________________________________________________

DCDIAG output: (SBS unplugged)


Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\SUN
      Starting test: Connectivity
         ......................... SUN passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\SUN
      Starting test: Replications
         [Replications Check,SUN] A recent replication attempt failed:
            From VULCAN to SUN
            Naming Context: DC=DomainDnsZones,DC=InBalhq,DC=local
            The replication generated an error (1256):
            The remote system is not available. For information about network troubleshooting, see Windows Help.
            The failure occurred at 2008-07-15 11:55:55.
            The last success occurred at 2008-07-15 10:53:48.
            1 failures have occurred since the last success.
         [VULCAN] DsBindWithSpnEx() failed with error 1722,
         The RPC server is unavailable..
         [Replications Check,SUN] A recent replication attempt failed:
            From VULCAN to SUN
            Naming Context: DC=ForestDnsZones,DC=InBalhq,DC=local
            The replication generated an error (1256):
            The remote system is not available. For information about network troubleshooting, see Windows Help.
            The failure occurred at 2008-07-15 11:55:55.
            The last success occurred at 2008-07-15 10:53:48.
            1 failures have occurred since the last success.
         [Replications Check,SUN] A recent replication attempt failed:
            From VULCAN to SUN
            Naming Context: CN=Schema,CN=Configuration,DC=InBalhq,DC=local
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2008-07-15 11:56:37.
            The last success occurred at 2008-07-15 10:53:48.
            1 failures have occurred since the last success.
            The source remains down. Please check the machine.
         [Replications Check,SUN] A recent replication attempt failed:
            From VULCAN to SUN
            Naming Context: CN=Configuration,DC=InBalhq,DC=local
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2008-07-15 11:56:16.
            The last success occurred at 2008-07-15 11:43:13.
            1 failures have occurred since the last success.
            The source remains down. Please check the machine.
         [Replications Check,SUN] A recent replication attempt failed:
            From VULCAN to SUN
            Naming Context: DC=InBalhq,DC=local
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2008-07-15 11:55:55.
            The last success occurred at 2008-07-15 11:43:47.
            1 failures have occurred since the last success.
            The source remains down. Please check the machine.
         ......................... SUN passed test Replications
      Starting test: NCSecDesc
         ......................... SUN passed test NCSecDesc
      Starting test: NetLogons
         Unable to connect to the NETLOGON share! (\\SUN\netlogon)
         [SUN] An net use or LsaPolicy operation failed with error 1203, No network provider accepted the given network path..
         ......................... SUN failed test NetLogons
      Starting test: Advertising
         Fatal Error:DsGetDcName (SUN) call failed, error 1355
         The Locator could not find the server.
         ......................... SUN failed test Advertising
      Starting test: KnowsOfRoleHolders
         Warning: VULCAN is the Schema Owner, but is not responding to DS RPC Bind.
         [VULCAN] LDAP search failed with error 58,
         The specified server cannot perform the requested operation..
         Warning: VULCAN is the Schema Owner, but is not responding to LDAP Bind.
         Warning: VULCAN is the Domain Owner, but is not responding to DS RPC Bind.
         Warning: VULCAN is the Domain Owner, but is not responding to LDAP Bind.
         Warning: VULCAN is the PDC Owner, but is not responding to DS RPC Bind.
         Warning: VULCAN is the PDC Owner, but is not responding to LDAP Bind.
         Warning: VULCAN is the Rid Owner, but is not responding to DS RPC Bind.
         Warning: VULCAN is the Rid Owner, but is not responding to LDAP Bind.
         Warning: VULCAN is the Infrastructure Update Owner, but is not responding to DS RPC Bind.
         Warning: VULCAN is the Infrastructure Update Owner, but is not responding to LDAP Bind.
         ......................... SUN failed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... SUN failed test RidManager
      Starting test: MachineAccount
         ......................... SUN passed test MachineAccount
      Starting test: Services
         ......................... SUN passed test Services
      Starting test: ObjectsReplicated
         ......................... SUN passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... SUN passed test frssysvol
      Starting test: frsevent
         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         ......................... SUN failed test frsevent
      Starting test: kccevent
         ......................... SUN passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   11:07:41
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   11:07:42
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   11:07:42
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   11:07:43
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   11:11:44
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   11:11:45
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   11:11:45
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   11:11:46
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000416
            Time Generated: 07/15/2008   11:24:51
            Event String: The DHCP/BINL service on the local machine,

         An Error Event occured.  EventID: 0x00000416
            Time Generated: 07/15/2008   11:35:48
            Event String: The DHCP/BINL service on the local machine,

         An Error Event occured.  EventID: 0x00000416
            Time Generated: 07/15/2008   11:40:38
            Event String: The DHCP/BINL service on the local machine,

         An Error Event occured.  EventID: 0x00000416
            Time Generated: 07/15/2008   11:42:38
            Event String: The DHCP/BINL service on the local machine,

         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   11:47:11
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   11:47:12
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   11:47:12
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   11:47:13
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   11:54:56
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   11:54:57
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   11:54:57
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   11:54:58
            (Event String could not be retrieved)
         ......................... SUN failed test systemlog
      Starting test: VerifyReferences
         ......................... SUN passed test VerifyReferences
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : InBalhq
      Starting test: CrossRefValidation
         ......................... InBalhq passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... InBalhq passed test CheckSDRefDom
   
   Running enterprise tests on : InBalhq.local
      Starting test: Intersite
         ......................... InBalhq.local passed test Intersite
      Starting test: FsmoCheck
         Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
         A Global Catalog Server could not be located - All GC's are down.
         Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
         A Primary Domain Controller could not be located.
         The server holding the PDC role is down.
         Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
         A Time Server could not be located.
         The server holding the PDC role is down.
         Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355
         A Good Time Server could not be located.
         Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
         A KDC could not be located - All the KDCs are down.
         ......................... InBalhq.local failed test FsmoCheck


_____________________________________________________________
NETDIAG output: (SBS unplugged)


..................................

    Computer Name: SUN
    DNS Host Name: sun.InBalhq.local
    System info : Microsoft Windows Server 2003 R2 (Build 3790)
    Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel
    List of installed hotfixes :
        KB924667-v2
        KB925398_WMP64
        KB925902
        KB926122
        KB927891
        KB929123
        KB930178
        KB931784
        KB932168
        KB933729
        KB933854
        KB935839
        KB935840
        KB936021
        KB936357
        KB936782
        KB938127
        KB941202
        KB941569
        KB941693
        KB942763
        KB943055
        KB943460
        KB943485
        KB944338
        KB944653
        KB945553
        KB946026
        KB948496
        KB948590
        KB950759
        KB950760
        KB950762
        KB951698
        KB951748
        Q147222


Netcard queries test . . . . . . . : Passed
    [WARNING] The net card 'Intel(R) PRO/1000 MT Dual Port Network Connection' may not be working.



Per interface results:

    Adapter : Local Area Connection 2

        Netcard queries test . . . : Failed
        NetCard Status:          DISCONNECTED
            Some tests will be skipped on this interface.

        Host Name. . . . . . . . . : sun
        Autoconfiguration IP Address : 169.254.135.179
        Subnet Mask. . . . . . . . : 255.255.0.0
        Default Gateway. . . . . . :
        Dns Servers. . . . . . . . :


    Adapter : Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : sun
        IP Address . . . . . . . . : 10.0.0.4
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 10.0.0.2
        Dns Servers. . . . . . . . : 10.0.0.4


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
            No remote names have been found.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Failed
    [WARNING] Ths system volume has not been completely replicated to the local machine. This machine is not working properly as a DC.


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{E392105B-4761-4437-8A90-FB582DD3E435}
        NetBT_Tcpip_{75626131-0B7F-49BB-A351-3F6167186237}
    2 NetBt transports currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
          [WARNING] Cannot find a primary authoritative DNS server for the name
            'sun.InBalhq.local.'. [ERROR_TIMEOUT]
            The name 'sun.InBalhq.local.' may not be registered in DNS.
    PASS - All the DNS entries for DC are registered on DNS server '10.0.0.4' and other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{E392105B-4761-4437-8A90-FB582DD3E435}
        NetBT_Tcpip_{75626131-0B7F-49BB-A351-3F6167186237}
    The redir is bound to 2 NetBt transports.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{75626131-0B7F-49BB-A351-3F6167186237}
        NetBT_Tcpip_{E392105B-4761-4437-8A90-FB582DD3E435}
    The browser is bound to 2 NetBt transports.


DC discovery test. . . . . . . . . : Failed
        [FATAL] Cannot find DC in domain 'INBALHQ'. [ERROR_NO_SUCH_DOMAIN]


DC list test . . . . . . . . . . . : Failed
        'INBALHQ': Cannot find DC to get DC list from [test skipped].


Trust relationship test. . . . . . : Failed
    'INBALHQ': Cannot find DC to get DC list from [test skipped].
    Secure channel for domain 'INBALHQ' is to '\\vulcan.InBalhq.local'.
    [FATAL] Cannot set secure channel for domain 'INBALHQ' to PDC emulator. [ERROR_NO_LOGON_SERVERS]


Kerberos test. . . . . . . . . . . : Skipped
        'INBALHQ': Cannot find DC to get DC list from [test skipped].


LDAP test. . . . . . . . . . . . . : Failed
    Cannot find DC to run LDAP tests on. The error occurred was: The specified domain either does not exist or could not be contacted.

 
        [WARNING] Cannot find DC in domain 'INBALHQ'. [ERROR_NO_SUCH_DOMAIN]


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully

_____________________________________________________________
SET LOG output: (SBS unplugged)

LOGONSERVER=\\VULCAN

even after doing an ipconfig /release then /renew etc





I am reviewing these now myself.  Let me know what you think,

thanks
0
 
LVL 12

Expert Comment

by:alikaz3
Comment Utility
Wow that is a ton of data. I'll say first off it looks like you have radically different DCDIAG results, lots of file replication errors. Note at the top you got this too:


Warning: DsGetDcName returned information for \\vulcan.InBalhq.local, when we were trying to reach SUN.
         Server is not responding or is not considered suitable.

I'll keep looking but this will probably take a while :D
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
No problem, I really appreciate the help.   I will wait for your reply.
0
 
LVL 12

Expert Comment

by:alikaz3
Comment Utility
Ok run both servers and run this on both of them:
netdiag /fix

reboot the servers and rerun DCDIAG. Paste it here if it is different, otherwise just let me know!
0
 
LVL 12

Expert Comment

by:alikaz3
Comment Utility
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
Right now I am more concerned about logins not working properly.  Right now SBS is still rebooting and I cannot even login to SUN while it is off.   First step is getting AD to replicate properly and the SYSVOL share working etc.   Once that works, I believe exchange will fall in line and start working.

Waiting for SBS to reboot to post new DCDIAG...
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\SUN
      Starting test: Connectivity
         ......................... SUN passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\SUN
      Starting test: Replications
         [Replications Check,SUN] A recent replication attempt failed:
            From VULCAN to SUN
            Naming Context: DC=ForestDnsZones,DC=InBalhq,DC=local
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2008-07-15 13:16:13.
            The last success occurred at 2008-07-15 12:53:48.
            1 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         [Replications Check,SUN] A recent replication attempt failed:
            From VULCAN to SUN
            Naming Context: CN=Schema,CN=Configuration,DC=InBalhq,DC=local
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2008-07-15 13:16:13.
            The last success occurred at 2008-07-15 12:53:47.
            1 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         [Replications Check,SUN] A recent replication attempt failed:
            From VULCAN to SUN
            Naming Context: CN=Configuration,DC=InBalhq,DC=local
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2008-07-15 13:16:13.
            The last success occurred at 2008-07-15 12:53:47.
            1 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         ......................... SUN passed test Replications
      Starting test: NCSecDesc
         ......................... SUN passed test NCSecDesc
      Starting test: NetLogons
         Unable to connect to the NETLOGON share! (\\SUN\netlogon)
         [SUN] An net use or LsaPolicy operation failed with error 1203, No network provider accepted the given network path..
         ......................... SUN failed test NetLogons
      Starting test: Advertising
         Warning: DsGetDcName returned information for \\vulcan.InBalhq.local, when we were trying to reach SUN.
         Server is not responding or is not considered suitable.
         ......................... SUN failed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... SUN passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... SUN passed test RidManager
      Starting test: MachineAccount
         ......................... SUN passed test MachineAccount
      Starting test: Services
         ......................... SUN passed test Services
      Starting test: ObjectsReplicated
         ......................... SUN passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... SUN passed test frssysvol
      Starting test: frsevent
         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         ......................... SUN failed test frsevent
      Starting test: kccevent
         An Warning Event occured.  EventID: 0x80250828
            Time Generated: 07/15/2008   13:15:31
            (Event String could not be retrieved)
         ......................... SUN failed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0xC25A001D
            Time Generated: 07/15/2008   13:16:14
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000423
            Time Generated: 07/15/2008   13:16:23
            Event String: The DHCP service failed to see a directory server

         An Error Event occured.  EventID: 0x00000423
            Time Generated: 07/15/2008   13:16:23
            Event String: The DHCP service failed to see a directory server

         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   13:22:38
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   13:22:39
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   13:22:39
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   13:22:40
            (Event String could not be retrieved)
         ......................... SUN failed test systemlog
      Starting test: VerifyReferences
         ......................... SUN passed test VerifyReferences
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : InBalhq
      Starting test: CrossRefValidation
         ......................... InBalhq passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... InBalhq passed test CheckSDRefDom
   
   Running enterprise tests on : InBalhq.local
      Starting test: Intersite
         ......................... InBalhq.local passed test Intersite
      Starting test: FsmoCheck
         ......................... InBalhq.local passed test FsmoCheck
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
I rebooted SUN again and ran another DCDIAG results below.   SUN reboots in about 30 seconds, while SBS takes bout 5 minutes.  Therefore on the last reboot, SUN was up before VULCAN (SBS) was.   Want to see if the DCDIAG is different now.

___________________________________________________________


Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\SUN
      Starting test: Connectivity
         ......................... SUN passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\SUN
      Starting test: Replications
         [Replications Check,SUN] A recent replication attempt failed:
            From VULCAN to SUN
            Naming Context: DC=DomainDnsZones,DC=InBalhq,DC=local
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2008-07-15 13:29:06.
            The last success occurred at 2008-07-15 13:19:47.
            1 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         [Replications Check,SUN] A recent replication attempt failed:
            From VULCAN to SUN
            Naming Context: DC=ForestDnsZones,DC=InBalhq,DC=local
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2008-07-15 13:29:06.
            The last success occurred at 2008-07-15 12:53:48.
            2 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         [Replications Check,SUN] A recent replication attempt failed:
            From VULCAN to SUN
            Naming Context: CN=Schema,CN=Configuration,DC=InBalhq,DC=local
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2008-07-15 13:29:06.
            The last success occurred at 2008-07-15 12:53:47.
            2 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         [Replications Check,SUN] A recent replication attempt failed:
            From VULCAN to SUN
            Naming Context: CN=Configuration,DC=InBalhq,DC=local
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2008-07-15 13:29:06.
            The last success occurred at 2008-07-15 12:53:47.
            2 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         ......................... SUN passed test Replications
      Starting test: NCSecDesc
         ......................... SUN passed test NCSecDesc
      Starting test: NetLogons
         Unable to connect to the NETLOGON share! (\\SUN\netlogon)
         [SUN] An net use or LsaPolicy operation failed with error 1203, No network provider accepted the given network path..
         ......................... SUN failed test NetLogons
      Starting test: Advertising
         Warning: DsGetDcName returned information for \\vulcan.InBalhq.local, when we were trying to reach SUN.
         Server is not responding or is not considered suitable.
         ......................... SUN failed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... SUN passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... SUN passed test RidManager
      Starting test: MachineAccount
         ......................... SUN passed test MachineAccount
      Starting test: Services
         ......................... SUN passed test Services
      Starting test: ObjectsReplicated
         ......................... SUN passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... SUN passed test frssysvol
      Starting test: frsevent
         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         ......................... SUN failed test frsevent
      Starting test: kccevent
         An Warning Event occured.  EventID: 0x80250828
            Time Generated: 07/15/2008   13:28:17
            (Event String could not be retrieved)
         ......................... SUN failed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0xC25A001D
            Time Generated: 07/15/2008   13:16:14
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000423
            Time Generated: 07/15/2008   13:16:23
            Event String: The DHCP service failed to see a directory server

         An Error Event occured.  EventID: 0x00000423
            Time Generated: 07/15/2008   13:16:23
            Event String: The DHCP service failed to see a directory server

         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   13:22:38
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   13:22:39
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   13:22:39
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   13:22:40
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   13:29:48
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   13:29:48
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   13:29:49
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   13:29:49
            (Event String could not be retrieved)
         ......................... SUN failed test systemlog
      Starting test: VerifyReferences
         ......................... SUN passed test VerifyReferences
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : InBalhq
      Starting test: CrossRefValidation
         ......................... InBalhq passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... InBalhq passed test CheckSDRefDom
   
   Running enterprise tests on : InBalhq.local
      Starting test: Intersite
         ......................... InBalhq.local passed test Intersite
      Starting test: FsmoCheck
         ......................... InBalhq.local passed test FsmoCheck
0
 
LVL 12

Expert Comment

by:alikaz3
Comment Utility
You are still getting these:

Starting test: NetLogons
         Unable to connect to the NETLOGON share! (\\SUN\netlogon)
         [SUN] An net use or LsaPolicy operation failed with error 1203, No network provider accepted the given network path..
         ......................... SUN failed test NetLogons
      Starting test: Advertising
         Warning: DsGetDcName returned information for \\vulcan.InBalhq.local, when we were trying to reach SUN.
         Server is not responding or is not considered suitable.
         ......................... SUN failed test Advertising

And I believe the netlogon error as being the primary cause. If you google that 1203 error with lsapolicy there are tons of articles. I am really busy so I don't have much more time today to look at this. Hopefully you will figure it out before tommorrow, if not I'll be here :D
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
Here is something interesting.  When I try and Ping inbalhq.local it resolves to an IP address not in use on the system, and the IP is not one of the DC's.   In DNS I see this entry as an A record.   Should I delete it?
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
Ok.  I deleted the invalid records, and now my domain is correctly resolving to a DC when pinged.   I am rebooting now to see if DCDIAG is different.    Additionally I ran DCDIAG /test:dns and am beginning to suspect that many of the issues may be DNS problems.  I could use some help reviewing my DNS setup to make sure it is correct.  

DCDIAG results:


Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\SUN
      Starting test: Connectivity
         ......................... SUN passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\SUN
      Starting test: Replications
         [Replications Check,SUN] A recent replication attempt failed:
            From VULCAN to SUN
            Naming Context: DC=ForestDnsZones,DC=InBalhq,DC=local
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2008-07-15 15:20:27.
            The last success occurred at 2008-07-15 14:57:53.
            2 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         [Replications Check,SUN] A recent replication attempt failed:
            From VULCAN to SUN
            Naming Context: CN=Schema,CN=Configuration,DC=InBalhq,DC=local
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2008-07-15 15:20:27.
            The last success occurred at 2008-07-15 14:57:53.
            2 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         [Replications Check,SUN] A recent replication attempt failed:
            From VULCAN to SUN
            Naming Context: CN=Configuration,DC=InBalhq,DC=local
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2008-07-15 15:20:27.
            The last success occurred at 2008-07-15 14:57:53.
            2 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         ......................... SUN passed test Replications
      Starting test: NCSecDesc
         ......................... SUN passed test NCSecDesc
      Starting test: NetLogons
         Unable to connect to the NETLOGON share! (\\SUN\netlogon)
         [SUN] An net use or LsaPolicy operation failed with error 1203, No network provider accepted the given network path..
         ......................... SUN failed test NetLogons
      Starting test: Advertising
         Warning: DsGetDcName returned information for \\vulcan.InBalhq.local, when we were trying to reach SUN.
         Server is not responding or is not considered suitable.
         ......................... SUN failed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... SUN passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... SUN passed test RidManager
      Starting test: MachineAccount
         ......................... SUN passed test MachineAccount
      Starting test: Services
         ......................... SUN passed test Services
      Starting test: ObjectsReplicated
         ......................... SUN passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... SUN passed test frssysvol
      Starting test: frsevent
         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         ......................... SUN failed test frsevent
      Starting test: kccevent
         An Warning Event occured.  EventID: 0x80250828
            Time Generated: 07/15/2008   15:19:37
            (Event String could not be retrieved)
         ......................... SUN failed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   14:31:08
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   14:31:09
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   14:31:10
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   14:31:10
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   14:46:47
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   14:46:48
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   14:46:48
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   14:46:49
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   15:06:30
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   15:06:30
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   15:06:31
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   15:06:31
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC25A001D
            Time Generated: 07/15/2008   15:14:35
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   15:21:10
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   15:21:11
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   15:21:11
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/15/2008   15:21:12
            (Event String could not be retrieved)
         ......................... SUN failed test systemlog
      Starting test: VerifyReferences
         ......................... SUN passed test VerifyReferences
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : InBalhq
      Starting test: CrossRefValidation
         ......................... InBalhq passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... InBalhq passed test CheckSDRefDom
   
   Running enterprise tests on : InBalhq.local
      Starting test: Intersite
         ......................... InBalhq.local passed test Intersite
      Starting test: FsmoCheck
         ......................... InBalhq.local passed test FsmoCheck

___________________________________________________________

DCDIAG /test:dns output


Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\SUN
      Starting test: Connectivity
         ......................... SUN passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\SUN

DNS Tests are running and not hung. Please wait a few minutes...
   
   Running partition tests on : DomainDnsZones
   
   Running partition tests on : ForestDnsZones
   
   Running partition tests on : Schema
   
   Running partition tests on : Configuration
   
   Running partition tests on : InBalhq
   
   Running enterprise tests on : InBalhq.local
      Starting test: DNS
         Test results for domain controllers:
           
            DC: sun.InBalhq.local
            Domain: InBalhq.local

                 
               TEST: Forwarders/Root hints (Forw)
                  Error: Root hints list has invalid root hint server: a.root-servers.net. (198.41.0.4)
                  Error: Root hints list has invalid root hint server: b.root-servers.net. (192.228.79.201)
                  Error: Root hints list has invalid root hint server: c.root-servers.net. (192.33.4.12)
                  Error: Root hints list has invalid root hint server: d.root-servers.net. (128.8.10.90)
                  Error: Root hints list has invalid root hint server: e.root-servers.net. (192.203.230.10)
                  Error: Root hints list has invalid root hint server: f.root-servers.net. (192.5.5.241)
                  Error: Root hints list has invalid root hint server: g.root-servers.net. (192.112.36.4)
                  Error: Root hints list has invalid root hint server: h.root-servers.net. (128.63.2.53)
                  Error: Root hints list has invalid root hint server: i.root-servers.net. (192.36.148.17)
                  Error: Root hints list has invalid root hint server: j.root-servers.net. (192.58.128.30)
                  Error: Root hints list has invalid root hint server: k.root-servers.net. (193.0.14.129)
                 
               TEST: Delegations (Del)
                  Error: DNS server: vulcan.inbalhq.local. IP:10.0.0.5 [Broken delegated domain _msdcs.InBalhq.local.]
         
         Summary of test results for DNS servers used by the above domain controllers:

            DNS server: 10.0.0.5 (vulcan.inbalhq.local.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 10.0.0.5
               Delegation is broken for the domain _msdcs.InBalhq.local. on the DNS server 10.0.0.5
               
            DNS server: 128.63.2.53 (h.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53
               
            DNS server: 128.8.10.90 (d.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90
               
            DNS server: 192.112.36.4 (g.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4
               
            DNS server: 192.203.230.10 (e.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.203.230.10
               
            DNS server: 192.228.79.201 (b.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.228.79.201
               
            DNS server: 192.33.4.12 (c.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.33.4.12
               
            DNS server: 192.36.148.17 (i.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17
               
            DNS server: 192.5.5.241 (f.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.5.5.241
               
            DNS server: 192.58.128.30 (j.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.58.128.30
               
            DNS server: 193.0.14.129 (k.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129
               
            DNS server: 198.41.0.4 (a.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4
               
         Summary of DNS test results:
         
                                            Auth Basc Forw Del  Dyn  RReg Ext  
               ________________________________________________________________
            Domain: InBalhq.local
               sun                          PASS PASS FAIL FAIL PASS PASS n/a  
         
         ......................... InBalhq.local failed test DNS



0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
DNSLint Report

System Date: Tue Jul 15 18:32:52 2008

Command run:

dnslint /ad 10.0.0.5 /s 10.0.0.4

Root of Active Directory Forest:

    InBalhq.local

Active Directory Forest Replication GUIDs Found:

DC: VULCAN
GUID: 8df02afa-2445-4c77-81c8-cb8bd7c375fe

DC: SUN
GUID: 87ce7990-5c16-49ca-8ac7-658f512faa43


Total GUIDs found: 2

--------------------------------------------------------------------------------

The following 2 DNS servers were checked for records related to AD forest replication:

DNS server: sun.inbalhq.local
IP Address: 10.0.0.4
UDP port 53 responding to queries: YES
TCP port 53 responding to queries: Not tested
Answering authoritatively for domain: YES

SOA record data from server:
Authoritative name server: sun.InBalhq.local
Hostmaster: hostmaster
Zone serial number: 375
Zone expires in: 1.00 day(s)
Refresh period: 900 seconds
Retry delay: 600 seconds
Default (minimum) TTL: 3600 seconds


Additional authoritative (NS) records from server:
sun.inbalhq.local 10.0.0.4
vulcan.inbalhq.local 10.0.0.5




Alias (CNAME) and glue (A) records for forest GUIDs from server:
CNAME: 8df02afa-2445-4c77-81c8-cb8bd7c375fe._msdcs.InBalhq.local
Alias: vulcan.InBalhq.local
Glue: 10.0.0.5

CNAME: 87ce7990-5c16-49ca-8ac7-658f512faa43._msdcs.InBalhq.local
Alias: sun.InBalhq.local
Glue: 10.0.0.4


Total number of CNAME records found on this server: 2

Total number of CNAME records missing on this server: 0

Total number of glue (A) records this server could not find: 0



--------------------------------------------------------------------------------

DNS server: vulcan.inbalhq.local
IP Address: 10.0.0.5
UDP port 53 responding to queries: NO
TCP port 53 responding to queries: Not tested
Answering authoritatively for domain: Unknown

SOA record data from server:
Authoritative name server: Unknown
Hostmaster: Unknown
Zone serial number: Unknown
Zone expires in: Unknown
Refresh period: Unknown
Retry delay: Unknown
Default (minimum) TTL: Unknown





Total number of CNAME records found on this server: 0

Total number of CNAME records missing on this server: 0

Total number of glue (A) records this server could not find: 0



--------------------------------------------------------------------------------

Notes:
One or more DNS servers may not be authoritative for the domain
Additional name server records were not identical on every DNS server
One or more DNS servers did not respond to UDP queries
One or more zone files may have expired
SOA record data was unavailable and/or missing on one or more DNS servers




--------------------------------------------------------------------------------

Legend: warning, error

0
 
LVL 12

Expert Comment

by:alikaz3
Comment Utility
Oy that makes my head hurt looking at it.... you are still getting the same errors....

Try googling that 1203 error:

"An net use or LsaPolicy operation failed with error 1203, No network provider accepted the given network path"

There are tons of articles, lots of situations like yours. The general consensus is to reformat......

I will keep on this and let u know.
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
I am getting the below event warning on both Vulcan (SBS) and SUN (newly added DC),from Vulcan it cannot find SUN, and from SUN it cannot find VULCAN.   Alot of the articles talk about DNS making or breaking AD.   I have aready gone through several articles for the LsaPolicy error with no luck or change in situation.   And from what I can tell DNS is working.   I can try a format reinstall, but my gut feeing is I will be back at this same spot after doing that.  (i attempted this transition once before, and ended up having Microsoft support come in and repair everything and remove the new DC, leaving me with SBS.  However, at this point the SBS box is on its last, and could die any day, so I need AD replicating properly so I can kill it).   If we cannot get this working, I will have to hire MS support again to fix the issue.....

_____________________________________________________________
Event Type:      Warning
Event Source:      NTDS Replication
Event Category:      DS RPC Client
Event ID:      2088
Date:            7/15/2008
Time:            8:22:13 PM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      SUN
Description:
Active Directory could not use DNS to resolve the IP address of the source domain controller listed below. To maintain the consistency of Security groups, group policy, users and computers and their passwords, Active Directory successfully replicated using the NetBIOS or fully qualified computer name of the source domain controller.
 
Invalid DNS configuration may be affecting other essential operations on member computers, domain controllers or application servers in this Active Directory forest, including logon authentication or access to network resources.
 
You should immediately resolve this DNS configuration error so that this domain controller can resolve the IP address of the source domain controller using DNS.
 
Alternate server name:
 vulcan
Failing DNS host name:
 8df02afa-2445-4c77-81c8-cb8bd7c375fe._msdcs.InBalhq.local
 
NOTE: By default, only up to 10 DNS failures are shown for any given 12 hour period, even if more than 10 failures occur.  To log all individual failure events, set the following diagnostics registry value to 1:
 
Registry Path:
HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics\22 DS RPC Client
 
User Action:
 
 1) If the source domain controller is no longer functioning or its operating system has been reinstalled with a different computer name or NTDSDSA object GUID, remove the source domain controller's metadata with ntdsutil.exe, using the steps outlined in MSKB article 216498.
 
 2) Confirm that the source domain controller is running Active directory and is accessible on the network by typing "net view \\" or "ping ".
 
 3) Verify that the source domain controller is using a valid DNS server for DNS services, and that the source domain controller's host record and CNAME record are correctly registered, using the DNS Enhanced version of DCDIAG.EXE available on http://www.microsoft.com/dns
 
  dcdiag /test:dns
 
 4) Verify that that this destination domain controller is using a valid DNS server for DNS services, by running the DNS Enhanced version of DCDIAG.EXE command on the console of the destination domain controller, as follows:
 
  dcdiag /test:dns
 
 5) For further analysis of DNS error failures see KB 824449:
   http://support.microsoft.com/?kbid=824449
 
Additional Data
Error value:
 11004 The requested name is valid, but no data of the requested type was found.


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
 
LVL 7

Author Comment

by:James Glaubiger
Comment Utility
I have tried to fix the above error many times by doing the following to reregister them in DNS properly:

ipconfig /flushdns

net stop "net logon"

net start "net logon"

ipconfig /registerdns


this does re register them in DNS and I can see it happen.  But when I reboot I continue to get the replication DNS errors.
0
 
LVL 12

Expert Comment

by:alikaz3
Comment Utility
I know it sounds tough, but at this point I would recommend trashing the DNS roles on both DCs and re-make them from scratch. Read a few articles about DNS and make sure you have a very firm understanding of how your network will translate dns requests. Here's a couple:

http://searchwinit.techtarget.com/tip/0,289483,sid1_gci1115858,00.html

http://support.microsoft.com/kb/825036

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_2003_Active_Directory/Q_22867689.html

http://www.howtonetworking.com/server/dns.htm

I still have this feeling you aren't going to be able to get this to work. All these AD errors are making me think you have a corrupted AD on SUN, or possibly some mis-matched updates that may have junked your settings. Exchange is a terrible culprit for destroying server functionality (I recall the exchange bug that prevents logon at all "Applying Computer Settings..." - forever). Let me know if you have more questions, and keep me posted!
0
 
LVL 12

Expert Comment

by:alikaz3
Comment Utility
And i just read your newest post, looks right you have the right idea there. I still think you should re-do dns from scratch though.
0