Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

AD inplace upgrade testing from w2k3 to win2008

Posted on 2009-02-09
7
Medium Priority
?
400 Views
Last Modified: 2012-05-06
I've recently been assigned the task of upgrading our x86 2003 domain controllers to x64 2008 domain controllers.
I currently have 4 x86 2003 DC's on my network.
what I have done so far was to install a x64 win2003 DC on the company network.
once replication has completed , I had removed the DC from the network and placed it in a lab for testing with no network connectivity.
I've seized all 5 FSMO roles  , ran a FORESTPREP , DOMAINPREP AND GPPREP to prepare it for a 2008 inplace upgrade.
forestprep gave me a few errors regarding replication not completing after its last reboot , but I've managed to resolve that by that removing all site replication links under sites and services.
I popped in the 2008 CD and did the upgrade.
ADPREP logs came back with no errors after the upgrade but checked the event logs and it seems as if DNS will not start.
error stipulated below :

The DNS Server service terminated with the following error:
The network is not present or not started.
EVENT ID : 7023
Source : Service Control Manager Eventlog Provider

I have a few other errors from Directory services and file replication services but those are because of DNS lookup failures.
I understand that there would be network connectivity when I do the LIVE upgrade but I do not want to take any chance as I will be switching off one of my LIVE domain controllers for that implementation.

Any assistance would be appreciated.

Brad

0
Comment
Question by:ablsysadmin
  • 4
  • 3
7 Comments
 
LVL 71

Accepted Solution

by:
Chris Dent earned 1500 total points
ID: 23589191

Hey Brad,

The DNS service cannot start unless it has an active interface to bind to. Get an isolated switch / hub (one that doesn't have anything else plugged into it) to allow the network connection to come up but maintain the separation from your LAN.

Not so sure I like the method though, given a choice I would have you remove a DC at a time (dcpromo to demote it, etc) from the network, rebuild it as 2008 then join it to the domain and promote it once more.

Chris
0
 

Author Comment

by:ablsysadmin
ID: 23597946
Hi Chris

Thanks for the reply.
I hear what you are saying with regards to placing a 2008 machine on the network and then doing the DCPROMO but my reasoning behind this testing is to see if any problems are encountered when the schema is extended. I need to make sure that AD is stable after the upgrade.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 23598708

Ahh fair enough, it is a sensible precaution.

Were you planning to pull the Schema Master off the main network while performing the upgrade? Or where you just wanting to test it on a separated domain?

Either way, you'll still find you need an active network connection. I have a couple of tiny 5 port switches kicking around for this kind of thing if it isn't possible to isolate the port on the main switch, at least they don't cost much :)

Chris
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:ablsysadmin
ID: 23599195
I've connected the server to a blank switch like you recommended and the network connection is now active.
my DNS issue has been resolved.
Many thanks for that.

Next problem I have is WINS.
seems as if my WINS database is blank ( 2MB ) , it only contains entries for the local machine.
I've tried restoring from a backup but that does not work.
I'm assuming that it might not work because the backup is taken from a win2003 DC ( is this correct ??? )
I cleaned out the "c:\windows\system32\wins" directory and restarted the service and it recreates a blanks DB with only entries for itself.
from what I can see , if the machine were connected to the network , I would be able to replicate from other DC's.
what do you suggest ???
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 23599227

I suggest you don't worry too much about WINS to be honest. It helps with NetBIOS resolution, but isn't necessary for an AD domain (AD won't have anything to do with it).

Anyway, if you've made any changes to AD on this box after splitting it from the domain you should not, under any circumstances, allow it to talk to the main domain again.

Chris
0
 

Author Comment

by:ablsysadmin
ID: 23610503
dont worry chris , this machine wont get back on my network under any circumstances.
The reason why I need WINS is for my SQL environment , it uses shortnames for resolution.

does wins replicate between 2003 DC's and 2008 DC's ???
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 23610800

WINS replicates between WINS servers (manually configured push / pull replication), there's nothing more detailed to it than that. It stands completely aside from AD.

If you could safely make your WINS servers talk you'd be able to replicate the missing data.

Chris
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question