Solved

ADMT "Unable to get domain information when using an Include file

Posted on 2009-04-01
4
1,494 Views
Last Modified: 2012-05-06
I am performing a W2K3 to W2K3 R2 migration for a company separation that is taking place. I have installed ADMT in the target domain, prepared the environment according to the ADMT migration guide (except the tcpip settings - not required as all servers are W2K3).

Inititally, using the two way trust, I created an account in the source, delegated rights in the target and ran ADMT. However, even though all the rights are apparently correct, I recieved the 'Invalid Handler' error that is often reported when the source account can't query the target for the existence of an existing object.

Google etc.. seems to point to then using the target account in ADMT to access the source domain and migrate the objects that way. This works (though it will cause problems with the computer migration), however I want to use an 'Include' file to allow renaming etc..

When I use an Inlude file, I recieved 'Unable to get domain information for 'domain'. The RPC server is unavailable.

My new domain and old domain communicate over a VPN and the network engineer has set all the ports correctly. We see no dropped packets at the firewall. NOTE: If I don't use the include file, the process works perfectly.

If I go back to using the source account to run ADMT and use an include file, although I fail with the invalid handler error, but the include file is read correctly.

I have previously used ADMT3 and not had this issue before, so I know it can and does work. Obviously, with the error I get, I don't even have an error log to reference.

Any help is appreciated.
0
Comment
Question by:Cejay1967
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 5

Expert Comment

by:MSE-JNegus
ID: 24049174
Are you using the same account name and password in both domains?  I have seen strange things happen using the same administrator name and password in both domains.  If that is the case try renaming one of the accounts.
0
 
LVL 6

Accepted Solution

by:
Hardeep_Saluja earned 500 total points
ID: 24052100
Hi,

Please check your ports.. try to disable ANY firewall/antivirus for testing
Its issue with some communication problem majorly ports
you can also download tool "portqryui" from microsoft website to check for which ports are not listening

Following ports should be listening:
RPC endpoint mapper
 135/tcp, 135/udp
 
Network basic input/output system (NetBIOS) name service
 137/tcp, 137/udp
 
NetBIOS datagram service
 138/udp
 
NetBIOS session service
 139/tcp
 
RPC dynamic assignment
 1024-65535/tcp
 
Server message block (SMB) over IP (Microsoft-DS)
 445/tcp, 445/udp
 
Lightweight Directory Access Protocol (LDAP)
 389/tcp
 
LDAP ping
 389/udp
 
LDAP over SSL
 636/tcp
 
Global catalog LDAP
 3268/tcp
 
Global catalog LDAP over SSL
 3269/tcp
 
Kerberos
 88/tcp, 88/udp
 
Domain Name Service (DNS)
 53/tcp1, 53/udp
 
Windows Internet Naming Service (WINS) resolution (if required)
 1512/tcp, 1512/udp
 
WINS replication (if required)
 42/tcp, 42/udp
 
Thanks
0
 

Author Comment

by:Cejay1967
ID: 24055301
What I'd really like to do is use the 'Source' account in my target domain, as with 300 workstations to move, I don't want to script or manually enter the target account into the local administrators group on each workstation. The 'Invalid' handle seems to be a common problem and the accepted solution seems to be to use the target account to access the source AD.

I'll have another word with my network engineer. However, working across both companies is proving difficult.

I have seen one other case with an issue with the include file, however that query was never answered in the forums.

I need to find and answer though, it's driving me nuts!
0
 

Author Comment

by:Cejay1967
ID: 24105139
I believe in the end the problem was that my network engineer had not allowed GC. When he changed that, I could use the include file. There must be a process difference between doing a normal domain search and using an include file.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question