Solved

NETLOGON and SYSVOL not shared present windows 2003 r2 (migration DC from w2000sp4-spa to w2003r2sp2-eng), dcdiag

Posted on 2009-04-11
7
1,353 Views
Last Modified: 2012-05-06
I migrate my DC from windows 2000 (192.168.1.50) to windows 2003 r2 sp2 (192.168.1.4)

i pass the roles and fsmo to new server w2003 (ip 192.168.1.4 initialy)
by this tutorial: http://www.tooltorials.com/Actualizar-active-directory-2000-a-r2-mover-roles-fsmo

later, I shutdown the server w2000 and change the ip a new server to 192.168.1.4
i see that SYSVOL and NETLOGON isnt shared in windows2003

i join to regedt32 y change in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters, donde vamos a localizar el valor de cadena REG_SZ que dice Sysvol y comprobamos que la ruta sea la correcta, por defecto siempre es C:\Windows\SYSVOL\sysvol, una vez verificado esto localizamos el REG_DWORD que se llama SysvolReady, observemos que tiene como valor 0, lo cambiamos a 1 en decimal y cerramos el editor de registro.
by this tutorial: :http://zonaticr.wordpress.com/2008/10/17/sysvol-y-netlogon-no-estan-compartidos-en-windows-server-2003/

I run DCDIAG and result:
Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Nombre-predeterminado-primer-sitio\DC01
      Starting test: Connectivity
         ......................... DC01 passed test Connectivity

Doing primary tests
   
   Testing server: Nombre-predeterminado-primer-sitio\DC01
      Starting test: Replications
         [Replications Check,DC01] A recent replication attempt failed:
            From IASA1 to DC01
            Naming Context: CN=Schema,CN=Configuration,DC=inmobiliaria,DC=com,DC=pe
            The replication generated an error (8524):
            The DSA operation is unable to proceed because of a DNS lookup failure.
            The failure occurred at 2009-04-11 11:04:06.
            The last success occurred at 2009-04-11 08:56:04.
            4 failures have occurred since the last success.
            The guid-based DNS name 3566654a-4151-4019-8378-62c5c034d455._msdcs.inmobiliaria.com.pe
            is not registered on one or more DNS servers.
         [IASA1] DsBindWithSpnEx() failed with error -2146893022,
         The target principal name is incorrect..
         [Replications Check,DC01] A recent replication attempt failed:
            From IASA1 to DC01
            Naming Context: CN=Configuration,DC=inmobiliaria,DC=com,DC=pe
            The replication generated an error (8524):
            The DSA operation is unable to proceed because of a DNS lookup failure.
            The failure occurred at 2009-04-11 11:03:04.
            The last success occurred at 2009-04-11 08:56:04.
            4 failures have occurred since the last success.
            The guid-based DNS name 3566654a-4151-4019-8378-62c5c034d455._msdcs.inmobiliaria.com.pe
            is not registered on one or more DNS servers.
         [Replications Check,DC01] A recent replication attempt failed:
            From IASA1 to DC01
            Naming Context: DC=inmobiliaria,DC=com,DC=pe
            The replication generated an error (8524):
            The DSA operation is unable to proceed because of a DNS lookup failure.
            The failure occurred at 2009-04-11 11:03:02.
            The last success occurred at 2009-04-11 09:05:24.
            4 failures have occurred since the last success.
            The guid-based DNS name 3566654a-4151-4019-8378-62c5c034d455._msdcs.inmobiliaria.com.pe
            is not registered on one or more DNS servers.
         ......................... DC01 passed test Replications
      Starting test: NCSecDesc
         ......................... DC01 passed test NCSecDesc
      Starting test: NetLogons
         Unable to connect to the NETLOGON share! (\\DC01\netlogon)
         [DC01] An net use or LsaPolicy operation failed with error 1203, No network provider accepted the given network path..
         ......................... DC01 failed test NetLogons
      Starting test: Advertising
         ......................... DC01 passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... DC01 passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... DC01 passed test RidManager
      Starting test: MachineAccount
         ......................... DC01 passed test MachineAccount
      Starting test: Services
         ......................... DC01 passed test Services
      Starting test: ObjectsReplicated
         ......................... DC01 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... DC01 passed test frssysvol
      Starting test: frsevent
         ......................... DC01 passed test frsevent
      Starting test: kccevent
         ......................... DC01 passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x40000004
            Time Generated: 04/11/2009   10:45:48
            Event String: The kerberos client received a

         An Error Event occured.  EventID: 0x0000164A
            Time Generated: 04/11/2009   10:52:14
            Event String: The Netlogon service could not create server

         An Error Event occured.  EventID: 0x0000164A
            Time Generated: 04/11/2009   10:55:20
            Event String: The Netlogon service could not create server

         An Error Event occured.  EventID: 0x0000164A
            Time Generated: 04/11/2009   11:03:03
            Event String: The Netlogon service could not create server

         An Error Event occured.  EventID: 0x00000423
            Time Generated: 04/11/2009   11:03:45
            Event String: The DHCP service failed to see a directory server

         An Error Event occured.  EventID: 0x00000423
            Time Generated: 04/11/2009   11:04:09
            Event String: The DHCP service failed to see a directory server

         An Error Event occured.  EventID: 0x40000004
            Time Generated: 04/11/2009   11:04:10
            Event String: The kerberos client received a

         An Error Event occured.  EventID: 0x00000457
            Time Generated: 04/11/2009   11:08:16
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 04/11/2009   11:08:16
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 04/11/2009   11:08:17
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 04/11/2009   11:08:17
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x40000004
            Time Generated: 04/11/2009   11:14:07
            Event String: The kerberos client received a

         ......................... DC01 failed test systemlog
      Starting test: VerifyReferences
         ......................... DC01 passed test VerifyReferences
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : inmobiliaria
      Starting test: CrossRefValidation
         ......................... inmobiliaria passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... inmobiliaria passed test CheckSDRefDom
   
   Running enterprise tests on : inmobiliaria.com.pe
      Starting test: Intersite
         ......................... inmobiliaria.com.pe passed test Intersite
      Starting test: FsmoCheck
         ......................... inmobiliaria.com.pe passed test FsmoCheck

actually, SYSVOL is shared present, but NETLOGON is not.

i need resolve this problem..
0
Comment
Question by:arnaldop
  • 4
  • 3
7 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
Turn the 2000 Server back on. The 2003 server didn't finish replicating.
0
 

Author Comment

by:arnaldop
Comment Utility
hi dariusg, thanks for answer
the process of migration, started yesterday on 5pm and finished 9pm.
i shutdown the w2000 today on 9.30am aprox.
so.. how dont finished the replication?
how can i review that...
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
If the netlogon and svsvol folder aren't there then you had a problem with replication. This doesn't mean that you didn't wait enough time it could have been multiple things that caused the issue. If you have the other DC then this will be your best bet to fully fix the problem.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:arnaldop
Comment Utility
ok, dariusg, so... i turn on the old server, DC IASA1 (windows2000sp4spa)

before that, please check that
the server IASA1 originally have the IP  192.168.1.50 mask 255.255.255.0 gateway 192.168.1.251 dns 192.168.1.50 wins 192.168.1.50
i shutdown this server, because this server have a error on HD and this server is very old. So I decide install a new server DC on a new hardware, then I install a w2003r2sp2eng the hostname of this new server is DC01 and have originally the IP 192.168.1.4 mask 255.255.255.0 gateway BLANK dns 192.168.1.50

I assumed that replication was finished. so i turn off IASA1
When, I turn off IASA1, I change the IP on the server DC01, I put the IP 192.168.1.50 mask 255.255.255.0 gateway 192.168.1.251 dns 192.168.1.50 wins 192.168.1.50
Additionally change the valor in the parameter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\
"REG_DWORD" with name "SysvolReady" to "1" on decimal
"REG_SZ" with name "Sysvol" have the correct path.

with this change, the shared folder SYSVOL already appeared with "net share"
but, NETLOGON yet.

looking NETLOGON errors associated with the Event Viewer, I suggested that the path was not correct.
so, I create the folder manually in SCRIPTS specific path
and, I restart the netlogon service.
then, the NETLOGON appeared, in the list of "net share"

i create a new users in DC01, and this users can logon on any computers.
the old users can access to a others servers without problems.
one could say that the problem is not completely fix.

the actually result of dcdiag is that:

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Nombre-predeterminado-primer-sitio\DC01
      Starting test: Connectivity
         ......................... DC01 passed test Connectivity

Doing primary tests
   
   Testing server: Nombre-predeterminado-primer-sitio\DC01
      Starting test: Replications
         [Replications Check,DC01] A recent replication attempt failed:
            From IASA1 to DC01
            Naming Context: CN=Schema,CN=Configuration,DC=inmobiliaria,DC=com,DC=pe
            The replication generated an error (-2146893022):
            The target principal name is incorrect.
            The failure occurred at 2009-04-12 11:59:25.
            The last success occurred at 2009-04-11 08:56:04.
            31 failures have occurred since the last success.
         [IASA1] DsBindWithSpnEx() failed with error -2146893022,
         The target principal name is incorrect..
         [Replications Check,DC01] A recent replication attempt failed:
            From IASA1 to DC01
            Naming Context: CN=Configuration,DC=inmobiliaria,DC=com,DC=pe
            The replication generated an error (-2146893022):
            The target principal name is incorrect.
            The failure occurred at 2009-04-12 11:59:25.
            The last success occurred at 2009-04-11 08:56:04.
            31 failures have occurred since the last success.
         [Replications Check,DC01] A recent replication attempt failed:
            From IASA1 to DC01
            Naming Context: DC=inmobiliaria,DC=com,DC=pe
            The replication generated an error (-2146893022):
            The target principal name is incorrect.
            The failure occurred at 2009-04-12 11:59:25.
            The last success occurred at 2009-04-11 09:05:24.
            31 failures have occurred since the last success.
         REPLICATION-RECEIVED LATENCY WARNING
         DC01:  Current time is 2009-04-12 12:29:06.
            CN=Schema,CN=Configuration,DC=inmobiliaria,DC=com,DC=pe
               Last replication recieved from IASA1 at 2009-04-11 08:56:04.
            CN=Configuration,DC=inmobiliaria,DC=com,DC=pe
               Last replication recieved from IASA1 at 2009-04-11 08:56:04.
            DC=inmobiliaria,DC=com,DC=pe
               Last replication recieved from IASA1 at 2009-04-11 09:05:24.
         ......................... DC01 passed test Replications
      Starting test: NCSecDesc
         ......................... DC01 passed test NCSecDesc
      Starting test: NetLogons
         ......................... DC01 passed test NetLogons
      Starting test: Advertising
         ......................... DC01 passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... DC01 passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... DC01 passed test RidManager
      Starting test: MachineAccount
         ......................... DC01 passed test MachineAccount
      Starting test: Services
         ......................... DC01 passed test Services
      Starting test: ObjectsReplicated
         ......................... DC01 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... DC01 passed test frssysvol
      Starting test: frsevent
         ......................... DC01 passed test frsevent
      Starting test: kccevent
         ......................... DC01 passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x40000004
            Time Generated: 04/12/2009   11:59:25
            Event String: The kerberos client received a
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 04/12/2009   12:28:14
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 04/12/2009   12:28:14
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 04/12/2009   12:28:15
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 04/12/2009   12:28:15
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x40000004
            Time Generated: 04/12/2009   12:28:25
            Event String: The kerberos client received a
         ......................... DC01 failed test systemlog
      Starting test: VerifyReferences
         ......................... DC01 passed test VerifyReferences
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : inmobiliaria
      Starting test: CrossRefValidation
         ......................... inmobiliaria passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... inmobiliaria passed test CheckSDRefDom
   
   Running enterprise tests on : inmobiliaria.com.pe
      Starting test: Intersite
         ......................... inmobiliaria.com.pe passed test Intersite
      Starting test: FsmoCheck
         ......................... inmobiliaria.com.pe passed test FsmoCheck

please,
how we could give a final solution to this issue?
if necessary turn on back IASA1 and return the old IP on IASA1 and DC01, please tell me the steps to follow to complete the replication. and how  can i view that it finished.
after that, how can I despromove IASA1

another question, if all its ok in dcdiag, this errors events still appear?

thanks for your help.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
What we need to do it bring the server back online then demote the new DC. You want to get back at the place you started because of the first replication problem. Once you have gotten back to the beginning you want to start over make sure the new DC only points to the old DC for DNS until you know that replication is finished. Check to make sure you can add a user then the user gets replicated to the other server. Make sure the netlogon and sysvol folder are there and shared. Then you can change the TCP\IP settings to point the new server to itself. Once you have done this you can move FSMO roles over to the new DC the make it a global catalog. Then run a netdiag on the system to make sure you aren't getting any errors. Once you have confirmed this you can demote the old server just shuting it down can cause issues. Make sure all clients are pointing to the new server for DNS not the old once you go to demote it.
0
 

Author Comment

by:arnaldop
Comment Utility
how can i know that replication is finished?

the old server still off,
and in the new server (DC01), I install terminal server and delete OU, disable account, delete account,
so, when turn on the old server (IASA1), I still have not demote the old serverI dont demote. IASA1
this change on the new server does not cause problems?

iasa1 is currently only a member server, all roles and FSMO have in DC01, iasa1 should then be updated with information DC01, no?
0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 500 total points
Comment Utility
To be honest I can't be for sure if you are going to have problems with the additions then only you will have is that they don't replicate over to the old server which means that you will have to re-create them.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now