SBS 2003 to Regular 2003 Server Domain
WE have a SBS Server running Domain Servers. SBS 2003
We installed a second Server running Regular Standard Windows 2003 Server.
We want to transfer domain roles and responsibilty to the new Standard Server.
Demote/Decomission the SBS server, thus having the domain now run in a regular Windows 2003 Domain and not SBS..
What is the best way to do this?
We installed a second Server running Regular Standard Windows 2003 Server.
We want to transfer domain roles and responsibilty to the new Standard Server.
Demote/Decomission the SBS server, thus having the domain now run in a regular Windows 2003 Domain and not SBS..
What is the best way to do this?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Got slightly worse.
REPADMIN /SHOWREPS indicates:
ON SBS:
Sucessfull
ON NEW 2003 Server
Failed connecting to the SBS server result -2146893022
The Target Principal name is incorrect
Also NTFRS:
Shows issues, Could not detect any upstream partners, this server seems to be orphaned.
DNS: Cant MAnage SBS server from DNS on new server (permissions denied)
KErberos error on new server:
Event Type: Error
Event Source: Kerberos
Event Category: None
Event ID: 4
Date: 10/22/2009
Time: 10:38:00 AM
User: N/A
Computer: BDC
Description:
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/sbs.domain.local. The target name used was cifs/sbserver. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (domain.local), and the client realm. Please contact your system administrator.
Cant DCPROMO the new server down
as it cant find target account name.
Cant detect FSMO roles either.
On Windows 2003 Standard Server:
Under application:
Windows Cannot determine the user or computer name (the target principal name is incorrect)
REPADMIN /SHOWREPS indicates:
ON SBS:
Sucessfull
ON NEW 2003 Server
Failed connecting to the SBS server result -2146893022
The Target Principal name is incorrect
Also NTFRS:
Shows issues, Could not detect any upstream partners, this server seems to be orphaned.
DNS: Cant MAnage SBS server from DNS on new server (permissions denied)
KErberos error on new server:
Event Type: Error
Event Source: Kerberos
Event Category: None
Event ID: 4
Date: 10/22/2009
Time: 10:38:00 AM
User: N/A
Computer: BDC
Description:
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/sbs.domain.local. The target name used was cifs/sbserver. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (domain.local), and the client realm. Please contact your system administrator.
Cant DCPROMO the new server down
as it cant find target account name.
Cant detect FSMO roles either.
On Windows 2003 Standard Server:
Under application:
Windows Cannot determine the user or computer name (the target principal name is incorrect)
Run netdiag and post with ipconfig /all as well.
ASKER
DNS test . . . . . . . . . . . . . : Failed
[WARNING] The DNS entries for this DC are not registered correctly on DNS server '192.168.50.12'. Please wait for 30 minutes for DNS server replication.
[WARNING] The DNS entries for this DC are not registered correctly on DNS server '192.168.50.11'. Please wait for 30 minutes for DNS server replication.
[FATAL] No DNS servers have the DNS records for this DC registered.
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
[WARNING] Failed to query SPN registration on DC
[WARNING] The DNS entries for this DC are not registered correctly on DNS server '192.168.50.12'. Please wait for 30 minutes for DNS server replication.
[WARNING] The DNS entries for this DC are not registered correctly on DNS server '192.168.50.11'. Please wait for 30 minutes for DNS server replication.
[FATAL] No DNS servers have the DNS records for this DC registered.
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
[WARNING] Failed to query SPN registration on DC
ASKER
==== INBOUND NEIGHBORS ==========================
DC=GatewayServices,DC=loca
Default-First-Site-Name\SB
DC object GUID: 7dd63ae2-a6a9-45eb-b501-77
Last attempt @ 2009-10-22 14:44:31 failed, result -2146893022 (0x8009032
2):
The target principal name is incorrect.
19460 consecutive failure(s).
Last success @ 2009-08-14 21:07:37.
CN=Configuration,DC=Gatewa
Default-First-Site-Name\SB
DC object GUID: 7dd63ae2-a6a9-45eb-b501-77
Last attempt @ 2009-10-22 14:44:31 failed, result -2146893022 (0x8009032
2):
The target principal name is incorrect.
3958 consecutive failure(s).
Last success @ 2009-08-14 20:56:06.
CN=Schema,CN=Configuration
Default-First-Site-Name\SB
DC object GUID: 7dd63ae2-a6a9-45eb-b501-77
Last attempt @ 2009-10-22 14:44:31 failed, result -2146893022 (0x8009032
2):
The target principal name is incorrect.
1697 consecutive failure(s).
Last success @ 2009-08-14 20:56:06.
DC=DomainDnsZones,DC=Gatew
Default-First-Site-Name\SB
DC object GUID: 7dd63ae2-a6a9-45eb-b501-77
Last attempt @ 2009-10-22 14:44:51 failed, result -2146893022 (0x8009032
2):
The target principal name is incorrect.
3512 consecutive failure(s).
Last success @ 2009-08-14 20:56:06.
DC=ForestDnsZones,DC=Gatew
Default-First-Site-Name\SB
DC object GUID: 7dd63ae2-a6a9-45eb-b501-77
Last attempt @ 2009-10-22 14:44:31 failed, result -2146893022 (0x8009032
2):
The target principal name is incorrect.
1732 consecutive failure(s).
Last success @ 2009-08-14 20:56:06.
Source: Default-First-Site-Name\SB
******* 19448 CONSECUTIVE FAILURES since 2009-08-14 21:07:37
Last error: -2146893022 (0x80090322):
The target principal name is incorrect.
DC=GatewayServices,DC=loca
Default-First-Site-Name\SB
DC object GUID: 7dd63ae2-a6a9-45eb-b501-77
Last attempt @ 2009-10-22 14:44:31 failed, result -2146893022 (0x8009032
2):
The target principal name is incorrect.
19460 consecutive failure(s).
Last success @ 2009-08-14 21:07:37.
CN=Configuration,DC=Gatewa
Default-First-Site-Name\SB
DC object GUID: 7dd63ae2-a6a9-45eb-b501-77
Last attempt @ 2009-10-22 14:44:31 failed, result -2146893022 (0x8009032
2):
The target principal name is incorrect.
3958 consecutive failure(s).
Last success @ 2009-08-14 20:56:06.
CN=Schema,CN=Configuration
Default-First-Site-Name\SB
DC object GUID: 7dd63ae2-a6a9-45eb-b501-77
Last attempt @ 2009-10-22 14:44:31 failed, result -2146893022 (0x8009032
2):
The target principal name is incorrect.
1697 consecutive failure(s).
Last success @ 2009-08-14 20:56:06.
DC=DomainDnsZones,DC=Gatew
Default-First-Site-Name\SB
DC object GUID: 7dd63ae2-a6a9-45eb-b501-77
Last attempt @ 2009-10-22 14:44:51 failed, result -2146893022 (0x8009032
2):
The target principal name is incorrect.
3512 consecutive failure(s).
Last success @ 2009-08-14 20:56:06.
DC=ForestDnsZones,DC=Gatew
Default-First-Site-Name\SB
DC object GUID: 7dd63ae2-a6a9-45eb-b501-77
Last attempt @ 2009-10-22 14:44:31 failed, result -2146893022 (0x8009032
2):
The target principal name is incorrect.
1732 consecutive failure(s).
Last success @ 2009-08-14 20:56:06.
Source: Default-First-Site-Name\SB
******* 19448 CONSECUTIVE FAILURES since 2009-08-14 21:07:37
Last error: -2146893022 (0x80090322):
The target principal name is incorrect.
ASKER
Testing server: Default-First-Site-Name\SB
Starting test: Replications
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source BDC
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source BDC
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source BDC
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
Starting test: Replications
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source BDC
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source BDC
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source BDC
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
ASKER
TEST: Records registration (RReg)
Network Adapter [00000001] Broadcom NetXtreme Gigabit Ethernet
Warning: Missing GC SRV record at DNS server 192.168.50.12
_ldap._tcp.gc._msdcs.domai
Error: Record registrations cannot be found for all the network a
CN=Schema,CN=Configuration
Last replication recieved from SBSERVER at 2009-08-14 20:56:06.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
CN=Configuration,DC=Gatewa
Last replication recieved from SBSERVER at 2009-08-14 20:56:06.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
DC=GatewayServices,DC=loca
Last replication recieved from SBSERVER at 2009-08-14 21:07:37.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
......................... BDC passed test Replications
Starting test: Topology
......................... BDC passed test Topology
Starting test: CutoffServers
DsReplicaSyncAllW failed with error The naming context specified for th
is replication operation is invalid..
DsReplicaSyncAllW failed with error The naming context specified for th
is replication operation is invalid..
DsReplicaSyncAllW failed with error The naming context specified for th
is replication operation is invalid..
DsReplicaSyncAllW failed with error The naming context specified for th
is replication operation is invalid..
DsReplicaSyncAllW failed with error The naming context specified for th
is replication operation is invalid..
DsReplicaSyncAllW failed with error The naming context specified for th
is replication operation is invalid..
DsReplicaSyncAllW failed with error The naming context specified for th
is replication operation is invalid..
DsReplicaSyncAllW failed with error The naming context specified for th
is replication operation is invalid..
DsReplicaSyncAllW failed with error The naming context specified for th
is replication operation is invalid..
DsReplicaSyncAllW failed with error The naming context specified for th
is replication operation is invalid..
......................... BDC passed test CutoffServers
Starting test: NCSecDesc
......................... BDC passed test NCSecDesc
Starting test: NetLogons
......................... BDC passed test NetLogons
Starting test: Advertising
......................... BDC passed test Advertising
Starting test: KnowsOfRoleHolders
Warning: SBSERVER is the Schema Owner, but is not responding to DS RPC
Bind.
[SBSERVER] LDAP bind failed with error 8341,
A directory service error has occurred..
Warning: SBSERVER is the Schema Owner, but is not responding to LDAP Bi
nd.
Warning: SBSERVER is the Domain Owner, but is not responding to DS RPC
Bind.
Warning: SBSERVER is the Domain Owner, but is not responding to LDAP Bi
nd.
Warning: SBSERVER is the PDC Owner, but is not responding to DS RPC Bin
d.
Warning: SBSERVER is the PDC Owner, but is not responding to LDAP Bind.
Warning: SBSERVER is the Rid Owner, but is not responding to DS RPC Bin
d.
Warning: SBSERVER is the Rid Owner, but is not responding to LDAP Bind.
Warning: SBSERVER is the Infrastructure Update Owner, but is not respon
ding to DS RPC Bind.
Warning: SBSERVER is the Infrastructure Update Owner, but is not respon
ding to LDAP Bind.
......................... BDC failed test KnowsOfRoleHolders
Starting test: RidManager
......................... BDC failed test RidManager
Starting test: MachineAccount
Network Adapter [00000001] Broadcom NetXtreme Gigabit Ethernet
Warning: Missing GC SRV record at DNS server 192.168.50.12
_ldap._tcp.gc._msdcs.domai
Error: Record registrations cannot be found for all the network a
CN=Schema,CN=Configuration
Last replication recieved from SBSERVER at 2009-08-14 20:56:06.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
CN=Configuration,DC=Gatewa
Last replication recieved from SBSERVER at 2009-08-14 20:56:06.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
DC=GatewayServices,DC=loca
Last replication recieved from SBSERVER at 2009-08-14 21:07:37.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
......................... BDC passed test Replications
Starting test: Topology
......................... BDC passed test Topology
Starting test: CutoffServers
DsReplicaSyncAllW failed with error The naming context specified for th
is replication operation is invalid..
DsReplicaSyncAllW failed with error The naming context specified for th
is replication operation is invalid..
DsReplicaSyncAllW failed with error The naming context specified for th
is replication operation is invalid..
DsReplicaSyncAllW failed with error The naming context specified for th
is replication operation is invalid..
DsReplicaSyncAllW failed with error The naming context specified for th
is replication operation is invalid..
DsReplicaSyncAllW failed with error The naming context specified for th
is replication operation is invalid..
DsReplicaSyncAllW failed with error The naming context specified for th
is replication operation is invalid..
DsReplicaSyncAllW failed with error The naming context specified for th
is replication operation is invalid..
DsReplicaSyncAllW failed with error The naming context specified for th
is replication operation is invalid..
DsReplicaSyncAllW failed with error The naming context specified for th
is replication operation is invalid..
......................... BDC passed test CutoffServers
Starting test: NCSecDesc
......................... BDC passed test NCSecDesc
Starting test: NetLogons
......................... BDC passed test NetLogons
Starting test: Advertising
......................... BDC passed test Advertising
Starting test: KnowsOfRoleHolders
Warning: SBSERVER is the Schema Owner, but is not responding to DS RPC
Bind.
[SBSERVER] LDAP bind failed with error 8341,
A directory service error has occurred..
Warning: SBSERVER is the Schema Owner, but is not responding to LDAP Bi
nd.
Warning: SBSERVER is the Domain Owner, but is not responding to DS RPC
Bind.
Warning: SBSERVER is the Domain Owner, but is not responding to LDAP Bi
nd.
Warning: SBSERVER is the PDC Owner, but is not responding to DS RPC Bin
d.
Warning: SBSERVER is the PDC Owner, but is not responding to LDAP Bind.
Warning: SBSERVER is the Rid Owner, but is not responding to DS RPC Bin
d.
Warning: SBSERVER is the Rid Owner, but is not responding to LDAP Bind.
Warning: SBSERVER is the Infrastructure Update Owner, but is not respon
ding to DS RPC Bind.
Warning: SBSERVER is the Infrastructure Update Owner, but is not respon
ding to LDAP Bind.
......................... BDC failed test KnowsOfRoleHolders
Starting test: RidManager
......................... BDC failed test RidManager
Starting test: MachineAccount
How about the ipconfig /all
ASKER
From Windows STandard Server:
Windows IP Configuration
Host Name . . . . . . . . . . . . : BDC
Primary Dns Suffix . . . . . . . :Domain.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Domain.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-1A-64-A3-BC-F0
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.50.12
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.50.1
DNS Servers . . . . . . . . . . . : 192.168.50.12
192.168.50.11
Primary WINS Server . . . . . . . : 192.168.50.12
Secondary WINS Server . . . . . . : 192.168.50.11
From SBS Server:
Windows IP Configuration
Host Name . . . . . . . . . . . . : sbserver
Primary Dns Suffix . . . . . . . : Domain.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : Domain.local
Ethernet adapter Server Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-30-48-2B-CA-40
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.50.11
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.50.1
DNS Servers . . . . . . . . . . . : 192.168.50.11
Primary WINS Server . . . . . . . : 192.168.50.11
Windows IP Configuration
Host Name . . . . . . . . . . . . : BDC
Primary Dns Suffix . . . . . . . :Domain.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Domain.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-1A-64-A3-BC-F0
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.50.12
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.50.1
DNS Servers . . . . . . . . . . . : 192.168.50.12
192.168.50.11
Primary WINS Server . . . . . . . : 192.168.50.12
Secondary WINS Server . . . . . . : 192.168.50.11
From SBS Server:
Windows IP Configuration
Host Name . . . . . . . . . . . . : sbserver
Primary Dns Suffix . . . . . . . : Domain.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : Domain.local
Ethernet adapter Server Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-30-48-2B-CA-40
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.50.11
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.50.1
DNS Servers . . . . . . . . . . . : 192.168.50.11
Primary WINS Server . . . . . . . : 192.168.50.11
On the Standard server point it to the SBS server only for DNS then run ipconfig /flushdns, ipconfig /registerdns, and netdiag /fix
ASKER
Still failure
Run a netdiag on the SBS server and post now.
ASKER
I had to remove the Server from the domain as it was badly orphened. Had to run DCpromo with force.
Changed name
Reran Dcpromo.
Then followed document.
Changed name
Reran Dcpromo.
Then followed document.
http://support.microsoft.com/kb/555073
Cheers,
Bob...