shaboyi
asked on
Windows 2000 DC Migration to Windows 2008 ServerProblems
I have encountered critical problems in the migration of Windows 2000 DC to a Windows 2008 DC. It's a dingle domain network and I want to retire the Windows 2000 Server
I followed these instructions by tigermatt:
https://www.experts-exchange.com/questions/23964303/Windows-2008-server-migration.html
Everything seemed to go fine.. The two DCs replicated, the FSMO roles where transferred and both DCs reported the same (via netdom query). No errors during the process.
Everything works fine when both DCs are up - no significant events. However as soon as I take the windows 2000 server offline, I get the following issues
1. Clients do not authenticate. They can logon (from the cache I assume) but shares prompt for credentials.
2. The 2008 Server AD reports Event 2092: "This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has not replicated successfully with any of its partners since this server has been restarted. Replication errors are preventing validation of this role.
Operations which require contacting a FSMO operation master will fail until this condition is corrected. "
3. DNS reports Event 4013: "The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed."
4. DHCP reports Event 1059: "The DHCP service failed to see a directory server for authorization."
When I bring the old Windows 2000 Server back on line, everything is fine. All errors go away and clients authenticate fine.
any help will be greatly appreciated!
I followed these instructions by tigermatt:
https://www.experts-exchange.com/questions/23964303/Windows-2008-server-migration.html
Everything seemed to go fine.. The two DCs replicated, the FSMO roles where transferred and both DCs reported the same (via netdom query). No errors during the process.
Everything works fine when both DCs are up - no significant events. However as soon as I take the windows 2000 server offline, I get the following issues
1. Clients do not authenticate. They can logon (from the cache I assume) but shares prompt for credentials.
2. The 2008 Server AD reports Event 2092: "This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has not replicated successfully with any of its partners since this server has been restarted. Replication errors are preventing validation of this role.
Operations which require contacting a FSMO operation master will fail until this condition is corrected. "
3. DNS reports Event 4013: "The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed."
4. DHCP reports Event 1059: "The DHCP service failed to see a directory server for authorization."
When I bring the old Windows 2000 Server back on line, everything is fine. All errors go away and clients authenticate fine.
any help will be greatly appreciated!
ASKER
cantoris -
DNS is integrated on the new server (there is one old windows 2000 DC and the one new 2008 DC). The DNS role is present on the new server. It did replicate - the records from the old server are on the new server. I am not sure about the SRV records. That could be the problem - but I don't really understand SRV records or how I would add them to the new server.
The new server is pointing to its own DNS (it is the only DNS entry on its adpater and nslookup works to its DNS server. The clients are getting accurate info from the DHCP (the new server).
a new error is also present in the AD - it says a global catalog can not be found. the new server is configured as a global catalog.
I have attached the results of dcdiag - hope this might shed some light on the situation. thanks in advance
dcdiag.txt
DNS is integrated on the new server (there is one old windows 2000 DC and the one new 2008 DC). The DNS role is present on the new server. It did replicate - the records from the old server are on the new server. I am not sure about the SRV records. That could be the problem - but I don't really understand SRV records or how I would add them to the new server.
The new server is pointing to its own DNS (it is the only DNS entry on its adpater and nslookup works to its DNS server. The clients are getting accurate info from the DHCP (the new server).
a new error is also present in the AD - it says a global catalog can not be found. the new server is configured as a global catalog.
I have attached the results of dcdiag - hope this might shed some light on the situation. thanks in advance
dcdiag.txt
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Run a dcdiag then post results for the Windows 2008 DC. Also, post ipconfig /all for both servers. Disable IPv6 on the Windows 2008 server. Run ipconfig /flushdns, ipconfig /registerdns, and dcdiag /fix.
By just shutting down the server you aren't testing the systems. Make sure the clients are pointing to the new DC as primary and that you have made it a Global Catalog.
By just shutting down the server you aren't testing the systems. Make sure the clients are pointing to the new DC as primary and that you have made it a Global Catalog.
ASKER
I have uploaded the files for you to check out. the dcdiag file is for the new server - run when the old server is offline. dcdiag-fix for the new server is also attached. I am fairly certain ipv6 is OFF. It appears there is something wrong with the NETLOGON share....and the dcdiag says it can't connect to the GC - even thought eh new server reports it is the GC.
dcdiag.txt
ipconfig.txt
ipconfig-old-server.txt
dcdiag-fix.txt
dcdiag.txt
ipconfig.txt
ipconfig-old-server.txt
dcdiag-fix.txt
ASKER
I have uploaded the files for you to check out. the dcdiag file is for the new server - run when the old server is offline. dcdiag-fix for the new server is also attached. I am fairly certain ipv6 is OFF. It appears there is something wrong with the NETLOGON share....and the dcdiag says it can't connect to the GC - even thought eh new server reports it is the GC.
ASKER
Pointed me in the right direction - it was related to the KB article given in the solution but I had rebuild the SYSVOL tree per http://support.microsoft.com/kb/315457
thanks.
thanks.
Ensure the DNS Server role is present on at least one of the two new domain controllers and keep the old server online until you can see the DNS zone has replicated on to the new servers. Also check that the SRV records exist in DNS for the two new DCs.
Then ensure the new Servers are pointing at the new DNS location(s) for their own DNS resolution. Ensure the client PCs are receiving the correct IP(s) for DNS resolution from DHCP as well. Then try turning off the Win 2000 Server again.