[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Windows 2000 DC Migration to Windows 2008 ServerProblems

Posted on 2009-12-25
7
Medium Priority
?
478 Views
Last Modified: 2012-05-08
I have encountered critical problems in the migration of Windows 2000 DC to a Windows 2008 DC.   It's a dingle domain network and I want to retire the Windows 2000 Server

I followed these instructions by tigermatt:

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Q_23964303.html

Everything seemed to go fine..  The two DCs replicated, the FSMO roles where transferred and both DCs reported the same (via netdom query).  No errors during the process.

Everything works fine when both DCs are up - no significant events.  However as soon as I take the windows 2000 server offline, I get the following issues

1. Clients do not authenticate.  They can logon (from the cache I assume) but shares prompt for credentials.  

2. The 2008 Server AD reports Event 2092:  "This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has not replicated successfully with any of its partners since this server has been restarted. Replication errors are preventing validation of this role.
 
Operations which require contacting a FSMO operation master will fail until this condition is corrected. "

3.  DNS reports Event 4013: "The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed."

4. DHCP reports Event 1059: "The DHCP service failed to see a directory server for authorization."

When I bring the old Windows 2000 Server back on line, everything is fine.  All errors go away and clients authenticate fine.

any help will be greatly appreciated!
0
Comment
Question by:shaboyi
  • 4
  • 2
7 Comments
 
LVL 16

Expert Comment

by:cantoris
ID: 26123200
Where is your DNS hosted - is it integrated with AD?  Assuming this...
Ensure the DNS Server role is present on at least one of the two new domain controllers and keep the old server online until you can see the DNS zone has replicated on to the new servers.  Also check that the SRV records exist in DNS for the two new DCs.
Then ensure the new Servers are pointing at the new DNS location(s) for their own DNS resolution.  Ensure the client PCs are receiving the correct IP(s) for DNS resolution from DHCP as well.  Then try turning off the Win 2000 Server again.
0
 

Author Comment

by:shaboyi
ID: 26124452
cantoris -

DNS is integrated on the new server (there is one old windows 2000 DC and the one new 2008 DC).  The DNS role is present on the new server. It did replicate - the records from the old server are on the new server.  I am not sure about the SRV records.  That could be the problem - but I don't really understand SRV records or how I would add them to the new server.  

The new server is pointing to its own DNS (it is the only DNS entry on its adpater and nslookup works to its DNS server.  The clients are getting accurate info from the DHCP (the new server).  

a new error is also present in the AD - it says a global catalog can not be found.  the new server is configured as a global catalog.  

I have attached the results of dcdiag - hope this might shed some light on the situation. thanks in advance




dcdiag.txt
0
 
LVL 16

Accepted Solution

by:
cantoris earned 1500 total points
ID: 26124493
This looks similar (look at symptom 3):
http://support.microsoft.com/kb/958804
Is your sysvol accessible on the new DC?
Also, have you tried a dcdiag /fix   ?
SRV records:
http://technet.microsoft.com/en-us/library/cc959303.aspx
Scroll down to "Verifying Your DNS Configuration After Installing Active Directory"
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 26128684
Run a dcdiag then post results for the Windows 2008 DC. Also, post ipconfig /all for both servers. Disable IPv6 on the Windows 2008 server. Run ipconfig /flushdns, ipconfig /registerdns, and dcdiag /fix.

By just shutting down the server you aren't testing the systems. Make sure the clients are pointing to the new DC as primary and that you have made it a Global Catalog.
0
 

Author Comment

by:shaboyi
ID: 26128900
I have uploaded the files for you to check out.  the dcdiag file is for the new server - run when the old server is offline. dcdiag-fix for the new server is also attached.  I am fairly certain ipv6 is OFF.  It appears there is something wrong with the NETLOGON share....and the dcdiag says it can't connect to the GC - even thought eh new server reports it is the GC.
dcdiag.txt
ipconfig.txt
ipconfig-old-server.txt
dcdiag-fix.txt
0
 

Author Comment

by:shaboyi
ID: 26129041
I have uploaded the files for you to check out.  the dcdiag file is for the new server - run when the old server is offline. dcdiag-fix for the new server is also attached.  I am fairly certain ipv6 is OFF.  It appears there is something wrong with the NETLOGON share....and the dcdiag says it can't connect to the GC - even thought eh new server reports it is the GC.
0
 

Author Closing Comment

by:shaboyi
ID: 31669955
Pointed me in the right direction - it was related to the KB article given in the solution but I had rebuild the SYSVOL tree per http://support.microsoft.com/kb/315457

thanks.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question