• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1144
  • Last Modified:

Domain Could not be contacted after transition from win2003 to win2008

I just did a transition from win2003 to win2008,  after doing the entire transition of ad, dns, fsmo roles, and data all seemed ok.  The old dc (win2003) is now offline (not by choice),  but now with the win2008 server as the main server my client systems fail to see the domain.   Any suggestions on what I missed?
0
randybell
Asked:
randybell
  • 4
  • 4
  • 2
  • +1
1 Solution
 
Mike KlineCommented:
Are you clients pointing to the new box for DNS.  Is the new box a global catalog?

Thanks

Mike
0
 
Darius GhassemCommented:
So, if the Windows 2003 server is down not by choice then you need to remove it from AD if you didn't demote the server. You would need to do metadata cleanup on AD. Like Mike said make sure that everyone is now pointing to the new DC for DNS.

Run dcdiag on 2008 server to make sure that replication has fully taken place since there have been some problems with 2008  servers fully promoting.
0
 
randybellAuthor Commented:
I have the original DC back online.


Yes the memebers are pointed to the new dc for DNS.

On the orignal 2003 dc the nltest returns successful.
on the new 2008 dc I get the following

dcdiag /test:dns /test:topology /test:services  /test:CheckSecurityError  /test:inersite  ALL PASS on the new win2008 DC

NLTEST /SC_QUERY:domainname.com
I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN

full dns report AAAA record problems which I understand to be IPv6 related,  I have disable IPv6 binding since IPv6 is not needed.   Any suggestions?
0
Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

 
Darius GhassemCommented:
Run ipconfig /flushdns, ipconfig /registerdns, and dcdiag /fix.

Post dcdiag and ipconfig /all.
0
 
Darius GhassemCommented:
Sorry on the windows 2008 server.
0
 
Mike KlineCommented:
So if DNS fix/re-registration that darius suggested  doesn't work you could try resetting the secure channel but that is hit and miss for me.

Future steps may include just demoting and re-promoting that 2008 box...but not yet.

Thanks

Mike
0
 
randybellAuthor Commented:
I went ahead and disable IPv6,  that did nothing.

I still have the 1355 error on the nltest on the win2008.

Also, after restarting the win2008 server, it now hangs for about 10 minutes at group policy before the logon prompt and it takes about five minutes to logon to the desktop.  Seems to be dns but I don't see a problem.

Now when I run dcdiag,  I am getting a bunch of errors,  which were not there before, and my sysvol and netlogon shares do not exist.  As per ms knowedge base I did get the sysvol to recreate, but the netlogon has not.

once I can get these errors cleaned up I need to install exchange 2010, migrating from win2003 which is on the old dc.

dcdiag results now are .  it seems I am going from bad to worse.

Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   Home Server = SERVER

   * Identified AD Forest.
   Done gathering initial info.


Doing initial required tests

   
   Testing server: my-orgname\SERVER

      Starting test: Connectivity

         ......................... SERVER passed test Connectivity



Doing primary tests

   
   Testing server: my-orgname\SERVER

      Starting test: Advertising

         ......................... SERVER passed test Advertising

      Starting test: FrsEvent

         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         ......................... SERVER passed test FrsEvent

      Starting test: DFSREvent

         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         ......................... SERVER failed test DFSREvent

      Starting test: SysVolCheck

         ......................... SERVER passed test SysVolCheck

      Starting test: KccEvent

         ......................... SERVER passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... SERVER passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... SERVER passed test MachineAccount

      Starting test: NCSecDesc

         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=ForestDnsZones,DC=lakebabine,DC=com
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=DomainDnsZones,DC=lakebabine,DC=com
         ......................... SERVER failed test NCSecDesc

      Starting test: NetLogons

         Unable to connect to the NETLOGON share! (\\SERVER\netlogon)

         [SERVER] An net use or LsaPolicy operation failed with error 67,

         The network name cannot be found..

         ......................... SERVER failed test NetLogons

      Starting test: ObjectsReplicated

         ......................... SERVER passed test ObjectsReplicated

      Starting test: Replications

         ......................... SERVER passed test Replications

      Starting test: RidManager

         ......................... SERVER passed test RidManager

      Starting test: Services

         ......................... SERVER passed test Services

      Starting test: SystemLog

         An Error Event occurred.  EventID: 0x0000164A

            Time Generated: 03/25/2010   13:12:31

            Event String:

            The Netlogon service could not create server share C:\Windows\SYSVOL\sysvol\domainname.local\SCRIPTS.  The following error occurred:


         An Error Event occurred.  EventID: 0x0000164A

            Time Generated: 03/25/2010   13:13:24

            Event String:

            The Netlogon service could not create server share C:\Windows\SYSVOL\sysvol\domainname.local\SCRIPTS.  The following error occurred:


         An Warning Event occurred.  EventID: 0x80000008

            Time Generated: 03/25/2010   13:14:50

            Event String:

            The jobs in the print queue for printer Microsoft XPS Document Writer (redirected 2) were deleted. No user action is required.


         An Warning Event occurred.  EventID: 0x80000004

            Time Generated: 03/25/2010   13:14:50

            Event String:

            Printer Microsoft XPS Document Writer (redirected 2) will be deleted. No user action is required.


         An Warning Event occurred.  EventID: 0x80000003

            Time Generated: 03/25/2010   13:14:50

            Event String:

            Printer Microsoft XPS Document Writer (redirected 2) was deleted, and users will no longer be able to print to this printer. No user action is required.


         An Warning Event occurred.  EventID: 0x80000008

            Time Generated: 03/25/2010   13:14:50

            Event String:

            The jobs in the print queue for printer Auto Microsoft XPS Document Writer on BL-1287343 (redirected 2) were deleted. No user action is required.


         An Warning Event occurred.  EventID: 0x80000004

            Time Generated: 03/25/2010   13:14:50

            Event String:

            Printer Auto Microsoft XPS Document Writer on BL-1287343 (redirected 2) will be deleted. No user action is required.


         An Warning Event occurred.  EventID: 0x80000003

            Time Generated: 03/25/2010   13:14:50

            Event String:

            Printer Auto Microsoft XPS Document Writer on BL-1287343 (redirected 2) was deleted, and users will no longer be able to print to this printer. No user action is required.


         An Warning Event occurred.  EventID: 0x80000008

            Time Generated: 03/25/2010   13:14:51

            Event String:

            The jobs in the print queue for printer Auto Microsoft XPS Document Writer on ARCHIVE-CA673BC (redirected 2) were deleted. No user action is required.


         An Warning Event occurred.  EventID: 0x80000004

            Time Generated: 03/25/2010   13:14:51

            Event String:

            Printer Auto Microsoft XPS Document Writer on ARCHIVE-CA673BC (redirected 2) will be deleted. No user action is required.


         An Warning Event occurred.  EventID: 0x80000003

            Time Generated: 03/25/2010   13:14:51

            Event String:

            Printer Auto Microsoft XPS Document Writer on ARCHIVE-CA673BC (redirected 2) was deleted, and users will no longer be able to print to this printer. No user action is required.


         An Warning Event occurred.  EventID: 0x8000001D

            Time Generated: 03/25/2010   13:18:03

            Event String:

            The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.

         An Error Event occurred.  EventID: 0x0000164A

            Time Generated: 03/25/2010   13:18:27

            Event String:

            The Netlogon service could not create server share C:\Windows\SYSVOL\sysvol\domainname.local\SCRIPTS.  The following error occurred:


         An Warning Event occurred.  EventID: 0x8000A000

            Time Generated: 03/25/2010   13:18:29

            Event String:

            The Security System detected an authentication error for the server ldap/SERVER.domainname.local. The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.


         An Warning Event occurred.  EventID: 0x8000A000

            Time Generated: 03/25/2010   13:18:34

            Event String:

            The Security System detected an authentication error for the server LDAP/SERVER. The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.


         An Warning Event occurred.  EventID: 0x825A000C

            Time Generated: 03/25/2010   13:18:41

            Event String:

            Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.

         An Warning Event occurred.  EventID: 0x00002724

            Time Generated: 03/25/2010   13:19:30

            Event String:

            This computer has at least one dynamically assigned IPv6 address.For reliable DHCPv6 server operation, you should use only static IPv6 addresses.

         An Error Event occurred.  EventID: 0xC0001B72

            Time Generated: 03/25/2010   13:19:34

            Event String:

            The following boot-start or system-start driver(s) failed to load:


         An Warning Event occurred.  EventID: 0x8000A000

            Time Generated: 03/25/2010   13:19:46

            Event String:

            The Security System detected an authentication error for the server LDAP/Localhost. The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.


         An Error Event occurred.  EventID: 0x00000423

            Time Generated: 03/25/2010   13:20:10

            Event String:

            The DHCP service failed to see a directory server for authorization.

         An Error Event occurred.  EventID: 0x00000423

            Time Generated: 03/25/2010   13:20:25

            Event String:

            The DHCP service failed to see a directory server for authorization.

         An Warning Event occurred.  EventID: 0x000727AA

            Time Generated: 03/25/2010   13:21:47

            Event String:

            The WinRM service failed to create the following SPNs: WSMAN/SERVER.domainname.local; WSMAN/SERVER.


         An Error Event occurred.  EventID: 0x00000469

            Time Generated: 03/25/2010   13:23:53

            Event String:

            The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

         An Warning Event occurred.  EventID: 0x00001695

            Time Generated: 03/25/2010   13:24:00

            Event String:

            Dynamic registration or deletion of one or more DNS records associated with DNS domain 'domainname.local.' failed.  These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).  


         An Error Event occurred.  EventID: 0xC00A0038

            Time Generated: 03/25/2010   13:25:06

            Event String:

            The Terminal Server security layer detected an error in the protocol stream and has disconnected the client.

         An Error Event occurred.  EventID: 0x00000457

            Time Generated: 03/25/2010   13:29:31

            Event String:

            Driver HP Color LaserJet CP2020 Series PCL 6 required for printer HP Color LaserJet CP2020 Series PCL 6 is unknown. Contact the administrator to install the driver before you log in again.

         ......................... SERVER failed test SystemLog

      Starting test: VerifyReferences

         ......................... SERVER passed test VerifyReferences

   
   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running partition tests on : lakebabine

      Starting test: CheckSDRefDom

         ......................... lakebabine passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... lakebabine passed test CrossRefValidation

   
   Running enterprise tests on : domainname.local

      Starting test: LocatorCheck

         ......................... domainname.local passed test LocatorCheck

      Starting test: Intersite

         ......................... domainname.local passed test Intersite

0
 
randybellAuthor Commented:
another change that just happened out of nowhere, is I get an error if I try to edit any group policy.  I was able to get into them beforehand.  I have not made any changes to group policy, I just want to verify that the default policy didn't have policies set.

Any suggestions at this point would be appeciated.
0
 
AwinishCommented:
Enable IPv6,as windows 2008 requires IPv6 esp sbs2008.
I had same issue & just enabling IPv6 solved all the issue like exchange was not able to connect AD,slow login etc.
Also,select dynamic IP in IPv6.
Reboot the system & see if it works for you.
0
 
Darius GhassemCommented:
Windows 2008 server does not require IPv6. Now Exchange requires it be enabled on the box it is installed that is the only service that requires which I think is a mistake by MS. No one will use IPv6 in a internal network there is no reason too.

I would recommend demoting your 2008 server since it will be quickier and easier resolution.

Demote
Run metadata cleanup on AD to remove any lingering objects.
Delete all DNS records for this DC.
Remove the server off the domain.

Once you have done the above.

Add server to the domain make sure it is pointing to a existing DC for DNS as primary.
Start the promotion process again.
Allow replication to take place fully before changing any settings.
Before making changes run dcdiag to check for a healthy DC.
0
 
randybellAuthor Commented:
demoting is not an option.  I still have one test error, but the domain is functioning without any event logs errors on the ad or exchange
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

  • 4
  • 4
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now