Link to home
Create AccountLog in
Avatar of swinger22
swinger22Flag for Canada

asked on

Server 2003 R2 to Server 2008 R2 migration gone bad

Hi, I started a migration last week.  Single server environment, small, 5 users.

I worked through the technet documentation for migrating roles etc.  Everything seemed to go smoothly until I demoted the older server.  I had to use the /forceremoval.  Now nothing is communicating with the new DC.  DNS seems to be configured correctly and working correctly.  It is acting like the domain cannot be contacted, i can't open any AD related MMC snap-in's it just errors out with "naming information cannot be located because: the specified domain either does not exist or could not be contacted."
 
I went through a metadata cleanup and it only displayed the new server.  But only if I connected via the servername.  If I tried via domain it would fail with a communication error.  No records of the old server.  If I try and add a workstation to the domain it just fails that it can't find it.  I can resolve the correct server name from the workstation with a ping.

The DCdiag is just all errors though.


Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = Domtelserver
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site\DOMTELSERVER
      Starting test: Connectivity
         ......................... DOMTELSERVER passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site\DOMTELSERVER
      Starting test: Advertising
         Fatal Error:DsGetDcName (DOMTELSERVER) call failed, error 1355
         The Locator could not find the server.
         ......................... DOMTELSERVER failed test Advertising
      Starting test: FrsEvent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... DOMTELSERVER passed test FrsEvent
      Starting test: DFSREvent
         ......................... DOMTELSERVER passed test DFSREvent
      Starting test: SysVolCheck
         ......................... DOMTELSERVER passed test SysVolCheck
      Starting test: KccEvent
         ......................... DOMTELSERVER passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... DOMTELSERVER passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... DOMTELSERVER passed test MachineAccount
      Starting test: NCSecDesc
         ......................... DOMTELSERVER passed test NCSecDesc
      Starting test: NetLogons
         Unable to connect to the NETLOGON share! (\\DOMTELSERVER\netlogon)
         [DOMTELSERVER] An net use or LsaPolicy operation failed with error 67,
         The network name cannot be found..
         ......................... DOMTELSERVER failed test NetLogons
      Starting test: ObjectsReplicated
         ......................... DOMTELSERVER passed test ObjectsReplicated
      Starting test: Replications
         ......................... DOMTELSERVER passed test Replications
      Starting test: RidManager
         ......................... DOMTELSERVER passed test RidManager
      Starting test: Services
         ......................... DOMTELSERVER passed test Services
      Starting test: SystemLog
         An error event occurred.  EventID: 0xC00038D6
            Time Generated: 01/03/2011   14:45:56
            Event String:
            The DFS Namespace service could not initialize cross forest trust in formation on this domain controller, but it will periodically retry the operatio n. The return code is in the record data.
         An error event occurred.  EventID: 0xC0001B58
            Time Generated: 01/03/2011   15:07:00
            Event String:
            The Diagnostic Service Host service failed to start due to the follo wing error:
         ......................... DOMTELSERVER failed test SystemLog
      Starting test: VerifyReferences
         ......................... DOMTELSERVER passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : DomTel
      Starting test: CheckSDRefDom
         ......................... DomTel passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomTel passed test CrossRefValidation

   Running enterprise tests on : DomTel.local
      Starting test: LocatorCheck
         Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
         A Global Catalog Server could not be located - All GC's are down.
         Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
         A Time Server could not be located.
         The server holding the PDC role is down.
         Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
         1355
         A Good Time Server could not be located.
         Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
         A KDC could not be located - All the KDCs are down.
         ......................... DomTel.local failed test LocatorCheck
      Starting test: Intersite
         ......................... DomTel.local passed test Intersite


Please help!
Avatar of KenMcF
KenMcF
Flag of United States of America image

Did you install DNS on the 2008R2 server and also make the server a Gloabl Catalog?

Can you post the results of these commands
ipconfig /all
netdom /query fsmo


http://support.microsoft.com/kb/313994
Avatar of Krzysztof Pytko
Probably you didn't migrate FSMO roles from previous DC to the new one. Additionally, dcdiag shows that in your network is no Global Catalog. Did you select your new DC as Global Catalog ?

If you demoted the old DC, you need to now seize FSMO roles to the new DC. Follow this article step-by-step and mark your DC as Global Catalog and chcek results once again.

Link to Microsoft article with seizing FSMO roles
http://support.microsoft.com/kb/255504

Regards,
Krzysztof
Forgot to ask, why did you have to run /forceremoval to remove the old DC?
Avatar of swinger22

ASKER

Here is the ipconfig /all - the netdom /query fsmo comes back with "specified domain either does not exist or could not be contacted"


Windows IP Configuration

   Host Name . . . . . . . . . . . . : Domtelserver
   Primary Dns Suffix  . . . . . . . : DomTel.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : DomTel.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
   Physical Address. . . . . . . . . : 00-0C-29-EA-46-5E
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::ddf3:6171:c1d8:228%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.251
   DHCPv6 IAID . . . . . . . . . . . : 234884137
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-AE-95-5C-00-0C-29-EA-46-5E

   DNS Servers . . . . . . . . . . . : ::1
                                       192.168.1.3
   Primary WINS Server . . . . . . . : 192.168.1.3
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{C0EF96F7-A318-4DB6-BD3C-814180D34AAE}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1885:476:3f57:fefc(Prefe
rred)
   Link-local IPv6 Address . . . . . : fe80::1885:476:3f57:fefc%13(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Missing Global Catalog in your network. Probably you demoted DC before you added your new one or used /forceremoval switch instead of running dcpromo once again and demote old DC?

Krzysztof
For the FSMO roles I had transferred them through the migration, and it showed all five as being successful.  Since all of this I have gone through the seizure process again and it seems to work.  Is there a way i can just output results?  I had also set the new server has a GC before the demotion and it was displaying both servers as DC's with the new server being the GC and PDC.  Again this was before demotion.

As for the /forceremoval, i can't find in my notes the error i was receiving.  But from memory it was a generic error and a few checks online seemed to indicate that with the error I was receiving to then try a /forceremoval.  Now i regret that..
Log on to DC and type in command-line mentioned command by Ken

netdom query fsmo

it will show us if the new DC holds all of the FSMO roles.

Krzysztof
that fails saying that the domain either doesn't exist or can't be contacted.
ok, I ran the seizre for infrastructure again and this is the output if this helps.


FSMO transferred successfully - seizure not required.
Server "domtelserver" knows about 5 roles Schema - CN=NTDS Settings,CN=DOMTELSERVER,CN=Servers,CN=Default-First-Site,CN=Si
tes,CN=Configuration,DC=DomTel,DC=local
Naming Master - CN=NTDS Settings,CN=DOMTELSERVER,CN=Servers,CN=Default-First-Sit
e,CN=Sites,CN=Configuration,DC=DomTel,DC=local
PDC - CN=NTDS Settings,CN=DOMTELSERVER,CN=Servers,CN=Default-First-Site,CN=Sites
,CN=Configuration,DC=DomTel,DC=local
RID - CN=NTDS Settings,CN=DOMTELSERVER,CN=Servers,CN=Default-First-Site,CN=Sites
,CN=Configuration,DC=DomTel,DC=local
Infrastructure - CN=NTDS Settings,CN=DOMTELSERVER,CN=Servers,CN=Default-First-Si
te,CN=Sites,CN=Configuration,DC=DomTel,DC=local
to me it seems almost more like a communication issue, so I thought DNS and I went through all the DNS entries and nothing jumps.
Do you have DNS installed on the 2008R2 DC?
Can you verify that the AD zone is in DNS?

For testing can you disable IPv6

http://support.microsoft.com/kb/929852
ASKER CERTIFIED SOLUTION
Avatar of Krzysztof Pytko
Krzysztof Pytko
Flag of Poland image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Ah Brilliant!  the Burflags, resolution 1, worked!

And to think i have done that before on an SBS migration!

Thank you so much for all your help everyone.  I will keep an eye on things and if anything changes i will let you know.
You're welcome :)