?
Solved

Windows Server Authentication

Posted on 2011-03-06
12
Medium Priority
?
374 Views
Last Modified: 2012-05-11
We are trying to upgrade an old windows 2003 server, We have installed a new server and have performed a DCPROMO. We have also moved all of the roles over to the new AD Server.  However, when I shut off the old server I am unable to authenticate on the domain. There seems to be some dependency on the old server. Once its powered back on we can log in to the domain again.


New server is called Server01
Old server is called server1
domain is  (example name) mydomain.com  
workstations and other servers log on to the mydomain_nt  domain...
0
Comment
Question by:JPDU4
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
12 Comments
 
LVL 14

Expert Comment

by:brendanmeyer
ID: 35051273
has the new server got the Global Catalog installed on it?

Acive Directory Sites and Services ->Sites -> Default First Site Name (or whatever)-> ServerName -> NTDS Settings -Properties. Make sure for GC is ticked.
0
 

Author Comment

by:JPDU4
ID: 35051455
Yes Both are GC servers
0
 
LVL 14

Expert Comment

by:brendanmeyer
ID: 35051677
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:JPDU4
ID: 35052355
Standby performing this now...
0
 

Author Comment

by:JPDU4
ID: 35052934
Here is the out put....









         Warning: DsGetDcName returned information for \\oldserver01.mydomain.com,

         when we were trying to reach newserver01.

         SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.

         ......................... newserver01 failed test Advertising

         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=ForestDnsZones,DC=mydomain,DC=com
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=DomainDnsZones,DC=mydomain,DC=com
         ......................... newserver01 failed test NCSecDesc

         Unable to connect to the NETLOGON share! (\\newserver01\netlogon)

         [newserver01] An net use or LsaPolicy operation failed with error 67,

         The network name cannot be found..

         ......................... newserver01 failed test NetLogons

         ......................... newserver01 failed test SystemLog

         Warning: DcGetDcName(TIME_SERVER) call failed, error 1355

         A Time Server could not be located.

         The server holding the PDC role is down.

         Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error

         1355

         A Good Time Server could not be located.

         ......................... mydomain.com failed test LocatorCheck


Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   Home Server = newserver01

   * Identified AD Forest.
   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\newserver01

      Starting test: Connectivity

         ......................... newserver01 passed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site-Name\newserver01

      Starting test: Advertising

         Warning: DsGetDcName returned information for \\oldserver01.mydomain.com,

         when we were trying to reach newserver01.

         SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.

         ......................... newserver01 failed test Advertising

      Starting test: FrsEvent

         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         ......................... newserver01 passed test FrsEvent

      Starting test: DFSREvent

         ......................... newserver01 passed test DFSREvent

      Starting test: SysVolCheck

         ......................... newserver01 passed test SysVolCheck

      Starting test: KccEvent

         ......................... newserver01 passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... newserver01 passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... newserver01 passed test MachineAccount

      Starting test: NCSecDesc

         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=ForestDnsZones,DC=mydomain,DC=com
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=DomainDnsZones,DC=mydomain,DC=com
         ......................... newserver01 failed test NCSecDesc

      Starting test: NetLogons

         Unable to connect to the NETLOGON share! (\\newserver01\netlogon)

         [newserver01] An net use or LsaPolicy operation failed with error 67,

         The network name cannot be found..

         ......................... newserver01 failed test NetLogons

      Starting test: ObjectsReplicated

         ......................... newserver01 passed test ObjectsReplicated

      Starting test: Replications

         ......................... newserver01 passed test Replications

      Starting test: RidManager

         ......................... newserver01 passed test RidManager

      Starting test: Services

         ......................... newserver01 passed test Services

      Starting test: SystemLog

                  ......................... newserver01 failed test SystemLog

      Starting test: VerifyReferences

         ......................... newserver01 passed test VerifyReferences

   
   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running partition tests on : mydomain

      Starting test: CheckSDRefDom

         ......................... mydomain passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... mydomain passed test CrossRefValidation

   
   Running enterprise tests on : mydomain.com

      Starting test: LocatorCheck

         Warning: DcGetDcName(TIME_SERVER) call failed, error 1355

         A Time Server could not be located.

         The server holding the PDC role is down.

         Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error

         1355

         A Good Time Server could not be located.

         ......................... mydomain.com failed test LocatorCheck

      Starting test: Intersite

         ......................... mydomain.com passed test Intersite


Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   Home Server = newserver01

   * Identified AD Forest.
   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\newserver01

      Starting test: Connectivity

         ......................... newserver01 passed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site-Name\newserver01

      Starting test: Advertising

         Warning: DsGetDcName returned information for \\oldserver01.mydomain.com,

         when we were trying to reach newserver01.

         SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.

         ......................... newserver01 failed test Advertising

      Starting test: FrsEvent

         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         ......................... newserver01 passed test FrsEvent

      Starting test: DFSREvent

         ......................... newserver01 passed test DFSREvent

      Starting test: SysVolCheck

         ......................... newserver01 passed test SysVolCheck

      Starting test: KccEvent

         ......................... newserver01 passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... newserver01 passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... newserver01 passed test MachineAccount

      Starting test: NCSecDesc

         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=ForestDnsZones,DC=mydomain,DC=com
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=DomainDnsZones,DC=mydomain,DC=com
         ......................... newserver01 failed test NCSecDesc

      Starting test: NetLogons

         Unable to connect to the NETLOGON share! (\\newserver01\netlogon)

         [newserver01] An net use or LsaPolicy operation failed with error 67,

         The network name cannot be found..

         ......................... newserver01 failed test NetLogons

      Starting test: ObjectsReplicated

         ......................... newserver01 passed test ObjectsReplicated

      Starting test: Replications

         ......................... newserver01 passed test Replications

      Starting test: RidManager

         ......................... newserver01 passed test RidManager

      Starting test: Services

         ......................... newserver01 passed test Services

      Starting test: SystemLog

         A warning event occurred.  EventID: 0x0000000C

            Time Generated: 03/06/2011   22:45:26

            Event String:

            Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.

         ......................... newserver01 passed test SystemLog

      Starting test: VerifyReferences

         ......................... newserver01 passed test VerifyReferences

   
   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running partition tests on : mydomain

      Starting test: CheckSDRefDom

         ......................... mydomain passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... mydomain passed test CrossRefValidation

   
   Running enterprise tests on : mydomain.com

      Starting test: LocatorCheck

         Warning: DcGetDcName(TIME_SERVER) call failed, error 1355

         A Time Server could not be located.

         The server holding the PDC role is down.

         Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error

         1355

         A Good Time Server could not be located.

         ......................... mydomain.com failed test LocatorCheck

      Starting test: Intersite

         ......................... mydomain.com passed test Intersite

0
 
LVL 14

Expert Comment

by:brendanmeyer
ID: 35053712
is the new server 2008?
0
 

Author Comment

by:JPDU4
ID: 35055249
Yes 2008
0
 
LVL 14

Expert Comment

by:brendanmeyer
ID: 35062186
did you prepare the domain for the 2008 server?
http://technet.microsoft.com/en-us/library/cc754670(WS.10).aspx
0
 

Author Comment

by:JPDU4
ID: 35072164
yes...
0
 
LVL 14

Expert Comment

by:brendanmeyer
ID: 35124265
sorry i am unsure
0
 

Accepted Solution

by:
JPDU4 earned 0 total points
ID: 35124577
OK, thank you. If you think of any other things that may be helpfull please post on up... Thank you again.
0
 

Author Closing Comment

by:JPDU4
ID: 35196772
Call to Microsoft was required
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The password reset disk is often mentioned as the best solution to deal with the lost Windows password problem. In Windows 2008, 7, Vista and XP, a password reset disk can be easily created. But besides Windows 7/Vista/XP, Windows Server 2008 and ot…
Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question