Solved

Windows Server Authentication

Posted on 2011-03-06
12
365 Views
Last Modified: 2012-05-11
We are trying to upgrade an old windows 2003 server, We have installed a new server and have performed a DCPROMO. We have also moved all of the roles over to the new AD Server.  However, when I shut off the old server I am unable to authenticate on the domain. There seems to be some dependency on the old server. Once its powered back on we can log in to the domain again.


New server is called Server01
Old server is called server1
domain is  (example name) mydomain.com  
workstations and other servers log on to the mydomain_nt  domain...
0
Comment
Question by:JPDU4
  • 7
  • 5
12 Comments
 
LVL 14

Expert Comment

by:brendanmeyer
ID: 35051273
has the new server got the Global Catalog installed on it?

Acive Directory Sites and Services ->Sites -> Default First Site Name (or whatever)-> ServerName -> NTDS Settings -Properties. Make sure for GC is ticked.
0
 

Author Comment

by:JPDU4
ID: 35051455
Yes Both are GC servers
0
 
LVL 14

Expert Comment

by:brendanmeyer
ID: 35051677
0
 

Author Comment

by:JPDU4
ID: 35052355
Standby performing this now...
0
 

Author Comment

by:JPDU4
ID: 35052934
Here is the out put....









         Warning: DsGetDcName returned information for \\oldserver01.mydomain.com,

         when we were trying to reach newserver01.

         SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.

         ......................... newserver01 failed test Advertising

         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=ForestDnsZones,DC=mydomain,DC=com
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=DomainDnsZones,DC=mydomain,DC=com
         ......................... newserver01 failed test NCSecDesc

         Unable to connect to the NETLOGON share! (\\newserver01\netlogon)

         [newserver01] An net use or LsaPolicy operation failed with error 67,

         The network name cannot be found..

         ......................... newserver01 failed test NetLogons

         ......................... newserver01 failed test SystemLog

         Warning: DcGetDcName(TIME_SERVER) call failed, error 1355

         A Time Server could not be located.

         The server holding the PDC role is down.

         Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error

         1355

         A Good Time Server could not be located.

         ......................... mydomain.com failed test LocatorCheck


Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   Home Server = newserver01

   * Identified AD Forest.
   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\newserver01

      Starting test: Connectivity

         ......................... newserver01 passed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site-Name\newserver01

      Starting test: Advertising

         Warning: DsGetDcName returned information for \\oldserver01.mydomain.com,

         when we were trying to reach newserver01.

         SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.

         ......................... newserver01 failed test Advertising

      Starting test: FrsEvent

         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         ......................... newserver01 passed test FrsEvent

      Starting test: DFSREvent

         ......................... newserver01 passed test DFSREvent

      Starting test: SysVolCheck

         ......................... newserver01 passed test SysVolCheck

      Starting test: KccEvent

         ......................... newserver01 passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... newserver01 passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... newserver01 passed test MachineAccount

      Starting test: NCSecDesc

         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=ForestDnsZones,DC=mydomain,DC=com
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=DomainDnsZones,DC=mydomain,DC=com
         ......................... newserver01 failed test NCSecDesc

      Starting test: NetLogons

         Unable to connect to the NETLOGON share! (\\newserver01\netlogon)

         [newserver01] An net use or LsaPolicy operation failed with error 67,

         The network name cannot be found..

         ......................... newserver01 failed test NetLogons

      Starting test: ObjectsReplicated

         ......................... newserver01 passed test ObjectsReplicated

      Starting test: Replications

         ......................... newserver01 passed test Replications

      Starting test: RidManager

         ......................... newserver01 passed test RidManager

      Starting test: Services

         ......................... newserver01 passed test Services

      Starting test: SystemLog

                  ......................... newserver01 failed test SystemLog

      Starting test: VerifyReferences

         ......................... newserver01 passed test VerifyReferences

   
   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running partition tests on : mydomain

      Starting test: CheckSDRefDom

         ......................... mydomain passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... mydomain passed test CrossRefValidation

   
   Running enterprise tests on : mydomain.com

      Starting test: LocatorCheck

         Warning: DcGetDcName(TIME_SERVER) call failed, error 1355

         A Time Server could not be located.

         The server holding the PDC role is down.

         Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error

         1355

         A Good Time Server could not be located.

         ......................... mydomain.com failed test LocatorCheck

      Starting test: Intersite

         ......................... mydomain.com passed test Intersite


Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   Home Server = newserver01

   * Identified AD Forest.
   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\newserver01

      Starting test: Connectivity

         ......................... newserver01 passed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site-Name\newserver01

      Starting test: Advertising

         Warning: DsGetDcName returned information for \\oldserver01.mydomain.com,

         when we were trying to reach newserver01.

         SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.

         ......................... newserver01 failed test Advertising

      Starting test: FrsEvent

         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         ......................... newserver01 passed test FrsEvent

      Starting test: DFSREvent

         ......................... newserver01 passed test DFSREvent

      Starting test: SysVolCheck

         ......................... newserver01 passed test SysVolCheck

      Starting test: KccEvent

         ......................... newserver01 passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... newserver01 passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... newserver01 passed test MachineAccount

      Starting test: NCSecDesc

         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=ForestDnsZones,DC=mydomain,DC=com
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=DomainDnsZones,DC=mydomain,DC=com
         ......................... newserver01 failed test NCSecDesc

      Starting test: NetLogons

         Unable to connect to the NETLOGON share! (\\newserver01\netlogon)

         [newserver01] An net use or LsaPolicy operation failed with error 67,

         The network name cannot be found..

         ......................... newserver01 failed test NetLogons

      Starting test: ObjectsReplicated

         ......................... newserver01 passed test ObjectsReplicated

      Starting test: Replications

         ......................... newserver01 passed test Replications

      Starting test: RidManager

         ......................... newserver01 passed test RidManager

      Starting test: Services

         ......................... newserver01 passed test Services

      Starting test: SystemLog

         A warning event occurred.  EventID: 0x0000000C

            Time Generated: 03/06/2011   22:45:26

            Event String:

            Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.

         ......................... newserver01 passed test SystemLog

      Starting test: VerifyReferences

         ......................... newserver01 passed test VerifyReferences

   
   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running partition tests on : mydomain

      Starting test: CheckSDRefDom

         ......................... mydomain passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... mydomain passed test CrossRefValidation

   
   Running enterprise tests on : mydomain.com

      Starting test: LocatorCheck

         Warning: DcGetDcName(TIME_SERVER) call failed, error 1355

         A Time Server could not be located.

         The server holding the PDC role is down.

         Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error

         1355

         A Good Time Server could not be located.

         ......................... mydomain.com failed test LocatorCheck

      Starting test: Intersite

         ......................... mydomain.com passed test Intersite

0
 
LVL 14

Expert Comment

by:brendanmeyer
ID: 35053712
is the new server 2008?
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:JPDU4
ID: 35055249
Yes 2008
0
 
LVL 14

Expert Comment

by:brendanmeyer
ID: 35062186
did you prepare the domain for the 2008 server?
http://technet.microsoft.com/en-us/library/cc754670(WS.10).aspx
0
 

Author Comment

by:JPDU4
ID: 35072164
yes...
0
 
LVL 14

Expert Comment

by:brendanmeyer
ID: 35124265
sorry i am unsure
0
 

Accepted Solution

by:
JPDU4 earned 0 total points
ID: 35124577
OK, thank you. If you think of any other things that may be helpfull please post on up... Thank you again.
0
 

Author Closing Comment

by:JPDU4
ID: 35196772
Call to Microsoft was required
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Have you ever had a hard drive that you can't boot into, but need to change the registry? Here is the solution! This article guides you through accessing and editing a registry of a non-primary drive. To read registry information on a non-prim…
Many admins will agree: WSUS is is a nice invention but using it on the client side when updating a newly installed computer is still time consuming as you have to do several reboots and furthermore, the procedure of installing updates, rebooting an…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now