Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 378
  • Last Modified:

Windows Server Authentication

We are trying to upgrade an old windows 2003 server, We have installed a new server and have performed a DCPROMO. We have also moved all of the roles over to the new AD Server.  However, when I shut off the old server I am unable to authenticate on the domain. There seems to be some dependency on the old server. Once its powered back on we can log in to the domain again.


New server is called Server01
Old server is called server1
domain is  (example name) mydomain.com  
workstations and other servers log on to the mydomain_nt  domain...
0
JPDU4
Asked:
JPDU4
  • 7
  • 5
1 Solution
 
brendanmeyerCommented:
has the new server got the Global Catalog installed on it?

Acive Directory Sites and Services ->Sites -> Default First Site Name (or whatever)-> ServerName -> NTDS Settings -Properties. Make sure for GC is ticked.
0
 
JPDU4Author Commented:
Yes Both are GC servers
0
 
brendanmeyerCommented:
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
JPDU4Author Commented:
Standby performing this now...
0
 
JPDU4Author Commented:
Here is the out put....









         Warning: DsGetDcName returned information for \\oldserver01.mydomain.com,

         when we were trying to reach newserver01.

         SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.

         ......................... newserver01 failed test Advertising

         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=ForestDnsZones,DC=mydomain,DC=com
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=DomainDnsZones,DC=mydomain,DC=com
         ......................... newserver01 failed test NCSecDesc

         Unable to connect to the NETLOGON share! (\\newserver01\netlogon)

         [newserver01] An net use or LsaPolicy operation failed with error 67,

         The network name cannot be found..

         ......................... newserver01 failed test NetLogons

         ......................... newserver01 failed test SystemLog

         Warning: DcGetDcName(TIME_SERVER) call failed, error 1355

         A Time Server could not be located.

         The server holding the PDC role is down.

         Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error

         1355

         A Good Time Server could not be located.

         ......................... mydomain.com failed test LocatorCheck


Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   Home Server = newserver01

   * Identified AD Forest.
   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\newserver01

      Starting test: Connectivity

         ......................... newserver01 passed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site-Name\newserver01

      Starting test: Advertising

         Warning: DsGetDcName returned information for \\oldserver01.mydomain.com,

         when we were trying to reach newserver01.

         SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.

         ......................... newserver01 failed test Advertising

      Starting test: FrsEvent

         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         ......................... newserver01 passed test FrsEvent

      Starting test: DFSREvent

         ......................... newserver01 passed test DFSREvent

      Starting test: SysVolCheck

         ......................... newserver01 passed test SysVolCheck

      Starting test: KccEvent

         ......................... newserver01 passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... newserver01 passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... newserver01 passed test MachineAccount

      Starting test: NCSecDesc

         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=ForestDnsZones,DC=mydomain,DC=com
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=DomainDnsZones,DC=mydomain,DC=com
         ......................... newserver01 failed test NCSecDesc

      Starting test: NetLogons

         Unable to connect to the NETLOGON share! (\\newserver01\netlogon)

         [newserver01] An net use or LsaPolicy operation failed with error 67,

         The network name cannot be found..

         ......................... newserver01 failed test NetLogons

      Starting test: ObjectsReplicated

         ......................... newserver01 passed test ObjectsReplicated

      Starting test: Replications

         ......................... newserver01 passed test Replications

      Starting test: RidManager

         ......................... newserver01 passed test RidManager

      Starting test: Services

         ......................... newserver01 passed test Services

      Starting test: SystemLog

                  ......................... newserver01 failed test SystemLog

      Starting test: VerifyReferences

         ......................... newserver01 passed test VerifyReferences

   
   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running partition tests on : mydomain

      Starting test: CheckSDRefDom

         ......................... mydomain passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... mydomain passed test CrossRefValidation

   
   Running enterprise tests on : mydomain.com

      Starting test: LocatorCheck

         Warning: DcGetDcName(TIME_SERVER) call failed, error 1355

         A Time Server could not be located.

         The server holding the PDC role is down.

         Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error

         1355

         A Good Time Server could not be located.

         ......................... mydomain.com failed test LocatorCheck

      Starting test: Intersite

         ......................... mydomain.com passed test Intersite


Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   Home Server = newserver01

   * Identified AD Forest.
   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\newserver01

      Starting test: Connectivity

         ......................... newserver01 passed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site-Name\newserver01

      Starting test: Advertising

         Warning: DsGetDcName returned information for \\oldserver01.mydomain.com,

         when we were trying to reach newserver01.

         SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.

         ......................... newserver01 failed test Advertising

      Starting test: FrsEvent

         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         ......................... newserver01 passed test FrsEvent

      Starting test: DFSREvent

         ......................... newserver01 passed test DFSREvent

      Starting test: SysVolCheck

         ......................... newserver01 passed test SysVolCheck

      Starting test: KccEvent

         ......................... newserver01 passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... newserver01 passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... newserver01 passed test MachineAccount

      Starting test: NCSecDesc

         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=ForestDnsZones,DC=mydomain,DC=com
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=DomainDnsZones,DC=mydomain,DC=com
         ......................... newserver01 failed test NCSecDesc

      Starting test: NetLogons

         Unable to connect to the NETLOGON share! (\\newserver01\netlogon)

         [newserver01] An net use or LsaPolicy operation failed with error 67,

         The network name cannot be found..

         ......................... newserver01 failed test NetLogons

      Starting test: ObjectsReplicated

         ......................... newserver01 passed test ObjectsReplicated

      Starting test: Replications

         ......................... newserver01 passed test Replications

      Starting test: RidManager

         ......................... newserver01 passed test RidManager

      Starting test: Services

         ......................... newserver01 passed test Services

      Starting test: SystemLog

         A warning event occurred.  EventID: 0x0000000C

            Time Generated: 03/06/2011   22:45:26

            Event String:

            Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.

         ......................... newserver01 passed test SystemLog

      Starting test: VerifyReferences

         ......................... newserver01 passed test VerifyReferences

   
   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running partition tests on : mydomain

      Starting test: CheckSDRefDom

         ......................... mydomain passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... mydomain passed test CrossRefValidation

   
   Running enterprise tests on : mydomain.com

      Starting test: LocatorCheck

         Warning: DcGetDcName(TIME_SERVER) call failed, error 1355

         A Time Server could not be located.

         The server holding the PDC role is down.

         Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error

         1355

         A Good Time Server could not be located.

         ......................... mydomain.com failed test LocatorCheck

      Starting test: Intersite

         ......................... mydomain.com passed test Intersite

0
 
brendanmeyerCommented:
is the new server 2008?
0
 
JPDU4Author Commented:
Yes 2008
0
 
brendanmeyerCommented:
did you prepare the domain for the 2008 server?
http://technet.microsoft.com/en-us/library/cc754670(WS.10).aspx
0
 
JPDU4Author Commented:
yes...
0
 
brendanmeyerCommented:
sorry i am unsure
0
 
JPDU4Author Commented:
OK, thank you. If you think of any other things that may be helpfull please post on up... Thank you again.
0
 
JPDU4Author Commented:
Call to Microsoft was required
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 7
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now