Server 2003 to Server 2008R2 Transition

So did you use dcpromo /forceremoval  or a normal dcpromo demotion

Since you said you forcibaly removed the 2003 box I'm guessing /forceremoval.   If you did do that did you also go through and do a metadata cleanup for that 2003 box  http://www.petri.co.il/delete_failed_dcs_from_ad.htm

Did you ever transfer the FSMO roles?

Thanks

Mike

Yes, it was a forced removal.
I followed the metadata cleanup steps.
I even managed to sieze the 5 fsmo roles.

But some problems still exist.

AD Computers and users and the other various tools just stop working.
My environment is:
2008 R2 as a VMware machine
I have snapshots taken after I cleaned up the metadata and I keep having to revert back to it, because AD Users and Computers and the other controls cant connect to AD---as I type this, it is still up and functioning, but I can't manage any GPs or log into the DC from any workstation---I get the "there are currently no logon servers available..."

Here is my current dcdiag:

Doing primary tests

   Testing server: Default-First-Site\DC1
      Starting test: Advertising
         ......................... DC1 passed test Advertising
      Starting test: FrsEvent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... DC1 passed test FrsEvent
      Starting test: DFSREvent
         ......................... DC1 passed test DFSREvent
      Starting test: SysVolCheck
         ......................... DC1 passed test SysVolCheck
      Starting test: KccEvent
         ......................... DC1 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... DC1 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... DC1 passed test MachineAccount
      Starting test: NCSecDesc
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=ForestDnsZones,DC=WBRPLibrary,DC=local
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=DomainDnsZones,DC=WBRPLibrary,DC=local
         ......................... DC1 failed test NCSecDesc
      Starting test: NetLogons
         Unable to connect to the NETLOGON share! (\\DC1\netlogon)
         [DC1] An net use or LsaPolicy operation failed with error 67,
         The network name cannot be found..
         ......................... DC1 failed test NetLogons
      Starting test: ObjectsReplicated
         ......................... DC1 passed test ObjectsReplicated
      Starting test: Replications
         ......................... DC1 passed test Replications
      Starting test: RidManager
         ......................... DC1 passed test RidManager
      Starting test: Services
         ......................... DC1 passed test Services
      Starting test: SystemLog
         An error event occurred.  EventID: 0x00000406
            Time Generated: 03/13/2011   15:31:50
            Event String:
            The processing of Group Policy failed. Windows attempted to retrieve
 new Group Policy settings for this user or computer. Look in the details tab fo
r error code and description. Windows will automatically retry this operation at
 the next refresh cycle. Computers joined to the domain must have proper name re
solution and network connectivity to a domain controller for discovery of new Gr
oup Policy objects and settings. An event will be logged when Group Policy is su
ccessful.
         An error event occurred.  EventID: 0x00000406
            Time Generated: 03/13/2011   15:36:51
            Event String:
            The processing of Group Policy failed. Windows attempted to retrieve
 new Group Policy settings for this user or computer. Look in the details tab fo
r error code and description. Windows will automatically retry this operation at
 the next refresh cycle. Computers joined to the domain must have proper name re
solution and network connectivity to a domain controller for discovery of new Gr
oup Policy objects and settings. An event will be logged when Group Policy is su
ccessful.
         An error event occurred.  EventID: 0x00000406
            Time Generated: 03/13/2011   15:41:51
            Event String:
            The processing of Group Policy failed. Windows attempted to retrieve
 new Group Policy settings for this user or computer. Look in the details tab fo
r error code and description. Windows will automatically retry this operation at
 the next refresh cycle. Computers joined to the domain must have proper name re
solution and network connectivity to a domain controller for discovery of new Gr
oup Policy objects and settings. An event will be logged when Group Policy is su
ccessful.
         A warning event occurred.  EventID: 0x8000001D
            Time Generated: 03/13/2011   15:47:14
            Event String:
            The Key Distribution Center (KDC) cannot find a suitable certificate
 to use for smart card logons, or the KDC certificate could not be verified. Sma
rt card logon may not function correctly if this problem is not resolved. To cor
rect this problem, either verify the existing KDC certificate using certutil.exe
 or enroll for a new KDC certificate.
         A warning event occurred.  EventID: 0x000003F6
            Time Generated: 03/13/2011   15:47:43
            Event String:
            Name resolution for the name _ldap._tcp.Default-First-Site._sites.dc
._msdcs.WBRPLibrary.local timed out after none of the configured DNS servers res
ponded.
         An error event occurred.  EventID: 0xC00038D6
            Time Generated: 03/13/2011   15:47:46
            Event String:
            The DFS Namespace service could not initialize cross forest trust in
formation on this domain controller, but it will periodically retry the operatio
n. The return code is in the record data.
         A warning event occurred.  EventID: 0x00002724
            Time Generated: 03/13/2011   15:47:47
            Event String:
            This computer has at least one dynamically assigned IPv6 address.For
 reliable DHCPv6 server operation, you should use only static IPv6 addresses.
         A warning event occurred.  EventID: 0x0000000C
            Time Generated: 03/13/2011   15:47:51
            Event String:
            Time Provider NtpClient: This machine is configured to use the domai
n hierarchy to determine its time source, but it is the AD PDC emulator for the
domain at the root of the forest, so there is no machine above it in the domain
hierarchy to use as a time source. It is recommended that you either configure a
 reliable time service in the root domain, or manually configure the AD PDC to s
ynchronize with an external time source. Otherwise, this machine will function a
s the authoritative time source in the domain hierarchy. If an external time sou
rce is not configured or used for this computer, you may choose to disable the N
tpClient.
         A warning event occurred.  EventID: 0x0000A001
            Time Generated: 03/13/2011   15:47:55
            Event String:
            The Security System could not establish a secured connection with th
e server ldap/WBRPLibrary.local/WBRPLibrary.local@WBRPLIBRARY.LOCAL. No authenti
cation protocol was available.
         An error event occurred.  EventID: 0xC00038D6
            Time Generated: 03/13/2011   15:48:01
            Event String:
            The DFS Namespace service could not initialize cross forest trust in
formation on this domain controller, but it will periodically retry the operatio
n. The return code is in the record data.
         An error event occurred.  EventID: 0xC00038D6
            Time Generated: 03/13/2011   15:48:33
            Event String:
            The DFS Namespace service could not initialize cross forest trust in
formation on this domain controller, but it will periodically retry the operatio
n. The return code is in the record data.
         An error event occurred.  EventID: 0xC00038D6
            Time Generated: 03/13/2011   15:48:48
            Event String:
            The DFS Namespace service could not initialize cross forest trust in
formation on this domain controller, but it will periodically retry the operatio
n. The return code is in the record data.
         An error event occurred.  EventID: 0xC00038D6
            Time Generated: 03/13/2011   15:49:03
            Event String:
            The DFS Namespace service could not initialize cross forest trust in
formation on this domain controller, but it will periodically retry the operatio
n. The return code is in the record data.
         An error event occurred.  EventID: 0xC00038D6
            Time Generated: 03/13/2011   15:49:18
            Event String:
            The DFS Namespace service could not initialize cross forest trust in
formation on this domain controller, but it will periodically retry the operatio
n. The return code is in the record data.
         An error event occurred.  EventID: 0xC00038D6
            Time Generated: 03/13/2011   15:49:33
            Event String:
            The DFS Namespace service could not initialize cross forest trust in
formation on this domain controller, but it will periodically retry the operatio
n. The return code is in the record data.
         An error event occurred.  EventID: 0xC00038D6
            Time Generated: 03/13/2011   15:49:48
            Event String:
            The DFS Namespace service could not initialize cross forest trust in
formation on this domain controller, but it will periodically retry the operatio
n. The return code is in the record data.
         An error event occurred.  EventID: 0xC00038D6
            Time Generated: 03/13/2011   15:50:03
            Event String:
            The DFS Namespace service could not initialize cross forest trust in
formation on this domain controller, but it will periodically retry the operatio
n. The return code is in the record data.
         A warning event occurred.  EventID: 0x000727AA
            Time Generated: 03/13/2011   15:50:05
            Event String:
            The WinRM service failed to create the following SPNs: WSMAN/DC1.WBR
PLibrary.local; WSMAN/DC1.
         An error event occurred.  EventID: 0xC00038D6
            Time Generated: 03/13/2011   15:50:18
            Event String:
            The DFS Namespace service could not initialize cross forest trust in
formation on this domain controller, but it will periodically retry the operatio
n. The return code is in the record data.
         An error event occurred.  EventID: 0xC00038D6
            Time Generated: 03/13/2011   15:50:33
            Event String:
            The DFS Namespace service could not initialize cross forest trust in
formation on this domain controller, but it will periodically retry the operatio
n. The return code is in the record data.
         An error event occurred.  EventID: 0x00000469
            Time Generated: 03/13/2011   15:51:56
            Event String:
            The processing of Group Policy failed because of lack of network con
nectivity to a domain controller. This may be a transient condition. A success m
essage would be generated once the machine gets connected to the domain controll
er and Group Policy has succesfully processed. If you do not see a success messa
ge for several hours, then contact your administrator.
         An error event occurred.  EventID: 0x00000422
            Time Generated: 03/13/2011   15:53:43
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\WBRPLibrary.local\sysvol\WBRPLibrary.local\Policies\{31B2F340-016D-11D2-
945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Grou
p Policy settings may not be applied until this event is resolved. This issue ma
y be transient and could be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000406
            Time Generated: 03/13/2011   15:56:57
            Event String:
            The processing of Group Policy failed. Windows attempted to retrieve
 new Group Policy settings for this user or computer. Look in the details tab fo
r error code and description. Windows will automatically retry this operation at
 the next refresh cycle. Computers joined to the domain must have proper name re
solution and network connectivity to a domain controller for discovery of new Gr
oup Policy objects and settings. An event will be logged when Group Policy is su
ccessful.
         An error event occurred.  EventID: 0x00000406
            Time Generated: 03/13/2011   16:01:58
            Event String:
            The processing of Group Policy failed. Windows attempted to retrieve
 new Group Policy settings for this user or computer. Look in the details tab fo
r error code and description. Windows will automatically retry this operation at
 the next refresh cycle. Computers joined to the domain must have proper name re
solution and network connectivity to a domain controller for discovery of new Gr
oup Policy objects and settings. An event will be logged when Group Policy is su
ccessful.
         An error event occurred.  EventID: 0x00000406
            Time Generated: 03/13/2011   16:06:59
            Event String:
            The processing of Group Policy failed. Windows attempted to retrieve
 new Group Policy settings for this user or computer. Look in the details tab fo
r error code and description. Windows will automatically retry this operation at
 the next refresh cycle. Computers joined to the domain must have proper name re
solution and network connectivity to a domain controller for discovery of new Gr
oup Policy objects and settings. An event will be logged when Group Policy is su
ccessful.
         An error event occurred.  EventID: 0x00000406
            Time Generated: 03/13/2011   16:11:59
            Event String:
            The processing of Group Policy failed. Windows attempted to retrieve
 new Group Policy settings for this user or computer. Look in the details tab fo
r error code and description. Windows will automatically retry this operation at
 the next refresh cycle. Computers joined to the domain must have proper name re
solution and network connectivity to a domain controller for discovery of new Gr
oup Policy objects and settings. An event will be logged when Group Policy is su
ccessful.
         An error event occurred.  EventID: 0x00000406
            Time Generated: 03/13/2011   16:17:00
            Event String:
            The processing of Group Policy failed. Windows attempted to retrieve
 new Group Policy settings for this user or computer. Look in the details tab fo
r error code and description. Windows will automatically retry this operation at
 the next refresh cycle. Computers joined to the domain must have proper name re
solution and network connectivity to a domain controller for discovery of new Gr
oup Policy objects and settings. An event will be logged when Group Policy is su
ccessful.
         An error event occurred.  EventID: 0x00000406
            Time Generated: 03/13/2011   16:22:00
            Event String:
            The processing of Group Policy failed. Windows attempted to retrieve
 new Group Policy settings for this user or computer. Look in the details tab fo
r error code and description. Windows will automatically retry this operation at
 the next refresh cycle. Computers joined to the domain must have proper name re
solution and network connectivity to a domain controller for discovery of new Gr
oup Policy objects and settings. An event will be logged when Group Policy is su
ccessful.
         ......................... DC1 failed test SystemLog
      Starting test: VerifyReferences
         ......................... DC1 passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : WBRPLibrary
      Starting test: CheckSDRefDom
         ......................... WBRPLibrary passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... WBRPLibrary passed test CrossRefValidation

   Running enterprise tests on : WBRPLibrary.local
      Starting test: LocatorCheck
         Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
         A Global Catalog Server could not be located - All GC's are down.
THANKS! If anyone knows of any 3rd party tech support, then we would be willing to pay.

5 minutes after I posted this, I tried to Launch AD Users and Computers and I get this error:
Naming information cannot be located because : the specifed domain doesn't exist or cannot be found...

Just FYI
Thanks again!

First you should never force demote your Domain Controller before running dcdiag to check to make sure your new DC is healthly. Do you have a backup of the Windows 2003 Server?

To fix netlogon issue.
http://support.microsoft.com/kb/947022

Make sure your Domain Controller is pointing to itself for DNS. Make sure you have DNS zone for your Domain in DNS.

Seems the Windows 2008 Server might not have finished replicating before you forced remove the Windows 2003 Server.

Try the netlogon fix.

You can call Microsoft to get direct support for $250 as well if you are in a rush and need someone to be able to directly access the servers.

The error you posted points to the issue of Windows 2003 Server not being available this is why you need to run metadata cleanup but if your Windows 2008 Server is not fully functioning you will have other issues.

Yes, I have talked with technical support and since we are  workign with a trial version of Server 2008, they want us to purchase it before they will help us. Well, purchasing it is out of the question---we can get it from techsoup--since we are a public library for about $200 vs. $2500 or more, but we have to wait a few days for the license key to come in...so...just wanted to get that out of the way.

I do have some very good news. Although I didn't perform a backup specifically for the AD migration, we did have a copy of the old sysvol directory from the original 2003 server. So I copied that directory into the windows folder where it should have been----an lucky me--now the Exchange server is able to talk and it works fine and users can log in---one last question please.

I can't edit any group policies and I am getting this error in the eventvwr:
Log Name:      System
Source:        Microsoft-Windows-GroupPolicy
Date:          3/13/2011 7:15:45 PM
Event ID:      1058
Task Category: None
Level:         Error
Keywords:      
User:          SYSTEM
Computer:      DC1.WBRPLibrary.local
Description:
The processing of Group Policy failed. Windows attempted to read the file \\WBRPLibrary.local\sysvol\WBRPLibrary.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
    <EventID>1058</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>1</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2011-03-14T00:15:45.252085900Z" />
    <EventRecordID>4616</EventRecordID>
    <Correlation ActivityID="{1F871AFD-E8D4-4935-9551-730F550A9A7D}" />
    <Execution ProcessID="856" ThreadID="2624" />
    <Channel>System</Channel>
    <Computer>DC1.WBRPLibrary.local</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="SupportInfo1">4</Data>
    <Data Name="SupportInfo2">816</Data>
    <Data Name="ProcessingMode">0</Data>
    <Data Name="ProcessingTimeInMilliseconds">657</Data>
    <Data Name="ErrorCode">3</Data>
    <Data Name="ErrorDescription">The system cannot find the path specified. </Data>
    <Data Name="DCName">DC1.WBRPLibrary.local</Data>
    <Data Name="GPOCNName">CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=WBRPLibrary,DC=local</Data>
    <Data Name="FilePath">\\WBRPLibrary.local\sysvol\WBRPLibrary.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini</Data>
  </EventData>
</Event>

Thanks to everyone for all of the help---this dummy will make damn sure next time that I have a FULL SYSTEM LEVEL BACKUP.

What command is that?
Thanks

It in the link I posted

Again, everything seems to be fine, except that I can't edit any GPs. When I performed the registry edit as outlined in the link from MS, then I couldn't got an error when I tried to run computers and users--like i was disconnected. So, i changed the key back to what it was ....which was 1

I am working with a live environment now---at least until 5:30 PM CST.

Thanks!

So, your Windows 2003 Server is shutdown? You have run metadata cleanup?

Well, after I performed that step I went back to look at my sysvol directory and all of my GPs were missing! So, i copied them all back from backup. I proceeded to launch GP editor and it said that the permissions were wrong and would i like to correct the---so i quickly clicked okay....i did this for every policy..AND like magic I was able to open each policy!

So, I think that I am done here!

Again, thanks to everyone.

Always backup your domain before migration---DUH