Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

ADMT 3.2 ERR2:7711 Unable to retrieve the DNS hostname for the migrated computer The ADSI property cannot be found in the property cache.

Posted on 2011-03-15
8
Medium Priority
?
7,297 Views
Last Modified: 2012-05-11
Hi Experts,

I'm testing the migration of test objects from source to target domain (interforest), so far the steps below have been succesfull

- Migrated test Global Group
- Migrated test user (disabled in target)
- Translate Profile (Replace mode)

When i try to do the next step which is migrating the test computer i get the below error

ERR2:7711 Unable to retrieve the DNS hostname for the migrated computer '####-DT10732.##########################. The ADSI property cannot be found in the property cache.


 Migration000017.log


Current Setup

- ADMT Service Account created in the source domain
- ADMT service Account, member of domain admin in target domain and member of Administrators in source domain
- Running ADMT from Target DC logged on as ADMT Service account
- Logged on as ADMT Service Account, can access the test machines ADMIN$ share
- Trust Relationship in place between forests
- DNS configured with conditional forwarders
- Source domian configured to allow file and printer sharing exception through GPO
- Auditing enabled in both forests
- SID History configured in both forest
- PSE configured
- Firewall disabled on test computer
- Test machine has static ip address with Preffered DNS pointing to Target domain DC
- Remote Registry service running on test machine
- Server service running on test machine
- DNS suffix search list GPO configured on Target domain
- Client computers are Win XP SP3

Any help will be appreciated as it's doing my head in : )

Cheers
0
Comment
Question by:WeirdFishes
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 4

Expert Comment

by:Vishal Patel
ID: 35144349
I think you have a problem related to lookup.
You need to configure DNS in both the domains for both the domains. i.e. suppose you have domainA and domainB, then you need dns of domainA should be able to resolve arp or rarp of domainB and vice versa,
You can set forwareders in each DNS server for other domains.
0
 
LVL 1

Author Comment

by:WeirdFishes
ID: 35144487
both domain have the other configured as stub zones as below

source domain has a stub zone for target domain
target domain has a stub zone for source domain

target DNS had DC.source domain as a forwarder
just added dc.target as a forwarder in source DNS and issue still persist

thanks for the help in advanced....
0
 
LVL 11

Expert Comment

by:RickSheikh
ID: 35148379
You seem to have covered all the steps/pre-reqs properly. I have seen this error in the post-check section of a computer migration in ADMT.

Is that where you are getting it ?
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 
LVL 1

Author Comment

by:WeirdFishes
ID: 35152424
Yes, i receive the error at post-check in ADMT Tool Agent Dialog box.
0
 
LVL 11

Expert Comment

by:RickSheikh
ID: 35152459
In my experience you can ignore it. If you take a look at the log that post check is still trying to do something against the source object which has the FQDN changed to reflect the target domain.
0
 
LVL 1

Accepted Solution

by:
WeirdFishes earned 0 total points
ID: 35163041
issue has been fixed.

the error msg is a bit vague from the admt console log (the one in the question subject) but when i checked further the issue by going to the agent logs files through windows explorer on the target DC where ADMT is installed i found another error msg which is more related to the cause of this issue, see below.

ERR3:7075 Failed to change domain affiliation, hr=800704f1   The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you

basically the issue is that the machine can't authenticate to the new 2008 R2 DC as it uses a weaker netlogon authentication algorithm wich is a feature rathan then an issue in Server 2008. to fix this issue you have to Allow cryptography algorithms compatible with Windows NT 4.0.

FIX
In the Group Policy Management Editor console, expand Computer Configuration, expand Policies, expand Administrative Templates, expand System, click Net Logon, and then double-click Allow cryptography algorithms compatible with Windows NT 4.0.

After these changes i was able to migrate machines.

0
 
LVL 1

Author Closing Comment

by:WeirdFishes
ID: 35187540
Provided fix for the issue.
0
 
LVL 6

Expert Comment

by:infoplateform
ID: 37043988
Hi Weired Fishes,

I Got same error but i am doing intraforest migration so do u think i will resolved my issue

for DNS i do stub zone settings ?


Regards,

Osama Mansoor
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question