Solved

ADMT 3.2 ERR2:7711 Unable to retrieve the DNS hostname for the migrated computer The ADSI property cannot be found in the property cache.

Posted on 2011-03-15
8
6,847 Views
Last Modified: 2012-05-11
Hi Experts,

I'm testing the migration of test objects from source to target domain (interforest), so far the steps below have been succesfull

- Migrated test Global Group
- Migrated test user (disabled in target)
- Translate Profile (Replace mode)

When i try to do the next step which is migrating the test computer i get the below error

ERR2:7711 Unable to retrieve the DNS hostname for the migrated computer '####-DT10732.##########################. The ADSI property cannot be found in the property cache.


 Migration000017.log


Current Setup

- ADMT Service Account created in the source domain
- ADMT service Account, member of domain admin in target domain and member of Administrators in source domain
- Running ADMT from Target DC logged on as ADMT Service account
- Logged on as ADMT Service Account, can access the test machines ADMIN$ share
- Trust Relationship in place between forests
- DNS configured with conditional forwarders
- Source domian configured to allow file and printer sharing exception through GPO
- Auditing enabled in both forests
- SID History configured in both forest
- PSE configured
- Firewall disabled on test computer
- Test machine has static ip address with Preffered DNS pointing to Target domain DC
- Remote Registry service running on test machine
- Server service running on test machine
- DNS suffix search list GPO configured on Target domain
- Client computers are Win XP SP3

Any help will be appreciated as it's doing my head in : )

Cheers
0
Comment
Question by:WeirdFishes
8 Comments
 
LVL 4

Expert Comment

by:Vishal Patel
ID: 35144349
I think you have a problem related to lookup.
You need to configure DNS in both the domains for both the domains. i.e. suppose you have domainA and domainB, then you need dns of domainA should be able to resolve arp or rarp of domainB and vice versa,
You can set forwareders in each DNS server for other domains.
0
 
LVL 1

Author Comment

by:WeirdFishes
ID: 35144487
both domain have the other configured as stub zones as below

source domain has a stub zone for target domain
target domain has a stub zone for source domain

target DNS had DC.source domain as a forwarder
just added dc.target as a forwarder in source DNS and issue still persist

thanks for the help in advanced....
0
 
LVL 11

Expert Comment

by:RickSheikh
ID: 35148379
You seem to have covered all the steps/pre-reqs properly. I have seen this error in the post-check section of a computer migration in ADMT.

Is that where you are getting it ?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 1

Author Comment

by:WeirdFishes
ID: 35152424
Yes, i receive the error at post-check in ADMT Tool Agent Dialog box.
0
 
LVL 11

Expert Comment

by:RickSheikh
ID: 35152459
In my experience you can ignore it. If you take a look at the log that post check is still trying to do something against the source object which has the FQDN changed to reflect the target domain.
0
 
LVL 1

Accepted Solution

by:
WeirdFishes earned 0 total points
ID: 35163041
issue has been fixed.

the error msg is a bit vague from the admt console log (the one in the question subject) but when i checked further the issue by going to the agent logs files through windows explorer on the target DC where ADMT is installed i found another error msg which is more related to the cause of this issue, see below.

ERR3:7075 Failed to change domain affiliation, hr=800704f1   The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you

basically the issue is that the machine can't authenticate to the new 2008 R2 DC as it uses a weaker netlogon authentication algorithm wich is a feature rathan then an issue in Server 2008. to fix this issue you have to Allow cryptography algorithms compatible with Windows NT 4.0.

FIX
In the Group Policy Management Editor console, expand Computer Configuration, expand Policies, expand Administrative Templates, expand System, click Net Logon, and then double-click Allow cryptography algorithms compatible with Windows NT 4.0.

After these changes i was able to migrate machines.

0
 
LVL 1

Author Closing Comment

by:WeirdFishes
ID: 35187540
Provided fix for the issue.
0
 
LVL 6

Expert Comment

by:infoplateform
ID: 37043988
Hi Weired Fishes,

I Got same error but i am doing intraforest migration so do u think i will resolved my issue

for DNS i do stub zone settings ?


Regards,

Osama Mansoor
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question