Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

ADMT 3.2 ERR2:7711 Unable to retrieve the DNS hostname for the migrated computer The ADSI property cannot be found in the property cache.

Posted on 2011-03-15
8
Medium Priority
?
7,439 Views
Last Modified: 2012-05-11
Hi Experts,

I'm testing the migration of test objects from source to target domain (interforest), so far the steps below have been succesfull

- Migrated test Global Group
- Migrated test user (disabled in target)
- Translate Profile (Replace mode)

When i try to do the next step which is migrating the test computer i get the below error

ERR2:7711 Unable to retrieve the DNS hostname for the migrated computer '####-DT10732.##########################. The ADSI property cannot be found in the property cache.


 Migration000017.log


Current Setup

- ADMT Service Account created in the source domain
- ADMT service Account, member of domain admin in target domain and member of Administrators in source domain
- Running ADMT from Target DC logged on as ADMT Service account
- Logged on as ADMT Service Account, can access the test machines ADMIN$ share
- Trust Relationship in place between forests
- DNS configured with conditional forwarders
- Source domian configured to allow file and printer sharing exception through GPO
- Auditing enabled in both forests
- SID History configured in both forest
- PSE configured
- Firewall disabled on test computer
- Test machine has static ip address with Preffered DNS pointing to Target domain DC
- Remote Registry service running on test machine
- Server service running on test machine
- DNS suffix search list GPO configured on Target domain
- Client computers are Win XP SP3

Any help will be appreciated as it's doing my head in : )

Cheers
0
Comment
Question by:WeirdFishes
8 Comments
 
LVL 4

Expert Comment

by:Vishal Patel
ID: 35144349
I think you have a problem related to lookup.
You need to configure DNS in both the domains for both the domains. i.e. suppose you have domainA and domainB, then you need dns of domainA should be able to resolve arp or rarp of domainB and vice versa,
You can set forwareders in each DNS server for other domains.
0
 
LVL 1

Author Comment

by:WeirdFishes
ID: 35144487
both domain have the other configured as stub zones as below

source domain has a stub zone for target domain
target domain has a stub zone for source domain

target DNS had DC.source domain as a forwarder
just added dc.target as a forwarder in source DNS and issue still persist

thanks for the help in advanced....
0
 
LVL 11

Expert Comment

by:RickSheikh
ID: 35148379
You seem to have covered all the steps/pre-reqs properly. I have seen this error in the post-check section of a computer migration in ADMT.

Is that where you are getting it ?
0
WatchGuard Case Study: Museum of Flight

“With limited money and limited staffing, we didn’t have a lot of choices in terms of what we could do to bring efficiency. WatchGuard played a central part in changing that.” To provide strong, secure Wi-Fi access within the museum, Hunter chose to deploy WatchGuard’s AP120 APs.

 
LVL 1

Author Comment

by:WeirdFishes
ID: 35152424
Yes, i receive the error at post-check in ADMT Tool Agent Dialog box.
0
 
LVL 11

Expert Comment

by:RickSheikh
ID: 35152459
In my experience you can ignore it. If you take a look at the log that post check is still trying to do something against the source object which has the FQDN changed to reflect the target domain.
0
 
LVL 1

Accepted Solution

by:
WeirdFishes earned 0 total points
ID: 35163041
issue has been fixed.

the error msg is a bit vague from the admt console log (the one in the question subject) but when i checked further the issue by going to the agent logs files through windows explorer on the target DC where ADMT is installed i found another error msg which is more related to the cause of this issue, see below.

ERR3:7075 Failed to change domain affiliation, hr=800704f1   The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you

basically the issue is that the machine can't authenticate to the new 2008 R2 DC as it uses a weaker netlogon authentication algorithm wich is a feature rathan then an issue in Server 2008. to fix this issue you have to Allow cryptography algorithms compatible with Windows NT 4.0.

FIX
In the Group Policy Management Editor console, expand Computer Configuration, expand Policies, expand Administrative Templates, expand System, click Net Logon, and then double-click Allow cryptography algorithms compatible with Windows NT 4.0.

After these changes i was able to migrate machines.

0
 
LVL 1

Author Closing Comment

by:WeirdFishes
ID: 35187540
Provided fix for the issue.
0
 
LVL 6

Expert Comment

by:infoplateform
ID: 37043988
Hi Weired Fishes,

I Got same error but i am doing intraforest migration so do u think i will resolved my issue

for DNS i do stub zone settings ?


Regards,

Osama Mansoor
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question