?
Solved

Network existing windows 2003 r2 to new windows 2008 sbs domain controller

Posted on 2011-10-12
7
Medium Priority
?
227 Views
Last Modified: 2012-05-12
need step by step setup instructions to hook up windows 2003 R2 to upgraded 2008 sbs server. have tried the normal method of changing to domain but it does not want to "see' the domain. Maybe permissions or ???
0
Comment
Question by:gstevederby
  • 3
  • 3
7 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36958037
I've never done this before, becuse I'm not SBS guy, but I found something interesting in the Internet. There is few part article about "How to migrate 2003 to 2008 SBS". Please, review it, and maybe you will find there useful information. Article can be found at
http://itknowledgeexchange.techtarget.com/sbs/standard-server-2003-migration-to-sbs-2008-part-1/

If you have other questions or problem srelated with migration, please wait for SBS expert

Regards,
Krzysztof
0
 
LVL 41

Accepted Solution

by:
footech earned 1500 total points
ID: 36960173
Are you trying to make the 2003 R2 server a domain controller?  If not, to add it to the domain, nothing special has to be done, SBS acts like any other domain controller in this respect.  Just make sure the NIC settings on the 2003 box are correct (IP and subnet are good to communicate with SBS, DNS setting is pointing to the IP of the SBS), and you should be able to join the domain.

If not, I would run dcdiag on the SBS to check for problems.  Also, check that you can ping the IP of the SBS from the 2003 box.
0
 

Author Closing Comment

by:gstevederby
ID: 36976293
that would be normal response, however i had already tried all that...was disappointed that more did not try to help..
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 41

Expert Comment

by:footech
ID: 36976690
I appreciate the sentiment, but the best way to get more suggestions is to respond to comments.  The "normal" steps that people try to resolve a problem vary hugely, so any information on specific steps you have taken can be very helpful.

Were you able to solve the problem?  Were you having trouble joining any other machines to the domain or just this 2003R2 server?
0
 

Author Comment

by:gstevederby
ID: 36977854
have been able to add other mach. with no problem. It is not that big of task. But for some reason the 2003 R2 server does not want to work. Have even switched back to workgroup then back to domain but still can't get to see it like it should. When trying to access,browse the network neighboorhood,  from other workstations it says:
\\server is not accessible. you might not have permission to use this network resource. contact the admin fof this server to find out if you have access permissions..
here is some light to shed on the subject. The d3serv is the server that is not connecting correctly. the dcdiag ran on the 2008 sbs domain controller produced this output..maybe you know what to do to fix this? admin passwords are the same also..


Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   Home Server = PDXSBS

   * Identified AD Forest.
   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\PDXSBS

      Starting test: Connectivity

         ......................... PDXSBS passed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site-Name\PDXSBS

      Starting test: Advertising

         ......................... PDXSBS passed test Advertising

      Starting test: FrsEvent

         ......................... PDXSBS passed test FrsEvent

      Starting test: DFSREvent

         ......................... PDXSBS passed test DFSREvent

      Starting test: SysVolCheck

         ......................... PDXSBS passed test SysVolCheck

      Starting test: KccEvent

         ......................... PDXSBS passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... PDXSBS passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... PDXSBS passed test MachineAccount

      Starting test: NCSecDesc

         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=DomainDnsZones,DC=boxernw,DC=int
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=ForestDnsZones,DC=boxernw,DC=int
         ......................... PDXSBS failed test NCSecDesc

      Starting test: NetLogons

         ......................... PDXSBS passed test NetLogons

      Starting test: ObjectsReplicated

         ......................... PDXSBS passed test ObjectsReplicated

      Starting test: Replications

         ......................... PDXSBS passed test Replications

      Starting test: RidManager

         ......................... PDXSBS passed test RidManager

      Starting test: Services

         ......................... PDXSBS passed test Services

      Starting test: SystemLog

         An Error Event occurred.  EventID: 0x40000004

            Time Generated: 10/16/2011   23:05:09

            Event String:

            The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/d3serv.boxernw0. The target name used was cifs/D3serv.boxernw.int. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (BOXERNW.INT) is different from the client domain (BOXERNW.INT), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.

         ......................... PDXSBS failed test SystemLog

      Starting test: VerifyReferences

         ......................... PDXSBS passed test VerifyReferences

   
   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running partition tests on : boxernw

      Starting test: CheckSDRefDom

         ......................... boxernw passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... boxernw passed test CrossRefValidation

   
   Running enterprise tests on : boxernw.int

      Starting test: LocatorCheck

         ......................... boxernw.int passed test LocatorCheck

      Starting test: Intersite

         ......................... boxernw.int passed test Intersite

0
 
LVL 41

Expert Comment

by:footech
ID: 36990670
The NCSecDesc error isn't a problem.  Run "adprep /rodcprep" if you don't want to see the error.

"The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server".....
Usually caused by duplicate machine names.  If the 2003R2 box is currently not joined to the domain, check everywhere in ADUC for an object with the name of the machine.  Delete it if you find one.  Then attempt to rejoin, or rename the computer first and then attempt to rejoin.  Check http://support.microsoft.com/kb/321044 for some additional options.

I would also double check the time settings.  Make sure it is in the correct time zone.
0
 

Author Comment

by:gstevederby
ID: 36995979
ok i will try those things tonight
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question