gstevederby
asked on
Network existing windows 2003 r2 to new windows 2008 sbs domain controller
need step by step setup instructions to hook up windows 2003 R2 to upgraded 2008 sbs server. have tried the normal method of changing to domain but it does not want to "see' the domain. Maybe permissions or ???
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
that would be normal response, however i had already tried all that...was disappointed that more did not try to help..
I appreciate the sentiment, but the best way to get more suggestions is to respond to comments. The "normal" steps that people try to resolve a problem vary hugely, so any information on specific steps you have taken can be very helpful.
Were you able to solve the problem? Were you having trouble joining any other machines to the domain or just this 2003R2 server?
Were you able to solve the problem? Were you having trouble joining any other machines to the domain or just this 2003R2 server?
ASKER
have been able to add other mach. with no problem. It is not that big of task. But for some reason the 2003 R2 server does not want to work. Have even switched back to workgroup then back to domain but still can't get to see it like it should. When trying to access,browse the network neighboorhood, from other workstations it says:
\\server is not accessible. you might not have permission to use this network resource. contact the admin fof this server to find out if you have access permissions..
here is some light to shed on the subject. The d3serv is the server that is not connecting correctly. the dcdiag ran on the 2008 sbs domain controller produced this output..maybe you know what to do to fix this? admin passwords are the same also..
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = PDXSBS
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\PD XSBS
Starting test: Connectivity
......................... PDXSBS passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\PD XSBS
Starting test: Advertising
......................... PDXSBS passed test Advertising
Starting test: FrsEvent
......................... PDXSBS passed test FrsEvent
Starting test: DFSREvent
......................... PDXSBS passed test DFSREvent
Starting test: SysVolCheck
......................... PDXSBS passed test SysVolCheck
Starting test: KccEvent
......................... PDXSBS passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... PDXSBS passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... PDXSBS passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=boxer nw,DC=int
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=boxer nw,DC=int
......................... PDXSBS failed test NCSecDesc
Starting test: NetLogons
......................... PDXSBS passed test NetLogons
Starting test: ObjectsReplicated
......................... PDXSBS passed test ObjectsReplicated
Starting test: Replications
......................... PDXSBS passed test Replications
Starting test: RidManager
......................... PDXSBS passed test RidManager
Starting test: Services
......................... PDXSBS passed test Services
Starting test: SystemLog
An Error Event occurred. EventID: 0x40000004
Time Generated: 10/16/2011 23:05:09
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/d3serv.boxernw0. The target name used was cifs/D3serv.boxernw.int. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (BOXERNW.INT) is different from the client domain (BOXERNW.INT), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
......................... PDXSBS failed test SystemLog
Starting test: VerifyReferences
......................... PDXSBS passed test VerifyReferences
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : boxernw
Starting test: CheckSDRefDom
......................... boxernw passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... boxernw passed test CrossRefValidation
Running enterprise tests on : boxernw.int
Starting test: LocatorCheck
......................... boxernw.int passed test LocatorCheck
Starting test: Intersite
......................... boxernw.int passed test Intersite
\\server is not accessible. you might not have permission to use this network resource. contact the admin fof this server to find out if you have access permissions..
here is some light to shed on the subject. The d3serv is the server that is not connecting correctly. the dcdiag ran on the 2008 sbs domain controller produced this output..maybe you know what to do to fix this? admin passwords are the same also..
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = PDXSBS
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\PD
Starting test: Connectivity
......................... PDXSBS passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\PD
Starting test: Advertising
......................... PDXSBS passed test Advertising
Starting test: FrsEvent
......................... PDXSBS passed test FrsEvent
Starting test: DFSREvent
......................... PDXSBS passed test DFSREvent
Starting test: SysVolCheck
......................... PDXSBS passed test SysVolCheck
Starting test: KccEvent
......................... PDXSBS passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... PDXSBS passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... PDXSBS passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=boxer
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=boxer
......................... PDXSBS failed test NCSecDesc
Starting test: NetLogons
......................... PDXSBS passed test NetLogons
Starting test: ObjectsReplicated
......................... PDXSBS passed test ObjectsReplicated
Starting test: Replications
......................... PDXSBS passed test Replications
Starting test: RidManager
......................... PDXSBS passed test RidManager
Starting test: Services
......................... PDXSBS passed test Services
Starting test: SystemLog
An Error Event occurred. EventID: 0x40000004
Time Generated: 10/16/2011 23:05:09
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/d3serv.boxernw0. The target name used was cifs/D3serv.boxernw.int. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (BOXERNW.INT) is different from the client domain (BOXERNW.INT), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
......................... PDXSBS failed test SystemLog
Starting test: VerifyReferences
......................... PDXSBS passed test VerifyReferences
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : boxernw
Starting test: CheckSDRefDom
......................... boxernw passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... boxernw passed test CrossRefValidation
Running enterprise tests on : boxernw.int
Starting test: LocatorCheck
......................... boxernw.int passed test LocatorCheck
Starting test: Intersite
......................... boxernw.int passed test Intersite
The NCSecDesc error isn't a problem. Run "adprep /rodcprep" if you don't want to see the error.
"The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server".....
Usually caused by duplicate machine names. If the 2003R2 box is currently not joined to the domain, check everywhere in ADUC for an object with the name of the machine. Delete it if you find one. Then attempt to rejoin, or rename the computer first and then attempt to rejoin. Check http://support.microsoft.com/kb/321044 for some additional options.
I would also double check the time settings. Make sure it is in the correct time zone.
"The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server".....
Usually caused by duplicate machine names. If the 2003R2 box is currently not joined to the domain, check everywhere in ADUC for an object with the name of the machine. Delete it if you find one. Then attempt to rejoin, or rename the computer first and then attempt to rejoin. Check http://support.microsoft.com/kb/321044 for some additional options.
I would also double check the time settings. Make sure it is in the correct time zone.
ASKER
ok i will try those things tonight
http://itknowledgeexchange.techtarget.com/sbs/standard-server-2003-migration-to-sbs-2008-part-1/
If you have other questions or problem srelated with migration, please wait for SBS expert
Regards,
Krzysztof