Network existing windows 2003 r2 to new windows 2008 sbs domain controller

need step by step setup instructions to hook up windows 2003 R2 to upgraded 2008 sbs server. have tried the normal method of changing to domain but it does not want to "see' the domain. Maybe permissions or ???
gstevederbyAsked:
Who is Participating?
 
footechConnect With a Mentor Commented:
Are you trying to make the 2003 R2 server a domain controller?  If not, to add it to the domain, nothing special has to be done, SBS acts like any other domain controller in this respect.  Just make sure the NIC settings on the 2003 box are correct (IP and subnet are good to communicate with SBS, DNS setting is pointing to the IP of the SBS), and you should be able to join the domain.

If not, I would run dcdiag on the SBS to check for problems.  Also, check that you can ping the IP of the SBS from the 2003 box.
0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
I've never done this before, becuse I'm not SBS guy, but I found something interesting in the Internet. There is few part article about "How to migrate 2003 to 2008 SBS". Please, review it, and maybe you will find there useful information. Article can be found at
http://itknowledgeexchange.techtarget.com/sbs/standard-server-2003-migration-to-sbs-2008-part-1/

If you have other questions or problem srelated with migration, please wait for SBS expert

Regards,
Krzysztof
0
 
gstevederbyAuthor Commented:
that would be normal response, however i had already tried all that...was disappointed that more did not try to help..
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
footechCommented:
I appreciate the sentiment, but the best way to get more suggestions is to respond to comments.  The "normal" steps that people try to resolve a problem vary hugely, so any information on specific steps you have taken can be very helpful.

Were you able to solve the problem?  Were you having trouble joining any other machines to the domain or just this 2003R2 server?
0
 
gstevederbyAuthor Commented:
have been able to add other mach. with no problem. It is not that big of task. But for some reason the 2003 R2 server does not want to work. Have even switched back to workgroup then back to domain but still can't get to see it like it should. When trying to access,browse the network neighboorhood,  from other workstations it says:
\\server is not accessible. you might not have permission to use this network resource. contact the admin fof this server to find out if you have access permissions..
here is some light to shed on the subject. The d3serv is the server that is not connecting correctly. the dcdiag ran on the 2008 sbs domain controller produced this output..maybe you know what to do to fix this? admin passwords are the same also..


Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   Home Server = PDXSBS

   * Identified AD Forest.
   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\PDXSBS

      Starting test: Connectivity

         ......................... PDXSBS passed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site-Name\PDXSBS

      Starting test: Advertising

         ......................... PDXSBS passed test Advertising

      Starting test: FrsEvent

         ......................... PDXSBS passed test FrsEvent

      Starting test: DFSREvent

         ......................... PDXSBS passed test DFSREvent

      Starting test: SysVolCheck

         ......................... PDXSBS passed test SysVolCheck

      Starting test: KccEvent

         ......................... PDXSBS passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... PDXSBS passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... PDXSBS passed test MachineAccount

      Starting test: NCSecDesc

         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=DomainDnsZones,DC=boxernw,DC=int
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=ForestDnsZones,DC=boxernw,DC=int
         ......................... PDXSBS failed test NCSecDesc

      Starting test: NetLogons

         ......................... PDXSBS passed test NetLogons

      Starting test: ObjectsReplicated

         ......................... PDXSBS passed test ObjectsReplicated

      Starting test: Replications

         ......................... PDXSBS passed test Replications

      Starting test: RidManager

         ......................... PDXSBS passed test RidManager

      Starting test: Services

         ......................... PDXSBS passed test Services

      Starting test: SystemLog

         An Error Event occurred.  EventID: 0x40000004

            Time Generated: 10/16/2011   23:05:09

            Event String:

            The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/d3serv.boxernw0. The target name used was cifs/D3serv.boxernw.int. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (BOXERNW.INT) is different from the client domain (BOXERNW.INT), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.

         ......................... PDXSBS failed test SystemLog

      Starting test: VerifyReferences

         ......................... PDXSBS passed test VerifyReferences

   
   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running partition tests on : boxernw

      Starting test: CheckSDRefDom

         ......................... boxernw passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... boxernw passed test CrossRefValidation

   
   Running enterprise tests on : boxernw.int

      Starting test: LocatorCheck

         ......................... boxernw.int passed test LocatorCheck

      Starting test: Intersite

         ......................... boxernw.int passed test Intersite

0
 
footechCommented:
The NCSecDesc error isn't a problem.  Run "adprep /rodcprep" if you don't want to see the error.

"The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server".....
Usually caused by duplicate machine names.  If the 2003R2 box is currently not joined to the domain, check everywhere in ADUC for an object with the name of the machine.  Delete it if you find one.  Then attempt to rejoin, or rename the computer first and then attempt to rejoin.  Check http://support.microsoft.com/kb/321044 for some additional options.

I would also double check the time settings.  Make sure it is in the correct time zone.
0
 
gstevederbyAuthor Commented:
ok i will try those things tonight
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.