Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 369
  • Last Modified:

Migrated 2008 server AD/DHCP issue

Hello,

I just recently migrated a server 2003 AD and FSMO role to a new 2008 server.
All roles as been transfered.  FSMO roles are on the 2008 server.  @008 server is the operation master.  My issue's are that if I shutdown the 2003 machine no one can log in!
Even the DHCP will not assigned an IP.  The 2008 server is the only DHCP on the network.
Right now everybody works with static ip's with their DNS pointing to the 2008 server.

Thanks
0
seapr
Asked:
seapr
1 Solution
 
Mark DamenERP System ManagerCommented:
Is the newly installed 2008 server configured as a GC (Global Catalog)?
0
 
Suliman Abu KharroubIT Consultant Commented:
first of all, do you have a DNS server role installed on the new server ?

if yes, run dcdiag on the new dc. does it return errors ?
0
 
Krzysztof PytkoActive Directory EngineerCommented:
Please verify if you did all required steps during adding 2008 DC into your existing network, reading an article on my blog for that

http://kpytko.wordpress.com/2011/08/25/adding-first-windows-server-2008-r2-domain-controller-within-windows-2003-network/

and when you transferred PDC Emulator role to other DC, you need to advertise new time server in your forest. Please follow below steps

[...]- after transfer of the PDCEmulator role, configure the NEW PDCEmulator to an external timesource and reconfigure the old PDCEmulator to use the domainhierarchie now. Therefore run on the NEW "w32tm /config /manualpeerlist:PEERS /syncfromflags:manual /reliable:yes /update" where PEERS will be filled with the ip address or server(time.windows.com) and on the OLD one run "w32tm /config /syncfromflags:domhier /reliable:no /update" and stop/start the time service on the old one. All commands run in an elevated command prompt without the quotes. [...]

it's an extract from MVP blog at
http://msmvps.com/blogs/mweber/archive/2010/02/10/upgrading-an-active-directory-domain-from-windows-server-2003-to-windows-server-2008-or-windows-server-2008-r2.aspx

In case of any further question, do not hesitate to ask

Regards,
Krzysztof
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
piyushranusriCommented:
1.did you authorize DHCP and DNS serivce on 2008 server.
2. did client is using 2008 dns entries.
and the most important thing the Global catalogue server.

try to run nslookup on client, dcdiag and event viewer of the DC.
please share the output, so that we can discuss this case.
0
 
seaprAuthor Commented:
I will try to respond to all questions at once.

1.Yes the new 2008 server is the Global catalogue.
2.DNS is intalled and properly setup as the pc's as the 2008 server as DNS server and they have access to the internet and local access.
3.  DCdiag is returning only errors about printers.  The rest is all ok.
4.DHCP and DNS are installed.  what do you meen by authorize?

I will go trought what you guys recommended and follow up.

Thanks and this input is really appreciated.
0
 
seaprAuthor Commented:
While doing the DCdiag on the 2003 machine I get those errors

Starting test: frsevent
   * The File Replication Service Event log test
   There are warning or error events within the last 2
   SYSVOL has been shared.  Failing SYSVOL replication
   Group Policy problems.
   An Error Event occured.  EventID: 0xC0003500
      Time Generated: 08/29/2012   15:40:55
      (Event String could not be retrieved)
   An Error Event occured.  EventID: 0xC0003502
      Time Generated: 08/29/2012   15:40:55
      (Event String could not be retrieved)
   An Error Event occured.  EventID: 0xC0003502
      Time Generated: 08/29/2012   15:40:55
      (Event String could not be retrieved)
   ......................... MCCS failed test frsevent


 Starting test: systemlog
    * The System Event log test
    An Error Event occured.  EventID: 0x40000004
       Time Generated: 08/29/2012   22:55:40
       Event String: The kerberos client received a
P_ERR_MODIFIED error from the server
r$.  The target name used was LDAP/MCCS.
indicates that the password used to encrypt
erberos service ticket is different than
on the target server. Commonly, this is due
entically named  machine accounts in the
t realm (CHAMPLAIN), and the client realm.
e contact your system administrator.
    An Error Event occured.  EventID: 0x00000457
       Time Generated: 08/29/2012   23:05:04
       (Event String could not be retrieved)
    An Error Event occured.  EventID: 0x00000457
       Time Generated: 08/29/2012   23:05:05
       (Event String could not be retrieved)
    An Error Event occured.  EventID: 0x00000457
       Time Generated: 08/29/2012   23:05:08
       (Event String could not be retrieved)
    An Error Event occured.  EventID: 0x00000457
       Time Generated: 08/29/2012   23:05:10
       (Event String could not be retrieved)
    An Error Event occured.  EventID: 0x00000457
       Time Generated: 08/29/2012   23:05:11
       (Event String could not be retrieved)
    ......................... MCCS failed test systemlog


I get this on the 2008 machine.  

 Starting test: FrsEvent
    * The File Replication Service Event log test
    There are warning or error events within the last 24 hours after the
    SYSVOL has been shared.  Failing SYSVOL replication problems may cause
    Group Policy problems.
    An Warning Event occurred.  EventID: 0x800034FE
       Time Generated: 08/29/2012   15:46:23
       Event String:
       File Replication Service is scanning the data in the system volume.
ter CCTSVR cannot become a domain controller until this process is complete
 system volume will then be shared as SYSVOL.

       To check for the SYSVOL share, at the command prompt, type:
       net share

       When File Replication Service completes the scanning process, the SY
share will appear.

       The initialization of the system volume can take some time. The time
ependent on the amount of data in the system volume.
    An Warning Event occurred.  EventID: 0x800034C4
       Time Generated: 08/29/2012   15:50:06
       Event String:
       The File Replication Service is having trouble enabling replication
MCCS.champlain to CCTSVR for c:\windows\sysvol\domain using the DNS name MC
amplain. FRS will keep retrying.
        Following are some of the reasons you would see this warning.

        [1] FRS can not correctly resolve the DNS name MCCS.champlain from
computer.
        [2] FRS is not running on MCCS.champlain.
        [3] The topology information in the Active Directory Domain Service
 this replica has not yet replicated to all the Domain Controllers.

        This event log message will appear once per connection, After the p
m is fixed you will see another event log message indicating that the conne
 has been established.
    An Warning Event occurred.  EventID: 0x800034C4
       Time Generated: 08/29/2012   15:58:05
       Event String:
       The File Replication Service is having trouble enabling replication
MCCS to CCTSVR for c:\windows\sysvol\domain using the DNS name MCCS.champla
RS will keep retrying.
        Following are some of the reasons you would see this warning.

        [1] FRS can not correctly resolve the DNS name MCCS.champlain from
computer.
        [2] FRS is not running on MCCS.champlain.
        [3] The topology information in the Active Directory Domain Service
 this replica has not yet replicated to all the Domain Controllers.

        This event log message will appear once per connection, After the p
m is fixed you will see another event log message indicating that the conne
 has been established.
0
 
seaprAuthor Commented:
Also I need to point out that this migration was done by somebody else and I was contacted to try to help.

Also I just saw that DNS server is not running on the 2003 machine.  Is this an issue?

Thanks
0
 
Krzysztof PytkoActive Directory EngineerCommented:
OK, looks like DNS issue or problem with FRS replication. In case that DNS server is not active on 2003 DC and it is still functioning as DC, you need to check if its NIC's properties DNS server is set up.

If 2003 is not working, please ensure if it points to 2008. But the best option for that would be enabling/activating DNS server on that 2003 server and check then

Krzysztof
0
 
Krzysztof PytkoActive Directory EngineerCommented:
Please additionally provide output from

repadmin /showrepl /verbose /all >>c:\repadmin1.log
repadmin /replsummary >>c:\repadmin2.log

Open in new window


and attach this file for analyze here, please

Krzysztof
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now