Avatar of pjso
pjso
 asked on

No Logon Servers after replicating AD from 2003 to 2008 R2

Hello,

After my question regarding how to move a 2003 to 2008 R2 AD was answered, I tried to perform it.

DCPromo runs fine.

After a big fight I managed to get the SYSVOL and NETLOGON folders automatically replicated.
Needed to do firs a non-authoritative and then autoritative recovery.

I have transferred FSMO roles from the original 2003 server to 2008 new server using MMC console.
There was an issue with transferring the Schema Master role, so I've used ntdsutil for that.

All ok.

When shutting down the 2003 server and leaving only 2008 active, we are unable to perform any logon - as it says that there are no logon servers available. Despite the above info.

Since this was not working, I have powered back the 2003.
Had to transfer the FSMOS roles back in order for the kix script to mount the shared drives folder.

However, I cannot transfer back the FSMO role of Schema Master back to 2003, as it says that 2008 is uncontactable, which makes no sense.

Maybe you can have an idea what to check for?
I do believe it might be related to the DNS replication, as this was the first big issue.

Maybe is just easier to reload the server and recriate the AD by hand?
Windows Server 2008Windows Server 2003Active Directory

Avatar of undefined
Last Comment
pjso

8/22/2022 - Mon
Mike Kline

what events are you seeing in your logs.  dcidag or repadmin showing any errors?

Thanks

Mike
Carol Chisholm

Check the DNS entries on the network cards on the servers.
Jaihunt

Hi

What is the primary DNS configured in the 2008 DC. Check make sure it points to loop back address. do you have any other DC ?

Thanks
Jai
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
pjso

ASKER
@Jai - the 2003 has IP 10.x.x.3, and it serves as DHCP and DNS server.
However, my main DNS server (althought is set up as secondary in the DHCP) is 10.x.x.1 (Red Hat).

The 2008 has IP 10.x.x.5, and its primary DNS is set to 10.x.x.3 and 10.x.x.1.
Jaihunt

Change the 2008 primary DNS to 127.0.0.1. when you shutdown the 2003 DC its not able to locate DNS server because you configured 2003 ip as primary DNS in 2008. that's why you are getting no logon servers error.

Thanks
Jai
pjso

ASKER
@ Jai - Thank you.
So i should configure the primary DNS to loopback, and secondary DNS to my linux machine?
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Jaihunt

Yes please. if you are going to keep the 2003 server you can configure the server ip in dns settings but if you are planning to remove the server make sure all DNS dependency modified to 2008 server in member server and DHCP scopes.

Thanks
Jai
Mike Kline

What DNS servers are your clients pointing at (both static and DHCP clients).  Will you be running with only one DC?

Thanks

Mike
pjso

ASKER
The idea was to only have one DC.
So far had been running on 2003.
Hardware upgrade and architecture change, so no in-place upgrade possible.

Hence suggested here on EE to roll out a new temporary 2008 r2 AD, synchronized from the 2003 machine.

As soon as this is in place, I will format the old 2003, add a new disk array and extra 8 GiB of RAM, and load 2008 r2.
Then I want to name it with the same computer name as the original 2003, with the same IP, 10.x.x.3.

Finally, demote the temporary 2008 R2. Wipe it clean and reload the system.


All my clients are pointing DNSes to
10.x.x.3 (2003 server)
10.x.x.1 (red hat)
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
SOLUTION
Mike Kline

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
pjso

ASKER
Hi Mike,

How would they point to the AD?
SHould i create a DHCP role for the 2008 server, poiting it to itsef?

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Adminaccount>repadmin /showreps
Default-First-Site-Name\OLD2003DC
DC Options: IS_GC
Site Options: (none)
DC object GUID: 7b3da9f2-995d-4abe-acbe-668792efd55c
DC invocationID: 7b3da9f2-995d-4abe-acbe-668792efd55c

==== INBOUND NEIGHBORS ======================================

DC=+++my name+++,DC=+++changed name+++,DC=com
    Default-First-Site-Name\TEMP2008DC via RPC
        DC object GUID: f5cd809b-8db5-40e8-a2fb-c5b3c71b1b20
        Last attempt @ 2013-04-02 14:48:17 was successful.

CN=Configuration,DC=+++my name+++,DC=+++changed name+++,DC=com
    Default-First-Site-Name\TEMP2008DC via RPC
        DC object GUID: f5cd809b-8db5-40e8-a2fb-c5b3c71b1b20
        Last attempt @ 2013-04-02 14:42:46 was successful.

CN=Schema,CN=Configuration,DC=+++my name+++,DC=+++changed name+++,DC=com
    Default-First-Site-Name\TEMP2008DC via RPC
        DC object GUID: f5cd809b-8db5-40e8-a2fb-c5b3c71b1b20
        Last attempt @ 2013-04-02 13:56:07 was successful.

DC=DomainDnsZones,DC=+++my name+++,DC=+++changed name+++,DC=com
    Default-First-Site-Name\TEMP2008DC via RPC
        DC object GUID: f5cd809b-8db5-40e8-a2fb-c5b3c71b1b20
        Last attempt @ 2013-04-02 13:56:07 was successful.

DC=ForestDnsZones,DC=+++my name+++,DC=+++changed name+++,DC=com
    Default-First-Site-Name\TEMP2008DC via RPC
        DC object GUID: f5cd809b-8db5-40e8-a2fb-c5b3c71b1b20
        Last attempt @ 2013-04-02 13:56:07 was successful.
ASKER CERTIFIED SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Mike Kline

repadmin was fine all your partitions are replicating, any errors in your event logs?

Thanks

Mike
pjso

ASKER
Sorted.
Thank you for the tips.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.