Link to home
Start Free TrialLog in
Avatar of pjso
pjso

asked on

No Logon Servers after replicating AD from 2003 to 2008 R2

Hello,

After my question regarding how to move a 2003 to 2008 R2 AD was answered, I tried to perform it.

DCPromo runs fine.

After a big fight I managed to get the SYSVOL and NETLOGON folders automatically replicated.
Needed to do firs a non-authoritative and then autoritative recovery.

I have transferred FSMO roles from the original 2003 server to 2008 new server using MMC console.
There was an issue with transferring the Schema Master role, so I've used ntdsutil for that.

All ok.

When shutting down the 2003 server and leaving only 2008 active, we are unable to perform any logon - as it says that there are no logon servers available. Despite the above info.

Since this was not working, I have powered back the 2003.
Had to transfer the FSMOS roles back in order for the kix script to mount the shared drives folder.

However, I cannot transfer back the FSMO role of Schema Master back to 2003, as it says that 2008 is uncontactable, which makes no sense.

Maybe you can have an idea what to check for?
I do believe it might be related to the DNS replication, as this was the first big issue.

Maybe is just easier to reload the server and recriate the AD by hand?
Avatar of Mike Kline
Mike Kline
Flag of United States of America image

what events are you seeing in your logs.  dcidag or repadmin showing any errors?

Thanks

Mike
Check the DNS entries on the network cards on the servers.
Hi

What is the primary DNS configured in the 2008 DC. Check make sure it points to loop back address. do you have any other DC ?

Thanks
Jai
Avatar of pjso
pjso

ASKER

@Jai - the 2003 has IP 10.x.x.3, and it serves as DHCP and DNS server.
However, my main DNS server (althought is set up as secondary in the DHCP) is 10.x.x.1 (Red Hat).

The 2008 has IP 10.x.x.5, and its primary DNS is set to 10.x.x.3 and 10.x.x.1.
Change the 2008 primary DNS to 127.0.0.1. when you shutdown the 2003 DC its not able to locate DNS server because you configured 2003 ip as primary DNS in 2008. that's why you are getting no logon servers error.

Thanks
Jai
Avatar of pjso

ASKER

@ Jai - Thank you.
So i should configure the primary DNS to loopback, and secondary DNS to my linux machine?
Yes please. if you are going to keep the 2003 server you can configure the server ip in dns settings but if you are planning to remove the server make sure all DNS dependency modified to 2008 server in member server and DHCP scopes.

Thanks
Jai
What DNS servers are your clients pointing at (both static and DHCP clients).  Will you be running with only one DC?

Thanks

Mike
Avatar of pjso

ASKER

The idea was to only have one DC.
So far had been running on 2003.
Hardware upgrade and architecture change, so no in-place upgrade possible.

Hence suggested here on EE to roll out a new temporary 2008 r2 AD, synchronized from the 2003 machine.

As soon as this is in place, I will format the old 2003, add a new disk array and extra 8 GiB of RAM, and load 2008 r2.
Then I want to name it with the same computer name as the original 2003, with the same IP, 10.x.x.3.

Finally, demote the temporary 2008 R2. Wipe it clean and reload the system.


All my clients are pointing DNSes to
10.x.x.3 (2003 server)
10.x.x.1 (red hat)
SOLUTION
Avatar of Mike Kline
Mike Kline
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of pjso

ASKER

Hi Mike,

How would they point to the AD?
SHould i create a DHCP role for the 2008 server, poiting it to itsef?

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Adminaccount>repadmin /showreps
Default-First-Site-Name\OLD2003DC
DC Options: IS_GC
Site Options: (none)
DC object GUID: 7b3da9f2-995d-4abe-acbe-668792efd55c
DC invocationID: 7b3da9f2-995d-4abe-acbe-668792efd55c

==== INBOUND NEIGHBORS ======================================

DC=+++my name+++,DC=+++changed name+++,DC=com
    Default-First-Site-Name\TEMP2008DC via RPC
        DC object GUID: f5cd809b-8db5-40e8-a2fb-c5b3c71b1b20
        Last attempt @ 2013-04-02 14:48:17 was successful.

CN=Configuration,DC=+++my name+++,DC=+++changed name+++,DC=com
    Default-First-Site-Name\TEMP2008DC via RPC
        DC object GUID: f5cd809b-8db5-40e8-a2fb-c5b3c71b1b20
        Last attempt @ 2013-04-02 14:42:46 was successful.

CN=Schema,CN=Configuration,DC=+++my name+++,DC=+++changed name+++,DC=com
    Default-First-Site-Name\TEMP2008DC via RPC
        DC object GUID: f5cd809b-8db5-40e8-a2fb-c5b3c71b1b20
        Last attempt @ 2013-04-02 13:56:07 was successful.

DC=DomainDnsZones,DC=+++my name+++,DC=+++changed name+++,DC=com
    Default-First-Site-Name\TEMP2008DC via RPC
        DC object GUID: f5cd809b-8db5-40e8-a2fb-c5b3c71b1b20
        Last attempt @ 2013-04-02 13:56:07 was successful.

DC=ForestDnsZones,DC=+++my name+++,DC=+++changed name+++,DC=com
    Default-First-Site-Name\TEMP2008DC via RPC
        DC object GUID: f5cd809b-8db5-40e8-a2fb-c5b3c71b1b20
        Last attempt @ 2013-04-02 13:56:07 was successful.
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
repadmin was fine all your partitions are replicating, any errors in your event logs?

Thanks

Mike
Avatar of pjso

ASKER

Sorted.
Thank you for the tips.