?
Solved

errors after moving fsmo roles from server 2008 r2 to server 2012 r2

Posted on 2014-03-28
11
Medium Priority
?
872 Views
Last Modified: 2014-04-08
After moving my FSMO roles from a 2008 dc to 2012 dc I get the following errors when I run dcdiag.

Windows PowerShell
Copyright (C) 2013 Microsoft Corporation. All rights reserved.

PS C:\Windows\system32> dcdiag

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = medmod-pdc
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\MEDMOD-PDC
      Starting test: Connectivity
         ......................... MEDMOD-PDC passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\MEDMOD-PDC
      Starting test: Advertising
         ......................... MEDMOD-PDC passed test Advertising
      Starting test: FrsEvent
         ......................... MEDMOD-PDC passed test FrsEvent
      Starting test: DFSREvent
         ......................... MEDMOD-PDC passed test DFSREvent
      Starting test: SysVolCheck
         ......................... MEDMOD-PDC passed test SysVolCheck
      Starting test: KccEvent
         ......................... MEDMOD-PDC passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... MEDMOD-PDC passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... MEDMOD-PDC passed test MachineAccount
      Starting test: NCSecDesc
         ......................... MEDMOD-PDC passed test NCSecDesc
      Starting test: NetLogons
         ......................... MEDMOD-PDC passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... MEDMOD-PDC passed test ObjectsReplicated
      Starting test: Replications
         ......................... MEDMOD-PDC passed test Replications
      Starting test: RidManager
         ......................... MEDMOD-PDC passed test RidManager
      Starting test: Services
         ......................... MEDMOD-PDC passed test Services
      Starting test: SystemLog
         An error event occurred.  EventID: 0x0000166D
            Time Generated: 03/28/2014   09:33:39
            Event String: Netlogon could not register the medmod<1B> name for the following reason:
         An error event occurred.  EventID: 0xC00010E1
            Time Generated: 03/28/2014   09:33:39
            Event String:
            The name "MEDMOD         :1b" could not be registered on the interface with IP address 192.168.168.1. The
mputer with the IP address 192.168.168.21 did not allow the name to be claimed by this computer.
         A warning event occurred.  EventID: 0x0000000C
            Time Generated: 03/28/2014   09:33:39
            Event String:
            Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time sou
, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the doma
hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root do
n, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will functio
s the authoritative time source in the domain hierarchy. If an external time source is not configured or used for thi
omputer, you may choose to disable the NtpClient.
         ......................... MEDMOD-PDC failed test SystemLog
      Starting test: VerifyReferences
         ......................... MEDMOD-PDC passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : medmod
      Starting test: CheckSDRefDom
         ......................... medmod passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... medmod passed test CrossRefValidation

   Running enterprise tests on : medmod.local
      Starting test: LocatorCheck
         ......................... medmod.local passed test LocatorCheck
      Starting test: Intersite
         ......................... medmod.local passed test Intersite
PS C:\Windows\system32>


Any help would e appreciated.  Thanks
0
Comment
Question by:dtw3
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 3
11 Comments
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 39961983
first thing that stands out to me - configure your 2012 R2 box as a time server

How to configure an authoritative time server in Windows Server
http://support.microsoft.com/kb/816042
0
 
LVL 17

Expert Comment

by:Brad Bouchard
ID: 39962034
Ok this isn't a huge deal at all.  Here is why you failed the medmod part of DCDIAG.  Basically when there is an error of a certain level in the SystemLog then you will fail that part of DCDIAG.  So to correct what I think is the issue, here is what I would do.  Go to DNS on the primary DNS server and clear the cache, scavenge stale resource records, then from both servers, do an IPCONFIG/FLUSHDNS, then IPCONFIG/REGISTERDNS.  Also, reset the NIC/adapter on each server after all this.

Wait a few hours, then run DCDIAG again.  If the SystemLog fails, wait a little while longer and run it again.

And also this...
first thing that stands out to me - configure your 2012 R2 box as a time server
0
 

Author Comment

by:dtw3
ID: 39962502
Thanks for the replies.  I was able to clear up the dcdiag on the new server 2012 by following your direction but on the existing dc i get the following when running dcdiag.

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\nexustek>dcdiag

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = MEDMOD-DC
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\MEDMOD-DC
      Starting test: Connectivity
         ......................... MEDMOD-DC passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\MEDMOD-DC
      Starting test: Advertising
         ......................... MEDMOD-DC passed test Advertising
      Starting test: FrsEvent
         ......................... MEDMOD-DC passed test FrsEvent
      Starting test: DFSREvent
         ......................... MEDMOD-DC passed test DFSREvent
      Starting test: SysVolCheck
         ......................... MEDMOD-DC passed test SysVolCheck
      Starting test: KccEvent
         ......................... MEDMOD-DC passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... MEDMOD-DC passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... MEDMOD-DC passed test MachineAccount
      Starting test: NCSecDesc
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=ForestDnsZones,DC=medmod,DC=local
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=DomainDnsZones,DC=medmod,DC=local
         ......................... MEDMOD-DC failed test NCSecDesc
      Starting test: NetLogons
         ......................... MEDMOD-DC passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... MEDMOD-DC passed test ObjectsReplicated
      Starting test: Replications
         ......................... MEDMOD-DC passed test Replications
      Starting test: RidManager
         ......................... MEDMOD-DC passed test RidManager
      Starting test: Services
         ......................... MEDMOD-DC passed test Services
      Starting test: SystemLog
         ......................... MEDMOD-DC passed test SystemLog
      Starting test: VerifyReferences
         ......................... MEDMOD-DC passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : medmod
      Starting test: CheckSDRefDom
         ......................... medmod passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... medmod passed test CrossRefValidation

   Running enterprise tests on : medmod.local
      Starting test: LocatorCheck
         ......................... medmod.local passed test LocatorCheck
      Starting test: Intersite
         ......................... medmod.local passed test Intersite

Thanks for your help with this guys
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 35

Expert Comment

by:Seth Simmons
ID: 39962524
that happens because adprep /rodcprep wasn't done

Dcdiag fails for NCSecDesc test on Windows 2008 Domain Controllers
http://support.microsoft.com/kb/967482
0
 

Author Comment

by:dtw3
ID: 39962533
So if I'm not going to add a read only dc to the forest I should be ok?

"If you do not plan to add an RODC to the forest, you can disregard this error. If you plan to add an RODC to the forest, you must run adprep /rodcprep. "
0
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 39962542
yes; i saw this issue at my last place where they did a 2003 upgrade and didn't use that switch.  no plans to put in RODC and everything else is fine
0
 
LVL 17

Accepted Solution

by:
Brad Bouchard earned 2000 total points
ID: 39966554
I answered his original question and then he asked another question on this same post.  I feel that I should receive the points for this one and if a separate question needs created to address his RODC issue then that should happen and assign the points to Seth Simmons.
0
 
LVL 17

Expert Comment

by:Brad Bouchard
ID: 39966580
I feel that I should receive the points for this one and if a separate question needs created to address his RODC issue then that should happen and assign the points to Seth Simmons.

On a separate question I meant.
0
 

Author Comment

by:dtw3
ID: 39966577
I agree with you Wizard.  I tried using the  "Accept Multiple Solutions" option but I must have done something wrong.  I would like this changed
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question