Solved

errors after moving fsmo roles from server 2008 r2 to server 2012 r2

Posted on 2014-03-28
11
828 Views
Last Modified: 2014-04-08
After moving my FSMO roles from a 2008 dc to 2012 dc I get the following errors when I run dcdiag.

Windows PowerShell
Copyright (C) 2013 Microsoft Corporation. All rights reserved.

PS C:\Windows\system32> dcdiag

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = medmod-pdc
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\MEDMOD-PDC
      Starting test: Connectivity
         ......................... MEDMOD-PDC passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\MEDMOD-PDC
      Starting test: Advertising
         ......................... MEDMOD-PDC passed test Advertising
      Starting test: FrsEvent
         ......................... MEDMOD-PDC passed test FrsEvent
      Starting test: DFSREvent
         ......................... MEDMOD-PDC passed test DFSREvent
      Starting test: SysVolCheck
         ......................... MEDMOD-PDC passed test SysVolCheck
      Starting test: KccEvent
         ......................... MEDMOD-PDC passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... MEDMOD-PDC passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... MEDMOD-PDC passed test MachineAccount
      Starting test: NCSecDesc
         ......................... MEDMOD-PDC passed test NCSecDesc
      Starting test: NetLogons
         ......................... MEDMOD-PDC passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... MEDMOD-PDC passed test ObjectsReplicated
      Starting test: Replications
         ......................... MEDMOD-PDC passed test Replications
      Starting test: RidManager
         ......................... MEDMOD-PDC passed test RidManager
      Starting test: Services
         ......................... MEDMOD-PDC passed test Services
      Starting test: SystemLog
         An error event occurred.  EventID: 0x0000166D
            Time Generated: 03/28/2014   09:33:39
            Event String: Netlogon could not register the medmod<1B> name for the following reason:
         An error event occurred.  EventID: 0xC00010E1
            Time Generated: 03/28/2014   09:33:39
            Event String:
            The name "MEDMOD         :1b" could not be registered on the interface with IP address 192.168.168.1. The
mputer with the IP address 192.168.168.21 did not allow the name to be claimed by this computer.
         A warning event occurred.  EventID: 0x0000000C
            Time Generated: 03/28/2014   09:33:39
            Event String:
            Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time sou
, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the doma
hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root do
n, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will functio
s the authoritative time source in the domain hierarchy. If an external time source is not configured or used for thi
omputer, you may choose to disable the NtpClient.
         ......................... MEDMOD-PDC failed test SystemLog
      Starting test: VerifyReferences
         ......................... MEDMOD-PDC passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : medmod
      Starting test: CheckSDRefDom
         ......................... medmod passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... medmod passed test CrossRefValidation

   Running enterprise tests on : medmod.local
      Starting test: LocatorCheck
         ......................... medmod.local passed test LocatorCheck
      Starting test: Intersite
         ......................... medmod.local passed test Intersite
PS C:\Windows\system32>


Any help would e appreciated.  Thanks
0
Comment
Question by:dtw3
  • 3
  • 3
  • 3
11 Comments
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 39961983
first thing that stands out to me - configure your 2012 R2 box as a time server

How to configure an authoritative time server in Windows Server
http://support.microsoft.com/kb/816042
0
 
LVL 17

Expert Comment

by:Brad Bouchard
ID: 39962034
Ok this isn't a huge deal at all.  Here is why you failed the medmod part of DCDIAG.  Basically when there is an error of a certain level in the SystemLog then you will fail that part of DCDIAG.  So to correct what I think is the issue, here is what I would do.  Go to DNS on the primary DNS server and clear the cache, scavenge stale resource records, then from both servers, do an IPCONFIG/FLUSHDNS, then IPCONFIG/REGISTERDNS.  Also, reset the NIC/adapter on each server after all this.

Wait a few hours, then run DCDIAG again.  If the SystemLog fails, wait a little while longer and run it again.

And also this...
first thing that stands out to me - configure your 2012 R2 box as a time server
0
 

Author Comment

by:dtw3
ID: 39962502
Thanks for the replies.  I was able to clear up the dcdiag on the new server 2012 by following your direction but on the existing dc i get the following when running dcdiag.

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\nexustek>dcdiag

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = MEDMOD-DC
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\MEDMOD-DC
      Starting test: Connectivity
         ......................... MEDMOD-DC passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\MEDMOD-DC
      Starting test: Advertising
         ......................... MEDMOD-DC passed test Advertising
      Starting test: FrsEvent
         ......................... MEDMOD-DC passed test FrsEvent
      Starting test: DFSREvent
         ......................... MEDMOD-DC passed test DFSREvent
      Starting test: SysVolCheck
         ......................... MEDMOD-DC passed test SysVolCheck
      Starting test: KccEvent
         ......................... MEDMOD-DC passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... MEDMOD-DC passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... MEDMOD-DC passed test MachineAccount
      Starting test: NCSecDesc
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=ForestDnsZones,DC=medmod,DC=local
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=DomainDnsZones,DC=medmod,DC=local
         ......................... MEDMOD-DC failed test NCSecDesc
      Starting test: NetLogons
         ......................... MEDMOD-DC passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... MEDMOD-DC passed test ObjectsReplicated
      Starting test: Replications
         ......................... MEDMOD-DC passed test Replications
      Starting test: RidManager
         ......................... MEDMOD-DC passed test RidManager
      Starting test: Services
         ......................... MEDMOD-DC passed test Services
      Starting test: SystemLog
         ......................... MEDMOD-DC passed test SystemLog
      Starting test: VerifyReferences
         ......................... MEDMOD-DC passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : medmod
      Starting test: CheckSDRefDom
         ......................... medmod passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... medmod passed test CrossRefValidation

   Running enterprise tests on : medmod.local
      Starting test: LocatorCheck
         ......................... medmod.local passed test LocatorCheck
      Starting test: Intersite
         ......................... medmod.local passed test Intersite

Thanks for your help with this guys
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 39962524
that happens because adprep /rodcprep wasn't done

Dcdiag fails for NCSecDesc test on Windows 2008 Domain Controllers
http://support.microsoft.com/kb/967482
0
 

Author Comment

by:dtw3
ID: 39962533
So if I'm not going to add a read only dc to the forest I should be ok?

"If you do not plan to add an RODC to the forest, you can disregard this error. If you plan to add an RODC to the forest, you must run adprep /rodcprep. "
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 39962542
yes; i saw this issue at my last place where they did a 2003 upgrade and didn't use that switch.  no plans to put in RODC and everything else is fine
0
 
LVL 17

Accepted Solution

by:
Brad Bouchard earned 500 total points
ID: 39966554
I answered his original question and then he asked another question on this same post.  I feel that I should receive the points for this one and if a separate question needs created to address his RODC issue then that should happen and assign the points to Seth Simmons.
0
 
LVL 17

Expert Comment

by:Brad Bouchard
ID: 39966580
I feel that I should receive the points for this one and if a separate question needs created to address his RODC issue then that should happen and assign the points to Seth Simmons.

On a separate question I meant.
0
 

Author Comment

by:dtw3
ID: 39966577
I agree with you Wizard.  I tried using the  "Accept Multiple Solutions" option but I must have done something wrong.  I would like this changed
0

Join & Write a Comment

OfficeMate Freezes on login or does not load after login credentials are input.
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now