• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 435
  • Last Modified:

Upgrading from 2000 Functional Domain level to 2003 Functional domain level

The Setup

I have a test setup in a VM environment of all our Production Domain Controllers in order to test the upgrade from Functional Forest/Domain level 2000 to 2003. We need to upgrade the level as we will be putting in a new Exchange 2013 server and this is a requirement

There are 3 VMs. We have (2) Server 2008 R2 SP1 Domain Controllers, and (1) Server 2003 R2 SP2 domain controller. In the virtual environment they all replicate to each other fine, I can open all AD service and everything works.

The Issue

As soon as I go to the First 2008 Server ( Which holds all FSMO roles, and is a Schema Master etc...The big cheese) and raise the Forest Functional level to 2003, the system states the upgrade is complete and will tell the other DC's. I then try to open ANY AD service on the same box I get and error.....

"naming information cannot be located because the target principal name is incorrect"

This is driving me nuts as I cannot figure out why this is happening. This should be very simple to do

Please help
  • 2
  • 2
  • 2
1 Solution
Seth SimmonsSr. Systems AdministratorCommented:
could be a few possibilities
try restarting dns and netlogon services and see if that fixes it
i would also make sure there are no stale kerberos/srv records in dns

could also run dcdiag /test:checksecurityerror and see if that yields anything useful
TechEagleAuthor Commented:
"try restarting dns and netlogon services and see if that fixes it"

I have re-started the VMs. No effect

"i would also make sure there are no stale kerberos/srv records in dns"

What stale records would there be? These VMs were made a few days ago

"dcdiag /test:checksecurityerror"

I ran this and only thing is said was that it could not find a KDC. Everything else passed
did you confirm AD was OK and replicating on your virtual environment before you raised the level?
raising the domain/forest level rarely causes any issues as long as you have removed all older DCs (which you have)
unless you didn't demote the old servers correctly (check for old servers in AD) you shouldn't really have an issue.

Perform normal DC tests (dcdiag etc) to see whats happening now and check historic event logs for AD & FRS to confirm if there was an issue BEFORE you raised the level or not.
Did you P2V these servers offline or in DS restore mode? If you P2Vd them live you may have corrupted the AD.

note: recent versions of Windows server have got smart to being P2Vd. when you first start them up after P2Ving them they put themselves into a temporary state where they wait to check their AD with another DC before functioning correctly. Great feature but a pain if you P2Ving into a test env as all of the P2Vd DCs could sit waiting to replicate with a normal DC before running properly.
Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

Seth SimmonsSr. Systems AdministratorCommented:
These VMs were made a few days ago

does this test setup mimic production?
did you take a DS backup from a domain controller and restore in the test area?
if what you have in your test environment (you said it's only a few days old) then there could be something that doesn't match production.  your test environment might fail the upgrade but the variables present may not exist in production
TechEagleAuthor Commented:
Yes the setup Mimics production. The only difference is that I had to change IPs on 2 of the DCs to place them on the same subnet as the First DC ( FSMO role holder ) because I cannot replicate the subnets the other two came from. ( Can only do so much with a single server and VM setups)

Even with changing the IPs, Everything Syncs ( Replicates ) in my test environment before I do the upgrade. DNS entries, Users, etc. If I create entries in either DNS or in AD Users and Computers, the changes replicate to the others. Everything seems to be Status Quo before the upgrade. After the upgrade I get the error as indicated in the original post
I've only seen issues like this when the P2V was unsuccessful, similar to the post below when trying to restore a server backup.

I suspect changing the IPs around could have messed with your systems as DCs don't like too many changes but as you are sure your AD was fine we can't really do much on that possibility.

When trying to setup a test environment with multiple sites you are best to make as little changes as possible. Best way is to leave the servers as they are and just setup a spare router to route between your 2 test subnets. this way the servers don't know they have moved and assume they are on the same sites they were before. no IP changes, no messing.
Note: you can use software routers in a VM if spare hardware is a problem (eg Pfsense, clearOS etc)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

  • 2
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now