Solved

Upgrading from 2000 Functional Domain level to 2003 Functional domain level

Posted on 2014-07-29
6
421 Views
Last Modified: 2014-08-04
The Setup

I have a test setup in a VM environment of all our Production Domain Controllers in order to test the upgrade from Functional Forest/Domain level 2000 to 2003. We need to upgrade the level as we will be putting in a new Exchange 2013 server and this is a requirement

There are 3 VMs. We have (2) Server 2008 R2 SP1 Domain Controllers, and (1) Server 2003 R2 SP2 domain controller. In the virtual environment they all replicate to each other fine, I can open all AD service and everything works.

The Issue

As soon as I go to the First 2008 Server ( Which holds all FSMO roles, and is a Schema Master etc...The big cheese) and raise the Forest Functional level to 2003, the system states the upgrade is complete and will tell the other DC's. I then try to open ANY AD service on the same box I get and error.....

"naming information cannot be located because the target principal name is incorrect"

This is driving me nuts as I cannot figure out why this is happening. This should be very simple to do

Please help
0
Comment
Question by:TechEagle
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 40227660
could be a few possibilities
try restarting dns and netlogon services and see if that fixes it
i would also make sure there are no stale kerberos/srv records in dns

could also run dcdiag /test:checksecurityerror and see if that yields anything useful
0
 
LVL 1

Author Comment

by:TechEagle
ID: 40227686
"try restarting dns and netlogon services and see if that fixes it"

I have re-started the VMs. No effect

"i would also make sure there are no stale kerberos/srv records in dns"

What stale records would there be? These VMs were made a few days ago

"dcdiag /test:checksecurityerror"

I ran this and only thing is said was that it could not find a KDC. Everything else passed
0
 
LVL 27

Expert Comment

by:Steve
ID: 40227774
did you confirm AD was OK and replicating on your virtual environment before you raised the level?
raising the domain/forest level rarely causes any issues as long as you have removed all older DCs (which you have)
unless you didn't demote the old servers correctly (check for old servers in AD) you shouldn't really have an issue.

Perform normal DC tests (dcdiag etc) to see whats happening now and check historic event logs for AD & FRS to confirm if there was an issue BEFORE you raised the level or not.
Did you P2V these servers offline or in DS restore mode? If you P2Vd them live you may have corrupted the AD.

note: recent versions of Windows server have got smart to being P2Vd. when you first start them up after P2Ving them they put themselves into a temporary state where they wait to check their AD with another DC before functioning correctly. Great feature but a pain if you P2Ving into a test env as all of the P2Vd DCs could sit waiting to replicate with a normal DC before running properly.
0
Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

 
LVL 35

Expert Comment

by:Seth Simmons
ID: 40228248
These VMs were made a few days ago

does this test setup mimic production?
did you take a DS backup from a domain controller and restore in the test area?
if what you have in your test environment (you said it's only a few days old) then there could be something that doesn't match production.  your test environment might fail the upgrade but the variables present may not exist in production
0
 
LVL 1

Author Comment

by:TechEagle
ID: 40228809
Yes the setup Mimics production. The only difference is that I had to change IPs on 2 of the DCs to place them on the same subnet as the First DC ( FSMO role holder ) because I cannot replicate the subnets the other two came from. ( Can only do so much with a single server and VM setups)

Even with changing the IPs, Everything Syncs ( Replicates ) in my test environment before I do the upgrade. DNS entries, Users, etc. If I create entries in either DNS or in AD Users and Computers, the changes replicate to the others. Everything seems to be Status Quo before the upgrade. After the upgrade I get the error as indicated in the original post
0
 
LVL 27

Accepted Solution

by:
Steve earned 500 total points
ID: 40229097
I've only seen issues like this when the P2V was unsuccessful, similar to the post below when trying to restore a server backup.
http://social.technet.microsoft.com/Forums/windowsserver/en-US/58a4c689-931e-42fb-b66f-817be31cf7be/error-naming-informantion-cannot-be-located?forum=winserverDS

I suspect changing the IPs around could have messed with your systems as DCs don't like too many changes but as you are sure your AD was fine we can't really do much on that possibility.

When trying to setup a test environment with multiple sites you are best to make as little changes as possible. Best way is to leave the servers as they are and just setup a spare router to route between your 2 test subnets. this way the servers don't know they have moved and assume they are on the same sites they were before. no IP changes, no messing.
Note: you can use software routers in a VM if spare hardware is a problem (eg Pfsense, clearOS etc)
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
A hard and fast method for reducing Active Directory Administrators members.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question