?
Solved

Upgrading from 2000 Functional Domain level to 2003 Functional domain level

Posted on 2014-07-29
6
Medium Priority
?
425 Views
Last Modified: 2014-08-04
The Setup

I have a test setup in a VM environment of all our Production Domain Controllers in order to test the upgrade from Functional Forest/Domain level 2000 to 2003. We need to upgrade the level as we will be putting in a new Exchange 2013 server and this is a requirement

There are 3 VMs. We have (2) Server 2008 R2 SP1 Domain Controllers, and (1) Server 2003 R2 SP2 domain controller. In the virtual environment they all replicate to each other fine, I can open all AD service and everything works.

The Issue

As soon as I go to the First 2008 Server ( Which holds all FSMO roles, and is a Schema Master etc...The big cheese) and raise the Forest Functional level to 2003, the system states the upgrade is complete and will tell the other DC's. I then try to open ANY AD service on the same box I get and error.....

"naming information cannot be located because the target principal name is incorrect"

This is driving me nuts as I cannot figure out why this is happening. This should be very simple to do

Please help
0
Comment
Question by:TechEagle
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 40227660
could be a few possibilities
try restarting dns and netlogon services and see if that fixes it
i would also make sure there are no stale kerberos/srv records in dns

could also run dcdiag /test:checksecurityerror and see if that yields anything useful
0
 
LVL 1

Author Comment

by:TechEagle
ID: 40227686
"try restarting dns and netlogon services and see if that fixes it"

I have re-started the VMs. No effect

"i would also make sure there are no stale kerberos/srv records in dns"

What stale records would there be? These VMs were made a few days ago

"dcdiag /test:checksecurityerror"

I ran this and only thing is said was that it could not find a KDC. Everything else passed
0
 
LVL 27

Expert Comment

by:Steve
ID: 40227774
did you confirm AD was OK and replicating on your virtual environment before you raised the level?
raising the domain/forest level rarely causes any issues as long as you have removed all older DCs (which you have)
unless you didn't demote the old servers correctly (check for old servers in AD) you shouldn't really have an issue.

Perform normal DC tests (dcdiag etc) to see whats happening now and check historic event logs for AD & FRS to confirm if there was an issue BEFORE you raised the level or not.
Did you P2V these servers offline or in DS restore mode? If you P2Vd them live you may have corrupted the AD.

note: recent versions of Windows server have got smart to being P2Vd. when you first start them up after P2Ving them they put themselves into a temporary state where they wait to check their AD with another DC before functioning correctly. Great feature but a pain if you P2Ving into a test env as all of the P2Vd DCs could sit waiting to replicate with a normal DC before running properly.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 35

Expert Comment

by:Seth Simmons
ID: 40228248
These VMs were made a few days ago

does this test setup mimic production?
did you take a DS backup from a domain controller and restore in the test area?
if what you have in your test environment (you said it's only a few days old) then there could be something that doesn't match production.  your test environment might fail the upgrade but the variables present may not exist in production
0
 
LVL 1

Author Comment

by:TechEagle
ID: 40228809
Yes the setup Mimics production. The only difference is that I had to change IPs on 2 of the DCs to place them on the same subnet as the First DC ( FSMO role holder ) because I cannot replicate the subnets the other two came from. ( Can only do so much with a single server and VM setups)

Even with changing the IPs, Everything Syncs ( Replicates ) in my test environment before I do the upgrade. DNS entries, Users, etc. If I create entries in either DNS or in AD Users and Computers, the changes replicate to the others. Everything seems to be Status Quo before the upgrade. After the upgrade I get the error as indicated in the original post
0
 
LVL 27

Accepted Solution

by:
Steve earned 2000 total points
ID: 40229097
I've only seen issues like this when the P2V was unsuccessful, similar to the post below when trying to restore a server backup.
http://social.technet.microsoft.com/Forums/windowsserver/en-US/58a4c689-931e-42fb-b66f-817be31cf7be/error-naming-informantion-cannot-be-located?forum=winserverDS

I suspect changing the IPs around could have messed with your systems as DCs don't like too many changes but as you are sure your AD was fine we can't really do much on that possibility.

When trying to setup a test environment with multiple sites you are best to make as little changes as possible. Best way is to leave the servers as they are and just setup a spare router to route between your 2 test subnets. this way the servers don't know they have moved and assume they are on the same sites they were before. no IP changes, no messing.
Note: you can use software routers in a VM if spare hardware is a problem (eg Pfsense, clearOS etc)
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question