Login scripts not running after Server 2003 DC server failure

First a little background.

I walked into the following setup:

SERVER08 - Windows 2008 R2 Std acting as PDC, GC, RID, Schema Master, Domain Naming (see ntdsutil results below)

SERVER03 - Windows 2003 Std Acting as DC, GC, RID, Infrastructure Master (not sure of all roles)

Functional level is  Windows 2000.

Server 03 had a hardware meltdown and could not be replaced.  Now when users log on the logon scripts do not run and apparently roaming profiles do not work either.  The correct logon scripts are located in the sysvol directory.  SERVER08 appears to have all the roles except Infrastructure Master.  see dcdiag below.

I have seen a couple articles about Server 2008 and seizing the Infrastructure role.  One says the GC cannot have this role, another article stated that it was possible as long as there was only 1 domain (which there is).   I would like to know if there would be any issues if I seize the Infrastructure Master role on SERVER08?

Listing the roles:
ntdsutil: roles
fsmo maintenance: connections
server connections: connect to server SERVER08
Binding to SERVER08 ...
Connected to SERVER08 using credentials of locally logged on user.
server connections: q
fsmo maintenance: select operation target
select operation target: list roles
Error parsing Input - Invalid Syntax.
select operation target: list roles for connected server
Server "SERVER08" knows about 5 roles
Schema - CN=NTDS Settings,CN=SERVER08,CN=Servers,CN=Default-First-Site-Nam
e,CN=Sites,CN=Configuration,DC=stwia,DC=local
Naming Master - CN=NTDS Settings,CN=SERVER08,CN=Servers,CN=Default-First-S
ite-Name,CN=Sites,CN=Configuration,DC=stwia,DC=local
PDC - CN=NTDS Settings,CN=SERVER08,CN=Servers,CN=Default-First-Site-Name,C
N=Sites,CN=Configuration,DC=stwia,DC=local
RID - CN=NTDS Settings,CN=SERVER08,CN=Servers,CN=Default-First-Site-Name,C
N=Sites,CN=Configuration,DC=stwia,DC=local
Infrastructure - CN=NTDS Settings,CN=SERVER03,CN=Servers,CN=Default-First-Si
te-Name,CN=Sites,CN=Configuration,DC=stwia,DC=local
select operation target:

DCDIAG results
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\administrator.STWIA>dcdiag

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = SERVER08
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\SERVER08
      Starting test: Connectivity
         ......................... SERVER08 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\SERVER08
      Starting test: Advertising
         ......................... SERVER08 passed test Advertising
      Starting test: FrsEvent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... SERVER08 failed test FrsEvent
      Starting test: DFSREvent
         ......................... SERVER08 passed test DFSREvent
      Starting test: SysVolCheck
         ......................... SERVER08 passed test SysVolCheck
      Starting test: KccEvent
         ......................... SERVER08 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         [SERVER03] DsBindWithSpnEx() failed with error 1722,
         The RPC server is unavailable..
         Warning: SERVER03 is the Infrastructure Update Owner, but is not
         responding to DS RPC Bind.
         Ldap search capabality attribute search failed on server SERVER03,
         return value = 81
         Warning: SERVER03 is the Infrastructure Update Owner, but is not
         responding to LDAP Bind.
         ......................... SERVER08 failed test
         KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... SERVER08 passed test MachineAccount
      Starting test: NCSecDesc
         ......................... SERVER08 passed test NCSecDesc
      Starting test: NetLogons
         ......................... SERVER08 passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... SERVER08 passed test ObjectsReplicated
      Starting test: Replications
         [Replications Check,SERVER08] A recent replication attempt
         failed:
            From SERVER03 to SERVER08
            Naming Context: DC=ForestDnsZones,DC=stwia,DC=local
            The replication generated an error (1256):
            The remote system is not available. For information about network tr
oubleshooting, see Windows Help.

            The failure occurred at 2014-08-25 17:53:31.
            The last success occurred at 2014-07-04 05:49:16.
            1270 failures have occurred since the last success.
         [Replications Check,SERVER08] A recent replication attempt
         failed:
            From SERVER03 to SERVER08
            Naming Context: DC=DomainDnsZones,DC=stwia,DC=local
            The replication generated an error (1256):
            The remote system is not available. For information about network tr
oubleshooting, see Windows Help.

            The failure occurred at 2014-08-25 17:53:31.
            The last success occurred at 2014-07-04 05:49:09.
            1270 failures have occurred since the last success.
         [Replications Check,SERVER08] A recent replication attempt
         failed:
            From SERVER03 to SERVER08
            Naming Context: CN=Schema,CN=Configuration,DC=stwia,DC=local
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2014-08-25 17:54:13.
            The last success occurred at 2014-07-04 05:48:55.
            1264 failures have occurred since the last success.
            The source remains down. Please check the machine.
         [Replications Check,SERVER08] A recent replication attempt
         failed:
            From SERVER03 to SERVER08
            Naming Context: CN=Configuration,DC=stwia,DC=local
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2014-08-25 17:53:52.
            The last success occurred at 2014-07-04 05:48:52.
            1265 failures have occurred since the last success.
            The source remains down. Please check the machine.
         [Replications Check,SERVER08] A recent replication attempt
         failed:
            From SERVER03 to SERVER08
            Naming Context: DC=stwia,DC=local
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2014-08-25 17:53:31.
            The last success occurred at 2014-07-04 06:15:28.
            1265 failures have occurred since the last success.
            The source remains down. Please check the machine.
         ......................... SERVER08 failed test Replications
      Starting test: RidManager
         ......................... SERVER08 passed test RidManager
      Starting test: Services
         ......................... SERVER08 passed test Services
      Starting test: SystemLog
         ......................... SERVER08 passed test SystemLog
      Starting test: VerifyReferences
         ......................... SERVER08 passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : stwia
      Starting test: CheckSDRefDom
         ......................... stwia passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... stwia passed test CrossRefValidation

   Running enterprise tests on : stwia.local
      Starting test: LocatorCheck
         ......................... stwia.local passed test LocatorCheck
      Starting test: Intersite
         ......................... stwia.local passed test Intersite

C:\Users\administrator.STWIA>
laltobelliIT ConsultantAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Seth SimmonsSr. Systems AdministratorCommented:
you should seize those roles to the 2008 server

if the 2003 server is not coming back, clean it manually so the 2008 server will stop logging events about replication issues

Delete Failed DCs from Active Directory
http://www.petri.com/delete_failed_dcs_from_ad.htm

Clean Up Server Metadata
http://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx

if you do netdom query fsmo you can see what roles the 2003 server had and seize them on the 2008 server; no issues seizing the infra master

do the login scripts appear in the netlogon folder on the 2008 server?
where do the roaming profiles reside?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
laltobelliIT ConsultantAuthor Commented:
Hi Seth,

I think we're almost there.  I seized the Infrastructure role and now netdom query fsmo shows SERVER08 as having all of the roles.

However I'm still having problems with people logging in (user not recognized) and running dcdiag I still get an frsevent error:

Starting test: FrsEvent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... SERVER08 failed test FrsEvent

Running a gpupdate report on a workstation results in this error:

Group Policy Infrastructure failed due to the error listed below:
Logon failure: unknown user name or bad password
Note: Due to GP Core failure, none of the other Group Policy components processed their policy.  Consequently, status information for the other components is not available.
0
Seth SimmonsSr. Systems AdministratorCommented:
FrsEvent could be ignored if that doesn't appear in dcdiag tomorrow
could be seeing errors, say from last night, that are within the last 24 hours it's reporting on

as far as the group policy errors go, any related errors on the domain controllers?
also, were clients using the 2003 server for DNS?  if so, has that (or dhcp scope(s) if being used) been updated to point to the 2008 server?  is the 2008 server pointing to itself for DNS?
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

laltobelliIT ConsultantAuthor Commented:
DNS was running on both servers.  I removed the old server from the DNS settings, SERVER08 does point to itself.
I changed the DHCP Scope to point only to the new server.

It does not seem to be happening to all users, although not all of them have rebooted their systems either.
ipconfig /all returns SERVER 08 as the DHCP and DNS server.

I'm not seeing any Group Policy errors on the server.  Server is running very clean right now, very few errors.
0
laltobelliIT ConsultantAuthor Commented:
Hi Seth,

We are getting there, thanks for all your suggestions.

DCDIAG is now running without errors, but scripts still do not appear to be running and the Home Folder Connect to drive is not working either.

Any suggestions?
0
Seth SimmonsSr. Systems AdministratorCommented:
going back to my original post...

do the login scripts appear in the netlogon folder on the 2008 server?
where do the roaming profiles reside?
0
laltobelliIT ConsultantAuthor Commented:
Hi Seth,

Sorry about the delay in getting back to you.  The login scripts are located in the netlogon folder:

C:\Windows\SYSVOL\domain\scripts
C:\Windows\SYSVOL\sysvol\stwia.local\scripts

My mistake on the Roaming Profiles, they are not using Roaming profiles.  They are using Home Folder Connect to setup a network drive, this is not working.   I can go and map the drive on the individual PCs, but it is not doing it as part of the profile when the users log on.
0
Seth SimmonsSr. Systems AdministratorCommented:
what kind of script? batch file? vb script?
0
laltobelliIT ConsultantAuthor Commented:
Batch file (login.bat)
0
Seth SimmonsSr. Systems AdministratorCommented:
try putting pause as the last line
this will prompt to press any key which will allow you to see the window before it closes in case there are any errors
0
laltobelliIT ConsultantAuthor Commented:
Hi Seth,

I did this for one user and the batch file did run (without errors).  The issue seems to have cleared up.  (I was also fighting a network switch issue at the same time and that appears to be working now too, it may be that the two were related).

I am going to monitor this for another day or two, if there are no more issues I will close this question.

I appreciate the help and will give you credit for  the resolution when I close it.

Thanks,

Larry
0
laltobelliIT ConsultantAuthor Commented:
Thanks to Seth everything looks good right now.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.