Upgraded Domain Controllers to Server 2008 R2 - Can't Access Group Policy Console

I have 3 branches.
Each branch has 2 DCs.
Up until a few days ago they were all running Server 2003.
I upgraded 2 DCs to Server 2008 R2.
On the 2 servers that are running Server 2008 R2, I'm unable to open the Group Policy Management Console.
I get the following error message:
"The specified domain controller could not be contacted.  This affects all sites in the console for the following forest.
Forest: domain.local
The error was:
The specified domain controller either does not exist or could not be contacted."

The are some options at the bottom -
- Choose a different domain controller
- Retry
- Remove all sites in this forest from the console

Can anyone tell me why this is happening?  
I demoted the 2 DCs before I reinstalled the Operating System.  The server names and IP addresses didn't change.  I can remotely access the servers, etc and everything appears to be operational except for this issue (although there may be more issues I'm unaware of).

Any help would be appreciated.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
How is your replicaiton after your 2008R2 DC were promoted? When you open GPMC.msc it should automatically connect to the PDC role holder.

run the following commands below...
- repadmin /replsum
- repadmin /showrepl
- repadmin /bridgeheads
- DCDiag /v

Uptime Legal SystemsCommented:
Do the SYSVOL and NETLOGON show up in the Windows folder?

When upgrading from 2003 to a 2008 R2 domain controller, you may need to change HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\SysvolReady to 0, then change it back to 1.
homerslmpsonAuthor Commented:
See attached for the output from the commands you asked me to run.
These commands were run on one of the Server 2008 R2 servers - don't know if that's where I should have run them.  There are some errors/warnings but I'm not sure how to decipher them.

The NETLOGON folder and SYSVOL folder are showing up as shared folders when going to \\SERVER2008R2
The 2 servers that are running Server 2008 R2 are fresh installs - not upgrades. Not sure I understood what you asked.
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

homerslmpsonAuthor Commented:
I feel like AD Sites and Services may be hinting at the issue.
Like I said, we have 3 sites (NNJ, SNJ and PA).
The servers we upgraded to Server 2008 R2 are in BOLD.
The NTDS Settings look strange to me...

They are laid out as follows:

   - DC1
      - NAME: <automatically generated>  FROM SERVER: SQLSRVPA1  FROM SITE: PA   TYPE: Connection
      - NAME: <automatically generated>  FROM SERVER: SQLSRVSNJ  FROM SITE: SNJ   TYPE: Connection
      - NAME: <automatically generated>  FROM SERVER: DC2  FROM SITE: NNJ   TYPE: Connection
   - DC2
      - NAME: <automatically generated>  FROM SERVER: SQLSRVSNJ  FROM SITE: SNJ   TYPE: Connection
      - NAME: <automatically generated>  FROM SERVER: DC1  FROM SITE: NNJ   TYPE: Connection
      - NAME: <automatically generated>  FROM SERVER: SQLSRVPA1  FROM SITE: PA   TYPE: Connection
      - NAME: <automatically generated>  FROM SERVER: SQLSRVSNJ2  FROM SITE: SNJ   TYPE: Connection
      - NAME: DC1  FROM SERVER: DC1  FROM SITE: NNJ   TYPE: Connection
      - NAME: <automatically generated>  FROM SERVER: SQLSRVSNJ  FROM SITE: SNJ   TYPE: Connection

PA -
      - NAME: <automatically generated>  FROM SERVER: SQLSRVPA1  FROM SITE: PA   TYPE: Connection
      - NAME: <automatically generated>  FROM SERVER: DC1  FROM SITE: NNJ   TYPE: Connection
      - NAME: <automatically generated>  FROM SERVER: SQLSRVPA  FROM SITE: PA   TYPE: Connection
Will SzymkowskiSenior Solution ArchitectCommented:
In the output file you provided you are having issues with your InterSite Transport servers (bridgehead servers). As you have stated this is in Sites and Services.

 SNJ      DC1    IP 2015-05-21 07:53:23  21   The RPC server is unavailable.

                 Bonland ForestDnsZones Configuration DomainDnsZones

                      PA      DC1    IP 2015-05-21 07:53:23  21   The RPC server is unavailable.

Make sure that appropriate connections are made and that they are set to Automatic.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
homerslmpsonAuthor Commented:
I'm not sure where to find these settings.
Once you give me a clue, I can take a look at the other servers that appear to be working OK and match the settings.
Will SzymkowskiSenior Solution ArchitectCommented:
You need to go into AD Sites and Services and from there expand each of the DC's and check the connections that are made. As i stated before the connections should be automatically created.

homerslmpsonAuthor Commented:
OK well the missing connections are clearly NOT being created automatically so I went ahead and created them.
As of right now, I can access the GPMC successfully from the 2 new DCs.
I don't know why I had to manually create the connections though.  I'm not feeling too good about the domain's health at the moment ...
Will SzymkowskiSenior Solution ArchitectCommented:
All you need to do to allow the connections be to created automatically is do the following...
- open sites and services
- expand servers
- expand the DC that is having issues
- right click NTDS settings
- All Tasks
- Check Replicaiton Topology

Once you do this it will generate new connections for this DC based on the best logical route/path. Creating manual connections will work, but if a connection is down the Knowledge Consistency Checker will not re-create the connections to a DC that is online.

If replication is working now then you should be fine. Just follow the steps above to create connections automatically.

homerslmpsonAuthor Commented:
When I remove the manually created connection and run the "check replication topography" it doesn't re-create the connection to the DC in the main branch.
The only automatically created connection is the one to/from the DC on the same subnet.
homerslmpsonAuthor Commented:
I still never figured out how to make the connections AUTOMATIC but that's not technically the question I originally asked so I'm assigning you points for helping me with the initial question. As of now, I still can't automatically create the connections but we will see what happens when I finish upgrading all DCs to Server 2008 R2.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.