2003 DC to 2012DC migration- cant join domain
I have migrated from 2003 to 2012, but I have not demoted the 2003 server yet. I tried to join a server to the domain with the DNS of that machine assigned to the IP address of the new 2012 DC. it would not join. when I changed the DNS IP address to the old 2003 server it joined immediately.
Is this due to 2003 not being demoted? I just figured the new DC would have allowed this function to happen without demoting the 2003 server?
Is this due to 2003 not being demoted? I just figured the new DC would have allowed this function to happen without demoting the 2003 server?
ASKER
The only message given was that no domain controller could be contacted. I could ping the server name of the new dc and it resolved the name fine, so I really didn't think it was DNS, but I changed the DNS ip to the old 2003 server and that did the trick. I will check replication logs to see if there are any issues.
The message suggests that your DC 2012 promotion did not complete.
Does the 2012 have sysvol/netlogon shared. Looking at the DNS on 2012 does it see the ADdomain, is it answering requests on the IP, make sure advanced firewall settings allow access to port 53 TCP and UDP this is the .......
nslookup -q=soa addomainame ip_of_2012_server
What do you get?
Make sure under fileserver services on the 2012 that you have windows 2003 services added as file server role services, this is needed for ntfrs replication and is the cause netlogon/sysvol did not replicate......
Does the 2012 have sysvol/netlogon shared. Looking at the DNS on 2012 does it see the ADdomain, is it answering requests on the IP, make sure advanced firewall settings allow access to port 53 TCP and UDP this is the .......
nslookup -q=soa addomainame ip_of_2012_server
What do you get?
Make sure under fileserver services on the 2012 that you have windows 2003 services added as file server role services, this is needed for ntfrs replication and is the cause netlogon/sysvol did not replicate......
ASKER
people are now not able to login. I do have a sysvol/netlogon shared on 2012.
I didnt think firewall settings had to be changed on server?
I do not understand the last request- under file services that I have windows 2003 added as role? where is that at so I can check it?
I didnt think firewall settings had to be changed on server?
I do not understand the last request- under file services that I have windows 2003 added as role? where is that at so I can check it?
If says il and netlogon are available then you already have on the 2012 fileserver role, fileserver role services.
Look at ad sites and services to make sure the 2012 is also a global catalog set under the NTDS settings for the DC.
Are there files there? C:\windows\sysvol\sysvol within the same location addomainname\scripts the first is sysvol, the second is netlogon.
Check the security log what is reported there for login attempts?
Look at ad sites and services to make sure the 2012 is also a global catalog set under the NTDS settings for the DC.
Are there files there? C:\windows\sysvol\sysvol within the same location addomainname\scripts the first is sysvol, the second is netlogon.
Check the security log what is reported there for login attempts?
ASKER
False alarm on the login issues. It was a terminal server issue that the server was out of resources.
Back to Our daily programming... I will check the GC and sysvol/net logon files.
Back to Our daily programming... I will check the GC and sysvol/net logon files.
ASKER
when I type \\localhost from run command to display all shares. sysvol and netlogon are there. sysvol contains domain name\scripts and policies. scripts is blank, policies has 3 folders.
Netlogon is empty no data.
GC is set under 2012 and also on 2003 server in AD sites/services
Netlogon is empty no data.
GC is set under 2012 and also on 2003 server in AD sites/services
You might not had aduc login scripts (netlogon) defined so that is not an issue.
GPOs are stored in sysvol\addomain\policy..
Check the 2003 same location to see if you have an FRS_preexisting this is a replication hold if the wrong server is picked as the replication reference while the other had content.
At this stage you attributed the issue to the wrong culprit.
GPOs are stored in sysvol\addomain\policy..
Check the 2003 same location to see if you have an FRS_preexisting this is a replication hold if the wrong server is picked as the replication reference while the other had content.
At this stage you attributed the issue to the wrong culprit.
ASKER
where do I check for FRS_preexisting on 2003 server?
ASKER
I have 2 warning events in the FRS event log on 2003 server- both on July 4th when I did the migration. there are no other events showing after these 2. Event1 was the first one and then Event2 is the last one in the list for the 2003 server. The same 2 events show in the 2012 server.
event1.jpg
event2.jpg
event1.jpg
event2.jpg
ASKER
any other assistance available?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have followed the steps running D4 on the 2003 server and then D2 on server 2012. there is a prestage/prexisting folder on server 2012 under sysvol now. do I just leave that folder alone?
there are no errors in the 2003 event viewer on File replication after doing this yet. last event on 2003 server is just informational saying that FRS is no longer preventing the computer <2003 server> from becoming a domain controller. The system volume has been successfully initialized...
there are no errors in the 2003 event viewer on File replication after doing this yet. last event on 2003 server is just informational saying that FRS is no longer preventing the computer <2003 server> from becoming a domain controller. The system volume has been successfully initialized...
Ok, what about the 2012?
What files/settings exist there, they should mirror the 2003.
Is the preexisting include files that are results ofchanges made/additions that do not exist on the 2003?
You could copy back the ones that are needed and do not exist on the 2003.
At this point you should not have login issues when 2003 is not on the network.
...
What files/settings exist there, they should mirror the 2003.
Is the preexisting include files that are results ofchanges made/additions that do not exist on the 2003?
You could copy back the ones that are needed and do not exist on the 2003.
At this point you should not have login issues when 2003 is not on the network.
...
ASKER
2012 has the same message as the 2003 server in FRS event log.
ASKER
I am going to try and join a machine to the domain and see how it works out.
look at the security event to confirm the requests sent to this server are ...... not returning errors.
if the 2012 server is a domain controller, make sure replication is good between the two (should do it anyway before demoting the 2003 server)
and no, it isn't the result of the 2003 server still present
if that client is pointing to the 2012 server for dns, it should be able to join the domain