2003 DC to 2012DC migration- cant join domain

I have migrated from 2003 to 2012, but I have not demoted the 2003 server yet. I tried to join a server to the domain with the DNS of that machine assigned to the IP address of the new 2012 DC. it would not join. when I changed the DNS IP address to the old 2003 server it joined immediately.
Is this due to 2003 not being demoted? I just figured the new DC would have allowed this function to happen without demoting the 2003 server?
350ztnAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Seth SimmonsSr. Systems AdministratorCommented:
need more details - why wouldn't it join?  what was the message?
if the 2012 server is a domain controller, make sure replication is good between the two (should do it anyway before demoting the 2003 server)

and no, it isn't the result of the 2003 server still present
if that client is pointing to the 2012 server for dns, it should be able to join the domain
350ztnAuthor Commented:
The only message given was that no domain controller could be contacted. I could ping the server name of the new dc and it resolved the name fine, so I really didn't think it was DNS, but I changed the DNS ip to the old 2003 server and that did the trick. I will check replication logs to see if there are any issues.
arnoldCommented:
The message suggests that your DC 2012 promotion did not complete.
Does the 2012 have sysvol/netlogon shared.  Looking at the DNS on 2012 does it see the ADdomain, is it answering requests on the IP, make sure advanced firewall settings allow access to port 53 TCP and UDP this is the .......

nslookup -q=soa addomainame ip_of_2012_server
What do you get?
Make sure under fileserver services on the 2012 that you have windows 2003 services added as file server role services, this is needed for ntfrs replication and is the cause netlogon/sysvol did not replicate......
Check Out How Miercom Evaluates Wi-Fi Security!

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom on how WatchGuard's Wi-Fi security stacks up against the competition plus a LIVE demo!

350ztnAuthor Commented:
people are now not able to login. I do have a sysvol/netlogon shared on 2012.
I didnt think firewall settings had to be changed on server?

I do not understand the last request- under file services that I have windows 2003 added as role? where is that at so I can check it?
arnoldCommented:
If says il and netlogon are available then you already have on the 2012 fileserver role, fileserver role services.

Look at ad sites and services to make sure the 2012 is also a global catalog set under the NTDS settings for the DC.

Are there files there? C:\windows\sysvol\sysvol within the same location addomainname\scripts the first is sysvol, the second is netlogon.

Check the security log what is reported there for login attempts?
350ztnAuthor Commented:
False alarm on the login issues. It was a terminal server issue that the server was out of resources.
Back to Our daily programming... I will check the GC and sysvol/net logon files.
350ztnAuthor Commented:
when I type \\localhost from run command to display all shares. sysvol and netlogon are there. sysvol contains domain name\scripts and policies. scripts is blank, policies has 3 folders.
Netlogon is empty no data.

GC is set under 2012 and also on 2003 server in AD sites/services
arnoldCommented:
You might not had aduc login scripts (netlogon) defined so that is not an issue.
GPOs are stored in sysvol\addomain\policy..

Check the 2003 same location to see if you have an FRS_preexisting this is a replication hold if the wrong server is picked as the replication reference while the other had content.

At this stage  you attributed the issue to the wrong culprit.
350ztnAuthor Commented:
where do I check for FRS_preexisting on 2003 server?
350ztnAuthor Commented:
I have 2 warning events in the FRS event log on 2003 server- both on July 4th when I did the migration. there are no other events showing after these 2. Event1 was the first one and then Event2 is the last one in the list for the 2003 server. The same 2 events show in the 2012 server.
event1.jpg
event2.jpg
350ztnAuthor Commented:
any other assistance available?
arnoldCommented:
Ok, you need to apply the D2/D4 burflags
Backup the files in c:\windows\sysvol on each system before starting.

Make sure that you turn off the ntfrs services on the windows 2012 system when fixing the 2003 as authoritative and then fixing the 2012 as non-authoritative.
Do one at a time, and be patient.
Follow the guide at
https://support.microsoft.com/en-us/kb/315457

In short you have a replication journal corruption.
The error includes the instructions on fixing it.

Once you run this, the data should be synchronized  and present, if you run into an issue i.e. the contents of c:\windows\sysvol\sysvol are empty, you should see a PRESTAGE/PREEXISTING folder which will include all the files.

i.e. your fix trigger the replication with the wrong server as the reference, anything in the non-reference location will be moved to the PREEXISTING. Copying it back will replicate it to the other side.......

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
350ztnAuthor Commented:
I have followed the steps running D4 on the 2003 server and then D2 on server 2012. there is a prestage/prexisting folder on server 2012 under sysvol now. do I just leave that folder alone?

there are no errors in the 2003 event viewer on File replication after doing this yet. last event on 2003 server is just informational saying that FRS is no longer preventing the computer <2003 server> from becoming a domain controller. The system volume has been successfully initialized...
arnoldCommented:
Ok, what about the 2012?

What files/settings exist there, they should mirror the 2003.

Is the preexisting include files that are results ofchanges made/additions that do not exist on the 2003?

You could copy back the ones that are needed and do not exist on the 2003.
At this point you should not have login issues when 2003 is not on the network.
...
350ztnAuthor Commented:
2012 has the same message as the 2003 server in FRS event log.
350ztnAuthor Commented:
I am going to try and join a machine to the domain and see how it works out.
arnoldCommented:
look at the security event to confirm the requests sent to this server are ...... not returning errors.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.