Joe Ueberroth
asked on
Migrating a broken 2003 Server to 2008 .. Need advice
Roles are all moved, but when trying to remove the domain controller using 'dcpromo' we get error saying that that domain controller cannot be removed because Certificate Authority Services are running on the server . Two major Issues.
1. That service will not start.
2. Following Article..
https://support.microsoft.com/en-us/kb/889250
But the issue is service isn't started and wont start .. and when you go into Admin Tools / Cert Authority, you cant follow thru with removing certs because the service must be started and when you try starting in you key a Keyset Error that led me to Article:
https://social.technet.microsoft.com/forums/windowsserver/en-US/ff4b04da-b7e3-4e03-8645-e639e67b273f/unable-to-start-certificate-services-keyset-does-not-exist
But I have been unsuccessful at repairing the keyset.
Add/Remove Windows components throws up errors and wont load. Its an old broke server I just want to get out of active directory so I can raise the doimain functional level on the domain using my new DC.
I am running fine with that server just turned off. DHCP / DNS / Authentication.. all working fine.
I think this server is just too seriously boinked to screw around with.
Is it possible to get that 2003 DC out of the Sites and Services Manually?
I mean.. what if the server had been run over by a truck. Isnt there some process for eacsily saying good by to that 2003 box so that I can remove its presence and raise the domain functional level?
Thx,
Joe
1. That service will not start.
2. Following Article..
https://support.microsoft.com/en-us/kb/889250
But the issue is service isn't started and wont start .. and when you go into Admin Tools / Cert Authority, you cant follow thru with removing certs because the service must be started and when you try starting in you key a Keyset Error that led me to Article:
https://social.technet.microsoft.com/forums/windowsserver/en-US/ff4b04da-b7e3-4e03-8645-e639e67b273f/unable-to-start-certificate-services-keyset-does-not-exist
But I have been unsuccessful at repairing the keyset.
Add/Remove Windows components throws up errors and wont load. Its an old broke server I just want to get out of active directory so I can raise the doimain functional level on the domain using my new DC.
I am running fine with that server just turned off. DHCP / DNS / Authentication.. all working fine.
I think this server is just too seriously boinked to screw around with.
Is it possible to get that 2003 DC out of the Sites and Services Manually?
I mean.. what if the server had been run over by a truck. Isnt there some process for eacsily saying good by to that 2003 box so that I can remove its presence and raise the domain functional level?
Thx,
Joe
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
ASKER
Just found this article also.
https://social.technet.microsoft.com/Forums/windowsserver/en-US/5cddffc0-39b4-4f2d-aadf-4d7c4eba6636/steps-for-deleting-a-server-from-ad-sites-and-services-that-has-not-been-decommd?forum=winserverDS
So.. if Im understanding.
Step1. Do Metadata Cleanup on the new 2008 DC to remove the older 2003 DC's
Step2. Manually delete them from Sites and Services while IN AD Site and Services on 2008 DC
Step3. Cleanup DNS after that?
Step4. Raise Functional Level.
Everything is fine, I just cant elevate Domain Functional level.