Solved

Issue Migrating From Old Server 2012 Essentials DC to New Server 2012 Essentials DC

Posted on 2016-09-03
2
20 Views
Last Modified: 2016-10-22
We have a 1 year Server 2012 Essentials DC that was ordered by the previous vendor way under powered. We have a brand new much more powerful server on hand also running server 2012 Essentials. We have joined the new server to the domain, promoted it to a DC, transferred all FSMO roles over and everything went smooth until that point. We went in to verify group policy was OK and we can get into group policy but when we try to edit a policy it is giving an error of Failed to open the Group Policy Object. You might not have the appropriate rights. and in the details window it says The network name cannot be found.

I saw a thread on how to solve this but the registry entries it referred to fixing are not present on my servers... I am guessing maybe this is because it is 2012 essentials but am not sure and cannot find any documentation on going from 2012 Essentials to 2012 Essentials.

I am a little afraid to demote and remove the old server out until this is resolved as I am not sure if I have missed any needed steps. I also do not see any netlogon or sysvol shares on the new DC and am not sure what needs to be fixed or done. I had no errors up until that point and all else seems to be working great. I have pasted the dcdiag below and any help would be truly appreciated. Thanks!

DCDIAG RESULTS:

C:\Windows\System32>dcdiag

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = dcserver
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\DCSERVER
      Starting test: Connectivity
         ......................... DCSERVER passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\DCSERVER
      Starting test: Advertising
         Warning: DsGetDcName returned information for \\SERVER.ADRIAN.local,
         when we were trying to reach DCSERVER.
         SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
         ......................... DCSERVER failed test Advertising
      Starting test: FrsEvent
         ......................... DCSERVER passed test FrsEvent
      Starting test: DFSREvent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... DCSERVER failed test DFSREvent
      Starting test: SysVolCheck
         ......................... DCSERVER passed test SysVolCheck
      Starting test: KccEvent
         ......................... DCSERVER passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... DCSERVER passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... DCSERVER passed test MachineAccount
      Starting test: NCSecDesc
         ......................... DCSERVER passed test NCSecDesc
      Starting test: NetLogons
         Unable to connect to the NETLOGON share! (\\DCSERVER\netlogon)
         [DCSERVER] An net use or LsaPolicy operation failed with error 67,
         The network name cannot be found..
         ......................... DCSERVER failed test NetLogons
      Starting test: ObjectsReplicated
         ......................... DCSERVER passed test ObjectsReplicated
      Starting test: Replications
         [Replications Check,DCSERVER] A recent replication attempt failed:
            From SERVER to DCSERVER
            Naming Context: DC=ForestDnsZones,DC=ADRIAN,DC=local
            The replication generated an error (8524):
            The DSA operation is unable to proceed because of a DNS lookup failu
re.

            The failure occurred at 2016-09-03 16:48:01.
            The last success occurred at 2016-09-03 15:54:01.
            1 failures have occurred since the last success.
            The guid-based DNS name
            945a1453-80d3-485a-a0ce-280240865179._msdcs.ADRIAN.local
            is not registered on one or more DNS servers.
         [Replications Check,DCSERVER] A recent replication attempt failed:
            From SERVER to DCSERVER
            Naming Context: CN=Schema,CN=Configuration,DC=ADRIAN,DC=local
            The replication generated an error (8524):
            The DSA operation is unable to proceed because of a DNS lookup failu
re.

            The failure occurred at 2016-09-03 16:48:01.
            The last success occurred at 2016-09-03 15:50:03.
            1 failures have occurred since the last success.
            The guid-based DNS name
            945a1453-80d3-485a-a0ce-280240865179._msdcs.ADRIAN.local
            is not registered on one or more DNS servers.
         [Replications Check,DCSERVER] A recent replication attempt failed:
            From SERVER to DCSERVER
            Naming Context: CN=Configuration,DC=ADRIAN,DC=local
            The replication generated an error (8524):
            The DSA operation is unable to proceed because of a DNS lookup failu
re.

            The failure occurred at 2016-09-03 16:48:01.
            The last success occurred at 2016-09-03 15:52:26.
            1 failures have occurred since the last success.
            The guid-based DNS name
            945a1453-80d3-485a-a0ce-280240865179._msdcs.ADRIAN.local
            is not registered on one or more DNS servers.
         ......................... DCSERVER failed test Replications
      Starting test: RidManager
         ......................... DCSERVER passed test RidManager
      Starting test: Services
            Could not open NTDS Service on DCSERVER, error 0x5
            "Access is denied."
         ......................... DCSERVER failed test Services
      Starting test: SystemLog
         A warning event occurred.  EventID: 0x000003F6
            Time Generated: 09/03/2016   16:42:39
            Event String:
            Name resolution for the name 1.1.168.192.in-addr.arpa. timed out aft
er none of the configured DNS servers responded.
         A warning event occurred.  EventID: 0x000727A5
            Time Generated: 09/03/2016   16:44:15
            Event String:
            The WinRM service is not listening for WS-Management requests.
         A warning event occurred.  EventID: 0x000003F6
            Time Generated: 09/03/2016   16:47:27
            Event String:
            Name resolution for the name _ldap._tcp.dc._msdcs.ADRIAN.local. time
d out after none of the configured DNS servers responded.
         An error event occurred.  EventID: 0x0000041F
            Time Generated: 09/03/2016   16:47:39
            Event String:
            The processing of Group Policy failed. Windows could not resolve the
 computer name. This could be caused by one of more of the following:
         An error event occurred.  EventID: 0x0000106A
            Time Generated: 09/03/2016   16:48:08
            Event String:
            Unable to update the IP address on Isatap interface isatap.{375BE491
-CEDA-4B50-B0C5-490F39DB565A}. Update Type: 1. Error Code: 0x490.
         A warning event occurred.  EventID: 0x00000090
            Time Generated: 09/03/2016   16:48:27
            Event String:
            The time service has stopped advertising as a good time source.
         ......................... DCSERVER failed test SystemLog
      Starting test: VerifyReferences
         ......................... DCSERVER passed test VerifyReferences


   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : ADRIAN
      Starting test: CheckSDRefDom
         ......................... ADRIAN passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ADRIAN passed test CrossRefValidation

   Running enterprise tests on : ADRIAN.local
      Starting test: LocatorCheck
         ......................... ADRIAN.local passed test LocatorCheck
      Starting test: Intersite
         ......................... ADRIAN.local passed test Intersite

C:\Windows\System32>
0
Comment
Question by:Michael Frieder
2 Comments
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
ID: 41783269
You cannot do what you did -- there can only be ONE Server 2012 Essentials in a domain.  Also, you cannot manually promote a Server 2012 Essentials to be a DC.  Instead, you needed to follow the prescribed method to migrate your Server 2012 Essentials to new hardware -- which is very well documented by Microsoft:

https://technet.microsoft.com/en-us/library/jj730387(v=ws.11).aspx

Primarily, you needed to install the new server in Migration Mode rather than the way you did it.

At this point, you need to demote it and remove it from the domain.  Then follow the steps outlined in the documentation -- be sure to use a completely different host name when installing again in migration mode.
0

Join & Write a Comment

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits y…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now