Discussion:
Preparation for Migration testing
(too old to reply)
TC
2010-04-28 04:49:01 UTC
Permalink
Dear all,

I want to copy the production DC to an separate network for migration
testing ( from Windows 2000 to Windows 2008 R2)
Our existing DC is an windows 2000 Server, we don't have Exchange server.

Is it the step like this

1) add a windows 2000 server as the secondary domain controller.
2) create a new global catalog on the second domain controller
3) move the testing 2nd domain controller to separate network
4) change FSMO role the testing domain.
5) Add the windows 2008 R2 server as domain control
6) change FSMO role to the new windows 2008 R2

Questions
1) Is the above step correct?
2) What should be prepared in the Windows 200 server before we join the
windows 2008 machine as a domain controller?
3) One of our vendor suggested that we 1st add a windows 2003 r2 server as
domain controller and then upgrade it to windows 2008 R2. Is it necessary?

Thanks for your help.
Meinolf Weber [MVP-DS]
2010-04-28 05:37:03 UTC
Permalink
Hello TC,

You can do it that way. On the test DC you have to seize the FSMO roles and
then NEVER connet it back with the production domain.
http://support.microsoft.com/kb/255504

On the production domain you have to remove the test DC also from AD database
as you can NEVER connect it back to demote correct, FSMO of course leave
untouched here:
http://support.microsoft.com/kb/555846/en-us

For adding the Windows server 2008 machine see my blog:
http://msmvps.com/blogs/mweber/archive/2010/02/06/upgrading-an-active-directory-domain-from-windows-server-2000-to-windows-server-2008-or-windows-server-2008-r2.aspx

There is no need to add a Windows server 2003 DC to the domain before.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Post by TC
Dear all,
I want to copy the production DC to an separate network for migration
testing ( from Windows 2000 to Windows 2008 R2)
Our existing DC is an windows 2000 Server, we don't have Exchange server.
Is it the step like this
1) add a windows 2000 server as the secondary domain controller.
2) create a new global catalog on the second domain controller
3) move the testing 2nd domain controller to separate network
4) change FSMO role the testing domain.
5) Add the windows 2008 R2 server as domain control
6) change FSMO role to the new windows 2008 R2
Questions
1) Is the above step correct?
2) What should be prepared in the Windows 200 server before we join the
windows 2008 machine as a domain controller?
3) One of our vendor suggested that we 1st add a windows 2003 r2 server as
domain controller and then upgrade it to windows 2008 R2. Is it necessary?
Thanks for your help.
TC
2010-04-29 03:11:01 UTC
Permalink
Thanks a lot for your suggestion.

Our company's client are still main windows XP and windows 2000. May I know
any known issue find already for Windows 2008 R2 and Windows XP (32bit
client).
Post by Meinolf Weber [MVP-DS]
Hello TC,
You can do it that way. On the test DC you have to seize the FSMO roles and
then NEVER connet it back with the production domain.
http://support.microsoft.com/kb/255504
On the production domain you have to remove the test DC also from AD database
as you can NEVER connect it back to demote correct, FSMO of course leave
http://support.microsoft.com/kb/555846/en-us
http://msmvps.com/blogs/mweber/archive/2010/02/06/upgrading-an-active-directory-domain-from-windows-server-2000-to-windows-server-2008-or-windows-server-2008-r2.aspx
There is no need to add a Windows server 2003 DC to the domain before.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Post by TC
Dear all,
I want to copy the production DC to an separate network for migration
testing ( from Windows 2000 to Windows 2008 R2)
Our existing DC is an windows 2000 Server, we don't have Exchange server.
Is it the step like this
1) add a windows 2000 server as the secondary domain controller.
2) create a new global catalog on the second domain controller
3) move the testing 2nd domain controller to separate network
4) change FSMO role the testing domain.
5) Add the windows 2008 R2 server as domain control
6) change FSMO role to the new windows 2008 R2
Questions
1) Is the above step correct?
2) What should be prepared in the Windows 200 server before we join the
windows 2008 machine as a domain controller?
3) One of our vendor suggested that we 1st add a windows 2003 r2 server as
domain controller and then upgrade it to windows 2008 R2. Is it necessary?
Thanks for your help.
.
TC
2010-04-29 10:56:01 UTC
Permalink
I find in the dcdiag output when I setup prepare the 2nd domain in production
to replicate the DC for testing.

the Kccevent test failed, what wrong? Thanks for help.

Starting test: frssysvol
* The File Replication Service Event log test
The SYSVOL has been shared, and the AD is no longer
prevented from starting by the File Replication Service.
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 04/29/2010 18:12:46
Event String: The File Replication Service is having trouble

enabling replication from adcAD to adcPC06 for

c:\winnt\sysvol\domain using the DNS name

adcAD.masked.loc. FRS will keep retrying.

Following are some of the reasons you would see

this warning.



[1] FRS can not correctly resolve the DNS name

adcAD.masked.loc from this computer.

[2] FRS is not running on

adcAD.masked.loc.

[3] The topology information in the Active

Directory for this replica has not yet replicated

to all the Domain Controllers.



This event log message will appear once per

connection, After the problem is fixed you will

see another event log message indicating that the

connection has been established.
An Warning Event occured. EventID: 0x800034C5
Time Generated: 04/29/2010 18:16:50
Event String: The File Replication Service has enabled

replication from adcAD to adcPC06 for

c:\winnt\sysvol\domain after repeated retries.
......................... adcPC06 passed test frssysvol
Starting test: kccevent
* The KCC Event log test
An Information Event occured. EventID: 0x40000456
Time Generated: 04/29/2010 18:30:37
(Event String could not be retrieved)
......................... adcPC06 failed test kccevent
Meinolf Weber [MVP-DS]
2010-04-29 11:04:23 UTC
Permalink
Hello TC,

Please post an unedited ipconfig /all from the problem DC and the exisiting
DC/DNS server.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Post by TC
I find in the dcdiag output when I setup prepare the 2nd domain in
production to replicate the DC for testing.
the Kccevent test failed, what wrong? Thanks for help.
Starting test: frssysvol
* The File Replication Service Event log test
The SYSVOL has been shared, and the AD is no longer
prevented from starting by the File Replication Service.
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 04/29/2010 18:12:46
Event String: The File Replication Service is having
trouble
enabling replication from adcAD to adcPC06 for
c:\winnt\sysvol\domain using the DNS name
adcAD.masked.loc. FRS will keep retrying.
Following are some of the reasons you would see
this warning.
[1] FRS can not correctly resolve the DNS name
adcAD.masked.loc from this computer.
[2] FRS is not running on
adcAD.masked.loc.
[3] The topology information in the Active
Directory for this replica has not yet replicated
to all the Domain Controllers.
This event log message will appear once per
connection, After the problem is fixed you will
see another event log message indicating that the
connection has been established.
An Warning Event occured. EventID: 0x800034C5
Time Generated: 04/29/2010 18:16:50
Event String: The File Replication Service has enabled
replication from adcAD to adcPC06 for
c:\winnt\sysvol\domain after repeated retries.
......................... adcPC06 passed test frssysvol
Starting test: kccevent
* The KCC Event log test
An Information Event occured. EventID: 0x40000456
Time Generated: 04/29/2010 18:30:37
(Event String could not be retrieved)
......................... adcPC06 failed test kccevent
TC
2010-04-30 11:52:01 UTC
Permalink
from the DC with problem.


Windows 2000 IP Configuration



Host Name . . . . . . . . . . . . : abcpc06
Primary DNS Suffix . . . . . . . : masked.loc
Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : masked.loc

Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 VM Network Connection
Physical Address. . . . . . . . . : 00-08-02-5A-C2-1D

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.10.67

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.10.2

DNS Servers . . . . . . . . . . . : 192.168.10.67
192.168.10.20
Primary WINS Server . . . . . . . : 192.168.10.20


from the DC/DNS

Windows 2000 IP Configuration



Host Name . . . . . . . . . . . . : abcAD
Primary DNS Suffix . . . . . . . : masked.loc
Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : masked.loc

Ethernet adapter Local Area Connection 2:



Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP NC373i Multifunction Gigabit Server
Adapter #2
Physical Address. . . . . . . . . : 00-1E-0B-D9-C9-C8

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.10.20

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.10.2

DNS Servers . . . . . . . . . . . : 192.168.10.20
Primary WINS Server . . . . . . . : 192.168.10.20
Post by Meinolf Weber [MVP-DS]
Hello TC,
Please post an unedited ipconfig /all from the problem DC and the exisiting
DC/DNS server.
TC
2010-05-04 04:14:00 UTC
Permalink
Dear Meinolf Weber,

I can finally run the dcdiag and netdiag without error. Any thing else I
should be tested before I separate the testing domain controller?

Regards,
TC.
Meinolf Weber [MVP-DS]
2010-05-04 05:42:03 UTC
Permalink
This post might be inappropriate. Click to display it.
TC
2010-05-06 05:39:01 UTC
Permalink
Hello,

Syntax for repadmin for windows 2000 is difference fromyour example.

http://support.microsoft.com/kb/229896

How could I do the same thing.
Post by Meinolf Weber [MVP-DS]
.
Hello TC,
Run also "repadmin /showrepl dc* /verbose /all /intersite" without the quotes
to control replication.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Post by TC
Dear Meinolf Weber,
I can finally run the dcdiag and netdiag without error. Any thing else
I should be tested before I separate the testing domain controller?
Regards,
TC.
TC
2010-05-06 06:16:01 UTC
Permalink
Output for repadmin /showreps ABCPC06, is it look ok? Can I start separate
the network for migration testing?

Default-First-Site-Name\ABCPC06
DSA Options : IS_GC
objectGuid : 3b171f2e-dd8c-418c-9a11-9079f8553424
invocationID: 3088dbba-324e-4597-9d35-46db53198055

==== INBOUND NEIGHBORS ======================================

CN=Schema,CN=Configuration,DC=masked,DC=loc
Default-First-Site-Name\ABCAD via RPC
objectGuid: 2e122413-24e7-4b70-8619-0d6bceac6357
Address: 2e122413-24e7-4b70-8619-0d6bceac6357._msdcs.masked.loc
ntdsDsa invocationId: a4649009-ad70-4559-aff6-583cf5ab0a1b
WRITEABLE SYNC_ON_STARTUP DO_SCHEDULED_SYNCS
USNs: 485984/OU, 485984/PU
Last attempt @ 2010-05-06 12:56.09 was successful.

CN=Configuration,DC=masked,DC=loc
Default-First-Site-Name\ABCAD via RPC
objectGuid: 2e122413-24e7-4b70-8619-0d6bceac6357
Address: 2e122413-24e7-4b70-8619-0d6bceac6357._msdcs.masked.loc
ntdsDsa invocationId: a4649009-ad70-4559-aff6-583cf5ab0a1b
WRITEABLE SYNC_ON_STARTUP DO_SCHEDULED_SYNCS
USNs: 486046/OU, 486046/PU
Last attempt @ 2010-05-06 13:32.22 was successful.

DC=masked,DC=loc
Default-First-Site-Name\ABCAD via RPC
objectGuid: 2e122413-24e7-4b70-8619-0d6bceac6357
Address: 2e122413-24e7-4b70-8619-0d6bceac6357._msdcs.masked.loc
ntdsDsa invocationId: a4649009-ad70-4559-aff6-583cf5ab0a1b
WRITEABLE SYNC_ON_STARTUP DO_SCHEDULED_SYNCS
USNs: 486070/OU, 486070/PU
Last attempt @ 2010-05-06 13:41.20 was successful.

==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS ============

CN=Schema,CN=Configuration,DC=masked,DC=loc
Default-First-Site-Name\ABCAD via RPC
objectGuid: 2e122413-24e7-4b70-8619-0d6bceac6357
Address: 2e122413-24e7-4b70-8619-0d6bceac6357._msdcs.masked.loc
WRITEABLE
Added @ 2010-04-29 18:11.56.

CN=Configuration,DC=masked,DC=loc
Default-First-Site-Name\ABCAD via RPC
objectGuid: 2e122413-24e7-4b70-8619-0d6bceac6357
Address: 2e122413-24e7-4b70-8619-0d6bceac6357._msdcs.masked.loc
WRITEABLE
Added @ 2010-04-29 18:11.56.

DC=masked,DC=loc
Default-First-Site-Name\ABCAD via RPC
objectGuid: 2e122413-24e7-4b70-8619-0d6bceac6357
Address: 2e122413-24e7-4b70-8619-0d6bceac6357._msdcs.masked.loc
WRITEABLE
Post by TC
Hello,
Syntax for repadmin for windows 2000 is difference fromyour example.
http://support.microsoft.com/kb/229896
How could I do the same thing.
Post by Meinolf Weber [MVP-DS]
.
Hello TC,
Run also "repadmin /showrepl dc* /verbose /all /intersite" without the quotes
to control replication.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Post by TC
Dear Meinolf Weber,
I can finally run the dcdiag and netdiag without error. Any thing else
I should be tested before I separate the testing domain controller?
Regards,
TC.
Meinolf Weber [MVP-DS]
2010-05-06 06:25:02 UTC
Permalink
Hello TC,

The output looks ok for me. So it seems that you can go on.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Post by TC
Output for repadmin /showreps ABCPC06, is it look ok? Can I start
separate the network for migration testing?
Default-First-Site-Name\ABCPC06
DSA Options : IS_GC
objectGuid : 3b171f2e-dd8c-418c-9a11-9079f8553424
invocationID: 3088dbba-324e-4597-9d35-46db53198055
==== INBOUND NEIGHBORS ======================================
CN=Schema,CN=Configuration,DC=masked,DC=loc
Default-First-Site-Name\ABCAD via RPC
objectGuid: 2e122413-24e7-4b70-8619-0d6bceac6357
2e122413-24e7-4b70-8619-0d6bceac6357._msdcs.masked.loc
ntdsDsa invocationId: a4649009-ad70-4559-aff6-583cf5ab0a1b
WRITEABLE SYNC_ON_STARTUP DO_SCHEDULED_SYNCS
USNs: 485984/OU, 485984/PU
CN=Configuration,DC=masked,DC=loc
Default-First-Site-Name\ABCAD via RPC
objectGuid: 2e122413-24e7-4b70-8619-0d6bceac6357
2e122413-24e7-4b70-8619-0d6bceac6357._msdcs.masked.loc
ntdsDsa invocationId: a4649009-ad70-4559-aff6-583cf5ab0a1b
WRITEABLE SYNC_ON_STARTUP DO_SCHEDULED_SYNCS
USNs: 486046/OU, 486046/PU
DC=masked,DC=loc
Default-First-Site-Name\ABCAD via RPC
objectGuid: 2e122413-24e7-4b70-8619-0d6bceac6357
2e122413-24e7-4b70-8619-0d6bceac6357._msdcs.masked.loc
ntdsDsa invocationId: a4649009-ad70-4559-aff6-583cf5ab0a1b
WRITEABLE SYNC_ON_STARTUP DO_SCHEDULED_SYNCS
USNs: 486070/OU, 486070/PU
==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS ============
CN=Schema,CN=Configuration,DC=masked,DC=loc
Default-First-Site-Name\ABCAD via RPC
objectGuid: 2e122413-24e7-4b70-8619-0d6bceac6357
2e122413-24e7-4b70-8619-0d6bceac6357._msdcs.masked.loc
WRITEABLE
CN=Configuration,DC=masked,DC=loc
Default-First-Site-Name\ABCAD via RPC
objectGuid: 2e122413-24e7-4b70-8619-0d6bceac6357
2e122413-24e7-4b70-8619-0d6bceac6357._msdcs.masked.loc
WRITEABLE
DC=masked,DC=loc
Default-First-Site-Name\ABCAD via RPC
objectGuid: 2e122413-24e7-4b70-8619-0d6bceac6357
2e122413-24e7-4b70-8619-0d6bceac6357._msdcs.masked.loc
WRITEABLE
Post by TC
Hello,
Syntax for repadmin for windows 2000 is difference fromyour example.
http://support.microsoft.com/kb/229896
How could I do the same thing.
Post by Meinolf Weber [MVP-DS]
.
Hello TC,
Run also "repadmin /showrepl dc* /verbose /all /intersite" without
the quotes to control replication.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Post by TC
Dear Meinolf Weber,
I can finally run the dcdiag and netdiag without error. Any thing
else I should be tested before I separate the testing domain
controller?
Regards,
TC.
TC
2010-05-11 03:21:01 UTC
Permalink
Thanks Meinolf,

I remove the ABCAD from the testing server ABCPC06 and seize the 5 FSMO roles

Remove ABCAD from domain controller

The below message apprear where I seize RID master. As I one have one DC, I
think I still need to seize it, is it?

The select server is not a direct replication partner of the previous RID
master. It is recommended that only direct replication partners be promoted
to be the RID master



1) run ntdsutil
2) ntdsutil: type "medadata cleanup"
3) metadata cleanup: type "connections"
4) server connections: type "connect to server ABCpc06"
display "Connected to ABCpc06 using credentials of locally logged on user"
5) server connections: type "quit"
6) metadata cleanup: type "select operation target"
7) select operation target: type "list domains"
display...
Found 1 domain(s)
0 - DC=masked,DC=loc
8) select operation target: type "select domain 0"
display...
No current site
Domain - DC=masked,DC=loc
No current server
No current Naming Context
9) select operation target: type "list sites"
Found 1 site(s)
0 - CN=Default-First-Site-Name,CN=sites,CN=Configuration,DC=masked,DC=loc
10) select operation target: type "select site 0"
display...
Found 1 site(s)
Site -
CN=Default-First-Site-Name,CN=sites,CN=Configuration,DC=masked,DC=loc
Domain - DC=masked,DC=loc
No current server
No current Naming Context
11) select operaton target: type "list servers in site"
display...
Found 2 server(s)
0 -
CN=ABCAD,CN=Servers,CN=Default-First-Site-Name,CN=sites,CN=Configuration,DC=masked,DC=loc
1 -
CN=ABCPC06,CN=Servers,CN=Default-First-Site-Name,CN=sites,CN=Configuration,DC=masked,DC=loc
12) select operation target: type "select server 0"
display...
Site -
CN=Default-First-Site-Name,CN=sites,CN=Configuration,DC=masked,DC=loc
Domain - DC=masked,DC=loc
Server -
CN=ABCAD,CN=Servers,CN=Default-First-Site-Name,CN=sites,CN=Configuration,DC=masked,DC=loc
DSA object - CN=NTDS
Settings,CN=ABCAD,CN=Servers,CN=Default-First-Site-Name,CN=sites,CN=Configuration,DC=masked,DC=loc
DNS host name - ABCAD.masked.loc
Computer object - CN=ABCAD, OU=Domain Controllers,DC=masked,DC=loc
NO current Naming Context
13) select operation target: type "quit"
14) metadata cleanup: type "remove selected server"
confirm the remove
15) type "quit" on each menu
display...
Disconnecting from ABCpc06 ...
16) Remove entry for ABCAD from _msdc from DNS
17) run adsiedit.msc
18) Expand Domain NC, Expand DC=masked,DC=loc
19) Expand OU=Domain Controllers
20) Select Property, select "userAccountControl" in "Select aproperty to view.
21) click "Clear", change value to 4096, click "set"
22) Right CN=ABCAD, click delete
23) Expand Domain NC, Expand DC=masked,DC=loc
24) Expand CN=System
25) Expand CN=File Replication Service
26) Expand CN=Domain System Volume (SYSVOL share)
27) Right click "delete"
28) in DNS, right click masked.loc, remove ABCad.masked.loc from Name Servers
29) delete the domain form Active Directory Sites and Services
30) expense sites, Default-First-Site-Name, Server
31) delete the ABCAD


SEIZE fSMO role
1) start cmd, run ntdsutil
2) ntdsutil: type "roles"
3) fsmo maintenance: type "connections"
4) server connections: type "connect to server abcpc06"
display..
Binding to abcpc06 ...
Connected to abcpc06 using credentials of locally logged on user
5) server connections: type "quit"
6) fsmo maintenance: "type "seize domain naming master"
7) fsmo maintenance: "type "seize infrastructure master"
8) fsmo maintenance: "type "seize PDC"
9) fsmo maintenance: "type "seize RID master"
10) fsmo maintenance: "type "seize schema master"
Post by Meinolf Weber [MVP-DS]
Hello TC,
The output looks ok for me. So it seems that you can go on.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
TC
2010-05-11 03:51:01 UTC
Permalink
Also, I get the below error


WinMgmt event id 42:
WMI ADAP was unable to create object Win32_PerfRawData_DNS_DNS for
Performance Library DNS because no value was found for property index 2984 in
the 009 subkey
TC
2010-05-12 08:19:01 UTC
Permalink
I find 2 issues in the testing server.

1 No WINS server, 2 net time /setsntp is not set. The issue fixed, I can
proceed the migration test.
Post by TC
Also, I get the below error
WMI ADAP was unable to create object Win32_PerfRawData_DNS_DNS for
Performance Library DNS because no value was found for property index 2984 in
the 009 subkey
TC
2010-05-20 05:01:01 UTC
Permalink
I get some error after the migration in new server


Event ID: 2092

This server is the owner of the following FSMO role, but does not consider
it valid. For the partition which contains the

FSMO, this server has not replicated successfully with any of its partners
since this server has been restarted. Replication

errors are preventing validation of this role.

Operations which require contacting a FSMO operation master will fail until
this condition is corrected.

FSMO Role: DC=ourdomain,DC=loc


Event ID: 1206
Active Directory Domain Services could not resolve the following DNS host
name of the source domain controller to an IP address. This error prevents
additions, deletions and changes in Active Directory Domain Services from
replicating between one or more domain controllers in the forest. Security
groups, group policy, users and computers and their passwords will be
inconsistent between domain controllers until this error is resolved,
potentially affecting logon authentication and access to network resources.

Source domain controller:
abcpc06 <- old server
Failing DNS host name:
GID._msdcs.ourdomain.loc



The DFS Replication service failed to contact domain controller to access
configuration information. Replication is stopped. The service will try again
during the next configuration polling cycle, which will occur in 60 minutes.
This event can be caused by TCP/IP connectivity, firewall, Active Directory
Domain Services, or DNS issues.


Event ID: 1400
Active Directory Web Services could not find a server certificate with the
specified certificate name. A certificate is

required to use SSL/TLS connections. To use SSL/TLS connections, verify that
a valid server authentication certificate from a

trusted Certificate Authority (CA) is installed on the machine.

Certificate name: sjrpc73.ourdomain.loc


Event ID: 14550

The DFS Namespace service could not initialize cross forest trust
information on this domain controller, but it will

periodically retry the operation. The return code is in the record data.
kj [SBS MVP]
2010-05-20 17:48:32 UTC
Permalink
Make sure the DNS clients are using a common AD DNS server. Post
ipconfig/all if you need confirmation or believe you already have DNS
configured properly.
Post by TC
I get some error after the migration in new server
Event ID: 2092
This server is the owner of the following FSMO role, but does not
consider it valid. For the partition which contains the
FSMO, this server has not replicated successfully with any of its
partners since this server has been restarted. Replication
errors are preventing validation of this role.
Operations which require contacting a FSMO operation master will fail
until this condition is corrected.
FSMO Role: DC=ourdomain,DC=loc
Event ID: 1206
Active Directory Domain Services could not resolve the following DNS
host name of the source domain controller to an IP address. This
error prevents additions, deletions and changes in Active Directory
Domain Services from replicating between one or more domain
controllers in the forest. Security groups, group policy, users and
computers and their passwords will be inconsistent between domain
controllers until this error is resolved, potentially affecting logon
authentication and access to network resources.
abcpc06 <- old server
GID._msdcs.ourdomain.loc
The DFS Replication service failed to contact domain controller to
access configuration information. Replication is stopped. The service
will try again during the next configuration polling cycle, which
will occur in 60 minutes. This event can be caused by TCP/IP
connectivity, firewall, Active Directory Domain Services, or DNS
issues.
Event ID: 1400
Active Directory Web Services could not find a server certificate
with the specified certificate name. A certificate is
required to use SSL/TLS connections. To use SSL/TLS connections,
verify that a valid server authentication certificate from a
trusted Certificate Authority (CA) is installed on the machine.
Certificate name: sjrpc73.ourdomain.loc
Event ID: 14550
The DFS Namespace service could not initialize cross forest trust
information on this domain controller, but it will
periodically retry the operation. The return code is in the record data.
--
/kj
Meinolf Weber [MVP-DS]
2010-04-29 11:03:39 UTC
Permalink
Hello TC,

They can still operate in a Windows server 2008 domain.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Post by TC
Thanks a lot for your suggestion.
Our company's client are still main windows XP and windows 2000. May I
know any known issue find already for Windows 2008 R2 and Windows XP
(32bit client).
Post by Meinolf Weber [MVP-DS]
Hello TC,
You can do it that way. On the test DC you have to seize the FSMO
roles and then NEVER connet it back with the production domain.
http://support.microsoft.com/kb/255504
On the production domain you have to remove the test DC also from AD database
as you can NEVER connect it back to demote correct, FSMO of course leave
http://support.microsoft.com/kb/555846/en-us
http://msmvps.com/blogs/mweber/archive/2010/02/06/upgrading-an-active
-directory-domain-from-windows-server-2000-to-windows-server-2008-or-
windows-server-2008-r2.aspx
There is no need to add a Windows server 2003 DC to the domain before.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Post by TC
Dear all,
I want to copy the production DC to an separate network for
migration
testing ( from Windows 2000 to Windows 2008 R2)
Our existing DC is an windows 2000 Server, we don't have Exchange server.
Is it the step like this
1) add a windows 2000 server as the secondary domain controller.
2) create a new global catalog on the second domain controller
3) move the testing 2nd domain controller to separate network
4) change FSMO role the testing domain.
5) Add the windows 2008 R2 server as domain control
6) change FSMO role to the new windows 2008 R2
Questions
1) Is the above step correct?
2) What should be prepared in the Windows 200 server before we join the
windows 2008 machine as a domain controller?
3) One of our vendor suggested that we 1st add a windows 2003 r2 server as
domain controller and then upgrade it to windows 2008 R2. Is it necessary?
Thanks for your help.
.
Loading...