Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Windows Server General Help » Adding 2cond DC -- Meinolf Weber -- Continue....
Adding 2cond DC -- Meinolf Weber -- Continue.... [message #163475] Tue, 02 June 2009 11:40 Go to next message
Luis Falch Rojas  is currently offline Luis Falch Rojas  Bolivia
Messages: 14
Registered: August 2009
Junior Member
Hi...

Finally I follow the procedure you describe (please see below for more
information about the problem). Problem was Data Corruption in NTDS
Database...(http://support.microsoft.com/?id=315131).

Onces was solved Data Corruption I foolow your suggestion, and I was able to
Add a Win2003 R2 MEmber Server as a secondary DC.
After This I continue your procedure, in order to move Global catalogs and
roles to the new server in order to promote it as a First DC, and Demote the
old One.

Problem Here is that when I turn off old DC, I still having some problems in
my network (user logon, Sharing resources, etc).

What Can I do in order to make sure that my new server is My DC, that it
hold Global catalog and all the necessary information, And I can Demote and
delete my old server.

thanks in advance for your help in this issue...

Reghards

Luis Falch



**************************************** Old Post about this subject
*******************************************

Thank you very much for your help...

I will work on it.

regards..

Luis Falch

"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb661bc008cb6bff92f03acd@msnews.microsoft.com...
> Hello Luis,
>
> !!!NEVER START BEFORE HAVING CREATED AND TESTED A BACKUP OF YOUR
> DATA/MACHINE!!!
>
> One question first:
> Is the old server also Exchange server and will it be taken out of the
> domain forever, when the new server is running?
>
> - On the old server open DNS management console and check that you are
> running Active directory integrated zone (easier for replication, if you
> have more then one DNS server)
>
> - run replmon from the run line or repadmin /showrepl (only if more then
> one DC exist), dcdiag and netdiag from the command prompt on the old
> machine to check for errors, if you have some post the complete output
> from the command here or solve them first. For this tools you have to
> install the support\tools\suptools.msi from the 2000 installation disk.
>
> - run adprep /forestprep and adprep /domainprep from the 2003 installation
> disk against the 2000 server, with an account that is member of the Schema
> admins, to upgrade the schema to the new version
>
> - Install the new machine as a member server in your existing domain
>
> - configure a fixed ip and set the preferred DNS server to the old DNS
> server only
>
> - run dcpromo and follow the wizard to add the 2003 server to an existing
> domain
>
> - if you are prompted for DNS configuration choose Yes (also possible that
> no DNS preparation occur), then install DNS after the reboot
>
> - for DNS give the server time for replication, at least 15 minutes.
> Because you use Active directory integrated zones it will automatically
> replicate the zones to the new server. Open DNS management console to
> check that they appear
>
> - if the new machine is domain controller and DNS server run again
> replmon, dcdiag and netdiag on both domain controllers
>
> - if you have no errors, make the new server Global catalog server, open
> Active directory Sites and Services and then double-click sitename,
> double-click Servers, click your domain controller, right-click NTDS
> Settings, and then click Properties, on the General tab, click to select
> the Global catalog check box (http://support.microsoft.com/?id=313994)
>
> - Transfer, NOT seize the 5 FSMO roles to the new Domain controller
> (http://support.microsoft.com/kb/324801)
>
> - you can see in the event viewer (Directory service) that the roles are
> transferred, also give it some time
>
> - reconfigure the DNS configuration on your NIC of the 2003 server,
> preferred DNS itself, secondary the old one
>
> - if you use DHCP do not forget to reconfigure the scope settings to point
> to the new installed DNS server
>
> - export and import of DHCP database (if needed)
> (http://support.microsoft.com/kb/325473)
>
> Demoting the old DC (if needed)
>
> - reconfigure your clients/servers that they not longer point to the old
> DC/DNS server on the NIC
>
> - to be sure that everything runs fine, disconnect the old DC from the
> network and check with clients and servers the connectivity, logon and
> also with one client a restart to see that everything is ok
>
> - then run dcpromo to demote the old DC, if it works fine the machine will
> move from the DC's OU to the computers container, where you can delete it
> by hand. Can be that you got an error during demoting at the beginning,
> then uncheck the Global catalog on that DC and try again
>
> - check the DNS management console, that all entries from the machine are
> disappeared or delete them by hand if the machine is off the network for
> ever
>
> - also you have to start AD sites and services and delete the old
> servername under the site, this will not be done during demotion
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> Thanks for your answer...
>> yes, I install windows 2000, and I join this computer to the domain as
>> a
>> member server. The idea was to upgrade this secondary domain
>> controller to
>> win2003 after it is a DC of the domain (the 1st DC is to old, and we
>> wan't
>> give a long vacation).
>> I run both test. The result was:
>> NetDiag: [Fatal] Failde to get system information of this Machine
>> DCDiag: most of test run succesfully, except this:
>> Starting test: Services
>> * Checking Service: Dnscache
>> * Checking Service: NtFrs
>> NtFrs Service is stopped on [DBISERVER]
>> * Checking Service: IsmServ
>> * Checking Service: kdc
>> * Checking Service: SamSs
>> * Checking Service: LanmanServer
>> * Checking Service: LanmanWorkstation
>> * Checking Service: RpcSs
>> * Checking Service: RPCLOCATOR
>> * Checking Service: w32time
>> * Checking Service: TrkWks
>> * Checking Service: TrkSvr
>> * Checking Service: NETLOGON
>> * Checking Service: Dnscache
>> * Checking Service: NtFrs
>> SMTPSVC Service is stopped on [DBISERVER]
>> ......................... DBISERVER failed test Services
>> Starting test: systemlog
>> * The System Event log test
>> An Error Event occured. EventID: 0x0000041B
>> Time Generated: 03/05/2009 17:23:06
>> Event String: The DHCP/BINL service has determined that it
>> is
>> not authorized to service clients on this network
>>
>> for the Windows domain: dbibolivia.local.
>> An Error Event occured. EventID: 0x80001778
>> Time Generated: 03/05/2009 17:30:38
>> Event String: The previous system shutdown at 5:26:46 PM
>> on
>> 3/5/2009 was unexpected.
>> An Error Event occured. EventID: 0xC0001B65
>> Time Generated: 03/05/2009 17:32:26
>> (Event String could not be retrieved)
>> An Error Event occured. EventID: 0x0000041B
>> Time Generated: 03/05/2009 17:33:31
>> Event String: The DHCP/BINL service has determined that it
>> is
>> not authorized to service clients on this network
>>
>> for the Windows domain: dbibolivia.local.
>> ......................... DBISERVER failed test systemlog
>> ............................................................ ..........
>> ............................................................ .....
>> If you have any other way to upgrade our domain to win2003, please let
>> me know. I don't want to change domain name, or users, and I try to
>> avoid migrate all user profiles in the case of setup a new domain.
>>
>> thanks in advance for your help...
>>
>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
>> news:ff16fb661bbc78cb6bf1f7c9acfd@msnews.microsoft.com...
>>
>>> Hello Luis,
>>>
>>> To get you correct, you installed a new 2000 server instead of 2003?
>>>
>>> When you open AD sites and services under the sites, is there any
>>> additional entry except the running DC under the servers listed?
>>>
>>> The new 2000 is added as a member to the existing domain and you use
>>> the existing DC/DNS server only as the preferred DNS on the NIC?
>>>
>>> On the existing DC run diagnostic tools dcdiag /v, netdiag /v to
>>> check for errors. If some exist please post the complete output here.
>>>
>>> Best regards
>>>
>>> Meinolf Weber
>>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>>> confers no rights.
>>> ** Please do NOT email, only reply to Newsgroups
>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>> Hi
>>>>
>>>> I have a domain controller (win 2000 Adv. Server), and I want to
>>>> migrate to
>>>> win2003; I just setup another win2000 Adv. Server in order to
>>>> proceed
>>>> with
>>>> the upgrade from 2000 to 2003 domain.
>>>> When I run DCPROMO command in the second server, making it a second
>>>> Domain
>>>> Controller, I get this error message at the end of the process:
>>>> Error Installing Active Directory (Windows error Tittle).
>>>> Error in the operation due to:
>>>> Directory services can't replicate the partition DC=Domain, DC=
>>>> Local
>>>> from
>>>> the remote server MyServer.Domain.Local
>>>> "The Replication Operation find an error in the Data Base"
>>>> Any suggestions?
>>>> I check in microsoft sites, and I didn't found any help.
>>>>
>>>> thanks in advance for your answers...
>>>>
>>>> Note: DC Server has Windows in English, the second server has
>>>> Windows in sopanish...can affect this?
>>>>
>>>> regards
>>>>
>>>> Luis Falch Rojas
>>>>
>
>
Re: Adding 2cond DC -- Meinolf Weber -- Continue.... [message #163482 is a reply to message #163475] Tue, 02 June 2009 16:45 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello Luis,

Let's start with an unedited ipconfig /all from the new and the old DC. Also
post one from a problem client.

Is the new DC also DNS server and are the clients configured to use it as
primary DNS on the NIC and the old one as secondary?

What error messages do you get when the problems occur?

The new DC is checkedas Global catalog in AD Sites and services and theb
5 FSMO roles are on the new DC? Please run "netdom query fsmo" and also "schupgr"
and post the output.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hi...
>
> Finally I follow the procedure you describe (please see below for
> more information about the problem). Problem was Data Corruption in
> NTDS Database...(http://support.microsoft.com/?id=315131).
>
> Onces was solved Data Corruption I foolow your suggestion, and I was
> able to
> Add a Win2003 R2 MEmber Server as a secondary DC.
> After This I continue your procedure, in order to move Global catalogs
> and
> roles to the new server in order to promote it as a First DC, and
> Demote the
> old One.
> Problem Here is that when I turn off old DC, I still having some
> problems in my network (user logon, Sharing resources, etc).
>
> What Can I do in order to make sure that my new server is My DC, that
> it hold Global catalog and all the necessary information, And I can
> Demote and delete my old server.
>
> thanks in advance for your help in this issue...
>
> Reghards
>
> Luis Falch
>
> **************************************** Old Post about this subject
> *******************************************
>
> Thank you very much for your help...
>
> I will work on it.
>
> regards..
>
> Luis Falch
>
> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
> news:ff16fb661bc008cb6bff92f03acd@msnews.microsoft.com...
>
>> Hello Luis,
>>
>> !!!NEVER START BEFORE HAVING CREATED AND TESTED A BACKUP OF YOUR
>> DATA/MACHINE!!!
>>
>> One question first:
>> Is the old server also Exchange server and will it be taken out of
>> the
>> domain forever, when the new server is running?
>> - On the old server open DNS management console and check that you
>> are running Active directory integrated zone (easier for replication,
>> if you have more then one DNS server)
>>
>> - run replmon from the run line or repadmin /showrepl (only if more
>> then one DC exist), dcdiag and netdiag from the command prompt on the
>> old machine to check for errors, if you have some post the complete
>> output from the command here or solve them first. For this tools you
>> have to install the support\tools\suptools.msi from the 2000
>> installation disk.
>>
>> - run adprep /forestprep and adprep /domainprep from the 2003
>> installation disk against the 2000 server, with an account that is
>> member of the Schema admins, to upgrade the schema to the new version
>>
>> - Install the new machine as a member server in your existing domain
>>
>> - configure a fixed ip and set the preferred DNS server to the old
>> DNS server only
>>
>> - run dcpromo and follow the wizard to add the 2003 server to an
>> existing domain
>>
>> - if you are prompted for DNS configuration choose Yes (also possible
>> that no DNS preparation occur), then install DNS after the reboot
>>
>> - for DNS give the server time for replication, at least 15 minutes.
>> Because you use Active directory integrated zones it will
>> automatically replicate the zones to the new server. Open DNS
>> management console to check that they appear
>>
>> - if the new machine is domain controller and DNS server run again
>> replmon, dcdiag and netdiag on both domain controllers
>>
>> - if you have no errors, make the new server Global catalog server,
>> open Active directory Sites and Services and then double-click
>> sitename, double-click Servers, click your domain controller,
>> right-click NTDS Settings, and then click Properties, on the General
>> tab, click to select the Global catalog check box
>> (http://support.microsoft.com/?id=313994)
>>
>> - Transfer, NOT seize the 5 FSMO roles to the new Domain controller
>> (http://support.microsoft.com/kb/324801)
>>
>> - you can see in the event viewer (Directory service) that the roles
>> are transferred, also give it some time
>>
>> - reconfigure the DNS configuration on your NIC of the 2003 server,
>> preferred DNS itself, secondary the old one
>>
>> - if you use DHCP do not forget to reconfigure the scope settings to
>> point to the new installed DNS server
>>
>> - export and import of DHCP database (if needed)
>> (http://support.microsoft.com/kb/325473)
>> Demoting the old DC (if needed)
>>
>> - reconfigure your clients/servers that they not longer point to the
>> old DC/DNS server on the NIC
>>
>> - to be sure that everything runs fine, disconnect the old DC from
>> the network and check with clients and servers the connectivity,
>> logon and also with one client a restart to see that everything is ok
>>
>> - then run dcpromo to demote the old DC, if it works fine the machine
>> will move from the DC's OU to the computers container, where you can
>> delete it by hand. Can be that you got an error during demoting at
>> the beginning, then uncheck the Global catalog on that DC and try
>> again
>>
>> - check the DNS management console, that all entries from the machine
>> are disappeared or delete them by hand if the machine is off the
>> network for ever
>>
>> - also you have to start AD sites and services and delete the old
>> servername under the site, this will not be done during demotion
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> Thanks for your answer...
>>> yes, I install windows 2000, and I join this computer to the domain
>>> as
>>> a
>>> member server. The idea was to upgrade this secondary domain
>>> controller to
>>> win2003 after it is a DC of the domain (the 1st DC is to old, and we
>>> wan't
>>> give a long vacation).
>>> I run both test. The result was:
>>> NetDiag: [Fatal] Failde to get system information of this Machine
>>> DCDiag: most of test run succesfully, except this:
>>> Starting test: Services
>>> * Checking Service: Dnscache
>>> * Checking Service: NtFrs
>>> NtFrs Service is stopped on [DBISERVER]
>>> * Checking Service: IsmServ
>>> * Checking Service: kdc
>>> * Checking Service: SamSs
>>> * Checking Service: LanmanServer
>>> * Checking Service: LanmanWorkstation
>>> * Checking Service: RpcSs
>>> * Checking Service: RPCLOCATOR
>>> * Checking Service: w32time
>>> * Checking Service: TrkWks
>>> * Checking Service: TrkSvr
>>> * Checking Service: NETLOGON
>>> * Checking Service: Dnscache
>>> * Checking Service: NtFrs
>>> SMTPSVC Service is stopped on [DBISERVER]
>>> ......................... DBISERVER failed test Services
>>> Starting test: systemlog
>>> * The System Event log test
>>> An Error Event occured. EventID: 0x0000041B
>>> Time Generated: 03/05/2009 17:23:06
>>> Event String: The DHCP/BINL service has determined that it
>>> is
>>> not authorized to service clients on this network
>>> for the Windows domain: dbibolivia.local.
>>> An Error Event occured. EventID: 0x80001778
>>> Time Generated: 03/05/2009 17:30:38
>>> Event String: The previous system shutdown at 5:26:46 PM
>>> on
>>> 3/5/2009 was unexpected.
>>> An Error Event occured. EventID: 0xC0001B65
>>> Time Generated: 03/05/2009 17:32:26
>>> (Event String could not be retrieved)
>>> An Error Event occured. EventID: 0x0000041B
>>> Time Generated: 03/05/2009 17:33:31
>>> Event String: The DHCP/BINL service has determined that it
>>> is
>>> not authorized to service clients on this network
>>> for the Windows domain: dbibolivia.local.
>>> ......................... DBISERVER failed test systemlog
>>> ............................................................ ........
>>> ..
>>> ............................................................ .....
>>> If you have any other way to upgrade our domain to win2003, please
>>> let
>>> me know. I don't want to change domain name, or users, and I try to
>>> avoid migrate all user profiles in the case of setup a new domain.
>>> thanks in advance for your help...
>>>
>>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
>>> news:ff16fb661bbc78cb6bf1f7c9acfd@msnews.microsoft.com...
>>>
>>>> Hello Luis,
>>>>
>>>> To get you correct, you installed a new 2000 server instead of
>>>> 2003?
>>>>
>>>> When you open AD sites and services under the sites, is there any
>>>> additional entry except the running DC under the servers listed?
>>>>
>>>> The new 2000 is added as a member to the existing domain and you
>>>> use the existing DC/DNS server only as the preferred DNS on the
>>>> NIC?
>>>>
>>>> On the existing DC run diagnostic tools dcdiag /v, netdiag /v to
>>>> check for errors. If some exist please post the complete output
>>>> here.
>>>>
>>>> Best regards
>>>>
>>>> Meinolf Weber
>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>> and
>>>> confers no rights.
>>>> ** Please do NOT email, only reply to Newsgroups
>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>> Hi
>>>>>
>>>>> I have a domain controller (win 2000 Adv. Server), and I want to
>>>>> migrate to
>>>>> win2003; I just setup another win2000 Adv. Server in order to
>>>>> proceed
>>>>> with
>>>>> the upgrade from 2000 to 2003 domain.
>>>>> When I run DCPROMO command in the second server, making it a
>>>>> second
>>>>> Domain
>>>>> Controller, I get this error message at the end of the process:
>>>>> Error Installing Active Directory (Windows error Tittle).
>>>>> Error in the operation due to:
>>>>> Directory services can't replicate the partition DC=Domain, DC=
>>>>> Local
>>>>> from
>>>>> the remote server MyServer.Domain.Local
>>>>> "The Replication Operation find an error in the Data Base"
>>>>> Any suggestions?
>>>>> I check in microsoft sites, and I didn't found any help.
>>>>> thanks in advance for your answers...
>>>>>
>>>>> Note: DC Server has Windows in English, the second server has
>>>>> Windows in sopanish...can affect this?
>>>>>
>>>>> regards
>>>>>
>>>>> Luis Falch Rojas
>>>>>
Re: Adding 2cond DC -- Meinolf Weber -- Continue.... [message #163484 is a reply to message #163475] Tue, 02 June 2009 17:13 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello Luis,

Please post the ipconfig /all from the servers/client as requested.

Are all machines registered in the new DNS server? What kind of zone do you
run?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> thanks for your answer...
>
> actually problem in client computer is that when a xp domain member
> try to go to another XP or member server in the domain (when the old
> DC is down) remote resourse ask for network credentials....
>
> About DNS, yes, DNS service is installed on a New DC. I have another
> DNS Server, is a child DNS in a domain forwarding to a firewall DNS
> (for internet connections.
>
> 5 FSMO Roles --> all them pointing to New DC Server
>
> When I run "schupgr" output is:
> Opened Connection to NewDC
> SSPI Bind Succeeded
> Current Schema Version is 31
> ERROR: Cannot obtain schema version to upgrade to:1
> any suggestions..?
>
> thanks in advance for your answer...
>
> Regards
>
> Luis F.
>
> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
> news:ff16fb6625c348cbb1eafa6a741d@msnews.microsoft.com...
>
>> Hello Luis,
>>
>> Let's start with an unedited ipconfig /all from the new and the old
>> DC. Also post one from a problem client.
>>
>> Is the new DC also DNS server and are the clients configured to use
>> it as primary DNS on the NIC and the old one as secondary?
>>
>> What error messages do you get when the problems occur?
>>
>> The new DC is checkedas Global catalog in AD Sites and services and
>> theb 5 FSMO roles are on the new DC? Please run "netdom query fsmo"
>> and also "schupgr" and post the output.
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> Hi...
>>>
>>> Finally I follow the procedure you describe (please see below for
>>> more information about the problem). Problem was Data Corruption in
>>> NTDS Database...(http://support.microsoft.com/?id=315131).
>>>
>>> Onces was solved Data Corruption I foolow your suggestion, and I was
>>> able to
>>> Add a Win2003 R2 MEmber Server as a secondary DC.
>>> After This I continue your procedure, in order to move Global
>>> catalogs
>>> and
>>> roles to the new server in order to promote it as a First DC, and
>>> Demote the
>>> old One.
>>> Problem Here is that when I turn off old DC, I still having some
>>> problems in my network (user logon, Sharing resources, etc).
>>> What Can I do in order to make sure that my new server is My DC,
>>> that it hold Global catalog and all the necessary information, And I
>>> can Demote and delete my old server.
>>>
>>> thanks in advance for your help in this issue...
>>>
>>> Reghards
>>>
>>> Luis Falch
>>>
>>> **************************************** Old Post about this
>>> subject *******************************************
>>>
>>> Thank you very much for your help...
>>>
>>> I will work on it.
>>>
>>> regards..
>>>
>>> Luis Falch
>>>
>>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
>>> news:ff16fb661bc008cb6bff92f03acd@msnews.microsoft.com...
>>>
>>>> Hello Luis,
>>>>
>>>> !!!NEVER START BEFORE HAVING CREATED AND TESTED A BACKUP OF YOUR
>>>> DATA/MACHINE!!!
>>>>
>>>> One question first:
>>>> Is the old server also Exchange server and will it be taken out of
>>>> the
>>>> domain forever, when the new server is running?
>>>> - On the old server open DNS management console and check that you
>>>> are running Active directory integrated zone (easier for
>>>> replication,
>>>> if you have more then one DNS server)
>>>> - run replmon from the run line or repadmin /showrepl (only if more
>>>> then one DC exist), dcdiag and netdiag from the command prompt on
>>>> the old machine to check for errors, if you have some post the
>>>> complete output from the command here or solve them first. For this
>>>> tools you have to install the support\tools\suptools.msi from the
>>>> 2000 installation disk.
>>>>
>>>> - run adprep /forestprep and adprep /domainprep from the 2003
>>>> installation disk against the 2000 server, with an account that is
>>>> member of the Schema admins, to upgrade the schema to the new
>>>> version
>>>>
>>>> - Install the new machine as a member server in your existing
>>>> domain
>>>>
>>>> - configure a fixed ip and set the preferred DNS server to the old
>>>> DNS server only
>>>>
>>>> - run dcpromo and follow the wizard to add the 2003 server to an
>>>> existing domain
>>>>
>>>> - if you are prompted for DNS configuration choose Yes (also
>>>> possible that no DNS preparation occur), then install DNS after the
>>>> reboot
>>>>
>>>> - for DNS give the server time for replication, at least 15
>>>> minutes. Because you use Active directory integrated zones it will
>>>> automatically replicate the zones to the new server. Open DNS
>>>> management console to check that they appear
>>>>
>>>> - if the new machine is domain controller and DNS server run again
>>>> replmon, dcdiag and netdiag on both domain controllers
>>>>
>>>> - if you have no errors, make the new server Global catalog server,
>>>> open Active directory Sites and Services and then double-click
>>>> sitename, double-click Servers, click your domain controller,
>>>> right-click NTDS Settings, and then click Properties, on the
>>>> General tab, click to select the Global catalog check box
>>>> (http://support.microsoft.com/?id=313994)
>>>>
>>>> - Transfer, NOT seize the 5 FSMO roles to the new Domain controller
>>>> (http://support.microsoft.com/kb/324801)
>>>>
>>>> - you can see in the event viewer (Directory service) that the
>>>> roles are transferred, also give it some time
>>>>
>>>> - reconfigure the DNS configuration on your NIC of the 2003 server,
>>>> preferred DNS itself, secondary the old one
>>>>
>>>> - if you use DHCP do not forget to reconfigure the scope settings
>>>> to point to the new installed DNS server
>>>>
>>>> - export and import of DHCP database (if needed)
>>>> (http://support.microsoft.com/kb/325473)
>>>> Demoting the old DC (if needed)
>>>> - reconfigure your clients/servers that they not longer point to
>>>> the old DC/DNS server on the NIC
>>>>
>>>> - to be sure that everything runs fine, disconnect the old DC from
>>>> the network and check with clients and servers the connectivity,
>>>> logon and also with one client a restart to see that everything is
>>>> ok
>>>>
>>>> - then run dcpromo to demote the old DC, if it works fine the
>>>> machine will move from the DC's OU to the computers container,
>>>> where you can delete it by hand. Can be that you got an error
>>>> during demoting at the beginning, then uncheck the Global catalog
>>>> on that DC and try again
>>>>
>>>> - check the DNS management console, that all entries from the
>>>> machine are disappeared or delete them by hand if the machine is
>>>> off the network for ever
>>>>
>>>> - also you have to start AD sites and services and delete the old
>>>> servername under the site, this will not be done during demotion
>>>>
>>>> Best regards
>>>>
>>>> Meinolf Weber
>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>> and
>>>> confers no rights.
>>>> ** Please do NOT email, only reply to Newsgroups
>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>> Thanks for your answer...
>>>>> yes, I install windows 2000, and I join this computer to the
>>>>> domain
>>>>> as
>>>>> a
>>>>> member server. The idea was to upgrade this secondary domain
>>>>> controller to
>>>>> win2003 after it is a DC of the domain (the 1st DC is to old, and
>>>>> we
>>>>> wan't
>>>>> give a long vacation).
>>>>> I run both test. The result was:
>>>>> NetDiag: [Fatal] Failde to get system information of this Machine
>>>>> DCDiag: most of test run succesfully, except this:
>>>>> Starting test: Services
>>>>> * Checking Service: Dnscache
>>>>> * Checking Service: NtFrs
>>>>> NtFrs Service is stopped on [DBISERVER]
>>>>> * Checking Service: IsmServ
>>>>> * Checking Service: kdc
>>>>> * Checking Service: SamSs
>>>>> * Checking Service: LanmanServer
>>>>> * Checking Service: LanmanWorkstation
>>>>> * Checking Service: RpcSs
>>>>> * Checking Service: RPCLOCATOR
>>>>> * Checking Service: w32time
>>>>> * Checking Service: TrkWks
>>>>> * Checking Service: TrkSvr
>>>>> * Checking Service: NETLOGON
>>>>> * Checking Service: Dnscache
>>>>> * Checking Service: NtFrs
>>>>> SMTPSVC Service is stopped on [DBISERVER]
>>>>> ......................... DBISERVER failed test Services
>>>>> Starting test: systemlog
>>>>> * The System Event log test
>>>>> An Error Event occured. EventID: 0x0000041B
>>>>> Time Generated: 03/05/2009 17:23:06
>>>>> Event String: The DHCP/BINL service has determined that it
>>>>> is
>>>>> not authorized to service clients on this network
>>>>> for the Windows domain: dbibolivia.local.
>>>>> An Error Event occured. EventID: 0x80001778
>>>>> Time Generated: 03/05/2009 17:30:38
>>>>> Event String: The previous system shutdown at 5:26:46 PM
>>>>> on
>>>>> 3/5/2009 was unexpected.
>>>>> An Error Event occured. EventID: 0xC0001B65
>>>>> Time Generated: 03/05/2009 17:32:26
>>>>> (Event String could not be retrieved)
>>>>> An Error Event occured. EventID: 0x0000041B
>>>>> Time Generated: 03/05/2009 17:33:31
>>>>> Event String: The DHCP/BINL service has determined that it
>>>>> is
>>>>> not authorized to service clients on this network
>>>>> for the Windows domain: dbibolivia.local.
>>>>> ......................... DBISERVER failed test systemlog
>>>>> ............................................................ ......
>>>>> ..
>>>>> ..
>>>>> ............................................................ .....
>>>>> If you have any other way to upgrade our domain to win2003, please
>>>>> let
>>>>> me know. I don't want to change domain name, or users, and I try
>>>>> to
>>>>> avoid migrate all user profiles in the case of setup a new domain.
>>>>> thanks in advance for your help...
>>>>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
>>>>> news:ff16fb661bbc78cb6bf1f7c9acfd@msnews.microsoft.com...
>>>>>
>>>>>> Hello Luis,
>>>>>>
>>>>>> To get you correct, you installed a new 2000 server instead of
>>>>>> 2003?
>>>>>>
>>>>>> When you open AD sites and services under the sites, is there any
>>>>>> additional entry except the running DC under the servers listed?
>>>>>>
>>>>>> The new 2000 is added as a member to the existing domain and you
>>>>>> use the existing DC/DNS server only as the preferred DNS on the
>>>>>> NIC?
>>>>>>
>>>>>> On the existing DC run diagnostic tools dcdiag /v, netdiag /v to
>>>>>> check for errors. If some exist please post the complete output
>>>>>> here.
>>>>>>
>>>>>> Best regards
>>>>>>
>>>>>> Meinolf Weber
>>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>>>> and
>>>>>> confers no rights.
>>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>>> ** HELP us help YOU!!!
>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>>> Hi
>>>>>>>
>>>>>>> I have a domain controller (win 2000 Adv. Server), and I want to
>>>>>>> migrate to
>>>>>>> win2003; I just setup another win2000 Adv. Server in order to
>>>>>>> proceed
>>>>>>> with
>>>>>>> the upgrade from 2000 to 2003 domain.
>>>>>>> When I run DCPROMO command in the second server, making it a
>>>>>>> second
>>>>>>> Domain
>>>>>>> Controller, I get this error message at the end of the process:
>>>>>>> Error Installing Active Directory (Windows error Tittle).
>>>>>>> Error in the operation due to:
>>>>>>> Directory services can't replicate the partition DC=Domain, DC=
>>>>>>> Local
>>>>>>> from
>>>>>>> the remote server MyServer.Domain.Local
>>>>>>> "The Replication Operation find an error in the Data Base"
>>>>>>> Any suggestions?
>>>>>>> I check in microsoft sites, and I didn't found any help.
>>>>>>> thanks in advance for your answers...
>>>>>>> Note: DC Server has Windows in English, the second server has
>>>>>>> Windows in sopanish...can affect this?
>>>>>>>
>>>>>>> regards
>>>>>>>
>>>>>>> Luis Falch Rojas
>>>>>>>
Re: Adding 2cond DC -- Meinolf Weber -- Continue.... [message #163488 is a reply to message #163482] Tue, 02 June 2009 17:03 Go to previous messageGo to next message
Luis Falch Rojas  is currently offline Luis Falch Rojas  Bolivia
Messages: 14
Registered: August 2009
Junior Member
thanks for your answer...

actually problem in client computer is that when a xp domain member try to
go to another XP or member server in the domain (when the old DC is down)
remote resourse ask for network credentials....

About DNS, yes, DNS service is installed on a New DC. I have another DNS
Server, is a child DNS in a domain forwarding to a firewall DNS (for
internet connections.

5 FSMO Roles --> all them pointing to New DC Server

When I run "schupgr" output is:
Opened Connection to NewDC
SSPI Bind Succeeded
Current Schema Version is 31
ERROR: Cannot obtain schema version to upgrade to:1

any suggestions..?

thanks in advance for your answer...

Regards

Luis F.



"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb6625c348cbb1eafa6a741d@msnews.microsoft.com...
> Hello Luis,
>
> Let's start with an unedited ipconfig /all from the new and the old DC.
> Also post one from a problem client.
>
> Is the new DC also DNS server and are the clients configured to use it as
> primary DNS on the NIC and the old one as secondary?
>
> What error messages do you get when the problems occur?
>
> The new DC is checkedas Global catalog in AD Sites and services and theb 5
> FSMO roles are on the new DC? Please run "netdom query fsmo" and also
> "schupgr" and post the output.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> Hi...
>>
>> Finally I follow the procedure you describe (please see below for
>> more information about the problem). Problem was Data Corruption in
>> NTDS Database...(http://support.microsoft.com/?id=315131).
>>
>> Onces was solved Data Corruption I foolow your suggestion, and I was
>> able to
>> Add a Win2003 R2 MEmber Server as a secondary DC.
>> After This I continue your procedure, in order to move Global catalogs
>> and
>> roles to the new server in order to promote it as a First DC, and
>> Demote the
>> old One.
>> Problem Here is that when I turn off old DC, I still having some
>> problems in my network (user logon, Sharing resources, etc).
>>
>> What Can I do in order to make sure that my new server is My DC, that
>> it hold Global catalog and all the necessary information, And I can
>> Demote and delete my old server.
>>
>> thanks in advance for your help in this issue...
>>
>> Reghards
>>
>> Luis Falch
>>
>> **************************************** Old Post about this subject
>> *******************************************
>>
>> Thank you very much for your help...
>>
>> I will work on it.
>>
>> regards..
>>
>> Luis Falch
>>
>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
>> news:ff16fb661bc008cb6bff92f03acd@msnews.microsoft.com...
>>
>>> Hello Luis,
>>>
>>> !!!NEVER START BEFORE HAVING CREATED AND TESTED A BACKUP OF YOUR
>>> DATA/MACHINE!!!
>>>
>>> One question first:
>>> Is the old server also Exchange server and will it be taken out of
>>> the
>>> domain forever, when the new server is running?
>>> - On the old server open DNS management console and check that you
>>> are running Active directory integrated zone (easier for replication,
>>> if you have more then one DNS server)
>>>
>>> - run replmon from the run line or repadmin /showrepl (only if more
>>> then one DC exist), dcdiag and netdiag from the command prompt on the
>>> old machine to check for errors, if you have some post the complete
>>> output from the command here or solve them first. For this tools you
>>> have to install the support\tools\suptools.msi from the 2000
>>> installation disk.
>>>
>>> - run adprep /forestprep and adprep /domainprep from the 2003
>>> installation disk against the 2000 server, with an account that is
>>> member of the Schema admins, to upgrade the schema to the new version
>>>
>>> - Install the new machine as a member server in your existing domain
>>>
>>> - configure a fixed ip and set the preferred DNS server to the old
>>> DNS server only
>>>
>>> - run dcpromo and follow the wizard to add the 2003 server to an
>>> existing domain
>>>
>>> - if you are prompted for DNS configuration choose Yes (also possible
>>> that no DNS preparation occur), then install DNS after the reboot
>>>
>>> - for DNS give the server time for replication, at least 15 minutes.
>>> Because you use Active directory integrated zones it will
>>> automatically replicate the zones to the new server. Open DNS
>>> management console to check that they appear
>>>
>>> - if the new machine is domain controller and DNS server run again
>>> replmon, dcdiag and netdiag on both domain controllers
>>>
>>> - if you have no errors, make the new server Global catalog server,
>>> open Active directory Sites and Services and then double-click
>>> sitename, double-click Servers, click your domain controller,
>>> right-click NTDS Settings, and then click Properties, on the General
>>> tab, click to select the Global catalog check box
>>> (http://support.microsoft.com/?id=313994)
>>>
>>> - Transfer, NOT seize the 5 FSMO roles to the new Domain controller
>>> (http://support.microsoft.com/kb/324801)
>>>
>>> - you can see in the event viewer (Directory service) that the roles
>>> are transferred, also give it some time
>>>
>>> - reconfigure the DNS configuration on your NIC of the 2003 server,
>>> preferred DNS itself, secondary the old one
>>>
>>> - if you use DHCP do not forget to reconfigure the scope settings to
>>> point to the new installed DNS server
>>>
>>> - export and import of DHCP database (if needed)
>>> (http://support.microsoft.com/kb/325473)
>>> Demoting the old DC (if needed)
>>>
>>> - reconfigure your clients/servers that they not longer point to the
>>> old DC/DNS server on the NIC
>>>
>>> - to be sure that everything runs fine, disconnect the old DC from
>>> the network and check with clients and servers the connectivity,
>>> logon and also with one client a restart to see that everything is ok
>>>
>>> - then run dcpromo to demote the old DC, if it works fine the machine
>>> will move from the DC's OU to the computers container, where you can
>>> delete it by hand. Can be that you got an error during demoting at
>>> the beginning, then uncheck the Global catalog on that DC and try
>>> again
>>>
>>> - check the DNS management console, that all entries from the machine
>>> are disappeared or delete them by hand if the machine is off the
>>> network for ever
>>>
>>> - also you have to start AD sites and services and delete the old
>>> servername under the site, this will not be done during demotion
>>>
>>> Best regards
>>>
>>> Meinolf Weber
>>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>>> confers no rights.
>>> ** Please do NOT email, only reply to Newsgroups
>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>> Thanks for your answer...
>>>> yes, I install windows 2000, and I join this computer to the domain
>>>> as
>>>> a
>>>> member server. The idea was to upgrade this secondary domain
>>>> controller to
>>>> win2003 after it is a DC of the domain (the 1st DC is to old, and we
>>>> wan't
>>>> give a long vacation).
>>>> I run both test. The result was:
>>>> NetDiag: [Fatal] Failde to get system information of this Machine
>>>> DCDiag: most of test run succesfully, except this:
>>>> Starting test: Services
>>>> * Checking Service: Dnscache
>>>> * Checking Service: NtFrs
>>>> NtFrs Service is stopped on [DBISERVER]
>>>> * Checking Service: IsmServ
>>>> * Checking Service: kdc
>>>> * Checking Service: SamSs
>>>> * Checking Service: LanmanServer
>>>> * Checking Service: LanmanWorkstation
>>>> * Checking Service: RpcSs
>>>> * Checking Service: RPCLOCATOR
>>>> * Checking Service: w32time
>>>> * Checking Service: TrkWks
>>>> * Checking Service: TrkSvr
>>>> * Checking Service: NETLOGON
>>>> * Checking Service: Dnscache
>>>> * Checking Service: NtFrs
>>>> SMTPSVC Service is stopped on [DBISERVER]
>>>> ......................... DBISERVER failed test Services
>>>> Starting test: systemlog
>>>> * The System Event log test
>>>> An Error Event occured. EventID: 0x0000041B
>>>> Time Generated: 03/05/2009 17:23:06
>>>> Event String: The DHCP/BINL service has determined that it
>>>> is
>>>> not authorized to service clients on this network
>>>> for the Windows domain: dbibolivia.local.
>>>> An Error Event occured. EventID: 0x80001778
>>>> Time Generated: 03/05/2009 17:30:38
>>>> Event String: The previous system shutdown at 5:26:46 PM
>>>> on
>>>> 3/5/2009 was unexpected.
>>>> An Error Event occured. EventID: 0xC0001B65
>>>> Time Generated: 03/05/2009 17:32:26
>>>> (Event String could not be retrieved)
>>>> An Error Event occured. EventID: 0x0000041B
>>>> Time Generated: 03/05/2009 17:33:31
>>>> Event String: The DHCP/BINL service has determined that it
>>>> is
>>>> not authorized to service clients on this network
>>>> for the Windows domain: dbibolivia.local.
>>>> ......................... DBISERVER failed test systemlog
>>>> ............................................................ ........
>>>> ..
>>>> ............................................................ .....
>>>> If you have any other way to upgrade our domain to win2003, please
>>>> let
>>>> me know. I don't want to change domain name, or users, and I try to
>>>> avoid migrate all user profiles in the case of setup a new domain.
>>>> thanks in advance for your help...
>>>>
>>>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
>>>> news:ff16fb661bbc78cb6bf1f7c9acfd@msnews.microsoft.com...
>>>>
>>>>> Hello Luis,
>>>>>
>>>>> To get you correct, you installed a new 2000 server instead of
>>>>> 2003?
>>>>>
>>>>> When you open AD sites and services under the sites, is there any
>>>>> additional entry except the running DC under the servers listed?
>>>>>
>>>>> The new 2000 is added as a member to the existing domain and you
>>>>> use the existing DC/DNS server only as the preferred DNS on the
>>>>> NIC?
>>>>>
>>>>> On the existing DC run diagnostic tools dcdiag /v, netdiag /v to
>>>>> check for errors. If some exist please post the complete output
>>>>> here.
>>>>>
>>>>> Best regards
>>>>>
>>>>> Meinolf Weber
>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>>> and
>>>>> confers no rights.
>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>> Hi
>>>>>>
>>>>>> I have a domain controller (win 2000 Adv. Server), and I want to
>>>>>> migrate to
>>>>>> win2003; I just setup another win2000 Adv. Server in order to
>>>>>> proceed
>>>>>> with
>>>>>> the upgrade from 2000 to 2003 domain.
>>>>>> When I run DCPROMO command in the second server, making it a
>>>>>> second
>>>>>> Domain
>>>>>> Controller, I get this error message at the end of the process:
>>>>>> Error Installing Active Directory (Windows error Tittle).
>>>>>> Error in the operation due to:
>>>>>> Directory services can't replicate the partition DC=Domain, DC=
>>>>>> Local
>>>>>> from
>>>>>> the remote server MyServer.Domain.Local
>>>>>> "The Replication Operation find an error in the Data Base"
>>>>>> Any suggestions?
>>>>>> I check in microsoft sites, and I didn't found any help.
>>>>>> thanks in advance for your answers...
>>>>>>
>>>>>> Note: DC Server has Windows in English, the second server has
>>>>>> Windows in sopanish...can affect this?
>>>>>>
>>>>>> regards
>>>>>>
>>>>>> Luis Falch Rojas
>>>>>>
>
>
Re: Adding 2cond DC -- Meinolf Weber -- Continue.... [message #163490 is a reply to message #163484] Tue, 02 June 2009 17:32 Go to previous messageGo to next message
Luis Falch Rojas  is currently offline Luis Falch Rojas  Bolivia
Messages: 14
Registered: August 2009
Junior Member
From Client Computer:

Windows IP Configuration:
Host Name ................................. : Name
Primary DNS Suffix ..................... : MyDomain.Local
Node Type .................................. : Unknown
IP Routing Enabled ...................... : No
WINS PRoxy Enabled ................ : No
DNS Suffix Search List: dbibolivia.local

Ethernet Adapter Local Area Connection:
Connection - Speciffic DNS Suffix:
Description ............................: Realtek RTL8102 Family PCI-E
Fast Ethernet NIC
Physical Address ...................: 00-19-66-98-1c-xx
DHCP Enabled ......................: No
IP Address ............................: 192.168.0.15
Subnet Mask .........................: 255.255.255.0
Default Gateway ....................: 192.168.0.10
DNS Servers .........................: 192.168.0.2


From Server Computer:

Windows IP Configuration:
Host Name ................................. : NewDC
Primary DNS Suffix ..................... : MyDomain.Local
Node Type .................................. : Unknown
IP Routing Enabled ...................... : No
WINS PRoxy Enabled ................ : No
DNS Suffix Search List ............... : dbibolivia.local

Ethernet Adapter Local Area Connection:
Connection - Speciffic DNS Suffix:
Description ............................: Intel (R) Pro/1000 MT Network
Connection
Physical Address ...................: 00-0C-29-AD-22-xx
DHCP Enabled ......................: No
IP Address ............................: 192.168.0.3
Subnet Mask .........................: 255.255.255.0
Default Gateway ....................: 192.168.0.10
DNS Servers .........................: 192.168.0.2



Old Domain Controller is similar , but IP is: 192.168.0.1.

yes all computers are in the new DNS Server. Forward and Reverse Zones in
new DNS Server.

thanks and regards


"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb6625c4e8cbb1eed4604e8d@msnews.microsoft.com...
> Hello Luis,
>
> Please post the ipconfig /all from the servers/client as requested.
>
> Are all machines registered in the new DNS server? What kind of zone do
> you run?
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> thanks for your answer...
>>
>> actually problem in client computer is that when a xp domain member
>> try to go to another XP or member server in the domain (when the old
>> DC is down) remote resourse ask for network credentials....
>>
>> About DNS, yes, DNS service is installed on a New DC. I have another
>> DNS Server, is a child DNS in a domain forwarding to a firewall DNS
>> (for internet connections.
>>
>> 5 FSMO Roles --> all them pointing to New DC Server
>>
>> When I run "schupgr" output is:
>> Opened Connection to NewDC
>> SSPI Bind Succeeded
>> Current Schema Version is 31
>> ERROR: Cannot obtain schema version to upgrade to:1
>> any suggestions..?
>>
>> thanks in advance for your answer...
>>
>> Regards
>>
>> Luis F.
>>
>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
>> news:ff16fb6625c348cbb1eafa6a741d@msnews.microsoft.com...
>>
>>> Hello Luis,
>>>
>>> Let's start with an unedited ipconfig /all from the new and the old
>>> DC. Also post one from a problem client.
>>>
>>> Is the new DC also DNS server and are the clients configured to use
>>> it as primary DNS on the NIC and the old one as secondary?
>>>
>>> What error messages do you get when the problems occur?
>>>
>>> The new DC is checkedas Global catalog in AD Sites and services and
>>> theb 5 FSMO roles are on the new DC? Please run "netdom query fsmo"
>>> and also "schupgr" and post the output.
>>>
>>> Best regards
>>>
>>> Meinolf Weber
>>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>>> confers no rights.
>>> ** Please do NOT email, only reply to Newsgroups
>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>> Hi...
>>>>
>>>> Finally I follow the procedure you describe (please see below for
>>>> more information about the problem). Problem was Data Corruption in
>>>> NTDS Database...(http://support.microsoft.com/?id=315131).
>>>>
>>>> Onces was solved Data Corruption I foolow your suggestion, and I was
>>>> able to
>>>> Add a Win2003 R2 MEmber Server as a secondary DC.
>>>> After This I continue your procedure, in order to move Global
>>>> catalogs
>>>> and
>>>> roles to the new server in order to promote it as a First DC, and
>>>> Demote the
>>>> old One.
>>>> Problem Here is that when I turn off old DC, I still having some
>>>> problems in my network (user logon, Sharing resources, etc).
>>>> What Can I do in order to make sure that my new server is My DC,
>>>> that it hold Global catalog and all the necessary information, And I
>>>> can Demote and delete my old server.
>>>>
>>>> thanks in advance for your help in this issue...
>>>>
>>>> Reghards
>>>>
>>>> Luis Falch
>>>>
>>>> **************************************** Old Post about this
>>>> subject *******************************************
>>>>
>>>> Thank you very much for your help...
>>>>
>>>> I will work on it.
>>>>
>>>> regards..
>>>>
>>>> Luis Falch
>>>>
>>>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
>>>> news:ff16fb661bc008cb6bff92f03acd@msnews.microsoft.com...
>>>>
>>>>> Hello Luis,
>>>>>
>>>>> !!!NEVER START BEFORE HAVING CREATED AND TESTED A BACKUP OF YOUR
>>>>> DATA/MACHINE!!!
>>>>>
>>>>> One question first:
>>>>> Is the old server also Exchange server and will it be taken out of
>>>>> the
>>>>> domain forever, when the new server is running?
>>>>> - On the old server open DNS management console and check that you
>>>>> are running Active directory integrated zone (easier for
>>>>> replication,
>>>>> if you have more then one DNS server)
>>>>> - run replmon from the run line or repadmin /showrepl (only if more
>>>>> then one DC exist), dcdiag and netdiag from the command prompt on
>>>>> the old machine to check for errors, if you have some post the
>>>>> complete output from the command here or solve them first. For this
>>>>> tools you have to install the support\tools\suptools.msi from the
>>>>> 2000 installation disk.
>>>>>
>>>>> - run adprep /forestprep and adprep /domainprep from the 2003
>>>>> installation disk against the 2000 server, with an account that is
>>>>> member of the Schema admins, to upgrade the schema to the new
>>>>> version
>>>>>
>>>>> - Install the new machine as a member server in your existing
>>>>> domain
>>>>>
>>>>> - configure a fixed ip and set the preferred DNS server to the old
>>>>> DNS server only
>>>>>
>>>>> - run dcpromo and follow the wizard to add the 2003 server to an
>>>>> existing domain
>>>>>
>>>>> - if you are prompted for DNS configuration choose Yes (also
>>>>> possible that no DNS preparation occur), then install DNS after the
>>>>> reboot
>>>>>
>>>>> - for DNS give the server time for replication, at least 15
>>>>> minutes. Because you use Active directory integrated zones it will
>>>>> automatically replicate the zones to the new server. Open DNS
>>>>> management console to check that they appear
>>>>>
>>>>> - if the new machine is domain controller and DNS server run again
>>>>> replmon, dcdiag and netdiag on both domain controllers
>>>>>
>>>>> - if you have no errors, make the new server Global catalog server,
>>>>> open Active directory Sites and Services and then double-click
>>>>> sitename, double-click Servers, click your domain controller,
>>>>> right-click NTDS Settings, and then click Properties, on the
>>>>> General tab, click to select the Global catalog check box
>>>>> (http://support.microsoft.com/?id=313994)
>>>>>
>>>>> - Transfer, NOT seize the 5 FSMO roles to the new Domain controller
>>>>> (http://support.microsoft.com/kb/324801)
>>>>>
>>>>> - you can see in the event viewer (Directory service) that the
>>>>> roles are transferred, also give it some time
>>>>>
>>>>> - reconfigure the DNS configuration on your NIC of the 2003 server,
>>>>> preferred DNS itself, secondary the old one
>>>>>
>>>>> - if you use DHCP do not forget to reconfigure the scope settings
>>>>> to point to the new installed DNS server
>>>>>
>>>>> - export and import of DHCP database (if needed)
>>>>> (http://support.microsoft.com/kb/325473)
>>>>> Demoting the old DC (if needed)
>>>>> - reconfigure your clients/servers that they not longer point to
>>>>> the old DC/DNS server on the NIC
>>>>>
>>>>> - to be sure that everything runs fine, disconnect the old DC from
>>>>> the network and check with clients and servers the connectivity,
>>>>> logon and also with one client a restart to see that everything is
>>>>> ok
>>>>>
>>>>> - then run dcpromo to demote the old DC, if it works fine the
>>>>> machine will move from the DC's OU to the computers container,
>>>>> where you can delete it by hand. Can be that you got an error
>>>>> during demoting at the beginning, then uncheck the Global catalog
>>>>> on that DC and try again
>>>>>
>>>>> - check the DNS management console, that all entries from the
>>>>> machine are disappeared or delete them by hand if the machine is
>>>>> off the network for ever
>>>>>
>>>>> - also you have to start AD sites and services and delete the old
>>>>> servername under the site, this will not be done during demotion
>>>>>
>>>>> Best regards
>>>>>
>>>>> Meinolf Weber
>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>>> and
>>>>> confers no rights.
>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>> Thanks for your answer...
>>>>>> yes, I install windows 2000, and I join this computer to the
>>>>>> domain
>>>>>> as
>>>>>> a
>>>>>> member server. The idea was to upgrade this secondary domain
>>>>>> controller to
>>>>>> win2003 after it is a DC of the domain (the 1st DC is to old, and
>>>>>> we
>>>>>> wan't
>>>>>> give a long vacation).
>>>>>> I run both test. The result was:
>>>>>> NetDiag: [Fatal] Failde to get system information of this Machine
>>>>>> DCDiag: most of test run succesfully, except this:
>>>>>> Starting test: Services
>>>>>> * Checking Service: Dnscache
>>>>>> * Checking Service: NtFrs
>>>>>> NtFrs Service is stopped on [DBISERVER]
>>>>>> * Checking Service: IsmServ
>>>>>> * Checking Service: kdc
>>>>>> * Checking Service: SamSs
>>>>>> * Checking Service: LanmanServer
>>>>>> * Checking Service: LanmanWorkstation
>>>>>> * Checking Service: RpcSs
>>>>>> * Checking Service: RPCLOCATOR
>>>>>> * Checking Service: w32time
>>>>>> * Checking Service: TrkWks
>>>>>> * Checking Service: TrkSvr
>>>>>> * Checking Service: NETLOGON
>>>>>> * Checking Service: Dnscache
>>>>>> * Checking Service: NtFrs
>>>>>> SMTPSVC Service is stopped on [DBISERVER]
>>>>>> ......................... DBISERVER failed test Services
>>>>>> Starting test: systemlog
>>>>>> * The System Event log test
>>>>>> An Error Event occured. EventID: 0x0000041B
>>>>>> Time Generated: 03/05/2009 17:23:06
>>>>>> Event String: The DHCP/BINL service has determined that it
>>>>>> is
>>>>>> not authorized to service clients on this network
>>>>>> for the Windows domain: dbibolivia.local.
>>>>>> An Error Event occured. EventID: 0x80001778
>>>>>> Time Generated: 03/05/2009 17:30:38
>>>>>> Event String: The previous system shutdown at 5:26:46 PM
>>>>>> on
>>>>>> 3/5/2009 was unexpected.
>>>>>> An Error Event occured. EventID: 0xC0001B65
>>>>>> Time Generated: 03/05/2009 17:32:26
>>>>>> (Event String could not be retrieved)
>>>>>> An Error Event occured. EventID: 0x0000041B
>>>>>> Time Generated: 03/05/2009 17:33:31
>>>>>> Event String: The DHCP/BINL service has determined that it
>>>>>> is
>>>>>> not authorized to service clients on this network
>>>>>> for the Windows domain: dbibolivia.local.
>>>>>> ......................... DBISERVER failed test systemlog
>>>>>> ............................................................ ......
>>>>>> ..
>>>>>> ..
>>>>>> ............................................................ .....
>>>>>> If you have any other way to upgrade our domain to win2003, please
>>>>>> let
>>>>>> me know. I don't want to change domain name, or users, and I try
>>>>>> to
>>>>>> avoid migrate all user profiles in the case of setup a new domain.
>>>>>> thanks in advance for your help...
>>>>>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
>>>>>> news:ff16fb661bbc78cb6bf1f7c9acfd@msnews.microsoft.com...
>>>>>>
>>>>>>> Hello Luis,
>>>>>>>
>>>>>>> To get you correct, you installed a new 2000 server instead of
>>>>>>> 2003?
>>>>>>>
>>>>>>> When you open AD sites and services under the sites, is there any
>>>>>>> additional entry except the running DC under the servers listed?
>>>>>>>
>>>>>>> The new 2000 is added as a member to the existing domain and you
>>>>>>> use the existing DC/DNS server only as the preferred DNS on the
>>>>>>> NIC?
>>>>>>>
>>>>>>> On the existing DC run diagnostic tools dcdiag /v, netdiag /v to
>>>>>>> check for errors. If some exist please post the complete output
>>>>>>> here.
>>>>>>>
>>>>>>> Best regards
>>>>>>>
>>>>>>> Meinolf Weber
>>>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>>>>> and
>>>>>>> confers no rights.
>>>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>>>> ** HELP us help YOU!!!
>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>>>> Hi
>>>>>>>>
>>>>>>>> I have a domain controller (win 2000 Adv. Server), and I want to
>>>>>>>> migrate to
>>>>>>>> win2003; I just setup another win2000 Adv. Server in order to
>>>>>>>> proceed
>>>>>>>> with
>>>>>>>> the upgrade from 2000 to 2003 domain.
>>>>>>>> When I run DCPROMO command in the second server, making it a
>>>>>>>> second
>>>>>>>> Domain
>>>>>>>> Controller, I get this error message at the end of the process:
>>>>>>>> Error Installing Active Directory (Windows error Tittle).
>>>>>>>> Error in the operation due to:
>>>>>>>> Directory services can't replicate the partition DC=Domain, DC=
>>>>>>>> Local
>>>>>>>> from
>>>>>>>> the remote server MyServer.Domain.Local
>>>>>>>> "The Replication Operation find an error in the Data Base"
>>>>>>>> Any suggestions?
>>>>>>>> I check in microsoft sites, and I didn't found any help.
>>>>>>>> thanks in advance for your answers...
>>>>>>>> Note: DC Server has Windows in English, the second server has
>>>>>>>> Windows in sopanish...can affect this?
>>>>>>>>
>>>>>>>> regards
>>>>>>>>
>>>>>>>> Luis Falch Rojas
>>>>>>>>
>
>
Re: Adding 2cond DC -- Meinolf Weber -- Continue.... [message #163492 is a reply to message #163490] Tue, 02 June 2009 17:50 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello Luis,

What is DNS server 192.168.0.2? Yous aid the old DC is x.x.x.1 and the new
is x.x.x.3. Additional you use MyDomain.Local as Primary DNS suffix and a
DNS Suffix Search List "dbibolivia.local"?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> From Client Computer:
>
> Windows IP Configuration:
> Host Name ................................. : Name
> Primary DNS Suffix ..................... : MyDomain.Local
> Node Type .................................. : Unknown
> IP Routing Enabled ...................... : No
> WINS PRoxy Enabled ................ : No
> DNS Suffix Search List: dbibolivia.local
> Ethernet Adapter Local Area Connection:
> Connection - Speciffic DNS Suffix:
> Description ............................: Realtek RTL8102 Family
> PCI-E
> Fast Ethernet NIC
> Physical Address ...................: 00-19-66-98-1c-xx
> DHCP Enabled ......................: No
> IP Address ............................: 192.168.0.15
> Subnet Mask .........................: 255.255.255.0
> Default Gateway ....................: 192.168.0.10
> DNS Servers .........................: 192.168.0.2
> From Server Computer:
>
> Windows IP Configuration:
> Host Name ................................. : NewDC
> Primary DNS Suffix ..................... : MyDomain.Local
> Node Type .................................. : Unknown
> IP Routing Enabled ...................... : No
> WINS PRoxy Enabled ................ : No
> DNS Suffix Search List ............... : dbibolivia.local
> Ethernet Adapter Local Area Connection:
> Connection - Speciffic DNS Suffix:
> Description ............................: Intel (R) Pro/1000 MT
> Network
> Connection
> Physical Address ...................: 00-0C-29-AD-22-xx
> DHCP Enabled ......................: No
> IP Address ............................: 192.168.0.3
> Subnet Mask .........................: 255.255.255.0
> Default Gateway ....................: 192.168.0.10
> DNS Servers .........................: 192.168.0.2
> Old Domain Controller is similar , but IP is: 192.168.0.1.
>
> yes all computers are in the new DNS Server. Forward and Reverse Zones
> in new DNS Server.
>
> thanks and regards
>
> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
> news:ff16fb6625c4e8cbb1eed4604e8d@msnews.microsoft.com...
>
>> Hello Luis,
>>
>> Please post the ipconfig /all from the servers/client as requested.
>>
>> Are all machines registered in the new DNS server? What kind of zone
>> do you run?
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> thanks for your answer...
>>>
>>> actually problem in client computer is that when a xp domain member
>>> try to go to another XP or member server in the domain (when the old
>>> DC is down) remote resourse ask for network credentials....
>>>
>>> About DNS, yes, DNS service is installed on a New DC. I have another
>>> DNS Server, is a child DNS in a domain forwarding to a firewall DNS
>>> (for internet connections.
>>>
>>> 5 FSMO Roles --> all them pointing to New DC Server
>>>
>>> When I run "schupgr" output is:
>>> Opened Connection to NewDC
>>> SSPI Bind Succeeded
>>> Current Schema Version is 31
>>> ERROR: Cannot obtain schema version to upgrade to:1
>>> any suggestions..?
>>> thanks in advance for your answer...
>>>
>>> Regards
>>>
>>> Luis F.
>>>
>>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
>>> news:ff16fb6625c348cbb1eafa6a741d@msnews.microsoft.com...
>>>
>>>> Hello Luis,
>>>>
>>>> Let's start with an unedited ipconfig /all from the new and the old
>>>> DC. Also post one from a problem client.
>>>>
>>>> Is the new DC also DNS server and are the clients configured to use
>>>> it as primary DNS on the NIC and the old one as secondary?
>>>>
>>>> What error messages do you get when the problems occur?
>>>>
>>>> The new DC is checkedas Global catalog in AD Sites and services and
>>>> theb 5 FSMO roles are on the new DC? Please run "netdom query fsmo"
>>>> and also "schupgr" and post the output.
>>>>
>>>> Best regards
>>>>
>>>> Meinolf Weber
>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>> and
>>>> confers no rights.
>>>> ** Please do NOT email, only reply to Newsgroups
>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>> Hi...
>>>>>
>>>>> Finally I follow the procedure you describe (please see below for
>>>>> more information about the problem). Problem was Data Corruption
>>>>> in NTDS Database...(http://support.microsoft.com/?id=315131).
>>>>>
>>>>> Onces was solved Data Corruption I foolow your suggestion, and I
>>>>> was
>>>>> able to
>>>>> Add a Win2003 R2 MEmber Server as a secondary DC.
>>>>> After This I continue your procedure, in order to move Global
>>>>> catalogs
>>>>> and
>>>>> roles to the new server in order to promote it as a First DC, and
>>>>> Demote the
>>>>> old One.
>>>>> Problem Here is that when I turn off old DC, I still having some
>>>>> problems in my network (user logon, Sharing resources, etc).
>>>>> What Can I do in order to make sure that my new server is My DC,
>>>>> that it hold Global catalog and all the necessary information, And
>>>>> I
>>>>> can Demote and delete my old server.
>>>>> thanks in advance for your help in this issue...
>>>>>
>>>>> Reghards
>>>>>
>>>>> Luis Falch
>>>>>
>>>>> **************************************** Old Post about this
>>>>> subject *******************************************
>>>>>
>>>>> Thank you very much for your help...
>>>>>
>>>>> I will work on it.
>>>>>
>>>>> regards..
>>>>>
>>>>> Luis Falch
>>>>>
>>>>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
>>>>> news:ff16fb661bc008cb6bff92f03acd@msnews.microsoft.com...
>>>>>
>>>>>> Hello Luis,
>>>>>>
>>>>>> !!!NEVER START BEFORE HAVING CREATED AND TESTED A BACKUP OF YOUR
>>>>>> DATA/MACHINE!!!
>>>>>>
>>>>>> One question first:
>>>>>> Is the old server also Exchange server and will it be taken out
>>>>>> of
>>>>>> the
>>>>>> domain forever, when the new server is running?
>>>>>> - On the old server open DNS management console and check that
>>>>>> you
>>>>>> are running Active directory integrated zone (easier for
>>>>>> replication,
>>>>>> if you have more then one DNS server)
>>>>>> - run replmon from the run line or repadmin /showrepl (only if
>>>>>> more
>>>>>> then one DC exist), dcdiag and netdiag from the command prompt on
>>>>>> the old machine to check for errors, if you have some post the
>>>>>> complete output from the command here or solve them first. For
>>>>>> this
>>>>>> tools you have to install the support\tools\suptools.msi from the
>>>>>> 2000 installation disk.
>>>>>> - run adprep /forestprep and adprep /domainprep from the 2003
>>>>>> installation disk against the 2000 server, with an account that
>>>>>> is member of the Schema admins, to upgrade the schema to the new
>>>>>> version
>>>>>>
>>>>>> - Install the new machine as a member server in your existing
>>>>>> domain
>>>>>>
>>>>>> - configure a fixed ip and set the preferred DNS server to the
>>>>>> old DNS server only
>>>>>>
>>>>>> - run dcpromo and follow the wizard to add the 2003 server to an
>>>>>> existing domain
>>>>>>
>>>>>> - if you are prompted for DNS configuration choose Yes (also
>>>>>> possible that no DNS preparation occur), then install DNS after
>>>>>> the reboot
>>>>>>
>>>>>> - for DNS give the server time for replication, at least 15
>>>>>> minutes. Because you use Active directory integrated zones it
>>>>>> will automatically replicate the zones to the new server. Open
>>>>>> DNS management console to check that they appear
>>>>>>
>>>>>> - if the new machine is domain controller and DNS server run
>>>>>> again replmon, dcdiag and netdiag on both domain controllers
>>>>>>
>>>>>> - if you have no errors, make the new server Global catalog
>>>>>> server, open Active directory Sites and Services and then
>>>>>> double-click sitename, double-click Servers, click your domain
>>>>>> controller, right-click NTDS Settings, and then click Properties,
>>>>>> on the General tab, click to select the Global catalog check box
>>>>>> (http://support.microsoft.com/?id=313994)
>>>>>>
>>>>>> - Transfer, NOT seize the 5 FSMO roles to the new Domain
>>>>>> controller (http://support.microsoft.com/kb/324801)
>>>>>>
>>>>>> - you can see in the event viewer (Directory service) that the
>>>>>> roles are transferred, also give it some time
>>>>>>
>>>>>> - reconfigure the DNS configuration on your NIC of the 2003
>>>>>> server, preferred DNS itself, secondary the old one
>>>>>>
>>>>>> - if you use DHCP do not forget to reconfigure the scope settings
>>>>>> to point to the new installed DNS server
>>>>>>
>>>>>> - export and import of DHCP database (if needed)
>>>>>> (http://support.microsoft.com/kb/325473)
>>>>>> Demoting the old DC (if needed)
>>>>>> - reconfigure your clients/servers that they not longer point to
>>>>>> the old DC/DNS server on the NIC
>>>>>> - to be sure that everything runs fine, disconnect the old DC
>>>>>> from the network and check with clients and servers the
>>>>>> connectivity, logon and also with one client a restart to see
>>>>>> that everything is ok
>>>>>>
>>>>>> - then run dcpromo to demote the old DC, if it works fine the
>>>>>> machine will move from the DC's OU to the computers container,
>>>>>> where you can delete it by hand. Can be that you got an error
>>>>>> during demoting at the beginning, then uncheck the Global catalog
>>>>>> on that DC and try again
>>>>>>
>>>>>> - check the DNS management console, that all entries from the
>>>>>> machine are disappeared or delete them by hand if the machine is
>>>>>> off the network for ever
>>>>>>
>>>>>> - also you have to start AD sites and services and delete the old
>>>>>> servername under the site, this will not be done during demotion
>>>>>>
>>>>>> Best regards
>>>>>>
>>>>>> Meinolf Weber
>>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>>>> and
>>>>>> confers no rights.
>>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>>> ** HELP us help YOU!!!
>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>>> Thanks for your answer...
>>>>>>> yes, I install windows 2000, and I join this computer to the
>>>>>>> domain
>>>>>>> as
>>>>>>> a
>>>>>>> member server. The idea was to upgrade this secondary domain
>>>>>>> controller to
>>>>>>> win2003 after it is a DC of the domain (the 1st DC is to old,
>>>>>>> and
>>>>>>> we
>>>>>>> wan't
>>>>>>> give a long vacation).
>>>>>>> I run both test. The result was:
>>>>>>> NetDiag: [Fatal] Failde to get system information of this
>>>>>>> Machine
>>>>>>> DCDiag: most of test run succesfully, except this:
>>>>>>> Starting test: Services
>>>>>>> * Checking Service: Dnscache
>>>>>>> * Checking Service: NtFrs
>>>>>>> NtFrs Service is stopped on [DBISERVER]
>>>>>>> * Checking Service: IsmServ
>>>>>>> * Checking Service: kdc
>>>>>>> * Checking Service: SamSs
>>>>>>> * Checking Service: LanmanServer
>>>>>>> * Checking Service: LanmanWorkstation
>>>>>>> * Checking Service: RpcSs
>>>>>>> * Checking Service: RPCLOCATOR
>>>>>>> * Checking Service: w32time
>>>>>>> * Checking Service: TrkWks
>>>>>>> * Checking Service: TrkSvr
>>>>>>> * Checking Service: NETLOGON
>>>>>>> * Checking Service: Dnscache
>>>>>>> * Checking Service: NtFrs
>>>>>>> SMTPSVC Service is stopped on [DBISERVER]
>>>>>>> ......................... DBISERVER failed test Services
>>>>>>> Starting test: systemlog
>>>>>>> * The System Event log test
>>>>>>> An Error Event occured. EventID: 0x0000041B
>>>>>>> Time Generated: 03/05/2009 17:23:06
>>>>>>> Event String: The DHCP/BINL service has determined that it
>>>>>>> is
>>>>>>> not authorized to service clients on this network
>>>>>>> for the Windows domain: dbibolivia.local.
>>>>>>> An Error Event occured. EventID: 0x80001778
>>>>>>> Time Generated: 03/05/2009 17:30:38
>>>>>>> Event String: The previous system shutdown at 5:26:46 PM
>>>>>>> on
>>>>>>> 3/5/2009 was unexpected.
>>>>>>> An Error Event occured. EventID: 0xC0001B65
>>>>>>> Time Generated: 03/05/2009 17:32:26
>>>>>>> (Event String could not be retrieved)
>>>>>>> An Error Event occured. EventID: 0x0000041B
>>>>>>> Time Generated: 03/05/2009 17:33:31
>>>>>>> Event String: The DHCP/BINL service has determined that it
>>>>>>> is
>>>>>>> not authorized to service clients on this network
>>>>>>> for the Windows domain: dbibolivia.local.
>>>>>>> ......................... DBISERVER failed test systemlog
>>>>>>> ............................................................ ....
>>>>>>> ..
>>>>>>> ..
>>>>>>> ..
>>>>>>> ............................................................ ....
>>>>>>> .
>>>>>>> If you have any other way to upgrade our domain to win2003,
>>>>>>> please
>>>>>>> let
>>>>>>> me know. I don't want to change domain name, or users, and I try
>>>>>>> to
>>>>>>> avoid migrate all user profiles in the case of setup a new
>>>>>>> domain.
>>>>>>> thanks in advance for your help...
>>>>>>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in
>>>>>>> message
>>>>>>> news:ff16fb661bbc78cb6bf1f7c9acfd@msnews.microsoft.com...
>>>>>>>> Hello Luis,
>>>>>>>>
>>>>>>>> To get you correct, you installed a new 2000 server instead of
>>>>>>>> 2003?
>>>>>>>>
>>>>>>>> When you open AD sites and services under the sites, is there
>>>>>>>> any additional entry except the running DC under the servers
>>>>>>>> listed?
>>>>>>>>
>>>>>>>> The new 2000 is added as a member to the existing domain and
>>>>>>>> you use the existing DC/DNS server only as the preferred DNS on
>>>>>>>> the NIC?
>>>>>>>>
>>>>>>>> On the existing DC run diagnostic tools dcdiag /v, netdiag /v
>>>>>>>> to check for errors. If some exist please post the complete
>>>>>>>> output here.
>>>>>>>>
>>>>>>>> Best regards
>>>>>>>>
>>>>>>>> Meinolf Weber
>>>>>>>> Disclaimer: This posting is provided "AS IS" with no
>>>>>>>> warranties,
>>>>>>>> and
>>>>>>>> confers no rights.
>>>>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>>>>> ** HELP us help YOU!!!
>>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>>>>> Hi
>>>>>>>>>
>>>>>>>>> I have a domain controller (win 2000 Adv. Server), and I want
>>>>>>>>> to
>>>>>>>>> migrate to
>>>>>>>>> win2003; I just setup another win2000 Adv. Server in order to
>>>>>>>>> proceed
>>>>>>>>> with
>>>>>>>>> the upgrade from 2000 to 2003 domain.
>>>>>>>>> When I run DCPROMO command in the second server, making it a
>>>>>>>>> second
>>>>>>>>> Domain
>>>>>>>>> Controller, I get this error message at the end of the
>>>>>>>>> process:
>>>>>>>>> Error Installing Active Directory (Windows error Tittle).
>>>>>>>>> Error in the operation due to:
>>>>>>>>> Directory services can't replicate the partition DC=Domain,
>>>>>>>>> DC=
>>>>>>>>> Local
>>>>>>>>> from
>>>>>>>>> the remote server MyServer.Domain.Local
>>>>>>>>> "The Replication Operation find an error in the Data Base"
>>>>>>>>> Any suggestions?
>>>>>>>>> I check in microsoft sites, and I didn't found any help.
>>>>>>>>> thanks in advance for your answers...
>>>>>>>>> Note: DC Server has Windows in English, the second server has
>>>>>>>>> Windows in sopanish...can affect this?
>>>>>>>>> regards
>>>>>>>>>
>>>>>>>>> Luis Falch Rojas
>>>>>>>>>
Re: Adding 2cond DC -- Meinolf Weber -- Continue.... [message #163494 is a reply to message #163492] Tue, 02 June 2009 18:18 Go to previous messageGo to next message
Luis Falch Rojas  is currently offline Luis Falch Rojas  Bolivia
Messages: 14
Registered: August 2009
Junior Member
Sorry, My error...

both are the same: MyDomain.local (primary DNS suffix and DNS suffix search
List).

Before Upgrade:
First DNS Server: x.x.x.1
Second DNS Server: x.x.x.2

After Upgrade should be:
First DNS Server: x.x.x.3
Second DNS Server: x.x.x.2

Second DNS Server is pointed by clients in the network due to a Forward
option that the first DNS doesn't allow me to do. (This forward options is
for Internet access).

thanks

Luis

"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb6625c5d8cbb1f3fac464dd@msnews.microsoft.com...
> Hello Luis,
>
> What is DNS server 192.168.0.2? Yous aid the old DC is x.x.x.1 and the new
> is x.x.x.3. Additional you use MyDomain.Local as Primary DNS suffix and a
> DNS Suffix Search List "dbibolivia.local"?
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> From Client Computer:
>>
>> Windows IP Configuration:
>> Host Name ................................. : Name
>> Primary DNS Suffix ..................... : MyDomain.Local
>> Node Type .................................. : Unknown
>> IP Routing Enabled ...................... : No
>> WINS PRoxy Enabled ................ : No
>> DNS Suffix Search List: dbibolivia.local
>> Ethernet Adapter Local Area Connection:
>> Connection - Speciffic DNS Suffix:
>> Description ............................: Realtek RTL8102 Family
>> PCI-E
>> Fast Ethernet NIC
>> Physical Address ...................: 00-19-66-98-1c-xx
>> DHCP Enabled ......................: No
>> IP Address ............................: 192.168.0.15
>> Subnet Mask .........................: 255.255.255.0
>> Default Gateway ....................: 192.168.0.10
>> DNS Servers .........................: 192.168.0.2
>> From Server Computer:
>>
>> Windows IP Configuration:
>> Host Name ................................. : NewDC
>> Primary DNS Suffix ..................... : MyDomain.Local
>> Node Type .................................. : Unknown
>> IP Routing Enabled ...................... : No
>> WINS PRoxy Enabled ................ : No
>> DNS Suffix Search List ............... : dbibolivia.local
>> Ethernet Adapter Local Area Connection:
>> Connection - Speciffic DNS Suffix:
>> Description ............................: Intel (R) Pro/1000 MT
>> Network
>> Connection
>> Physical Address ...................: 00-0C-29-AD-22-xx
>> DHCP Enabled ......................: No
>> IP Address ............................: 192.168.0.3
>> Subnet Mask .........................: 255.255.255.0
>> Default Gateway ....................: 192.168.0.10
>> DNS Servers .........................: 192.168.0.2
>> Old Domain Controller is similar , but IP is: 192.168.0.1.
>>
>> yes all computers are in the new DNS Server. Forward and Reverse Zones
>> in new DNS Server.
>>
>> thanks and regards
>>
>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
>> news:ff16fb6625c4e8cbb1eed4604e8d@msnews.microsoft.com...
>>
>>> Hello Luis,
>>>
>>> Please post the ipconfig /all from the servers/client as requested.
>>>
>>> Are all machines registered in the new DNS server? What kind of zone
>>> do you run?
>>>
>>> Best regards
>>>
>>> Meinolf Weber
>>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>>> confers no rights.
>>> ** Please do NOT email, only reply to Newsgroups
>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>> thanks for your answer...
>>>>
>>>> actually problem in client computer is that when a xp domain member
>>>> try to go to another XP or member server in the domain (when the old
>>>> DC is down) remote resourse ask for network credentials....
>>>>
>>>> About DNS, yes, DNS service is installed on a New DC. I have another
>>>> DNS Server, is a child DNS in a domain forwarding to a firewall DNS
>>>> (for internet connections.
>>>>
>>>> 5 FSMO Roles --> all them pointing to New DC Server
>>>>
>>>> When I run "schupgr" output is:
>>>> Opened Connection to NewDC
>>>> SSPI Bind Succeeded
>>>> Current Schema Version is 31
>>>> ERROR: Cannot obtain schema version to upgrade to:1
>>>> any suggestions..?
>>>> thanks in advance for your answer...
>>>>
>>>> Regards
>>>>
>>>> Luis F.
>>>>
>>>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
>>>> news:ff16fb6625c348cbb1eafa6a741d@msnews.microsoft.com...
>>>>
>>>>> Hello Luis,
>>>>>
>>>>> Let's start with an unedited ipconfig /all from the new and the old
>>>>> DC. Also post one from a problem client.
>>>>>
>>>>> Is the new DC also DNS server and are the clients configured to use
>>>>> it as primary DNS on the NIC and the old one as secondary?
>>>>>
>>>>> What error messages do you get when the problems occur?
>>>>>
>>>>> The new DC is checkedas Global catalog in AD Sites and services and
>>>>> theb 5 FSMO roles are on the new DC? Please run "netdom query fsmo"
>>>>> and also "schupgr" and post the output.
>>>>>
>>>>> Best regards
>>>>>
>>>>> Meinolf Weber
>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>>> and
>>>>> confers no rights.
>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>> Hi...
>>>>>>
>>>>>> Finally I follow the procedure you describe (please see below for
>>>>>> more information about the problem). Problem was Data Corruption
>>>>>> in NTDS Database...(http://support.microsoft.com/?id=315131).
>>>>>>
>>>>>> Onces was solved Data Corruption I foolow your suggestion, and I
>>>>>> was
>>>>>> able to
>>>>>> Add a Win2003 R2 MEmber Server as a secondary DC.
>>>>>> After This I continue your procedure, in order to move Global
>>>>>> catalogs
>>>>>> and
>>>>>> roles to the new server in order to promote it as a First DC, and
>>>>>> Demote the
>>>>>> old One.
>>>>>> Problem Here is that when I turn off old DC, I still having some
>>>>>> problems in my network (user logon, Sharing resources, etc).
>>>>>> What Can I do in order to make sure that my new server is My DC,
>>>>>> that it hold Global catalog and all the necessary information, And
>>>>>> I
>>>>>> can Demote and delete my old server.
>>>>>> thanks in advance for your help in this issue...
>>>>>>
>>>>>> Reghards
>>>>>>
>>>>>> Luis Falch
>>>>>>
>>>>>> **************************************** Old Post about this
>>>>>> subject *******************************************
>>>>>>
>>>>>> Thank you very much for your help...
>>>>>>
>>>>>> I will work on it.
>>>>>>
>>>>>> regards..
>>>>>>
>>>>>> Luis Falch
>>>>>>
>>>>>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
>>>>>> news:ff16fb661bc008cb6bff92f03acd@msnews.microsoft.com...
>>>>>>
>>>>>>> Hello Luis,
>>>>>>>
>>>>>>> !!!NEVER START BEFORE HAVING CREATED AND TESTED A BACKUP OF YOUR
>>>>>>> DATA/MACHINE!!!
>>>>>>>
>>>>>>> One question first:
>>>>>>> Is the old server also Exchange server and will it be taken out
>>>>>>> of
>>>>>>> the
>>>>>>> domain forever, when the new server is running?
>>>>>>> - On the old server open DNS management console and check that
>>>>>>> you
>>>>>>> are running Active directory integrated zone (easier for
>>>>>>> replication,
>>>>>>> if you have more then one DNS server)
>>>>>>> - run replmon from the run line or repadmin /showrepl (only if
>>>>>>> more
>>>>>>> then one DC exist), dcdiag and netdiag from the command prompt on
>>>>>>> the old machine to check for errors, if you have some post the
>>>>>>> complete output from the command here or solve them first. For
>>>>>>> this
>>>>>>> tools you have to install the support\tools\suptools.msi from the
>>>>>>> 2000 installation disk.
>>>>>>> - run adprep /forestprep and adprep /domainprep from the 2003
>>>>>>> installation disk against the 2000 server, with an account that
>>>>>>> is member of the Schema admins, to upgrade the schema to the new
>>>>>>> version
>>>>>>>
>>>>>>> - Install the new machine as a member server in your existing
>>>>>>> domain
>>>>>>>
>>>>>>> - configure a fixed ip and set the preferred DNS server to the
>>>>>>> old DNS server only
>>>>>>>
>>>>>>> - run dcpromo and follow the wizard to add the 2003 server to an
>>>>>>> existing domain
>>>>>>>
>>>>>>> - if you are prompted for DNS configuration choose Yes (also
>>>>>>> possible that no DNS preparation occur), then install DNS after
>>>>>>> the reboot
>>>>>>>
>>>>>>> - for DNS give the server time for replication, at least 15
>>>>>>> minutes. Because you use Active directory integrated zones it
>>>>>>> will automatically replicate the zones to the new server. Open
>>>>>>> DNS management console to check that they appear
>>>>>>>
>>>>>>> - if the new machine is domain controller and DNS server run
>>>>>>> again replmon, dcdiag and netdiag on both domain controllers
>>>>>>>
>>>>>>> - if you have no errors, make the new server Global catalog
>>>>>>> server, open Active directory Sites and Services and then
>>>>>>> double-click sitename, double-click Servers, click your domain
>>>>>>> controller, right-click NTDS Settings, and then click Properties,
>>>>>>> on the General tab, click to select the Global catalog check box
>>>>>>> (http://support.microsoft.com/?id=313994)
>>>>>>>
>>>>>>> - Transfer, NOT seize the 5 FSMO roles to the new Domain
>>>>>>> controller (http://support.microsoft.com/kb/324801)
>>>>>>>
>>>>>>> - you can see in the event viewer (Directory service) that the
>>>>>>> roles are transferred, also give it some time
>>>>>>>
>>>>>>> - reconfigure the DNS configuration on your NIC of the 2003
>>>>>>> server, preferred DNS itself, secondary the old one
>>>>>>>
>>>>>>> - if you use DHCP do not forget to reconfigure the scope settings
>>>>>>> to point to the new installed DNS server
>>>>>>>
>>>>>>> - export and import of DHCP database (if needed)
>>>>>>> (http://support.microsoft.com/kb/325473)
>>>>>>> Demoting the old DC (if needed)
>>>>>>> - reconfigure your clients/servers that they not longer point to
>>>>>>> the old DC/DNS server on the NIC
>>>>>>> - to be sure that everything runs fine, disconnect the old DC
>>>>>>> from the network and check with clients and servers the
>>>>>>> connectivity, logon and also with one client a restart to see
>>>>>>> that everything is ok
>>>>>>>
>>>>>>> - then run dcpromo to demote the old DC, if it works fine the
>>>>>>> machine will move from the DC's OU to the computers container,
>>>>>>> where you can delete it by hand. Can be that you got an error
>>>>>>> during demoting at the beginning, then uncheck the Global catalog
>>>>>>> on that DC and try again
>>>>>>>
>>>>>>> - check the DNS management console, that all entries from the
>>>>>>> machine are disappeared or delete them by hand if the machine is
>>>>>>> off the network for ever
>>>>>>>
>>>>>>> - also you have to start AD sites and services and delete the old
>>>>>>> servername under the site, this will not be done during demotion
>>>>>>>
>>>>>>> Best regards
>>>>>>>
>>>>>>> Meinolf Weber
>>>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>>>>> and
>>>>>>> confers no rights.
>>>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>>>> ** HELP us help YOU!!!
>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>>>> Thanks for your answer...
>>>>>>>> yes, I install windows 2000, and I join this computer to the
>>>>>>>> domain
>>>>>>>> as
>>>>>>>> a
>>>>>>>> member server. The idea was to upgrade this secondary domain
>>>>>>>> controller to
>>>>>>>> win2003 after it is a DC of the domain (the 1st DC is to old,
>>>>>>>> and
>>>>>>>> we
>>>>>>>> wan't
>>>>>>>> give a long vacation).
>>>>>>>> I run both test. The result was:
>>>>>>>> NetDiag: [Fatal] Failde to get system information of this
>>>>>>>> Machine
>>>>>>>> DCDiag: most of test run succesfully, except this:
>>>>>>>> Starting test: Services
>>>>>>>> * Checking Service: Dnscache
>>>>>>>> * Checking Service: NtFrs
>>>>>>>> NtFrs Service is stopped on [DBISERVER]
>>>>>>>> * Checking Service: IsmServ
>>>>>>>> * Checking Service: kdc
>>>>>>>> * Checking Service: SamSs
>>>>>>>> * Checking Service: LanmanServer
>>>>>>>> * Checking Service: LanmanWorkstation
>>>>>>>> * Checking Service: RpcSs
>>>>>>>> * Checking Service: RPCLOCATOR
>>>>>>>> * Checking Service: w32time
>>>>>>>> * Checking Service: TrkWks
>>>>>>>> * Checking Service: TrkSvr
>>>>>>>> * Checking Service: NETLOGON
>>>>>>>> * Checking Service: Dnscache
>>>>>>>> * Checking Service: NtFrs
>>>>>>>> SMTPSVC Service is stopped on [DBISERVER]
>>>>>>>> ......................... DBISERVER failed test Services
>>>>>>>> Starting test: systemlog
>>>>>>>> * The System Event log test
>>>>>>>> An Error Event occured. EventID: 0x0000041B
>>>>>>>> Time Generated: 03/05/2009 17:23:06
>>>>>>>> Event String: The DHCP/BINL service has determined that it
>>>>>>>> is
>>>>>>>> not authorized to service clients on this network
>>>>>>>> for the Windows domain: dbibolivia.local.
>>>>>>>> An Error Event occured. EventID: 0x80001778
>>>>>>>> Time Generated: 03/05/2009 17:30:38
>>>>>>>> Event String: The previous system shutdown at 5:26:46 PM
>>>>>>>> on
>>>>>>>> 3/5/2009 was unexpected.
>>>>>>>> An Error Event occured. EventID: 0xC0001B65
>>>>>>>> Time Generated: 03/05/2009 17:32:26
>>>>>>>> (Event String could not be retrieved)
>>>>>>>> An Error Event occured. EventID: 0x0000041B
>>>>>>>> Time Generated: 03/05/2009 17:33:31
>>>>>>>> Event String: The DHCP/BINL service has determined that it
>>>>>>>> is
>>>>>>>> not authorized to service clients on this network
>>>>>>>> for the Windows domain: dbibolivia.local.
>>>>>>>> ......................... DBISERVER failed test systemlog
>>>>>>>> ............................................................ ....
>>>>>>>> ..
>>>>>>>> ..
>>>>>>>> ..
>>>>>>>> ............................................................ ....
>>>>>>>> .
>>>>>>>> If you have any other way to upgrade our domain to win2003,
>>>>>>>> please
>>>>>>>> let
>>>>>>>> me know. I don't want to change domain name, or users, and I try
>>>>>>>> to
>>>>>>>> avoid migrate all user profiles in the case of setup a new
>>>>>>>> domain.
>>>>>>>> thanks in advance for your help...
>>>>>>>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in
>>>>>>>> message
>>>>>>>> news:ff16fb661bbc78cb6bf1f7c9acfd@msnews.microsoft.com...
>>>>>>>>> Hello Luis,
>>>>>>>>>
>>>>>>>>> To get you correct, you installed a new 2000 server instead of
>>>>>>>>> 2003?
>>>>>>>>>
>>>>>>>>> When you open AD sites and services under the sites, is there
>>>>>>>>> any additional entry except the running DC under the servers
>>>>>>>>> listed?
>>>>>>>>>
>>>>>>>>> The new 2000 is added as a member to the existing domain and
>>>>>>>>> you use the existing DC/DNS server only as the preferred DNS on
>>>>>>>>> the NIC?
>>>>>>>>>
>>>>>>>>> On the existing DC run diagnostic tools dcdiag /v, netdiag /v
>>>>>>>>> to check for errors. If some exist please post the complete
>>>>>>>>> output here.
>>>>>>>>>
>>>>>>>>> Best regards
>>>>>>>>>
>>>>>>>>> Meinolf Weber
>>>>>>>>> Disclaimer: This posting is provided "AS IS" with no
>>>>>>>>> warranties,
>>>>>>>>> and
>>>>>>>>> confers no rights.
>>>>>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>>>>>> ** HELP us help YOU!!!
>>>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>>>>>> Hi
>>>>>>>>>>
>>>>>>>>>> I have a domain controller (win 2000 Adv. Server), and I want
>>>>>>>>>> to
>>>>>>>>>> migrate to
>>>>>>>>>> win2003; I just setup another win2000 Adv. Server in order to
>>>>>>>>>> proceed
>>>>>>>>>> with
>>>>>>>>>> the upgrade from 2000 to 2003 domain.
>>>>>>>>>> When I run DCPROMO command in the second server, making it a
>>>>>>>>>> second
>>>>>>>>>> Domain
>>>>>>>>>> Controller, I get this error message at the end of the
>>>>>>>>>> process:
>>>>>>>>>> Error Installing Active Directory (Windows error Tittle).
>>>>>>>>>> Error in the operation due to:
>>>>>>>>>> Directory services can't replicate the partition DC=Domain,
>>>>>>>>>> DC=
>>>>>>>>>> Local
>>>>>>>>>> from
>>>>>>>>>> the remote server MyServer.Domain.Local
>>>>>>>>>> "The Replication Operation find an error in the Data Base"
>>>>>>>>>> Any suggestions?
>>>>>>>>>> I check in microsoft sites, and I didn't found any help.
>>>>>>>>>> thanks in advance for your answers...
>>>>>>>>>> Note: DC Server has Windows in English, the second server has
>>>>>>>>>> Windows in sopanish...can affect this?
>>>>>>>>>> regards
>>>>>>>>>>
>>>>>>>>>> Luis Falch Rojas
>>>>>>>>>>
>
>
Re: Adding 2cond DC -- Meinolf Weber -- Continue.... [message #163518 is a reply to message #163494] Wed, 03 June 2009 03:21 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello Luis,

Please clarify this "Second DNS Server is pointed by clients in the network
due to a Forward option that the first DNS doesn't allow me to do. (This
forward options is for Internet access)."

As said before an unedited ipconfig /all amkes it more easy. If you have
concerns about posting the complete ip addresses, the 192.168.x.x is a private
iprange not accessible from the internet.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Second DNS Server is pointed by clients in the network due to a
> Forward option that the first DNS doesn't allow me to do. (This
> forward options is for Internet access).
>
Re: Adding 2cond DC -- Meinolf Weber -- Continue.... [message #163554 is a reply to message #163518] Wed, 03 June 2009 09:12 Go to previous messageGo to next message
Luis Falch Rojas  is currently offline Luis Falch Rojas  Bolivia
Messages: 14
Registered: August 2009
Junior Member
I know that.

I will resume some of our network first roles server and devices:

- Server1: is a Domain Controller and DNS Server. OS is Windows 2000
Advanced Server (For years this was our only server). IP: 192.168.0.1
- Fortinet: Is a Firewall/Proxy. First Role is provide internet access to
our clients. IP: 192.168.0.10
- Server 2: Is a member Server and also DNS Server. I setup this server as
secondary DNS Server because I need to do "Forwarding", and in the primary
DNS Server this opption was disabled. Forwarding is pointing to firewall
(192.168.0.10) IP: 192.168.0.2
- Server 3: Domain Controller and DNS server. (new server) Windows 2003
Ent. Edtn. IP: 192.168.0.3

I fope this can help you to have a better picture of the network.


Here is an unedited resoult from the ipconfig /all command:
------------------------------------------------------------ -----------------------------------------
Client Side (any Client) OS: Win XP
Windows IP Configuration

Host Name . . . . . . . . . . . . : brenda
Primary Dns Suffix . . . . . . . : dbibolivia.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : dbibolivia.local

Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network
Connection
Physical Address. . . . . . . . . : 00-13-20-1E-30-B0
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.134
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.10
DNS Servers . . . . . . . . . . . : 192.168.0.2
------------------------------------------------------------ -----------------------------------------
Server Side (new Domain Controller):
Windows IP Configuration

Host Name . . . . . . . . . . . . : DBI-DC
Primary Dns Suffix . . . . . . . : dbibolivia.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : dbibolivia.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
Connection
Physical Address. . . . . . . . . : 00-0C-29-AD-22-A3
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.10
DNS Servers . . . . . . . . . . . : 192.168.0.2

------------------------------------------------------------ ------------------------------------------------

thanks again and regards....

"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb6625cee8cbb243d28c3a87@msnews.microsoft.com...
> Hello Luis,
>
> Please clarify this "Second DNS Server is pointed by clients in the
> network due to a Forward option that the first DNS doesn't allow me to do.
> (This forward options is for Internet access)."
>
> As said before an unedited ipconfig /all amkes it more easy. If you have
> concerns about posting the complete ip addresses, the 192.168.x.x is a
> private iprange not accessible from the internet.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> Second DNS Server is pointed by clients in the network due to a
>> Forward option that the first DNS doesn't allow me to do. (This
>> forward options is for Internet access).
>>
>
>
>
Re: Adding 2cond DC -- Meinolf Weber -- Continue.... [message #163623 is a reply to message #163554] Thu, 04 June 2009 04:12 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello Luis,

FORWARDERS tab will be disabled, all grey, when the root zone exists ".",
delete that one and you are able to configure forwarders. The "." zone is
needed from ISPs, so you can safely delete it. Close the DNS management console
and reopen it, now you can configure them.

So i would reconfigure DNS with AD integrated zones also for the othe DNS
servers and let the clients use all domain DNS servers on the NIC.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> I know that.
>
> I will resume some of our network first roles server and devices:
>
> - Server1: is a Domain Controller and DNS Server. OS is Windows 2000
> Advanced Server (For years this was our only server). IP: 192.168.0.1
> - Fortinet: Is a Firewall/Proxy. First Role is provide internet
> access to
> our clients. IP: 192.168.0.10
> - Server 2: Is a member Server and also DNS Server. I setup this
> server as
> secondary DNS Server because I need to do "Forwarding", and in the
> primary
> DNS Server this opption was disabled. Forwarding is pointing to
> firewall
> (192.168.0.10) IP: 192.168.0.2
> - Server 3: Domain Controller and DNS server. (new server) Windows
> 2003
> Ent. Edtn. IP: 192.168.0.3
> I fope this can help you to have a better picture of the network.
>
> Here is an unedited resoult from the ipconfig /all command:
>
> ------------------------------------------------------------ ----------
> -------------------------------
>
> Client Side (any Client) OS: Win XP
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : brenda
> Primary Dns Suffix . . . . . . . : dbibolivia.local
> Node Type . . . . . . . . . . . . : Unknown
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : dbibolivia.local
> Ethernet adapter Local Area Connection:
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Intel(R) PRO/100 VE
> Network
> Connection
> Physical Address. . . . . . . . . : 00-13-20-1E-30-B0
> Dhcp Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.0.134
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.0.10
> DNS Servers . . . . . . . . . . . : 192.168.0.2
> ------------------------------------------------------------ ----------
> -------------------------------
> Server Side (new Domain Controller):
> Windows IP Configuration
> Host Name . . . . . . . . . . . . : DBI-DC
> Primary Dns Suffix . . . . . . . : dbibolivia.local
> Node Type . . . . . . . . . . . . : Unknown
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : dbibolivia.local
> Ethernet adapter Local Area Connection:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
> Connection
> Physical Address. . . . . . . . . : 00-0C-29-AD-22-A3
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.0.3
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.0.10
> DNS Servers . . . . . . . . . . . : 192.168.0.2
> ------------------------------------------------------------ ----------
> --------------------------------------
>
> thanks again and regards....
>
> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
> news:ff16fb6625cee8cbb243d28c3a87@msnews.microsoft.com...
>
>> Hello Luis,
>>
>> Please clarify this "Second DNS Server is pointed by clients in the
>> network due to a Forward option that the first DNS doesn't allow me
>> to do. (This forward options is for Internet access)."
>>
>> As said before an unedited ipconfig /all amkes it more easy. If you
>> have concerns about posting the complete ip addresses, the
>> 192.168.x.x is a private iprange not accessible from the internet.
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> Second DNS Server is pointed by clients in the network due to a
>>> Forward option that the first DNS doesn't allow me to do. (This
>>> forward options is for Internet access).
>>>
Re: Adding 2cond DC -- Meinolf Weber -- Continue.... [message #163687 is a reply to message #163623] Thu, 04 June 2009 18:21 Go to previous messageGo to next message
Luis Falch Rojas  is currently offline Luis Falch Rojas  Bolivia
Messages: 14
Registered: August 2009
Junior Member
Thanks for your answer and your time.

"." Zone was deleted....
192.168.0.2 (secondary DNS Server): I remove DNS Service.
192.168.0.1 (Old Domain Controller): I remove DNS server too.
192.168.0.3 (New Domain Controller): Reinstall DNS service, delete Zone, and
rebuild it again.

Now I have:
1) DC and DNS and GC --> New DC (192.168.0.3)
2) DC --> Old DC (192.168.0.1)
3) Member Server --> Old Secondary DNS Server.

DNS is worknig well 100%

I realize that maybe the problem is in replication of AD Database to the new
DC server.
In PC management of the New DC, I have no shares.
In PC Management of the old DC, I have SYSVOL, and NETLOGON shares. Is this
OK? or is something wrong...
I Read some Microsoft article about this issue: Missing Sysvol and Netlogon
shares in windows 2003 server and I'll try to follow the steps. If you have
some suggestions, please let me know..

thanks and regards....

Luis Falch




"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb6625f5a8cbb314092d86db@msnews.microsoft.com...
> Hello Luis,
>
> FORWARDERS tab will be disabled, all grey, when the root zone exists ".",
> delete that one and you are able to configure forwarders. The "." zone is
> needed from ISPs, so you can safely delete it. Close the DNS management
> console and reopen it, now you can configure them.
>
> So i would reconfigure DNS with AD integrated zones also for the othe DNS
> servers and let the clients use all domain DNS servers on the NIC.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> I know that.
>>
>> I will resume some of our network first roles server and devices:
>>
>> - Server1: is a Domain Controller and DNS Server. OS is Windows 2000
>> Advanced Server (For years this was our only server). IP: 192.168.0.1
>> - Fortinet: Is a Firewall/Proxy. First Role is provide internet
>> access to
>> our clients. IP: 192.168.0.10
>> - Server 2: Is a member Server and also DNS Server. I setup this
>> server as
>> secondary DNS Server because I need to do "Forwarding", and in the
>> primary
>> DNS Server this opption was disabled. Forwarding is pointing to
>> firewall
>> (192.168.0.10) IP: 192.168.0.2
>> - Server 3: Domain Controller and DNS server. (new server) Windows
>> 2003
>> Ent. Edtn. IP: 192.168.0.3
>> I fope this can help you to have a better picture of the network.
>>
>> Here is an unedited resoult from the ipconfig /all command:
>>
>> ------------------------------------------------------------ ----------
>> -------------------------------
>>
>> Client Side (any Client) OS: Win XP
>>
>> Windows IP Configuration
>>
>> Host Name . . . . . . . . . . . . : brenda
>> Primary Dns Suffix . . . . . . . : dbibolivia.local
>> Node Type . . . . . . . . . . . . : Unknown
>> IP Routing Enabled. . . . . . . . : No
>> WINS Proxy Enabled. . . . . . . . : No
>> DNS Suffix Search List. . . . . . : dbibolivia.local
>> Ethernet adapter Local Area Connection:
>> Connection-specific DNS Suffix . :
>> Description . . . . . . . . . . . : Intel(R) PRO/100 VE
>> Network
>> Connection
>> Physical Address. . . . . . . . . : 00-13-20-1E-30-B0
>> Dhcp Enabled. . . . . . . . . . . : No
>> IP Address. . . . . . . . . . . . : 192.168.0.134
>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> Default Gateway . . . . . . . . . : 192.168.0.10
>> DNS Servers . . . . . . . . . . . : 192.168.0.2
>> ------------------------------------------------------------ ----------
>> -------------------------------
>> Server Side (new Domain Controller):
>> Windows IP Configuration
>> Host Name . . . . . . . . . . . . : DBI-DC
>> Primary Dns Suffix . . . . . . . : dbibolivia.local
>> Node Type . . . . . . . . . . . . : Unknown
>> IP Routing Enabled. . . . . . . . : No
>> WINS Proxy Enabled. . . . . . . . : No
>> DNS Suffix Search List. . . . . . : dbibolivia.local
>> Ethernet adapter Local Area Connection:
>>
>> Connection-specific DNS Suffix . :
>> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
>> Connection
>> Physical Address. . . . . . . . . : 00-0C-29-AD-22-A3
>> DHCP Enabled. . . . . . . . . . . : No
>> IP Address. . . . . . . . . . . . : 192.168.0.3
>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> Default Gateway . . . . . . . . . : 192.168.0.10
>> DNS Servers . . . . . . . . . . . : 192.168.0.2
>> ------------------------------------------------------------ ----------
>> --------------------------------------
>>
>> thanks again and regards....
>>
>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
>> news:ff16fb6625cee8cbb243d28c3a87@msnews.microsoft.com...
>>
>>> Hello Luis,
>>>
>>> Please clarify this "Second DNS Server is pointed by clients in the
>>> network due to a Forward option that the first DNS doesn't allow me
>>> to do. (This forward options is for Internet access)."
>>>
>>> As said before an unedited ipconfig /all amkes it more easy. If you
>>> have concerns about posting the complete ip addresses, the
>>> 192.168.x.x is a private iprange not accessible from the internet.
>>>
>>> Best regards
>>>
>>> Meinolf Weber
>>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>>> confers no rights.
>>> ** Please do NOT email, only reply to Newsgroups
>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>> Second DNS Server is pointed by clients in the network due to a
>>>> Forward option that the first DNS doesn't allow me to do. (This
>>>> forward options is for Internet access).
>>>>
>
>
>
Re: Adding 2cond DC -- Meinolf Weber -- Continue.... [message #163702 is a reply to message #163687] Fri, 05 June 2009 02:33 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello Luis,

If the sysvol and netlogon share a re missing then follow the articles for
advice. Please run and post dcdiag /fix and netdiag /fix to see if it helps.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Thanks for your answer and your time.
>
> "." Zone was deleted....
> 192.168.0.2 (secondary DNS Server): I remove DNS Service.
> 192.168.0.1 (Old Domain Controller): I remove DNS server too.
> 192.168.0.3 (New Domain Controller): Reinstall DNS service, delete
> Zone, and
> rebuild it again.
> Now I have:
> 1) DC and DNS and GC --> New DC (192.168.0.3)
> 2) DC --> Old DC (192.168.0.1)
> 3) Member Server --> Old Secondary DNS Server.
> DNS is worknig well 100%
>
> I realize that maybe the problem is in replication of AD Database to
> the new
> DC server.
> In PC management of the New DC, I have no shares.
> In PC Management of the old DC, I have SYSVOL, and NETLOGON shares. Is
> this
> OK? or is something wrong...
> I Read some Microsoft article about this issue: Missing Sysvol and
> Netlogon
> shares in windows 2003 server and I'll try to follow the steps. If you
> have
> some suggestions, please let me know..
> thanks and regards....
>
> Luis Falch
>
> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
> news:ff16fb6625f5a8cbb314092d86db@msnews.microsoft.com...
>
>> Hello Luis,
>>
>> FORWARDERS tab will be disabled, all grey, when the root zone exists
>> ".", delete that one and you are able to configure forwarders. The
>> "." zone is needed from ISPs, so you can safely delete it. Close the
>> DNS management console and reopen it, now you can configure them.
>>
>> So i would reconfigure DNS with AD integrated zones also for the othe
>> DNS servers and let the clients use all domain DNS servers on the
>> NIC.
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> I know that.
>>>
>>> I will resume some of our network first roles server and devices:
>>>
>>> - Server1: is a Domain Controller and DNS Server. OS is Windows 2000
>>> Advanced Server (For years this was our only server). IP:
>>> 192.168.0.1
>>> - Fortinet: Is a Firewall/Proxy. First Role is provide internet
>>> access to
>>> our clients. IP: 192.168.0.10
>>> - Server 2: Is a member Server and also DNS Server. I setup this
>>> server as
>>> secondary DNS Server because I need to do "Forwarding", and in the
>>> primary
>>> DNS Server this opption was disabled. Forwarding is pointing to
>>> firewall
>>> (192.168.0.10) IP: 192.168.0.2
>>> - Server 3: Domain Controller and DNS server. (new server) Windows
>>> 2003
>>> Ent. Edtn. IP: 192.168.0.3
>>> I fope this can help you to have a better picture of the network.
>>> Here is an unedited resoult from the ipconfig /all command:
>>>
>>> ------------------------------------------------------------ --------
>>> -- -------------------------------
>>>
>>> Client Side (any Client) OS: Win XP
>>>
>>> Windows IP Configuration
>>>
>>> Host Name . . . . . . . . . . . . : brenda
>>> Primary Dns Suffix . . . . . . . : dbibolivia.local
>>> Node Type . . . . . . . . . . . . : Unknown
>>> IP Routing Enabled. . . . . . . . : No
>>> WINS Proxy Enabled. . . . . . . . : No
>>> DNS Suffix Search List. . . . . . : dbibolivia.local
>>> Ethernet adapter Local Area Connection:
>>> Connection-specific DNS Suffix . :
>>> Description . . . . . . . . . . . : Intel(R) PRO/100 VE
>>> Network
>>> Connection
>>> Physical Address. . . . . . . . . : 00-13-20-1E-30-B0
>>> Dhcp Enabled. . . . . . . . . . . : No
>>> IP Address. . . . . . . . . . . . : 192.168.0.134
>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>> Default Gateway . . . . . . . . . : 192.168.0.10
>>> DNS Servers . . . . . . . . . . . : 192.168.0.2
>>> ------------------------------------------------------------ --------
>>> --
>>> -------------------------------
>>> Server Side (new Domain Controller):
>>> Windows IP Configuration
>>> Host Name . . . . . . . . . . . . : DBI-DC
>>> Primary Dns Suffix . . . . . . . : dbibolivia.local
>>> Node Type . . . . . . . . . . . . : Unknown
>>> IP Routing Enabled. . . . . . . . : No
>>> WINS Proxy Enabled. . . . . . . . : No
>>> DNS Suffix Search List. . . . . . : dbibolivia.local
>>> Ethernet adapter Local Area Connection:
>>> Connection-specific DNS Suffix . :
>>> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
>>> Connection
>>> Physical Address. . . . . . . . . : 00-0C-29-AD-22-A3
>>> DHCP Enabled. . . . . . . . . . . : No
>>> IP Address. . . . . . . . . . . . : 192.168.0.3
>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>> Default Gateway . . . . . . . . . : 192.168.0.10
>>> DNS Servers . . . . . . . . . . . : 192.168.0.2
>>> ------------------------------------------------------------ --------
>>> --
>>> --------------------------------------
>>> thanks again and regards....
>>>
>>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
>>> news:ff16fb6625cee8cbb243d28c3a87@msnews.microsoft.com...
>>>
>>>> Hello Luis,
>>>>
>>>> Please clarify this "Second DNS Server is pointed by clients in the
>>>> network due to a Forward option that the first DNS doesn't allow me
>>>> to do. (This forward options is for Internet access)."
>>>>
>>>> As said before an unedited ipconfig /all amkes it more easy. If you
>>>> have concerns about posting the complete ip addresses, the
>>>> 192.168.x.x is a private iprange not accessible from the internet.
>>>>
>>>> Best regards
>>>>
>>>> Meinolf Weber
>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>> and
>>>> confers no rights.
>>>> ** Please do NOT email, only reply to Newsgroups
>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>> Second DNS Server is pointed by clients in the network due to a
>>>>> Forward option that the first DNS doesn't allow me to do. (This
>>>>> forward options is for Internet access).
>>>>>
Re: Adding 2cond DC -- Meinolf Weber -- Continue.... [message #163718 is a reply to message #163702] Fri, 05 June 2009 10:56 Go to previous messageGo to next message
Luis Falch Rojas  is currently offline Luis Falch Rojas  Bolivia
Messages: 14
Registered: August 2009
Junior Member
Thanks again for your time...

Please see below reoult of the 2 commands you ask for. I run in the new DC.

----------------------------------------------- DCDiag /fix
command ------------------------------------------------------------ --------
Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\DBI-DC
Starting test: Connectivity
......................... DBI-DC passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\DBI-DC
Starting test: Replications
[Replications Check,DBI-DC] A recent replication attempt failed:
From DBISERVER to DBI-DC
Naming Context:
CN=Schema,CN=Configuration,DC=dbibolivia,DC=local
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2009-06-05 09:55:59.
The last success occurred at 2009-06-05 02:58:50.
2 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
......................... DBI-DC passed test Replications
Starting test: NCSecDesc
......................... DBI-DC passed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\DBI-DC\netlogon)
[DBI-DC] An net use or LsaPolicy operation failed with error 1203,
No network provider accepted the given network path..
......................... DBI-DC failed test NetLogons
Starting test: Advertising
Warning: DsGetDcName returned information for
\\dbiserver.dbibolivia.local, when we were trying to reach DBI-DC.
Server is not responding or is not considered suitable.
Warning: DBI-DC is not advertising as a global catalog.
Check that server finished GC promotion.
Check the event log on server that enough source replicas for the
GC are available.
......................... DBI-DC failed test Advertising
Starting test: KnowsOfRoleHolders
......................... DBI-DC passed test KnowsOfRoleHolders
Starting test: RidManager
......................... DBI-DC passed test RidManager
Starting test: MachineAccount
......................... DBI-DC passed test MachineAccount
Starting test: Services
......................... DBI-DC passed test Services
Starting test: ObjectsReplicated
......................... DBI-DC passed test ObjectsReplicated
Starting test: frssysvol
......................... DBI-DC passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after
the

SYSVOL has been shared. Failing SYSVOL replication problems may
cause

Group Policy problems.
......................... DBI-DC failed test frsevent
Starting test: kccevent
......................... DBI-DC passed test kccevent
Starting test: systemlog
......................... DBI-DC passed test systemlog
Starting test: VerifyReferences
......................... DBI-DC passed test VerifyReferences

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : dbibolivia
Starting test: CrossRefValidation
......................... dbibolivia passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... dbibolivia passed test CheckSDRefDom

Running enterprise tests on : dbibolivia.local
Starting test: Intersite
......................... dbibolivia.local passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
......................... dbibolivia.local failed test FsmoCheck
------------------------------------------------------------ ------------------------------------------------------------ -------------------
------------------------------------------------------------ ------------------------------------------------------------ -------------------

----------------------------------------------- netdiag /fix
command ------------------------------------------------------------ --------
.....................................
Computer Name: DBI-DC
DNS Host Name: DBI-DC.dbibolivia.local
System info : Microsoft Windows Server 2003 R2 (Build 3790)
Processor : x86 Family 6 Model 15 Stepping 11, GenuineIntel
List of installed hotfixes :
Q147222
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : DBI-DC.dbibolivia.local
IP Address . . . . . . . . : 192.168.0.3
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.0.10
Dns Servers. . . . . . . . : 192.168.0.3
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03>
'Messenger Service', <20> 'WINS' names is missing.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Failed
[WARNING] Ths system volume has not been completely replicated to the
local machine. This machine is not working properly as a DC.

NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{7A83663F-1BBD-49E1-8F3D-7A5CC68C6642}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation
Service', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server
'192.168.0.3' and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{7A83663F-1BBD-49E1-8F3D-7A5CC68C6642}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{7A83663F-1BBD-49E1-8F3D-7A5CC68C6642}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
------------------------------------------------------------ ------------------------------------------------------------ -------------------


regards

Luis F


"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb66261308cbb3cf6e1352c7@msnews.microsoft.com...
> Hello Luis,
>
> If the sysvol and netlogon share a re missing then follow the articles for
> advice. Please run and post dcdiag /fix and netdiag /fix to see if it
> helps.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> Thanks for your answer and your time.
>>
>> "." Zone was deleted....
>> 192.168.0.2 (secondary DNS Server): I remove DNS Service.
>> 192.168.0.1 (Old Domain Controller): I remove DNS server too.
>> 192.168.0.3 (New Domain Controller): Reinstall DNS service, delete
>> Zone, and
>> rebuild it again.
>> Now I have:
>> 1) DC and DNS and GC --> New DC (192.168.0.3)
>> 2) DC --> Old DC (192.168.0.1)
>> 3) Member Server --> Old Secondary DNS Server.
>> DNS is worknig well 100%
>>
>> I realize that maybe the problem is in replication of AD Database to
>> the new
>> DC server.
>> In PC management of the New DC, I have no shares.
>> In PC Management of the old DC, I have SYSVOL, and NETLOGON shares. Is
>> this
>> OK? or is something wrong...
>> I Read some Microsoft article about this issue: Missing Sysvol and
>> Netlogon
>> shares in windows 2003 server and I'll try to follow the steps. If you
>> have
>> some suggestions, please let me know..
>> thanks and regards....
>>
>> Luis Falch
>>
>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
>> news:ff16fb6625f5a8cbb314092d86db@msnews.microsoft.com...
>>
>>> Hello Luis,
>>>
>>> FORWARDERS tab will be disabled, all grey, when the root zone exists
>>> ".", delete that one and you are able to configure forwarders. The
>>> "." zone is needed from ISPs, so you can safely delete it. Close the
>>> DNS management console and reopen it, now you can configure them.
>>>
>>> So i would reconfigure DNS with AD integrated zones also for the othe
>>> DNS servers and let the clients use all domain DNS servers on the
>>> NIC.
>>>
>>> Best regards
>>>
>>> Meinolf Weber
>>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>>> confers no rights.
>>> ** Please do NOT email, only reply to Newsgroups
>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>> I know that.
>>>>
>>>> I will resume some of our network first roles server and devices:
>>>>
>>>> - Server1: is a Domain Controller and DNS Server. OS is Windows 2000
>>>> Advanced Server (For years this was our only server). IP:
>>>> 192.168.0.1
>>>> - Fortinet: Is a Firewall/Proxy. First Role is provide internet
>>>> access to
>>>> our clients. IP: 192.168.0.10
>>>> - Server 2: Is a member Server and also DNS Server. I setup this
>>>> server as
>>>> secondary DNS Server because I need to do "Forwarding", and in the
>>>> primary
>>>> DNS Server this opption was disabled. Forwarding is pointing to
>>>> firewall
>>>> (192.168.0.10) IP: 192.168.0.2
>>>> - Server 3: Domain Controller and DNS server. (new server) Windows
>>>> 2003
>>>> Ent. Edtn. IP: 192.168.0.3
>>>> I fope this can help you to have a better picture of the network.
>>>> Here is an unedited resoult from the ipconfig /all command:
>>>>
>>>> ------------------------------------------------------------ --------
>>>> -- -------------------------------
>>>>
>>>> Client Side (any Client) OS: Win XP
>>>>
>>>> Windows IP Configuration
>>>>
>>>> Host Name . . . . . . . . . . . . : brenda
>>>> Primary Dns Suffix . . . . . . . : dbibolivia.local
>>>> Node Type . . . . . . . . . . . . : Unknown
>>>> IP Routing Enabled. . . . . . . . : No
>>>> WINS Proxy Enabled. . . . . . . . : No
>>>> DNS Suffix Search List. . . . . . : dbibolivia.local
>>>> Ethernet adapter Local Area Connection:
>>>> Connection-specific DNS Suffix . :
>>>> Description . . . . . . . . . . . : Intel(R) PRO/100 VE
>>>> Network
>>>> Connection
>>>> Physical Address. . . . . . . . . : 00-13-20-1E-30-B0
>>>> Dhcp Enabled. . . . . . . . . . . : No
>>>> IP Address. . . . . . . . . . . . : 192.168.0.134
>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>>> Default Gateway . . . . . . . . . : 192.168.0.10
>>>> DNS Servers . . . . . . . . . . . : 192.168.0.2
>>>> ------------------------------------------------------------ --------
>>>> --
>>>> -------------------------------
>>>> Server Side (new Domain Controller):
>>>> Windows IP Configuration
>>>> Host Name . . . . . . . . . . . . : DBI-DC
>>>> Primary Dns Suffix . . . . . . . : dbibolivia.local
>>>> Node Type . . . . . . . . . . . . : Unknown
>>>> IP Routing Enabled. . . . . . . . : No
>>>> WINS Proxy Enabled. . . . . . . . : No
>>>> DNS Suffix Search List. . . . . . : dbibolivia.local
>>>> Ethernet adapter Local Area Connection:
>>>> Connection-specific DNS Suffix . :
>>>> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
>>>> Connection
>>>> Physical Address. . . . . . . . . : 00-0C-29-AD-22-A3
>>>> DHCP Enabled. . . . . . . . . . . : No
>>>> IP Address. . . . . . . . . . . . : 192.168.0.3
>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>>> Default Gateway . . . . . . . . . : 192.168.0.10
>>>> DNS Servers . . . . . . . . . . . : 192.168.0.2
>>>> ------------------------------------------------------------ --------
>>>> --
>>>> --------------------------------------
>>>> thanks again and regards....
>>>>
>>>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
>>>> news:ff16fb6625cee8cbb243d28c3a87@msnews.microsoft.com...
>>>>
>>>>> Hello Luis,
>>>>>
>>>>> Please clarify this "Second DNS Server is pointed by clients in the
>>>>> network due to a Forward option that the first DNS doesn't allow me
>>>>> to do. (This forward options is for Internet access)."
>>>>>
>>>>> As said before an unedited ipconfig /all amkes it more easy. If you
>>>>> have concerns about posting the complete ip addresses, the
>>>>> 192.168.x.x is a private iprange not accessible from the internet.
>>>>>
>>>>> Best regards
>>>>>
>>>>> Meinolf Weber
>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>>> and
>>>>> confers no rights.
>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>> Second DNS Server is pointed by clients in the network due to a
>>>>>> Forward option that the first DNS doesn't allow me to do. (This
>>>>>> forward options is for Internet access).
>>>>>>
>
>
>
Re: Adding 2cond DC -- Meinolf Weber -- Continue.... [message #163725 is a reply to message #163718] Fri, 05 June 2009 14:57 Go to previous messageGo to next message
Luis Falch Rojas  is currently offline Luis Falch Rojas  Bolivia
Messages: 14
Registered: August 2009
Junior Member
Works!!

Finally, I can See NETLOGON and SYSVOL on the New DC with Win 2003. Primary
test made and works. I will advice if anything goes wrong. But for now looks
like every thing is working....

Solution: http://support.microsoft.com/kb/315457/en
I follow step by step, all what here says and works.....

Thanks a lot for your time and for your help.

Regards...

Luis Falch

Note: I run again Netdiag /fix and DCdiag /fix without erros this time.....


"Luis Falch Rojas" <lfalch@info-arch.com> wrote in message
news:%23vkNf3e5JHA.480@TK2MSFTNGP06.phx.gbl...
> Thanks again for your time...
>
> Please see below reoult of the 2 commands you ask for. I run in the new
> DC.
>
> ----------------------------------------------- DCDiag /fix
> command ------------------------------------------------------------ --------
> Domain Controller Diagnosis
>
> Performing initial setup:
> Done gathering initial info.
>
> Doing initial required tests
>
> Testing server: Default-First-Site-Name\DBI-DC
> Starting test: Connectivity
> ......................... DBI-DC passed test Connectivity
>
> Doing primary tests
>
> Testing server: Default-First-Site-Name\DBI-DC
> Starting test: Replications
> [Replications Check,DBI-DC] A recent replication attempt failed:
> From DBISERVER to DBI-DC
> Naming Context:
> CN=Schema,CN=Configuration,DC=dbibolivia,DC=local
> The replication generated an error (1908):
> Could not find the domain controller for this domain.
> The failure occurred at 2009-06-05 09:55:59.
> The last success occurred at 2009-06-05 02:58:50.
> 2 failures have occurred since the last success.
> Kerberos Error.
> A KDC was not found to authenticate the call.
> Check that sufficient domain controllers are available.
> ......................... DBI-DC passed test Replications
> Starting test: NCSecDesc
> ......................... DBI-DC passed test NCSecDesc
> Starting test: NetLogons
> Unable to connect to the NETLOGON share! (\\DBI-DC\netlogon)
> [DBI-DC] An net use or LsaPolicy operation failed with error 1203,
> No network provider accepted the given network path..
> ......................... DBI-DC failed test NetLogons
> Starting test: Advertising
> Warning: DsGetDcName returned information for
> \\dbiserver.dbibolivia.local, when we were trying to reach DBI-DC.
> Server is not responding or is not considered suitable.
> Warning: DBI-DC is not advertising as a global catalog.
> Check that server finished GC promotion.
> Check the event log on server that enough source replicas for the
> GC are available.
> ......................... DBI-DC failed test Advertising
> Starting test: KnowsOfRoleHolders
> ......................... DBI-DC passed test KnowsOfRoleHolders
> Starting test: RidManager
> ......................... DBI-DC passed test RidManager
> Starting test: MachineAccount
> ......................... DBI-DC passed test MachineAccount
> Starting test: Services
> ......................... DBI-DC passed test Services
> Starting test: ObjectsReplicated
> ......................... DBI-DC passed test ObjectsReplicated
> Starting test: frssysvol
> ......................... DBI-DC passed test frssysvol
> Starting test: frsevent
> There are warning or error events within the last 24 hours after
> the
>
> SYSVOL has been shared. Failing SYSVOL replication problems may
> cause
>
> Group Policy problems.
> ......................... DBI-DC failed test frsevent
> Starting test: kccevent
> ......................... DBI-DC passed test kccevent
> Starting test: systemlog
> ......................... DBI-DC passed test systemlog
> Starting test: VerifyReferences
> ......................... DBI-DC passed test VerifyReferences
>
> Running partition tests on : ForestDnsZones
> Starting test: CrossRefValidation
> ......................... ForestDnsZones passed test
> CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... ForestDnsZones passed test CheckSDRefDom
>
> Running partition tests on : DomainDnsZones
> Starting test: CrossRefValidation
> ......................... DomainDnsZones passed test
> CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... DomainDnsZones passed test CheckSDRefDom
>
> Running partition tests on : Schema
> Starting test: CrossRefValidation
> ......................... Schema passed test CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... Schema passed test CheckSDRefDom
>
> Running partition tests on : Configuration
> Starting test: CrossRefValidation
> ......................... Configuration passed test
> CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... Configuration passed test CheckSDRefDom
>
> Running partition tests on : dbibolivia
> Starting test: CrossRefValidation
> ......................... dbibolivia passed test
> CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... dbibolivia passed test CheckSDRefDom
>
> Running enterprise tests on : dbibolivia.local
> Starting test: Intersite
> ......................... dbibolivia.local passed test Intersite
> Starting test: FsmoCheck
> Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
> A Global Catalog Server could not be located - All GC's are down.
> ......................... dbibolivia.local failed test FsmoCheck
> ------------------------------------------------------------ ------------------------------------------------------------ -------------------
> ------------------------------------------------------------ ------------------------------------------------------------ -------------------
>
> ----------------------------------------------- netdiag /fix
> command ------------------------------------------------------------ --------
> ....................................
> Computer Name: DBI-DC
> DNS Host Name: DBI-DC.dbibolivia.local
> System info : Microsoft Windows Server 2003 R2 (Build 3790)
> Processor : x86 Family 6 Model 15 Stepping 11, GenuineIntel
> List of installed hotfixes :
> Q147222
> Netcard queries test . . . . . . . : Passed
> Per interface results:
> Adapter : Local Area Connection
> Netcard queries test . . . : Passed
> Host Name. . . . . . . . . : DBI-DC.dbibolivia.local
> IP Address . . . . . . . . : 192.168.0.3
> Subnet Mask. . . . . . . . : 255.255.255.0
> Default Gateway. . . . . . : 192.168.0.10
> Dns Servers. . . . . . . . : 192.168.0.3
> AutoConfiguration results. . . . . . : Passed
> Default gateway test . . . : Passed
> NetBT name test. . . . . . : Passed
> [WARNING] At least one of the <00> 'WorkStation Service', <03>
> 'Messenger Service', <20> 'WINS' names is missing.
> WINS service test. . . . . : Skipped
> There are no WINS servers configured for this interface.
> Global results:
> Domain membership test . . . . . . : Failed
> [WARNING] Ths system volume has not been completely replicated to the
> local machine. This machine is not working properly as a DC.
>
> NetBT transports test. . . . . . . : Passed
> List of NetBt transports currently configured:
> NetBT_Tcpip_{7A83663F-1BBD-49E1-8F3D-7A5CC68C6642}
> 1 NetBt transport currently configured.
> Autonet address test . . . . . . . : Passed
> IP loopback ping test. . . . . . . : Passed
> Default gateway test . . . . . . . : Passed
> NetBT name test. . . . . . . . . . : Passed
> [WARNING] You don't have a single interface with the <00> 'WorkStation
> Service', <03> 'Messenger Service', <20> 'WINS' names defined.
> Winsock test . . . . . . . . . . . : Passed
> DNS test . . . . . . . . . . . . . : Passed
> PASS - All the DNS entries for DC are registered on DNS server
> '192.168.0.3' and other DCs also have some of the names registered.
> Redir and Browser test . . . . . . : Passed
> List of NetBt transports currently bound to the Redir
> NetBT_Tcpip_{7A83663F-1BBD-49E1-8F3D-7A5CC68C6642}
> The redir is bound to 1 NetBt transport.
> List of NetBt transports currently bound to the browser
> NetBT_Tcpip_{7A83663F-1BBD-49E1-8F3D-7A5CC68C6642}
> The browser is bound to 1 NetBt transport.
> DC discovery test. . . . . . . . . : Passed
> DC list test . . . . . . . . . . . : Passed
> Trust relationship test. . . . . . : Skipped
> Kerberos test. . . . . . . . . . . : Passed
> LDAP test. . . . . . . . . . . . . : Passed
> Bindings test. . . . . . . . . . . : Passed
> WAN configuration test . . . . . . : Skipped
> No active remote access connections.
> Modem diagnostics test . . . . . . : Passed
> IP Security test . . . . . . . . . : Skipped
> Note: run "netsh ipsec dynamic show /?" for more detailed information
> The command completed successfully
> ------------------------------------------------------------ ------------------------------------------------------------ -------------------
>
>
> regards
>
> Luis F
>
>
> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
> news:ff16fb66261308cbb3cf6e1352c7@msnews.microsoft.com...
>> Hello Luis,
>>
>> If the sysvol and netlogon share a re missing then follow the articles
>> for advice. Please run and post dcdiag /fix and netdiag /fix to see if it
>> helps.
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>
>>> Thanks for your answer and your time.
>>>
>>> "." Zone was deleted....
>>> 192.168.0.2 (secondary DNS Server): I remove DNS Service.
>>> 192.168.0.1 (Old Domain Controller): I remove DNS server too.
>>> 192.168.0.3 (New Domain Controller): Reinstall DNS service, delete
>>> Zone, and
>>> rebuild it again.
>>> Now I have:
>>> 1) DC and DNS and GC --> New DC (192.168.0.3)
>>> 2) DC --> Old DC (192.168.0.1)
>>> 3) Member Server --> Old Secondary DNS Server.
>>> DNS is worknig well 100%
>>>
>>> I realize that maybe the problem is in replication of AD Database to
>>> the new
>>> DC server.
>>> In PC management of the New DC, I have no shares.
>>> In PC Management of the old DC, I have SYSVOL, and NETLOGON shares. Is
>>> this
>>> OK? or is something wrong...
>>> I Read some Microsoft article about this issue: Missing Sysvol and
>>> Netlogon
>>> shares in windows 2003 server and I'll try to follow the steps. If you
>>> have
>>> some suggestions, please let me know..
>>> thanks and regards....
>>>
>>> Luis Falch
>>>
>>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
>>> news:ff16fb6625f5a8cbb314092d86db@msnews.microsoft.com...
>>>
>>>> Hello Luis,
>>>>
>>>> FORWARDERS tab will be disabled, all grey, when the root zone exists
>>>> ".", delete that one and you are able to configure forwarders. The
>>>> "." zone is needed from ISPs, so you can safely delete it. Close the
>>>> DNS management console and reopen it, now you can configure them.
>>>>
>>>> So i would reconfigure DNS with AD integrated zones also for the othe
>>>> DNS servers and let the clients use all domain DNS servers on the
>>>> NIC.
>>>>
>>>> Best regards
>>>>
>>>> Meinolf Weber
>>>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>>>> confers no rights.
>>>> ** Please do NOT email, only reply to Newsgroups
>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>> I know that.
>>>>>
>>>>> I will resume some of our network first roles server and devices:
>>>>>
>>>>> - Server1: is a Domain Controller and DNS Server. OS is Windows 2000
>>>>> Advanced Server (For years this was our only server). IP:
>>>>> 192.168.0.1
>>>>> - Fortinet: Is a Firewall/Proxy. First Role is provide internet
>>>>> access to
>>>>> our clients. IP: 192.168.0.10
>>>>> - Server 2: Is a member Server and also DNS Server. I setup this
>>>>> server as
>>>>> secondary DNS Server because I need to do "Forwarding", and in the
>>>>> primary
>>>>> DNS Server this opption was disabled. Forwarding is pointing to
>>>>> firewall
>>>>> (192.168.0.10) IP: 192.168.0.2
>>>>> - Server 3: Domain Controller and DNS server. (new server) Windows
>>>>> 2003
>>>>> Ent. Edtn. IP: 192.168.0.3
>>>>> I fope this can help you to have a better picture of the network.
>>>>> Here is an unedited resoult from the ipconfig /all command:
>>>>>
>>>>> ------------------------------------------------------------ --------
>>>>> -- -------------------------------
>>>>>
>>>>> Client Side (any Client) OS: Win XP
>>>>>
>>>>> Windows IP Configuration
>>>>>
>>>>> Host Name . . . . . . . . . . . . : brenda
>>>>> Primary Dns Suffix . . . . . . . : dbibolivia.local
>>>>> Node Type . . . . . . . . . . . . : Unknown
>>>>> IP Routing Enabled. . . . . . . . : No
>>>>> WINS Proxy Enabled. . . . . . . . : No
>>>>> DNS Suffix Search List. . . . . . : dbibolivia.local
>>>>> Ethernet adapter Local Area Connection:
>>>>> Connection-specific DNS Suffix . :
>>>>> Description . . . . . . . . . . . : Intel(R) PRO/100 VE
>>>>> Network
>>>>> Connection
>>>>> Physical Address. . . . . . . . . : 00-13-20-1E-30-B0
>>>>> Dhcp Enabled. . . . . . . . . . . : No
>>>>> IP Address. . . . . . . . . . . . : 192.168.0.134
>>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>>>> Default Gateway . . . . . . . . . : 192.168.0.10
>>>>> DNS Servers . . . . . . . . . . . : 192.168.0.2
>>>>> ------------------------------------------------------------ --------
>>>>> --
>>>>> -------------------------------
>>>>> Server Side (new Domain Controller):
>>>>> Windows IP Configuration
>>>>> Host Name . . . . . . . . . . . . : DBI-DC
>>>>> Primary Dns Suffix . . . . . . . : dbibolivia.local
>>>>> Node Type . . . . . . . . . . . . : Unknown
>>>>> IP Routing Enabled. . . . . . . . : No
>>>>> WINS Proxy Enabled. . . . . . . . : No
>>>>> DNS Suffix Search List. . . . . . : dbibolivia.local
>>>>> Ethernet adapter Local Area Connection:
>>>>> Connection-specific DNS Suffix . :
>>>>> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
>>>>> Connection
>>>>> Physical Address. . . . . . . . . : 00-0C-29-AD-22-A3
>>>>> DHCP Enabled. . . . . . . . . . . : No
>>>>> IP Address. . . . . . . . . . . . : 192.168.0.3
>>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>>>> Default Gateway . . . . . . . . . : 192.168.0.10
>>>>> DNS Servers . . . . . . . . . . . : 192.168.0.2
>>>>> ------------------------------------------------------------ --------
>>>>> --
>>>>> --------------------------------------
>>>>> thanks again and regards....
>>>>>
>>>>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
>>>>> news:ff16fb6625cee8cbb243d28c3a87@msnews.microsoft.com...
>>>>>
>>>>>> Hello Luis,
>>>>>>
>>>>>> Please clarify this "Second DNS Server is pointed by clients in the
>>>>>> network due to a Forward option that the first DNS doesn't allow me
>>>>>> to do. (This forward options is for Internet access)."
>>>>>>
>>>>>> As said before an unedited ipconfig /all amkes it more easy. If you
>>>>>> have concerns about posting the complete ip addresses, the
>>>>>> 192.168.x.x is a private iprange not accessible from the internet.
>>>>>>
>>>>>> Best regards
>>>>>>
>>>>>> Meinolf Weber
>>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>>>> and
>>>>>> confers no rights.
>>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>>> Second DNS Server is pointed by clients in the network due to a
>>>>>>> Forward option that the first DNS doesn't allow me to do. (This
>>>>>>> forward options is for Internet access).
>>>>>>>
>>
>>
>>
>
>
Re: Adding 2cond DC -- Meinolf Weber -- Continue.... [message #163742 is a reply to message #163725] Sat, 06 June 2009 06:11 Go to previous message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello Luis,

Congratulations, nice to hear :-)

If new problems come up feel free to post again.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Works!!
>
> Finally, I can See NETLOGON and SYSVOL on the New DC with Win 2003.
> Primary test made and works. I will advice if anything goes wrong. But
> for now looks like every thing is working....
>
> Solution: http://support.microsoft.com/kb/315457/en I follow step by
> step, all what here says and works.....
>
> Thanks a lot for your time and for your help.
>
> Regards...
>
> Luis Falch
>
> Note: I run again Netdiag /fix and DCdiag /fix without erros this
> time.....
>
> "Luis Falch Rojas" <lfalch@info-arch.com> wrote in message
> news:%23vkNf3e5JHA.480@TK2MSFTNGP06.phx.gbl...
>
>> Thanks again for your time...
>>
>> Please see below reoult of the 2 commands you ask for. I run in the
>> new DC.
>>
>> ----------------------------------------------- DCDiag /fix
>> command
>> ------------------------------------------------------------ --------
>> Domain Controller Diagnosis
>> Performing initial setup:
>> Done gathering initial info.
>> Doing initial required tests
>>
>> Testing server: Default-First-Site-Name\DBI-DC
>> Starting test: Connectivity
>> ......................... DBI-DC passed test Connectivity
>> Doing primary tests
>>
>> Testing server: Default-First-Site-Name\DBI-DC
>> Starting test: Replications
>> [Replications Check,DBI-DC] A recent replication attempt failed:
>> From DBISERVER to DBI-DC
>> Naming Context:
>> CN=Schema,CN=Configuration,DC=dbibolivia,DC=local
>> The replication generated an error (1908):
>> Could not find the domain controller for this domain.
>> The failure occurred at 2009-06-05 09:55:59.
>> The last success occurred at 2009-06-05 02:58:50.
>> 2 failures have occurred since the last success.
>> Kerberos Error.
>> A KDC was not found to authenticate the call.
>> Check that sufficient domain controllers are available.
>> ......................... DBI-DC passed test Replications
>> Starting test: NCSecDesc
>> ......................... DBI-DC passed test NCSecDesc
>> Starting test: NetLogons
>> Unable to connect to the NETLOGON share! (\\DBI-DC\netlogon)
>> [DBI-DC] An net use or LsaPolicy operation failed with error 1203,
>> No network provider accepted the given network path..
>> ......................... DBI-DC failed test NetLogons
>> Starting test: Advertising
>> Warning: DsGetDcName returned information for
>> \\dbiserver.dbibolivia.local, when we were trying to reach DBI-DC.
>> Server is not responding or is not considered suitable.
>> Warning: DBI-DC is not advertising as a global catalog.
>> Check that server finished GC promotion.
>> Check the event log on server that enough source replicas for the
>> GC are available.
>> ......................... DBI-DC failed test Advertising
>> Starting test: KnowsOfRoleHolders
>> ......................... DBI-DC passed test KnowsOfRoleHolders
>> Starting test: RidManager
>> ......................... DBI-DC passed test RidManager
>> Starting test: MachineAccount
>> ......................... DBI-DC passed test MachineAccount
>> Starting test: Services
>> ......................... DBI-DC passed test Services
>> Starting test: ObjectsReplicated
>> ......................... DBI-DC passed test ObjectsReplicated
>> Starting test: frssysvol
>> ......................... DBI-DC passed test frssysvol
>> Starting test: frsevent
>> There are warning or error events within the last 24 hours after
>> the
>> SYSVOL has been shared. Failing SYSVOL replication problems may
>> cause
>>
>> Group Policy problems.
>> ......................... DBI-DC failed test frsevent
>> Starting test: kccevent
>> ......................... DBI-DC passed test kccevent
>> Starting test: systemlog
>> ......................... DBI-DC passed test systemlog
>> Starting test: VerifyReferences
>> ......................... DBI-DC passed test VerifyReferences
>> Running partition tests on : ForestDnsZones
>> Starting test: CrossRefValidation
>> ......................... ForestDnsZones passed test
>> CrossRefValidation
>> Starting test: CheckSDRefDom
>> ......................... ForestDnsZones passed test CheckSDRefDom
>> Running partition tests on : DomainDnsZones
>> Starting test: CrossRefValidation
>> ......................... DomainDnsZones passed test
>> CrossRefValidation
>> Starting test: CheckSDRefDom
>> ......................... DomainDnsZones passed test CheckSDRefDom
>> Running partition tests on : Schema
>> Starting test: CrossRefValidation
>> ......................... Schema passed test CrossRefValidation
>> Starting test: CheckSDRefDom
>> ......................... Schema passed test CheckSDRefDom
>> Running partition tests on : Configuration
>> Starting test: CrossRefValidation
>> ......................... Configuration passed test
>> CrossRefValidation
>> Starting test: CheckSDRefDom
>> ......................... Configuration passed test CheckSDRefDom
>> Running partition tests on : dbibolivia
>> Starting test: CrossRefValidation
>> ......................... dbibolivia passed test
>> CrossRefValidation
>> Starting test: CheckSDRefDom
>> ......................... dbibolivia passed test CheckSDRefDom
>> Running enterprise tests on : dbibolivia.local
>>
>> Starting test: Intersite
>>
>> ......................... dbibolivia.local passed test Intersite
>>
>> Starting test: FsmoCheck
>>
>> Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
>>
>> A Global Catalog Server could not be located - All GC's are down.
>>
>> ......................... dbibolivia.local failed test FsmoCheck
>>
>> ------------------------------------------------------------ ---------
>> ------------------------------------------------------------ ---------
>> -
>>
>> ------------------------------------------------------------ ---------
>> ------------------------------------------------------------ ---------
>> -
>>
>> ----------------------------------------------- netdiag /fix
>> command
>> ------------------------------------------------------------ --------
>> ....................................
>> Computer Name: DBI-DC
>> DNS Host Name: DBI-DC.dbibolivia.local
>> System info : Microsoft Windows Server 2003 R2 (Build 3790)
>> Processor : x86 Family 6 Model 15 Stepping 11, GenuineIntel
>> List of installed hotfixes :
>> Q147222
>> Netcard queries test . . . . . . . : Passed
>> Per interface results:
>> Adapter : Local Area Connection
>> Netcard queries test . . . : Passed
>> Host Name. . . . . . . . . : DBI-DC.dbibolivia.local
>> IP Address . . . . . . . . : 192.168.0.3
>> Subnet Mask. . . . . . . . : 255.255.255.0
>> Default Gateway. . . . . . : 192.168.0.10
>> Dns Servers. . . . . . . . : 192.168.0.3
>> AutoConfiguration results. . . . . . : Passed
>> Default gateway test . . . : Passed
>> NetBT name test. . . . . . : Passed
>> [WARNING] At least one of the <00> 'WorkStation Service', <03>
>> 'Messenger Service', <20> 'WINS' names is missing.
>> WINS service test. . . . . : Skipped
>> There are no WINS servers configured for this interface.
>> Global results:
>> Domain membership test . . . . . . : Failed
>> [WARNING] Ths system volume has not been completely replicated to the
>> local machine. This machine is not working properly as a DC.
>> NetBT transports test. . . . . . . : Passed
>>
>> List of NetBt transports currently configured:
>>
>> NetBT_Tcpip_{7A83663F-1BBD-49E1-8F3D-7A5CC68C6642}
>>
>> 1 NetBt transport currently configured.
>>
>> Autonet address test . . . . . . . : Passed
>>
>> IP loopback ping test. . . . . . . : Passed
>>
>> Default gateway test . . . . . . . : Passed
>>
>> NetBT name test. . . . . . . . . . : Passed
>>
>> [WARNING] You don't have a single interface with the <00>
>> 'WorkStation
>>
>> Service', <03> 'Messenger Service', <20> 'WINS' names defined.
>>
>> Winsock test . . . . . . . . . . . : Passed
>>
>> DNS test . . . . . . . . . . . . . : Passed
>>
>> PASS - All the DNS entries for DC are registered on DNS server
>>
>> '192.168.0.3' and other DCs also have some of the names registered.
>>
>> Redir and Browser test . . . . . . : Passed
>>
>> List of NetBt transports currently bound to the Redir
>>
>> NetBT_Tcpip_{7A83663F-1BBD-49E1-8F3D-7A5CC68C6642}
>>
>> The redir is bound to 1 NetBt transport.
>>
>> List of NetBt transports currently bound to the browser
>>
>> NetBT_Tcpip_{7A83663F-1BBD-49E1-8F3D-7A5CC68C6642}
>>
>> The browser is bound to 1 NetBt transport.
>>
>> DC discovery test. . . . . . . . . : Passed
>>
>> DC list test . . . . . . . . . . . : Passed
>>
>> Trust relationship test. . . . . . : Skipped
>>
>> Kerberos test. . . . . . . . . . . : Passed
>>
>> LDAP test. . . . . . . . . . . . . : Passed
>>
>> Bindings test. . . . . . . . . . . : Passed
>>
>> WAN configuration test . . . . . . : Skipped
>>
>> No active remote access connections.
>>
>> Modem diagnostics test . . . . . . : Passed
>>
>> IP Security test . . . . . . . . . : Skipped
>>
>> Note: run "netsh ipsec dynamic show /?" for more detailed information
>>
>> The command completed successfully
>>
>> ------------------------------------------------------------ ---------
>> ------------------------------------------------------------ ---------
>> -
>>
>> regards
>>
>> Luis F
>>
>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
>> news:ff16fb66261308cbb3cf6e1352c7@msnews.microsoft.com...
>>
>>> Hello Luis,
>>>
>>> If the sysvol and netlogon share a re missing then follow the
>>> articles for advice. Please run and post dcdiag /fix and netdiag
>>> /fix to see if it helps.
>>>
>>> Best regards
>>>
>>> Meinolf Weber
>>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>>> confers no rights.
>>> ** Please do NOT email, only reply to Newsgroups
>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>> Thanks for your answer and your time.
>>>>
>>>> "." Zone was deleted....
>>>> 192.168.0.2 (secondary DNS Server): I remove DNS Service.
>>>> 192.168.0.1 (Old Domain Controller): I remove DNS server too.
>>>> 192.168.0.3 (New Domain Controller): Reinstall DNS service, delete
>>>> Zone, and
>>>> rebuild it again.
>>>> Now I have:
>>>> 1) DC and DNS and GC --> New DC (192.168.0.3)
>>>> 2) DC --> Old DC (192.168.0.1)
>>>> 3) Member Server --> Old Secondary DNS Server.
>>>> DNS is worknig well 100%
>>>> I realize that maybe the problem is in replication of AD Database
>>>> to
>>>> the new
>>>> DC server.
>>>> In PC management of the New DC, I have no shares.
>>>> In PC Management of the old DC, I have SYSVOL, and NETLOGON shares.
>>>> Is
>>>> this
>>>> OK? or is something wrong...
>>>> I Read some Microsoft article about this issue: Missing Sysvol and
>>>> Netlogon
>>>> shares in windows 2003 server and I'll try to follow the steps. If
>>>> you
>>>> have
>>>> some suggestions, please let me know..
>>>> thanks and regards....
>>>> Luis Falch
>>>>
>>>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
>>>> news:ff16fb6625f5a8cbb314092d86db@msnews.microsoft.com...
>>>>
>>>>> Hello Luis,
>>>>>
>>>>> FORWARDERS tab will be disabled, all grey, when the root zone
>>>>> exists ".", delete that one and you are able to configure
>>>>> forwarders. The "." zone is needed from ISPs, so you can safely
>>>>> delete it. Close the DNS management console and reopen it, now you
>>>>> can configure them.
>>>>>
>>>>> So i would reconfigure DNS with AD integrated zones also for the
>>>>> othe DNS servers and let the clients use all domain DNS servers on
>>>>> the NIC.
>>>>>
>>>>> Best regards
>>>>>
>>>>> Meinolf Weber
>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>>> and
>>>>> confers no rights.
>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>> I know that.
>>>>>>
>>>>>> I will resume some of our network first roles server and devices:
>>>>>>
>>>>>> - Server1: is a Domain Controller and DNS Server. OS is Windows
>>>>>> 2000
>>>>>> Advanced Server (For years this was our only server). IP:
>>>>>> 192.168.0.1
>>>>>> - Fortinet: Is a Firewall/Proxy. First Role is provide internet
>>>>>> access to
>>>>>> our clients. IP: 192.168.0.10
>>>>>> - Server 2: Is a member Server and also DNS Server. I setup this
>>>>>> server as
>>>>>> secondary DNS Server because I need to do "Forwarding", and in
>>>>>> the
>>>>>> primary
>>>>>> DNS Server this opption was disabled. Forwarding is pointing to
>>>>>> firewall
>>>>>> (192.168.0.10) IP: 192.168.0.2
>>>>>> - Server 3: Domain Controller and DNS server. (new server)
>>>>>> Windows
>>>>>> 2003
>>>>>> Ent. Edtn. IP: 192.168.0.3
>>>>>> I fope this can help you to have a better picture of the network.
>>>>>> Here is an unedited resoult from the ipconfig /all command:
>>>>>> ------------------------------------------------------------ -----
>>>>>> --- -- -------------------------------
>>>>>>
>>>>>> Client Side (any Client) OS: Win XP
>>>>>>
>>>>>> Windows IP Configuration
>>>>>>
>>>>>> Host Name . . . . . . . . . . . . : brenda
>>>>>> Primary Dns Suffix . . . . . . . : dbibolivia.local
>>>>>> Node Type . . . . . . . . . . . . : Unknown
>>>>>> IP Routing Enabled. . . . . . . . : No
>>>>>> WINS Proxy Enabled. . . . . . . . : No
>>>>>> DNS Suffix Search List. . . . . . : dbibolivia.local
>>>>>> Ethernet adapter Local Area Connection:
>>>>>> Connection-specific DNS Suffix . :
>>>>>> Description . . . . . . . . . . . : Intel(R) PRO/100 VE
>>>>>> Network
>>>>>> Connection
>>>>>> Physical Address. . . . . . . . . : 00-13-20-1E-30-B0
>>>>>> Dhcp Enabled. . . . . . . . . . . : No
>>>>>> IP Address. . . . . . . . . . . . : 192.168.0.134
>>>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>>>>> Default Gateway . . . . . . . . . : 192.168.0.10
>>>>>> DNS Servers . . . . . . . . . . . : 192.168.0.2
>>>>>> ------------------------------------------------------------ -----
>>>>>> ---
>>>>>> --
>>>>>> -------------------------------
>>>>>> Server Side (new Domain Controller):
>>>>>> Windows IP Configuration
>>>>>> Host Name . . . . . . . . . . . . : DBI-DC
>>>>>> Primary Dns Suffix . . . . . . . : dbibolivia.local
>>>>>> Node Type . . . . . . . . . . . . : Unknown
>>>>>> IP Routing Enabled. . . . . . . . : No
>>>>>> WINS Proxy Enabled. . . . . . . . : No
>>>>>> DNS Suffix Search List. . . . . . : dbibolivia.local
>>>>>> Ethernet adapter Local Area Connection:
>>>>>> Connection-specific DNS Suffix . :
>>>>>> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
>>>>>> Connection
>>>>>> Physical Address. . . . . . . . . : 00-0C-29-AD-22-A3
>>>>>> DHCP Enabled. . . . . . . . . . . : No
>>>>>> IP Address. . . . . . . . . . . . : 192.168.0.3
>>>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>>>>> Default Gateway . . . . . . . . . : 192.168.0.10
>>>>>> DNS Servers . . . . . . . . . . . : 192.168.0.2
>>>>>> ------------------------------------------------------------ -----
>>>>>> ---
>>>>>> --
>>>>>> --------------------------------------
>>>>>> thanks again and regards....
>>>>>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
>>>>>> news:ff16fb6625cee8cbb243d28c3a87@msnews.microsoft.com...
>>>>>>
>>>>>>> Hello Luis,
>>>>>>>
>>>>>>> Please clarify this "Second DNS Server is pointed by clients in
>>>>>>> the network due to a Forward option that the first DNS doesn't
>>>>>>> allow me to do. (This forward options is for Internet access)."
>>>>>>>
>>>>>>> As said before an unedited ipconfig /all amkes it more easy. If
>>>>>>> you have concerns about posting the complete ip addresses, the
>>>>>>> 192.168.x.x is a private iprange not accessible from the
>>>>>>> internet.
>>>>>>>
>>>>>>> Best regards
>>>>>>>
>>>>>>> Meinolf Weber
>>>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>>>>> and
>>>>>>> confers no rights.
>>>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>>>> ** HELP us help YOU!!!
>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>>>> Second DNS Server is pointed by clients in the network due to a
>>>>>>>> Forward option that the first DNS doesn't allow me to do. (This
>>>>>>>> forward options is for Internet access).
>>>>>>>>
Previous Topic:Upgrade Server 2003 Std R2 SP2 to Server 2003 R2 Enterprise
Next Topic:disk imaging
Goto Forum:
  


Current Time: Tue Aug 22 14:51:01 EDT 2017

Total time taken to generate the page: 0.04729 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software