Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » ADPREP error message 0x2095
ADPREP error message 0x2095 [message #358128] Sun, 03 January 2010 14:00 Go to next message
BrianO  is currently offline BrianO  Canada
Messages: 7
Registered: August 2009
Junior Member
Trying to prepare a mixed 2003/2008 domain with one DC with a second DC on a
2003 server. ADPREP fails with the Win32 error 0x2095, "a directory service
error has occurred". I have searched everywhere but cannot find any
reference to this error.
I would really appreciate help from someone that might have some idea what
the problem might be.
Thanks
Briano
Re: ADPREP error message 0x2095 [message #358140 is a reply to message #358128] Sun, 03 January 2010 14:15 Go to previous messageGo to next message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello BrianO,

Please describe more detailed the DCs OS version, not really clear from your
description. 2 DCs with a 2003 and a 2008 DC?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Trying to prepare a mixed 2003/2008 domain with one DC with a second
> DC on a
> 2003 server. ADPREP fails with the Win32 error 0x2095, "a directory
> service
> error has occurred". I have searched everywhere but cannot find any
> reference to this error.
> I would really appreciate help from someone that might have some idea
> what
> the problem might be.
> Thanks
> Briano
Re: ADPREP error message 0x2095 [message #358203 is a reply to message #358140] Sun, 03 January 2010 15:31 Go to previous messageGo to next message
BrianO  is currently offline BrianO  Canada
Messages: 7
Registered: August 2009
Junior Member
Thanks for looking at my problem. The present (and only) DC is a hyper-v
virtualized 2003 R2 64 bit, and the host it is running on, I want to promote
to a DC.

The host is a 2008 64 bit enterprise server. There are two other
stand-alone servers, one 2008 64 bit ent, and the second one, a 2003 R2 64
bit ent. There is one other virtualized 2008 64 bit std server. So, in
this particular domain, there are 5 active servers. 3 physical boxes and
two virtualized.

It is my ultimate aim to virtualize the 2003 stand-alone, and the other 2008
stand-alone is heavily utilized with a SQL database and not a good candidate
for a DC.

There are 2 DNS servers. The existing DC and the stand-alone 2003 R2. I
know it is not recommended to virtualize a DC but it has worked for us for
two years. All apps are web based. Other than the administrator, there are
no local logons.

Hopefully you can visualize the setup from my description. I can see it in
my sleep, but sometimes it is hard to describe to someone else.

Briano


"Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
news:6cb2911dba8c8cc5ad9575e6a80@msnews.microsoft.com...
> Hello BrianO,
>
> Please describe more detailed the DCs OS version, not really clear from
> your description. 2 DCs with a 2003 and a 2008 DC?
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> Trying to prepare a mixed 2003/2008 domain with one DC with a second
>> DC on a
>> 2003 server. ADPREP fails with the Win32 error 0x2095, "a directory
>> service
>> error has occurred". I have searched everywhere but cannot find any
>> reference to this error.
>> I would really appreciate help from someone that might have some idea
>> what
>> the problem might be.
>> Thanks
>> Briano
>
>
Re: ADPREP error message 0x2095 [message #358211 is a reply to message #358203] Sun, 03 January 2010 15:47 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"BrianO" <briano@office.ounsted.ca> wrote in message
news:Oxo%23wRMjKHA.2780@TK2MSFTNGP05.phx.gbl...
> Thanks for looking at my problem. The present (and only) DC is a hyper-v
> virtualized 2003 R2 64 bit, and the host it is running on, I want to
> promote to a DC.
>
> The host is a 2008 64 bit enterprise server. There are two other
> stand-alone servers, one 2008 64 bit ent, and the second one, a 2003 R2 64
> bit ent. There is one other virtualized 2008 64 bit std server. So, in
> this particular domain, there are 5 active servers. 3 physical boxes and
> two virtualized.
>
> It is my ultimate aim to virtualize the 2003 stand-alone, and the other
> 2008 stand-alone is heavily utilized with a SQL database and not a good
> candidate for a DC.
>
> There are 2 DNS servers. The existing DC and the stand-alone 2003 R2. I
> know it is not recommended to virtualize a DC but it has worked for us for
> two years. All apps are web based. Other than the administrator, there
> are no local logons.
>
> Hopefully you can visualize the setup from my description. I can see it
> in my sleep, but sometimes it is hard to describe to someone else.
>
> Briano
>

Briano,

I don't see a problem in virtualizing all of your DCs, but I would make sure
they are on different hosts, so if the host goes down on one, it won't
affect the other.

As for the directory services error, can you post an unedited ipconfig /all
from both the current (virtual) DC and the one you intend to promote?

What is the relationship between the two current DNS servers? Does the
standalone host a secondary of the AD zones (_msdcs.domain.com and the
domain.com zones)? If not, can you elaborate, please?

Also, post any Event log errors and their respective Source names.

Thanks,

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA
2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.
Re: ADPREP error message 0x2095 [message #358213 is a reply to message #358203] Sun, 03 January 2010 15:50 Go to previous messageGo to next message
Meinolf Weber MVP-DS  is currently offline Meinolf Weber MVP-DS  Germany
Messages: 129
Registered: July 2009
Senior Member
Hello BrianO,

So you use the 2008 64bit installation disk and run the adprep command from
it on the 2003 DC with /forestprep and /domainprep with an account of the
schema/domain/enterprise admins? Please post the adprep logfile here so we
can verify it.

Also keep in mind that you should move the FSMO roles to the Windows server
2008 host and also make it DNS and Global catalog server immediately after
promoting it. Personal i would NOT host a DC VM on the same physical machine.
If the host crashes also the VM is gone.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Thanks for looking at my problem. The present (and only) DC is a
> hyper-v virtualized 2003 R2 64 bit, and the host it is running on, I
> want to promote to a DC.
>
> The host is a 2008 64 bit enterprise server. There are two other
> stand-alone servers, one 2008 64 bit ent, and the second one, a 2003
> R2 64 bit ent. There is one other virtualized 2008 64 bit std server.
> So, in this particular domain, there are 5 active servers. 3 physical
> boxes and two virtualized.
>
> It is my ultimate aim to virtualize the 2003 stand-alone, and the
> other 2008 stand-alone is heavily utilized with a SQL database and not
> a good candidate for a DC.
>
> There are 2 DNS servers. The existing DC and the stand-alone 2003 R2.
> I know it is not recommended to virtualize a DC but it has worked for
> us for two years. All apps are web based. Other than the
> administrator, there are no local logons.
>
> Hopefully you can visualize the setup from my description. I can see
> it in my sleep, but sometimes it is hard to describe to someone else.
>
> Briano
>
> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
> news:6cb2911dba8c8cc5ad9575e6a80@msnews.microsoft.com...
>
>> Hello BrianO,
>>
>> Please describe more detailed the DCs OS version, not really clear
>> from your description. 2 DCs with a 2003 and a 2008 DC?
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> Trying to prepare a mixed 2003/2008 domain with one DC with a second
>>> DC on a
>>> 2003 server. ADPREP fails with the Win32 error 0x2095, "a directory
>>> service
>>> error has occurred". I have searched everywhere but cannot find any
>>> reference to this error.
>>> I would really appreciate help from someone that might have some
>>> idea
>>> what
>>> the problem might be.
>>> Thanks
>>> Briano
Re: ADPREP error message 0x2095 [message #358289 is a reply to message #358211] Sun, 03 January 2010 17:56 Go to previous messageGo to next message
BrianO  is currently offline BrianO  Canada
Messages: 7
Registered: August 2009
Junior Member
IP Config /all Existing DC

Windows IP Configuration

Host Name . . . . . . . . . . . . : test
Primary Dns Suffix . . . . . . . : ERA-Server.ca
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ERA-Server.ca

Ethernet adapter WAN:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual Machine Bus Network
Adapter #2
Physical Address. . . . . . . . . : 00-15-5D-00-01-01
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.10.101
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.10.1
DNS Servers . . . . . . . . . . . : 192.168.10.1
192.168.20.31

Ethernet adapter LAN:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual Machine Bus Network
Adapter
Physical Address. . . . . . . . . : 00-15-5D-00-01-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.20.30
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.20.31

IP Config /all New DC

Windows IP Configuration

Host Name . . . . . . . . . . . . : vs1-ERA
Primary Dns Suffix . . . . . . . : ERA-Server.ca
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ERA-Server.ca

Ethernet adapter Local Area Connection 5:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN Virtual Network
Physical Address. . . . . . . . . : 00-30-48-33-52-B9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . :
fe80::5493:5d5a:970f:ca72%15(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.10.102(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, December 27, 2009 3:14:56 AM
Lease Expires . . . . . . . . . . : Monday, January 04, 2010 3:15:04 PM
Default Gateway . . . . . . . . . : 192.168.10.1
DHCP Server . . . . . . . . . . . : 192.168.10.1
DNS Servers . . . . . . . . . . . : 192.168.10.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection 4:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : LAN Virtual Network
Physical Address. . . . . . . . . : 00-30-48-33-52-B8
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . :
fe80::35e7:8de9:1548:e8b6%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.20.29(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.20.30
DNS Servers . . . . . . . . . . . : 192.168.20.31
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 8:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . :
isatap.{F9DAE0C6-BD2D-4395-900C-B5C9B47B7C19}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . :
isatap.{7E06F8D1-C7A7-4B6F-A629-1C9671F1E2C3}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes


As you described there is the primary DNS and the other DNS server is a copy
(secondary). The .20 network is the internal LAN, the .10 network is a
connection to a port forwarding router, then to the outside.

Thanks

Briano

"Ace Fekay [MCT]" <aceman@mvps.RemoveThisPart.org> wrote in message
news:elgvNbMjKHA.4672@TK2MSFTNGP06.phx.gbl...
> "BrianO" <briano@office.ounsted.ca> wrote in message
> news:Oxo%23wRMjKHA.2780@TK2MSFTNGP05.phx.gbl...
>> Thanks for looking at my problem. The present (and only) DC is a hyper-v
>> virtualized 2003 R2 64 bit, and the host it is running on, I want to
>> promote to a DC.
>>
>> The host is a 2008 64 bit enterprise server. There are two other
>> stand-alone servers, one 2008 64 bit ent, and the second one, a 2003 R2
>> 64 bit ent. There is one other virtualized 2008 64 bit std server. So,
>> in this particular domain, there are 5 active servers. 3 physical boxes
>> and two virtualized.
>>
>> It is my ultimate aim to virtualize the 2003 stand-alone, and the other
>> 2008 stand-alone is heavily utilized with a SQL database and not a good
>> candidate for a DC.
>>
>> There are 2 DNS servers. The existing DC and the stand-alone 2003 R2. I
>> know it is not recommended to virtualize a DC but it has worked for us
>> for two years. All apps are web based. Other than the administrator,
>> there are no local logons.
>>
>> Hopefully you can visualize the setup from my description. I can see it
>> in my sleep, but sometimes it is hard to describe to someone else.
>>
>> Briano
>>
>
> Briano,
>
> I don't see a problem in virtualizing all of your DCs, but I would make
> sure they are on different hosts, so if the host goes down on one, it
> won't affect the other.
>
> As for the directory services error, can you post an unedited ipconfig
> /all from both the current (virtual) DC and the one you intend to promote?
>
> What is the relationship between the two current DNS servers? Does the
> standalone host a secondary of the AD zones (_msdcs.domain.com and the
> domain.com zones)? If not, can you elaborate, please?
>
> Also, post any Event log errors and their respective Source names.
>
> Thanks,
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Please reply back to the newsgroup or forum for collaboration benefit
> among responding engineers, and to help others benefit from your
> resolution.
>
> Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA
> 2003/2000, MCSA Messaging 2003
> Microsoft Certified Trainer
>
> For urgent issues, please contact Microsoft PSS directly. Please check
> http://support.microsoft.com for regional support phone numbers.
>
>
>
Re: ADPREP error message 0x2095 [message #358302 is a reply to message #358213] Sun, 03 January 2010 18:17 Go to previous messageGo to next message
BrianO  is currently offline BrianO  Canada
Messages: 7
Registered: August 2009
Junior Member
That is correct. The Adprep files are dated 1/19/2008. They were actually
taken off the disk and a directory location established. These servers are
1U rack mount without DVD drives. Have not run /domainprep since
/forestprep has not completed. I have not been able to find the location of
the adprep logfiles. I thought it would be /system32/debug or
/system32/logfiles but not there. I have the logfiles directory but not a
debug directory.

I understand your concern about a VM of the DC but we back up each VHD file
every night and have an ISO of the host OS. We feel we could be back online
in less than 1/2 to 1 hour if we should have a catastrophic failure of the
host. With the release of MS R2 version of VMM we are experimenting with
moving around VHD files online. If I could only get this DC business fixed
I could free up another server.

Thanks again.

Brian O


"Meinolf Weber [MVP-DS]" wrote in message
news:6cb2911dba988cc5ae6a9cb8620@msnews.microsoft.com...
> Hello BrianO,
>
> So you use the 2008 64bit installation disk and run the adprep command
> from it on the 2003 DC with /forestprep and /domainprep with an account of
> the schema/domain/enterprise admins? Please post the adprep logfile here
> so we can verify it.
>
> Also keep in mind that you should move the FSMO roles to the Windows
> server 2008 host and also make it DNS and Global catalog server
> immediately after promoting it. Personal i would NOT host a DC VM on the
> same physical machine. If the host crashes also the VM is gone.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> Thanks for looking at my problem. The present (and only) DC is a
>> hyper-v virtualized 2003 R2 64 bit, and the host it is running on, I
>> want to promote to a DC.
>>
>> The host is a 2008 64 bit enterprise server. There are two other
>> stand-alone servers, one 2008 64 bit ent, and the second one, a 2003
>> R2 64 bit ent. There is one other virtualized 2008 64 bit std server.
>> So, in this particular domain, there are 5 active servers. 3 physical
>> boxes and two virtualized.
>>
>> It is my ultimate aim to virtualize the 2003 stand-alone, and the
>> other 2008 stand-alone is heavily utilized with a SQL database and not
>> a good candidate for a DC.
>>
>> There are 2 DNS servers. The existing DC and the stand-alone 2003 R2.
>> I know it is not recommended to virtualize a DC but it has worked for
>> us for two years. All apps are web based. Other than the
>> administrator, there are no local logons.
>>
>> Hopefully you can visualize the setup from my description. I can see
>> it in my sleep, but sometimes it is hard to describe to someone else.
>>
>> Briano
>>
>> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
>> news:6cb2911dba8c8cc5ad9575e6a80@msnews.microsoft.com...
>>
>>> Hello BrianO,
>>>
>>> Please describe more detailed the DCs OS version, not really clear
>>> from your description. 2 DCs with a 2003 and a 2008 DC?
>>>
>>> Best regards
>>>
>>> Meinolf Weber
>>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>>> confers no rights.
>>> ** Please do NOT email, only reply to Newsgroups
>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>> Trying to prepare a mixed 2003/2008 domain with one DC with a second
>>>> DC on a
>>>> 2003 server. ADPREP fails with the Win32 error 0x2095, "a directory
>>>> service
>>>> error has occurred". I have searched everywhere but cannot find any
>>>> reference to this error.
>>>> I would really appreciate help from someone that might have some
>>>> idea
>>>> what
>>>> the problem might be.
>>>> Thanks
>>>> Briano
>
>
Re: ADPREP error message 0x2095 [message #358328 is a reply to message #358289] Sun, 03 January 2010 18:47 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"BrianO" <briano@office.ounsted.ca> wrote in message
news:%23Ce0KjNjKHA.1824@TK2MSFTNGP04.phx.gbl...
> IP Config /all Existing DC
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : test
> Primary Dns Suffix . . . . . . . : ERA-Server.ca
> Node Type . . . . . . . . . . . . : Unknown
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : ERA-Server.ca
>
> Ethernet adapter WAN:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Microsoft Virtual Machine Bus
> Network Adapter #2
> Physical Address. . . . . . . . . : 00-15-5D-00-01-01
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.10.101
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.10.1
> DNS Servers . . . . . . . . . . . : 192.168.10.1
> 192.168.20.31
>
> Ethernet adapter LAN:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Microsoft Virtual Machine Bus
> Network Adapter
> Physical Address. . . . . . . . . : 00-15-5D-00-01-00
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.20.30
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . :
> DNS Servers . . . . . . . . . . . : 192.168.20.31
>
> IP Config /all New DC
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : vs1-ERA
> Primary Dns Suffix . . . . . . . : ERA-Server.ca
> Node Type . . . . . . . . . . . . : Hybrid
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : ERA-Server.ca
>
> Ethernet adapter Local Area Connection 5:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : WAN Virtual Network
> Physical Address. . . . . . . . . : 00-30-48-33-52-B9
> DHCP Enabled. . . . . . . . . . . : Yes
> Autoconfiguration Enabled . . . . : Yes
> Link-local IPv6 Address . . . . . :
> fe80::5493:5d5a:970f:ca72%15(Preferred)
> IPv4 Address. . . . . . . . . . . : 192.168.10.102(Preferred)
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Lease Obtained. . . . . . . . . . : Sunday, December 27, 2009 3:14:56 AM
> Lease Expires . . . . . . . . . . : Monday, January 04, 2010 3:15:04 PM
> Default Gateway . . . . . . . . . : 192.168.10.1
> DHCP Server . . . . . . . . . . . : 192.168.10.1
> DNS Servers . . . . . . . . . . . : 192.168.10.1
> NetBIOS over Tcpip. . . . . . . . : Enabled
>
> Ethernet adapter Local Area Connection 4:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : LAN Virtual Network
> Physical Address. . . . . . . . . : 00-30-48-33-52-B8
> DHCP Enabled. . . . . . . . . . . : No
> Autoconfiguration Enabled . . . . : Yes
> Link-local IPv6 Address . . . . . :
> fe80::35e7:8de9:1548:e8b6%13(Preferred)
> IPv4 Address. . . . . . . . . . . : 192.168.20.29(Preferred)
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.20.30
> DNS Servers . . . . . . . . . . . : 192.168.20.31
> NetBIOS over Tcpip. . . . . . . . : Enabled
>
> Tunnel adapter Local Area Connection* 8:
>
> Media State . . . . . . . . . . . : Media disconnected
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . :
> isatap.{F9DAE0C6-BD2D-4395-900C-B5C9B47B7C19}
> Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
> DHCP Enabled. . . . . . . . . . . : No
> Autoconfiguration Enabled . . . . : Yes
>
> Tunnel adapter Local Area Connection* 9:
>
> Media State . . . . . . . . . . . : Media disconnected
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . :
> isatap.{7E06F8D1-C7A7-4B6F-A629-1C9671F1E2C3}
> Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
> DHCP Enabled. . . . . . . . . . . : No
> Autoconfiguration Enabled . . . . : Yes
>
>
> As you described there is the primary DNS and the other DNS server is a
> copy (secondary). The .20 network is the internal LAN, the .10 network is
> a connection to a port forwarding router, then to the outside.
>
> Thanks
>
> Briano
>

Briano,

Thank you for posting the requested data.

I see the problem, rather two problems:

1.Your DCs are multihomed. Multihomed DCs are extremely problematic. This is
due to DNS records. It is highly recommended to never multihome a DC.

a. The .10 NIC is set to DHCP, another non-recommended config. A DC
requires static configs.

b. There two default gateways on the new DC. Any machine should only
have one 'default" gateway, otherwise it will cause networking routing
issues within itself. A "gateway" is the "doorway out to the world," so to
speak. There can only be one.

2. You are using your router as a DNS server. Even if you have DNS installed
on the machines, it will never use it because you didn't specify that in
thier network config.

Resolution:

1. Disable the .10 NIC. I'm not entirely sure the requirement of the .10
subnet's role. Is it a DMZ? Or was it setup due to the type of router/modem
the ISP provided? If the latter, it may need to be configured in 'arp' mode.
Either way, if you need to keep the .10 subnet for whatever reason, install
a firewall connecting the two subnets, and use it a the default gateway for
all internal machines.

2. Point DNS to the current DC for DNS, 192.168.20.30. Let's not use the
secondary for now, rather just use the current DC. Reason is, if you use the
secondary, then promote the machine, it will delete the current conflicting
(secondary) zone, then await repication for the current AD integrated zone
to populate. During this delay, it can cause significant issues. This will
reduce the complexity to help straighten this out.

If you absolutely postively need to keep the DCs multihomed, there is a
procedure that will alter the DCs to properly function, however it requires
significant alteration to a DC's default functions, including registry
changes. Normally we recommend to not do this, and simply single-home the
DC.

The following is a link to the procedure, as well as a detailed explanation
of what a multihomed DC is, and it's implications.

Multihomed DCs with DNS, RRAS, multiple IPs, and/or PPPoE adapters
http://msmvps.com/blogs/acefekay/archive/2009/08/17/multihom ed-dcs-with-dns-rras-and-or-pppoe-adapters.aspx


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA
2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.
Re: ADPREP error message 0x2095 [message #358345 is a reply to message #358302] Sun, 03 January 2010 18:51 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"BrianO" <briano@office.ounsted.ca> wrote in message
news:ubAuCvNjKHA.2780@TK2MSFTNGP05.phx.gbl...
> That is correct. The Adprep files are dated 1/19/2008. They were
> actually taken off the disk and a directory location established. These
> servers are 1U rack mount without DVD drives. Have not run /domainprep
> since /forestprep has not completed. I have not been able to find the
> location of the adprep logfiles. I thought it would be /system32/debug or
> /system32/logfiles but not there. I have the logfiles directory but not a
> debug directory.
>
> I understand your concern about a VM of the DC but we back up each VHD
> file every night and have an ISO of the host OS. We feel we could be back
> online in less than 1/2 to 1 hour if we should have a catastrophic failure
> of the host. With the release of MS R2 version of VMM we are
> experimenting with moving around VHD files online. If I could only get
> this DC business fixed I could free up another server.
>
> Thanks again.
>
> Brian O
>


Hi Brian,

It's not advised to use imaging software to restore a DC, otherwise it will
introduce unrecoverable errors, such as a USN Rollback. It's highly
recommended to use normal backup procedures backing up the System State and
the C: drive. I know it takes longer, but believe me, you don't want a USN
Rollback to occur. Read the following to get an idea what this is.

How to detect and recover from a USN rollback in Windows Server 2003Explains
how to recover when a domain controller is incorrectly rolled back by using
an image-based installation of the operating system.
http://support.microsoft.com/kb/875495

How to detect and recover from a USN rollback in Windows 2000 ServerExplains
how to detect and recover from a USN rollback that is caused when a domain
controller is incorrectly rolled back by using an image-based ...
http://support.microsoft.com/kb/885875

Ace
Re: ADPREP error message 0x2095 [message #358413 is a reply to message #358328] Sun, 03 January 2010 21:03 Go to previous messageGo to next message
BrianO  is currently offline BrianO  Canada
Messages: 7
Registered: August 2009
Junior Member
Hard to know where to start here. I am aware of multi-homed, or rather not
to do it. I did notice the dual gateways when I ran IP config. The
particular network connection we are talking about is not required. It was
put there by the Hyper-V install and should have been disabled long ago. It
was never configured (that's why the DHCP) and is now disabled. Can't be
all that bad, this particular installation has run for 2 years without an
apparent problem.

Yes, we need the .10 network (can be any private address). It is simply a
link between this server and a router. If the server makes a DNS request to
the .10 network it is routed (via routing table) to an outside internet DNS
server. If the outside does not answer than presumably it will try the
internal DNS server. Each of the servers, except for the Hyper-V host, have
similar links to similar port-forwarding routers, and carry web app traffic.
The WAN side of the routers have individual public IPs and connect to a T1
line through a managed switch.

So far, I am still looking for a solution to my initial problem. I have
tried a number of things but so far to no avail.

Thanks again for your interest.

Brian O.

"Ace Fekay [MCT]" <aceman@mvps.RemoveThisPart.org> wrote in message
news:ea7Dp$NjKHA.1824@TK2MSFTNGP04.phx.gbl...
> "BrianO" <briano@office.ounsted.ca> wrote in message
> news:%23Ce0KjNjKHA.1824@TK2MSFTNGP04.phx.gbl...
>> IP Config /all Existing DC
>>
>> Windows IP Configuration
>>
>> Host Name . . . . . . . . . . . . : test
>> Primary Dns Suffix . . . . . . . : ERA-Server.ca
>> Node Type . . . . . . . . . . . . : Unknown
>> IP Routing Enabled. . . . . . . . : No
>> WINS Proxy Enabled. . . . . . . . : No
>> DNS Suffix Search List. . . . . . : ERA-Server.ca
>>
>> Ethernet adapter WAN:
>>
>> Connection-specific DNS Suffix . :
>> Description . . . . . . . . . . . : Microsoft Virtual Machine Bus
>> Network Adapter #2
>> Physical Address. . . . . . . . . : 00-15-5D-00-01-01
>> DHCP Enabled. . . . . . . . . . . : No
>> IP Address. . . . . . . . . . . . : 192.168.10.101
>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> Default Gateway . . . . . . . . . : 192.168.10.1
>> DNS Servers . . . . . . . . . . . : 192.168.10.1
>> 192.168.20.31
>>
>> Ethernet adapter LAN:
>>
>> Connection-specific DNS Suffix . :
>> Description . . . . . . . . . . . : Microsoft Virtual Machine Bus
>> Network Adapter
>> Physical Address. . . . . . . . . : 00-15-5D-00-01-00
>> DHCP Enabled. . . . . . . . . . . : No
>> IP Address. . . . . . . . . . . . : 192.168.20.30
>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> Default Gateway . . . . . . . . . :
>> DNS Servers . . . . . . . . . . . : 192.168.20.31
>>
>> IP Config /all New DC
>>
>> Windows IP Configuration
>>
>> Host Name . . . . . . . . . . . . : vs1-ERA
>> Primary Dns Suffix . . . . . . . : ERA-Server.ca
>> Node Type . . . . . . . . . . . . : Hybrid
>> IP Routing Enabled. . . . . . . . : No
>> WINS Proxy Enabled. . . . . . . . : No
>> DNS Suffix Search List. . . . . . : ERA-Server.ca
>>
>> Ethernet adapter Local Area Connection 5:
>>
>> Connection-specific DNS Suffix . :
>> Description . . . . . . . . . . . : WAN Virtual Network
>> Physical Address. . . . . . . . . : 00-30-48-33-52-B9
>> DHCP Enabled. . . . . . . . . . . : Yes
>> Autoconfiguration Enabled . . . . : Yes
>> Link-local IPv6 Address . . . . . :
>> fe80::5493:5d5a:970f:ca72%15(Preferred)
>> IPv4 Address. . . . . . . . . . . : 192.168.10.102(Preferred)
>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> Lease Obtained. . . . . . . . . . : Sunday, December 27, 2009 3:14:56
>> AM
>> Lease Expires . . . . . . . . . . : Monday, January 04, 2010 3:15:04 PM
>> Default Gateway . . . . . . . . . : 192.168.10.1
>> DHCP Server . . . . . . . . . . . : 192.168.10.1
>> DNS Servers . . . . . . . . . . . : 192.168.10.1
>> NetBIOS over Tcpip. . . . . . . . : Enabled
>>
>> Ethernet adapter Local Area Connection 4:
>>
>> Connection-specific DNS Suffix . :
>> Description . . . . . . . . . . . : LAN Virtual Network
>> Physical Address. . . . . . . . . : 00-30-48-33-52-B8
>> DHCP Enabled. . . . . . . . . . . : No
>> Autoconfiguration Enabled . . . . : Yes
>> Link-local IPv6 Address . . . . . :
>> fe80::35e7:8de9:1548:e8b6%13(Preferred)
>> IPv4 Address. . . . . . . . . . . : 192.168.20.29(Preferred)
>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> Default Gateway . . . . . . . . . : 192.168.20.30
>> DNS Servers . . . . . . . . . . . : 192.168.20.31
>> NetBIOS over Tcpip. . . . . . . . : Enabled
>>
>> Tunnel adapter Local Area Connection* 8:
>>
>> Media State . . . . . . . . . . . : Media disconnected
>> Connection-specific DNS Suffix . :
>> Description . . . . . . . . . . . :
>> isatap.{F9DAE0C6-BD2D-4395-900C-B5C9B47B7C19}
>> Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
>> DHCP Enabled. . . . . . . . . . . : No
>> Autoconfiguration Enabled . . . . : Yes
>>
>> Tunnel adapter Local Area Connection* 9:
>>
>> Media State . . . . . . . . . . . : Media disconnected
>> Connection-specific DNS Suffix . :
>> Description . . . . . . . . . . . :
>> isatap.{7E06F8D1-C7A7-4B6F-A629-1C9671F1E2C3}
>> Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
>> DHCP Enabled. . . . . . . . . . . : No
>> Autoconfiguration Enabled . . . . : Yes
>>
>>
>> As you described there is the primary DNS and the other DNS server is a
>> copy (secondary). The .20 network is the internal LAN, the .10 network
>> is a connection to a port forwarding router, then to the outside.
>>
>> Thanks
>>
>> Briano
>>
>
> Briano,
>
> Thank you for posting the requested data.
>
> I see the problem, rather two problems:
>
> 1.Your DCs are multihomed. Multihomed DCs are extremely problematic. This
> is due to DNS records. It is highly recommended to never multihome a DC.
>
> a. The .10 NIC is set to DHCP, another non-recommended config. A DC
> requires static configs.
>
> b. There two default gateways on the new DC. Any machine should only
> have one 'default" gateway, otherwise it will cause networking routing
> issues within itself. A "gateway" is the "doorway out to the world," so to
> speak. There can only be one.
>
> 2. You are using your router as a DNS server. Even if you have DNS
> installed on the machines, it will never use it because you didn't specify
> that in thier network config.
>
> Resolution:
>
> 1. Disable the .10 NIC. I'm not entirely sure the requirement of the .10
> subnet's role. Is it a DMZ? Or was it setup due to the type of
> router/modem the ISP provided? If the latter, it may need to be configured
> in 'arp' mode. Either way, if you need to keep the .10 subnet for whatever
> reason, install a firewall connecting the two subnets, and use it a the
> default gateway for all internal machines.
>
> 2. Point DNS to the current DC for DNS, 192.168.20.30. Let's not use the
> secondary for now, rather just use the current DC. Reason is, if you use
> the secondary, then promote the machine, it will delete the current
> conflicting (secondary) zone, then await repication for the current AD
> integrated zone to populate. During this delay, it can cause significant
> issues. This will reduce the complexity to help straighten this out.
>
> If you absolutely postively need to keep the DCs multihomed, there is a
> procedure that will alter the DCs to properly function, however it
> requires significant alteration to a DC's default functions, including
> registry changes. Normally we recommend to not do this, and simply
> single-home the DC.
>
> The following is a link to the procedure, as well as a detailed
> explanation of what a multihomed DC is, and it's implications.
>
> Multihomed DCs with DNS, RRAS, multiple IPs, and/or PPPoE adapters
> http://msmvps.com/blogs/acefekay/archive/2009/08/17/multihom ed-dcs-with-dns-rras-and-or-pppoe-adapters.aspx
>
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Please reply back to the newsgroup or forum for collaboration benefit
> among responding engineers, and to help others benefit from your
> resolution.
>
> Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA
> 2003/2000, MCSA Messaging 2003
> Microsoft Certified Trainer
>
> For urgent issues, please contact Microsoft PSS directly. Please check
> http://support.microsoft.com for regional support phone numbers.
>
>
>
>
Re: ADPREP error message 0x2095 [message #358422 is a reply to message #358413] Sun, 03 January 2010 21:17 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"BrianO" <briano@office.ounsted.ca> wrote in message
news:Oo6ejLPjKHA.4672@TK2MSFTNGP06.phx.gbl...
> Hard to know where to start here. I am aware of multi-homed, or rather
> not to do it. I did notice the dual gateways when I ran IP config. The
> particular network connection we are talking about is not required. It
> was put there by the Hyper-V install and should have been disabled long
> ago. It was never configured (that's why the DHCP) and is now disabled.
> Can't be all that bad, this particular installation has run for 2 years
> without an apparent problem.

Surprising that it ran for 2 years without issues, but then again, it was
the only DC.

>
> Yes, we need the .10 network (can be any private address). It is simply a
> link between this server and a router. If the server makes a DNS request
> to the .10 network it is routed (via routing table) to an outside internet
> DNS server.

Actually, DNS requests do not get "routed" per se in the sense of your
context, rather network traffic gets sent to it's destination host, and if
the host is not on the same subnet, it sends it to the default gateway to
determine how to get it to the destination host.


> If the outside does not answer than presumably it will try the internal
> DNS server.

Actually all internal machines that are part of AD, including the DC itself,
clients and member servers, must only use the internal DC as their DNS
address. You would configure a Forwarder in the DNS server's properties (in
DNS console, right-click the servername, properties, Forwarders tab, type in
the ISP's DNS address(es).)


> Each of the servers, except for the Hyper-V host, have similar links to
> similar port-forwarding routers, and carry web app traffic. The WAN side
> of the routers have individual public IPs and connect to a T1 line through
> a managed switch.
>
> So far, I am still looking for a solution to my initial problem. I have
> tried a number of things but so far to no avail.

I provided a resolution. You need to disable multihoming, or make the
changes outlined in my blog on each DC that is multhomed to make it work.
The adprep process simply can't properly "find" domain resources due to DNS
entries from the additional interfaces. Also, if you try to delete the
entries, the netlogon service simply puts them back. If you feel this is not
correct or reluctant to make the necessary changes for it to work, (because
it worked well for many years), I can understand. Maybe someone else can
explain it in different terms.

>
> Thanks again for your interest.
>
> Brian O.

You are welcome.

Ace
Re: ADPREP error message 0x2095 [message #358521 is a reply to message #358289] Mon, 04 January 2010 02:33 Go to previous messageGo to next message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello BrianO,

As already stated from Ace, you can be happy that the domain runs that long
time without any problem with a multihomed DC. And now the problems occur
exactly as expected with multihomed DCs. What you see are only some of them
there will be more in the future, i am sure.

So kick out the multihoming of the exisiting machine, cleanup DNS zones form
the second entry, run ipconfig /flushdns and ipconfig /registerdns, then
restart the netlogon service on it.

On the new machine configure a fixed ip address instead of the DHCP, if the
server reboots or request a new ip address after lease time expires you will
run into trouble as the new ip address creates also conflicts. Multihoming
is the same as above, remove it.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> IP Config /all Existing DC
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : test
> Primary Dns Suffix . . . . . . . : ERA-Server.ca
> Node Type . . . . . . . . . . . . : Unknown
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : ERA-Server.ca
> Ethernet adapter WAN:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Microsoft Virtual Machine Bus
> Network
> Adapter #2
> Physical Address. . . . . . . . . : 00-15-5D-00-01-01
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.10.101
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.10.1
> DNS Servers . . . . . . . . . . . : 192.168.10.1
> 192.168.20.31
> Ethernet adapter LAN:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Microsoft Virtual Machine Bus
> Network
> Adapter
> Physical Address. . . . . . . . . : 00-15-5D-00-01-00
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.20.30
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . :
> DNS Servers . . . . . . . . . . . : 192.168.20.31
> IP Config /all New DC
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : vs1-ERA
> Primary Dns Suffix . . . . . . . : ERA-Server.ca
> Node Type . . . . . . . . . . . . : Hybrid
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : ERA-Server.ca
> Ethernet adapter Local Area Connection 5:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : WAN Virtual Network
> Physical Address. . . . . . . . . : 00-30-48-33-52-B9
> DHCP Enabled. . . . . . . . . . . : Yes
> Autoconfiguration Enabled . . . . : Yes
> Link-local IPv6 Address . . . . . :
> fe80::5493:5d5a:970f:ca72%15(Preferred)
> IPv4 Address. . . . . . . . . . . : 192.168.10.102(Preferred)
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Lease Obtained. . . . . . . . . . : Sunday, December 27, 2009
> 3:14:56 AM
> Lease Expires . . . . . . . . . . : Monday, January 04, 2010
> 3:15:04 PM
> Default Gateway . . . . . . . . . : 192.168.10.1
> DHCP Server . . . . . . . . . . . : 192.168.10.1
> DNS Servers . . . . . . . . . . . : 192.168.10.1
> NetBIOS over Tcpip. . . . . . . . : Enabled
> Ethernet adapter Local Area Connection 4:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : LAN Virtual Network
> Physical Address. . . . . . . . . : 00-30-48-33-52-B8
> DHCP Enabled. . . . . . . . . . . : No
> Autoconfiguration Enabled . . . . : Yes
> Link-local IPv6 Address . . . . . :
> fe80::35e7:8de9:1548:e8b6%13(Preferred)
> IPv4 Address. . . . . . . . . . . : 192.168.20.29(Preferred)
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.20.30
> DNS Servers . . . . . . . . . . . : 192.168.20.31
> NetBIOS over Tcpip. . . . . . . . : Enabled
> Tunnel adapter Local Area Connection* 8:
>
> Media State . . . . . . . . . . . : Media disconnected
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . :
> isatap.{F9DAE0C6-BD2D-4395-900C-B5C9B47B7C19}
> Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
> DHCP Enabled. . . . . . . . . . . : No
> Autoconfiguration Enabled . . . . : Yes
> Tunnel adapter Local Area Connection* 9:
>
> Media State . . . . . . . . . . . : Media disconnected
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . :
> isatap.{7E06F8D1-C7A7-4B6F-A629-1C9671F1E2C3}
> Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
> DHCP Enabled. . . . . . . . . . . : No
> Autoconfiguration Enabled . . . . : Yes
> As you described there is the primary DNS and the other DNS server is
> a copy (secondary). The .20 network is the internal LAN, the .10
> network is a connection to a port forwarding router, then to the
> outside.
>
> Thanks
>
> Briano
>
> "Ace Fekay [MCT]" <aceman@mvps.RemoveThisPart.org> wrote in message
> news:elgvNbMjKHA.4672@TK2MSFTNGP06.phx.gbl...
>
>> "BrianO" <briano@office.ounsted.ca> wrote in message
>> news:Oxo%23wRMjKHA.2780@TK2MSFTNGP05.phx.gbl...
>>
>>> Thanks for looking at my problem. The present (and only) DC is a
>>> hyper-v virtualized 2003 R2 64 bit, and the host it is running on, I
>>> want to promote to a DC.
>>>
>>> The host is a 2008 64 bit enterprise server. There are two other
>>> stand-alone servers, one 2008 64 bit ent, and the second one, a 2003
>>> R2 64 bit ent. There is one other virtualized 2008 64 bit std
>>> server. So, in this particular domain, there are 5 active servers.
>>> 3 physical boxes and two virtualized.
>>>
>>> It is my ultimate aim to virtualize the 2003 stand-alone, and the
>>> other 2008 stand-alone is heavily utilized with a SQL database and
>>> not a good candidate for a DC.
>>>
>>> There are 2 DNS servers. The existing DC and the stand-alone 2003
>>> R2. I know it is not recommended to virtualize a DC but it has
>>> worked for us for two years. All apps are web based. Other than
>>> the administrator, there are no local logons.
>>>
>>> Hopefully you can visualize the setup from my description. I can
>>> see it in my sleep, but sometimes it is hard to describe to someone
>>> else.
>>>
>>> Briano
>>>
>> Briano,
>>
>> I don't see a problem in virtualizing all of your DCs, but I would
>> make sure they are on different hosts, so if the host goes down on
>> one, it won't affect the other.
>>
>> As for the directory services error, can you post an unedited
>> ipconfig /all from both the current (virtual) DC and the one you
>> intend to promote?
>>
>> What is the relationship between the two current DNS servers? Does
>> the standalone host a secondary of the AD zones (_msdcs.domain.com
>> and the domain.com zones)? If not, can you elaborate, please?
>>
>> Also, post any Event log errors and their respective Source names.
>>
>> Thanks,
>>
>> -- Ace
>>
>> This posting is provided "AS-IS" with no warranties or guarantees and
>> confers no rights.
>>
>> Please reply back to the newsgroup or forum for collaboration benefit
>> among responding engineers, and to help others benefit from your
>> resolution.
>>
>> Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
>> MCSA
>> 2003/2000, MCSA Messaging 2003
>> Microsoft Certified Trainer
>> For urgent issues, please contact Microsoft PSS directly. Please
>> check http://support.microsoft.com for regional support phone
>> numbers.
>>
Re: ADPREP error message 0x2095 [message #358522 is a reply to message #358302] Mon, 04 January 2010 02:35 Go to previous messageGo to next message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello BrianO,

Snapshots or file copies from a VM, or an image from a physical machine,
are NOT supported AD aware backups as pointed out form Ace with the related
Micorsoft documentation. So avoid this way of backup or you run into trouble
when using them.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> That is correct. The Adprep files are dated 1/19/2008. They were
> actually taken off the disk and a directory location established.
> These servers are 1U rack mount without DVD drives. Have not run
> /domainprep since /forestprep has not completed. I have not been able
> to find the location of the adprep logfiles. I thought it would be
> /system32/debug or /system32/logfiles but not there. I have the
> logfiles directory but not a debug directory.
>
> I understand your concern about a VM of the DC but we back up each VHD
> file every night and have an ISO of the host OS. We feel we could be
> back online in less than 1/2 to 1 hour if we should have a
> catastrophic failure of the host. With the release of MS R2 version
> of VMM we are experimenting with moving around VHD files online. If I
> could only get this DC business fixed I could free up another server.
>
> Thanks again.
>
> Brian O
>
> "Meinolf Weber [MVP-DS]" wrote in message
> news:6cb2911dba988cc5ae6a9cb8620@msnews.microsoft.com...
>
>> Hello BrianO,
>>
>> So you use the 2008 64bit installation disk and run the adprep
>> command from it on the 2003 DC with /forestprep and /domainprep with
>> an account of the schema/domain/enterprise admins? Please post the
>> adprep logfile here so we can verify it.
>>
>> Also keep in mind that you should move the FSMO roles to the Windows
>> server 2008 host and also make it DNS and Global catalog server
>> immediately after promoting it. Personal i would NOT host a DC VM on
>> the same physical machine. If the host crashes also the VM is gone.
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> Thanks for looking at my problem. The present (and only) DC is a
>>> hyper-v virtualized 2003 R2 64 bit, and the host it is running on, I
>>> want to promote to a DC.
>>>
>>> The host is a 2008 64 bit enterprise server. There are two other
>>> stand-alone servers, one 2008 64 bit ent, and the second one, a 2003
>>> R2 64 bit ent. There is one other virtualized 2008 64 bit std
>>> server. So, in this particular domain, there are 5 active servers.
>>> 3 physical boxes and two virtualized.
>>>
>>> It is my ultimate aim to virtualize the 2003 stand-alone, and the
>>> other 2008 stand-alone is heavily utilized with a SQL database and
>>> not a good candidate for a DC.
>>>
>>> There are 2 DNS servers. The existing DC and the stand-alone 2003
>>> R2. I know it is not recommended to virtualize a DC but it has
>>> worked for us for two years. All apps are web based. Other than
>>> the administrator, there are no local logons.
>>>
>>> Hopefully you can visualize the setup from my description. I can
>>> see it in my sleep, but sometimes it is hard to describe to someone
>>> else.
>>>
>>> Briano
>>>
>>> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
>>> news:6cb2911dba8c8cc5ad9575e6a80@msnews.microsoft.com...
>>>
>>>> Hello BrianO,
>>>>
>>>> Please describe more detailed the DCs OS version, not really clear
>>>> from your description. 2 DCs with a 2003 and a 2008 DC?
>>>>
>>>> Best regards
>>>>
>>>> Meinolf Weber
>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>> and
>>>> confers no rights.
>>>> ** Please do NOT email, only reply to Newsgroups
>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>> Trying to prepare a mixed 2003/2008 domain with one DC with a
>>>>> second
>>>>> DC on a
>>>>> 2003 server. ADPREP fails with the Win32 error 0x2095, "a
>>>>> directory
>>>>> service
>>>>> error has occurred". I have searched everywhere but cannot find
>>>>> any
>>>>> reference to this error.
>>>>> I would really appreciate help from someone that might have some
>>>>> idea
>>>>> what
>>>>> the problem might be.
>>>>> Thanks
>>>>> Briano
Re: ADPREP error message 0x2095 (FIXED) [message #361253 is a reply to message #358128] Wed, 06 January 2010 15:44 Go to previous messageGo to next message
BrianO  is currently offline BrianO  Canada
Messages: 7
Registered: August 2009
Junior Member
I had to brute force fix. I brought in another computer and promoted it to
DC. Then I could demote the problem DC. I had to /forceremove, but that
was OK. I then promoted it and removed the temporary DC. I was then able
to update the schema. Where there is a will, there is a way.

Thanks everyone for your suggestions and help

Brian O.

"BrianO" <briano@office.ounsted.ca> wrote in message
news:eAmMFfLjKHA.3792@TK2MSFTNGP02.phx.gbl...
> Trying to prepare a mixed 2003/2008 domain with one DC with a second DC on
> a 2003 server. ADPREP fails with the Win32 error 0x2095, "a directory
> service error has occurred". I have searched everywhere but cannot find
> any reference to this error.
> I would really appreciate help from someone that might have some idea what
> the problem might be.
> Thanks
> Briano
Re: ADPREP error message 0x2095 (FIXED) [message #361265 is a reply to message #361253] Wed, 06 January 2010 15:58 Go to previous messageGo to next message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello BrianO,

If you remove a DC with /forceremoval you have to cleanup the AD database
from it according to:
http://support.microsoft.com/kb/555846/en-us

To be sure that no problems exist run dcdiag /v, netdiag /v and repadmin
/showrepl. They should all come up with NO error message and additional the
event viewer shouldn't show any errors related to replication or DNS.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> I had to brute force fix. I brought in another computer and promoted
> it to DC. Then I could demote the problem DC. I had to /forceremove,
> but that was OK. I then promoted it and removed the temporary DC. I
> was then able to update the schema. Where there is a will, there is a
> way.
>
> Thanks everyone for your suggestions and help
>
> Brian O.
>
> "BrianO" <briano@office.ounsted.ca> wrote in message
> news:eAmMFfLjKHA.3792@TK2MSFTNGP02.phx.gbl...
>
>> Trying to prepare a mixed 2003/2008 domain with one DC with a second
>> DC on
>> a 2003 server. ADPREP fails with the Win32 error 0x2095, "a
>> directory
>> service error has occurred". I have searched everywhere but cannot
>> find
>> any reference to this error.
>> I would really appreciate help from someone that might have some idea
>> what
>> the problem might be.
>> Thanks
>> Briano
Re: ADPREP error message 0x2095 (FIXED) [message #361393 is a reply to message #361253] Wed, 06 January 2010 19:02 Go to previous message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"BrianO" <briano@office.ounsted.ca> wrote in message
news:%23jYmeHyjKHA.1652@TK2MSFTNGP05.phx.gbl...
>I had to brute force fix. I brought in another computer and promoted it to
>DC. Then I could demote the problem DC. I had to /forceremove, but that
>was OK. I then promoted it and removed the temporary DC. I was then able
>to update the schema. Where there is a will, there is a way.
>
> Thanks everyone for your suggestions and help
>
> Brian O.
>


You are welcome. Good to hear you figured a way to resolve it.

I would also follow Meinolf's suggestions to insure the Ad database is clear
of the forced removed DC.

Ace
Previous Topic:Computer Account Deleted Automatically
Next Topic:Would you stop for a moment?!
Goto Forum:
  


Current Time: Tue Jan 16 10:40:20 MST 2018

Total time taken to generate the page: 0.05033 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software