On the 2000 DC I did run:
 adprep / forrestprep
 adprep / domainprep
 adprep / domainprep /gpprep
and had no errors.
 I'm using the "Configure Your Server" panel and already had to pull the
 2003 server out manually once. This involved both demoting it at itself, and 
also using the support tools on the 2000 DC.
(you know when you have it out, because only then can you put it back)
 I put it back, and now have a 1/2 installed AD, that can login users, assign
folder perms, but still no SYSVOL, lots of Access Denied Kerberos errors
even though dcdiag says that's not the problem.
I've tried everything in the forums, to no avail.
Two questions I guess.
 1)  Do I have to raise the 2000 server to native mode before I get a good 
automatic replication? (Currently it's in mixed mode).
2) Can I manually force the copy from the old to the new, just to get the
 full AD, and then turn off the old box.? 
(and do a clean up on the new box as we did on the old one).?
Any clues appreciated.
RobV.
also post event IDs with warning/errors
answers:
(1) no
(2) replication is not working and that has a reason which must be solved 
first
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Windows Server - Directory Services
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"noob admin" <noob...@discussions.microsoft.com> wrote in message 
news:F2014B64-841A-48B9...@microsoft.com...
 I'll have access to the server by 8:00am PST tomorrow( 9/11/06),
and I'll post the dcdiag output.
Sincerely,
RobV.
> 2) Can I manually force the copy from the old to the new, just to get the
> full AD, and then turn off the old box.?
> (and do a clean up on the new box as we did on the old one).?
If you're referring to manually remove the old DC from network, I would 
reconsider that because the problems probably don't go away by removing the 
old server, your problem sounds more like a configuration problem (DNS for 
example), so I would fix these problems first then if you want, remove the 
server using Dcpromo.
-- 
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"noob admin" <noob...@discussions.microsoft.com> wrote in message 
news:F2014B64-841A-48B9...@microsoft.com...
send me your email address at rvan...@hotmail.com and
I'll send back the output.
Sincerely,
RobV.
"Jorge de Almeida Pinto [MVP - DS]" wrote:
Settings,CN=Server1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my_domain,DC=
local
         Role Domain Owner = CN=NTDS 
 
Settings,CN=Server1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my_domain,DC=
local
         Role PDC Owner = CN=NTDS 
 
Settings,CN=Server1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my_domain,DC=
local
         Role Rid Owner = CN=NTDS 
 
Settings,CN=Server1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my_domain,DC=
local
         Role Infrastructure Update Owner = CN=NTDS 
 
Settings,CN=Server1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my_domain,DC=
local
         ......................... Server1 passed test KnowsOfRoleHolders
      Starting test: RidManager
         * Available RID Pool for the Domain is 2338 to 1073741823
         * Server1.my_domain.local is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 1838 to 2337
         * rIDNextRID: 1957
         * rIDPreviousAllocationPool is 1838 to 2337
         ......................... Server1 passed test RidManager
      Starting test: MachineAccount
         * SPN found :LDAP/Server1.my_domain.local/my_domain.local
         * SPN found :LDAP/Server1.my_domain.local
         * SPN found :LDAP/Server1
         * SPN found :LDAP/Server1.my_domain.local/my_domain
         * SPN found 
 :LDAP/e5985fa8-d13c-45c8-b28a-afa42e6757a5._msdcs.my_domain.local
         * SPN found 
 
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/e5985fa8-d13c-45c8-b28a-afa42e6757a5/my_domain.local
         * SPN found :HOST/Server1.my_domain.local/my_domain.local
         * SPN found :HOST/Server1.my_domain.local
         * SPN found :HOST/Server1
         * SPN found :HOST/Server1.my_domain.local/my_domain
         * SPN found :GC/Server1.my_domain.local/my_domain.local
         ......................... Server1 passed test MachineAccount
      Starting test: Services
         * Checking Service: Dnscache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: RpcSs
         * Checking Service: RPCLOCATOR
         * Checking Service: w32time
         * Checking Service: TrkWks
         * Checking Service: TrkSvr
         * Checking Service: NETLOGON
         * Checking Service: Dnscache
            Could not open IISADMIN Service on [Server1]:failed with 1060: 
 The specified service does not exist as an installed service.
         * Checking Service: NtFrs
            Could not open SMTPSVC Service on [Server1]:failed with 1060: 
 The specified service does not exist as an installed service.
         ......................... Server1 failed test Services
      Starting test: OutboundSecureChannels
         * The Outbound Secure Channels test
         ** Did not run Outbound Secure Channels test
         because /testdomain: was not entered
         ......................... Server1 passed test 
 OutboundSecureChannels
      Starting test: ObjectsReplicated
         Server1 is in domain DC=my_domain,DC=local
         Checking for CN=Server1,OU=Domain Controllers,DC=my_domain,DC=local 
 in domain DC=my_domain,DC=local on 1 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS 
 
Settings,CN=Server1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my_domain,DC=
local 
 in domain CN=Configuration,DC=my_domain,DC=local on 1 servers
            Object is up-to-date on all servers.
         ......................... Server1 passed test ObjectsReplicated
      Starting test: frssysvol
         * The File Replication Service Event log test
         The SYSVOL has been shared, and the AD is no longer
         prevented from starting by the File Replication Service.
         ......................... Server1 passed test frssysvol
      Starting test: kccevent
         * The KCC Event log test
         An Warning Event occured.  EventID: 0x800004F1
            Time Generated: 09/11/2006   08:39:42
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x800004F1
            Time Generated: 09/11/2006   08:39:42
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x800004F1
            Time Generated: 09/11/2006   08:39:42
            (Event String could not be retrieved)
         ......................... Server1 failed test kccevent
      Starting test: systemlog
         * The System Event log test
         Found no errors in System Event log in the last 60 minutes.
         ......................... Server1 passed test systemlog
 
   Running enterprise tests on : my_domain.local
      Starting test: Intersite
         Skipping site Default-First-Site-Name, this site is outside the 
 scope
 
         provided by the command line arguments provided.
         ......................... my_domain.local passed test Intersite
      Starting test: FsmoCheck
         GC Name: \\Server1.my_domain.local
         Locator Flags: 0xe00001fd
         PDC Name: \\Server1.my_domain.local
         Locator Flags: 0xe00001fd
         Time Server Name: \\Server1.my_domain.local
         Locator Flags: 0xe00001fd
         Preferred Time Server Name: \\Server1.my_domain.local
         Locator Flags: 0xe00001fd
         KDC Name: \\Server1.my_domain.local
         Locator Flags: 0xe00001fd
         ......................... my_domain.local passed test FsmoCheck
 
 
Settings,CN=Server1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my_domain,DC=
local
         Role Domain Owner = CN=NTDS 
 
Settings,CN=Server1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my_domain,DC=
local
         Role PDC Owner = CN=NTDS 
 
Settings,CN=Server1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my_domain,DC=
local
         Role Rid Owner = CN=NTDS 
 
Settings,CN=Server1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my_domain,DC=
local
         Role Infrastructure Update Owner = CN=NTDS 
 
Settings,CN=Server1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my_domain,DC=
local
         ......................... Server2 passed test KnowsOfRoleHolders
      Starting test: RidManager
         * Available RID Pool for the Domain is 2338 to 1073741823
         * Server1.my_domain.local is the RID Master
         * DsBind with RID Master was successful
         Warning: attribute rIdSetReferences missing from 
 CN=Server2,OU=Domain Controllers,DC=my_domain,DC=local
         Could not get Rid set Reference :failed with 8481: The search 
 failed to retrieve attributes from the database.
         ......................... Server2 failed test RidManager
      Starting test: MachineAccount
         Checking machine account for DC Server2 on DC Server2.
         Warning:  Attribute userAccountControl of Server2 is: 0x82020 = ( 
 UF_PASSWD_NOTREQD | UF_SERVER_TRUST_ACCOUNT | UF_TRUSTED_FOR_DELEGATION )
         Typical setting for a DC is 0x82000 = ( UF_SERVER_TRUST_ACCOUNT | 
 UF_TRUSTED_FOR_DELEGATION )
         This may be affecting replication?
         * SPN found :LDAP/Server2.my_domain.local/my_domain.local
         * SPN found :LDAP/Server2.my_domain.local
         * SPN found :LDAP/Server2
         * SPN found :LDAP/Server2.my_domain.local/my_domain
         * SPN found 
 :LDAP/48fa3212-a8b8-4180-b29d-8aa18d7ae26a._msdcs.my_domain.local
         * SPN found 
 
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/48fa3212-a8b8-4180-b29d-8aa18d7ae26a/my_domain.local
         * SPN found :HOST/Server2.my_domain.local/my_domain.local
         * SPN found :HOST/Server2.my_domain.local
         * SPN found :HOST/Server2
         * SPN found :HOST/Server2.my_domain.local/my_domain
         * SPN found :GC/Server2.my_domain.local/my_domain.local
         ......................... Server2 passed test MachineAccount
      Starting test: Services
         * Checking Service: Dnscache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: RpcSs
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... Server2 passed test Services
      Starting test: OutboundSecureChannels
         * The Outbound Secure Channels test
         ** Did not run Outbound Secure Channels test
         because /testdomain: was not entered
         ......................... Server2 passed test 
 OutboundSecureChannels
      Starting test: ObjectsReplicated
         Server2 is in domain DC=my_domain,DC=local
         Checking for CN=Server2,OU=Domain Controllers,DC=my_domain,DC=local 
 in domain DC=my_domain,DC=local on 1 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS 
 
Settings,CN=Server2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my_domain,DC=
local 
 in domain CN=Configuration,DC=my_domain,DC=local on 1 servers
            Object is up-to-date on all servers.
         ......................... Server2 passed test ObjectsReplicated
      Starting test: frssysvol
         * The File Replication Service SYSVOL ready test
         The registry lookup failed to determine the state of the SYSVOL.  
 The
 
         error returned  was 0 (The operation completed successfully.).  
 Check
 
         the FRS event log to see if the SYSVOL has successfully been 
 shared.
         ......................... Server2 passed test frssysvol
      Starting test: frsevent
         * The File Replication Service Event log test
......................... Server2 passed test frsevent
      Starting test: kccevent
         * The KCC Event log test
         An Warning Event occured.  EventID: 0x80250828
            Time Generated: 09/11/2006   08:35:51
            (Event String could not be retrieved)
......................... Server2 failed test kccevent
      Starting test: systemlog
         * The System Event log test
         An Error Event occured.  EventID: 0x00000423
            Time Generated: 09/11/2006   08:04:41
            Event String: The DHCP service failed to see a directory server
 
 for authorization.
****************** about 30 repeated 0x0000168E errors deleted to allow port
         An Error Event occured.  EventID: 0x0000168E
            Time Generated: 09/11/2006   08:39:44
            Event String: The dynamic registration of the DNS record
 
 '_kpasswd._udp.my_domain.local. 600 IN SRV 0 100 464 
 Server2.my_domain.local.'
 
 failed on the following DNS server:
 
 
 
 DNS server IP address: 192.168.1.10
 
 Returned Response Code (RCODE): 5
 
 Returned Status Code: 9017
 
 
 
 For computers and users to locate this domain
 
 controller, this record must be registered in
 
 DNS.
 
 
 
 USER ACTION
 
 Determine what might have caused this failure,
 
 resolve the problem, and initiate registration of
 
 the DNS records by the domain controller. To
 
 determine what might have caused this failure,
 
 run DCDiag.exe. You can find this program on the
 
 Windows Server 2003 installation CD in
 
 Support\Tools\support.cab. To learn more about
 
 DCDiag.exe, see Help and Support Center. To
 
 initiate registration of the DNS records by  this
 
 domain controller, run 'nltest.exe /dsregdns'
 
 from the command prompt on the domain  controller
 
 or restart Net Logon service. Nltest.exe is
 
 available in the Microsoft Windows  Server
 
 Resource Kit CD.
 
  Or, you can manually add this record to DNS,
 
 but it is not recommended.
 
 
 ELETEDITIONAL DATA
 
 Error Value: %%9017
******************* End Deleted Group
        An Error Event occured.  EventID: 0x40000004
            Time Generated: 09/11/2006   08:41:22
            Event String: The kerberos client received a
 
 KRB_AP_ERR_MODIFIED error from the server
 
 host/Server2.my_domain.local.  The target
 
 name used was
 
 LDAP/48fa3212-a8b8-4180-b29d-8aa18d7ae26a._msdcs.my_domain.local.
 
 This indicates that the password used to encrypt
 
 the kerberos service ticket is different than
 
 that on the target server. Commonly, this is due
 
 to identically named  machine accounts in the
 
 target realm (my_domain.LOCAL), and the client
 
 realm.   Please contact your system
 
 administrator.
         An Error Event occured.  EventID: 0xC0002719
            Time Generated: 09/11/2006   08:41:27
            (Event String could not be retrieved)
         ......................... Server2 failed test systemlog
      Starting test: VerifyReplicas
         ......................... Server2 passed test VerifyReplicas
      Starting test: VerifyReferences
         The system object reference (serverReference)
 
         CN=Server2,OU=Domain Controllers,DC=my_domain,DC=local and
 
         backlink on
 
         
 
CN=Server2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my_domain,DC=local
 
         are correct.
         Some objects relating to the DC Server2 have problems:
            [1] Problem: Missing Expected Value
 
             Base Object:
 
            CN=Server2,OU=Domain Controllers,DC=my_domain,DC=local
 
             Base Object Description: "DC Account Object"
 
             Value Object Attribute Name: frsComputerReferenceBL
 
             Value Object Description: "SYSVOL FRS Member Object"
 
             Recommended Action: See Knowledge Base Article: Q312862
 
 
            [1] Problem: Missing Expected Value
 
             Base Object:
 
            CN=NTDS 
 
Settings,CN=Server2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my_domain,DC=
local
 
             Base Object Description: "DSA Object"
 
             Value Object Attribute Name: serverReferenceBL
 
             Value Object Description: "SYSVOL FRS Member Object"
 
             Recommended Action: See Knowledge Base Article: Q312862
 
 
         ......................... Server2 failed test VerifyReferences
      Starting test: VerifyEnterpriseReferences
         The following problems were found while verifying various important 
 DN
 
         references.  Note, that  these problems can be reported because of
 
         latency in replication.  So follow up to resolve the following
 
         problems, only if the same problem is reported on all DCs for a 
 given
 
         domain or if  the problem persists after replication has had
 
         reasonable time to replicate changes.
            [1] Problem: Missing Expected Value
 
             Base Object:
 
            CN=Server2,OU=Domain Controllers,DC=my_domain,DC=local
 
             Base Object Description: "DC Account Object"
 
             Value Object Attribute Name: frsComputerReferenceBL
 
             Value Object Description: "SYSVOL FRS Member Object"
 
             Recommended Action: See Knowledge Base Article: Q312862
 
 
         ......................... Server2 failed test 
 VerifyEnterpriseReferences
      Starting test: CheckSecurityError
         * Dr Auth:  Beginning security errors check!
         Found KDC Server1 for domain my_domain.local in site 
 Default-First-Site-Name
         Checking machine account for DC Server2 on DC Server1.
         * Missing SPN :LDAP/Server2.my_domain.local/my_domain.local
         * Missing SPN :LDAP/Server2.my_domain.local
         * Missing SPN :LDAP/Server2
         * Missing SPN :LDAP/Server2.my_domain.local/my_domain
         * Missing SPN 
 :LDAP/48fa3212-a8b8-4180-b29d-8aa18d7ae26a._msdcs.my_domain.local
         * SPN found 
 
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/48fa3212-a8b8-4180-b29d-8aa18d7ae26a/my_domain.local
         * Missing SPN :HOST/Server2.my_domain.local/my_domain.local
         * Missing SPN :HOST/Server2.my_domain.local
         * Missing SPN :HOST/Server2
         * Missing SPN :HOST/Server2.my_domain.local/my_domain
         * Missing SPN :GC/Server2.my_domain.local/my_domain.local
         Unable to verify the machine account (CN=Server2,OU=Domain 
 Controllers,DC=my_domain,DC=local) for Server2 on Server1.
         Source DC Server1 has possible security error (5).  Diagnosing...
               Found KDC Server1 for domain my_domain.local in site 
 Default-First-Site-Name
               Checking time skew between servers:
               Server1
               Server2
               Time is in sync:  0 seconds different.
               Checking machine account for DC Server1 on DC Server1.
               * SPN found :LDAP/Server1.my_domain.local/my_domain.local
               * SPN found :LDAP/Server1.my_domain.local
               * SPN found :LDAP/Server1
               * SPN found :LDAP/Server1.my_domain.local/my_domain
               * SPN found 
 :LDAP/e5985fa8-d13c-45c8-b28a-afa42e6757a5._msdcs.my_domain.local
               * SPN found 
 
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/e5985fa8-d13c-45c8-b28a-afa42e6757a5/my_domain.local
               * SPN found :HOST/Server1.my_domain.local/my_domain.local
               * SPN found :HOST/Server1.my_domain.local
               * SPN found :HOST/Server1
               * SPN found :HOST/Server1.my_domain.local/my_domain
               * SPN found :GC/Server1.my_domain.local/my_domain.local
* Security Permissions check for all NC's on DC Server1.
               * Security Permissions Check for
                 CN=Schema,CN=Configuration,DC=my_domain,DC=local
                  (Schema,Version 2)
               * Security Permissions Check for
                 CN=Configuration,DC=my_domain,DC=local
                  (Configuration,Version 2)
               * Security Permissions Check for
                 DC=my_domain,DC=local
                  (Domain,Version 2)
               * Network Logons Privileges Check
               Verified share \\Server1\netlogon
               Verified share \\Server1\sysvol
               Checking for CN=Server1,OU=Domain 
 Controllers,DC=my_domain,DC=local in domain DC=my_domain,DC=local on 2 
 servers
                  Object is up-to-date on all servers.
               [Server1] Unable to diagnose problem for this source.  See 
 any errors reported in attempting tests.
         ......................... Server2 passed test CheckSecurityError
 
 DNS Tests are running and not hung. Please wait a few minutes...
 
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
 
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test 
 CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
 
   Running partition tests on : my_domain
      Starting test: CrossRefValidation
         ......................... my_domain passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... my_domain passed test CheckSDRefDom
 
   Running enterprise tests on : my_domain.local
      Starting test: Intersite
         Skipping site Default-First-Site-Name, this site is outside the 
 scope
 
         provided by the command line arguments provided.
         ......................... my_domain.local passed test Intersite
      Starting test: FsmoCheck
         GC Name: \\Server1.my_domain.local
         Locator Flags: 0xe00001fd
         PDC Name: \\Server1.my_domain.local
         Locator Flags: 0xe00001fd
         Time Server Name: \\Server1.my_domain.local
         Locator Flags: 0xe00001fd
         Preferred Time Server Name: \\Server1.my_domain.local
         Locator Flags: 0xe00001fd
         KDC Name: \\Server1.my_domain.local
         Locator Flags: 0xe00001fd
         ......................... my_domain.local passed test FsmoCheck
      Starting test: DNS
         Test results for domain controllers:
 
            DC: Server2.my_domain.local
            Domain: my_domain.local
 
 
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
 
               TEST: Basic (Basc)
                   Microsoft(R) Windows(R) Server 2003, Standard Edition 
 (Service Pack level: 1.0) is supported
                  NETLOGON service is running
                  kdc service is running
                  DNSCACHE service is running
                  DNS service is running
                  DC is a DNS server
                  Network adapters information:
                  Adapter [00000007] Intel(R) PRO/1000 MT Network 
 Connection:
                     MAC address is 00:13:72:F9:4C:33
                     IP address is static
                     IP address: 192.168.1.11
                     DNS servers:
                        192.168.1.10 (<name unavailable) [Valid]
                        Warning: 206.13.28.12 (<name unavailable) [Invalid]
                  The A record for this DC was found
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found 
 (secondary)
                  Root zone on this DC/DNS server was not found
 
               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders are not configured on this DNS server
                  Root hint Information:
                     Name: a.root-servers.net. IP: 198.41.0.4 [Invalid]
                     Name: b.root-servers.net. IP: 192.228.79.201 [Invalid]
                     Name: c.root-servers.net. IP: 192.33.4.12 [Invalid]
                     Name: d.root-servers.net. IP: 128.8.10.90 [Invalid]
                     Name: e.root-servers.net. IP: 192.203.230.10 [Invalid]
                     Name: f.root-servers.net. IP: 192.5.5.241 [Invalid]
                     Name: g.root-servers.net. IP: 192.112.36.4 [Invalid]
                     Name: h.root-servers.net. IP: 128.63.2.53 [Invalid]
                     Name: i.root-servers.net. IP: 192.36.148.17 [Invalid]
                     Name: j.root-servers.net. IP: 192.58.128.30 [Invalid]
                     Name: k.root-servers.net. IP: 193.0.14.129 [Invalid]
                     Name: l.root-servers.net. IP: 198.32.64.12 [Invalid]
                     Name: m.root-servers.net. IP: 202.12.27.33 [Invalid]
 
               TEST: Delegations (Del)
                  No delegations were found in this zone on this DNS server
 
               TEST: Dynamic update (Dyn)
                  Dynamic Update tests are skipped since my_domain.local
                  is a secondary zone. DNS Record updates can't happen on 
 the secondary zones
 
               TEST: Records registration (RReg)
                  Network Adapter [00000007] Intel(R) PRO/1000 MT Network 
 Connection:
                     Matching A record found at DNS server 192.168.1.10:
                     Server2.my_domain.local
 
                     Matching CNAME record found at DNS server 192.168.1.10:
                     
 48fa3212-a8b8-4180-b29d-8aa18d7ae26a._msdcs.my_domain.local
 
                     Warning: Missing DC SRV record at DNS server 
 192.168.1.10 :
                     _ldap._tcp.dc._msdcs.my_domain.local
                     (Ignore the error if DNSAvoidRegisterRecord registry 
 key or its Group Policy
                     has been configured to prevent registration of this 
 Record.)
 
               Error: Record registrations cannot be found for all the 
 network adapters
 
         Summary of test results for DNS servers used by the above domain 
 controllers:
 
            DNS server: 128.63.2.53 (h.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 
 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53
               [Error details: 9003 (Type: Win32 - Description: DNS name 
 does not exist.)]
 
            DNS server: 128.8.10.90 (d.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 
 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90
               [Error details: 9003 (Type: Win32 - Description: DNS name 
 does not exist.)]
 
            DNS server: 192.112.36.4 (g.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 
 1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4
               [Error details: 9002 (Type: Win32 - Description: DNS server 
 failure.)]
 
            DNS server: 192.203.230.10 (e.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 
 1.0.0.127.in-addr.arpa. failed on the DNS server 192.203.230.10
               [Error details: 9003 (Type: Win32 - Description: DNS name 
 does not exist.)]
 
            DNS server: 192.228.79.201 (b.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 
 1.0.0.127.in-addr.arpa. failed on the DNS server 192.228.79.201
               [Error details: 9003 (Type: Win32 - Description: DNS name 
 does not exist.)]
 
            DNS server: 192.33.4.12 (c.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 
 1.0.0.127.in-addr.arpa. failed on the DNS server 192.33.4.12
               [Error details: 9003 (Type: Win32 - Description: DNS name 
 does not exist.)]
 
            DNS server: 192.36.148.17 (i.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 
 1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17
               [Error details: 9003 (Type: Win32 - Description: DNS name 
 does not exist.)]
 
            DNS server: 192.5.5.241 (f.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 
 1.0.0.127.in-addr.arpa. failed on the DNS server 192.5.5.241
               [Error details: 9003 (Type: Win32 - Description: DNS name 
 does not exist.)]
 
            DNS server: 192.58.128.30 (j.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 
 1.0.0.127.in-addr.arpa. failed on the DNS server 192.58.128.30
               [Error details: 9002 (Type: Win32 - Description: DNS server 
 failure.)]
 
            DNS server: 193.0.14.129 (k.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 
 1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129
               [Error details: 9003 (Type: Win32 - Description: DNS name 
 does not exist.)]
 
            DNS server: 198.32.64.12 (l.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 
 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12
               [Error details: 9003 (Type: Win32 - Description: DNS name 
 does not exist.)]
 
            DNS server: 198.41.0.4 (a.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 
 1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4
               [Error details: 9003 (Type: Win32 - Description: DNS name 
 does not exist.)]
 
            DNS server: 202.12.27.33 (m.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 
 1.0.0.127.in-addr.arpa. failed on the DNS server 202.12.27.33
               [Error details: 9003 (Type: Win32 - Description: DNS name 
 does not exist.)]
 
            DNS server: 206.13.28.12 (<name unavailable)
               1 test failure on this DNS server
               This is a valid DNS server.
               Name resolution is not functional. 
 _ldap._tcp.my_domain.local. failed on the DNS server 206.13.28.12
               [Error details: 9003 (Type: Win32 - Description: DNS name 
 does not exist.)]
 
            DNS server: 192.168.1.10 (<name unavailable)
               All tests passed on this DNS server
               This is a valid DNS server.
               Name resolution is funtional. _ldap._tcp SRV record for the 
 forest root domain is registered
 
         Summary of DNS test results:
 
                                            Auth Basc Forw Del  Dyn  RReg 
 Ext
               
 ________________________________________________________________
            Domain: my_domain.local
               Server2              PASS WARN FAIL PASS n/a  FAIL n/a
 
         ......................... my_domain.local failed test DNS
 
-- 
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"noob admin" <noob...@discussions.microsoft.com> wrote in message 
news:63167432-0950-4E45...@microsoft.com...
-- 
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"noob admin" <noob...@discussions.microsoft.com> wrote in message 
news:1C1F609E-D354-417D...@microsoft.com...
The customer is paraniod about their identity.
the real names are like xxx_nt_server and yyy_2k3_server.
 They can share drives and such, just no AD. Also, I confirned that
the SMTP service was not installed on either. The first listing blows 
out in NtFRS at that point.
Thanks,
RobV.
-- 
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"noob admin" <noob...@discussions.microsoft.com> wrote in message 
news:18C61AE3-6646-4DF4...@microsoft.com...
	Host Name . . . . . . . . . . . . : xxx_nt_server
	Primary DNS Suffix  . . . . . . . : xxx_dom.local
	Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
Windows IP Configuration
Host Name . . . . . . . . . . . . : yyy_w2k3_server
Primary Dns Suffix . . . . . . . : xxx_dom.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : xxx_dom.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-13-72-F9-4C-33
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.11
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
DNS Servers . . . . . . . . . . . : 192.168.1.10
206.13.28.12
	WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : xxx_dom.local
Ethernet adapter Local Area Connection 3:
Media State . . . . . . . . . . . : Cable Disconnected
	Description . . . . . . . . . . . : HP NetServer 10/100TX PCI LAN Adapter
	Physical Address. . . . . . . . . : 00-D0-B7-20-19-67
Ethernet adapter Local Area Connection:
	Connection-specific DNS Suffix  . : 
	Description . . . . . . . . . . . : HP NC7760 Gigabit Server Adapter
	Physical Address. . . . . . . . . : 00-0B-CD-4E-E9-17
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
	DNS Servers . . . . . . . . . . . : 192.168.1.10
	                                    207.215.92.4
	                                    207.105.189.2
 
 Where do I change the kerberos passwords to what I want them to be
on both machines.
 Installing SMTP service on server1 cleared up the NtFRS test, but outbound
channels failed still..
If you want to replace the values not to show the real names make sure that 
you do it correctly DON'T CHANGE THE STRUCTURE.
If your server is:
dc01.addomain.local replace by Server01.mydomain.local
mantain the exact structure please DON'T CHANGE THE STRUCTURE this is 
important to see if DNS is OK.
You send:
 xxx_nt_server.xxx_dom.local
then you have
yyy_w2k3_server.xxx_dom.local
then you have 3 different NIC configuration, which one is which?
Ok.
-Now, Sounds like that 192.168.1.10 is your DNS server is this correct?
-I Also see that you have a Multihimed DC, This isn't recommended. Check if 
the DNS is listening in the correct ipaddress (192.168.1.10). It would be 
better to disable the RRAS server on that DC and the Public NIC.
-Check if the DNS server Zone allows dynamic updates in the DNS zone.
-On the DNS server Run netdiag /fix (install support tools first)
-Go to the server 192.168.1.11 and run ipconfig /registerdns, and verify 
that the record was created in the DNS server.
-REMOVE the ISP DNS Servers from DNS properties in both servers.
FOR DNS CONFIGURATION:
Assuming DNS AD Integrated Zone
-Make sure that each DNS server points to itself under NIC preferred DNS. If 
the Server IP-Address is 192.168.0.1 then the preferred DNS should also be 
192.168.0.1.
-When Adding Additional DCs to an existent Domain, and if you want to make 
it a DNS server, Install DNS service, make sure that the server (the 
additional DC) points to the existent DNS DC under NIC preferred DNS, then 
run Dcpromo, wait or force replication (this can take a awhile), then check 
on DNS console, and if the DNS zone is already transferred, then point the 
additional DC to itself again.
- Clients: Make sure that the clients only use their local available DNS 
server(s) on their NIC DNS configuration. Do not place the ISP DNS server or 
any other DNS on the client or DNS Server NIC properties, this is a common 
mistake. The clients should use their local DNS server to resolve all 
queries. It's up to the local DNS server to handle the Internet resolution 
as any other Zone that the DNS is not authoritative for. Check the link for 
configuring DNS for Internet resolution.
Note: The DNS client does not utilize each of the DNS servers listed in 
TCP/IP configuration for each query. By default, on startup the DNS client 
will attempt to utilize the server in the Preferred DNS server entry. If 
this server FAILS to respond for any reason, the DNS client will switch to 
the server listed in the alternate DNS server entry. The DNS client will 
continue to use this alternate DNS server.
Best practices for DNS client settings in Windows 2000 Server and in Windows 
Server 2003
http://support.microsoft.com/kb/825036/en-us
How to configure DNS for Internet access in Windows Server 2003
http://support.microsoft.com/kb/323380/
-- 
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"noob admin" <noob...@discussions.microsoft.com> wrote in message 
news:02529ED6-30C7-4742...@microsoft.com...
 This environment is too hosed. It has been decided to end this hairball
and just add the users to the server, cut over from the old server
and turn it off.
5 days, no results.. enough.
Thanks for all your help.
Sincerely,
RobV.
Thanks for replying..
 No, there are two seperate machines, none of which is actively multi homed.
(the extra NIC's are disabled).
 the x's and y's are because the company's initials are part of the hostnames.
(not my call)
I'm very sorry if that caused you any grief. Please accept my apologies.
 The first machine xxx is (was) the only DC until the client bought a new
Dell , and Windows 2003 Server from my company.
 I followed the docs for adding a W2k3 server to a w2k DC domain to the
letter. The fact is the old machine had never been properly installed, and
folks had messed with the Registry in places I'm still finding out about.
f.y.i: 206.13.28.12 is Pac-Bell DNS. I just searched and the 207's point to 
the
former maint company servers, NOT to the client's ISP.. Nice guys.
 I might be able to slip in one more try at it, and thanks for the play by 
play
for future reference. Otherwise, we're just going to build it from the ground
up and unplug the heap of slag the "other guys" left us.
Sincerely,
RobV.