On the 2000 DC I did run:
adprep / forrestprep
adprep / domainprep
adprep / domainprep /gpprep
and had no errors.
I'm using the "Configure Your Server" panel and already had to pull the
2003 server out manually once. This involved both demoting it at itself, and
also using the support tools on the 2000 DC.
(you know when you have it out, because only then can you put it back)
I put it back, and now have a 1/2 installed AD, that can login users, assign
folder perms, but still no SYSVOL, lots of Access Denied Kerberos errors
even though dcdiag says that's not the problem.
I've tried everything in the forums, to no avail.
Two questions I guess.
1) Do I have to raise the 2000 server to native mode before I get a good
automatic replication? (Currently it's in mixed mode).
2) Can I manually force the copy from the old to the new, just to get the
full AD, and then turn off the old box.?
(and do a clean up on the new box as we did on the old one).?
Any clues appreciated.
RobV.
also post event IDs with warning/errors
answers:
(1) no
(2) replication is not working and that has a reason which must be solved
first
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Windows Server - Directory Services
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"noob admin" <noob...@discussions.microsoft.com> wrote in message
news:F2014B64-841A-48B9...@microsoft.com...
I'll have access to the server by 8:00am PST tomorrow( 9/11/06),
and I'll post the dcdiag output.
Sincerely,
RobV.
> 2) Can I manually force the copy from the old to the new, just to get the
> full AD, and then turn off the old box.?
> (and do a clean up on the new box as we did on the old one).?
If you're referring to manually remove the old DC from network, I would
reconsider that because the problems probably don't go away by removing the
old server, your problem sounds more like a configuration problem (DNS for
example), so I would fix these problems first then if you want, remove the
server using Dcpromo.
--
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"noob admin" <noob...@discussions.microsoft.com> wrote in message
news:F2014B64-841A-48B9...@microsoft.com...
send me your email address at rvan...@hotmail.com and
I'll send back the output.
Sincerely,
RobV.
"Jorge de Almeida Pinto [MVP - DS]" wrote:
Settings,CN=Server1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my_domain,DC=
local
Role Domain Owner = CN=NTDS
Settings,CN=Server1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my_domain,DC=
local
Role PDC Owner = CN=NTDS
Settings,CN=Server1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my_domain,DC=
local
Role Rid Owner = CN=NTDS
Settings,CN=Server1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my_domain,DC=
local
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=Server1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my_domain,DC=
local
......................... Server1 passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2338 to 1073741823
* Server1.my_domain.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1838 to 2337
* rIDNextRID: 1957
* rIDPreviousAllocationPool is 1838 to 2337
......................... Server1 passed test RidManager
Starting test: MachineAccount
* SPN found :LDAP/Server1.my_domain.local/my_domain.local
* SPN found :LDAP/Server1.my_domain.local
* SPN found :LDAP/Server1
* SPN found :LDAP/Server1.my_domain.local/my_domain
* SPN found
:LDAP/e5985fa8-d13c-45c8-b28a-afa42e6757a5._msdcs.my_domain.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/e5985fa8-d13c-45c8-b28a-afa42e6757a5/my_domain.local
* SPN found :HOST/Server1.my_domain.local/my_domain.local
* SPN found :HOST/Server1.my_domain.local
* SPN found :HOST/Server1
* SPN found :HOST/Server1.my_domain.local/my_domain
* SPN found :GC/Server1.my_domain.local/my_domain.local
......................... Server1 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: RPCLOCATOR
* Checking Service: w32time
* Checking Service: TrkWks
* Checking Service: TrkSvr
* Checking Service: NETLOGON
* Checking Service: Dnscache
Could not open IISADMIN Service on [Server1]:failed with 1060:
The specified service does not exist as an installed service.
* Checking Service: NtFrs
Could not open SMTPSVC Service on [Server1]:failed with 1060:
The specified service does not exist as an installed service.
......................... Server1 failed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... Server1 passed test
OutboundSecureChannels
Starting test: ObjectsReplicated
Server1 is in domain DC=my_domain,DC=local
Checking for CN=Server1,OU=Domain Controllers,DC=my_domain,DC=local
in domain DC=my_domain,DC=local on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=Server1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my_domain,DC=
local
in domain CN=Configuration,DC=my_domain,DC=local on 1 servers
Object is up-to-date on all servers.
......................... Server1 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service Event log test
The SYSVOL has been shared, and the AD is no longer
prevented from starting by the File Replication Service.
......................... Server1 passed test frssysvol
Starting test: kccevent
* The KCC Event log test
An Warning Event occured. EventID: 0x800004F1
Time Generated: 09/11/2006 08:39:42
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800004F1
Time Generated: 09/11/2006 08:39:42
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800004F1
Time Generated: 09/11/2006 08:39:42
(Event String could not be retrieved)
......................... Server1 failed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... Server1 passed test systemlog
Running enterprise tests on : my_domain.local
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the
scope
provided by the command line arguments provided.
......................... my_domain.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\Server1.my_domain.local
Locator Flags: 0xe00001fd
PDC Name: \\Server1.my_domain.local
Locator Flags: 0xe00001fd
Time Server Name: \\Server1.my_domain.local
Locator Flags: 0xe00001fd
Preferred Time Server Name: \\Server1.my_domain.local
Locator Flags: 0xe00001fd
KDC Name: \\Server1.my_domain.local
Locator Flags: 0xe00001fd
......................... my_domain.local passed test FsmoCheck
Settings,CN=Server1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my_domain,DC=
local
Role Domain Owner = CN=NTDS
Settings,CN=Server1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my_domain,DC=
local
Role PDC Owner = CN=NTDS
Settings,CN=Server1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my_domain,DC=
local
Role Rid Owner = CN=NTDS
Settings,CN=Server1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my_domain,DC=
local
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=Server1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my_domain,DC=
local
......................... Server2 passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2338 to 1073741823
* Server1.my_domain.local is the RID Master
* DsBind with RID Master was successful
Warning: attribute rIdSetReferences missing from
CN=Server2,OU=Domain Controllers,DC=my_domain,DC=local
Could not get Rid set Reference :failed with 8481: The search
failed to retrieve attributes from the database.
......................... Server2 failed test RidManager
Starting test: MachineAccount
Checking machine account for DC Server2 on DC Server2.
Warning: Attribute userAccountControl of Server2 is: 0x82020 = (
UF_PASSWD_NOTREQD | UF_SERVER_TRUST_ACCOUNT | UF_TRUSTED_FOR_DELEGATION )
Typical setting for a DC is 0x82000 = ( UF_SERVER_TRUST_ACCOUNT |
UF_TRUSTED_FOR_DELEGATION )
This may be affecting replication?
* SPN found :LDAP/Server2.my_domain.local/my_domain.local
* SPN found :LDAP/Server2.my_domain.local
* SPN found :LDAP/Server2
* SPN found :LDAP/Server2.my_domain.local/my_domain
* SPN found
:LDAP/48fa3212-a8b8-4180-b29d-8aa18d7ae26a._msdcs.my_domain.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/48fa3212-a8b8-4180-b29d-8aa18d7ae26a/my_domain.local
* SPN found :HOST/Server2.my_domain.local/my_domain.local
* SPN found :HOST/Server2.my_domain.local
* SPN found :HOST/Server2
* SPN found :HOST/Server2.my_domain.local/my_domain
* SPN found :GC/Server2.my_domain.local/my_domain.local
......................... Server2 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... Server2 passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... Server2 passed test
OutboundSecureChannels
Starting test: ObjectsReplicated
Server2 is in domain DC=my_domain,DC=local
Checking for CN=Server2,OU=Domain Controllers,DC=my_domain,DC=local
in domain DC=my_domain,DC=local on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=Server2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my_domain,DC=
local
in domain CN=Configuration,DC=my_domain,DC=local on 1 servers
Object is up-to-date on all servers.
......................... Server2 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
The registry lookup failed to determine the state of the SYSVOL.
The
error returned was 0 (The operation completed successfully.).
Check
the FRS event log to see if the SYSVOL has successfully been
shared.
......................... Server2 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... Server2 passed test frsevent
Starting test: kccevent
* The KCC Event log test
An Warning Event occured. EventID: 0x80250828
Time Generated: 09/11/2006 08:35:51
(Event String could not be retrieved)
......................... Server2 failed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0x00000423
Time Generated: 09/11/2006 08:04:41
Event String: The DHCP service failed to see a directory server
for authorization.
****************** about 30 repeated 0x0000168E errors deleted to allow port
An Error Event occured. EventID: 0x0000168E
Time Generated: 09/11/2006 08:39:44
Event String: The dynamic registration of the DNS record
'_kpasswd._udp.my_domain.local. 600 IN SRV 0 100 464
Server2.my_domain.local.'
failed on the following DNS server:
DNS server IP address: 192.168.1.10
Returned Response Code (RCODE): 5
Returned Status Code: 9017
For computers and users to locate this domain
controller, this record must be registered in
DNS.
USER ACTION
Determine what might have caused this failure,
resolve the problem, and initiate registration of
the DNS records by the domain controller. To
determine what might have caused this failure,
run DCDiag.exe. You can find this program on the
Windows Server 2003 installation CD in
Support\Tools\support.cab. To learn more about
DCDiag.exe, see Help and Support Center. To
initiate registration of the DNS records by this
domain controller, run 'nltest.exe /dsregdns'
from the command prompt on the domain controller
or restart Net Logon service. Nltest.exe is
available in the Microsoft Windows Server
Resource Kit CD.
Or, you can manually add this record to DNS,
but it is not recommended.
ELETEDITIONAL DATA
Error Value: %%9017
******************* End Deleted Group
An Error Event occured. EventID: 0x40000004
Time Generated: 09/11/2006 08:41:22
Event String: The kerberos client received a
KRB_AP_ERR_MODIFIED error from the server
host/Server2.my_domain.local. The target
name used was
LDAP/48fa3212-a8b8-4180-b29d-8aa18d7ae26a._msdcs.my_domain.local.
This indicates that the password used to encrypt
the kerberos service ticket is different than
that on the target server. Commonly, this is due
to identically named machine accounts in the
target realm (my_domain.LOCAL), and the client
realm. Please contact your system
administrator.
An Error Event occured. EventID: 0xC0002719
Time Generated: 09/11/2006 08:41:27
(Event String could not be retrieved)
......................... Server2 failed test systemlog
Starting test: VerifyReplicas
......................... Server2 passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=Server2,OU=Domain Controllers,DC=my_domain,DC=local and
backlink on
CN=Server2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my_domain,DC=local
are correct.
Some objects relating to the DC Server2 have problems:
[1] Problem: Missing Expected Value
Base Object:
CN=Server2,OU=Domain Controllers,DC=my_domain,DC=local
Base Object Description: "DC Account Object"
Value Object Attribute Name: frsComputerReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862
[1] Problem: Missing Expected Value
Base Object:
CN=NTDS
Settings,CN=Server2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my_domain,DC=
local
Base Object Description: "DSA Object"
Value Object Attribute Name: serverReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862
......................... Server2 failed test VerifyReferences
Starting test: VerifyEnterpriseReferences
The following problems were found while verifying various important
DN
references. Note, that these problems can be reported because of
latency in replication. So follow up to resolve the following
problems, only if the same problem is reported on all DCs for a
given
domain or if the problem persists after replication has had
reasonable time to replicate changes.
[1] Problem: Missing Expected Value
Base Object:
CN=Server2,OU=Domain Controllers,DC=my_domain,DC=local
Base Object Description: "DC Account Object"
Value Object Attribute Name: frsComputerReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862
......................... Server2 failed test
VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC Server1 for domain my_domain.local in site
Default-First-Site-Name
Checking machine account for DC Server2 on DC Server1.
* Missing SPN :LDAP/Server2.my_domain.local/my_domain.local
* Missing SPN :LDAP/Server2.my_domain.local
* Missing SPN :LDAP/Server2
* Missing SPN :LDAP/Server2.my_domain.local/my_domain
* Missing SPN
:LDAP/48fa3212-a8b8-4180-b29d-8aa18d7ae26a._msdcs.my_domain.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/48fa3212-a8b8-4180-b29d-8aa18d7ae26a/my_domain.local
* Missing SPN :HOST/Server2.my_domain.local/my_domain.local
* Missing SPN :HOST/Server2.my_domain.local
* Missing SPN :HOST/Server2
* Missing SPN :HOST/Server2.my_domain.local/my_domain
* Missing SPN :GC/Server2.my_domain.local/my_domain.local
Unable to verify the machine account (CN=Server2,OU=Domain
Controllers,DC=my_domain,DC=local) for Server2 on Server1.
Source DC Server1 has possible security error (5). Diagnosing...
Found KDC Server1 for domain my_domain.local in site
Default-First-Site-Name
Checking time skew between servers:
Server1
Server2
Time is in sync: 0 seconds different.
Checking machine account for DC Server1 on DC Server1.
* SPN found :LDAP/Server1.my_domain.local/my_domain.local
* SPN found :LDAP/Server1.my_domain.local
* SPN found :LDAP/Server1
* SPN found :LDAP/Server1.my_domain.local/my_domain
* SPN found
:LDAP/e5985fa8-d13c-45c8-b28a-afa42e6757a5._msdcs.my_domain.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/e5985fa8-d13c-45c8-b28a-afa42e6757a5/my_domain.local
* SPN found :HOST/Server1.my_domain.local/my_domain.local
* SPN found :HOST/Server1.my_domain.local
* SPN found :HOST/Server1
* SPN found :HOST/Server1.my_domain.local/my_domain
* SPN found :GC/Server1.my_domain.local/my_domain.local
* Security Permissions check for all NC's on DC Server1.
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=my_domain,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=my_domain,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=my_domain,DC=local
(Domain,Version 2)
* Network Logons Privileges Check
Verified share \\Server1\netlogon
Verified share \\Server1\sysvol
Checking for CN=Server1,OU=Domain
Controllers,DC=my_domain,DC=local in domain DC=my_domain,DC=local on 2
servers
Object is up-to-date on all servers.
[Server1] Unable to diagnose problem for this source. See
any errors reported in attempting tests.
......................... Server2 passed test CheckSecurityError
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : my_domain
Starting test: CrossRefValidation
......................... my_domain passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... my_domain passed test CheckSDRefDom
Running enterprise tests on : my_domain.local
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the
scope
provided by the command line arguments provided.
......................... my_domain.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\Server1.my_domain.local
Locator Flags: 0xe00001fd
PDC Name: \\Server1.my_domain.local
Locator Flags: 0xe00001fd
Time Server Name: \\Server1.my_domain.local
Locator Flags: 0xe00001fd
Preferred Time Server Name: \\Server1.my_domain.local
Locator Flags: 0xe00001fd
KDC Name: \\Server1.my_domain.local
Locator Flags: 0xe00001fd
......................... my_domain.local passed test FsmoCheck
Starting test: DNS
Test results for domain controllers:
DC: Server2.my_domain.local
Domain: my_domain.local
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
Microsoft(R) Windows(R) Server 2003, Standard Edition
(Service Pack level: 1.0) is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000007] Intel(R) PRO/1000 MT Network
Connection:
MAC address is 00:13:72:F9:4C:33
IP address is static
IP address: 192.168.1.11
DNS servers:
192.168.1.10 (<name unavailable) [Valid]
Warning: 206.13.28.12 (<name unavailable) [Invalid]
The A record for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found
(secondary)
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders are not configured on this DNS server
Root hint Information:
Name: a.root-servers.net. IP: 198.41.0.4 [Invalid]
Name: b.root-servers.net. IP: 192.228.79.201 [Invalid]
Name: c.root-servers.net. IP: 192.33.4.12 [Invalid]
Name: d.root-servers.net. IP: 128.8.10.90 [Invalid]
Name: e.root-servers.net. IP: 192.203.230.10 [Invalid]
Name: f.root-servers.net. IP: 192.5.5.241 [Invalid]
Name: g.root-servers.net. IP: 192.112.36.4 [Invalid]
Name: h.root-servers.net. IP: 128.63.2.53 [Invalid]
Name: i.root-servers.net. IP: 192.36.148.17 [Invalid]
Name: j.root-servers.net. IP: 192.58.128.30 [Invalid]
Name: k.root-servers.net. IP: 193.0.14.129 [Invalid]
Name: l.root-servers.net. IP: 198.32.64.12 [Invalid]
Name: m.root-servers.net. IP: 202.12.27.33 [Invalid]
TEST: Delegations (Del)
No delegations were found in this zone on this DNS server
TEST: Dynamic update (Dyn)
Dynamic Update tests are skipped since my_domain.local
is a secondary zone. DNS Record updates can't happen on
the secondary zones
TEST: Records registration (RReg)
Network Adapter [00000007] Intel(R) PRO/1000 MT Network
Connection:
Matching A record found at DNS server 192.168.1.10:
Server2.my_domain.local
Matching CNAME record found at DNS server 192.168.1.10:
48fa3212-a8b8-4180-b29d-8aa18d7ae26a._msdcs.my_domain.local
Warning: Missing DC SRV record at DNS server
192.168.1.10 :
_ldap._tcp.dc._msdcs.my_domain.local
(Ignore the error if DNSAvoidRegisterRecord registry
key or its Group Policy
has been configured to prevent registration of this
Record.)
Error: Record registrations cannot be found for all the
network adapters
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53
[Error details: 9003 (Type: Win32 - Description: DNS name
does not exist.)]
DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90
[Error details: 9003 (Type: Win32 - Description: DNS name
does not exist.)]
DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4
[Error details: 9002 (Type: Win32 - Description: DNS server
failure.)]
DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.203.230.10
[Error details: 9003 (Type: Win32 - Description: DNS name
does not exist.)]
DNS server: 192.228.79.201 (b.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.228.79.201
[Error details: 9003 (Type: Win32 - Description: DNS name
does not exist.)]
DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.33.4.12
[Error details: 9003 (Type: Win32 - Description: DNS name
does not exist.)]
DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17
[Error details: 9003 (Type: Win32 - Description: DNS name
does not exist.)]
DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.5.5.241
[Error details: 9003 (Type: Win32 - Description: DNS name
does not exist.)]
DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.58.128.30
[Error details: 9002 (Type: Win32 - Description: DNS server
failure.)]
DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129
[Error details: 9003 (Type: Win32 - Description: DNS name
does not exist.)]
DNS server: 198.32.64.12 (l.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12
[Error details: 9003 (Type: Win32 - Description: DNS name
does not exist.)]
DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4
[Error details: 9003 (Type: Win32 - Description: DNS name
does not exist.)]
DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 202.12.27.33
[Error details: 9003 (Type: Win32 - Description: DNS name
does not exist.)]
DNS server: 206.13.28.12 (<name unavailable)
1 test failure on this DNS server
This is a valid DNS server.
Name resolution is not functional.
_ldap._tcp.my_domain.local. failed on the DNS server 206.13.28.12
[Error details: 9003 (Type: Win32 - Description: DNS name
does not exist.)]
DNS server: 192.168.1.10 (<name unavailable)
All tests passed on this DNS server
This is a valid DNS server.
Name resolution is funtional. _ldap._tcp SRV record for the
forest root domain is registered
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg
Ext
________________________________________________________________
Domain: my_domain.local
Server2 PASS WARN FAIL PASS n/a FAIL n/a
......................... my_domain.local failed test DNS
--
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"noob admin" <noob...@discussions.microsoft.com> wrote in message
news:63167432-0950-4E45...@microsoft.com...
--
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"noob admin" <noob...@discussions.microsoft.com> wrote in message
news:1C1F609E-D354-417D...@microsoft.com...
The customer is paraniod about their identity.
the real names are like xxx_nt_server and yyy_2k3_server.
They can share drives and such, just no AD. Also, I confirned that
the SMTP service was not installed on either. The first listing blows
out in NtFRS at that point.
Thanks,
RobV.
--
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"noob admin" <noob...@discussions.microsoft.com> wrote in message
news:18C61AE3-6646-4DF4...@microsoft.com...
Host Name . . . . . . . . . . . . : xxx_nt_server
Primary DNS Suffix . . . . . . . : xxx_dom.local
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
Windows IP Configuration
Host Name . . . . . . . . . . . . : yyy_w2k3_server
Primary Dns Suffix . . . . . . . : xxx_dom.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : xxx_dom.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-13-72-F9-4C-33
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.11
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
DNS Servers . . . . . . . . . . . : 192.168.1.10
206.13.28.12
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : xxx_dom.local
Ethernet adapter Local Area Connection 3:
Media State . . . . . . . . . . . : Cable Disconnected
Description . . . . . . . . . . . : HP NetServer 10/100TX PCI LAN Adapter
Physical Address. . . . . . . . . : 00-D0-B7-20-19-67
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP NC7760 Gigabit Server Adapter
Physical Address. . . . . . . . . : 00-0B-CD-4E-E9-17
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
DNS Servers . . . . . . . . . . . : 192.168.1.10
207.215.92.4
207.105.189.2
Where do I change the kerberos passwords to what I want them to be
on both machines.
Installing SMTP service on server1 cleared up the NtFRS test, but outbound
channels failed still..
If you want to replace the values not to show the real names make sure that
you do it correctly DON'T CHANGE THE STRUCTURE.
If your server is:
dc01.addomain.local replace by Server01.mydomain.local
mantain the exact structure please DON'T CHANGE THE STRUCTURE this is
important to see if DNS is OK.
You send:
xxx_nt_server.xxx_dom.local
then you have
yyy_w2k3_server.xxx_dom.local
then you have 3 different NIC configuration, which one is which?
Ok.
-Now, Sounds like that 192.168.1.10 is your DNS server is this correct?
-I Also see that you have a Multihimed DC, This isn't recommended. Check if
the DNS is listening in the correct ipaddress (192.168.1.10). It would be
better to disable the RRAS server on that DC and the Public NIC.
-Check if the DNS server Zone allows dynamic updates in the DNS zone.
-On the DNS server Run netdiag /fix (install support tools first)
-Go to the server 192.168.1.11 and run ipconfig /registerdns, and verify
that the record was created in the DNS server.
-REMOVE the ISP DNS Servers from DNS properties in both servers.
FOR DNS CONFIGURATION:
Assuming DNS AD Integrated Zone
-Make sure that each DNS server points to itself under NIC preferred DNS. If
the Server IP-Address is 192.168.0.1 then the preferred DNS should also be
192.168.0.1.
-When Adding Additional DCs to an existent Domain, and if you want to make
it a DNS server, Install DNS service, make sure that the server (the
additional DC) points to the existent DNS DC under NIC preferred DNS, then
run Dcpromo, wait or force replication (this can take a awhile), then check
on DNS console, and if the DNS zone is already transferred, then point the
additional DC to itself again.
- Clients: Make sure that the clients only use their local available DNS
server(s) on their NIC DNS configuration. Do not place the ISP DNS server or
any other DNS on the client or DNS Server NIC properties, this is a common
mistake. The clients should use their local DNS server to resolve all
queries. It's up to the local DNS server to handle the Internet resolution
as any other Zone that the DNS is not authoritative for. Check the link for
configuring DNS for Internet resolution.
Note: The DNS client does not utilize each of the DNS servers listed in
TCP/IP configuration for each query. By default, on startup the DNS client
will attempt to utilize the server in the Preferred DNS server entry. If
this server FAILS to respond for any reason, the DNS client will switch to
the server listed in the alternate DNS server entry. The DNS client will
continue to use this alternate DNS server.
Best practices for DNS client settings in Windows 2000 Server and in Windows
Server 2003
http://support.microsoft.com/kb/825036/en-us
How to configure DNS for Internet access in Windows Server 2003
http://support.microsoft.com/kb/323380/
--
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"noob admin" <noob...@discussions.microsoft.com> wrote in message
news:02529ED6-30C7-4742...@microsoft.com...
This environment is too hosed. It has been decided to end this hairball
and just add the users to the server, cut over from the old server
and turn it off.
5 days, no results.. enough.
Thanks for all your help.
Sincerely,
RobV.
Thanks for replying..
No, there are two seperate machines, none of which is actively multi homed.
(the extra NIC's are disabled).
the x's and y's are because the company's initials are part of the hostnames.
(not my call)
I'm very sorry if that caused you any grief. Please accept my apologies.
The first machine xxx is (was) the only DC until the client bought a new
Dell , and Windows 2003 Server from my company.
I followed the docs for adding a W2k3 server to a w2k DC domain to the
letter. The fact is the old machine had never been properly installed, and
folks had messed with the Registry in places I'm still finding out about.
f.y.i: 206.13.28.12 is Pac-Bell DNS. I just searched and the 207's point to
the
former maint company servers, NOT to the client's ISP.. Nice guys.
I might be able to slip in one more try at it, and thanks for the play by
play
for future reference. Otherwise, we're just going to build it from the ground
up and unplug the heap of slag the "other guys" left us.
Sincerely,
RobV.