Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cant demote 2000 server or raise forest to 2003 level

Status
Not open for further replies.
gurner

gurner

Technical User
Feb 13, 2002
522
US
We have installed a new 2003 server, promoted it as a DC, moved all the roles over (all 5, even Schema) this has replicated fine, moved DNS. raised the 2000 server to Native.

The only thing seemingly left is to demote the 2000 server and raise the forest to 2003.
when demoting the old 200 DC you get

"A Domain Controller could not be contacted for the domain test-dc.com that contained and account for this computer.

The specified domain does not exist or could not be contacted"

but if you do an nslookup etc, you get a response back "defualt server : Server.test-dc.com, etc" and can do lookups.

Checking the Domains and Trusts you go to Raise Doamin Functional Level, and it says current level is 2000 native, and that you cant raise it as the domain contains DCs not running the appropriate versions of windows.

we'd like to just to remove the 2000 server, as it is extremely old, but when unplugged, suddenly no one can access any files of the file servers. yet we have triple checked all the roles are on the new server and the DNS is on it functioning fine.

Any ideas? it feels like it is 95% done, but we just need 2000 to let go of that last bit, but it wont demote, and wont give us the option to raise to 2003.

Is there a way to make 2003 think its domain is ready for 2003 function, with a poke around on the 2000 server? such as a reg tweak, update, something? (i'd think it would really struggle with a software upgrade to 2003)

Thanks

Gurner
 
Sort by date Sort by votes
if i do a DCDiag i get these results (NT-Server is the 2000 box, TOTALDC01 is the 2003 box)
-----------------------------------------------
Starting test: Advertising
The DC NT-SERVER is advertising itself as a DC and having a DS.
The DC NT-SERVER is advertising as an LDAP server
The DC NT-SERVER is advertising as having a writeable directory
The DC NT-SERVER is advertising as a Key Distribution Center
The DC NT-SERVER is advertising as a time server
......................... NT-SERVER passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=TOTALDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=total-recall,DC=com
Role Domain Owner = CN=NTDS Settings,CN=TOTALDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=total-recall,DC=com
Role PDC Owner = CN=NTDS Settings,CN=TOTALDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=total-recall,DC=com
Role Rid Owner = CN=NTDS Settings,CN=TOTALDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=total-recall,DC=com
Role Infrastructure Update Owner = CN=NTDS Settings,CN=TOTALDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=total-recall,DC=com
--------------------------------------
Any ideas why the old one is advertising itself as all these, when the roles have switched? surely not being caused by the forest function level?


Gurner
 
Upvote 0 Downvote
Yet further down there is this
-----------------------------------
Starting test: Advertising
Warning: DsGetDcName returned information for \\nt-server.total-recall.com, when we were trying to reach TOTALDC01.
Server is not responding or is not considered suitable.
The DC TOTALDC01 is advertising itself as a DC and having a DS.
The DC TOTALDC01 is advertising as an LDAP server
The DC TOTALDC01 is advertising as having a writeable directory
The DC TOTALDC01 is advertising as a Key Distribution Center
The DC TOTALDC01 is advertising as a time server
Warning: TOTALDC01 is not advertising as a global catalog.
Check that server finished GC promotion.
Check the event log on server that enough source replicas for the GC are available.
------------------------------------------
but if you check under Sites and Services the new server has the tick set for Global Catalog (i have unset it and set the old server back up and will reverse it again to see if this helps kick off the replication of the GC?)


Gurner
 
Upvote 0 Downvote
The SYSVOL folder is empty on the new server, and the event log has just started doing this
------------------------------
The File Replication Service is having trouble enabling replication from \\nt-server.total-recall.com to TOTALDC01 for c:\windows\sysvol\domain using the DNS name \\nt-server.total-recall.com. FRS will keep retrying.
Following are some of the reasons you would see this warning.

[1] FRS can not correctly resolve the DNS name \\nt-server.total-recall.com from this computer.
[2] FRS is not running on \\nt-server.total-recall.com.
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
-------------------------------

Any ideas where i should be looking in DNS, as standard DNS lookups are fine, there are forward and reverse entries for all machines etc, is it something within the _msdcs, _sites etc

cheers

Gurner
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
488
Aquiles Vidal
Aquiles Vidal
MaioMaio
  • Locked
  • Question
Server Remote Desktop License
Replies
0
Views
402
MaioMaio
MaioMaio
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
641
suncit
suncit
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
410
antonio_dsanchez
antonio_dsanchez
jamescpp
  • Locked
  • Question
Windos OpenSSH server vulnerability
Replies
0
Views
500
jamescpp
jamescpp

Part and Inventory Search

Sponsor

Back
Top