Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Transferring FSMO Roles Server 2003 to 2008

Status
Not open for further replies.

acabezas7

MIS
Mar 5, 2007
71
US
Hi everyone,

Ok so I had one Windows 2003 Domain Controller in my domain and I recently implemented Windows 2008 Domain Controller and transfered FSMO roles over to my new 2008 DC. Everything went well with tranferring FSMO roles. But every wednesday I perform maintenance reboot of all my servers. Now when I reboot my DC's my 2008 DC boots up first and I login but when I try and open up Active Directory Users and Computers I get an error and it doesnt load. But not when I bring my 2003 DC back online I can open up Active Directory Users and Computers on my windows 2008 DC. Now I thought after moving my FSMO roles from 2003 DC I can go ahead and demote this DC and have my forest with just 2008 DC's but apparently thats not the issue but looks like the 2008 DC's is relying on my 2003 DC. Can someone please help me. Thanks
 
oh sorry, I thought I understood that both had the fsmo roles.
 
I actually don't see any errors under my DNS event log. But I do see errors on my Active Directory event log when my Windows 2003 DC is powered off and only my Windows 2008 DC is online.

Active Directory Domain Services could not resolve the following DNS host name of the source domain controller to an IP address. This error prevents additions, deletions and changes in Active Directory Domain Services from replicating between one or more domain controllers in the forest. Security groups, group policy, users and computers and their passwords will be inconsistent between domain controllers until this error is resolved, potentially affecting logon authentication and access to network resources.

Source domain controller:
OSCAR
Failing DNS host name:
95873073-c12a-4483-82a6-a460aac0d88a._msdcs.riepf.com

NOTE: By default, only up to 10 DNS failures are shown for any given 12 hour period, even if more than 10 failures occur. To log all individual failure events, set the following diagnostics registry value to 1:

Registry Path:
HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics\22 DS RPC Client

User Action:

1) If the source domain controller is no longer functioning or its operating system has been reinstalled with a different computer name or NTDSDSA object GUID, remove the source domain controller's metadata with ntdsutil.exe, using the steps outlined in MSKB article 216498.

2) Confirm that the source domain controller is running Active Directory Domain Services and is accessible on the network by typing "net view \\<source DC name>" or "ping <source DC name>".

3) Verify that the source domain controller is using a valid DNS server for DNS services, and that the source domain controller's host record and CNAME record are correctly registered, using the DNS Enhanced version of DCDIAG.EXE available on
dcdiag /test:dns

4) Verify that this destination domain controller is using a valid DNS server for DNS services, by running the DNS Enhanced version of DCDIAG.EXE command on the console of the destination domain controller, as follows:

dcdiag /test:dns

5) For further analysis of DNS error failures see KB 824449:

Additional Data
Error value:
11001 No such host is known.
 
OK I ran dcdiag on my Windows 2008 server for the source domain controller which is my 2003 DC and everything looked good except one warning message about AAAA record for this DC was not found.

DCDIAG Test Ran on Windows 2008 DC sourcing Windows 2003 DC

C:\>dcdiag /test:dns /s:2003 DC /DnsBasic

Directory Server Diagnosis

Performing initial setup:
* Identified AD Forest.
Done gathering initial info.

Doing initial required tests

Testing server: West\2003 DC
Starting test: Connectivity
......................... 2003 DC passed test Connectivity

Doing primary tests

Testing server: West\2003 DC

Starting test: DNS

DNS Tests are running and not hung. Please wait a few minutes...
......................... 2003 DC passed test DNS

Running partition tests on : LimitLogin

Running partition tests on : ForestDnsZones

Running partition tests on : DomainDnsZones

Running partition tests on : Schema

Running partition tests on : Configuration

Running partition tests on : xxxx

Running enterprise tests on : xxxx.com
Starting test: DNS
Test results for domain controllers:

DC: 2003 DC.xxxx.com
Domain: xxxxx.com


TEST: Basic (Basc)
Warning: The AAAA record for this DC was not found

2003DC PASS WARN n/a n/a n/a n/a n/a
......................... xxxx.com passed test DNS


DCDIAG Test Ran on Windows 2003 DC sourcing Windows 2008 DC

C:\>dcdiag /test:dns /s:2008 DC /DnsBasic

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: West\2008 DC Starting test: Connectivity
......................... PHSRIDCDC01 passed test Connectivity

Doing primary tests

Testing server: West\2008 DC
DNS Tests are running and not hung. Please wait a few minutes...

Running partition tests on : ForestDnsZones

Running partition tests on : DomainDnsZones

Running partition tests on : Schema

Running partition tests on : Configuration

Running partition tests on : xxxx

Running enterprise tests on : xxxx.com
Starting test: DNS
......................... xxxx.com passed test DNS


Anyone have an idea what that warning message means about AAAA record. Thanks
 
Ok another update I just ran dcdiag /test:dns /DnsRecordRegistration on both servers and these are the results


Results on Windows 2008 DC

C:\>dcdiag /test:dns /DnsRecordRegistration

Directory Server Diagnosis

Performing initial setup:
Trying to find home server...
Home Server = 2008 DC
* Identified AD Forest.
Done gathering initial info.

Doing initial required tests

Testing server: West\2008 DC
Starting test: Connectivity
......................... 2008 DC passed test Connectivity

Doing primary tests

Testing server: West\2008 DC
Starting test: DNS

DNS Tests are running and not hung. Please wait a few minutes...
......................... 2008 DC passed test DNS

Running partition tests on : ForestDnsZones

Running partition tests on : DomainDnsZones

Running partition tests on : Schema

Running partition tests on : Configuration

Running partition tests on : riepf

Running enterprise tests on : riepf.com
Starting test: DNS
Test results for domain controllers:

DC: 2008 DC.xxxx.com
Domain: xxxx.com


TEST: Basic (Basc)
Warning: The AAAA record for this DC was not found

TEST: Records registration (RReg)
Network Adapter [00000006] Intel(R) PRO/1000 PT Dual Port Server Adapter:
Warning:
Missing AAAA record at DNS server 10.156.138.74:
2008 DC.xxxx.com

Warning:
Missing AAAA record at DNS server 10.156.138.74:
gc._msdcs.xxxx.com

Warning:
Missing AAAA record at DNS server 10.156.138.73:
2008 DC.xxxx.com

Warning:
Missing AAAA record at DNS server 10.156.138.73:
gc._msdcs.xxxx.com

Warning: Record Registrations not found in some network adapters

2008 DC PASS WARN n/a n/a n/a WARN n/a
......................... riepf.com passed test DNS


Results on Windows 2003 DC

C:\>dcdiag /test:dns /DnsRecordRegistration

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: West\2003 DC
Starting test: Connectivity
......................... 2003 DC
passed test Connectivity

Doing primary tests

Testing server: West\2003 DC

DNS Tests are running and not hung. Please wait a few minutes...

Running partition tests on : LimitLogin

Running partition tests on : ForestDnsZones

Running partition tests on : DomainDnsZones

Running partition tests on : Schema

Running partition tests on : Configuration

Running partition tests on : xxxx

Running enterprise tests on : xxxx.com
Starting test: DNS
......................... xxxx.com passed test DNS


 
The AAAA record is an A record for IPv6 only so nothing to worry about there.
 
I have re-read through these postings and I know you said that the AD/DNS servers point to themselves as primary DNS under TCP/IP properties, but what about your machines and other server (i.e. Exchange); where are they pointing to for their primary DNS?
 
Ok i just check my email server and yes it was pointing to my 2003 DC as Primary DNS server. My 2008 DC was not even listed as a DNS entry. So i know that this will now fix my exchange email going down when my 2003 DC is powered off. But now what about Active Directory? Goin to check my other servers
 
Yes my 2008 DC is pointing to itself for DNS. Sorry for the delayed response.
 
Anything else I can try before I perform my reboot tomorrow and test this issue out again. Thanks
 
Have you tried this that I posted a while back?

"Try this next time you do your reboots (keep the 2003 DC offline while you do the following). Create a new empty management console (start | run | mmc) and add the ADUC snap- in, point it at your 2008 server and save the console as ADUC2 (or whatever you want to name it).
If you open up the ADUC using your ADUC2 saved file instead of the one located in administrative tools then it should save your settings and point to your desired server. There might be something cached weird in the existing default ADUC that's still wanting to authenticate to the 2003 box."

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top