+ Post New Thread
Page 2 of 4 FirstFirst 1234 LastLast
Results 16 to 30 of 53
Windows Server 2008 R2 Thread, Replacing old DC problems. in Technical; Originally Posted by forde52 DNS on both servers is saying it is Active Directory-Integrated. Both servers have themselves and the ...
  1. #16

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    Quote Originally Posted by forde52 View Post
    DNS on both servers is saying it is Active Directory-Integrated. Both servers have themselves and the other server in the Nic's DNS settings. They can both ping each other by name and ip as well. So it's looking like it's not a network connectivity issue?
    Yep I'd agree, but can you ping by servername? curricsvr1.schoolname.pri etc...

  2. #17

    Join Date
    Nov 2013
    Posts
    27
    Thank Post
    5
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    I can yes, FQDN and computer name both work fine. So the server's can "see" each other to some extent.

  3. #18


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,578
    Thank Post
    228
    Thanked 853 Times in 732 Posts
    Rep Power
    294
    what about ad sites and services anything there that shouldn't be isn't there that should as there may be a link to some long gone server in there (as iirc demoting a server dosent remove it from here) or possibly some long gone server has 1 or more fismo roles

  4. #19

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    Hmm, OK so I see no reason why you can't transfer FSMO roles! That's really got me stumped, I must admit.

    Do the event logs show any errors which are of particular interest?

  5. #20

    Join Date
    Nov 2013
    Posts
    27
    Thank Post
    5
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by sted View Post
    what about ad sites and services anything there that shouldn't be isn't there that should as there may be a link to some long gone server in there (as iirc demoting a server dosent remove it from here) or possibly some long gone server has 1 or more fismo roles
    Nothing looks out of place in Sites and Services, it's showing the two servers and their properties.

  6. #21

    Join Date
    Nov 2013
    Posts
    27
    Thank Post
    5
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by Michael View Post
    Hmm, OK so I see no reason why you can't transfer FSMO roles! That's really got me stumped, I must admit.
    Haha, you're not the only one!

    Quote Originally Posted by Michael View Post
    Do the event logs show any errors which are of particular interest?
    The event log on both servers is showing this error:

    "Windows(R) Lightweight Directory Access Protocol (LDAP) failed a request to connect to Active Directory Domain Services(R) for Windows user <NT AUTHORITY\SYSTEM>.

    Without the corresponding UNIX identity of the Windows user, the user cannot access Network File System (NFS) shared resources.

    Verify that the Windows user is in Active Directory Domain Services and has access permissions."

    Plus another one which shows the domain admin account instead of SYSTEM. I'm guessing that's not good?

  7. #22

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    Sites and Services is something I've never messed with as there's no need!

    Looking at security of a DC I'm working on, it reads:

    Authenticated Users - Read
    SYSTEM - Full
    Enterprise Read-only Domain Controllers (think this is optional)
    Domain Admins - Full
    Enterprise Admins - Full

    This is on NTDS Settings.

    As for UNIX, I'm not too worried about this so you should be able to ignore it. I presume you had a NAS or a server that was running UNIX?

  8. #23

    Join Date
    Nov 2013
    Posts
    27
    Thank Post
    5
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    We never had a UNIX server, but we do have 2 Mac clients which connect to file shares on the network (not joined to the domain as it seemed a bit of a fuss), so that could be what it's on about? Just checked and they can still connect to the shares so I'll just ignore that error for now.

    Had a look at the security on these two, and the settings are the same as what you've posted above.

    If this helps I've just tried connecting to a file share on the new server from the old one and got this message:
    Screen Shot 2013-11-14 at 10.29.30.png
    So, this old server thinks it doesn't have permission to access the new one I'm guessing?

  9. #24

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    Hmm that's interesting. I wonder if there's a problem with the computer account of the new server?

    If possible, try demoting it and re-promoting as a DC. Certainly worth a try.

  10. Thanks to Michael from:

    forde52 (14th November 2013)

  11. #25

    Join Date
    Nov 2013
    Posts
    27
    Thank Post
    5
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    You'd be surprised at how many time's I've tried that the past few days. Every other computer on the network can access shares on it, just not the old DC. So with that in mind I'm thinking it's something with the old DC that's not right. It's always had errors with the RPC server as well (when you've tried to do a RSOP for example).

    It's as if the old DC just won't let go. The domain originally ran on a 2003R2 box but that got replaced nearly 2 years ago now, and everything was fine then, so it is something recent I think.

  12. #26

    Join Date
    Oct 2005
    Posts
    824
    Thank Post
    51
    Thanked 111 Times in 101 Posts
    Rep Power
    63
    Sorry to be late to the party again, but if you're having problems with AD, I would be a little wary about demoting a DC unless it won't have any impact.

    Have you checked the output of "REPADMIN /SHOWREPS"? Might help...

  13. #27

    Join Date
    Oct 2005
    Posts
    824
    Thank Post
    51
    Thanked 111 Times in 101 Posts
    Rep Power
    63
    A little bit of further research show that this might be useful for you: Troubleshooting AD Replication error 1396: Logon Failure: The target account name is incorrect.

  14. Thanks to pantscat from:

    forde52 (14th November 2013)

  15. #28

    Join Date
    Nov 2013
    Posts
    27
    Thank Post
    5
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Thanks for that, I'll take a look now and see what I can come up with!

    I've attached the results of the repadmin, the new server has no errors but the old one shows quite a few.

    OldDCReps.txt
    NewDCReps.txt

  16. #29

    Join Date
    Oct 2005
    Posts
    824
    Thank Post
    51
    Thanked 111 Times in 101 Posts
    Rep Power
    63
    Hmm looks to me like the answer may be in that KB article.

    Of course your other option is to just 'ungracefully' trash the old DC - force the new one to take on the roles and then tidy up using ADSI edit.

  17. #30

    Join Date
    Nov 2013
    Posts
    27
    Thank Post
    5
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    I have been thinking about doing that, but the other day when I give the new server the roles and took the network cable out of the old server, everything stopped working. I suppose I didn't do that the correct way but I was interested in seeing what would stop if I were to just remove the old server.

SHARE:
+ Post New Thread
Page 2 of 4 FirstFirst 1234 LastLast

Similar Threads

  1. Removing Old DC from Domain
    By Rydra in forum Windows Server 2000/2003
    Replies: 14
    Last Post: 13th May 2010, 04:12 PM
  2. Replacing old SIMS server
    By mattjones in forum MIS Systems
    Replies: 8
    Last Post: 10th May 2010, 09:34 PM
  3. [Windows Software] Windows 7 Pro. upgrade deployment to replace old Win XP and Vista
    By albertwt in forum Licensing Questions
    Replies: 8
    Last Post: 21st April 2010, 01:53 PM
  4. Old DC still in Sites and Services
    By cookie_monster in forum Windows
    Replies: 2
    Last Post: 8th September 2009, 06:04 PM
  5. New DC wants to use old DC as internet proxy...
    By PrimaryTech in forum Windows Server 2000/2003
    Replies: 9
    Last Post: 25th March 2009, 04:37 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •