+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 33
Windows Server 2008 R2 Thread, 2008 migration gone wrong in Technical; The obvious answer is that you're not using an account that is authorised to access that resource. Once you've restarted ...
  1. #16

    Join Date
    Jul 2006
    Location
    London
    Posts
    1,279
    Thank Post
    115
    Thanked 247 Times in 197 Posts
    Blog Entries
    1
    Rep Power
    76
    The obvious answer is that you're not using an account that is authorised to access that resource. Once you've restarted the DC's and cleared out any errors from BPA, can you log on to a workstation using an account created after the upgrade?

    Are the clients XP or 7? If XP what does netdiag report? Not sure what tool replicates that functionality in Vista or 7.

  2. #17

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    78
    @psydii - It was a suggestion in case RODC were/are being used. The issue and root cause are unknown. Putting in a call to MSFT is the best option in any case. However, given this situation, turn-around for initial response will be 4 hours, then after that no guarantee and impact is minimal, i.e you have another DC, also no users are effected.

    But like I say, MSFT is you best contact or your support provider. However, the articles I normally post here do NOT always been YOU should do it. If they are specific then I will make sure I state that. In this case I suggested 'Also see'.

    I expect one to read any post/KB articles before making a change to the production enviornment or if they take the risk and not to then it's up to them.

    Changing settings on the infrasructure should be thought of carefully.

    Sukh

  3. #18

    Join Date
    Oct 2008
    Location
    Southampton, England
    Posts
    215
    Thank Post
    40
    Thanked 10 Times in 6 Posts
    Rep Power
    14
    looks like the two largest files are 10mb each, which is some sort of log. The rest are anything up to 2mb

  4. #19

    Join Date
    Oct 2008
    Location
    Southampton, England
    Posts
    215
    Thank Post
    40
    Thanked 10 Times in 6 Posts
    Rep Power
    14
    thats what i would assume that meant... Im pretty sure the problem is linked to dc01. When i did a reboot on dc02 i could view the network and see what was there but not the browse those machines, however as soon as dc02 came back up i could browse to the machines and see printers/shares

  5. #20

    Join Date
    Jul 2006
    Location
    London
    Posts
    1,279
    Thank Post
    115
    Thanked 247 Times in 197 Posts
    Blog Entries
    1
    Rep Power
    76
    @sukh I quite agree, I found that article just after you did and the initial version of my post I berated myself for not googling it before posting. The article's phrasing suggest to me that the error itself is not cause for concern, but whether root causes are related is one avenue for investigation.

    I do read the impact of this problem differently though: GP is not applying on at least 50% of clients properly and logons are very slow - in an environment where each workstation logs on/off 6+ times a day, to me that's a huge impact!

    After BPA results, the next big question is: Are the Clients Authenticating to the Domain properly? Which is what we'll find out with the new user test.

  6. #21

    Join Date
    Jul 2006
    Location
    London
    Posts
    1,279
    Thank Post
    115
    Thanked 247 Times in 197 Posts
    Blog Entries
    1
    Rep Power
    76
    @jjohnsoncantell
    After rebooting the servers in the order advised, are there unresolved errors in the event logs on either server?

    Could you clarify exactly what steps you took that provided evidence for the following statement:
    "When i did a reboot on dc02 i could view the network and see what was there but not the browse those machines, however as soon as dc02 came back up i could browse to the machines and see printers/shares"
    Specifically expanding around the following phrases
    "i could view the network"
    "see what was there"
    "but not browse those machines"

    Have the workstations been restarted and logon speeds tested following the DC reboots?

  7. #22

    Join Date
    Oct 2008
    Location
    Southampton, England
    Posts
    215
    Thank Post
    40
    Thanked 10 Times in 6 Posts
    Rep Power
    14
    ok
    For example, i can browse network neighborhood and see a list of clients. I can browse into a client and see the printers & faxes/sheduled tasks. However, when i reboot dc02 i loose that ability even though dc01 is still up and running. As soon as the server has rebooted and back online i can again browse those clients as before.

    If i however go to browse dc01 at any time, i get the dc01 in not accessible error with a reason of network path not found.

  8. #23

    Join Date
    Oct 2008
    Location
    Southampton, England
    Posts
    215
    Thank Post
    40
    Thanked 10 Times in 6 Posts
    Rep Power
    14
    i dont notice any red event errors in application, system, dfs, dns, file replication logs.

  9. #24

    Join Date
    Jul 2006
    Location
    London
    Posts
    1,279
    Thank Post
    115
    Thanked 247 Times in 197 Posts
    Blog Entries
    1
    Rep Power
    76
    Have you got an output from the AD DS BPA?

    Have you rebooted the client computer since the server reboots?
    Are you logged on as an Domain/Enterprise Administrator?
    What OS are the clients running?
    If XP what is the output of netdiag?
    Is DC02 your WINS server?
    Can you browse DC01 from DC02?

    I note from your DCDiag report that both DCs appear to agree that DC01 holds all the FSMO roles and that replication is working. I also note that no further indication that this assessment should be changed since reboot as the event log is showing without further errors.

  10. #25

    Join Date
    Oct 2008
    Location
    Southampton, England
    Posts
    215
    Thank Post
    40
    Thanked 10 Times in 6 Posts
    Rep Power
    14
    Yes i have rebooted the clients. Ive been logged onto the server with domain admin account and can browse from dc01-dc02 and vice versa and can see the sysvol and netlogon shares. The clients are running xpsp3. Wins isnt installed as far as im aware as we're only xpsp3 clients and above.

    Attatched is a readout of net diag from a problem client. Makes reference to spn issues.

    Thanks for your time helping me, its much appreciated!
    Attached Files Attached Files

  11. #26

    Join Date
    Jul 2006
    Location
    London
    Posts
    1,279
    Thank Post
    115
    Thanked 247 Times in 197 Posts
    Blog Entries
    1
    Rep Power
    76
    Ok can you try re-running netdiag on a client while logged on as a Domain Admin. I'm hoping those errors will vanish.

  12. #27

    Join Date
    Oct 2008
    Location
    Southampton, England
    Posts
    215
    Thank Post
    40
    Thanked 10 Times in 6 Posts
    Rep Power
    14
    done, here's the result.
    Attached Files Attached Files

  13. #28

    ZeroHour's Avatar
    Join Date
    Dec 2005
    Location
    Edinburgh, Scotland
    Posts
    5,837
    Thank Post
    974
    Thanked 1,405 Times in 850 Posts
    Blog Entries
    1
    Rep Power
    460
    Initial look suggests your dns may not have reverse lookups setup possibly.
    Also when you migrated did you have any Cert Authorities on the old servers?

  14. #29

    Join Date
    Jul 2006
    Location
    London
    Posts
    1,279
    Thank Post
    115
    Thanked 247 Times in 197 Posts
    Blog Entries
    1
    Rep Power
    76
    Hmm. I'd be surprised if DCDiag gave such a clean bill of health if a DC was missing its PTR record. But since 99% of all AD issues are in fact DNS issues, best confirm it's there!

    What does AD DS BPA have to say?
    How many other client machines are affected?
    What OS are they running? I note that your laptop appears to be Windows 2000.
    Can you 'sacrifice' one showing the same symptoms? If so, remove it form the domain and try adding it back.
    Any IPSec policies enabled anywhere (say, on the DCs)?


    Edit:
    Another possibility is that there is a mismatch between netdiag version and the sp level of your laptop. Ensure both are SP4, and some of the errors aren't in fact red herrings.

    Also since the information presented in netfiag conflicts with your statement regarding XP SP3, perhaps your copy of netdiag needs updating to XP SP2 (the latest available)? Again to eliminate red herrings.
    Last edited by psydii; 15th April 2011 at 02:50 PM.

  15. #30

    Join Date
    Jul 2006
    Location
    London
    Posts
    1,279
    Thank Post
    115
    Thanked 247 Times in 197 Posts
    Blog Entries
    1
    Rep Power
    76
    Is there a Firewall on DC01?
    Is there a firewall on your clients?



SHARE:
+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast

Similar Threads

  1. [SIMS] 2008 Migration - Redirection Service
    By Stuart_C in forum MIS Systems
    Replies: 5
    Last Post: 13th August 2010, 10:40 PM
  2. 2008 SQL migration
    By creese in forum MIS Systems
    Replies: 7
    Last Post: 3rd June 2010, 04:56 PM
  3. 2008 SQL migration
    By creese in forum MIS Systems
    Replies: 0
    Last Post: 22nd April 2010, 11:14 AM
  4. Migration to 2008
    By ginger9991 in forum Windows Server 2008
    Replies: 2
    Last Post: 24th March 2010, 09:03 AM
  5. SIMS SQL 2008 migration
    By matt40k in forum MIS Systems
    Replies: 0
    Last Post: 8th August 2009, 01:08 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •