+ Post New Thread
Page 1 of 3 123 LastLast
Results 1 to 15 of 33
Windows Server 2008 R2 Thread, 2008 migration gone wrong in Technical; Guys, I have just completed an domain & server upgrade to 2k8r2. 2 old 2k3 servers demoted l/rebuilt and promoted ...
  1. #1

    Join Date
    Oct 2008
    Location
    Southampton, England
    Posts
    175
    Thank Post
    30
    Thanked 4 Times in 4 Posts
    Rep Power
    12

    2008 migration gone wrong

    Guys,

    I have just completed an domain & server upgrade to 2k8r2. 2 old 2k3 servers demoted l/rebuilt and promoted back. The issue I'm having is the clients are taking a long time to start up and when they logon they can't get mapped drives via script. The event logs have 1054 errors saying it cant access the policy and gptinit errors where logon scripts aren't running.

    For some reason I can't access the scripts folder on dc01 which is the first dc. I can't access the c$ admin share or browse the server in network neighborhood. However I can browse and see the c$ share on dc02 which was the second to be promoted, I can see the sysvol of that server also.

    There don't seem to be any dhcp/dns issues as the servers can be pinged resolved and nslookup is working as expected.

    Is there any special security setting I have missed? I built both the servers in the same way too..

    Thanks for any help!
    James

  2. #2

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,137
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    76
    Hi

    Can you check the permission for Sysvol for both DC's and check they are the same?

    Sukh

  3. #3

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,714
    Thank Post
    269
    Thanked 1,116 Times in 1,012 Posts
    Rep Power
    345
    Also check the replication service is running

    or us something like sonar to check replication status

  4. #4

    Join Date
    Oct 2008
    Location
    Southampton, England
    Posts
    175
    Thank Post
    30
    Thanked 4 Times in 4 Posts
    Rep Power
    12
    Thanks for the replies guys.

    I haven't checked the sysvol sukh, will do first thing when i get in. I think the reason i hadn't already checked that was because I couldn't even browse that server so I assumed it was a different issue. Never can tell with server though lol.

    I checked with repadmin and it reported that the replication had occurred. The annoying thing is that I wasn't aware of this problem before I bought the second dc in so I can't say whethe that had played a part in it.

  5. #5
    bio
    bio is offline
    bio's Avatar
    Join Date
    Apr 2008
    Location
    netherlands
    Posts
    520
    Thank Post
    16
    Thanked 130 Times in 102 Posts
    Rep Power
    37
    definatly a sysvol issue. this may point in the right direction.

    bio..

  6. #6

    Join Date
    Oct 2008
    Location
    Southampton, England
    Posts
    175
    Thank Post
    30
    Thanked 4 Times in 4 Posts
    Rep Power
    12
    will check all the above guys, for now ive attatched a dcdiag to see if you can see any issues.

    James
    Attached Files Attached Files

  7. #7

    Join Date
    Oct 2005
    Posts
    769
    Thank Post
    49
    Thanked 100 Times in 90 Posts
    Rep Power
    61
    James - did you upgrade the schema on the domain before you started?

  8. #8

    Join Date
    Oct 2008
    Location
    Southampton, England
    Posts
    175
    Thank Post
    30
    Thanked 4 Times in 4 Posts
    Rep Power
    12
    i did indeed... adprep/forestprep followed by adprep/domainprep

  9. #9

    Join Date
    Oct 2005
    Posts
    769
    Thank Post
    49
    Thanked 100 Times in 90 Posts
    Rep Power
    61
    Ok - fair enough - just thinking out loud as it were.
    (BTW - the attachment isn't a DcDiag output.)

  10. #10

    Join Date
    Oct 2008
    Location
    Southampton, England
    Posts
    175
    Thank Post
    30
    Thanked 4 Times in 4 Posts
    Rep Power
    12
    lol omg im a total muppet, heres the proper attachment...
    Attached Files Attached Files

  11. #11

    Join Date
    Jul 2006
    Location
    London
    Posts
    1,134
    Thank Post
    100
    Thanked 217 Times in 176 Posts
    Blog Entries
    1
    Rep Power
    69
    I'm not a 2k8 expert, but here's where I'd start based off the info from dcdiag.txt:
    The one item in the dcdiag log that leaps out as a concern is 'DC01 failed test NCSecDesc' hopefully a sequential reboot of the DCs should clear it up, but if not the BPA might help guide you through the fix.
    • Reboot DC1 and wait for replication to start working (watch it in the event log, it took about 20 minutes to report back ok last time according to dcdiag)
    • Once DC1 has confirmed replication is ok....
    • Reboot DC2 and wait for replication to start working.
    • Reboot a workstation and run your tests again.

    If the problem persists I'd then use the AD DS BPA, which may be a little more illuminating than dcdiag.

    Final thought: if you create a new user account on a DC (once replication is working) can you then log on to a workstation using that account?
    Last edited by psydii; 15th April 2011 at 10:05 AM.

  12. #12

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,137
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    76
    post the results of the BPA.

    Also see Dcdiag fails for NCSecDesc test on Windows 2008 Domain Controllers

    Sukh

  13. #13

    Join Date
    Jul 2006
    Location
    London
    Posts
    1,134
    Thank Post
    100
    Thanked 217 Times in 176 Posts
    Blog Entries
    1
    Rep Power
    69
    edit: ninja'd
    Sukh's five seconds ( )with google suggests that the error I highlighted is probably unimportant, however for me 'best practice' is to configure one's system so that the diagnostic tools report back without error or warning, so it's still where I'd start.

    If a solution doesn't jump out to you (or someone else here doesn't provide a definitive answer) I would be very wary of making random changes to AD and sysvol in an attempt to fix it. If you've got the cash, an early call to MS PSS (cú200) could save you a lot of unnecessary work and stress. If that's not an immediate option, then try replicating the situation in a VM environment by restoring your last known good backup of your DCs into a clean VM and running the upgrade again (keeping the environment isolated from your live domain of course!) - from here you can mess around, fiddle, test and roll back without danger of making things worse.

    P.

  14. #14

    Join Date
    Oct 2008
    Location
    Southampton, England
    Posts
    175
    Thank Post
    30
    Thanked 4 Times in 4 Posts
    Rep Power
    12
    i looked at that NCSecDes article also and i did look at running that during the dcpromo stage but i was never going to be using read only controllers so i didnt run it.

    Will run the bpa and post results.

    i cant help thinking its some sort of access issue. I should be able to browse dc01 via network neighborhood but i cant, it tells me i dont have permission to use the network resource. What could be causing that?

  15. #15

    Join Date
    Mar 2010
    Posts
    205
    Thank Post
    34
    Thanked 31 Times in 30 Posts
    Rep Power
    14
    Are there any large files in your sysvol folder?

SHARE:
+ Post New Thread
Page 1 of 3 123 LastLast

Similar Threads

  1. [SIMS] 2008 Migration - Redirection Service
    By Stuart_C in forum MIS Systems
    Replies: 5
    Last Post: 13th August 2010, 09:40 PM
  2. 2008 SQL migration
    By creese in forum MIS Systems
    Replies: 7
    Last Post: 3rd June 2010, 03:56 PM
  3. 2008 SQL migration
    By creese in forum MIS Systems
    Replies: 0
    Last Post: 22nd April 2010, 10:14 AM
  4. Migration to 2008
    By ginger9991 in forum Windows Server 2008
    Replies: 2
    Last Post: 24th March 2010, 08:03 AM
  5. SIMS SQL 2008 migration
    By matt40k in forum MIS Systems
    Replies: 0
    Last Post: 8th August 2009, 12:08 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •