Re: ADMT - error migrating sid history

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Eric Fleischman [MSFT] (efleis_at_online.microsoft.com)
Date: 10/01/04 

Date: Fri, 1 Oct 2004 18:03:45 -0500

Hmm....how about we take a network trace of the attempt, so we can see
what's turning south?
The steps I'd suggest would be:
1) issue commands to clear the appropriate caches:
    nbtstat -R
    ipconfig /flushdns
2) start a network trace (netmon or any other sniffer you like)
3) repro the problem

You could send me the trace if you'd like.

~Eric 

-- 
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
"B.Hilliard" <robhillj@bellsouth.net> wrote in message 
news:0c9c01c4a7f2$67f4d7c0$a501280a@phx.gbl...
> ...AND, the registry entries are present on both the PDC
> and BDC and the machines have been restarted.
>
> [forgot that in the previous reply]
>
>
>>-----Original Message-----
>>I agree that it *appears* to be a WINS/domain name
>>resolution issue, but I can't prove that.
>>
>>NBLOOKUP finds WINS records for controllers just fine. I
>>can assign NTdomain user's rights to ADdomain shares
> okay.
>>I can manually create an AD account, and assign it to
>>NTExch55 mailbox and log into mailbox just fine. On the
>>NTdomain side, ADdomain users show okay and can be
>>assigned rights to shares. Trusts are functioning okay.
>>(nltest verifies this)
>>
>>EnableSidHistory (netdom) is ON in the ADdomain.
>>
>>I'm sure it's something simple, but I haven't been able
>>to find any info pertaining to this specific error
>>message anywhere...so far.
>>
>>Thanks for the reply.
>>
>>
>>>-----Original Message-----
>>>So in my experience, this error:
>>>
>>>> Either the source domain's primary domain controller
>>>> (PDC) has not been re-started after setting the
>>>> TcpipClientSupport registry key to 1 or the PDC could
>>not
>>>> be contacted.
>>>
>>>....is almost always right. Can you confirm that the
> reg
>>value in question
>>>has been set and you've rebooted since?
>>>If so, perhaps there is a more subtle name resolution
>>issue that is
>>>preventing ADMT from discovering the PDCe inthe source
>>domain. That's the
>>>most common reason people hit this IMHO.
>>>
>>>~Eric
>>>
>>>-- 
>>>This posting is provided "AS IS" with no warranties,
> and
>>confers no rights.
>>>Use of included script samples are subject to the terms
>>specified at
>>>http://www.microsoft.com/info/cpyright.htm
>>>
>>>
>>>"B.Hilliard" <robhillj@bellsouth.net> wrote in message
>>>news:224a01c4a7bd$38382e40$a401280a@phx.gbl...
>>>> Thanks for the reply.
>>>>
>>>> Yep, W2k native. And, the <domain>$$$ group is a local
>>>> group in the source domain.
>>>>
>>>> If I enter an invalid userid on the User Accounts
>>screen,
>>>> or even a bad password, I get the same error. It's as
>>if
>>>> ADMT is not/cannot make use of the trust to get
> across
>>to
>>>> the PDC...although, the NT domain is accessible from
> AD
>>>> controller with other tools (NLTEST), and NT user
>>mangler
>>>> can *see* AD users/groups.
>>>>
>>>> Maybe deleting and recreating trusts might help.
>>>>
>>>> Will report back.
>>>>
>>>>
>>>>>-----Original Message-----
>>>>>Are you in W2K Native Mode?
>>>>>
>>>>>Also, take a look at this...
>>>>>http://www.kbalertz.com/kb_Q317846.aspx
>>>>>
>>>>>AJD
>>>>>
>>>>>
>>>>>>-----Original Message-----
>>>>>>I had posted this in the win2k AD group, but thought
>>it
>>>>>>prudent to post it here, since this is happening on
>>>>>>win2k3.
>>>>>>
>>>>>>When migrating users from nt4 and selecting sid
>>>> history,
>>>>>>the following error is shown after entering admin
>>>>>>credentials on the User Account screen:
>>>>>>
>>>>>>Either the source domain's primary domain controller
>>>>>>(PDC) has not been re-started after setting the
>>>>>>TcpipClientSupport registry key to 1 or the PDC could
>>>>>not
>>>>>>be contacted.
>>>>>>
>>>>>>PDC can be pinged (via WINS), and nbtstat shows entry
>>>>>for
>>>>>>NT domain in the cache.
>>>>>>
>>>>>>Two-way trusts are setup and are working. The
> registry
>>>>>>entry has been added, verified, and the pdc
> restarted.
>>>>>>The registry entry is also added to the bdc. Domain
>>>>>admin
>>>>>>groups are added to each domains Admin group.
>>>>><domain>$$$
>>>>>>group has been created on NT domain. Auditing is
>>turned
>>>>>>on. Controller running ADMT is pointed to WINS.
>>>>>>
>>>>>>This only happens when sid-history is requested.
>>>> Without
>>>>>>requesting it, the migration works fine.
>>>>>>
>>>>>>ADMT has been uninstalled and reinstalled.
>>>>>>
>>>>>>No luck trying to reproduce in lab.
>>>>>>
>>>>>>Any thoughts are appreciated.
>>>>>>
>>>>>>Thanks.
>>>>>>Bobby Hilliard
>>>>>>.
>>>>>>
>>>>>.
>>>>>
>>>
>>>
>>>.
>>>
>>.
>>