Re: Migrate to new server
- From: DD <DD@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 1 Dec 2008 01:40:01 -0800
dcdiag from usg001
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine usg001, is a DC.
* Connecting to directory service on server USG001.
* Collecting site info.
* Identifying all servers.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\USG001
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... USG001 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\USG001
Starting test: Replications
* Replications Check
......................... USG001 passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=OCBA,DC=co,DC=id
* Security Permissions Check for
CN=Configuration,DC=OCBA,DC=co,DC=id
* Security Permissions Check for
DC=OCBA,DC=co,DC=id
......................... USG001 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... USG001 passed test NetLogons
Starting test: Advertising
The DC USG001 is advertising itself as a DC and having a DS.
The DC USG001 is advertising as an LDAP server
The DC USG001 is advertising as having a writeable directory
The DC USG001 is advertising as a Key Distribution Center
Warning: USG001 is not advertising as a time server.
The DS USG001 is advertising as a GC.
......................... USG001 failed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN="NTDS Settings
DEL:15bb4502-7524-4072-8806-b05d374c49ec",CN=USG002,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=OCBA,DC=co,DC=id
Warning: CN="NTDS Settings
DEL:15bb4502-7524-4072-8806-b05d374c49ec",CN=USG002,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=OCBA,DC=co,DC=id
is the Schema Owner, but is deleted.
Role Domain Owner = CN="NTDS Settings
DEL:15bb4502-7524-4072-8806-b05d374c49ec",CN=USG002,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=OCBA,DC=co,DC=id
Warning: CN="NTDS Settings
DEL:15bb4502-7524-4072-8806-b05d374c49ec",CN=USG002,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=OCBA,DC=co,DC=id
is the Domain Owner, but is deleted.
Role PDC Owner = CN=NTDS
Settings,CN=USG001,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=OCBA,DC=co,DC=id
Role Rid Owner = CN=NTDS
Settings,CN=USG001,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=OCBA,DC=co,DC=id
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=USG001,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=OCBA,DC=co,DC=id
......................... USG001 failed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 4115 to 1073741823
* USG001.OCBA.COM is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 3115 to 3614
* rIDNextRID: 2951
* rIDPreviousAllocationPool is 2615 to 3114
......................... USG001 passed test RidManager
Starting test: MachineAccount
* SPN found :LDAP/USG001.OCBA.COM/OCBA.COM
* SPN found :LDAP/USG001.OCBA.COM
* SPN found :LDAP/USG001
* SPN found :LDAP/USG001.OCBA.COM/UOBKHID
* SPN found
:LDAP/96677f00-40fa-41c1-8bb1-c11a92606a04._msdcs.OCBA.COM
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/96677f00-40fa-41c1-8bb1-c11a92606a04/OCBA.COM
* SPN found :HOST/USG001.OCBA.COM/OCBA.COM
* SPN found :HOST/USG001.OCBA.COM
* SPN found :HOST/USG001
* SPN found :HOST/USG001.OCBA.COM/UOBKHID
* SPN found :GC/USG001.OCBA.COM/OCBA.COM
......................... USG001 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: RPCLOCATOR
* Checking Service: w32time
w32time Service is stopped on [USG001]
* Checking Service: TrkWks
* Checking Service: TrkSvr
* Checking Service: NETLOGON
* Checking Service: Dnscache
* Checking Service: NtFrs
SMTPSVC Service is stopped on [USG001]
......................... USG001 failed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
USG001 is in domain DC=OCBA,DC=co,DC=id
Checking for CN=USG001,OU=Domain Controllers,DC=OCBA,DC=co,DC=id in
domain DC=OCBA,DC=co,DC=id on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=USG001,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=OCBA,DC=co,DC=id
in domain CN=Configuration,DC=OCBA,DC=co,DC=id on 1 servers
Object is up-to-date on all servers.
......................... USG001 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service Event log test
Error: No record of File Replication System, SYSVOL started.
The Active Directory may be prevented from starting.
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
An Warning Event occured. EventID: 0x800034FA
Time Generated: 11/29/2008 11:25:14
Event String: Following is the summary of warnings and errors
encountered by File Replication Service while
polling the Domain Controller
USG001.OCBA.COM for FRS replica set
configuration information.
The nTDSConnection object cn=4a58d9b4-6646-4882-ab40-e5438eae8771,cn=ntds
settings,cn=USG001,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id
is conflicting with cn=USG002,cn=ntds
settings,cn=USG001,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id.
Using cn=4a58d9b4-6646-4882-ab40-e5438eae8771,cn=ntds
settings,cn=USG001,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id
An Warning Event occured. EventID: 0x800034FA
Time Generated: 11/29/2008 11:45:14
Event String: Following is the summary of warnings and errors
encountered by File Replication Service while
polling the Domain Controller
USG001.OCBA.COM for FRS replica set
configuration information.
The nTDSConnection object cn=72d6065a-469b-46da-a5ce-f0362006c85e,cn=ntds
settings,cn=USG002,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id
is conflicting with cn=USG001,cn=ntds
settings,cn=USG002,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id.
Using cn=72d6065a-469b-46da-a5ce-f0362006c85e,cn=ntds
settings,cn=USG002,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id
The nTDSConnection object cn=4a58d9b4-6646-4882-ab40-e5438eae8771,cn=ntds
settings,cn=USG001,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id
is conflicting with cn=USG002,cn=ntds
settings,cn=USG001,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id.
Using cn=4a58d9b4-6646-4882-ab40-e5438eae8771,cn=ntds
settings,cn=USG001,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id
An Warning Event occured. EventID: 0x800034FA
Time Generated: 11/29/2008 13:05:15
Event String: Following is the summary of warnings and errors
encountered by File Replication Service while
polling the Domain Controller
USG001.OCBA.COM for FRS replica set
configuration information.
The nTDSConnection object cn=72d6065a-469b-46da-a5ce-f0362006c85e,cn=ntds
settings,cn=USG002,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id
is conflicting with cn=USG001,cn=ntds
settings,cn=USG002,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id.
Using cn=72d6065a-469b-46da-a5ce-f0362006c85e,cn=ntds
settings,cn=USG002,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id
An Warning Event occured. EventID: 0x800034FA
Time Generated: 11/29/2008 14:40:16
Event String: Following is the summary of warnings and errors
encountered by File Replication Service while
polling the Domain Controller
USG001.OCBA.COM for FRS replica set
configuration information.
The nTDSConnection object cn=72d6065a-469b-46da-a5ce-f0362006c85e,cn=ntds
settings,cn=USG002,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id
is conflicting with cn=USG001,cn=ntds
settings,cn=USG002,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id.
Using cn=72d6065a-469b-46da-a5ce-f0362006c85e,cn=ntds
settings,cn=USG002,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id
The nTDSConnection object cn=10.192.16.1,cn=ntds
settings,cn=USG001,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id
is conflicting with cn=USG002,cn=ntds
settings,cn=USG001,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id.
Using cn=10.192.16.1,cn=ntds
settings,cn=USG001,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id
An Warning Event occured. EventID: 0x800034FA
Time Generated: 11/30/2008 14:40:24
Event String: Following is the summary of warnings and errors
encountered by File Replication Service while
polling the Domain Controller
USG001.OCBA.COM for FRS replica set
configuration information.
The nTDSConnection object cn=72d6065a-469b-46da-a5ce-f0362006c85e,cn=ntds
settings,cn=USG002,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id
is conflicting with cn=USG001,cn=ntds
settings,cn=USG002,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id.
Using cn=72d6065a-469b-46da-a5ce-f0362006c85e,cn=ntds
settings,cn=USG002,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id
The nTDSConnection object cn=10.192.16.1,cn=ntds
settings,cn=USG001,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id
is conflicting with cn=USG002,cn=ntds
settings,cn=USG001,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id.
Using cn=10.192.16.1,cn=ntds
settings,cn=USG001,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id
An Warning Event occured. EventID: 0x800034FA
Time Generated: 12/01/2008 08:05:31
Event String: Following is the summary of warnings and errors
encountered by File Replication Service while
polling the Domain Controller
USG001.OCBA.COM for FRS replica set
configuration information.
The nTDSConnection object cn=72d6065a-469b-46da-a5ce-f0362006c85e,cn=ntds
settings,cn=USG002,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id
is conflicting with cn=USG001,cn=ntds
settings,cn=USG002,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id.
Using cn=72d6065a-469b-46da-a5ce-f0362006c85e,cn=ntds
settings,cn=USG002,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id
An Warning Event occured. EventID: 0x800034FA
Time Generated: 12/01/2008 15:05:34
Event String: Following is the summary of warnings and errors
encountered by File Replication Service while
polling the Domain Controller
USG001.OCBA.COM for FRS replica set
configuration information.
The nTDSConnection object cn=72d6065a-469b-46da-a5ce-f0362006c85e,cn=ntds
settings,cn=USG002,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id is conflicting with cn=USG001\
cnf:97867f81-06da-4a63-907d-ee4debdc4cf3,cn=ntds
settings,cn=USG002,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id.
Using cn=72d6065a-469b-46da-a5ce-f0362006c85e,cn=ntds
settings,cn=USG002,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id
......................... USG001 passed test frssysvol
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15
minutes.
......................... USG001 passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... USG001 passed test systemlog
Running enterprise tests on : OCBA.COM
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... OCBA.COM passed test Intersite
Starting test: FsmoCheck
GC Name: \\USG001.OCBA.COM
Locator Flags: 0xe00001bd
PDC Name: \\USG001.OCBA.COM
Locator Flags: 0xe00001bd
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
1355
A Good Time Server could not be located.
KDC Name: \\USG001.OCBA.COM
Locator Flags: 0xe00001bd
......................... OCBA.COM failed test FsmoCheck
"Meinolf Weber" wrote:
Hello DD,.
Run diagnostic tools dcdiag /v, netdiag /v and repadmin /showrepl and post
the result here. You can also pipe the output to a textfile if the command
prompt doesn't list it complete:
dcdiag /v > C:\dcdiag.log
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
I try to run adprep /forest it said THE scema master replication not
complete.
i try to replicate from the site and service, error message, error
occur during attemp synchorize the domain controler, access is denied.
The two AD can not replicate to each other.
I also getting the event 1586
http://support.microsoft.com/kb/269417
"Meinolf Weber" wrote:
Hello DD,
Yes, you can transfer them to server 1. After changing i would
transfer them to the 2003 DC.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Can I transfer all the role to 001 before I replace the server 2,if
can how to do the transfer If I can transfer the all the role to
001, do I still need to run the trasfer process ?
the new server will be replacing the 002 server.
"Meinolf Weber" wrote:
Hello DD,
You have 5 FSMO roles, so you can see that 002 is schema owner and
Domain owner and the other roles are at 001. See here about them:
http://support.microsoft.com/kb/223346/en-us
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties,
and
confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
This is the query , which one is FSMO ? USGS0001 OR USGS0002 ?
C:\Documents and Settings\idadmin1>netdom query fsmo
Schema owner usgs0002.kep.co.id
Domain role owner usgs0002.kep.co.id
PDC role usgs0001.kep.co.id
RID pool manager usgs0001.kep.co.id
Infrastructure owner usgs0001.kep.co.id
I will be migrating the server tomorrow, hope got your reply
bytoday.
Thanks
"Meinolf Weber" wrote:
Hello DD,
Run in a command prompt:
netdom query fsmo
For this tools you have to install the support\tools\suptools.msi
from the 2000 or 2003 installation disk.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties,
and
confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!!
http://www.blakjak.demon.co.uk/mul_crss.htm
Currently we have two server running AD, so how to verify which
one has the FSMO,
Sorry , not very goold in this area.
"Meinolf Weber" wrote:
Hello DD,
If you will take out a DC which has the FSMO roles you have to
transfer them if you like to control it. During demotion the
roles are also transferred but you have no control to which DC,
if you have more then one.
Seizing is only needed, if the FSMO role holder is crashed for
example and you are not able to transfer them from the running
machine.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no
warranties,
and
confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!!
http://www.blakjak.demon.co.uk/mul_crss.htm
Hi,
Very useful info, I have question on Transfer, NOT seize the
5 FSMO roles to the new Domain controller
(http://support.microsoft.com/kb/324801)
I must do this steps ? refer to this link
http://support.microsoft.com/default.aspx?scid=kb;en-us;325379
&s
d=
te
ch
it doesn't mentions about this steps.
"Meinolf Weber" wrote:
Hello DD,
For DHCP:
http://support.microsoft.com/default.aspx?scid=kb;en-us;32547
3
For DNS make your live easy and use AD integrated zones on
the
2000
DC, then you have just to install the new server as DC and
install
after reboot DNS role. Then just wait.
See here for migration plan:
!!!NEVER START BEFORE HAVING CREATED AND TESTED A BACKUP OF
YOU
DATA/MACHINE!!!
One question first:
Is the old server also Exchange server and will it be taken
out
of
the domain
forever, when the new server is running?
- On the old server open DNS management console and check
that
you
are running Active directory integrated zone (easier for
replication,
if you have more then one DNS server)
- run replmon from the run line or repadmin /showrepl, dcdiag
and
netdiag from the command prompt on the old machine to check
for
errors, if you have some post the complete output from the
command
here or solve them first. For this tools you have to install
the
support\tools\suptools.msi from the 2000 or 2003 installation
disk.
- run adprep /forestprep and adprep /domainprep from the 2003
installation disk against the 2000 server, with an account
that
is member of the Schema admins, to upgrade the schema to the
new
version
- Install the new machine as a member server in your existing
domain
- configure a fixed ip and set the preferred DNS server to
the old DNS server only
- run dcpromo and follow the wizard to add the 2003 server to
an existing domain
- if you are prompted for DNS configuration choose Yes (also
possible that no DNS preparation occur), then install DNS
after the reboot
- for DNS give the server time for replication, at least 15
minutes. Because you use Active directory integrated zones it
will automatically replicate the zones to the new server.
Open DNS management console to check that they appear
- if the new machine is domain controller and DNS server run
again replmon, dcdiag and netdiag on both domain controllers
- if you have no errors, make the new server Global catalog
server, open Active directory Sites and Services and then
double-click sitename, double-click Servers, click your
domain controller, right-click NTDS Settings, and then click
Properties, on the General tab, click to select the Global
catalog check box (http://support.microsoft.com/?id=313994)
- Transfer, NOT seize the 5 FSMO roles to the new Domain
controller (http://support.microsoft.com/kb/324801)
- you can see in the event viewer (Directory service) that
the roles are transferred, also give it some time
- reconfigure the DNS configuration on your NIC of the 2003
server, preferred DNS itself, secondary the old one
- if you use DHCP do not forget to reconfigure the scope
settings to point to the new installed DNS server
- export and import of DHCP database (if needed)
(http://support.microsoft.com/kb/325473)
Demoting the old DC (if needed)
- reconfigure your clients/servers that they not longer point
to
the old DC/DNS server on the NIC
- to be sure that everything runs fine, disconnect the old DC
from the network and check with clients and servers the
connectivity, logon and also with one client a restart to see
that everything is ok
- then run dcpromo to demote the old DC, if it works fine the
machine will move from the DC's OU to the computers
container, where you can delete it by hand. Can be that you
got an error during demoting at the beginning, then uncheck
the Global catalog on that DC and try again
- check the DNS management console, that all entries from the
machine are disappeared or delete them by hand if the machine
is off the network for ever
- also you have to start AD sites and services and delete the
old servername under the site, this will not be done during
promotion
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no
warranties,
and
confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!!
http://www.blakjak.demon.co.uk/mul_crss.htm
We will replace the old windows 2k DC to the new windows
2003 DC , thd old win 2K running as DNS server, can i
migrate the dns and dhcp from the old 2K DC to the new 2003
DC ?
- Follow-Ups:
- Re: Migrate to new server
- From: Meinolf Weber
- Re: Migrate to new server
- References:
- Re: Migrate to new server
- From: Meinolf Weber
- Re: Migrate to new server
- Prev by Date: Re: Migrate to new server
- Next by Date: Re: Migrate to new server
- Previous by thread: Re: Migrate to new server
- Next by thread: Re: Migrate to new server
- Index(es):
Relevant Pages
|
