Re: HELP!! Cannot Find Domain When Logging on to Windows Server 20

Tech-Archive recommends: Fix windows errors by optimizing your registry

binarydaddy <binarydaddy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
LAN,

Well it seems apparent that I did not know what I was doing:( I
guess I can tell you what I have done since installing the new server
and you can tell me if what I did makes sense and if you see that
there is anything else I need to do. Looks like a refresher course
in server installation might be a good thing for me at this point:(

Set up a lab - virtual servers make this stuff easy. The whole point of AD
is that you're not limited to a single server with a local SAM - you can add
domain controllers, retire old ones, etc - you pretty much never need to do
what you did. Migrations and server work also require careful planning, and
research beforehand...don't just charge in, even if you're absolutely sure
of what you're doing.

I hope you don't take this badly, but you've gotten the network into a bit
of a dog's breakfast now, and the client has a right to be annoyed. You
should be able to fix this, but it's going to take some work - you may
consider bringing in someone else with a bit more experience to help out &
speed the process; it will likely pay for itself quickly enough.


Okay...so yes, I basically installed everything on the new server,
verified the settings, policies, AD and components were identical to
the old server.

To the human eye, they may have been. However, the SIDs are entirely
different. What you have now is a brand new domain - with brand new user
accounts, and so forth.

I then backed up data and the email store through
WinBackup

NTBackup?

and shut down the old server. I then restored the data and
email to the new server.

If you were using Exchange, and were able to do this, you were d__d lucky if
you got the stores to mount cleanly (or at all).


Once complete, it seemed the main problem we had was that email wasnt
reconnecting as it should have. The solution I know of and confirmed
on this discussion board was to first, try to disable and reenable
the cached exchange mode (including rebooting before and after to get
a fresh updated ost file). WHen that didnt seem to work, I then
recreated a fresh profile on each machine and that seemed to take
care of that.

No, you will still have problems. Disjoin the workstations from the old
domain (which no longer exists, remember) & put them in a workgroup. Rejoin
the new domain.

You will have orphaned your user profiles - what you may wish to do first
is:

While the computer is still in domain A, create a local user account,
clearly named to distinguish it from the domain user (e.g, LauraLocal as
opposed to Laura).
Log in once as the local user account.
Log out.
Log back in as an account with admin rights (but *not* the real domain user)
Go to control panel, system, advanced....in User Profiles, click the
Settings button
Select the domain user's profile, click on Copy To, and browse to the new
local user's c:\documents and settings\username folder.
Click OK.
Click the Change button in "Permitted to use" and pick Everyone
Close out.
Log in as the local user and make sure the settings look right.

If so, you should be good to go...disjoin the computer from the domain,
making sure you know the local admin credentials....and then join the new
one.

Then, you can reverse the process, so the new domain user has the local
profile copied up to *it*.



The next issue that has been ongoing is that users where not able to
login from time to time to the domain

Not surprising!

at the bootup screen of XP Pro.
After much runaround on here and so forth, this morning I changed all
of their internal PC's to static IP's

Not necessary -

and specified the DNS address
on the server and am about to remote into the server and add the DNS
host records. What confuses me is that the DHCP and DNS services on
the old server had added the host files in DNS through DHCP.

Host files aren't relevant to DNS, so I don't think that's what you mean....

It has
not done that on the new server

How did you set up DNS and DHCP on the new server? You should have
AD-integrated DNS running, and the DHCP server should be dishing out *only*
the internal IP address of the new server for DNS. No public DNS servers.
The primary DNS suffix must be correct & match the AD domain name (e.g.,
company.local). Automatic client DNS registration should be happening
....well, automatically.

which is what prompted me to change
to static IP's and add the host records manually since I am leary of
adding DNS records for DHCP clients when their leases could expire
and thus giving them new IP's that are different from those
associated to their respective computer names on the DNS records.

Don't mess around in your DNS.... at least not yet.

Again...just what I am seeing and trying to determine...If I am wrong
on this, please let me know:(

So as of now, the issues seem to all be worked out

I wouldn't say that, not yet...

and this change to
the DNS and static IP's appears to be what the concensus is

You haven't mentioned what you did with DNS, and you should not need static
IPs.

on MS
Newsgroups as to what the problem is and what needs to be done to fix
it. Again, please inform me if I am wrong and what to do.

See if the above helps.

FInally...a third party app on one of the local machines had
attempted to pull the new profiles I created for Outlook into a PST
file instead of a general mailbox. I have seen this issue once
before and it did the same thing as before by exchange seeing the
problem and stopping the profile setup and deleting the PST
file...reverting back to the original profile when it had failed.
However, this time around, the pst file was deleted automatically
when the error occurred and about 1 weeks worth of email was already
in the pst file when it was deleted (pulled in 1 week to the inbox in
about 2 seconds before failing and deleting).

I don't understand how a PST file could be automatically deleted from the
system - search for it! If the mail was downloaded to it, it wouldn't be a
single PST file for multiple mail profiles. But, if you have mail that was
downloaded to PST, and then the PST file was deleted & can't be recovered,
and you have no backup of the mail store made prior to that, the data is
gone. PST files don't belong on a network w/Exchange.

If this third party app causes problems, uninstall or disable it for now.

Fix your profile problems & many issues should go away. You need to edit
your mail profiles so there are no PST files or Internet mail in them. Just
Exchange.

In reference to the above, the old server was setup by a different
company had not been backing up exchange at all. We spotted the
issue and let WinBackup do exchange backups on the new server. The
problem is that I am not able to restore the individual messages
through the WinBackups because it is prompting me to restore the
entire mailbox from a specific date...which doesnt include mail from
the period after the backup was finished...thus the potential of
losing more email (have I lost you yet??).

Normal NTBackup does not back up invididual mailboxes - it backs up the
whole store. If you have E2003 and up you have the Recovery Storage Group as
an option, but that isn't for the faint of heart. If you support Exchange
you should start doing a little reading up on this stuff, seriously. :-)

So...we found out later that the weeks worth of email was lost and the
backups only went back 1 week and had already been updated. We have
since then recovered local mail from inside users from that date
range...but the backups have since been overwritten

Ouch. This is Not Good. Backup media should be stored offsite.

and the email
from that range from outside sources is no longer avialable. The old
server did not have recovery storage group setup...but they had
Backup Exec 11d that could have been used. They did not have the
media for that until recently and we have set it up to back up and
allow recovery of individual messages through backup exec and
extended their backup schedule to three weeks of full backups.

I don't personally recommend brick/mailbox-level backups - I use BE in some
locations, but I only back up the stores. Brick level sucks up way too much
time/media and is useless for disaster recovery -use it only if you're also
doing full online backups which purge the committed transaction logs.

I just say that to make sure I am covering every detail based on what
we did and the issues we have come across and our solutions to them.
If you see anything in here that catches you as being incorrect or a
different solution recommended...please let me know:) Thanks, LAN,
for your help.

FYI - I know some of this is exchange related...but given the
circumstances, I wanted to cover everything in one thread so you can
see what was done and offer any solutions without referring to other
posts. Also...if in fact you might be able to offer any assistance
off of this discussion board, my email address is bstossel@xxxxxxxxx
if you would allow me to forward you any useful information via
screenshots or otherwise. I cant afford $250+ a pop for some MS
flunky to try and guide me over the phone...I have wasted over $600
through that service and nothing has been fixed. I get better help
from guys like you and you personally have replied to numerous
threads of mine and your input is the best so far...thanks again and
sorry for the lengthiness.

No problem. Hope this helps. Sorry, can't do individual email support unless
you want to pay *my* consulting fees :-)

binarydaddy <binarydaddy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Danny,

While your input seems logical...this is a single server
environment. The old server was setup improperly about 4 years ago
and it was only a matter of time before the 9GB primary partition
was going to be full after updates and service packs.

Yes, understood, but that isn't really relevant here, I think.

The new server is a replacement to the old server and the old server
was the only server. This is a small environment (only about 15
users total). The old and new server are acting as a DC, File
Server, DNS and DHCP Server...as well as an exchange server.

But exactly *how* did you install the new server? Based on your
description, it isn't clear. This should have been simple - set up
the R2 server in the existing domain as a member server, than do the
schema updates for R2 and promote it to a DC. Then install Exchange,
and mov mailboxes & rehome public folders (never ever run dcpromo on
an Exchange server).

Then you'd install DHCP/WINS, copy your data files (I like robocopy
with the /sec switch), make sure the new server has AD-integrated
DNS working properly, make it a GC.....and transfer the FSMO roles
to the new server. Then followed the official procedures for
removing the first Exchange server from the domain. At that point,
you could've kept the old one up as a secondary DC or shut it
down...everything would be on the new box.

If you didn't do the above, what you've got now is a totally
different AD domain, regardless of what you named it,and in that
case, yes, loads of things aren't going to work right. Your
computers would all need to be disjoined/rejoined to the new domain,
your user profiles migrated (ugh), and all sorts of ugly tweaks
would likely be required.





So unless there is still some validity in your resolution to the the
problem in a single server environemnt...I am not sure that it will
help.

I will say that after much research...I think it is a DNS problem.
The remote users arent having any problems. Only local users...and
I see that if I were to specify the DNS server address but let the
DHCP handle the rest of the requests...everything should work just
fine. Does this sound like a viable solution?

One of the biggest issues yet to be fixed is that some users
cannot connect
at initial login. They get Domain not found or not available.

This is a symptom of DNS not being setup properly.

Only happens with certain
users. Once we setup the new server, mimicing the old one's
settings, we were able to reestablish connections just fine. But
than, several users get
this error and it takes sometimes 5+ attempts before they can
connect to the
domain. All user accounts and settings were recreated with same
settings as
the old server.


My concern is with this step. When you set up the new server was it
connected to the existing domain?

The proper way to set up a new server in an existing AD domain is
to add the server to the domain as a member server, then run
dcpromo to make it a DC. Running dcpromo without the server being
connected to the existing domain will create a new domain. Even if
you gave it the same name as the old, it's still a new domain to
the AD clients because the SID is different. Different SID = new
domain to the clients of the old domain. This "sounds" like what
happened in your case because of this: " All user accounts and
settings were recreated with same settings as
the old server." statement.

Done correctly the user accounts would replicate from the old
server to the new server and there would be no need to recreate
the user accounts.

Sorry to say this but if you are recreating the accounts you have
done something wrong. My guess is that the new server was installed
while not in communication with the existing domain and you now
have 2 domains with the same name.

I would suggest running dcpromo to the new server to make it a
member server, depending on how many users were actually using the
new domain you created on this server, you may have to manually go
to each desktop and move them to a workgroup, then move them back
into the original domain. Once all users are in the original
domain, add the new server to the domain as a member server (the
same way you would add a client PC to the domain). Once the new
server is added to the domain then run dcpromo to make it a DC.
The user accounts will replicate to the new server. This MUST be
done while the new server is connected to the existing domain.
After this it's just a matter of setting the DNS as AD integrated
(DNS info will replicate to the new server) making the new server
a global catalog, transferring the 5 FSMO roles from the old
server to the new server, restoring user files. If using DHCP you
would change the entry of the DNS server from the old server's IP
address to the new servers IP address, otherwise you would have to
do this manually. At this point you should be ready to run dcpromo
on the old server to make it a member server but I would suggest
keeping it up and running because if the new server goes belly up
there is a second server in the domain to hold the "AD info and
user accounts" while you rebuild the failed server WITHOUT
creating a new domain.


hth
DDS


"binarydaddy" <binarydaddy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:1B3BBDE5-A2F7-48C8-B6AF-901AB708EE83@xxxxxxxxxxxxxxxx
Morning,

I have a client who we took over 3 months ago that was having
issues with their old server with WinSvr2003 and Exchange 2003.
Previous consultant setup their Local Disk as a 9GB partition and
it became full soon after we took over the account. We
recommended resizing the partition with a server
grade partitioning app. However, they decided rather than doing
that or reformatting and restoring backups, they would buy new
server.

Did not have discs for Windows Server 2003...so they bought 2003
R2 (not for
profit with limited purchasing capabilities through TechSoup). We
have not
done many server replacements in the past, but all have been with
same OS and
app versions.

We are having loads of issues now and the client insists its our
fault, not
theirs or the previous company's. We simply restored the backups
on to the
new server from the old (compnay docs and exchange DB).

One of the biggest issues yet to be fixed is that some users
cannot connect
at initial login. They get Domain not found or not available.
There is nothing on the server to indicate any problems. Only
happens with certain users. Once we setup the new server,
mimicing the old one's settings, we were able to reestablish
connections just fine. But than, several users get
this error and it takes sometimes 5+ attempts before they can
connect to the
domain. All user accounts and settings were recreated with same
settings as
the old server.

Is there something that jumps out at someone as to why this is
happening and
some quick fix to resolve the problem?

Also...they now want to setup the PC's so that all users can
access all PC's
if a machine goes down (roaming profiles). Some machines are
allowing other
users to login, others are not. How would I set that up so that
all PC's can
be accessed? And where do I find the profiles to copy over and
where do I copy that too?

I consider myself fairly knowledgable...but all of these issues
are making me think less of my IT abilities after 10 years. I am
so lost and if I had
$250 avialable to me...I would just call MS and have someone hold
my hand...but I don't:( Please help me...the client is ready to
fire us. --
Thanks,

Binarydaddy
IT Consultant
Northwest Ohio



.

Quantcast