RE: NT4-2003 Migration woes

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: Janet (janetb_at_mtn.ncahec.org)
Date: 02/24/04 

Date: Tue, 24 Feb 2004 08:02:12 -0800

Joe,
Thanks so much for the reply - I'm new at this, so please
chuckle quietly...

1. Ping by both ip and servername resolve at both
servers.; Trust relationships okay and verified from the
2003 machine.
2. The NT machine is 128-bit, and I thought I set up the
2003 server that way. In trying to double-check myself,
how do I find it now?
3. Reboot has been done many times since the
AllowPasswordExport was changed to 1.
4. The restrict anonymous=0 is set this way.
4a. The Pre-Windows 2000 Compatible Access includes
Everyone and Anonymous Logon, but how do I check the
permissions on the item below you listed last?

Thanks so much,
Janet

>-----Original Message-----
>Hello Janet,
>
>Thank you for your post.
>
>I would like to check the following first.
>
>1. Which DNS server do you set on the Windows NT domain
controller? We need
>to ensure that the name resolution works.
>
>2. Are both domain controller 128-bit encryption?
>
>3. Has the PES server (Windows NT DC) been rebooted
after adding
>AllowPasswordExport registry entry?
>
>4. Have you adjusted the following on the target DC?
>
>- RestrictAnonymous=0.
>
>- The Pre-Windows 2000 Compatible Access group has Read
permissions on
>"CN=Server,CN=System,DC={targetdom},DC={tld}".
>
>I look forward to your reply. Thanks and have a great
day!
>
>Regards,
>Joe Wu
>Product Support Services
>Microsoft Corporation
>
>Get Secure! - www.microsoft.com/security
>
>====================================================
>When responding to posts, please "Reply to Group" via
your newsreader so
>that others may learn and benefit from your issue.
>====================================================
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>
>--------------------
>|Content-Class: urn:content-classes:message
>|From: "Janet" <janetb@mtn.ncahec.org>
>|Sender: "Janet" <janetb@mtn.ncahec.org>
>|Subject: NT4-2003 Migration woes
>|Date: Mon, 23 Feb 2004 13:39:56 -0800
>|Lines: 55
>|Message-ID: <008101c3fa55$9433e920$a001280a@phx.gbl>
>|MIME-Version: 1.0
>|Content-Type: text/plain;
>| charset="iso-8859-1"
>|Content-Transfer-Encoding: 7bit
>|X-Newsreader: Microsoft CDO for Windows 2000
>|X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
>|Thread-Index: AcP6VZQzICAnRWe2QEC4+cVxk/KBKw==
>|Newsgroups: microsoft.public.windows.server.migration
>|Path: cpmsftngxa06.phx.gbl
>|Xref: cpmsftngxa06.phx.gbl
microsoft.public.windows.server.migration:8176
>|NNTP-Posting-Host: tk2msftngxa08.phx.gbl 10.40.1.160
>|X-Tomcat-NG: microsoft.public.windows.server.migration
>|
>|I got to the migration step where you actually start
the
>|migration tool on 2003, and got the error "Unable to
>|establish a session with the password export service.
The
>|source server does not have the password migration
>|component installed." However, it is installed and is
>|showing in add/remove programs. There were no errors
>|during the installation of pwdmig.exe from the 2003 cd.
I
>|made the registry change to password export, and added
>|tcpipclientsupport=1. But after the reboot, the
password
>|export was back to 0, so I changed it back to 1.
>|
>|Read:
>|http://www.microsoft.com/technet/treeview/default.asp?
>|url=/technet/prodtechnol/windowsserver2003/proddocs/depl
oy
>|guide/dssbi_reer_ewjo.asp
>|
>|and: http://support.microsoft.com/?id=322981
>|
>|1. I double-checked the localgroup (Pre-2000...)
settings
>|by trying to re-add and both said the command could not
>|be completed because that was the current setting.
>|2. I created a NEW key. I only have ONE 2003 server.
And
>|there is only ONE PDC.
>|3. I went to the PDC-NT server, uninstalled the pwmig,
>|rebooted, reinstalled pwmig.exe with the NEW key (no
>|errors), rebooted.
>|4. Verified the
>|HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
>|allowpasswordExport=1
>|5. Verified the
>|HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
>|tcpipclientsupport=1
>|6. Rebooted 2003 server
>|
>|Started up the Migration tool and received the same
>|error: "Unable to establish a session with the password
>|export server. The source server does not have the
>|password migration componennt installed."
>|
>|
>|But, just in case, I used: regsvr32 winnt\system32
>|\pwmig.dll (it's dated 3/25/2003 but is shown as
accessed
>|2/23/2004). The registration is successful, but with
the
>|following message: "pwmig.dll was loaded, but the dll
>|register server entry point was not found. "
>|
>|Is this a register dll problem on my NT server and so
the
>|2003 server doesn't think that I installed the pwmig
>|files? Can I manually register all of the appropriate
>|dlls?
>|
>|Anybody got any ideas?
>|
>|Janet
>|
>|
>
>.
>

Relevant Pages