Re: Problem with migrating SIDs

Actually we had to rebuilt the trust relationship, although all diagnostics said it was functional.

As I posted we had already tried everything from the manual and troubleshooting guides.

---
mirco

"Morgan che(MSFT)" <v-morche@xxxxxxxxxxxxxxxxxxxx> schrieb im Newsbeitrag news:W3ib2AjmIHA.9016@xxxxxxxxxxxxxxxxxxxxxxxxx
Hi,

Thanks for posting here.

For the error message "Could not verify auditing and TcpipClientSupport on
domains. Will not be able to migrate SID's. The specified domain either
does not exist or could not be contacted.", it's probably caused by the
following factors:

1). TcpipClientSupport is not enabled and set to 1 on the source DC.

2). Account Management Audit was not enabled on either the source domain or
the target domain.

3). Networking or DNS issue that caused domain resolution failure.

Suggestion:
========

<1> To enable "TcpipClientSupport", please do the following:

1). While you are logged on to the PDC in the source domain, click Start,
and then click Run.

2). In Open, type regedit, and then click OK.

3). In Registry Editor, navigate to the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA

4). On the Edit menu, point to New, and then click DWORD Value.

5). Type TcpipClientSupport in the name field, and then press ENTER.

6). Double-click TcpipClientSupport.

7). In Value data, type 1, and then click OK.

8). Close Registry Editor, and then restart the computer.

<2> To enable Audit on both DCs, please modify the Default domain
Controller Policy as below:

1). Log on as an administrator to any computer in the target domain.

2). Click Start, point to All Programs, point to Administrative Tools, and
then
Click Active Directory Users and Computers.

3). In the console tree, double-click the domain, right-click the Domain
Controllers OU, and then click Properties.

4). On the Group Policy tab, click Default Domain Controllers Policy, and
then
click Edit.

5). Double-click Computer Configuration, double-click Windows Settings,
double-click Security Settings, double-click Local Policies, and then click
Audit Policy.

6). Double-click Audit account management, and then select both the Success
and
Failure check boxes.

7). Click Apply, and then click OK.

8). Wait till the policy replicated to all DCs, then on DCs, run 'gpupdate
/force' on the DCs to apply the policy.

<3> For networking or DNS issues, please check run Dcdiag and Netdiag to
test the network.

For more information, about Dcdiag and Netdiag, you can refer to:

Dcdiag Overview:
http://technet2.microsoft.com/WindowsServer/en/library/f7396ad6-0baa-4e66-8d
18-17f83c5e4e6c1033.mspx?mfr=true

How to use Netdiag to test networking connectivity:
http://support.microsoft.com/kb/321708/

After performing the above steps, if this issue still persists, please get
back to me with following information:

1) what migration scenario you are involved in : from Windows Server 2000
to 2003 or whatever?

2) please also send me the latest migration log file as well as output of
Netdiag /v and Dcdiag /e via
v-morche@xxxxxxxxxxxxxx


More information
===================

ADMT v3 Migration Guide
http://www.microsoft.com/downloads/details.aspx?familyid=D99EF770-3BBB-4B9E-
A8BC-01E9F7EF7342&displaylang=en

How to use Active Directory Migration Tool version 2 to migrate from
Windows 2000 to Windows Server 2003
http://support.microsoft.com/kb/326480/en-us

I hope this helps. If anything is unclear, please feel free to post back.

Have a nice day!



Sincerely
Morgan Che
Microsoft Online Support
Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.


--------------------
--->From: "Mirco Wilhelm" <mircow@xxxxxxx>
--->Subject: Problem with migrating SIDs
--->Date: Wed, 9 Apr 2008 09:42:12 +0200
--->Lines: 25
--->Message-ID: <BA3E99CE-39ED-4CBE-938D-7ABC49A0DBF0@xxxxxxxxxxxxx>
--->MIME-Version: 1.0
--->Content-Type: text/plain;
---> format=flowed;
---> charset="iso-8859-1";
---> reply-type=original
--->Content-Transfer-Encoding: 7bit
--->X-Priority: 3
--->X-MSMail-Priority: Normal
--->X-Newsreader: Microsoft Windows Mail 6.0.6001.18000
--->X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18000
--->X-MS-CommunityGroup-MessageCategory:
{E4FCE0A9-75B4-4168-BFF9-16C22D8747EC}
--->X-MS-CommunityGroup-PostID: {BA3E99CE-39ED-4CBE-938D-7ABC49A0DBF0}
--->Newsgroups: microsoft.public.windows.server.migration
--->Path: TK2MSFTNGHUB02.phx.gbl
--->Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.windows.server.migration:3377
--->NNTP-Posting-Host: TK2MSFTNGHUB02.phx.gbl 127.0.0.1
--->X-Tomcat-NG: microsoft.public.windows.server.migration
--->
--->Hi,
--->
--->one of my problems, migrating this domain yesterday had been DNS
resolution
--->which I could finally solve last night. Today it doesn't seem to
work...
--->again.
--->
--->When trying to migrate user account I get the following message on the
SID
--->page of the migration wizard:
--->
--->"Could not verify auditing and TcpipClientSupport on domains. Will not
be
--->able to migrate SID's. The specified domain either does not exist or
could
--->not be contacted."
--->
--->Since I've known this error from previous migrations, I checked all
--->necessary setting on the domain controllers and they all are as
required by
--->the manual (DomainMig.chm), but the error doesn't disappear.
--->
--->Using nslookup I can resolve all domain controllers of the source and
the
--->target domain from both sides.
--->
--->Did I miss anything?
--->
--->---
--->mirco
--->
--->


.

Relevant Pages

  • RE: Problem with migrating SIDs
    ... TcpipClientSupport is not enabled and set to 1 on the source DC. ... Controller Policy as below: ... please check run Dcdiag and Netdiag to ...
    (microsoft.public.windows.server.migration)
  • Re: [RFC 2.6.11-rc2-mm2 0/7] mm: manual page migration -- overview II
    ... in ld.so and let it apply the necessary policy. ... > update the object's memory policy to match the new node locations ... > the result is that migration happens as part of the call. ... + node mask length. ...
    (Linux-Kernel)
  • Re: Password Policy
    ... If you have different settings between old and new DC's, it seems fro a replication problem between the DC's. ... If you don't have the support tools installed, install them from your server install disk. ... Run dcdiag, netdiag and repadmin in verbose mode. ... I have a Password policy in the Default Domain Group Policy. ...
    (microsoft.public.windows.group_policy)
  • RE: A way to NOT force password change after password migration
    ... password complexity turned on in the default policy. ... migration and they will still work just fine. ... > If the NT/user password does not meet the password policy in win2k3 domain, ...
    (microsoft.public.windows.server.migration)
  • Re: [RFC 2.6.11-rc2-mm2 0/7] mm: manual page migration -- overview II
    ... implemented very simple page migration into NUMA API ... It just considers no policy as "DEFAULT" policy which ... > Yes, so long as the rest of the cases were handled in user space, then ...
    (Linux-Kernel)