Re: ADMT trouble: "Could not contact PDC" while migrating user acc
From: Marina Roos [SBS-MVP] (marina_at_roos.nodontwantspam.nl.com)
Date: 11/10/04
- Next message: Harlequin: "Re: DNS & NSLOOKUP"
- Previous message: Marina Roos [SBS-MVP]: "Re: Active directory migration tool, access denied"
- In reply to: Steve Western: "Re: ADMT trouble: "Could not contact PDC" while migrating user acc"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 10 Nov 2004 13:34:22 +0100
Hi Steve,
Thanks for reporting back and posting the solution.
Hope you are happy now!
-- Regards, Marina Microsoft SBS-MVP "Steve Western" <SteveWestern@discussions.microsoft.com> schreef in bericht news:DE3370A5-893F-454F-8441-5E45484053D9@microsoft.com... > Thanks to all for help with this : > My problem was resolved by.. > Starting Remote Registry Services on the Source. ( I didn't disable it !?) > Regedt32 > Path HKLM\System\CurrentControlSet\Control\SecurePipeServers\Winreq > Set permissions for Administrator Access > Path HKLM\System\CurrentControlSet\Control\SecurePipeServers\LSA > check TcPipClientSupport Key exists ( SBS2000 SP1 adds it ) > Check permissions set for Administrator Access > > Ensure Default Domain Policy has Auditing set to Success / Failure for > Account Management on Source & Target > Run gpupdate /force > > If Cannot Contact PDC error is replaced by Cannot verify Audit Policy ... > Local group not found - > Delete the Source domain group for auditing eg smallbusiness$$$ > Restart ADMT > This will then Prompt to create ( recreate ) the Source $$$ group. > Also prompts that Target Audit Policies are not enabled. ( They show as such > in the Management Consol ? ) Allow ADMT to fix it. > All should now xfer > > Regarding the above Registry permission additions, this was done before > deleting the Source $$$ group and allowing ADMT to create it, so maybe they > are not essential. > Regards Steve > > > > > > > "PROCYON MSFT SUPPORT TEAM" wrote: > > > Many Thanks, Marina. > > I was used to writing with caps, but > > I have learned something new! > > > > Keep up the good work! > > > > "Marina Roos [SBS-MVP]" wrote: > > > > > Yes, your solution sounds as shouting, because you are using Caps, and that > > > is considered as shouting. > > > Also, your problem shouldn't have existed in the first place, as the remote > > > registry service should have been running default. But it might help others > > > to check for that service. > > > > > > -- > > > Regards, > > > > > > Marina > > > Microsoft SBS-MVP > > > > > > "PROCYON MSFT SUPPORT TEAM" > > > <PROCYONMSFTSUPPORTTEAM@discussions.microsoft.com> schreef in bericht > > > news:B2AAB5CC-C52A-4712-B99C-02F0ABB383D1@microsoft.com... > > > > HE! > > > > WHY SUCH AN ATTACK! > > > > ARE WE HAVING ANOTHER PROBLEM? > > > > CAN'T WE JUST WAIT TILL THE OTHERS TRY MY SOLUTION, AND WAIT FOR THEIR > > > > RESPONSE? > > > > AND AFTER ALL, YOU AS SBS MVP'S SHOULD NOT ACT SO! > > > > DID MY SOLUTION SOUNDS AS IF I WAS SHOUTING?? > > > > I JUST WANT TO HELP PEOPLE HAVING PROBLEMS! O.K. > > > > AND NOT TO HAVE A NEWSGROUP WAR! > > > > > > > > THANKS FOR THAT ADVICE, GUMBY! > > > > > > > > "SuperGumby [SBS MVP]" wrote: > > > > > > > > > I think you may find that many of your problems are either due to a > > > faulty > > > > > keyboard or between the keyboard and the chair. > > > > > > > > > > "PROCYON MSFT SUPPORT TEAM" > > > > > <PROCYONMSFTSUPPORTTEAM@discussions.microsoft.com> wrote in message > > > > > news:700FF667-C54B-4554-A452-3E3867D17807@microsoft.com... > > > > > > DO YOU HAVE THE PROBLEM? > > > > > > JUST TRY IT OUT! > > > > > > I BET THE SERVICE IS NOT STARTED! > > > > > > IF IT IS, THAN I CAN NOT HELP YOU GUYS! > > > > > > BECAUSE IT WORKED IN OUR PROJECT! > > > > > > > > > > > > > > > > > > "Marina Roos [SBS-MVP]" wrote: > > > > > > > > > > > > > No need to shout! > > > > > > > > > > > > > > The Remote Registry Service should be set to automatic, and thus > > > have > > > > > > > started automatically. > > > > > > > > > > > > > > -- > > > > > > > Regards, > > > > > > > > > > > > > > Marina > > > > > > > Microsoft SBS-MVP > > > > > > > > > > > > > > "PROCYON MSFT SUPPORT TEAM" > > > > > > > <PROCYONMSFTSUPPORTTEAM@discussions.microsoft.com> schreef in > > > bericht > > > > > > > news:90C73F66-FC0B-4DCF-8729-D0186EF25B4F@microsoft.com... > > > > > > > > HI YOU ALL, > > > > > > > > I THINK WE CAN FINALLY TAKE A DEEP BREATH! > > > > > > > > THIS THING WAS VERY FRUSTRATING TO US AND OUR CUSTOMER, BECAUSE AT > > > > > FIRST > > > > > > > OUR > > > > > > > > CUSTOMER DID NOT HAVE SOFTWARE ASSURANCE AND SECOND, THIS PDC > > > PROBLEM. > > > > > BUT > > > > > > > > O.K. EVERYTHING WORKED OUT FINE. WE ARE STILL BUSSY WITH THE > > > PROJECT > > > > > BUT > > > > > > > WITH > > > > > > > > OTHER PARTS OF IT. FAR AWAY FROM THE PDC PROBLEM. > > > > > > > > > > > > > > > > HERE IS OUR SOLUTION TO THE PROBLEM: > > > > > > > > I THINK THAT THERE HAVE TO COME A PATCH FOR THE ADMT, TO MAKE > > > ERROR > > > > > > > MESSAGES > > > > > > > > CLEARER. > > > > > > > > WE TRIED AND TRIED AND ...... YES! > > > > > > > > JUST GO TO THE SOURCE DOMAIN CONTROLLER (YOUR SBS 2000 SERVER) AND > > > > > JUST > > > > > > > > CLICK "START" >> "RUN" >> AND TYPE IN "SERVICES.MSC" TO START THE > > > > > CONSOLE > > > > > > > FOR > > > > > > > > THE SERVICES RUNNING ON THE SERVER. LOOK FOR A SERVICE CALLED > > > "REMOTE > > > > > > > > REGISTRY SERVICE" AND START THE SERVICE. > > > > > > > > JUST TRY THE MIGRATION TOOL AGAIN WITH THE SID CHECK BOX CHECKED! > > > > > > > > I HOPE IT WORKS FOR YOU, BEACAUSE IT WORKED FOR US. I THINK THIS > > > > > SERVICE > > > > > > > > NEEDS TO BE STARTED FOR THE ADMT TOOL TO DO SOME STUFF ON THE > > > SOURCE. > > > > > YOU > > > > > > > > WILL GET THE PROMTS FOR CREATING THE STUFFS ON THE SOURCE SERVER > > > AND > > > > > TO > > > > > > > > ENABLE AUDITING! > > > > > > > > > > > > > > > > O.K. > > > > > > > > HOPE THAT WAS HELPFULL AND LOOKING FORWARD TO ANOTHER PROBLEM! > > > > > > > > > > > > > > > > "Jim Behning SBS MVP" wrote: > > > > > > > > > > > > > > > > > You cannot have foreign dns. All nics should point to only > > > internal > > > > > > > > > dns. You enter isp dns as forwarders in the SBS dns. Many > > > articles > > > > > > > > > about that. Your SBS has dns running to allow Active Directory > > > to > > > > > > > > > work properly. When you enter isp dns entries the AD may make > > > > > queries > > > > > > > > > to the external dns for AD answers. That does not work. When you > > > > > read > > > > > > > > > this newsgroup you will see many requests for ipconfig/all. That > > > is > > > > > so > > > > > > > > > we can doublecheck to make sure that has not been micsonfigured. > > > > > Even > > > > > > > > > if your old SBS seemed to working ok with your nic misconfigured > > > it > > > > > > > > > was not working as it should. This becaome glaringly apparent > > > when > > > > > > > > > trying to do this migration. > > > > > > > > > > > > > > > > > > The migration article mentions that the dns is to point to the > > > > > > > > > servers, not to isps. See page 19 for some info on that. I see > > > the > > > > > > > > > article mentions you are supposed to remove all isp dns entries > > > from > > > > > > > > > forwarders during the migration. That also assumes that you have > > > all > > > > > > > > > SBS's nic properly configured to only point to their ips for > > > dns. I > > > > > > > > > think the article also mentions disabling the external nics > > > during > > > > > > > > > migration. > > > > > > > > > > > > > > > > > > Another gotcha. Your workstations should have their nics set to > > > dhcp > > > > > > > > > and they should be getting their dhcp serviced by the SBS, not > > > some > > > > > > > > > router. > > > > > > > > > > > > > > > > > > "Steve Western" <SteveWestern@discussions.microsoft.com> wrote: > > > > > > > > > > > > > > > > > > >Hi Marina, > > > > > > > > > >Multiple IP on Source is used for an internal Web Site. > > > > > > > > > >Foreign DNS on source is pointing to our ISP DNS Server > > > > > > > > > >Ditto Foreign DNS or Target. > > > > > > > > > >I followed Migration Paper re DNS forwarders. This did not > > > remove > > > > > DNS > > > > > > > IP's > > > > > > > > > >in the NIC properties pane. > > > > > > > > > >The external inteface is disconnected on both PC's > > > > > > > > > >What should I aim for here? > > > > > > > > > >eg strip out all Foreign DNS refs, remove the extra source IP, > > > > > force > > > > > > > source > > > > > > > > > >NIC to point to source DNS server? > > > > > > > > > >Is there a reference IPConfig I can use ? > > > > > > > > > >Regards > > > > > > > > > >Steve > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >"Marina Roos [SBS-MVP]" wrote: > > > > > > > > > > > > > > > > > > > >> Hi Steve, > > > > > > > > > >> > > > > > > > > > >> Not yet ;-) > > > > > > > > > >> > > > > > > > > > >> Your 2000 config doesn't make sense to me. You have multiple > > > IP's > > > > > on > > > > > > > the > > > > > > > > > >> nic, you have foreign DNS numbers. > > > > > > > > > >> > > > > > > > > > >> Your 2003 config is wrong too. Foreign dns numbers. You have > > > not > > > > > > > followed > > > > > > > > > >> the migration papers too well. > > > > > > > > > >> > > > > > > > > > >> -- > > > > > > > > > >> Regards, > > > > > > > > > >> > > > > > > > > > >> Marina > > > > > > > > > >> Microsoft SBS-MVP > > > > > > > > > >> > > > > > > > > > >> "Steve Western" <SteveWestern@discussions.microsoft.com> > > > schreef > > > > > in > > > > > > > bericht > > > > > > > > > >> news:0574E32F-9783-45F9-AE75-2AE4CC357437@microsoft.com... > > > > > > > > > >> > Hi Marina, > > > > > > > > > >> > So you have nothing "better" to do saturday too! > > > > > > > > > >> > IPConfig /all as requested. > > > > > > > > > >> > > > > > > > > > > >> > Source SBS2000 Config > > > > > > > > > >> > > > > > > > > > > >> > Windows 2000 IP Configuration > > > > > > > > > >> > Host Name . . . . . . . . . . . . : ntserver1 > > > > > > > > > >> > Primary DNS Suffix . . . . . . . : smallbusiness.local > > > > > > > > > >> > Node Type . . . . . . . . . . . . : Hybrid > > > > > > > > > >> > IP Routing Enabled. . . . . . . . : Yes > > > > > > > > > >> > WINS Proxy Enabled. . . . . . . . : No > > > > > > > > > >> > DNS Suffix Search List. . . . . . : smallbusiness.local > > > > > > > > > >> > > > > > > > > > > >> > Ethernet adapter Local Area Connection: > > > > > > > > > >> > Connection-specific DNS Suffix . : > > > > > > > > > >> > Description . . . . . . . . . . . : Broadcom NetXtreme > > > Gigabit > > > > > > > Ethernet > > > > > > > > > >> > Physical Address. . . . . . . . . : 00-06-5B-8E-93-F2 > > > > > > > > > >> > DHCP Enabled. . . . . . . . . . . : No > > > > > > > > > >> > IP Address. . . . . . . . . . . . : 10.0.0.4 > > > > > > > > > >> > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > > > > > > > > > >> > IP Address. . . . . . . . . . . . : 10.0.0.2 > > > > > > > > > >> > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > > > > > > > > > >> > Default Gateway . . . . . . . . . : 10.0.0.100 > > > > > > > > > >> > DNS Servers . . . . . . . . . . . : 213.131.170.10 > > > > > > > > > >> > Primary WINS Server . . . . . . . : 10.0.0.2 > > > > > > > > > >> > > > > > > > > > > >> > > > > > > > > > > >> > Target SBS2003 Config > > > > > > > > > >> > > > > > > > > > > >> > Windows IP Configuration > > > > > > > > > >> > Host Name . . . . . . . . . . . . : ntserver3 > > > > > > > > > >> > Primary Dns Suffix . . . . . . . : Kittiwake.local > > > > > > > > > >> > Node Type . . . . . . . . . . . . : Hybrid > > > > > > > > > >> > IP Routing Enabled. . . . . . . . : Yes > > > > > > > > > >> > WINS Proxy Enabled. . . . . . . . : No > > > > > > > > > >> > DNS Suffix Search List. . . . . . : Kittiwake.local > > > > > > > > > >> > > > > > > > > > > >> > Ethernet adapter Server Local Area Connection: > > > > > > > > > >> > Connection-specific DNS Suffix . : > > > > > > > > > >> > Description . . . . . . . . . . . : Broadcom NetXtreme > > > > > Gigabit > > > > > > > Ethernet > > > > > > > > > >> > Physical Address. . . . . . . . . : 00-0F-1F-6D-6E-31 > > > > > > > > > >> > DHCP Enabled. . . . . . . . . . . : No > > > > > > > > > >> > IP Address. . . . . . . . . . . . : 10.0.0.7 > > > > > > > > > >> > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > > > > > > > > > >> > Default Gateway . . . . . . . . . : > > > > > > > > > >> > DNS Servers . . . . . . . . . . . : 10.0.0.7 > > > > > > > > > >> > Primary WINS Server . . . . . . . : 10.0.0.7 > > > > > > > > > >> > > > > > > > > > > >> > Ethernet adapter Network Connection: > > > > > > > > > >> > Connection-specific DNS Suffix . : > > > > > > > > > >> > Description . . . . . . . . . . . : Broadcom NetXtreme > > > > > Gigabit > > > > > > > Ethernet > > > > > > > > > >> #2 > > > > > > > > > >> > Physical Address. . . . . . . . . : 00-0F-1F-6D-6E-32 > > > > > > > > > >> > DHCP Enabled. . . . . . . . . . . : No > > > > > > > > > >> > IP Address. . . . . . . . . . . . : 10.0.5.7 > > > > > > > > > >> > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > > > > > > > > > >> > Default Gateway . . . . . . . . . : 10.0.5.100 > > > > > > > > > >> > DNS Servers . . . . . . . . . . . : 158.43.240.4 > > > > > > > > > >> > 158.43.240.3 > > > > > > > > > >> > Primary WINS Server . . . . . . . : 10.0.0.7 > > > > > > > > > >> > NetBIOS over Tcpip. . . . . . . . : Disabled > > > > > > > > > >> > > > > > > > > > > >> > Regards > > > > > > > > > >> > Steve > > > > > > > > > >> > > > > > > > > > > >> > > > > > > > > > > >> > > > > > > > > > > >> > > > > > > > > > > >> > > > > > > > > > > >> > > > > > > > > > > >> > "Marina Roos [SBS-MVP]" wrote: > > > > > > > > > >> > > > > > > > > > > >> > > Hi Steve, > > > > > > > > > >> > > > > > > > > > > > >> > > Please post the ipconfig/all from both servers. > > > > > > > > > >> > > > > > > > > > > > >> > > -- > > > > > > > > > >> > > Regards, > > > > > > > > > >> > > > > > > > > > > > >> > > Marina > > > > > > > > > >> > > Microsoft SBS-MVP > > > > > > > > > >> > > > > > > > > > > > >> > > "Steve Western" <SteveWestern@discussions.microsoft.com> > > > > > schreef > > > > > > > in > > > > > > > > > >> bericht > > > > > > > > > >> > > > > > news:1250A68D-33E2-43D5-9800-6BCC4FD3EBCA@microsoft.com... > > > > > > > > > >> > > > Am having exact same problem. Am following the SBS > > > > > Migration > > > > > > > guide and > > > > > > > > > >> > > crash > > > > > > > > > >> > > > at this point. > > > > > > > > > >> > > > > > > > > > >> > > > > > > > > > >> > > > > > > > > > > > > > > > > > > Jim B. SBS Community Member > > > > > > > > > remove the mvp to send email > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
- Next message: Harlequin: "Re: DNS & NSLOOKUP"
- Previous message: Marina Roos [SBS-MVP]: "Re: Active directory migration tool, access denied"
- In reply to: Steve Western: "Re: ADMT trouble: "Could not contact PDC" while migrating user acc"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
