This is a follow up to an earlier problem but while i have gotten further i am stuck.
Client Setup:
Server 1- old 2003 Server we want to decomission
Server 2 -2008 R2 SP2
Client had server one as the DC,DNS,DHCP,AD server
Server 2 was not included in this
We are trying to get everything transfered to server 2 to turn off and remove server 1.
Setup Server 2 as part of the domain, setup as DC and started bringing the rolls over.
Running AD shows all the users, so it did sync some info and we thought everything was good. Shutting down Server1 through, users can not log in as there is no way to authenticate.
Below is the results of dcdiag /v but basically it wont replicate. On Server 2, Going to ADSites&Serv and then the new server then NTDS Settings and Running Replicate Now gives me "Error occurred during attempt to connect to the domain controllerserver2:Access is Denied". Trying it from Server 1 i get Error attempting to contact domain controllerserver2: The RPC server is unavailable. May be caused by a DNS lookup problem...."
DNS is running and working fine. Servers can ping and browse each other fine.
RPC and RPS Locator services are running on Both servers. I am logged in as administrator on both servers.
Someone Suggested Removing Rolls and re-transferring, but multiple Microsoft KB docs said not to do that but was not helpful in what they did say to do.
Cant figure how where the replication problem is and how to get them to sync.
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine barknew, is a DC.
* Connecting to directory service on server barknew.
The directory service on barknew has not finished initializing.
In order for the directory service to consider itself synchronized, it must
attempt an initial synchronization with at least one replica of this
server's writeable domain. It must also obtain Rid information from the Rid
FSMO holder.
The directory service has not signalled the event which lets other services
know that it is ready to accept requests. Services such as the Key
Distribution Center, Intersite Messaging Service, and NetLogon will not
consider this system as an eligible domain controller.
* Collecting site info.
* Identifying all servers.
The directory service on BARKNEW has not finished initializing.
In order for the directory service to consider itself synchronized, it must
attempt an initial synchronization with at least one replica of this
server's writeable domain. It must also obtain Rid information from the Rid
FSMO holder.
The directory service has not signalled the event which lets other services
know that it is ready to accept requests. Services such as the Key
Distribution Center, Intersite Messaging Service, and NetLogon will not
consider this system as an eligible domain controller.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\BARKNEW
Starting test: Connectivity
* Active Directory LDAP Services Check
The directory service on BARKNEW has not finished initializing.
In order for the directory service to consider itself synchronized,
it must attempt an initial synchronization with at least one replica
of this server's writeable domain. It must also obtain Rid
information from the Rid FSMO holder.
The directory service has not signalled the event which lets other
services know that it is ready to accept requests. Services such as
the Key Distribution Center, Intersite Messaging Service, and NetLogon
will not consider this system as an eligible domain controller.
* Active Directory RPC Services Check
......................... BARKNEW passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\BARKNEW
Starting test: Replications
* Replications Check
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source BARKSERVER1
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
[Replications Check,BARKNEW] A recent replication attempt failed:
From BARKSERVER1 to BARKNEW
Naming Context: DC=barkframeworksinc,DC=local
The replication generated an error (8451):
The replication operation encountered a database error.
The failure occurred at 2013-04-23 17:56:03.
The last success occurred at (never).
698 failures have occurred since the last success.
A serious error is preventing replication from continuing.
Consult the error log for further information.
If a particular object is named, it may be necessary to manually
modify or delete the object.
If the condition persists, contact Microsoft Support.
REPLICATION LATENCY WARNING
BARKNEW: A full synchronization is in progress
from BARKSERVER1 to BARKNEW
Replication of new changes along this path will be delayed.
The full sync is 0.00% complete.
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source BARKSERVER1
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
* Replication Latency Check
* Replication Site Latency Check
......................... BARKNEW passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC BARKNEW.
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=barkframeworksinc,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=barkframeworksinc,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=barkframeworksinc,DC=local
(Domain,Version 1)
......................... BARKNEW passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Unable to connect to the NETLOGON share! (\\BARKNEW\netlogon)
[BARKNEW] An net use or LsaPolicy operation failed with error 1203, No network provider accepted the given network path..
......................... BARKNEW failed test NetLogons
Starting test: Advertising
Warning: the directory service on BARKNEW has not completed initial synchronization.
Other services will be delayed.
Verify that the server can replicate.
Warning: DsGetDcName returned information for \\BARKSERVER1.barkframeworksinc.local, when we were trying to reach BARKNEW.
Server is not responding or is not considered suitable.
The DC BARKNEW is advertising itself as a DC and having a DS.
The DC BARKNEW is advertising as an LDAP server
The DC BARKNEW is advertising as having a writeable directory
The DC BARKNEW is advertising as a Key Distribution Center
Warning: BARKNEW is not advertising as a time server.
......................... BARKNEW failed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=BARKNEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=barkframeworksinc,DC=local
Role Domain Owner = CN=NTDS Settings,CN=BARKNEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=barkframeworksinc,DC=local
Role PDC Owner = CN=NTDS Settings,CN=BARKSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=barkframeworksinc,DC=local
Role Rid Owner = CN=NTDS Settings,CN=BARKSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=barkframeworksinc,DC=local
Role Infrastructure Update Owner = CN=NTDS Settings,CN=BARKSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=barkframeworksinc,DC=local
......................... BARKNEW passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 4609 to 1073741823
* BARKSERVER1.barkframeworksinc.local is the RID Master
* DsBind with RID Master was successful
Warning: attribute rIdSetReferences missing from CN=BARKNEW,OU=Domain Controllers,DC=barkframeworksinc,DC=local
Could not get Rid set Reference :failed with 8481: The search failed to retrieve attributes from the database.
......................... BARKNEW failed test RidManager
Starting test: MachineAccount
Checking machine account for DC BARKNEW on DC BARKNEW.
* SPN found :LDAP/barknew.barkframeworksinc.local/barkframeworksinc.local
* SPN found :LDAP/barknew.barkframeworksinc.local
* SPN found :LDAP/BARKNEW
* SPN found :LDAP/barknew.barkframeworksinc.local/barkframeworks
* SPN found :LDAP/c556361c-2ad7-4f90-bfd2-04077debdc8e._msdcs.barkframeworksinc.local
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/c556361c-2ad7-4f90-bfd2-04077debdc8e/barkframeworksinc.local
* SPN found :HOST/barknew.barkframeworksinc.local/barkframeworksinc.local
* SPN found :HOST/barknew.barkframeworksinc.local
* SPN found :HOST/BARKNEW
* SPN found :HOST/barknew.barkframeworksinc.local/barkframeworks
* SPN found :GC/barknew.barkframeworksinc.local/barkframeworksinc.local
......................... BARKNEW passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... BARKNEW passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
BARKNEW is in domain DC=barkframeworksinc,DC=local
Checking for CN=BARKNEW,OU=Domain Controllers,DC=barkframeworksinc,DC=local in domain DC=barkframeworksinc,DC=local on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=BARKNEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=barkframeworksinc,DC=local in domain CN=Configuration,DC=barkframeworksinc,DC=local on 1 servers
Object is up-to-date on all servers.
......................... BARKNEW passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
The registry lookup failed to determine the state of the SYSVOL. The
error returned was 0 (The operation completed successfully.). Check
the FRS event log to see if the SYSVOL has successfully been shared.
......................... BARKNEW passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... BARKNEW passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minutes.
......................... BARKNEW passed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0x00000457
Time Generated: 04/23/2013 18:33:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 04/23/2013 18:33:08
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 04/23/2013 18:33:08
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 04/23/2013 18:33:08
(Event String could not be retrieved)
......................... BARKNEW failed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=BARKNEW,OU=Domain Controllers,DC=barkframeworksinc,DC=local and
backlink on
CN=BARKNEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=barkframeworksinc,DC=local
are correct.
Some objects relating to the DC BARKNEW have problems:
[1] Problem: Missing Expected Value
Base Object:
CN=BARKNEW,OU=Domain Controllers,DC=barkframeworksinc,DC=local
Base Object Description: "DC Account Object"
Value Object Attribute Name: frsComputerReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862
[1] Problem: Missing Expected Value
Base Object:
CN=NTDS Settings,CN=BARKNEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=barkframeworksinc,DC=local
Base Object Description: "DSA Object"
Value Object Attribute Name: serverReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862
......................... BARKNEW failed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : barkframeworksinc
Starting test: CrossRefValidation
......................... barkframeworksinc passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... barkframeworksinc passed test CheckSDRefDom
Running enterprise tests on : barkframeworksinc.local
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... barkframeworksinc.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\BARKSERVER1.barkframeworksinc.local
Locator Flags: 0xe00001bd
PDC Name: \\BARKSERVER1.barkframeworksinc.local
Locator Flags: 0xe00001bd
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355
A Good Time Server could not be located.
KDC Name: \\BARKSERVER1.barkframeworksinc.local
Locator Flags: 0xe00001bd
......................... barkframeworksinc.local failed test FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS
Bob Karon Computer Solutions www.INeedBob.com