Hi,
I was trying to migrate my old WIndows Server 2008 32 bit OS to new OS Windows Server 2019, but apparently it was not possible.
My exchange server 2007 was my copy of my old domain controller still intact but unable to connect to my newly renamed DC server.
My existing Active directory server was roles for the below.
- CA server
- Active directory domain services
- Network policy server
- Web Server
- File Server
- DNS Server
For the migration, below were the steps i did
- Add 2 domain controller to the existing active directory pool for replication and failover (one windows Server 2012, one is Windows Server 2019 to migrate - during the migration stage, im getting a lot of DNS issue, but i kept persist it and it worked (tried many times of ipconfig /flushdns & ipconfig /registerdns, took a few tries)
- Successfully added 2 domain controller into the pool and replicated (but the DNS server needed to be manually replicated)
- Backup CA cert, policies & SYSVOL folder, Did DC Promo.exe the old server, remove CA server then proceeded with the removal of DC server, then change the IP address and domain name of the server
Replication status of the server at that time unknown. I proceeded with the switchover, initially there was already error, but didn't know where to start. I started changing one of the server back to the old server name & IP address, the second server which was added to the DC pool was demoted, and this is where all hell broke loose. The problems became nightmare for me
In my attempt to get the 1st DC server which I replicated, below were the errors found.
C:\Users\pcsb002pg>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = adserver
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\ADSERVER2
Starting test: Connectivity
......................... ADSERVER2 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\ADSERVER2
Starting test: Advertising
Fatal Error:DsGetDcName (ADSERVER2) call failed, error 1722
The Locator could not find the server.
......................... ADSERVER2 failed test Advertising
Starting test: FrsEvent
......................... ADSERVER2 passed test FrsEvent
Starting test: DFSREvent
The event log DFS Replication on server ADServer2.pcsb.local could not
be queried, error 0x721 "A security package specific error occurred."
......................... ADSERVER2 failed test DFSREvent
Starting test: SysVolCheck
[ADSERVER2] An net use or LsaPolicy operation failed with error 64,
The specified network name is no longer available..
......................... ADSERVER2 failed test SysVolCheck
Starting test: KccEvent
The event log Directory Service on server ADServer2.pcsb.local could
not be queried, error 0x721"A security package specific error occurred."
......................... ADSERVER2 failed test KccEvent
Starting test: KnowsOfRoleHolders
......................... ADSERVER2 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Could not open pipe with [ADSERVER2]:failed with 64:
The specified network name is no longer available.
Could not get NetBIOSDomainName
Failed can not test for HOST SPN
Failed can not test for HOST SPN
......................... ADSERVER2 passed test MachineAccount
Starting test: NCSecDesc
......................... ADSERVER2 passed test NCSecDesc
Starting test: NetLogons
[ADSERVER2] An net use or LsaPolicy operation failed with error 64,
The specified network name is no longer available..
......................... ADSERVER2 failed test NetLogons
Starting test: ObjectsReplicated
......................... ADSERVER2 passed test ObjectsReplicated
Starting test: Replications
[Replications Check,ADSERVER2] A recent replication attempt failed:
From EXCHANGE to ADSERVER2
Naming Context: DC=ForestDnsZones,DC=pcsb,DC=local
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2020-03-17 00:01:12.
The last success occurred at 2020-03-16 22:29:03.
5 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,ADSERVER2] A recent replication attempt failed:
From EXCHANGE to ADSERVER2
Naming Context: DC=DomainDnsZones,DC=pcsb,DC=local
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2020-03-17 00:01:12.
The last success occurred at 2020-03-16 22:29:06.
5 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,ADSERVER2] A recent replication attempt failed:
From EXCHANGE to ADSERVER2
Naming Context: CN=Schema,CN=Configuration,DC=pcsb,DC=local
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2020-03-17 00:01:12.
The last success occurred at 2020-03-16 22:28:45.
5 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,ADSERVER2] A recent replication attempt failed:
From EXCHANGE to ADSERVER2
Naming Context: CN=Configuration,DC=pcsb,DC=local
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2020-03-17 00:01:12.
The last success occurred at 2020-03-16 22:34:34.
5 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,ADSERVER2] A recent replication attempt failed:
From EXCHANGE to ADSERVER2
Naming Context: DC=pcsb,DC=local
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2020-03-17 00:01:12.
The last success occurred at 2020-03-16 22:35:25.
5 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
......................... ADSERVER2 failed test Replications
Starting test: RidManager
......................... ADSERVER2 passed test RidManager
Starting test: Services
Could not open Remote ipc to [ADServer2.pcsb.local]: error 0x40"The specified network name is no longer available."
......................... ADSERVER2 failed test Services
Starting test: SystemLog
The event log System on server ADServer2.pcsb.local could not be
queried, error 0x721 "A security package specific error occurred."
......................... ADSERVER2 failed test SystemLog
Starting test: VerifyReferences
......................... ADSERVER2 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : pcsb
Starting test: CheckSDRefDom
......................... pcsb passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... pcsb passed test CrossRefValidation
Running enterprise tests on : pcsb.local
Starting test: LocatorCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1722
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1722
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1722
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
1722
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1722
A KDC could not be located - All the KDCs are down.
......................... pcsb.local failed test LocatorCheck
Starting test: Intersite
......................... pcsb.local passed test Intersite
C:\Users\pcsb002pg>The above is my DCdiag diagnostics.
I also noticed my DNS is quite screwed.
I'm so stuck and don't know what to do and where to start. My whole office is gonna come after me tomorrow.
I have roughly 25 staffs i the office, with exchange server & some other applications such as firewall, Lyncserver & network drivers require active directory to connect.
Please help me.