Problems removing first 2000 DC

  • Thread starter Thread starter KHatfull
  • Start date Start date
K

KHatfull

Hi,

I've read my brains out on this one...

I have two servers in a domain, old (W2000) and new (W2000). Old is to
be removed. Old was an Exchange 2000 server. New is an Exchange 2000
server. Exchange has been migrated from Old to New just fine. No
issues.

However, when I turn off Old, I can't authenticate to the domain or
start the Outlook client on client machines. I have:

- Transferred and verified all 5 FSMO roles...they have been move to
New
- Created a GC on New, verified the creation was complete via the
registry key I found here, and removed the GC from Old.
- Setup DNS on New and clients are using it (given out via DHCP) as is
New (was setup when doing DCPROMO on New).
- Removed Exchange from Old. It disappeared from ESM on it's own so
the removal was successful.

I have not DCPROMOed Old down yet as I'm quite afraid to. When I pull
the network cable or shut down Old, I get the aforementioned
authentication problems.

I'm at a loss...I'm getting bleary-eyed from looking at Google groups
and MS.

Does anyone have anything else I should look at or any ideas why this
is happening?

Thanks SO much.

-Keith
 
are you sure the NEW DC is advertising as a GC?

use one of the following:
(1) run LDP, connect and check the value of isglobalcatalogready attribute.
it should be TRUE
(2) regedit, goto HKLM/system/services/CCS/services/NTDS/Global Catalog
Promotion Complete.... it should be 1

check event logs for errors messages
run:
DCDIAG /C /V /D

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
 
Jorge said:
are you sure the NEW DC is advertising as a GC?

use one of the following:
(2) regedit, goto HKLM/system/services/CCS/services/NTDS/Global Catalog
Promotion Complete.... it should be 1
Click to expand...

Yep, this is how I verified it.
check event logs for errors messages
Click to expand...
run:
DCDIAG /C /V /D
Click to expand...

Well, the output indicated that there weren't any GC servers, yet the
registry entry value you referenced above was 1:

Running enterprise tests on : crystalkitchen.com
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the
scope
provided by the command line arguments provided.
......................... crystalkitchen.com passed test
Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error
1355
A Global Catalog Server could not be located - All GC's are
down.
PDC Name: \\server.crystalkitchen.com
Locator Flags: 0xe00001fd
Time Server Name: \\ckcserver1.crystalkitchen.com
Locator Flags: 0xe00001f8
Preferred Time Server Name: \\ckcserver1.crystalkitchen.com
Locator Flags: 0xe00001f8
KDC Name: \\ckcserver1.crystalkitchen.com
Locator Flags: 0xe00001f8
......................... crystalkitchen.com failed test
FsmoCheck

C:\Documents and Settings\Administrator.CRYSTAL>

I have set the Old server to be a GC again. We'll see what happens
after a couple of hours.

I wonder why though that the New server wasn't really a GC server?
What could have happened?

Argh...

-Keith
 
Jorge said:
are you sure the NEW DC is advertising as a GC?

use one of the following:
(2) regedit, goto HKLM/system/services/CCS/services/NTDS/Global Catalog
Promotion Complete.... it should be 1
Click to expand...

Yep, this is how I verified it.
check event logs for errors messages
Click to expand...
run:
DCDIAG /C /V /D
Click to expand...

Well, the output indicated that there weren't any GC servers, yet the
registry entry value you referenced above was 1:

Running enterprise tests on : crystalkitchen.com
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the
scope
provided by the command line arguments provided.
......................... crystalkitchen.com passed test
Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error
1355
A Global Catalog Server could not be located - All GC's are
down.
PDC Name: \\server.crystalkitchen.com
Locator Flags: 0xe00001fd
Time Server Name: \\ckcserver1.crystalkitchen.com
Locator Flags: 0xe00001f8
Preferred Time Server Name: \\ckcserver1.crystalkitchen.com
Locator Flags: 0xe00001f8
KDC Name: \\ckcserver1.crystalkitchen.com
Locator Flags: 0xe00001f8
......................... crystalkitchen.com failed test
FsmoCheck

C:\Documents and Settings\Administrator.CRYSTAL>

I have set the Old server to be a GC again. We'll see what happens
after a couple of hours.

I wonder why though that the New server wasn't really a GC server?
What could have happened?

Argh...

-Keith
 
Got it! (I believe).

In my zeal to remove services from the Old server (which included
unsharing all the client's shared folders) I inadvertantly unshared
SYSVOL!

I found the error messages in the FRS logs, put the
NTFRS_CMD_FILE_MOVE_ROOT file in the domain root as directed and
restarted FRS. It has replicated to the New server and the new server
now has a SYSVOL share as well and should be advertising as a real and
complete DC. DCDIAG completes just fine.

My guess is that I'm done. I'm going to let AD percolate overnight and
when I'm there tomorrow I'll test out turning off the Old DC.

Thanks Jorge for your guidance.

-Keith
 
Back
Top