| Author |
Message |
Scott
Guest
|
 Posted:
Sun Jan 16, 2005 5:11 am Post subject:
Migrated BDC cannot locate PDC to complete AD install |
|
|
I upgraded a NT 4.0 BDC to 2003. The AD wizard cannot find the Domain
Controller for the domain. All the clients (XP) are able to authenticate to
the Domain Controller, and have been able to for a few weeks. Why can this
BDC not see the domain controller? I can ping the DC using the DNS name, and
IP Address. |
|
| Back to top |
|
 |
Al Mulnick
Guest
|
| Posted:
Sun Jan 16, 2005 9:44 am Post subject:
Re: Migrated BDC cannot locate PDC to complete AD install |
|
|
You're supposed to upgrade the PDC vs. the BDC. W2K3 can't exist as a BDC.
Can you double check which is the PDC? (in W2K3, it's PDCe).
What you want to do is check the domainmgr tools in NT4 to see who's listed
as the PDC. Then verify that W2K3 sees the same by checking the roles of
the W2K3 machine with AD tools. They likely don't see each other the same
way.
"I upgraded a NT 4.0 BDC to 2003." How'd you do that exactly?
Al
"Scott" <Scott@discussions.microsoft.com> wrote in message
news:2DC1B271-438D-460B-8800-11CCBEA4E348@microsoft.com...
| Quote: | I upgraded a NT 4.0 BDC to 2003. The AD wizard cannot find the Domain
Controller for the domain. All the clients (XP) are able to authenticate
to
the Domain Controller, and have been able to for a few weeks. Why can this
BDC not see the domain controller? I can ping the DC using the DNS name,
and
IP Address.
|
|
|
| Back to top |
|
|
Scott
Guest
|
| Posted:
Sun Jan 16, 2005 11:31 am Post subject:
Re: Migrated BDC cannot locate PDC to complete AD install |
|
|
Al,
Sorry I wasn't very clear. I did already upgrade the PDC to AD by doing an
in-place upgrade on the PDC and then creating the AD via the AD wizard. This
refers to the BDC that had not yet been upgraded to 2003. I did the upgrade
on the BDC, by performing an in-place upgrade as well.
"Al Mulnick" wrote:
| Quote: | You're supposed to upgrade the PDC vs. the BDC. W2K3 can't exist as a BDC.
Can you double check which is the PDC? (in W2K3, it's PDCe).
What you want to do is check the domainmgr tools in NT4 to see who's listed
as the PDC. Then verify that W2K3 sees the same by checking the roles of
the W2K3 machine with AD tools. They likely don't see each other the same
way.
"I upgraded a NT 4.0 BDC to 2003." How'd you do that exactly?
Al
"Scott" <Scott@discussions.microsoft.com> wrote in message
news:2DC1B271-438D-460B-8800-11CCBEA4E348@microsoft.com...
I upgraded a NT 4.0 BDC to 2003. The AD wizard cannot find the Domain
Controller for the domain. All the clients (XP) are able to authenticate
to
the Domain Controller, and have been able to for a few weeks. Why can this
BDC not see the domain controller? I can ping the DC using the DNS name,
and
IP Address.
|
|
|
| Back to top |
|
|
Al Mulnick
Guest
|
| Posted:
Mon Jan 17, 2005 12:18 am Post subject:
Re: Migrated BDC cannot locate PDC to complete AD install |
|
|
Have you tried Netdiag and analyzed the results? Sorry not to have
mentioned that before.
On the already working domain controller, dcdiag is additionally useful
(netdiag and dcdiag there). On the server that won't promote, netdiag is
the tool.
You also want to make sure that they share the same name servers. The
promoted DC should be using itself (most likely anyway) and the new server
should also be using the new DC (I'm assuming DNS is running on the new
domain controller. The important thing is that they use the same name
servers (DNS and WINS) until successful promotion.
Al
"Scott" <Scott@discussions.microsoft.com> wrote in message
news:475A1AF3-8FEC-44E3-A4DD-8448695DEDFC@microsoft.com...
| Quote: | I guess that is the Million dollar question..what about the DNS that may be
configured incorrectly? I can ping the servers from the clients by pinging
the DNS Domain name, and netbios name.
"Al Mulnick" wrote:
In that case, have you checked DNS?
"Scott" <Scott@discussions.microsoft.com> wrote in message
news:6A5C5B3A-066E-49A4-8F7A-6530132A27B4@microsoft.com...
Al,
Sorry I wasn't very clear. I did already upgrade the PDC to AD by doing
an
in-place upgrade on the PDC and then creating the AD via the AD wizard.
This
refers to the BDC that had not yet been upgraded to 2003. I did the
upgrade
on the BDC, by performing an in-place upgrade as well.
"Al Mulnick" wrote:
You're supposed to upgrade the PDC vs. the BDC. W2K3 can't exist as a
BDC.
Can you double check which is the PDC? (in W2K3, it's PDCe).
What you want to do is check the domainmgr tools in NT4 to see who's
listed
as the PDC. Then verify that W2K3 sees the same by checking the roles
of
the W2K3 machine with AD tools. They likely don't see each other the
same
way.
"I upgraded a NT 4.0 BDC to 2003." How'd you do that exactly?
Al
"Scott" <Scott@discussions.microsoft.com> wrote in message
news:2DC1B271-438D-460B-8800-11CCBEA4E348@microsoft.com...
I upgraded a NT 4.0 BDC to 2003. The AD wizard cannot find the Domain
Controller for the domain. All the clients (XP) are able to
authenticate
to
the Domain Controller, and have been able to for a few weeks. Why
can
this
BDC not see the domain controller? I can ping the DC using the DNS
name,
and
IP Address.
|
|
|
| Back to top |
|
|
Al Mulnick
Guest
|
| Posted:
Mon Jan 17, 2005 12:18 am Post subject:
Re: Migrated BDC cannot locate PDC to complete AD install |
|
|
In that case, have you checked DNS?
"Scott" <Scott@discussions.microsoft.com> wrote in message
news:6A5C5B3A-066E-49A4-8F7A-6530132A27B4@microsoft.com...
| Quote: | Al,
Sorry I wasn't very clear. I did already upgrade the PDC to AD by doing an
in-place upgrade on the PDC and then creating the AD via the AD wizard.
This
refers to the BDC that had not yet been upgraded to 2003. I did the
upgrade
on the BDC, by performing an in-place upgrade as well.
"Al Mulnick" wrote:
You're supposed to upgrade the PDC vs. the BDC. W2K3 can't exist as a
BDC.
Can you double check which is the PDC? (in W2K3, it's PDCe).
What you want to do is check the domainmgr tools in NT4 to see who's
listed
as the PDC. Then verify that W2K3 sees the same by checking the roles of
the W2K3 machine with AD tools. They likely don't see each other the
same
way.
"I upgraded a NT 4.0 BDC to 2003." How'd you do that exactly?
Al
"Scott" <Scott@discussions.microsoft.com> wrote in message
news:2DC1B271-438D-460B-8800-11CCBEA4E348@microsoft.com...
I upgraded a NT 4.0 BDC to 2003. The AD wizard cannot find the Domain
Controller for the domain. All the clients (XP) are able to
authenticate
to
the Domain Controller, and have been able to for a few weeks. Why can
this
BDC not see the domain controller? I can ping the DC using the DNS
name,
and
IP Address.
|
|
|
| Back to top |
|
|
Scott
Guest
|
| Posted:
Mon Jan 17, 2005 12:18 am Post subject:
Re: Migrated BDC cannot locate PDC to complete AD install |
|
|
I guess that is the Million dollar question..what about the DNS that may be
configured incorrectly? I can ping the servers from the clients by pinging
the DNS Domain name, and netbios name.
"Al Mulnick" wrote:
| Quote: | In that case, have you checked DNS?
"Scott" <Scott@discussions.microsoft.com> wrote in message
news:6A5C5B3A-066E-49A4-8F7A-6530132A27B4@microsoft.com...
Al,
Sorry I wasn't very clear. I did already upgrade the PDC to AD by doing an
in-place upgrade on the PDC and then creating the AD via the AD wizard.
This
refers to the BDC that had not yet been upgraded to 2003. I did the
upgrade
on the BDC, by performing an in-place upgrade as well.
"Al Mulnick" wrote:
You're supposed to upgrade the PDC vs. the BDC. W2K3 can't exist as a
BDC.
Can you double check which is the PDC? (in W2K3, it's PDCe).
What you want to do is check the domainmgr tools in NT4 to see who's
listed
as the PDC. Then verify that W2K3 sees the same by checking the roles of
the W2K3 machine with AD tools. They likely don't see each other the
same
way.
"I upgraded a NT 4.0 BDC to 2003." How'd you do that exactly?
Al
"Scott" <Scott@discussions.microsoft.com> wrote in message
news:2DC1B271-438D-460B-8800-11CCBEA4E348@microsoft.com...
I upgraded a NT 4.0 BDC to 2003. The AD wizard cannot find the Domain
Controller for the domain. All the clients (XP) are able to
authenticate
to
the Domain Controller, and have been able to for a few weeks. Why can
this
BDC not see the domain controller? I can ping the DC using the DNS
name,
and
IP Address.
|
|
|
| Back to top |
|
|
Scott
Guest
|
| Posted:
Mon Jan 17, 2005 6:13 pm Post subject:
Re: Migrated BDC cannot locate PDC to complete AD install |
|
|
Al,
I ran the DCDiag from the server that is failing to promote and when it
reached the MachineAccount test is failed with the error: Could Not Get
NetBiosDomainName
I had to supply the NetBIOS domain and Admin credentials to run this, as the
local Admin account would not.
What's strange is that I cannot logon to the DNS domain controller to
authenticate to promote this server, but I can access network shares by
providing the credentials.
When I performed as NetDiag from the server that fails to promote, I
received a failure notice on:
Trust Relationship Test failed (this is a single domain network), with the
error:
Don't have access to test your domain sid for domain <NetBIOS domain name> ,
secure channel to domain <NetBIOS domain name> is broken.
[Err_No_Trust_SAM_Account]
LDAP
\\<DNS Server Name> isn't running the DS. Cannot test LDAP.
Failed to query SPN registration on DC <DNS Server Name>
Hope all this helps! Thanks for your support.
"Al Mulnick" wrote:
| Quote: | Have you tried Netdiag and analyzed the results? Sorry not to have
mentioned that before.
On the already working domain controller, dcdiag is additionally useful
(netdiag and dcdiag there). On the server that won't promote, netdiag is
the tool.
You also want to make sure that they share the same name servers. The
promoted DC should be using itself (most likely anyway) and the new server
should also be using the new DC (I'm assuming DNS is running on the new
domain controller. The important thing is that they use the same name
servers (DNS and WINS) until successful promotion.
Al
"Scott" <Scott@discussions.microsoft.com> wrote in message
news:475A1AF3-8FEC-44E3-A4DD-8448695DEDFC@microsoft.com...
I guess that is the Million dollar question..what about the DNS that may be
configured incorrectly? I can ping the servers from the clients by pinging
the DNS Domain name, and netbios name.
"Al Mulnick" wrote:
In that case, have you checked DNS?
"Scott" <Scott@discussions.microsoft.com> wrote in message
news:6A5C5B3A-066E-49A4-8F7A-6530132A27B4@microsoft.com...
Al,
Sorry I wasn't very clear. I did already upgrade the PDC to AD by doing
an
in-place upgrade on the PDC and then creating the AD via the AD wizard.
This
refers to the BDC that had not yet been upgraded to 2003. I did the
upgrade
on the BDC, by performing an in-place upgrade as well.
"Al Mulnick" wrote:
You're supposed to upgrade the PDC vs. the BDC. W2K3 can't exist as a
BDC.
Can you double check which is the PDC? (in W2K3, it's PDCe).
What you want to do is check the domainmgr tools in NT4 to see who's
listed
as the PDC. Then verify that W2K3 sees the same by checking the roles
of
the W2K3 machine with AD tools. They likely don't see each other the
same
way.
"I upgraded a NT 4.0 BDC to 2003." How'd you do that exactly?
Al
"Scott" <Scott@discussions.microsoft.com> wrote in message
news:2DC1B271-438D-460B-8800-11CCBEA4E348@microsoft.com...
I upgraded a NT 4.0 BDC to 2003. The AD wizard cannot find the Domain
Controller for the domain. All the clients (XP) are able to
authenticate
to
the Domain Controller, and have been able to for a few weeks. Why
can
this
BDC not see the domain controller? I can ping the DC using the DNS
name,
and
IP Address.
|
|
|
| Back to top |
|
|
Al Mulnick
Guest
|
| Posted:
Tue Jan 18, 2005 3:59 am Post subject:
Re: Migrated BDC cannot locate PDC to complete AD install |
|
|
Did you say this was a different domain you're working on than the domain
that your original server that got promoted was in? I was under the
impression that this is all one single domain and this is a second server
you're trying to promote to a DC.
How about trying the following:
Is this server a member of the domain (the same one that you have the PDC in
that was successfully promoted)?
If yes, can you remove it and re-add it successfully (note: be sure there's
no apps on the server that might break before trying this. If just a newly
installed server, then no harm right?)
Is your PDC and this server using the same name servers (WINS and DNS)?
Are they on the same network?
Did you run netdiag and DCDIAG on the domain controller that is already
promoted? What was the result?
This sounds a lot like a name resolution issue, but it's possible your
domain account has not been successfully added. Remember that this server
you're trying to promote needs to be a member of the domain before you try
to promote it to a DC and you need to be logged in with domain admin
credentials when you promote it.
Al
"Scott" <Scott@discussions.microsoft.com> wrote in message
news:30204554-A5AC-45BF-AAE2-1DFBBA0CF6D1@microsoft.com...
| Quote: | Al,
I ran the DCDiag from the server that is failing to promote and when it
reached the MachineAccount test is failed with the error: Could Not Get
NetBiosDomainName
I had to supply the NetBIOS domain and Admin credentials to run this, as
the
local Admin account would not.
What's strange is that I cannot logon to the DNS domain controller to
authenticate to promote this server, but I can access network shares by
providing the credentials.
When I performed as NetDiag from the server that fails to promote, I
received a failure notice on:
Trust Relationship Test failed (this is a single domain network), with the
error:
Don't have access to test your domain sid for domain <NetBIOS domain name
,
secure channel to domain <NetBIOS domain name> is broken.
[Err_No_Trust_SAM_Account]
LDAP
\\<DNS Server Name> isn't running the DS. Cannot test LDAP.
Failed to query SPN registration on DC <DNS Server Name
Hope all this helps! Thanks for your support.
"Al Mulnick" wrote:
Have you tried Netdiag and analyzed the results? Sorry not to have
mentioned that before.
On the already working domain controller, dcdiag is additionally useful
(netdiag and dcdiag there). On the server that won't promote, netdiag is
the tool.
You also want to make sure that they share the same name servers. The
promoted DC should be using itself (most likely anyway) and the new
server
should also be using the new DC (I'm assuming DNS is running on the new
domain controller. The important thing is that they use the same name
servers (DNS and WINS) until successful promotion.
Al
"Scott" <Scott@discussions.microsoft.com> wrote in message
news:475A1AF3-8FEC-44E3-A4DD-8448695DEDFC@microsoft.com...
I guess that is the Million dollar question..what about the DNS that may
be
configured incorrectly? I can ping the servers from the clients by
pinging
the DNS Domain name, and netbios name.
"Al Mulnick" wrote:
In that case, have you checked DNS?
"Scott" <Scott@discussions.microsoft.com> wrote in message
news:6A5C5B3A-066E-49A4-8F7A-6530132A27B4@microsoft.com...
Al,
Sorry I wasn't very clear. I did already upgrade the PDC to AD by
doing
an
in-place upgrade on the PDC and then creating the AD via the AD
wizard.
This
refers to the BDC that had not yet been upgraded to 2003. I did the
upgrade
on the BDC, by performing an in-place upgrade as well.
"Al Mulnick" wrote:
You're supposed to upgrade the PDC vs. the BDC. W2K3 can't exist
as a
BDC.
Can you double check which is the PDC? (in W2K3, it's PDCe).
What you want to do is check the domainmgr tools in NT4 to see
who's
listed
as the PDC. Then verify that W2K3 sees the same by checking the
roles
of
the W2K3 machine with AD tools. They likely don't see each other
the
same
way.
"I upgraded a NT 4.0 BDC to 2003." How'd you do that exactly?
Al
"Scott" <Scott@discussions.microsoft.com> wrote in message
news:2DC1B271-438D-460B-8800-11CCBEA4E348@microsoft.com...
I upgraded a NT 4.0 BDC to 2003. The AD wizard cannot find the
Domain
Controller for the domain. All the clients (XP) are able to
authenticate
to
the Domain Controller, and have been able to for a few weeks. Why
can
this
BDC not see the domain controller? I can ping the DC using the
DNS
name,
and
IP Address.
|
|
|
| Back to top |
|
|
Scott
Guest
|
| Posted:
Tue Jan 18, 2005 4:41 am Post subject:
Re: Migrated BDC cannot locate PDC to complete AD install |
|
|
Al,
This is the same domain, any reference to a different domain was probably
stating the DNS domain name vs. the NetBIOS domain name (which are different.)
This NT 4.0 BDC is a member of the domain, and was before the in-place
upgrade. As a matter of fact, this BDC was the PDC for a few years. I demoted
it before placing the new PDC to do an in-place upgrade for the W2K3 AD
install. Your assumptions (below) are correct, this is a second server I'm
trying to add to the AD.
I cannot remove or change the domain membership, the setup program has this
area disabled. It states that I must complete the promotion before modifying
these settings. I did the in-place upgrade, a wizard was presented to make
this server an Additional Domain Controller, or a Member Server. This is when
all this started.
I thought about resetting the account, but ADUC tells me that the trust has
been broken. When this server was NT4 is was authenticating to the PDC just
fine, and replicating the changes as well.
I have made the DNS and WINS servers on the BDC (machine I'm trying to
promote) the address of the previously promoted PDC, which is now hosting the
AD.
This, however, has not worked either.
Running NetDiag and DCDiag on the DC yields:
NetDiag: Everything passed, or skipped
DCDiag: Everything passed
I cannot logon as the domain admin, it will not validate the credentials
because it cannot locate the domain controller. When I attempt to add as a
member server, using the domain admin account, I get the DNS errors posted
previously. I have reposted them for you below. Also, when I reboot this
server I can only logon with the local Admin account (because it cannot find
the DC). I can however resolve the DNS name, PING both servers, and access
network shares on member servers.
| Quote: | This is the details of the error I receive while trying to perform the AD
install:
DNS was successfully queried for the service location (SRV) resource
record
used to locate a domain controller for domain eta.com:
The query was for the SRV record for _ldap._tcp.dc._msdcs.eta.com
The following domain controllers were identified by the query:
slad01.eta.com
Common causes of this error include:
- Host (A) records that map the name of the domain controller to its IP
addresses are missing or contain incorrect addresses.
- Domain controllers registered in DNS are not connected to the network or
are not running.
For information about correcting this problem, click Help.
|
"Al Mulnick" wrote:
| Quote: | Did you say this was a different domain you're working on than the domain
that your original server that got promoted was in? I was under the
impression that this is all one single domain and this is a second server
you're trying to promote to a DC.
How about trying the following:
Is this server a member of the domain (the same one that you have the PDC in
that was successfully promoted)?
If yes, can you remove it and re-add it successfully (note: be sure there's
no apps on the server that might break before trying this. If just a newly
installed server, then no harm right?)
Is your PDC and this server using the same name servers (WINS and DNS)?
Are they on the same network?
Did you run netdiag and DCDIAG on the domain controller that is already
promoted? What was the result?
This sounds a lot like a name resolution issue, but it's possible your
domain account has not been successfully added. Remember that this server
you're trying to promote needs to be a member of the domain before you try
to promote it to a DC and you need to be logged in with domain admin
credentials when you promote it.
Al
"Scott" <Scott@discussions.microsoft.com> wrote in message
news:30204554-A5AC-45BF-AAE2-1DFBBA0CF6D1@microsoft.com...
Al,
I ran the DCDiag from the server that is failing to promote and when it
reached the MachineAccount test is failed with the error: Could Not Get
NetBiosDomainName
I had to supply the NetBIOS domain and Admin credentials to run this, as
the
local Admin account would not.
What's strange is that I cannot logon to the DNS domain controller to
authenticate to promote this server, but I can access network shares by
providing the credentials.
When I performed as NetDiag from the server that fails to promote, I
received a failure notice on:
Trust Relationship Test failed (this is a single domain network), with the
error:
Don't have access to test your domain sid for domain <NetBIOS domain name
,
secure channel to domain <NetBIOS domain name> is broken.
[Err_No_Trust_SAM_Account]
LDAP
\\<DNS Server Name> isn't running the DS. Cannot test LDAP.
Failed to query SPN registration on DC <DNS Server Name
Hope all this helps! Thanks for your support.
"Al Mulnick" wrote:
Have you tried Netdiag and analyzed the results? Sorry not to have
mentioned that before.
On the already working domain controller, dcdiag is additionally useful
(netdiag and dcdiag there). On the server that won't promote, netdiag is
the tool.
You also want to make sure that they share the same name servers. The
promoted DC should be using itself (most likely anyway) and the new
server
should also be using the new DC (I'm assuming DNS is running on the new
domain controller. The important thing is that they use the same name
servers (DNS and WINS) until successful promotion.
Al
"Scott" <Scott@discussions.microsoft.com> wrote in message
news:475A1AF3-8FEC-44E3-A4DD-8448695DEDFC@microsoft.com...
I guess that is the Million dollar question..what about the DNS that may
be
configured incorrectly? I can ping the servers from the clients by
pinging
the DNS Domain name, and netbios name.
"Al Mulnick" wrote:
In that case, have you checked DNS?
"Scott" <Scott@discussions.microsoft.com> wrote in message
news:6A5C5B3A-066E-49A4-8F7A-6530132A27B4@microsoft.com...
Al,
Sorry I wasn't very clear. I did already upgrade the PDC to AD by
doing
an
in-place upgrade on the PDC and then creating the AD via the AD
wizard.
This
refers to the BDC that had not yet been upgraded to 2003. I did the
upgrade
on the BDC, by performing an in-place upgrade as well.
"Al Mulnick" wrote:
You're supposed to upgrade the PDC vs. the BDC. W2K3 can't exist
as a
BDC.
Can you double check which is the PDC? (in W2K3, it's PDCe).
What you want to do is check the domainmgr tools in NT4 to see
who's
listed
as the PDC. Then verify that W2K3 sees the same by checking the
roles
of
the W2K3 machine with AD tools. They likely don't see each other
the
same
way.
"I upgraded a NT 4.0 BDC to 2003." How'd you do that exactly?
Al
"Scott" <Scott@discussions.microsoft.com> wrote in message
news:2DC1B271-438D-460B-8800-11CCBEA4E348@microsoft.com...
I upgraded a NT 4.0 BDC to 2003. The AD wizard cannot find the
Domain
Controller for the domain. All the clients (XP) are able to
authenticate
to
the Domain Controller, and have been able to for a few weeks. Why
can
this
BDC not see the domain controller? I can ping the DC using the
DNS
name,
and
IP Address.
|
|
|
| Back to top |
|
|
Al Mulnick
Guest
|
| Posted:
Tue Jan 18, 2005 7:32 am Post subject:
Re: Migrated BDC cannot locate PDC to complete AD install |
|
|
Is your new PDC the WINS server as well? If not, you may need to change
that and try again.
It's possible that you need to wipe the machine out, remove the domain
computer account and try again for best results. A BDC doesn't offer much
if upgraded, vs wiped out and reloaded from scratch. In fact, that's often
the best way to go about doing this. Promote the PDC, build another server
as a member server, promote it, transfer the roles (making it the PDCe etc),
stabilizing, then removing what was the PDC-upgraded. Rebuild it from it
scratch.
That method has the advantage of not bringing over any strange drivers etc
and gives you a clean slate to start from. It also doesn't lose the domain
accounts.
Al
"Scott" <Scott@discussions.microsoft.com> wrote in message
news:AC99C84B-7510-4951-A3FD-E21F12D45D45@microsoft.com...
| Quote: | Al,
This is the same domain, any reference to a different domain was probably
stating the DNS domain name vs. the NetBIOS domain name (which are
different.)
This NT 4.0 BDC is a member of the domain, and was before the in-place
upgrade. As a matter of fact, this BDC was the PDC for a few years. I
demoted
it before placing the new PDC to do an in-place upgrade for the W2K3 AD
install. Your assumptions (below) are correct, this is a second server I'm
trying to add to the AD.
I cannot remove or change the domain membership, the setup program has
this
area disabled. It states that I must complete the promotion before
modifying
these settings. I did the in-place upgrade, a wizard was presented to make
this server an Additional Domain Controller, or a Member Server. This is
when
all this started.
I thought about resetting the account, but ADUC tells me that the trust
has
been broken. When this server was NT4 is was authenticating to the PDC
just
fine, and replicating the changes as well.
I have made the DNS and WINS servers on the BDC (machine I'm trying to
promote) the address of the previously promoted PDC, which is now hosting
the
AD.
This, however, has not worked either.
Running NetDiag and DCDiag on the DC yields:
NetDiag: Everything passed, or skipped
DCDiag: Everything passed
I cannot logon as the domain admin, it will not validate the credentials
because it cannot locate the domain controller. When I attempt to add as a
member server, using the domain admin account, I get the DNS errors posted
previously. I have reposted them for you below. Also, when I reboot this
server I can only logon with the local Admin account (because it cannot
find
the DC). I can however resolve the DNS name, PING both servers, and access
network shares on member servers.
This is the details of the error I receive while trying to perform the AD
install:
DNS was successfully queried for the service location (SRV) resource
record
used to locate a domain controller for domain eta.com:
The query was for the SRV record for _ldap._tcp.dc._msdcs.eta.com
The following domain controllers were identified by the query:
slad01.eta.com
Common causes of this error include:
- Host (A) records that map the name of the domain controller to its IP
addresses are missing or contain incorrect addresses.
- Domain controllers registered in DNS are not connected to the network
or
are not running.
For information about correcting this problem, click Help.
"Al Mulnick" wrote:
Did you say this was a different domain you're working on than the domain
that your original server that got promoted was in? I was under the
impression that this is all one single domain and this is a second server
you're trying to promote to a DC.
How about trying the following:
Is this server a member of the domain (the same one that you have the PDC
in
that was successfully promoted)?
If yes, can you remove it and re-add it successfully (note: be sure
there's
no apps on the server that might break before trying this. If just a
newly
installed server, then no harm right?)
Is your PDC and this server using the same name servers (WINS and DNS)?
Are they on the same network?
Did you run netdiag and DCDIAG on the domain controller that is already
promoted? What was the result?
This sounds a lot like a name resolution issue, but it's possible your
domain account has not been successfully added. Remember that this
server
you're trying to promote needs to be a member of the domain before you
try
to promote it to a DC and you need to be logged in with domain admin
credentials when you promote it.
Al
"Scott" <Scott@discussions.microsoft.com> wrote in message
news:30204554-A5AC-45BF-AAE2-1DFBBA0CF6D1@microsoft.com...
Al,
I ran the DCDiag from the server that is failing to promote and when it
reached the MachineAccount test is failed with the error: Could Not Get
NetBiosDomainName
I had to supply the NetBIOS domain and Admin credentials to run this,
as
the
local Admin account would not.
What's strange is that I cannot logon to the DNS domain controller to
authenticate to promote this server, but I can access network shares by
providing the credentials.
When I performed as NetDiag from the server that fails to promote, I
received a failure notice on:
Trust Relationship Test failed (this is a single domain network), with
the
error:
Don't have access to test your domain sid for domain <NetBIOS domain
name
,
secure channel to domain <NetBIOS domain name> is broken.
[Err_No_Trust_SAM_Account]
LDAP
\\<DNS Server Name> isn't running the DS. Cannot test LDAP.
Failed to query SPN registration on DC <DNS Server Name
Hope all this helps! Thanks for your support.
"Al Mulnick" wrote:
Have you tried Netdiag and analyzed the results? Sorry not to have
mentioned that before.
On the already working domain controller, dcdiag is additionally
useful
(netdiag and dcdiag there). On the server that won't promote, netdiag
is
the tool.
You also want to make sure that they share the same name servers. The
promoted DC should be using itself (most likely anyway) and the new
server
should also be using the new DC (I'm assuming DNS is running on the
new
domain controller. The important thing is that they use the same name
servers (DNS and WINS) until successful promotion.
Al
"Scott" <Scott@discussions.microsoft.com> wrote in message
news:475A1AF3-8FEC-44E3-A4DD-8448695DEDFC@microsoft.com...
I guess that is the Million dollar question..what about the DNS that
may
be
configured incorrectly? I can ping the servers from the clients by
pinging
the DNS Domain name, and netbios name.
"Al Mulnick" wrote:
In that case, have you checked DNS?
"Scott" <Scott@discussions.microsoft.com> wrote in message
news:6A5C5B3A-066E-49A4-8F7A-6530132A27B4@microsoft.com...
Al,
Sorry I wasn't very clear. I did already upgrade the PDC to AD by
doing
an
in-place upgrade on the PDC and then creating the AD via the AD
wizard.
This
refers to the BDC that had not yet been upgraded to 2003. I did
the
upgrade
on the BDC, by performing an in-place upgrade as well.
"Al Mulnick" wrote:
You're supposed to upgrade the PDC vs. the BDC. W2K3 can't
exist
as a
BDC.
Can you double check which is the PDC? (in W2K3, it's PDCe).
What you want to do is check the domainmgr tools in NT4 to see
who's
listed
as the PDC. Then verify that W2K3 sees the same by checking the
roles
of
the W2K3 machine with AD tools. They likely don't see each
other
the
same
way.
"I upgraded a NT 4.0 BDC to 2003." How'd you do that exactly?
Al
"Scott" <Scott@discussions.microsoft.com> wrote in message
news:2DC1B271-438D-460B-8800-11CCBEA4E348@microsoft.com...
I upgraded a NT 4.0 BDC to 2003. The AD wizard cannot find the
Domain
Controller for the domain. All the clients (XP) are able to
authenticate
to
the Domain Controller, and have been able to for a few weeks.
Why
can
this
BDC not see the domain controller? I can ping the DC using the
DNS
name,
and
IP Address.
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in