Errors migrating profiles with the security translation wiza
Windows Server Forum Index Windows Server
Server discussion on Windows platform.
 
 FAQFAQ   MemberlistMemberlist     RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
 
Google
 
Web winserverhelp.com
Errors migrating profiles with the security translation wiza

 
Post new topic   Reply to topic    Windows Server Forum Index -> Migration
Author Message
Guest
Posted: Tue Feb 01, 2005 6:48 am    Post subject: Errors migrating profiles with the security translation wiza Reply with quote
I have had a 50/50 success rate with the ADMT Security Translation
Wizard, I am going to detail how I get the client computer setup for it
as well as the error I get when it does not work.

1. Turn off windows firewall on the client computer.
2. Add the Domain Admin from the new 2003 domain to the local admin
group on the client computer.
3. Point the client's TCP/IP properties to the 2003 DNS server.
4. Make sure that the RPC service is running.
5. From the 2003 domain computer successfully telnet to port 139
6. From the 2003 domain computer successfully net use \\client\admin$
to verify that I can connect to it.

After that is finished I run the ADMT Migrate User Account Wizard and
move the user account from the old domain to the new domain taking care
to include the SID history for the old user.

As soon as that completes I use the ADMT's Security Translation
Wizard to migrate the users profile on their workstation to the new
domain. I only check the option to migrate the profile with the add
verbiage.

Half the time it completes successfully, the other half of the time it
completes with errors.
Below I have pasted the log w/errors:

2005-01-31 15:12:35
2005-01-31 15:12:35 Active Directory Migration Tool, Starting...
2005-01-31 15:12:35 Starting Security Translator.
2005-01-31 15:12:35 Agent is running in local mode.
2005-01-31 15:12:35 Read 16 accounts from C:\Program
Files\OnePointDomainAgent\DCTCache.039
2005-01-31 15:12:35 SecurityTranslation Profiles:Yes RecycleBin:Yes
TranslationMode:Add OLDDOMAIN NEWDOMAIN
2005-01-31 15:12:35 Starting
2005-01-31 15:12:35 Translating local machine.
2005-01-31 15:12:36 Skipping A:\, rc=21 The device is not ready.
2005-01-31 15:12:36 Processing C:\
2005-01-31 15:12:36 Processing recycle bin files and folders on C:\.
2005-01-31 15:12:36 Examining:
S-1-5-21-1299979310-1730232275-8547516-1152
2005-01-31 15:12:37 Renamed recycle bin directory from
C:\\RECYCLER\S-1-5-21-1299979310-1730232275-8547516-1152 to
C:\\RECYCLER\S-1-5-21-3310831107-3417008527-692140227-1144
2005-01-31 15:12:37 Skipping D:\. D:\ is a CD-ROM drive.
2005-01-31 15:12:43 Translating user profile for acasillas
2005-01-31 15:12:45 ERR3:7330 Failed to open registry key
\Software\Classes, rc=87 The parameter is incorrect.
2005-01-31 15:12:45 ERR3:7331 RegEnumKeyEx failed, rc=87 The parameter
is incorrect.
2005-01-31 15:12:45 SecurityTranslation Files:Yes TranslationMode:Add

2005-01-31 15:12:45 Starting
2005-01-31 15:13:25 ------Account Detail---------
2005-01-31 15:13:25 The account detail section uses the following
format: AccountName(OwnerChanges, GroupChanges, DaclChanges,
SaclChanges).
2005-01-31 15:13:25 acasillas (4623, 0, 10340, 0)
2005-01-31 15:13:25 -----------------------------
2005-01-31 15:13:25 15 users, 1 groups
2005-01-31 15:13:25 16 accounts selected. 16 resolved, 0 unresolved.
2005-01-31 15:13:25 Examined Changed Unchanged
2005-01-31 15:13:25 Files 2 2 0
2005-01-31 15:13:25 Dirs 1 1 0
2005-01-31 15:13:25 Shares 0 0 0
2005-01-31 15:13:25 Members 0 0 0
2005-01-31 15:13:25 User Rights 0 0 0
2005-01-31 15:13:25 Exchange Objects 0 0
0
2005-01-31 15:13:25 Containers 0 0 0
2005-01-31 15:13:25 DACLs 5185 5171 14
2005-01-31 15:13:25 SACLs 0 0 0
2005-01-31 15:13:25 Examined Changed No Target
Not Selected Unknown
2005-01-31 15:13:26 Owners 5185 4623 562
0 0
2005-01-31 15:13:26 Groups 5185 0 5185
0 0
2005-01-31 15:13:26 DACEs 41365 10340 31025
31025 0
2005-01-31 15:13:26 SACEs 0 0 0
0 0
2005-01-31 15:13:26 Wrote result file C:\Program
Files\OnePointDomainAgent\ANTONIO28073718.result
2005-01-31 15:13:27 Operation completed.

At this point when I log into the client that I just ran this tool on
with the user name and password for the new domain I get 2 errors that
pop up immediately "Unable to find local profile maybe corrupt" and
"Making temporary profile for user" it then logs on to a fresh
screen with none of the users desktop items present. I look at the
security information under Document and Settings for the user and see
that there is a reference for the new domain\user with permissions set
for it.

I have to log back into the old domain for the user to have their old
desktop back, something failed.
I am open to discussion on this so please ask away ;)
Back to top
Frances [MSFT]
Guest
Posted: Wed Feb 02, 2005 6:46 am    Post subject: RE: Errors migrating profiles with the security translation Reply with quote
Hello,

Good to hear from you.

According to your log, I find "ERR3:7330" and "ERR3:7331" which indicate
that the user profile was not unloaded properly and handle was probably
kept open.

These errors mean that something was holding a handle open to the user's
registry, preventing it from unloading and finishing as expected. If you
look in the Application event log of the machines that failed, you might
see some UserEnv events saying that it failed to unload the profile.

One workaround would be to just reboot the machines before migration and do
not logon to it until after the migration. This would ensure that any user
profile information is not loaded during the migration. Please perform the
following steps and check again.

1. Make sure that anti virus program was disabled.

2. Reboot the system and kept the anti virus program disabled.

3. Run Security Translation Wizard to migrate user profiles again.

What is the result?

Symptoms of a profile unload issue would mainly be the UserEnv events in
the Application event log of the machine. Also, users may experience a
longer logoff time.

Please refer to the following article to have more information about the
profile unload issues.

837115 Troubleshooting profile unload issues
http://support.microsoft.com/?id=837115


Hope this helps. If you have any further questions, don't hesitate to get
in touch!

Best regards,

Frances He


Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
Back to top
 
Post new topic   Reply to topic    Windows Server Forum Index -> Migration All times are GMT
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum




New Topics Powered by phpBB