But the time service is running or not?
start > run > services.msc > time > right click > properties and check WHO start this service.
start > run > services.msc > time > right click > properties and check WHO start this service.
New 2008R2 Server To 2003 Domain
- Thread starter SailingNut
- Start date
SailingNut
Well-Known Member
Time service is running and it is started in the Local Service account
Actually you shouldn't have big problems, sorry, no problems at all.
Anyway, let's try to make sure everything is working fine:
Check permissions on SYSVOL share (this is mandatory for GP).
Regarding DHCP, try this:
ipconfig /registerdns
net restart netlogon
Retry but as said, you may not have problems... time service is running, this is the most important thing.
Anyway, let's try to make sure everything is working fine:
Check permissions on SYSVOL share (this is mandatory for GP).
Regarding DHCP, try this:
ipconfig /registerdns
net restart netlogon
Retry but as said, you may not have problems... time service is running, this is the most important thing.
SailingNut
Well-Known Member
Permissions on SYSVOL are as follows:
CREATOR OWNER - Special Permissions
Authenticated Users - Read & execute, List folder contents, Read
SYSTEM - Full control
Administrators - Special permissions
Server Operators - Read & execute, List folder contents, Read
After performing the steps you suggested, I'm still getting a couple of errors in dcdiag. Here's the output:
Code:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = big-rig
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\BIG-RIG
Starting test: Connectivity
......................... BIG-RIG passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\BIG-RIG
Starting test: Advertising
......................... BIG-RIG passed test Advertising
Starting test: FrsEvent
......................... BIG-RIG passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... BIG-RIG failed test DFSREvent
Starting test: SysVolCheck
......................... BIG-RIG passed test SysVolCheck
Starting test: KccEvent
......................... BIG-RIG passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... BIG-RIG passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... BIG-RIG passed test MachineAccount
Starting test: NCSecDesc
......................... BIG-RIG passed test NCSecDesc
Starting test: NetLogons
......................... BIG-RIG passed test NetLogons
Starting test: ObjectsReplicated
......................... BIG-RIG passed test ObjectsReplicated
Starting test: Replications
......................... BIG-RIG passed test Replications
Starting test: RidManager
......................... BIG-RIG passed test RidManager
Starting test: Services
......................... BIG-RIG passed test Services
Starting test: SystemLog
An error event occurred. EventID: 0x00000423
Time Generated: 05/16/2011 14:40:47
Event String:
The DHCP service failed to see a directory server for authorization.
......................... BIG-RIG failed test SystemLog
Starting test: VerifyReferences
......................... BIG-RIG passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : wtbhome
Starting test: CheckSDRefDom
......................... wtbhome passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... wtbhome passed test CrossRefValidation
Running enterprise tests on : wtbhome.net
Starting test: LocatorCheck
......................... wtbhome.net passed test LocatorCheck
Starting test: Intersite
......................... wtbhome.net passed test IntersiteThat's ok for sysvol. Just ignore this error.
Regarding the last one (DHCP), I could tell you to remove and readd the DHCP role, but if everything is working fine, you don't have to do so.
I think you're ok right now
Regarding the last one (DHCP), I could tell you to remove and readd the DHCP role, but if everything is working fine, you don't have to do so.
I think you're ok right now
SailingNut
Well-Known Member
One more question, I'm getting errors in the event log saying that "The computer X tried to contact the server using the trust relationship established by the WTBHOME domain. However, the computer lost the correct security identifier (SID) when the domain was reconfigured. Reestablish the trust relationship." Where X is any of the machines on my network.
I did some searching and the suggestion was to delete the couputer account from the domain and re-create it. Well, in my case there is no computer account in the domain, so I just created one. But, it still appears that the problem exists. Any ideas?
I did some searching and the suggestion was to delete the couputer account from the domain and re-create it. Well, in my case there is no computer account in the domain, so I just created one. But, it still appears that the problem exists. Any ideas?
You should tell me what is COMPUTER X, was it a server?
Of course it is running somewhere and it was a TRUSTED DELEGATED. Now the point is: can you find something in domains and trusts?
If the computer X was a part of DC, you have to remove the partnership.
Anyway, also this problem is not a problem (???), because the COMPUTER X will not be able to take infos about AD structure. But anyway, it will work properly.
If you want to establish a trusted domain parternership, you can do this by adding a trusted in DOMAIN AND TRUSTS.
Of course it is running somewhere and it was a TRUSTED DELEGATED. Now the point is: can you find something in domains and trusts?
If the computer X was a part of DC, you have to remove the partnership.
Anyway, also this problem is not a problem (???), because the COMPUTER X will not be able to take infos about AD structure. But anyway, it will work properly.
If you want to establish a trusted domain parternership, you can do this by adding a trusted in DOMAIN AND TRUSTS.
Attachments
SailingNut
Well-Known Member
The computer X are the workstation computers in my network.
There is nothing in AD Domains & Trusts. When I right click on it & select manage it opens AD Users & Computers and that is where I added the computer account. (Trying to replicate on the server what happens when you join a machine to the domain.)
Oh well, try to un-join that pc from domain. Delete the COMPUTER's entry from AD, then re-add the pc and your problem should be solved.
I mean, try with one pc... just to see if this resolve your problem.
SailingNut
Well-Known Member
I'd like to avoid that because I think it will wipe out the personal settings & etc. for each domain user on that computer. (Or am I completely wrong?)
if you don't redirect profiles on a server or a network share... yes.
Well, I don't think you will have troubles, the error simply indicates that a computer cannot be verified with its SID. Unless people are able to login with their account, you can ignore this problem.
If I'm not wrong, SID are used to avoid the entire authentication process. Anyway, if this fails, Windows will try to use user's credentials. I'm not sure...
Anyway, this problem is because your DC has created another DB with differents SIDs.
SailingNut
Well-Known Member
OK, I was worried about seeing errors in the event viewer and that it could catch up with me down the road. I'd love to get rid of the errors, but I don't want to jump through a bunch of hoops if they really aren't going to cause any problems.
Thanks for all of your help! I'm not seeing any operational problems now!
Errors and warnings are importants, but in many cases they don't cause troubles with operations.
We will see
We will see
SailingNut
Well-Known Member
First operational hiccup.......
My 2003 server is still on the network but demoted to a standalone server. I tried to log into it with a domain administrative account and it failed to authenticate. I had to log into the local computer.
It this to be expected since I demoted it and it's no longer a member of the domain or is it failing because of some other reason?
I checked the computer properties and it still thinks it's a part of the domain, so there may be some other problem lurking.
My 2003 server is still on the network but demoted to a standalone server. I tried to log into it with a domain administrative account and it failed to authenticate. I had to log into the local computer.
It this to be expected since I demoted it and it's no longer a member of the domain or is it failing because of some other reason?
I checked the computer properties and it still thinks it's a part of the domain, so there may be some other problem lurking.
if it is just a server (not a DC), remove from domain and, if you can, delete the computer object from AD. Then, rejoin.
SailingNut
Well-Known Member
FYI, I now have a completely "clean" dcdiag report.
It turns out the DHCP problem was that I had to "authorize" the DHCP server back into the domain after demoting and promoting.
I found a problem where it was not handing out an address to my laptop connected on WiFi. I opened up the DHCP panel and it told me that I needed to authorize it and told me to right click on my domain name in the panel and select ahtorize. How simple was that?!?!?
Hope this tidbit comes in handy for you some time in the future!
It turns out the DHCP problem was that I had to "authorize" the DHCP server back into the domain after demoting and promoting.
I found a problem where it was not handing out an address to my laptop connected on WiFi. I opened up the DHCP panel and it told me that I needed to authorize it and told me to right click on my domain name in the panel and select ahtorize. How simple was that?!?!?
Hope this tidbit comes in handy for you some time in the future!
I didn't know that DHCP must be authorized in order to work properly...
Thanks for your share
SailingNut
Well-Known Member
I didn't know that DHCP must be authorized in order to work properly...
Thanks for your share
Glad I could give at least a little something back!
I think this is the longest post in this forum 