Migrating Server 2003 -> Server 2008 r2. Global Catalog location. DNS problems

Question

I've got a dying server with a WinServer 2003 installed. It's a Domain Controller. I've made a virtual machine with a Server 2008 r2 and migrated all roles on it. But there is a problem. Global Catalog is still located on the old server despite the new one has a Global Catalog option turned on. It says:

Log Name:      Directory Service
Source:        Microsoft-Windows-ActiveDirectory_DomainService
Date:          30.08.2013 18:45:20
Event ID:      1869
Task Category: Global Catalog
Level:         Information
Keywords:      Classic
User:          ANONYMOUS LOGON
Computer:      vm-dns2.logstream.local
Description:
Active Directory Domain Services has located a global catalog in the following site. 

Global catalog:
\\server.logstream.local 
Site:
Default-First-Site-Name
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS General" />
    <EventID Qualifiers="16384">1869</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>18</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2013-08-30T14:45:20.007237900Z" />
    <EventRecordID>186</EventRecordID>
    <Correlation />
    <Execution ProcessID="484" ThreadID="604" />
    <Channel>Directory Service</Channel>
    <Computer>vm-dns2.logstream.local</Computer>
    <Security UserID="S-1-5-7" />
  </System>
  <EventData>
    <Data>\\server.logstream.local</Data>
    <Data>Default-First-Site-Name</Data>
  </EventData>
</Event>

I need GC to be located on the new server to let the old one eventually die. Could someone please help me with that?

I agree there may be some DNS problems. If the old DC is off, the new one sais:

Log Name:      Directory Service
Source:        Microsoft-Windows-ActiveDirectory_DomainService
Date:          02.09.2013 12:58:06
Event ID:      1126
Task Category: Global Catalog
Level:         Error
Keywords:      Classic
User:          ANONYMOUS LOGON
Computer:      vm-dns2.logstream.local
Description:
Active Directory Domain Services was unable to establish a connection with the global catalog. 

Additional Data 
Error value:
1355 The specified domain either does not exist or could not be contacted. 
Internal ID:
3200e25 

User Action: 
Make sure a global catalog is available in the forest, and is reachable from this domain controller. You may use the nltest utility to diagnose this problem.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS General" />
    <EventID Qualifiers="49152">1126</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>18</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2013-09-02T08:58:06.650172500Z" />
    <EventRecordID>248</EventRecordID>
    <Correlation />
    <Execution ProcessID="484" ThreadID="604" />
    <Channel>Directory Service</Channel>
    <Computer>vm-dns2.logstream.local</Computer>
    <Security UserID="S-1-5-7" />
  </System>
  <EventData>
    <Data>3200e25</Data>
    <Data>1355</Data>
    <Data>The specified domain either does not exist or could not be contacted.</Data>
  </EventData>
</Event>

And just after that appears a 2092 event:

This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has not replicated successfully with any of its partners since this server has been restarted. Replication errors are preventing validation of this role. Operations which require contacting a FSMO operation master will fail until this condition is corrected. FSMO Role: DC=logstream,DC=local

The other machines with automatic net configuration say that DNS server is 192.168.0.1 which is a router

score 10 · Answer 1 · answered Aug 30 '13 at 15:30

10

It's OK... global catalog doesn't need to be "migrated" from one DC to another, per se. Just make all your domain controllers GCs. That's it. There's no problem decommissioning a domain controller that is a GC. All your domain controllers should all be GCs at the same time.

answered Aug 30 '13 at 15:30

Ryan Ries

55,481
10
142
199

They both are GCs at the time but when the old one is off the new one says that it can't contact to global catalog. That's why I want to make sure global catalog is physically located on the new DC – Konstantin Aug 30 '13 at 15:35
@Konstantin - You're misunderstanding the Global Catalog. From a command prompt run "nltest /dnsgetdc:yourdomain.tld /gc". If both DC's are returned in the results then the GC is fine on both servers. – joeqwerty Aug 30 '13 at 15:41
2

My guess is that you have DNS misconfigured somewhere. – joeqwerty Aug 30 '13 at 15:43
1

Right, so on your extant domain controller, make sure that its DNS resolvers are set to #1) Another DC in your domain that is *not* the one that you're trying to retire, and #2) 127.0.0.1. Do not list 127.0.0.1 as the primary DNS resolver on your DC *unless* it is the *only* domain controller in the domain. – Ryan Ries Aug 30 '13 at 15:48
I've done what you've advised successfully but that didn't help. The old DC is also a WINS and DHCP server but we've got a router which also is a DHCP server besides it's a gateway. Maybe I should migrate DHCP and WINS too? – Konstantin Sep 02 '13 at 08:30
DHCP and WINS are optional components; they have nothing to do with the successful operation of AD. (You're not supposed to have two DHCP servers on the same network but that's an entirely separate issue.) #1 Did you transfer or seize the FSMO roles when you put them on the new DC, and #2) Did you let the initial replication finish during the promotion of the new DC before you shut the old one down? – Ryan Ries Sep 02 '13 at 14:21
Also, yes, you're going to keep getting errors from a missing DC until you demote it. AD still thinks it's supposed to be there, and will still bark at you when you power it off, until you demote it. – Ryan Ries Sep 02 '13 at 14:27
Thanks for advices! Yes, i've transfered the FSMO roles and seized them later to be sure they are assigned to the new DC. Replication also gone well. So should I demote the old DC from GC to just DC or maybe it can be just removed from computers and DC lists to stop torment with it? – Konstantin Sep 03 '13 at 10:27
Run DCPromo on it to gracefully demote the old DC. – Ryan Ries Sep 03 '13 at 12:32

Migrating Server 2003 -> Server 2008 r2. Global Catalog location. DNS problems

1 Answers1