I did an upgrade of AD from windows 2000 to 2003.  There were 2 windows 2000 domain controllers in the domain and I first demoted one of them, then ran adprep on the other and upgraded it to 2003. 

Everything seemed to go fine but I noticed that users are not getting scripts mapped at login anymore.

Checking around, I find that \\server\sysvol returns "configuration information could not be read from the domain controller, either because the machine is unavailable or access has been denied"

using the FQDN works fine, as does the DFS root, as does the IP address.

Oddly, this behavior occurs on the DC itself and also on any XP clients or other Server 2003 clients.  The remaining windows 2000 servers (a file server and several terminal servers) have no problems and will run scripts at login just fine.

I need to get this fixed asap; thanks for any assistance.

-matt -- whosmatt ------------------------------------------------------------------------ whosmatt's Profile: http://forums.techarena.in/members/84208.htm View this thread: http://forums.techarena.in/active-directory/1145573.htmhttp://forums.techarena.in

Matt - have you confirmed that the "server" short name actually resolves to
the appropriate IP address? Is your DC multihomed? Is the TCP/IP NetBIOS
Helper service enabled on affected computers?

hth
Marcin

Show quoteHide quote

Yes, I have.  I actually rolled back my upgrade (gotta love those vmware snapshots) and even with the server running Windows 2000 the same thing happened.  The only way I could fix the problem is to run dcpromo on the 2nd domain controller that I had originally demoted so that it was a DC again.  I need to figure out the cause of this before I do the upgrade.

Marcin;4315885 Wrote: > Matt - have you confirmed that the "server" short name actually resolves > to
Show quoteHide quote

Hello whosmatt,

Snapshots of Domain controllers is a NOT supported way of backup, you can/will
run in USN rollbacks:
2000:
http://support.microsoft.com/kb/885875

2003:
http://support.microsoft.com/kb/875495

So check this immediately and make sure you doesn't have it. If you have
resolve it according to the article.

After that check the domain controllers with dcdiag /v, netdiag /v and repadmin
/showrepl to make sure no errors exist. Install the support\tool\suptools.msi
from the 2000/2003 installation disk on the DC's.

When all problems are solved you can start with upgrading.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


Show quoteHide quote

As long as it's a powered-off snapshot, you're golden.

'Meinolf Weber [MVP-DS Wrote: > ;4316248']Hello whosmatt,
Show quoteHide quote

Hello whosmatt,

And if you power it on in the domain, the USN rollback will occur.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


Show quoteHide quote

Good thing the upgrade went smoothly the second time, then.

'Meinolf Weber [MVP-DS Wrote: > ;4321350']Hello whosmatt,
Show quoteHide quote

Hello Whosmatt,

How sure are you  that the only way to resolve issue is to run dcpromo on
the 2nd domain controller that I had originally demoted so that it was a DC?
I think your issue might be DNS related. How is your DNS configured? Is your
upgraded DC also a DNS server? Do an nbtstat -a computername to see if the
name is properly registered. Or you may want to do a nbtstat -RR and see if
this helps as well.

Isaac

Show quoteHide quote

Hello whosmatt,

For upgrading to newer OS demoting one of 2 DC's is not needed, in my opinion
it is dangerous. If the now one and only DC crashes the complete domain is
gone and without a good backup, at least systemstate backup you have lost
everything.

For a how to see here:
!!!NEVER START BEFORE HAVING CREATED AND TESTED A BACKUP OF YOUR DATA/MACHINE!!!

One question first:
Is the old server also Exchange server and will it be taken out of the domain
forever, when the new server is running?

- On the old server open DNS management console and check that you are running
Active directory integrated zone (easier for replication, if you have more
then one DNS server)

- run replmon from the run line or repadmin /showrepl (only if more then
one DC exist), dcdiag and netdiag from the command prompt on the old machine
to check for errors, if you have some post the complete output from the command
here or solve them first. For this tools you have to install the support\tools\suptools.msi
from the 2000 or 2003 installation disk.

- run adprep /forestprep and adprep /domainprep from the 2003 installation
disk against the 2000 server, with an account that is member of the Schema
admins, to upgrade the schema to the new version

- Install the new machine as a member server in your existing domain

- configure a fixed ip and set the preferred DNS server to the old DNS server
only

- run dcpromo and follow the wizard to add the 2003 server to an existing
domain

- if you are prompted for DNS configuration choose Yes (also possible that
no DNS preparation occur), then install DNS after the reboot

- for DNS give the server time for replication, at least 15 minutes. Because
you use Active directory integrated zones it will automatically replicate
the zones to the new server. Open DNS management console to check that they
appear

- if the new machine is domain controller and DNS server run again replmon,
dcdiag and netdiag on both domain controllers

- if you have no errors, make the new server Global catalog server, open
Active directory Sites and Services and then double-click sitename, double-click
Servers, click your domain controller, right-click NTDS Settings, and then
click Properties, on the General tab, click to select the Global catalog
check box (http://support.microsoft.com/?id=313994)

- Transfer, NOT seize the 5 FSMO roles to the new Domain controller (http://support.microsoft.com/kb/324801)

- you can see in the event viewer (Directory service) that the roles are
transferred, also give it some time

- reconfigure the DNS configuration on your NIC of the 2003 server, preferred
DNS itself, secondary the old one

- if you use DHCP do not forget to reconfigure the scope settings to point
to the new installed DNS server

- export and import of DHCP database (if needed) (http://support.microsoft.com/kb/325473)

- backup WINS (http://technet.microsoft.com/en-us/library/cc727901.aspx)

- restore WINS (http://technet.microsoft.com/en-us/library/cc727960.aspx)


Demoting the old DC (if needed)

- reconfigure your clients/servers that they not longer point to the old
DC/DNS server on the NIC

- to be sure that everything runs fine, disconnect the old DC from the network
and check with clients and servers the connectivity, logon and also with
one client a restart to see that everything is ok

- then run dcpromo to demote the old DC, if it works fine the machine will
move from the DC's OU to the computers container, where you can delete it
by hand. Can be that you got an error during demoting at the beginning, then
uncheck the Global catalog on that DC and try again

- check the DNS management console, that all entries from the machine are
disappeared or delete them by hand if the machine is off the network for ever

- also you have to start AD sites and services and delete the old servername
under the site, this will not be done during demotion

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


Show quoteHide quote

What am I missing?
Domain Trust issue
problem reading gpt.ini
Manually removing cert server from AD
DNS/DHCP problem while migrating computers using ADMT
Group Domain Admins cannot be found
Logon issue in a 2 domain trust - Win 2003
DC fails when isolated from network
GPO Version mismatch in Sysvol
GPO to allow Active X, Java FLash