0

I recently got a new client who has a domain with two domain controllers, one running on Windows server 2012 R2 and an older 2008 R2. I would like to remove the old 2008 R2 within the domain and move on with the 2012 R2.

I first started to shut down the old server and see if everything is okay. This was soon not the case. Problem, the computers could no longer log on to the domain and this because the %logonserver% refers to the old 2008 R2 server.

How can I fix this so that the computers use the new 2012 R2 server to log on to the domain.

DCdiag displays the errors below.

Starting test: Advertising Warning: DsGetDcName returned information for \ SNP-SERVER.snpbvba.local, when we were trying to reac SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.

and

Starting test: NetLogons Unable to connect to the NETLOGON share! (\ MOLS \ netlogon) [MOLS] An net use or LsaPolicy operation failed with error 67, The network name cannot be found .. ......................... MOLS failed test NetLogons

Is anyone willing to help me with this?

regards

Xa4
  • 1
  • 1

1 Answers1

1

The clients should be able to automatically locate an available domain controller; the variable %logonserver% is not an actual setting, it just tells you which DC was used to process the last user logon.

However, locating a DC relies on DNS working properly and being available; if the clients are using the old server as their one and only DNS server, nothing will work anymore when you shut it down.

You should first of all make sure that DNS is working correctly on the new DC, and then point all your clients to it; if that's not feasible (f.e. due to static network config instead of DHCP), you will need to swap the IP addresses of the two servers.

The core point is, clients need DNS to locate a domain controller; they will not be able to find one without it.

Also, those error messages seem to imply something is wrong with the new DC; review the event logs and find what it is. Make sure to do so when BOTH servers are online, because if a DC is down the other one will be filled with errors.

Massimo
  • 68,714
  • 56
  • 196
  • 319
  • The client computers use dhcp and pointing to the new 2012 servers DNS IP but still use the old server. Can you help in making sure the DNS is working properly? – Xa4 Sep 23 '20 at 19:59
  • specific DNS Suffix . : Firm.local DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 192.168.2.21 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : donderdag 10 september 2020 0:47:03 Lease Expires . . . . . . . . . . : zondag 27 september 2020 11:37:35 Default Gateway . . . . . . . . . : 192.168.2.1 DHCP Server . . . . . . . . . . . : 192.168.2.12 DNS Servers . . . . . . . . . . . : 192.168.2.12 NetBIOS over Tcpip. . . . . . . . : Enabled – Xa4 Sep 23 '20 at 20:01
  • if i go this "dcdiag /test:dns /v /s: /DnsBasic /f:dcdiagreport.txt" DNS server: 192.168.2.10 (SNP-SERVER) All tests passed on this DNS server Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered DNS server: 192.168.2.12 (MOLS) All tests passed on this DNS server Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered – Xa4 Sep 23 '20 at 20:05
  • If you try `net share`, does it list SYSVOL and NETLOGON? Also, what's the result of `repadmin /showrepl`? – Massimo Sep 23 '20 at 20:55
  • Repadmin: running command /showrepl against full DC localhost Default-First-Site-Name\MOLS DSA Options: IS_GC Site Options: (none) DSA object GUID: 94bb2d08-d6a3-4c14-b9cc-f21037d3df55 DSA invocationID: d00c5fff-224c-4076-8bbe-eab8347555eb ==== INBOUND NEIGHBORS ====================================== DC=Firm,DC=local Default-First-Site-Name\SNP-SERVER via RPC DSA object GUID: ae3c1190-8c90-475a-976c-456274965f30 Last attempt @ 2020-09-23 22:58:39 was successful. – Xa4 Sep 23 '20 at 20:59
  • CN=Config,DC=Firm,DC=local Default-First-Site-Name\SNP-SERVER via RPC DSA object GUID: ae3c1190-8c90-475a-976c-456274965f30 Last attempt @ 2020-09-23 22: successful. CN=Schema,CN=Config,DC=Firm,DC=local Default-First-Site-Name\SNP-SERVER via RPC DSA object GUID: ae3c1190-8c90-475a-976c-456274965f30 Last attempt @ 2020-09-23 22:9 successful. DC=DomainDnsZones,DC=Firm,DC=local Default-First-Site-Name\SNP-SERVER via RPC DSA object GUID: ae3c1190-8c90-475a-976c-456274965f30 Last attempt @ 2020-09-23 22:50:39 successful. – Xa4 Sep 23 '20 at 21:01
  • DC=local Default-First-Site-Name\SNP-SERVER via RPC DS SNP-SERVER, This is the old server that has to do – Xa4 Sep 23 '20 at 21:02
  • If you try net share, does it list SYSVOL and NETLOGON? I created thes manually now – Xa4 Sep 23 '20 at 21:03
  • This is the only error when running dcdiag at the moment Testing server: Default-First-Site-Name\MOLS Starting test: Advertising Warning: DsGetDcName returned information for \\SNP-SERVER.firm.local, when we were trying to reach MOLS. SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE. ......................... MOLS failed test Advertising – Xa4 Sep 23 '20 at 21:06
  • 1
    "I created thes manually now" **NO NO NO**. If those shares are not present, this is a sign that your domain controller *is not working*. Creating them manually is useless, you need to fix the underlying problem. – Massimo Sep 23 '20 at 21:46
  • Any ideas how to troubleshoot and hopefully solve the problem? Do i remove the shares that i made? – Xa4 Sep 24 '20 at 05:26
  • Event log. Review the event log for Active Directory and for either FRS or DFSR, depending on what your domain is using for SYSVOL replication. – Massimo Sep 24 '20 at 08:44
  • I see no error is the DFS Replication log 2012 R2 server The DFS Replication service successfully contacted domain controller Mols.snpbvba.local to access configuration information. The DFS Replication service has successfully registered the WMI provider. – Xa4 Sep 26 '20 at 16:00
  • File Replication Service Log The File Replication Service is having trouble enabling replication from SNP-SERVER.firm.local to MOLS for c:\windows\sysvol\domain using the DNS name SNP-SERVER.snpbvba.local. FRS will keep retrying. Following are some of the reasons you would see this warning. [1] FRS can not correctly resolve the DNS name SNP-SERVER.firm.local from this computer. [2] FRS is not running on SNP-SERVER.firm.local. [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers. – Xa4 Sep 26 '20 at 16:03
  • Where can i find the Active Directory log? – Xa4 Sep 26 '20 at 16:05