1

I've just migrated the AD with the whole nine yards, FSMO, PDC, RID, Schema, etc, from an SBS 2003 to a Win 2008 R2 Std. I have managed to have no error in the dcdiag before I demoted the SBS 2003 from the AD, fsmocheck, conectivity, advertising, dns, etc. The SBS 2003 demoted successfully. After this step I have restarted both, the old SBS and the new Win 2008 r2. After restart the new DC (which is the GC) started with an Access denied to the DNS Server MMC, actually it is looking like I would try to connect to the 2008 r2 DNS server from an older server console

I can NOT manage DNS server through MMC nor through dnscmd (Command failed: ERROR_ACCESS_DENIED 5 0x5)

I cannot even use the Action Option from the DNS Server MMC because all the options are DISABLED but for "Launch nslookup".

I've made a lot of research on the internet but no luck, yet. So I come to ask for help.

Thank you very much.

sealview
  • 13
  • 3
Silviu-Ionut Radu
  • 11
  • 2

2 Answers2

1

I forgot to mention what I have discovered after all. When you demote an old server from AD, that MAC address is still registered in the new GC of the AD after migration, so whether you don't connect that machine in the same IP Network or you find a way to delete it from the new GC AD. The issue above replicated twice on my side. Once a machine demoted, no more connect in the LAN, at least not with the same MAC address.

sealview
  • 13
  • 3
0

Unfortunately you can not use Windows 2003 SBS unless you reduce the security of RPC on the Windows 2008 R2 server as per KB2027440. This is because the named pipe hardening introduced in Windows Vista, Windows 2008 and is enforced for DNS management in Windows 2008 R2. See http://msdn.microsoft.com/en-us/library/bb757001.aspx.

You alternatives are:

  • Use a newer management client e.g. Vista, Windows 7, Windows 2008+
  • Use Remote Desktop to access the DNS server Reduce the security of
  • the Windows 2008 R2 server to enable support for Windows 2003/XP.
Bernie White
  • 1,024
  • 7
  • 17