AD problems after upgrading from NT4

AD problems after upgrading from NT4

Post by Dorian Salmo » Wed, 19 Apr 2000 04:00:00



I had exactly the same symptoms as you after upgrading my server to Win2000.
Spent about three hours on the phone with Microsoft Support, but did
eventually get it fixed - that MS guy is real good!

Here's what we did - remember that my setup may be different to yours, so
what worked for me may not work for you. I have a server with 2 NIC's, one
called "local" that connects to the internal LAN with static IP address, one
called "shared" that connects to external ISP via DSL connection with
dynamic IP address. This is the only server, so does everything - AD, DNS,
DHCP, printing, etc.

1)    Run Start --> Programs --> Administrative Tools --> DNS. Right-click
on server name, select All Tasks --> Stop.

2)    Right-click on server name again and go into properties. On the
Interfaces tab, under "Listen on", select "Only the following IP addresses"
radio button. Set the static IP address for "local" NIC in the box. Delete
anything else that is in there.

3)    On Forwarders tab, check the box for "Enable forwarders". Enter the IP
addresses for DNS server for ISP.

4)    Expand server name, then expand Forward Lookup Zones. Right-click on
domain name and go into Properties. On the General tab, set "Allow dynamic
updates?" to "yes".

5)    On Start of Authority tab, set "Primary server" to value of <server
name>.<domain name>.
6)    On Name Servers tab, make sure that <server name>.<domain name> has IP
address same as the static IP address on "local" NIC.

7)    Go into TCP/IP properties for "local" NIC, set "Preferred DNS server"
value to static IP address - i.e. point back to itself.

8)    Go back to DNS window, right-click on server name --> All tasks -->
start.

9)    Say a prayer, reboot server.

10)    Go have a beer to celebrate not having to re-install - at least
that's what happened in my case! As I said, your setup may be different, so
this may not work out the same for you, but anyway, best of luck.

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Dorian Salmon

(214) 912-4423

http://www.cattfish.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~

Quote:> After I upgraded my NT4 PDC and the AD wizard ran for the first time, I
> received an error saying something like the zone mydomain.com.au already
> exits. At the time I didn't really take any notice of the error as I
thought
> hey I'm upgrading -of course the zone already exits. Now however I am
> experiencing network problems.

> Every 5 minutes on the server in the event log I get
> Security policy cannot be propagated. Cannot access the template. Error
> code= 3.
> Source : SceCli

\\mydomain.com.au\sysvol\mydomain.com.au\Policies\{31B2F340-016D-11D2-945F-0
Quote:> 0C04FB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.

> The other symptoms are
> My computer takes about 10 minutes to prepare network connections.
> When I run NetDiag under IpConfig it says failed (no reason is given)
> NetDiag DNS tests all pass
> When I try to open/edit a Group policy I get
> The domain controller for Group Policy operations is not available. You
may
> cancel this operation for this session or retry using one of the following
> domain controller choices:
> The one with the Operations Master token for the PDC emulator
> The one used by the Active Directory Snap-ins
> Use any available domain controller

> Using any of these options give
> Failed to find a domain controller. There may be a policy that prevents
you
> from selecting another domain controller.

> I have only 1 server, 7 client PCs running Win2k Pro or Win95/98. I don't
> connect to other domains.

> Would the best thing to do be to delete the zone for my domain, remove AD
> and reinstall AD (how?) Formatting and reinstalling is not an option.

> Thanks in advance
> SR

 
 
 

AD problems after upgrading from NT4

Post by SR » Thu, 20 Apr 2000 04:00:00


After I upgraded my NT4 PDC and the AD wizard ran for the first time, I
received an error saying something like the zone mydomain.com.au already
exits. At the time I didn't really take any notice of the error as I thought
hey I'm upgrading -of course the zone already exits. Now however I am
experiencing network problems.

Every 5 minutes on the server in the event log I get
Security policy cannot be propagated. Cannot access the template. Error
code= 3.
Source : SceCli
\\mydomain.com.au\sysvol\mydomain.com.au\Policies\{31B2F340-016D-11D2-945F-0
0C04FB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.

The other symptoms are
My computer takes about 10 minutes to prepare network connections.
When I run NetDiag under IpConfig it says failed (no reason is given)
NetDiag DNS tests all pass
When I try to open/edit a Group policy I get
The domain controller for Group Policy operations is not available. You may
cancel this operation for this session or retry using one of the following
domain controller choices:
The one with the Operations Master token for the PDC emulator
The one used by the Active Directory Snap-ins
Use any available domain controller

Using any of these options give
Failed to find a domain controller. There may be a policy that prevents you
from selecting another domain controller.

I have only 1 server, 7 client PCs running Win2k Pro or Win95/98. I don't
connect to other domains.

Would the best thing to do be to delete the zone for my domain, remove AD
and reinstall AD (how?) Formatting and reinstalling is not an option.

Thanks in advance
SR


 
 
 

AD problems after upgrading from NT4

Post by SR » Fri, 21 Apr 2000 04:00:00


Thanks Dorian, everything is now OK. One note on the instructions, is that
when you stop DNS, you can't go to Forward lookup zones as DNS is not
running (or at least I couldn't)

If your ever in Australia there's a beer here waiting for you.


> I had exactly the same symptoms as you after upgrading my server to
Win2000.
> Spent about three hours on the phone with Microsoft Support, but did
> eventually get it fixed - that MS guy is real good!

> Here's what we did - remember that my setup may be different to yours, so
> what worked for me may not work for you. I have a server with 2 NIC's, one
> called "local" that connects to the internal LAN with static IP address,
one
> called "shared" that connects to external ISP via DSL connection with
> dynamic IP address. This is the only server, so does everything - AD, DNS,
> DHCP, printing, etc.

> 1)    Run Start --> Programs --> Administrative Tools --> DNS. Right-click
> on server name, select All Tasks --> Stop.

> 2)    Right-click on server name again and go into properties. On the
> Interfaces tab, under "Listen on", select "Only the following IP
addresses"
> radio button. Set the static IP address for "local" NIC in the box. Delete
> anything else that is in there.

> 3)    On Forwarders tab, check the box for "Enable forwarders". Enter the
IP
> addresses for DNS server for ISP.

> 4)    Expand server name, then expand Forward Lookup Zones. Right-click on
> domain name and go into Properties. On the General tab, set "Allow dynamic
> updates?" to "yes".

> 5)    On Start of Authority tab, set "Primary server" to value of <server
> name>.<domain name>.
> 6)    On Name Servers tab, make sure that <server name>.<domain name> has
IP
> address same as the static IP address on "local" NIC.

> 7)    Go into TCP/IP properties for "local" NIC, set "Preferred DNS
server"
> value to static IP address - i.e. point back to itself.

> 8)    Go back to DNS window, right-click on server name --> All tasks -->
> start.

> 9)    Say a prayer, reboot server.

> 10)    Go have a beer to celebrate not having to re-install - at least
> that's what happened in my case! As I said, your setup may be different,
so
> this may not work out the same for you, but anyway, best of luck.

> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Dorian Salmon

> (214) 912-4423