Clients können sich nicht anmelden nach DC-Migration

[sepp 10]

Hallo zusammen,

 

ich habe ein Netz mit einem einzigen DC auf Windows Server 2003. Diesen will ich ersetzen (neue Hardware) mit einem Windows Server 2012. Dabei bin ich wie folgt vorgegangen:

 

1. Windows Server 2012 installiert
2. Domänenlevel auf Windows Server 2008R2 hochgestuft
3. neuen Server zum DC mit GC gemacht
4. FSMO Rollen übertragen

Alles erstmal fehlerfrei. 

 

Allerdings können sich Clients jetzt nicht anmelden, wenn ich den alten Server ausschalte (s. Screenshot). Außerdem kann ich z.B. Active Directory User auf dem neuen nur sehen, wenn der alte Server an ist.

 

 

Wie gehe ich da jetzt am schlausten vor, um den Fehler zu lokalisieren und zu beheben?

 

Danke und VG

 

sepp

[lefg 276]

Hallo,

 

wie schaut es denn mit DNS aus? Ist DNS AD-integriert? Ist am neuen DC dessen eigne IP in den Netzwerkeinstellungen als primärer DNS eingetragen und der alte als sekundärer?

bearbeitet 22. April 2013 von lefg

[Dukel 451]

Stimmt die Namensauflösung?

[NorbertFe 2.027]

Du hast den neuen Dc zur alten Domain hinzugefügt? So wie sich das oben liest (Hochstufen auf 2008 R2) kann das nicht gehen, wenn du noch einen 2003er Dc hast.

 

Bye

Norbert

[sepp 10]

Du hast den neuen Dc zur alten Domain hinzugefügt? So wie sich das oben liest (Hochstufen auf 2008 R2) kann das nicht gehen, wenn du noch einen 2003er Dc hast. Bye Norbert

 

Stimmt, das ist unlogisch. Domänenlevel ist nur 2003.

 

 

Hallo,

 

wie schaut es denn mit DNS aus? Ist DNS AD-integriert? Ist am neuen DC dessen eigne IP in den Netzwerkeinstellungen als primärer DNS eingetragen und der alte als sekundärer?

 

 

 

ja genau.

 

 

Stimmt die Namensauflösung?

 

 

 

Offenbar nicht wirklich. Ich weiß nur nicht wie ich es hinbekomme. Hier ein paar Fehlermeldungen des neuen Servers:

 

The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.

The File Replication Service is having trouble enabling replication from BLTC-SERVER to SIGAY for c:\windows\sysvol\domain using the DNS name bltc-server.training.bltc.com. FRS will keep retrying. 
 Following are some of the reasons you would see this warning. 
 
 [1] FRS can not correctly resolve the DNS name bltc-server.training.bltc.com from this computer. 
 [2] FRS is not running on bltc-server.training.bltc.com. 
 [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers. 
 
 This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

The Knowledge Consistency Checker (KCC) has detected that successive attempts to replicate with the following directory service has consistently failed. 
 
Attempts:
1 
Directory service:
CN=NTDS Settings,CN=BLTC-SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=training,DC=bltc,DC=com 
Period of time (minutes):
7259 
 
The Connection object for this directory service will be ignored, and a new temporary connection will be established to ensure that replication continues. Once replication with this directory service resumes, the temporary connection will be removed. 
 
Additional Data 
Error value:
1908 Could not find the domain controller for this domain.

C:\Users\Administrator.TRAINING>dcdiag.exe /test:dns

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = sigay
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\SIGAY
      Starting test: Connectivity
         ......................... SIGAY passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\SIGAY

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... SIGAY passed test DNS

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : training

   Running enterprise tests on : training.bltc.com
      Starting test: DNS
         Test results for domain controllers:

            DC: sigay.training.bltc.com
            Domain: training.bltc.com


               TEST: Forwarders/Root hints (Forw)
                  Error: All forwarders in the forwarder list are invalid.

               TEST: Records registration (RReg)
                  Network Adapter
                  [00000010] Realtek PCIe GBE Family Controller:
                     Warning:
                     Missing SRV record at DNS server 192.168.1.6:
                     _ldap._tcp.gc._msdcs.training.bltc.com

                     Warning:
                     Missing A record at DNS server 192.168.1.6:
                     gc._msdcs.training.bltc.com

                     Warning:
                     Missing SRV record at DNS server 192.168.1.4:
                     _ldap._tcp.gc._msdcs.training.bltc.com

                     Warning:
                     Missing A record at DNS server 192.168.1.4:
                     gc._msdcs.training.bltc.com

               Error: Record registrations cannot be found for all the network
               adapters

         Summary of test results for DNS servers used by the above domain
         controllers:

            DNS server: 128.9.0.107 (b.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 128.9.0.107
            DNS server: 192.168.1.3 (<name unavailable>)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.168.1.3
            DNS server: 198.32.64.12 (l.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 198.32.64.12
            DNS server: 2001:500:1::803f:235 (h.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::803f:235

            DNS server: 2001:500:2d::d (d.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2d::d

            DNS server: 2001:500:2f::f (f.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f

            DNS server: 2001:500:3::42 (l.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:3::42

            DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30

            DNS server: 2001:503:c27::2:30 (j.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:c27::2:30

            DNS server: 2001:7fd::1 (k.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fd::1

            DNS server: 2001:7fe::53 (i.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fe::53

            DNS server: 2001:dc3::35 (m.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:dc3::35

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: training.bltc.com
               sigay                        PASS PASS FAIL PASS PASS FAIL n/a

         ......................... training.bltc.com failed test DNS

 

 

Was kann ich noch tun oder wo sollte ich ansetzen?

 

Danke!!

bearbeitet 8. Mai 2013 von sepp