replace original server on network error dc not avail for group po

[Guest]

I am in the process of replacing my original server on my network and have transfered the schema master, the domain naming master, the RID master, the PDC master, and the infrastructure master to the new server my DNS works fine and the network seems to be working fine but when i go to change a group policy item it gives me this error message: "the domian controller for group policys is not available you may cancel this operation for this session or retry using one of the choices below." I can select a chioce and it will work fine but when i relaunch and try to make another group policy change it happens again.

 

[ptwilliams]

Providing DNS *is* fine and everybody is pointing in the right place this is
probably either stale resource records in DNS, invalid metadata, or a
combination of both.

Scavenge the DNS server and make the new server (if you haven't already) a
Global Catalog server. Did you successfully, and cleanly demote the
original server?


--

Paul Williams
_________________________________________
http://www.msresource.net - Under construction, but coming soon...


Join us in our new forums!
http://forums.msresource.net
_________________________________________

I am in the process of replacing my original server on my network and have

transfered the schema master, the domain naming master, the RID master, the
PDC master, and the infrastructure master to the new server my DNS works
fine and the network seems to be working fine but when i go to change a
group policy item it gives me this error message: "the domian controller for
group policys is not available you may cancel this operation for this
session or retry using one of the choices below." I can select a chioce and
it will work fine but when i relaunch and try to make another group policy
change it happens again.

 

[Guest]

I have not yet demoted it. I was not going to demote it unless i could get this problem worked out. If demoting the server will fix this problem I will go ahead a do it.

Thank you for your input.

 

[ptwilliams]

Well, it's probably best to get this sorted before you demote.

Have you made the server a GC? Where does the new server point for DNS?
Has it successfully registered it's SRV records in DNS?

Run the following tests and look for errors and warnings:

dcdiag /c /e /v
netdiag /v



--

Paul Williams
_________________________________________
http://www.msresource.net - Under construction, but coming soon...


Join us in our new forums!
http://forums.msresource.net
_________________________________________

I have not yet demoted it. I was not going to demote it unless i could

get this problem worked out. If demoting the server will fix this problem I
will go ahead a do it.

 

[Guest]

yes i have made the new server a GC, the new server points to itself for dns, and the SVR record is there along with other computers that have log on to the network since I changed this server to be the primary domian controller.
I tried to run thoes programs and recieved an error message saying the command is not recognized.?
Thank you for responding.

 

[ptwilliams]

You'll need to install the support tools for those tools to work. These are
in the support folder on the Windows server installation CD.


--

Paul Williams
_________________________________________
http://www.msresource.net - Under construction, but coming soon...


Join us in our new forums!
http://forums.msresource.net
_________________________________________

Yes the server is a GC and it points to itself for dns. It did

successfully registered it's SRV record in the DNS along with other
computers in the domain that have loged on since I changed the server to be
the primary DNS server.

 

[ptwilliams]

OK. Now we now what the problem is ;-)

Perform the following on the new server (after you have verified that the
DHCP client service is set to automatic and is running):

C:\>ipconfig /flushdns
C:\>net stop netlogon
C:\>net start netlogon
C:\>ipconfig /registerdns

Wait several minutes, and then force replication via dssite.msc or
replmon.exe.

Run the tests again.

Post back ;-)

--

Paul Williams
_________________________________________
http://www.msresource.net - Under construction, but coming soon...


Join us in our new forums!
http://forums.msresource.net
_________________________________________


the dcdiag test showed that my domain still thinks that the schema, the
domain, the PDC, the RID, and the infrastructure update owner is the old
server. It also could not verify the new server as the GC server but it
said it was advertised as one.
thanks

 

[Guest]

that fixed most of the problems except for one (the policys are still comming from my old server yet too) when I ran dcdiag it still says
" error: the server returned by dsgetdcname<> did not match dslistroles<> for the pdc"
PDC Name: \\my old server

I checked that i did in fact change the PDC emulator role also.
thanks

 

[Guest]

Feel free to e-mail me directly @ (e-mail address removed)
but remove all words including & between please and spam

 

[ptwilliams]

I'll wait for your next post. The clients probably have a case of negative
caching. Leaving this for a period, they should grab new records from DNS -
hopefully, the correct records.

Try scavenging the DNS server. If not enough time has elapsed for the
records to be officially stale, delete anything pertaining to the old server
manually. To do this, look under the SRV records, and delete any entries
that point to the old server.

Let me know how it is on Monday...

--

Paul Williams
_________________________________________
http://www.msresource.net - Under construction, but coming soon...


Join us in our new forums!
http://forums.msresource.net
_________________________________________


that fixed most of the problems except for one (the policys are still
comming from my old server yet too) when I ran dcdiag it still says
" error: the server returned by dsgetdcname<> did not match dslistroles<>
for the pdc"
PDC Name: \\my old server

I checked that i did in fact change the PDC emulator role also.
thanks

 

[Guest]

Should i shut the original server down now or run dcpromo on it to see if it will change the PDC to the new server? It is still going to the original server to get the policy's and is still saying " error: the server returned by dsgetdcname<> did not match dslistroles<> for the pdc"
PDC Name: \\my old server

 

[ptwilliams]

I thought you've already moved the PDC?

Don't do the demotion until everything is working.

Ensure that all clients are now pointing to the new server for DNS and power
off the old one and see what happens.

Post back exactly what problems you're still encountering...


--

Paul Williams
_________________________________________
http://www.msresource.net

Join us in our new forums!
http://forums.msresource.net
_________________________________________
Should i shut the original server down now or run dcpromo on it to see if it
will change the PDC to the new server? It is still going to the original
server to get the policy's and is still saying " error: the server returned
by dsgetdcname<> did not match dslistroles<> for the pdc"
PDC Name: \\my old server

 

[ptwilliams]

No problem ;-)

--

Paul Williams
_________________________________________
http://www.msresource.net


Join us in our new forums!
http://forums.msresource.net
_________________________________________


I did move the PDC but All of my servers still thought that the role holder
was the old server even though the new server was the master PDC, the master
RID and the infrastructure master in Active Directory Users and computers.
I ended up being able to change the infrastructure, the RID, and the PDC
owners but not the Schema Master and the Domain Master. So I ended up
seizing the Domain master and the Schema Master. Every thing is now working
smoothly. Thank you Very much for your help.