Forum Discussion
Trying to complete migration from Win 2012 Essentials to Win 2022 Essentials
Hi..
In the process of migrating from a Windows Server 2012 Essentials server, to a new Windows Server 2022 Essentials server.
I added the DC roles to the new machine, joined it to the domain, confirmed the pre DFS stuff was in the fourth disabled state, and then moved across fsmo roles. I'll admit I'm running a little blind as this is not an area of Windows Server I generally have to play with.
Where I'm up to is that the new DC won't provide SYSVOL and NETLOGON shares.
Status query so far says it's in "initial sync".
There is a quirk in the network, in that due to constraints on the router, to provide guest WiFi, the router needs to provide its own DNS server in the DHCP response, not that of DCs, so the router DNS server (dnsmasq) has a redirect on the DC domain to the IP of one of the DCs, the new DC right now.. but this can be changed easily.
Yes, the domain uses a ".local" domain, and yes, I know this can mess with broadcast DNS, but this was set before it was really a thing.
JPTDC01 ~
$ dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = JPTDC01
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\JPTDC01
Starting test: Connectivity
......................... JPTDC01 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\JPTDC01
Starting test: Advertising
......................... JPTDC01 passed test Advertising
Starting test: FrsEvent
......................... JPTDC01 passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... JPTDC01 failed test DFSREvent
Starting test: SysVolCheck
......................... JPTDC01 passed test SysVolCheck
Starting test: KccEvent
......................... JPTDC01 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... JPTDC01 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... JPTDC01 passed test MachineAccount
Starting test: NCSecDesc
......................... JPTDC01 passed test NCSecDesc
Starting test: NetLogons
......................... JPTDC01 passed test NetLogons
Starting test: ObjectsReplicated
......................... JPTDC01 passed test ObjectsReplicated
Starting test: Replications
......................... JPTDC01 passed test Replications
Starting test: RidManager
......................... JPTDC01 passed test RidManager
Starting test: Services
......................... JPTDC01 passed test Services
Starting test: SystemLog
An error event occurred. EventID: 0x00009017
Time Generated: 03/25/2024 10:41:48
Event String:
A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.
An error event occurred. EventID: 0x00009017
Time Generated: 03/25/2024 10:41:48
Event String:
A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
An error event occurred. EventID: 0x00009017
Time Generated: 03/25/2024 10:41:48
Event String:
A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.
An error event occurred. EventID: 0x00009017
Time Generated: 03/25/2024 10:41:48
Event String:
A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
A warning event occurred. EventID: 0x00000458
Time Generated: 03/25/2024 10:51:24
Event String:
The Group Policy Client Side Extension Group Policy Drive Maps was unable to apply one or more settings because the changes must be processed before system startup or user logon. The system will wait for Group Policy processing to finish completely before the next startup or logon for this user, and this may result in slow startup and boot performance.
A warning event occurred. EventID: 0x00000458
Time Generated: 03/25/2024 11:32:15
Event String:
The Group Policy Client Side Extension Group Policy Drive Maps was unable to apply one or more settings because the changes must be processed before system startup or user logon. The system will wait for Group Policy processing to finish completely before the next startup or logon for this user, and this may result in slow startup and boot performance.
A warning event occurred. EventID: 0x00000458
Time Generated: 03/25/2024 11:35:46
Event String:
The Group Policy Client Side Extension Group Policy Drive Maps was unable to apply one or more settings because the changes must be processed before system startup or user logon. The system will wait for Group Policy processing to finish completely before the next startup or logon for this user, and this may result in slow startup and boot performance.
......................... JPTDC01 failed test SystemLog
Starting test: VerifyReferences
......................... JPTDC01 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : JPT
Starting test: CheckSDRefDom
......................... JPT passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... JPT passed test CrossRefValidation
Running enterprise tests on : JPT.local
Starting test: LocatorCheck
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
......................... JPT.local failed test LocatorCheck
Starting test: Intersite
......................... JPT.local passed test Intersite
JPTDC01 ~
$ netdom query fsmo
Schema master JPTDC02.JPT.local
Domain naming master JPTDC02.JPT.local
PDC JPTDC02.JPT.local
RID pool manager JPTDC02.JPT.local
Infrastructure master JPTDC02.JPT.local
The command completed successfully.
New DC:
JPTDC02 ~
$ dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = JPTDC02
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\JPTDC02
Starting test: Connectivity
......................... JPTDC02 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\JPTDC02
Starting test: Advertising
Warning: DsGetDcName returned information for \\JPTDC01.JPT.local, when we were trying to reach JPTDC02.
SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
......................... JPTDC02 failed test Advertising
Starting test: FrsEvent
......................... JPTDC02 passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems.
......................... JPTDC02 failed test DFSREvent
Starting test: SysVolCheck
......................... JPTDC02 passed test SysVolCheck
Starting test: KccEvent
......................... JPTDC02 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... JPTDC02 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... JPTDC02 passed test MachineAccount
Starting test: NCSecDesc
......................... JPTDC02 passed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\JPTDC02\netlogon)
[JPTDC02] An net use or LsaPolicy operation failed with error 67, The network name cannot be found..
......................... JPTDC02 failed test NetLogons
Starting test: ObjectsReplicated
......................... JPTDC02 passed test ObjectsReplicated
Starting test: Replications
[Replications Check,JPTDC02] DsReplicaGetInfo(PENDING_OPS, NULL) failed, error 0x2105 "Replication access was denied."
......................... JPTDC02 failed test Replications
Starting test: RidManager
......................... JPTDC02 passed test RidManager
Starting test: Services
Could not open NTDS Service on JPTDC02, error 0x5 "Access is denied."
......................... JPTDC02 failed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x00000024
Time Generated: 03/25/2024 10:26:01
Event String:
The time service has not synchronized the system time for the last 7857 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients after 22847 seconds. The time service will continue to retry and sync time with its time sources. Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization. You can control the frequency of the time source rediscovery using ClockHoldoverPeriod W32time config setting. Modify the EventLogFlags W32time config setting if you wish to disable this message.
......................... JPTDC02 passed test SystemLog
Starting test: VerifyReferences
......................... JPTDC02 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : JPT
Starting test: CheckSDRefDom
......................... JPT passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... JPT passed test CrossRefValidation
Running enterprise tests on : JPT.local
Starting test: LocatorCheck
......................... JPT.local passed test LocatorCheck
Starting test: Intersite
......................... JPT.local passed test Intersite
JPTDC02 ~
$ netdom query fsmo
Schema master JPTDC02.JPT.local
Domain naming master JPTDC02.JPT.local
PDC JPTDC02.JPT.local
RID pool manager JPTDC02.JPT.local
Infrastructure master JPTDC02.JPT.local
The command completed successfully.
I see on the first DC, there's a complaint about user policy not being fully applied, so in an admin window, I ran "gpupdate /force", let it log me out, then logged back in again, and got the same error.
What do I need to do to make JPTDC02 the master, and demote and remove JPTDC01. I am happy to RTFM where it gives the steps I need to complete. JPTDC01 is old, and on its last legs - I have all the user data, so if worst came to worst, I could just start again from scratch.. but I don't want to have to reconnect all the machines to a new domain, and mess with having to migrate user profiles (if that's even possible anymore).
My group policy settings aren't that advanced, and I can lose them if I have to.
Any help is appreciated.
Ok.. I got a bit further in the absence of feedback after going around and around in google hit circles 🙂 ... I moved all the fsmo stuff back to the original DC and dug into the DFSR state.
Checking the original DC (the soon to be gone Server 2012 Essentials service), I found an event ID 2213 in the DFSR logs.
Once I followed the instructions in the error message (back up the files, re-initialise the synchronisation), DFSR advised it was "automatically" (ha!) reinitialising replication, and now I see state 4 (Normal) on the old and new DCs for the sysvol share.
Ok.. I got a bit further in the absence of feedback after going around and around in google hit circles 🙂 ... I moved all the fsmo stuff back to the original DC and dug into the DFSR state.
Checking the original DC (the soon to be gone Server 2012 Essentials service), I found an event ID 2213 in the DFSR logs.
Once I followed the instructions in the error message (back up the files, re-initialise the synchronisation), DFSR advised it was "automatically" (ha!) reinitialising replication, and now I see state 4 (Normal) on the old and new DCs for the sysvol share.
