I figure it's best if you have the "full-scope" of the issue than to only give bits and pieces here and there. With that being said...
I upgraded company xyz over the weekend from NT 4.0 Domain to W2K Domain.
NT 4.0 Domain structure
Server A - PDC - OS NT 4.0
Server B - member server - OS W2K
Server C - BDC (demoted from PDC prior to upgrade)
W2K Domain structure
Server A - FSMO
Server B - DC (via dcpromo)
When I attempted to dcpromo Server B after Upgrading Server A ran into errors - would not allow promo. Problem was caused by the domain name not being changed from xyz to xyz.com prior to running upgrade. Found MS Kb article that gave Registry hack to fix issue.
Problem now is - I can not manually synchronize the DC with Server A (via AD sites and services) - receive error: "Access is Denied". I can however add a user account on Server B and it will replicate to Server A.
Also of importance - on a client PC: If I attempt to add a domain user via Control Panel receive the following error: Trust relationship between the workstation and the primary domain failed. The workaround is to add a LMHOST file on the local PC and point it to ServerA.
On Server B event viewer reports:
Event ID: 16650 - SAM - allocator failed to initialize properly.
Event ID: 5774 - NETLOGON - Registration of DNS record '_kerberos_tcp.Default...dc_msdcs.twt.com ServerB.xyz.com' failed. DNS operation refused.
I ran netdiag /test:dsgetdc and recv'd
sysvol has not completely replicated. Machine not working as a DC.
ran dcdiag /test:replications and recv'd skipping all tests because ServerB is not responding to DS requests.
DNS appears to be working fine. Since environment is legacy - tested and confirmed WINS works.
I have researched/reviewed several articles regarding the issues we are experiencing but am unable to really nail down where the problem lies. All of the problems are pointing to a DNS issue but I'm not able to determine what/where is causing the issue. Servers and clients are able to resolve both forward and reverse lookups.
Any insight you might be able to give is appreciated.
I upgraded company xyz over the weekend from NT 4.0 Domain to W2K Domain.
NT 4.0 Domain structure
Server A - PDC - OS NT 4.0
Server B - member server - OS W2K
Server C - BDC (demoted from PDC prior to upgrade)
W2K Domain structure
Server A - FSMO
Server B - DC (via dcpromo)
When I attempted to dcpromo Server B after Upgrading Server A ran into errors - would not allow promo. Problem was caused by the domain name not being changed from xyz to xyz.com prior to running upgrade. Found MS Kb article that gave Registry hack to fix issue.
Problem now is - I can not manually synchronize the DC with Server A (via AD sites and services) - receive error: "Access is Denied". I can however add a user account on Server B and it will replicate to Server A.
Also of importance - on a client PC: If I attempt to add a domain user via Control Panel receive the following error: Trust relationship between the workstation and the primary domain failed. The workaround is to add a LMHOST file on the local PC and point it to ServerA.
On Server B event viewer reports:
Event ID: 16650 - SAM - allocator failed to initialize properly.
Event ID: 5774 - NETLOGON - Registration of DNS record '_kerberos_tcp.Default...dc_msdcs.twt.com ServerB.xyz.com' failed. DNS operation refused.
I ran netdiag /test:dsgetdc and recv'd
sysvol has not completely replicated. Machine not working as a DC.
ran dcdiag /test:replications and recv'd skipping all tests because ServerB is not responding to DS requests.
DNS appears to be working fine. Since environment is legacy - tested and confirmed WINS works.
I have researched/reviewed several articles regarding the issues we are experiencing but am unable to really nail down where the problem lies. All of the problems are pointing to a DNS issue but I'm not able to determine what/where is causing the issue. Servers and clients are able to resolve both forward and reverse lookups.
Any insight you might be able to give is appreciated.
