Robert Rutherford wrote:
Hi,
It does sound like our old pal DNS.
If you run a dcdiag and netdiag, do they both run clean? If not then
please post the results.
Both clean. Every test I can think of comes up clean. The only real
symtom was in the orginal message - lack of admin access to the w2k3 DCs
from the w2k DC. Checking the event log on the w2k3 DC I see the
computer and user log in and out successfully. Just something denying
access.
If all is clean and it's a test environment then pull it and clean it up
with ntdsutil et al.
Sounds like a fun way to spend the morning. :-)
al
If it's a new situation then just replicate and see if you still have
the issue. I have always found a couple of hours helps many ills.
BR
Rob
Robert Rutherford
QuoStar Solutions Limited
The Enterprise Pavilion
Fern Barrow
Wallisdown
Poole
Dorset
BH12 5HH
T: +44 (0) 8456 440 331
F: +44 (0) 8456 440 332
M: +44 (0) 7974 249 494
E: [EMAIL PROTECTED]
W: www.quostar.com
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Al Lilianstrom
Sent: 19 June 2006 20:52
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Problem removing last w2k DC from a w2k3 domain
I've in the process of upgrading my test domain (empty root and 1 child)
to w2k3 R2 based DCs and (thanks to help from the friendly folks here)
am just about done. I have one last w2k dc left to remove. It doesn't
want to go peacefully.
I moved the FSMO roles off and the next day tried to dcpromo it down to
a simple server. I get
Managing the network session with FBDC1.fnal.gov failed
"Access is denied. "
dcpromoui t:0x848 00479 Exit State::GetFailureMessage The
operation failed because:
Managing the network session with FBDC1.fnal.gov failed
A quick check shows that I can't get to the admin shares of my new w2k3
dc/FSMO role holder from the w2k dc. I can get to the admin shares of
the other simple servers but not either of the 2 DCs. Other systems can
access the admin shares via the domain admin account I'm using on the
w2k DC.
I've been searching and have found people having a similar problem when
promoting a w2k machine to be a DC but not when demoting. I've tried a
number of the things that were suggested in those articles and they have
had no affect.
There is no firewall in the way. AD replication and FRS work.
Any ideas before I rip it out?
al
--
Al Lilianstrom
CD/CSS/CSI
[EMAIL PROTECTED]
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
