Adding a Server 2008 R2 Domain Controller at a remote site

Hello. I have been trying to set up a hot site at a remote location.  The story is long and involved but a few weeks ago it seemed to be finally working.  Our setup is two mirrored 2008 R2 servers at main site, mirrored with Double Take. 
The hot site is the same except that so far I only had one server working.  The two sites connected via site to site VPN.
About a week later our primary server basically crashed.  At first it worked but very slowly.  I was on vacation at the time and so I am not sure of the sequence of events, or exactly what errors were presented, but my associate first tried rebooting. 
It took over 20 minutes to boot and then it said something to the effect that no domain controllers were available (not sure about this message).  He then discovered that the server at the remote site had some fsmo roles assigned to it.  He transferred
the roles to the primary at the main site and then demoted the remote server to a workstation (but still a domain member).
After that, rebooting the primary was much faster and everything at the primary site is working again. Now I want to set the remote site up again, but avoid the problem.  The way I originally set up the remote server was to use an IFM file, generated
from our primary.  This should have made the remote server a catalog server, with DNS (which it did), but as far as I know should not have transferred any fsmo roles.
The remote server(s) are wanted to be in the same domain as the primary.  They will also be mirrored from the primary (with Double Take).  If we had total failure at the main site, we wish to be able to immediately begin operations at the hot site
(after a fail over).  I freely admit that I am swimming out of my depth here.  I am not sure that I have selected the correct architecture or used the correct options in setting up the remote servers.  I am looking for information about what
went wrong, and whether some other setup is more desirable.
Thanks for any help, Russ
Russ

Philippe, thank you for you answers.  I do not understand everything you said but I will address each point as best I can:
1. "In the remote site do you simply do a dcpromo / add the ADDS's role to make the server a active Domain Controller ?"  Yes, but I use the method described at
http://technet.microsoft.com/en-us/library/cc753720(v=ws.10).aspx, The GUI method.  At step #8 I specified to use advanced mode so I could use the IFM file.
2. "In your AD' Site and Service MMC, do you configured the remote site ?"  R do not know what you mean by this. How does one configure the site as 'remote'?
3. "Do you added that remote server as a Global catalogue ?".  Yes, when I built the IFM file I specified to add the global catalog.
4. "Do you added the PC in site 1, the IP of those DNS server in them ? (last of course) So the computer in the main site will talk to the remote server in case of a crash."  I am not sure I understand this item.  After the remote server
was added, all of the members of both domain servers automatically appeared in the DNS of all servers in the domain.  I do not recall if the new items were last, but I expect that they would be.
I have since reviewed the happenings with my associate and have a little more information.  The order of the problems and the actions taken are:
1. Our primary (production) system was still working but extremely slow, and he observed that the slowness was caused by a lot of traffic with the remote site.  Rebooting the production server took over 25 minutes and the server to came up saying
that domain information was not available.  After another 30 minutes or so he discovered that the domain data was now available and the server worked, but still slow.
2. He did not check to verify that roles were held by the remote server, but he transferred all roles from the remote to the production server using ntdsutil.  I would expect that if the role was not held by the remote, the transfer command would have
shown that fact.
3. He then tried to demote the remote server but had an error that it could not be demoted because "the active directory service is missing mandatory configuration information".
4. He forcefully demoted the remote server.
5. After rebooting the production server again performance was slightly better but still slow (and the rebood was still very slow).
6. After some research he removed the remote domain controller's meta data from the production server and then rebooted the production server again.
At that point reboot was fast (under 5 minutes) and the production system was working at normal speed again.
All of the above leads me to believe that somehow the FSMO roles got added to, or moved to the remote site when I used the IFM file to create the new domain controller.  However nothing I have read says that this should happen.  I hope someone
here can give me a better answer as to what caused the problem, as I do not wish to interrupt our production system like this again.
Thank you, Russ
PS: Sorry for the delay in getting back to this but some other priorities took me away from it for a week.
Russ

Similar Messages

  • Cannot generate Account Logon Events (Event ID 4624) in Security Event Log on Server 2008 R2 Domain Controller

    I have configured the Default Domain Controller's policy to log SUCCESS for Account Logon Events in the Server 2008 R2 Domain Controller, but these events are not logging in the Security Event log.
    Default Domain Controllers Policy
    Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policies/Audit Account Logon Events = Success.
    What tools can I use to troubleshoot this further? The results of "Auditpol.exe /get /category:*" are below.
    System audit policy
    Category/Subcategory                      Setting
    System
      Security System Extension               No Auditing
      System Integrity                        No Auditing
      IPsec Driver                            No Auditing
      Other System Events                     No Auditing
      Security State Change                   No Auditing
    Logon/Logoff
      Logon                                   No Auditing
      Logoff                                  No Auditing
      Account Lockout                         No Auditing
      IPsec Main Mode                         No Auditing
      IPsec Quick Mode                        No Auditing
      IPsec Extended Mode                     No Auditing
      Special Logon                           No Auditing
      Other Logon/Logoff Events               No Auditing
      Network Policy Server                   No Auditing
    Object Access
      File System                             No Auditing
      Registry                                No Auditing
      Kernel Object                           No Auditing
      SAM                                     No Auditing
      Certification Services                  No Auditing
      Application Generated                   No Auditing
      Handle Manipulation                     No Auditing
      File Share                              No Auditing
      Filtering Platform Packet Drop          No Auditing
      Filtering Platform Connection           No Auditing
      Other Object Access Events              No Auditing
      Detailed File Share                     No Auditing
    Privilege Use
      Sensitive Privilege Use                 No Auditing
      Non Sensitive Privilege Use             No Auditing
      Other Privilege Use Events              No Auditing
    Detailed Tracking
      Process Termination                     No Auditing
      DPAPI Activity                          No Auditing
      RPC Events                              No Auditing
      Process Creation                        No Auditing
    Policy Change
      Audit Policy Change                     No Auditing
      Authentication Policy Change            No Auditing
      Authorization Policy Change             No Auditing
      MPSSVC Rule-Level Policy Change         No Auditing
      Filtering Platform Policy Change        No Auditing
      Other Policy Change Events              No Auditing
    Account Management
      User Account Management                 No Auditing
      Computer Account Management             No Auditing
      Security Group Management               No Auditing
      Distribution Group Management           No Auditing
      Application Group Management            No Auditing
      Other Account Management Events         No Auditing
    DS Access
      Directory Service Changes               No Auditing
      Directory Service Replication           No Auditing
      Detailed Directory Service Replication  No Auditing
      Directory Service Access                No Auditing
    Account Logon
      Kerberos Service Ticket Operations      No Auditing
      Other Account Logon Events              No Auditing
      Kerberos Authentication Service         No Auditing
      Credential Validation                   Success

    Hi Lawrence,
    After configuring the GPO, did we run command gpupdate/force to update the policy immediately on domain controller? Besides, please run command gpresult/h c:\gpreport.html to check if the audit policy
    setting was applied successfully.
    TechNet Subscriber Support
    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.
    Best regards,
    Frank Shen

  • Windows Server 2008 R2 Domain Controller NOT logging EventID 4740

    EventID 4740 (account lockout) is not being logged to the event viewer. When searching through the security log there are none to be found. Having accounts locked out and no logging is driving me nuts. Hope someone has run into this before. This is what
    i have checked thus far.
    >Windows Server 2008 R2 Domain Controller
    >Verified the following GPO settings are set and correct:
    >Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\ all are set for Success & Failure
    >Computer Configuration\Windows Settings\Security Settings\Advanced Audit Configuration\Logon/Logoff) is set for Success and Failure
    >Powershell command Get-Eventlog -log Security -InstanceId 4740 returns no results which makes sense since there are no entries in the security log file.
    >No 4740 entries in the netlogon.log debug file
    AD and the LockoutStatus tool show the account is locked out but i still have nothing in the logs.
    Anyone have any ideas? From everything i can find online , it appears i have everything set properly.
    Thanks, Chico

    Hi Chico,
    I suggest you try to enable this group policy below:
    Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit account management
    More information for you:
    Missing 4740 EventID's
    http://social.technet.microsoft.com/Forums/windowsserver/en-US/c9871d72-7439-46b5-98e6-a7fadfa6ff28/missing-4740-eventids?forum=winserversecurity
    If you have multiple Domain Controllers, check this event on other DCs, too.
    Please feel free to let us know if there are any further requirements.
    Best Regards,
    Amy Wang

  • Upgrade Server 2008 Enterprise Domain Controller to Server 2012 Standard?

    Hey there,
    We are going to be attempting to upgrade several of our Windows Server 2008 Domain Controllers in our satellite offices from Windows Server 2008 Enterprise to Server 2012 Standard.  I know the inplace upgrade will work (tried it on a member server)
    but are there any caveats being that they are Domain Controllers?  Contacted Microsoft and they said we shouldn't have any issues upgrading, and there is nothing special that has to be done in preparation.  (I thought for sure we would have to DCPromo
    down before and dcpromo up after the upgrade, but not so much, according to MS)  But I figured I would check and see if anyone has done this successfully.  I should mention that we already have 2, Windows Server 2012 Domain Controllers in our environment,
    and one of them has the FSMO roles.  Thanks in advance!

    It should work with no problems. My favorite options remains always to demote the DC, re-install it completely and then promoting it again: This is just my own way to work as it makes me sure that I start with a clean base with the fresh install.
    This posting is provided AS IS with no warranties or guarantees , and confers no rights.
    Ahmed MALEK
    My Website Link
    My Linkedin Profile
    My MVP Profile

  • Best Practices for Setting up a Windows 2012 R2 STD Domain Controller in a Remote Site

    So I'm looking for an article or writeup similar to the "Adding Domain Controllers in Remote Sites" TechNet article but for Windows Server 2012 STD R2.  Here is my scenario:
    1.  I want to setup the domain controller at Site A where the primary domain controller is located.  The primary domain controller is Windows Server 2008 R2. 
    2.  Once the DC is setup I plan on leaving it on our network for a few days before shipping it to remote Site B for installation
    Other key items:
    1.  The remote Site B will have a different IP range than Site A but will be connected to Site A via a single VPN tunnel.  All the DCs that replicate with each other are on the same domain. 
    2.  The 2012 DC that I setup for Site B (same domain in same forest) will be a DHCP, DNS, and WSUS server all replicating to the primary DC at Site A
    Questions:
    1.  What items can I setup while it's at Site A without effecting or conflicting with the existing network and domain controller?  Can I setup a scope once the DHCP role is added? 
    2.  All of our DCs replicate through Sites and Services, do I have to manually add this to our primary DC for the new DC going to remote Site B?  Or when does this happen automatically when I promote the DC? 
    All and all I'm just looking for a list of Best Practices for 2012 or a Step by Step Guide.  Any help would be appreciated. 

    Hi,
    Thanks for your posting.
    When you install AD DS in the hub or staging site, disconnect the installed domain controller, and then ship the computer to the remote site, you are disconnecting a viable domain controller from the replication topology.
    For more and detail information, please refer to:
    Best Practices for Adding Domain Controllers in Remote Sites
    http://technet.microsoft.com/en-us/library/cc794962(v=ws.10).aspx
    Regards.
    Vivian Wang

  • Windows 2008 R2 Domain Controller (PDC) - NTP server - time showing local CMOS clock

    I'm having issues setting an external source on a Windows 2008 R2 domain controller (PDC emulator role for the domain)
    Here is the output showing its source is the Local CMOS clock.
    C:\Windows\System32>w32tm /query /status
    Leap Indicator: 0(no warning)
    Stratum: 1 (primary reference - syncd by radio clock)
    Precision: -6 (15.625ms per tick)
    Root Delay: 0.0000000s
    Root Dispersion: 10.0000000s
    ReferenceId: 0x4C4F434C (source name:  "LOCL")
    Last Successful Sync Time: 06/11/2014 15:44:15
    Source: Local CMOS Clock
    Poll Interval: 6 (64s)
    1) I have performed the following on the DC with the PDC role:
    net stop w32time
    w32tm /config /syncfromflags:manual /manualpeerlist:"0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org"
    w32tm /config /reliable:yes
    net start w32time
    w32tm /query /configuration 
    [Configuration]
    EventLogFlags: 2 (Local)
    AnnounceFlags: 5 (Local)
    TimeJumpAuditOffset: 28800 (Local)
    MinPollInterval: 6 (Local)
    MaxPollInterval: 10 (Local)
    MaxNegPhaseCorrection: 172800 (Local)
    MaxPosPhaseCorrection: 172800 (Local)
    MaxAllowedPhaseOffset: 300 (Local)
    FrequencyCorrectRate: 4 (Local)
    PollAdjustFactor: 5 (Local)
    LargePhaseOffset: 50000000 (Local)
    SpikeWatchPeriod: 900 (Local)
    LocalClockDispersion: 10 (Local)
    HoldPeriod: 5 (Local)
    PhaseCorrectRate: 7 (Local)
    UpdateInterval: 100 (Local)
    [TimeProviders]
    NtpClient (Local)
    DllName: C:\Windows\System32\w32time.DLL (Local)
    Enabled: 1 (Local)
    InputProvider: 1 (Local)
    AllowNonstandardModeCombinations: 1 (Local)
    ResolvePeerBackoffMinutes: 15 (Local)
    ResolvePeerBackoffMaxTimes: 7 (Local)
    CompatibilityFlags: 2147483648 (Local)
    EventLogFlags: 1 (Local)
    LargeSampleSkew: 3 (Local)
    SpecialPollInterval: 3600 (Local)
    Type: NTP (Local)
    NtpServer: 0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org (Local)
    NtpServer (Local)
    DllName: C:\Windows\System32\w32time.DLL (Local)
    Enabled: 1 (Local)
    InputProvider: 0 (Local)
    AllowNonstandardModeCombinations: 1 (Local)
    VMICTimeProvider (Local)
    DllName: C:\Windows\System32\vmictimeprovider.dll (Local)
    Enabled: 1 (Local)
    InputProvider: 1 (Local)
    But still showing the output:
    C:\Windows\System32>w32tm /query /status
    Leap Indicator: 0(no warning)
    Stratum: 1 (primary reference - syncd by radio clock)
    Precision: -6 (15.625ms per tick)
    Root Delay: 0.0000000s
    Root Dispersion: 10.0000000s
    ReferenceId: 0x4C4F434C (source name:  "LOCL")
    Last Successful Sync Time: 06/11/2014 15:58:45
    Source: Local CMOS Clock
    Poll Interval: 6 (64s)
    2. If I resync and rediscover the following error appears: 
    w32tm /resync /rediscover 
    Sending resync command to local computer
    The computer did not resync because no time data was available.
    3. I've also clearing the current time config, by
    net stop w32time
    w32tm /unregister
    w32tm /register
    net start w32time
    But no change, it still shows the Local CMOS clock. 
    4. This event is showing 
    Log Name:      System
    Source:        Microsoft-Windows-Time-Service
    Date:          06/11/2014 15:43:30
    Event ID:      12
    Task Category: None
    Level:         Warning
    Keywords:      
    User:          LOCAL SERVICE
    Computer:      domaincontroller1
    Description:
    Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source.
    It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy.
    If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-Time-Service" Guid="{06EDCFEB-0FD0-4E53-ACCA-A6F8BBF81BCB}" />
        <EventID>12</EventID>
        <Version>0</Version>
        <Level>3</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000000000</Keywords>
        <TimeCreated SystemTime="2014-11-06T15:43:30.465619200Z" />
        <EventRecordID>77295</EventRecordID>
        <Correlation />
        <Execution ProcessID="256" ThreadID="2056" />
        <Channel>System</Channel>
        <Computer>domaincontroller1</Computer>
        <Security UserID="SID" />
      </System>
      <EventData Name="TMP_EVENT_DOMAIN_HIERARCHY_ROOT">
      </EventData>
    </Event>
    5. If I perform the below it appears DC2 is having problems but I'm not sure if related. 
    C:\w32tm /monitor
    DC1.domain.local *** PDC ***[192.168.1.1:123]:
        ICMP: 0ms delay
        NTP: +0.0000000s offset from DC1.domain.local
            RefID: 'LOCL' [0x4C434F4C]
            Stratum: 1
    DC2.domain.local[192.168.1.2:123]:
        ICMP: 0ms delay
        NTP: -110.4925481s offset from DC1.domain.local
            RefID: (unspecified / unsynchronized) [0x00000000]
            Stratum: 0
    DC3.domain.local[192.168.2.1:123]:
        ICMP: 0ms delay
        NTP: -0.0256084s offset from DC1.domain.local
            RefID: DC1.domain.local [192.168.1.1]
            Stratum: 2
    DC4.domain.local[192.168.2.4:123]:
        ICMP: 0ms delay
        NTP: -0.0011524s offset from DC1.domain.local
            RefID: 80.84.77.86.rev.sfr.net [86.77.84.80]
            Stratum: 2
    Warning:
    Reverse name resolution is best effort. It may not be
    correct since RefID field in time packets differs across
    NTP implementations and may not be using IP addresses.
    Any help would be much appreciated. Thanks. 
    Craig Brand

    I suspected some issue with AV so uninstalled. 
    To resolve the Access Denied I followed these steps: 
    stop w32time
    w32tm /unregister
    reboot
    regsvr32 /u w32time.dll
    w32tm /register
    sc query w32time -- you should see that the service is set to
    shared mode -- this is presumably how it should be -- if you try to start right now, you'll get the expected 1290 SID-related error
    reboot
    w32time should now automatically start at boot up and be running -- that was my result -- it's running as shared, started on its own, and I can do the w32tm /query commands successfully
    After rebooting the time service started. 
    I then repeated the steps: 
    net stop w32time
    w32tm /config /syncfromflags:manual /manualpeerlist:"0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org"
    w32tm /config /reliable:yes
    net start w32time
    w32tm /query /configuration 
    And all worked. I'll wait a short while to see if this fixes the issue. I also have am SA case with MS so will confirm fix when resolved. 
    Craig Brand

  • Add Windows Server 2012 R2 domain controller to Windows 2008 R2 domain

    Hi,
    Have today 2 x Windows Server 2008 R2 domain controllers, and domain and functional level 2008 R2.
    We now want to replace these DC`s with Windows Server 2012 R2.
    My plan is as follow
    - Install and promote a Windows Server 2012 R2 as a 3 DC`s with a temporary hostname and IP as DC3
    - Install and promote a second Windows Server 2012 R2 as a 4 DC`s with a temporary hostname and IP as DC4
    - Decomiss DC1 and remove this host. Change the IP and hostname of the new DC3 to DC1
    - Move FSMO roles from DC2 to DC1 and decomiss DC2
    - Change the IP and hostname of the new DC4 to DC2
    Will this be a ok progress ? I will offcours to have the DC`s replicate information between them before doing each task.
    /Regards Andreas

    Hi,
    Only error i got running dcdiag was the following
     Starting test: NCSecDesc
        Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
           Replicating Directory Changes In Filtered Set
        access rights for the naming context:
        DC=ForestDnsZones,DC=domain,DC=local
        Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
           Replicating Directory Changes In Filtered Set
        access rights for the naming context:
        DC=DomainDnsZones,DC=domain,DC=local
        ......................... DC1 failed test NCSecDesc
    Is this a problem ?
    I would guess not since im not implementing a RODC ? Ref:
    https://support.microsoft.com/en-us/kb/967482?wa=wsignin1.0
    You can ignore it.
    This posting is provided AS IS with no warranties or guarantees , and confers no rights.
    Ahmed MALEK
    My Website Link
    My Linkedin Profile
    My MVP Profile

  • Unable to edit Default Domain policy on Server 2012 R2 domain controller

    Hello,
    I recently built a Server 2012 R2 domain controller and added it to my domain.  When trying to edit the default domain policy I get the following error:
    I can make edits to other GPO objects.  All the other domain controllers are Server 2008 and are able to edit that GPO.  The issue is on the Server 2012 box only.  I've checked the delegated permissions, I'm a domain admin, and have opened
    GPMC as administrator.  Does anyone know what I'm missing?  Thank you for your time.
    Tino

    Hi Tino,
    >>Could that be the problem?
    I don't think so, for we can still use FRS to replicate Sysvol. However, it is recommended that we use DFSR to replicate Sysvol if our domain
    function level is Windows Server 2008 or above.
    Besides, we can follow the suggestions from the following thread to check out which replication mechanism we are using.
    DFS-R on 2008 R2 by default?
    http://social.technet.microsoft.com/Forums/windowsserver/en-US/8f2042d3-193d-4414-b9da-cbcedc6a4c32/dfsr-on-2008-r2-by-default?forum=winserverDS
    If the Sysvol is replicated by FRS mechanism, as I suggested in the last reply, we can do a non-authoritative restore for the Sysvol on the new Windows
    Server 2012. This will restore the Sysvol from a healthy DC.
    To perform a nonauthoritative restore, stop the FRS service, configure the BurFlags registry key, and then restart the FRS service. To do so:
    1. Click Start, and then click Run.
    2. In the Open box, type cmd and then press ENTER.
    3. In the Command box, type net stop ntfrs.
    4. Click Start, and then click Run.
    5. In the Open box, type regedit and then press ENTER.
    6. Locate the following subkey in the registry:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup
    7. In the right pane, double-click BurFlags.
    8. In the Edit DWORD Value dialog box, type D2 and then click OK.
    9. Quit Registry Editor, and then switch to the Command box.
    10. In the Command box, type net start ntfrs.
    11. Quit the Command box.
    TechNet Subscriber Support
    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.
    Hope it helps.
    Best regards,
    Frank Shen

  • How to reset Windows 2008 R2 Domain Controller "Administrator" password?

    Hello Everyone,
    I have lost Administrator password for the following system:
    Windows 2008 R2
    Domain Controller setup on same machine
    Stand alone server - no workstations or other servers invovled
    I still have the "Directory Service Restore Password" but I don't think that helps me for lost Administrator password. I beleive I need to boot from an .iso file to gain access. I already tried "Offline NT Password & Registery Editor" and it has set
    Administrator password to (blank) but that is not allowing me access as it seems that I have to login to domain controller Administrator. So, how can I reset that password?
    Thanks

    It wasn't difficult to reset the domain password and I think Microsoft's policy of not providing an easy forward way is to create an
    illusion of security which is not there. Linux systems that are much more secure that MSFT software allow easy password reset when physical access is there so why not include the same tools in System Repair tools or using F8?
    Anyhow, this guide helped me reset the password in 5 minutes. Read the bottom of it to find the scripted / automatic version of the process:
    http://www.petri.co.il/reset_domain_admin_password_in_windows_server_2003_ad.htm
    Thanks,

  • Exchange 2007 RTM support with Windows Server 2012 R2 Domain Controller

    Hi All,
    I have not found any TechNet Article which states about the Windows Server 2012 R2 Active Directory domain controller operating system support with Exchange 2007 RTM, can some one please let me know that does Exchange 2007 RTM supports Windows Server 2012
    R2 domain controller operating system, we are in the process of upgrading the domain controllers to 2012 R2 but not the forest and domain functional level to 2012 R2.
    thanks
    If answer is helpful, please hit the green arrow on the left, or mark as answer. Salahuddin | Blogs:http://salahuddinkhatri.wordpress.com | MCITP Microsoft Lync

    There are several likely reasons for this.  The most significant is that Exchange 2007 RTM is no longer supported (outside ot extended support, which is not going to include adding support for new operating systems): 
    http://support2.microsoft.com/lifecycle/default.aspx?LN=en-us&p1=10926
    You'll note from the following -
    http://technet.microsoft.com/library/ff728623(v=exchg.150).aspx - that only Exchange 2007 SP3 is currently supported in any environment.
    HTH ...

  • Windows 7 or Windows Server 2008 R2 domain join displays error "Changing the Primary Domain DNS name of this computer to "" failed...."

    Hi,
    Windows 7 or Windows Server 2008 R2 domain join displays error "Changing the Primary Domain DNS name of this computer to "" failed...."
    DC:windows Server 2008 R2
    Domain functional level:Windows Server 2003
    When Winxp join domain, have no this error message.
    I checked http://support.microsoft.com/kb/2018583?wa=wsignin1.0 does't work.
    There have 3 suggestion in this article:
    1.The "Disable NetBIOS over TCP/IP" checkbox has been disabled in the IPv4 properties of the computer being joined.
    Doesnt's work.
    2.Connectivity over UDP port 137 is blocked between client and the helper DC servicing the join operation in the target domain.
    On my DC, I run netstat -an, reslut as below:
     UDP    192.168.20.3:137       *:*
    3.The TCP/IPv4 protocol has been disabled so that the client being joined or the DC in the destination domain targeted by the LDAP BIND is running TCP/IPv6 only.
    We are not using IPV6.
    This server recently updated from Windows Server 2003 to Windows Server 2008 R2. Before upgrade, when Win7 and Win2008 join this domain, also have the same error message.
    Please help to check this issue.
    Thank you very much.
    BR
    Guo YingHui 

    Hi Guo Ying,
    I have faced this critical error which makes over-writes the host names in the domain when you join.
    For example: Already you had a host name called as PC.domain.com in the domain.com Domain.
    When you try to add the another host name called as PC in the domain.com Domain, it doesn't give you the duplicate name error on the network it does over-write the existing host name called as PC.domain.com & it will add the new host name into the domain.
    Host name which got over-written will get removed from the domain. I faced this issue in my project. My DPM host name got removed from the Domain & new host name got joined into the domain which halted my backups for one day.
    Final Resolution is as follows:
    You need to start the dns console on the DC & drop down the domain name.
    Select the _msdcs when you click on _msdcs it will show the Name Server's list on the right hand side.
    You need to add the Domain Naming Master under the _msdcs or add all the domain controllers which you had.
    After you add the Name server's try joining the PC OR Laptop to the domain which is successfully joins it.
    Regards
    Anand S
    Thanks & Regards Anand Sunka MCSA+CCNA+MCTS

  • Group Chat feature in Office Communications Server 2007 R2 does not work in Windows Server 2008 R2 domains

       Hello to all, there are two confliting articles about this topic:
       1-
    http://technet.microsoft.com/en-us/library/upgrade-domain-controllers-to-windows-server-2008-r2(v=ws.10).aspx#BKMK_Whatsnew : this one says that it does not work "The Group Chat feature in Office Communications Server 2007 R2 does not work in Windows
    Server 2008 R2 domains". This article was updated in 2013.
       2-
    http://technet.microsoft.com/en-us/library/ee692314(office.13).aspx: this other article says that it will function "Office Communications Server 2007 R2 Group Chat will function in a Windows Server 2008 R2 forest". This article was updated in
    2010 and was refered by the first one.
       What is the correct support position for Group Chat feature in Office Communications Server 2007 R2 and Windows Server 2008 R2 domains?
       Regards, EEOC.

    Hi,
    I notice the following sentence in the link below “Office Communications Server 2007 R2, Group Chat will not function in a Windows Server 2008 R2 forest or when Group Chat member servers are joined to a Windows Server 2008 R2 domain.
    We know of an issue with changes in Windows 2008 R2 that requires a Group Chat Client and Group Chat Admin Tools hotfix. The Group Chat Client and Group Chat Admin Tools hotfixes are currently scheduled for mid-April 2010.”
    http://blogs.technet.com/b/nexthop/archive/2010/11/06/supportability-for-office-communications-server-2007-r2-and-windows-server-2008-r2.aspx
    So in my opinion, if you update to the latest version of Windows Server 2008 R2, OCS Server 2007 R2 and Group Chat Client, Group Chat Admin Tools to the latest version, it should work.
    However, the best method for you is make a lab to test the problem firstly.
    Best Regards,
    Eason Huang
    Eason Huang
    TechNet Community Support

  • 10.5.7 server as primary domain controller

    Setting up a 10.5.7 server -
    Server is setup as a open directory master, I want it also to be a primary domain controller (smb).
    But when I try to change it from Standalone Server to primary domain controller, using my directory admin user id and password, it just reverts back to standalone server. tried it with smb running and not running.
    Any ideas ?

    Having the same issue with Leopard Server 10.5.8.
    SMB was previously set up as a "Domain Member" and now I want to make it a "Primary Domain Controller".
    After reboot, the Role always reverts back to "Domain Member".
    Any ideas?

  • Biztalk 2013 R2 with Windows Server 2003 R2 Domain Controller

    Hello, I have a client right who has a Windows Server 2003 R2 domain controller with active directory installed. Is there any reason why I can't install Biztalk 2013 on a Windows Server 2012 R2 box and add it to that farm to use active directory?
    Thanks in advance,
    -Adam

    BizTalk Server is only going to use the User Groups created in Domain Controller so ideally i don't think there will be any compatibility issue. Also there isn't any microsoft article which talks about BizTalk compatibility with respect to domain controller.
    You will have to create all the Windows Groups and User Accounts in AD, before BizTalk Server configuration.
    Windows Groups and User Accounts in BizTalk Server
    Thanks,
    Prashant
    Please mark this post accordingly if it answers your query or is helpful.

  • Exchange Server 2013 and Domain Controller

    Hello,
    I am planning to install domain controller and exchange server 2013 in same server hardware. Is that not recommended? If not, why is it no recommended?
    Thank you in advance,

    thanks for such a quick response.
    Just a small question about the link that you put. Does member server mean other server other than domain controller?
    Regards,
    Yes, Also the server on which you are installing Exchange should have exchange installed.
    Cheers,
    Gulab Prasad
    Technology Consultant
    Blog:
    http://www.exchangeranger.com    Twitter:
      LinkedIn:
       Check out CodeTwo’s tools for Exchange admins
    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

Maybe you are looking for

  • How to Assignment between Material and Account Assignment Group

    Hi, When we are creating a sales order with material ABCD, then in material line item -->under Billing Document Tab --> in Accounting screen, there is field Acct asgnmt grp (Account Assignment Group). From where we can assign between Material and Acc

  • Solaris 8 4/01 Intel Instalation/Boot Problems

    I am TRYING to install the Solaris 8 for Intel and i am having several problems. I managed to solve some of them but now i am stuck. I am running a PII with a an Adapetc 2940 and a scsi disk. I am using interactive instalation one software cd 1. I am

  • CRM-- XI-- Webservice

    Hi Gurus, We have a scenario where we need to change or update the customer details from CRM and the same data is changed in the legacy system.  To achieve this we have pre-existing webservices at the receiver side which will update the legacy system

  • New Applicaion(Dialog) Server Installation

    Hi, I am trying to install a new dialog instance on Windows Server 2003 Enterprise x64 Edition Service Pack 2. Our present scenario is as follow : a.Our CI and DB on separate AIX system. b.Our existing Dialog instances on win32. c.Our new dialog inst

  • Trying to load Designjet 111 Driver from CD

    I'm being asked to pick the 'best match' & the file is dsgi111.inf. The only difference is that the files are in different folders \1034\  or \1033\ or \1031\ or \1028\ etc. I suspect that these are for different languages but I do not know what the