Impact of Domain Controllers changes on Cisco Unity Ver 7.0(2.0) and UCCX ver ver 7.0(2) and CUCM ver 7.1.5.34900-7

Hi
Can someone please advise me about the following question
We are using CUCM ver 7.1.5 , Cisco Unity ver 7.0(2.0) and UCCX ver 7.0(2)
we already have a plan to upgrade them all to the latest versions but in the mean time a need came that we have to upgrade the domain controllers
as follows
Upgrade from Windows 2003 to Windows 2008
Domain Controller host names will change, however replacement servers will assume the IP of the old server as they are brought online.
Similarly, once the Domain Controllers have been upgraded, the existing Certificate Authority will also be moved from Windows 2003 to Windows 2008.
My question will be what will be the impact of this change to the above applications we are using in production
Thank you for your feedback and comments
Abdul

if it is possible email me your feed back to my email as below
[email protected]
thank you

Similar Messages

What action required for Cisco Unity 8 if i am migrating Active Directory Forest

HI
Currently we have running cisco unity 8.0 in our environment. Now we are planing to change our domain name ( i.e from abc.com to xyz.com ) for that change what is the procedure to change the Cisco Unity Server domain name. We need to do anything on cisco unity software or just we neeed to change the domain name of the appliance.
Please share your ideas.
Thanks

Renaming a Cisco Unity 8.x Server or Moving a Cisco Unity 8.x Server to Another Domain
http://www.cisco.com/en/US/docs/voice_ip_comm/unity/8x/upgrade/guide/8xcurug080.html
HTH
java
if this helps, please rate
www.cisco.com/go/pdihelpdesk

Unity/Domino Domain Name Change

I have a Unity server integrated with a Domino message store. We are changing our domain name. The cisco documentation I have found says that you have to rebuild Unity when moving to a new domain. We aren't moving to a new domain just changing the name. Credentials, SID's, QID's are all staying the same we are just changing the domain name. Does anyone know if I will have to rebuild unity given this change or can I simply change the domain name on the unity box?
Thank you in advance!

Java is correct here. I understand that your reaction may be that you can rename a domain and then just reboot member computers twice for the changes to take effect; however, Unity is not a standard member computer. The AD information is not just membership info for the server but part of data that is propagated into SQL and etc. So, you will need to rebuild because essentially this, to Unity, is the same as moving the server to a new domain. You can use the following guide to step thru the process:
http://www.cisco.com/en/US/docs/voice_ip_comm/unity/5x/upgrade/guide/ex/5xcuruge080.html
The key is to make sure you get a DiRT backup and then rebuild to the exact same version of Unity including ES, patches, etc. Then you'll be able to complete the procedures and restore the system via DiRT restore.
Hailey
Please rate helpful posts!

Audit/Log GPO changes and Logging of new addition of Domain Controllers in the Event Log

Hi all,
We am trying to log the following items in the event log for Windows 2012. This applies to a domain controller.
1) Audit any changes made to the Group Policy
2) Log the addition of new domain controllers added to the system.
We need the windows event log to record the above events for security purposes. Can anyone advise if this is doable? If yes what are the steps.
Thank you

Hi,
>>1) Audit any changes made to the Group Policy
We can enable audit for directory service object access and configure specific SACL for group policy files to do this.
Regarding how to step-to-step guide for auditing changes of group policy, the following two blogs can be referred to for more information.
Monitoring Group Policy Changes with Windows Auditing
http://blogs.msdn.com/b/ericfitz/archive/2005/08/04/447951.aspx
Auditing Group Policy changes
http://blogs.msdn.com/b/canberrapfe/archive/2012/05/02/auditing-group-policy-changes.aspx
>>2) Log the addition of new domain controllers added to the system.
Based on my knowledge, when a server is successfully promoted to be domain controller, event ID 29223 will be logged in the System log.
Regarding this point, the following thread can be referred to for more information.
Is an Event ID for a completed Domain Controller promotion logged on the PDC?
https://social.technet.microsoft.com/Forums/windowsserver/en-US/11b18816-7db0-49e2-9a65-3de0e7a9645e/is-an-event-id-for-a-completed-domain-controller-promotion-logged-on-the-pdc?forum=winserverDS
Best regards,
Frank Shen

How to safely change the domain controllers that Exchange use from Out-Of-Site into the In-Site ?

Hi Folks,
I'd like to know what's the best way to edit the Exchange Server 2007 entry
In-Site entries and removing the entries from Out-Of-Site safely without causing any downtime or problem with the workstations ?
From the MSExchange ADAccess Event ID 2080, I can see that the Domain Controllers that is currently used by Exchange Servers is all on the
In-Site lists which I need to decommission due to office building migration and downsizing, the workstations remain in the same building only the servers must go.
Current configuration:
Exchange Servers AD Site: HQ1 (for all roles)
Workstations AD Site: HQ1
Proposed configuration:
Exchange Servers AD Site: Prod-DC1 (for all roles)
Workstations AD Site: HQ1
Thanks.
/* Server Support Specialist */

Hi,
Steve's clarification is right.
From your description, you want to change the DC used by Exchange server. If I have misunderstood your concern, please let me know.
Please make sure the following things before setting the DC for Exchange:
1. New DC has its own IP in its TCP/IP as primary DNS server.
2. New DC is global catalog.
3. New DC has correct DNS settings in the MSDC folder.
4. Restart the Exchange active directory topology discovery service and watch the event viewer, there should be an event that discover both domain controllers. If this happens, then turn off the old DC.
Besides, topology information will remain in the system attendant service for 15 min, so the time to switch to the new one is about 15 minutes.
Hope my clarification is helpful.
Best regards,
If you have feedback for TechNet Subscriber Support, contact
[email protected]
Amy Wang
TechNet Community Support
Amy,
The Exchange Server has been rebooted couple of times but yes, all of the In-Site AD servers are still on not rebooted yet.
So in this case do you suggest me to demote the oldDC and turn off all of the In-Site DC/GC first and then reboot Exchange Server after wards one by one ?
/* Server Support Specialist */

How to change the TCP session limit for Domain Controllers in TMG2010

I've many errors in TMG2010, that relates with too many TCP sessions, that are generated from my two domain controllers.
how can i change since settings?
Regards!
Lasandro Lopez

Hi,
create flood mitigation exceptions for the domain controllers:
http://technet.microsoft.com/en-us/library/dd441028.aspx
regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.galileocomputing.de/3276?GPP=MarcGrote

Cisco Unity Express 8.6.6 Voice Mail not deleting when e-mail with attachment deleted

I have a Cisco Unity Communications Manager rel 9.1.2 that supports a remote location with a Unity Express rel 8.6.6 voice mail service module in the voice gateway to insure if WAN goes down the location still has voice mail. We have Voice Mail to E-Mail working. The problem is that when the e-mail with the voice mail is deleted the message stays in the Unity Express Voice Mail Box. All of our local users on the same Call Manager Cluster using a local Unity Connection Cluster rel 9.1.2 have the voicemails deleted when the e-mail is deleted.
How can I resolve this issue?

Found another post that referenced Cisco Bug ID CSCti37610.
CUC plays message is from Unity Connection Messaging system
Symptom:Before message playback, Unity Connection plays the message is from Unity Connection Messaging System instead sender's ANI
Conditions:Problem was observed on Unity Connection cluster and appropriate services are not rebooted after changing the SMTP domain name
Workaround:
Restart the Unity Connection servers
It should have been fixed in 8.5 but we did change the SMTP domain name on 8.6 and now see the problem. Will schedule a reboot and see if the issue goes away.

Cisco Unity Connection 8.6 not getting CLID information from CUCM 8.6

Hello,
Currently Running:
Cisco Unified Communications Manager 8.6.2
Cisco Unity Connection 8.6.2
Problem:
when any outside caller leaves a voicemail, the caller number information is not being sent to unity.
example, I call with my cell phone, 817.555.1234 to my Cisco 7940 phone and it shows the CLID information that i am calling with. iDivert to voice mail, Leave a message. Playback message and just the default message information from Cisco Unity.
we currently upgraded from CUCM 6.1.3 and Unity 5. before i could press 9 and get the caller information.
I have viewed the "Playback Message Settings" and selected "After Playing Each Message, Play" and selected Sender's Information. and also selected "Include Extension and Sender's ANI"
upon playing the VoiceMail after the message i get the default message "From Cisco Unity Connection Messaging System"
I also have the message relaying to my E-mail and I get the same in the subject line.
"Message from Cisco Unity Connection Messaging System (Unknown extension)"
This tends to be a big deal with the Sales team as customers will call and say "Call me back"
But any Internal Calls show the correct information, proper greeting, extension information even on the relay to e-mail.
Any help will be appreciated.
Thanks
Tim

Found another post that referenced Cisco Bug ID CSCti37610.
CUC plays message is from Unity Connection Messaging system
Symptom:Before message playback, Unity Connection plays the message is from Unity Connection Messaging System instead sender's ANI
Conditions:Problem was observed on Unity Connection cluster and appropriate services are not rebooted after changing the SMTP domain name
Workaround:
Restart the Unity Connection servers
It should have been fixed in 8.5 but we did change the SMTP domain name on 8.6 and now see the problem. Will schedule a reboot and see if the issue goes away.

Disabling IPv6 on 2008R2 Domain Controllers... Best Practice?

At the end of last year I had a call with Microsoft Support in which I spoke with a member of the Directory Services team regarding an issue. The issue was resolved with no further problems, but while conversing with the Technical Support Engineer
I queried him on another issue regarding a second copy of our DNS zone in Active Directory. He looked at it (remoted in via RDP) then looked at my NIC properties and stated that the reason it happened is because we are running IPv6 on our DCs.
I told him we do that on all our servers. (leave IPv6 enabled.) He then stated that we should not do that, expanding by saying that "Microsoft is in the process of rewriting documentation as IPv6 is no longer supported on Domain Controllers."
Needless to say I could not believe this. I told him how Exchange on an SBS server cannot have IPv6 disabled as the server will stop booting, but he was very adamant about it; he even put me on hold for 10 minutes then came back saying he confirmed
that this is the case and spoke with the "Documentation Team" and the new Best Practices would be released within the next month. In the meantime he recommended I disable IPv6 on all my DCs. (I work in Consulting so that's a lot of DCs at various different
business entities.)
I didn't believe him then, and I don't believe him now. Reviewing the FAQ linked through http://support.microsoft.com/kb/929852 Says that Microsoft does not recommend disabling IPv6. Of course no documentation ever came out, nor have I
found anything to agree with his statements. (we solved the duplicate partition issue ourselves.)
I just wanted to post here and see if anyone else has heard of this, maybe I'm the one not up and up on my info. Has or does Microsoft plan on reversing course on the new IPv6 technology that 2008 and up are built on? I would think that quite
preposterous!
Thanks,
Christopher Long
Science is a way of thinking much more than it is a body of knowledge. -- Carl Sagan

There are cases where you DO WANT to disable IPv6 on a domain controller.
Example: you have an IPV4 network and do not have IPV6 deployed. In this case if you are not using IPv6 but leave it enabled than Windows will assign itself an IPv6 at random via the APIPA process. That IP address can and does change when you reboot the
server.... So I bet you see the problem here.
If you build a domain controller with IPv6 enabled - it will register it's IPV6 address in DNS as offering AD services. Then when you reboot that domain controller and that address changes - BOOM. AD comes crashing down. AD relies heavily on DNS. Windows
thinks it's smarter than you and registers it's IPv6 address obtained via APIPA in DNS. Now that's a problem. Particularly because Win Server 2008+ prefer IPV6 over IPV4 networks. So communication can blow up even if a valid IPv4 network is available.
So yes - there are instances where you do want to - in fact need to - disable IPv6 on domain controllers. Microsoft's documentation does not reflect this but it should. At a minimum if they want you to leave it on they should at least remind you to set a
static IPv6 address if you're running an IPv4 network.
(ask me how I know all this over a beer some time)
I opted to just disable it. Despite MS's documentation warning of the contrary - I've seen no adverse impacts. Exchange, Sharepoint, AD, etc. all humm along fine.

Running Best Practice Analyzer on remote 2008 R2 domain controllers

Hello Powershell World,
I'll start out by first mentioning that I am a powershell rookie so I gladly welcome any input to help me improve or work more efficiently. Anyway, I recently used powershell to run the best practice analyzer for DNS on all of our domain controllers.
The way I went about was pretty tedious and inefficient but still got the job done through a series of one-liners and exported the report to a UNC path as follows:
Enable-PSremoting -Force (I logged into all of the domain controllers individually and ran this before running the one-liners below from my workstation)
New-PSSession -Name <Session Name> -ComputerName <Hostname>
Enter-PSSession -Name <Session Name>
Import-Module bestpractices
Invoke-BPAModel Microsoft/Windows/DNSServer
Get-BPAResult Microsoft/Windows/DNSServer | Select ModelId,Severity,Category,Title,Problem,Impact,Resolution,Compliance,Help | Sort Category | Export-CSV \\server\share\BPA_DNS_SERVERNAME.csv
I'm looking to do this again but for the Directory Services best practice analyzer without having to individually enable remoting on the domain controllers and also provide a lsit of servers for the script to run against.
Thanks in advance for all your help!

What do you mean by "without having to individually enable remoting "?
You cannot remote without enabling remoting. You only need to enable remoting once. It is a configuraiton change. If you have done it once you do not need to do it again.
Here is how to runfrom a list of DCs.
$sb={
Import-Module bestpractices
Invoke-BPAModel Microsoft/Windows/DNSServer
Get-BPAResult Microsoft/Windows/DNSServer |
Select ModelId,Severity,Category,Title,Problem,Impact,Resolution,Compliance,Help |
Sort Category |
Export-CSV "\\server\share\BPA_DNS_$env:COMPUTERNAME.csv"
Invoke-BPAModel Microsoft/Windows/DirectoryServices
# etc...
ForEach($dc in $listofDCs){
Invoke-Command -ScriptBlock $sb -Computer $dc
¯\_(ツ)_/¯

Unable to create a notification for a group (Cisco Unity Express 3.2)

There is Cisco ISR 2821 with CME 7.1 and Cisco Unity Express 3.2.
I am trying to create notifications for a group named AAA in CUE.
I do following (GUI):
1. Go to Configure -> Groups
2. Click on the group name AAA.
3. In Group Profile window 'Enable notification for this user/group' option is enabled.
4. Go to Mailbox tab. There is an associated mailbox with ticks against Enabled and Fax Enabled.
5. Go to Notification tab and see the warning:
No Notification Devices found for User/Group
Also, there are another several groups on this system and I am able to turn notification on for them. These groups have the same owners and members that AAA has. Moreover, if I create a new group and set it up absolutely the same as AAA, I can turn notifications on for it.
The problem in this way is that we have our custom greetings and after I created a new group, for example BBB, with the same settings (as AAA, inluding Primary Extansion and Primary E.164 Number) and remove these numbers from AAA, then it works and users would receive notification about new voice messages. BUT, when I call BBB I listen to standart Cisco greeting promts.
I don't undestand why it happens, because all these greetings are determined in Voicemail -> Auto Attendant section and I did not any changes here at all.
How can I fix this 'notification' problem?
Thanks.

Process with success:
unzip the packet in: C:\APEX
1. Install:
@apexins SYSAUX SYSAUX TEMP /i/
2. Change to password:
@apxchpwd,
3. Run apex_epg_config.sql
On windows:
@apex_epg_config.sql (page 30, the guide of intallation)
Important:Replace SYSTEM_DRIVE:\TEMP by C:
E.g.: @apex_epg_config C:
After this, follow the next steps
4. ALTER USER ANONYMOUS ACCOUNT UNLOCK;
Finish! Just execute apxldimg.sql script if you is upgrading from a preview release.
Now try the connect on the browser IE6 o later:
http://localhost:8080/apex/apex_admin
Then create your workspace.
Edited by: [email protected] on 10/03/2009 11:59

Blue Screen on Domain controllers after Updates

After patching our Domain controllers (virtual on ESXi 5.5 U2) recently we started getting Blue screens and reboots. Other changes in our environment around this time include enabling vshield drivers and scanning with Trend Micro. I have removed patches
from April but cannot remove Patch KB3020370 - there is no uninstall button. The error still persists, I have removed the Vshield driver and am waiting to see if the issue reoccurs. Can anyone assist in interpreting the details below? Also is it possible to
remove the patch KB3020370? This only appeart to affect Domain Controllers, regular servers appear unaffected.
Thanks
Below is the BugCheck event.
The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007f (0x0000000000000008, 0x0000000080050031, 0x00000000000406f8, 0xfffff800018c0e14). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042915-21762-01.
And output from the debug tool.
Microsoft (R) Windows Debugger Version 6.3.9600.17237 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [c:\MiniDump\042815-21762-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Error: Attempts to access 'c:\windows\i386' failed: 0x2 - The system cannot find the file specified.
************* Symbol Path validation summary **************
Response Time (ms) Location
Error c:\windows\i386
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: c:\windows\i386
Windows 7 Kernel Version 7601 (Service Pack 1) UP Free x64
Product: LanManNt, suite: TerminalServer SingleUserTS
Built by: 7601.18798.amd64fre.win7sp1_gdr.150316-1654
Machine Name:
Kernel base = 0xfffff800`0185e000 PsLoadedModuleList = 0xfffff800`01aa3890
Debug session time: Tue Apr 28 13:20:34.290 2015 (UTC + 1:00)
System Uptime: 0 days 0:27:28.954
Loading Kernel Symbols
Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.
Loading User Symbols
Loading unloaded module list
* Bugcheck Analysis *
Use !analyze -v to get detailed debugging information.
BugCheck 7F, {8, 80050031, 406f8, fffff800018d4e14}
Probably caused by : ntkrnlmp.exe ( nt!KiDoubleFaultAbort+b2 )
Followup: MachineOwner
kd> !analyze -v
* Bugcheck Analysis *
UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: 0000000080050031
Arg3: 00000000000406f8
Arg4: fffff800018d4e14
Debugging Details:
BUGCHECK_STR: 0x7f_8
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT_SERVER
PROCESS_NAME: System
CURRENT_IRQL: 0
ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) amd64fre
LAST_CONTROL_TRANSFER: from fffff800018cffe9 to fffff800018d0a40
STACK_TEXT:
fffff800`01620d28 fffff800`018cffe9 : 00000000`0000007f 00000000`00000008 00000000`80050031 00000000`000406f8 : nt!KeBugCheckEx
fffff800`01620d30 fffff800`018ce4b2 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff800`01620e70 fffff800`018d4e14 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb2
fffff880`0276e000 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopfCompleteRequest+0x4
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiDoubleFaultAbort+b2
fffff800`018ce4b2 90 nop
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!KiDoubleFaultAbort+b2
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 5507a73c
IMAGE_VERSION: 6.1.7601.18798
FAILURE_BUCKET_ID: X64_0x7f_8_nt!KiDoubleFaultAbort+b2
BUCKET_ID: X64_0x7f_8_nt!KiDoubleFaultAbort+b2
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_0x7f_8_nt!kidoublefaultabort+b2
FAILURE_ID_HASH: {0367acc4-9bb4-ab69-5701-46a2011718e9}
Followup: MachineOwner

Hi,
Dump file displays：
BugCheck 7F, {8, 80050031, 406f8, fffff800018d4e14} and Probably caused by : ntkrnlmp.exe ( nt!KiDoubleFaultAbort+b2 ).
Bug check 0x7F typically occurs after you install a faulty or mismatched hardware (especially memory) or if installed hardware fails.
A double fault can occur when the kernel stack overflows. This overflow occurs if multiple drivers are attached to the same stack. For example, if two file system filter drivers are attached to the same stack and then the file system recurses back in, the stack
overflows.
You may reference the link below for detailed resolution about this problem:
https://msdn.microsoft.com/en-us/library/windows/hardware/ff559244(v=vs.85).aspx
Besides, you may try to restore the server to the state before installing these Windows Update.
Best Regards,
Eve Wang
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

Upgrade to Server 2012 R2 domain controllers from 2003

I am at a loss as to what I did wrong here. Everything seems to be working fine except for one subnet (which is behind a hardware firewall).
We had two Server 2003 domain controllers and one of them was failing. I raised the forest functional level of our old primary domain controllers to 2003. I built the first replacement Server 2012 R2 domain controller. Added the AD DS roles
and promoted it as a domain controller. I let it sit for a couple days. The FSMO roles were currently being handled by our other 2003 domain controller. Once this had been sitting for a while (don't recall how long) I ran dcpromo on the failing
server and demoted it. Once demoted I shut it down and pulled it out of the rack. I then built our second 2012 R2 server and gave it the same IP as the failing one. Installed the AD DS roles and integrated DNS as prompted by the wizard.
I then made it the operations master for Schema master, Domain naming master, PDC, RID pool manager, and Infrastructure master. Then I ran dcpromo on the second 2003 domain controller to demote it and removed it from the network. I then demoted
the first new controller (DC03) changed the hostname and IP to the name and IP of the second 2003 controller and promoted it again. I'm not sure at what point things broke, but everything works from the same subnet that the domain controllers are in,
just not a second subnet that is through a hardware firewall. I don't see anything getting blocked while watching firewall logs so I don't think the firewall is the issue.
Here is the dcdiag and ipconfig from the first controller (which has all 5 FSMO roles).
Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.
C:\Users\username>dcdiag /v /test:dns
Directory Server Diagnosis
Performing initial setup:
   Trying to find home server...
   * Verifying that the local machine WGDDC01, is a Directory Server.
   Home Server = WGDDC01
   * Connecting to directory service on server WGDDC01.
   * Identified AD Forest.
   Collecting AD specific global data
   * Collecting site info.
   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=wgd,DC=inet,LD
AP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded
   Iterating through the sites
   Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name
,CN=Sites,CN=Configuration,DC=wgd,DC=inet
   Getting ISTG and options for the site
   * Identifying all servers.
   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=wgd,DC=inet,LD
AP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers
   Getting information for the server CN=NTDS Settings,CN=WGDDC01,CN=Servers,CN=
Default-First-Site-Name,CN=Sites,CN=Configuration,DC=wgd,DC=inet
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=WGDDC02,CN=Servers,CN=
Default-First-Site-Name,CN=Sites,CN=Configuration,DC=wgd,DC=inet
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   * Identifying all NC cross-refs.
   * Found 2 DC(s). Testing 1 of them.
   Done gathering initial info.
Doing initial required tests
   Testing server: Default-First-Site-Name\WGDDC01
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         Determining IP4 connectivity
         * Active Directory RPC Services Check
         ......................... WGDDC01 passed test Connectivity
Doing primary tests
   Testing server: Default-First-Site-Name\WGDDC01
      Test omitted by user request: Advertising
      Test omitted by user request: CheckSecurityError
      Test omitted by user request: CutoffServers
      Test omitted by user request: FrsEvent
      Test omitted by user request: DFSREvent
      Test omitted by user request: SysVolCheck
      Test omitted by user request: KccEvent
      Test omitted by user request: KnowsOfRoleHolders
      Test omitted by user request: MachineAccount
      Test omitted by user request: NCSecDesc
      Test omitted by user request: NetLogons
      Test omitted by user request: ObjectsReplicated
      Test omitted by user request: OutboundSecureChannels
      Test omitted by user request: Replications
      Test omitted by user request: RidManager
      Test omitted by user request: Services
      Test omitted by user request: SystemLog
      Test omitted by user request: Topology
      Test omitted by user request: VerifyEnterpriseReferences
      Test omitted by user request: VerifyReferences
      Test omitted by user request: VerifyReplicas
      Starting test: DNS
         DNS Tests are running and not hung. Please wait a few minutes...
         See DNS test in enterprise tests section for results
         ......................... WGDDC01 failed test DNS
   Running partition tests on : DomainDnsZones
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation
   Running partition tests on : ForestDnsZones
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation
   Running partition tests on : Schema
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation
   Running partition tests on : Configuration
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation
   Running partition tests on : wgd
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation
   Running enterprise tests on : wgd.inet
      Starting test: DNS
         Test results for domain controllers:
            DC: WGDDC01.wgd.inet
            Domain: wgd.inet
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
               TEST: Basic (Basc)
                  The OS
                  Microsoft Windows Server 2012 R2 Standard (Service Pack level:
0.0)
                  is supported.
                  NETLOGON service is running
                  kdc service is running
                  DNSCACHE service is running
                  DNS service is running
                  DC is a DNS server
                  Network adapters information:
                  Adapter [00000010] Broadcom NetXtreme Gigabit Ethernet:
                     MAC address is B0:83:FE:C1:98:07
                     IP Address is static
                     IP address: 10.240.1.23
                     DNS servers:
                        10.240.1.23 (WGDDC01) [Valid]
                        10.240.1.24 (WGDDC02) [Valid]
                        127.0.0.1 (WGDDC01) [Valid]
                  The A host record(s) for this DC was found
                  The SOA record for the Active Directory zone was found
                  Warning: no DNS RPC connectivity (error or non Microsoft DNS s
erver is running)
                  [Error details: 5 (Type: Win32 - Description: Access is denied
         Summary of test results for DNS servers used by the above domain
         controllers:
            DNS server: 10.240.1.23 (WGDDC01)
               All tests passed on this DNS server
               Name resolution is functional._ldap._tcp SRV record for the fores
t root domain is registered
            DNS server: 10.240.1.24 (WGDDC02)
               All tests passed on this DNS server
               Name resolution is functional._ldap._tcp SRV record for the fores
t root domain is registered
         Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
            Domain: wgd.inet
               WGDDC01                      PASS WARN n/a n/a n/a
n/a n/a
         ......................... wgd.inet passed test DNS
      Test omitted by user request: LocatorCheck
      Test omitted by user request: Intersite
C:\Users\dsmythe>ipconfig /all
Windows IP Configuration
   Host Name . . . . . . . . . . . . : WGDDC01
   Primary Dns Suffix . . . . . . . : wgd.inet
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : wgd.inet
Ethernet adapter WGD_INET:
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . : B0-83-FE-C1-98-07
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.240.1.23(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.240.1.1
   DNS Servers . . . . . . . . . . . : 10.240.1.23
                                       10.240.1.24
                                       127.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{2C28B0FA-6BF8-4201-A6DA-081AED63B496}:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
When I try to bind a machine to the domain I get an error message that says "
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "wgd.inet":
The error was: "This operation returned because the timeout period expired."
(error code 0x000005B4 ERROR_TIMEOUT)
The query was for the SRV record for _ldap._tcp.dc._msdcs.wgd.inet
The DNS servers used by this computer for name resolution are not responding. This computer is configured to use DNS servers with the following IP addresses:
10.240.1.24
10.240.1.23
Verify that this computer is connected to the network, that these are the correct DNS server IP addresses, and that at least one of the DNS servers is running.
Please let me know if I'm missing something or if there are other things I can check.
Thanks!
I forgot to mention that after the 2003 domain controllers were out of the environment, I raised the domain and forest functional level to 2012 R2. All clients in the environment are Windows XP Pro or above. The XP Pro boxes will be going away as
soon as our vendor supports their software to run on Windows 7.

We now have 2 2012 R2 DCs. The 2003 DCs are gone. Metadata from the old DCs is all cleaned up. DNS seems to be working fine in 3 out of 4 subnets. The 4th is behind a hardware firewall and I can see the IP address of the machine I am trying to bind to the
domain connecting to the two new domain controllers but the client machine that is trying to bind gives an error. An Active Directory Domain Controller for the domain wgd.inet could not be contacted. It seems that this is just a DNS issue for one
particular subnet (10.240.2.0/24). This subnet is setup in AD Sites and Services\Sites\Subnets\10.240.2.0/24 (Site: Default-First-Site-Name).
When trying to do anything with nslookup from the 10.240.2.0/24 subnet it times out. The route is there and I can watch it connect through our hardware firewall over port 53.
DC01
Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.
C:\Users\dsmythe>netdom query fsmo
Schema master               WGDDC01.wgd.inet
Domain naming master        WGDDC01.wgd.inet
PDC                         WGDDC01.wgd.inet
RID pool manager            WGDDC01.wgd.inet
Infrastructure master       WGDDC01.wgd.inet
The command completed successfully.
C:\Users\dsmythe>ipconfig /all
Windows IP Configuration
   Host Name . . . . . . . . . . . . : WGDDC01
   Primary Dns Suffix . . . . . . . : wgd.inet
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : wgd.inet
Ethernet adapter WGD_INET:
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . : B0-83-FE-C1-98-07
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.240.1.23(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.240.1.1
   DNS Servers . . . . . . . . . . . : 10.240.1.23
                                       10.240.1.24
   NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{2C28B0FA-6BF8-4201-A6DA-081AED63B496}:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
C:\Users\dsmythe>
DC02
Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.
C:\Users\dsmythe>netdom query fsmo
Schema master               WGDDC01.wgd.inet
Domain naming master        WGDDC01.wgd.inet
PDC                         WGDDC01.wgd.inet
RID pool manager            WGDDC01.wgd.inet
Infrastructure master       WGDDC01.wgd.inet
The command completed successfully.
C:\Users\dsmythe>ipconfig /all
Windows IP Configuration
   Host Name . . . . . . . . . . . . : WGDDC02
   Primary Dns Suffix . . . . . . . : wgd.inet
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : wgd.inet
Ethernet adapter NIC1:
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . : B0-83-FE-C1-9F-74
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.240.1.24(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.240.1.1
   DNS Servers . . . . . . . . . . . : 10.240.1.24
                                       10.240.1.23
   NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{4F45E51E-FC2F-49ED-85CF-0750A9EEECF5}:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
C:\Users\dsmythe>

Windows 8.1 Pro Cannot Connect to Domain Controllers through Wi-Fi

I have a domain joined Surface 2 Pro running 8.1 Pro Update that is suddenly unable to connect to the domain controllers on the local network. The machine is fully patched. I'm guessing that it is some network level security issue because the wi-fi is working:
It has no trouble connecting to my Wi-Fi hotspot on my phone.
It has no trouble connecting to other Wi-Fi at coffee shops etc.
It is connecting to my home Wi-Fi and gets an address from DHCP on the domain controllers, but can't ping the DCs, access the DCs through remote desktop even using their IP address.
It can ping the router and ping systems on the internet using their IP address rather than hostname.
I can fully access internet systems if I point it at DNS on the router but still cannot access internal systems by name or IP address.
The Wi-Fi network shows as a public network rather than a domain.
It will work fine when it is docked and using the dock's ethernet adapter.
If I use VPN to loop back through my router then I am able to fully access local systems.
None of the other systems on the network are experiencing the same issue.
I have tried the following which didn't work:
Switched off the Windows Firewall on the Windows 8.1 system and a domain controller.
Network Troubleshooting - which told me that the network seems OK but the DNS servers are not responding.
Uninstalling the Wi-Fi device and restarting the system to re-install it.
Resetting TCP/IP.
I am not aware of any changes, but the system did install System Hardware Update 8/07/2014 (again!) but I can't recall if that was when the problem started or was just a coincidence.
Any suggestions?
Thanks,
Richard
Richard-F

Hi Richard,
Apologize for my slow understanding.
I thought as it could obtain IP address from the DC, it should have connections between them.
For the current situation, you may take a try to disable the firewall on the DC, then check the port that used by AD environment is all available,
Active Directory and Active Directory Domain Services Port Requirements, you could take use of this tool:
PortQryUI - User Interface for the PortQry Command Line Port Scanner
If all available and issue still insists, then issue here seems to be restricted with the wireless router. You may try to contact the router side and see if they could offer any further useful information regarding this situation.
Best regards
Michael Shao
TechNet Community Support

Failure to upgrade Cisco Unity Connection 8.6.2 to 9.1.2

Hi everybody.
Has someone that can help me with follow problem?
I making a Cisco Unity Connection upgrade from version: 8.6.2.20000-76 to 9.1.2.10000-28. But unfortunately we can't sucessfull to make this process.
On the finish of this process, I can see this outup error:
11/23/2013 12:28:55 upgrade_manager.sh|Cleanup exiting - Cached Data: [Vendor= VMware, Inc.
HWModel=VMware
CPUCount=2
CPUType= Intel(R) Xeon(R) CPU E5-2643 0 @ 3.30GHz
CPUSpeed=3300
MEMSize=6144
BIOSVer=PhoenixTechnologiesLTD 6.00 06/22/2012
ObjectId=1.3.6.1.4.1.9.1.1348
OSVersion=UCOS 5.0.0.0-2
SerialNumber= VMware-56 4d e0 4f 4d 85 87 7b-eb 22 0e 52 a7 73 1a 22
VendorOID=1.3.6.1.4.1.674]|<LVL::Info>
11/23/2013 12:28:55 upgrade_install.sh|Cleaning up download...|<LVL::Info>
11/23/2013 12:28:55 upgrade_install.sh|Cleanup upgrade source area.|<LVL::Info>
11/23/2013 12:28:55 upgrade_install.sh|Ejecting DVD (/dev/sda1)|<LVL::Debug>
11/23/2013 12:28:55 upgrade_install.sh|Removing /common/download/9.1.2.10000-28|<LVL::Info>
11/23/2013 12:28:55 upgrade_install.sh|Started auditd...|<LVL::Info>
11/23/2013 12:28:56 upgrade_install.sh|Started setroubleshoot...|<LVL::Info>
11/23/2013 12:28:56 upgrade_install.sh|Changed selinux mode to enforcing|<LVL::Info>
11/23/2013 12:28:56 upgrade_install.sh|Cleaning up rpm_archive...|<LVL::Info>
11/23/2013 12:28:56 upgrade_install.sh|Removing /common/rpm-archive/9.1.2.10000-28|<LVL::Info>
11/23/2013 12:29:00 upgrade_install.sh|IOWAIT monitor stopped|<LVL::Info>
11/23/2013 12:29:00 upgrade_install.sh|File:/usr/local/bin/base_scripts/upgrade_install.sh:599, Function: main(), Upgrade Failed -- (1)|<LVL::Error>
11/23/2013 12:29:00 upgrade_install.sh|set_upgrade_result: set to 1|<LVL::Debug>
11/23/2013 12:29:00 upgrade_install.sh|is_upgrade_lock_available: Upgrade lock is not available.|<LVL::Debug>
11/23/2013 12:29:00 upgrade_install.sh|is_upgrade_in_progress: Already locked by this process (pid: 14477).|<LVL::Debug>
11/23/2013 12:29:00 upgrade_install.sh|release_upgrade_lock: Releasing lock (pid: 14477)|<LVL::Debug>
Best Regards,
Claudio Costa
A mensagem foi editada por: Claudio Costa

Tks Manish, I just perform a restart on the both nodes on my CUC cluster and after that I did can install this upgrade patch.
Also is very important install the upgrade patch on all servers of the cluster before perform a switch-version on the publisher and then on the others nodes.
Best Regards,
Claudio Costa

Impact of Domain Controllers changes on Cisco Unity Ver 7.0(2.0) and UCCX ver ver 7.0(2) and CUCM ver 7.1.5.34900-7

Similar Messages

Maybe you are looking for