Preparing virtual domain controller for cloning fails because DC not in cloneable domain controllers group

Similar Messages

• Replace WS2003 domain controller for WS2012 domain controller

  Hi, I think that is a common problem but I haven't found anythink exactly like this, only something similar, but I have a lot of doubts yet.
  The thing is that I have a network with two domain controllers:
  WS2003     - 192.168.0.1, who is the first domain controller I created and is also a file sharing server
  WS2008R2 - 192.168.0.8, who is a  new domain controller I added one year ago.
  Now, I want to replace the first one, keeping the second. One.
  I thinking of removing the first one and replace it with a new machine (WS2012) with the same IP and name host. I need the same host because clients are pointing to it to get the shared files.
  My main fear is that clients get some error related with trust relationship and I will have to rejoin them one by one to the domain.
  As I have another domain controller, Will the global catalog of the new machine be synchronized automaticly with the WS2008R2 domain controller?
  Do I need to demote the old domain controller before add the new one?
  Thanks a lot

  Hi Tomas,
  As pointed by Burakm you should have an additional file server and should avoid using a Domain controller which has priviledged access, to share files. This puts you at a security risk.
  Regarding the requirement of old host name:
  Here is something that would let you keep a different servername and IP, yet allow your users to connect to the old hostname and access the share. Use CNAME records of old server to point it to the new hostname.
  How to Configure Windows Machine to Allow File Sharing with DNS Alias
  You might also look for Distributed File System Shares.
  http://blogs.technet.com/b/josebda/archive/2009/06/26/how-many-dfs-n-namespaces-servers-do-you-need.aspx
  NOTE- You can't run in-place upgrade of a 2003 to 2012 DC.
  Regards,
  Satyajit
  Please “Vote As Helpful”
  if you find my contribution useful or “Mark As Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

• ACL migration Error : 1210 could not find a domain controller for domain "Test Domain" (Old Domain)

  Hi
  We are migrating from old domain to new domain. Before live migration, we are trying to check the ACE/ACL migration through SubInACL. We are running the SubInACL on a cluster, which is a member of the Old Domain (Test Domain). We are able to resolve and
  ping both Old Domain and the New domain from this cluster machine. We have created a network share on this cluster, which is accessible to all Domain Users of the Old Domain. Both Domains have two way forest level trust. we are trying to migrate
  the ACL of this share (\\ClusterMachine\testshare$) to the new domain using SubInACL. We are trying to run the below command to get it done.  
  subinacl /outputlog=C:\Users\Administrator\Desktop\Migrationlog.txt /subdirectories
  \\ClusterMachine\testshare$\*.* /migratetodomain=OldDomain=NewDomain=mappingfile.txt
  Mapping file contains : Domain Users=NewDomain_Users
  But we are geeting the Error that "1210 could not find a domain controller for domain "Test Domain". Error finding domain name : 1210 the format of the specified computer name is invalid. Current Object "\\ClusterMachine\testshare$"
  will not be processed."

  Hello,
  how in detail is DNS set up in each domain?
  Any problems when using nslookup to verify?
  Best regards
  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://blogs.msmvps.com/MWeber
  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
  Twitter:  

• Charm: No Domain Controller for SB5

  Hi,
  I configured Charm in solution Manager 4.0, created a satellite system SB5 in smsy and run the batch to get the info to charm. now i have it in /tmwflow/cmsconf but when i synchronize the project in solar_admin_project we get the error No Domain Controller for SB5.
  The STMS is configured correctly in SB5
  The RFC dests are OK also from SMSY i can see the dommain controller without any problem and distribution routes also.
  Any advise
  Thanks
  Ahmed

  Thanks Pascal,
  I was able to fix the problen but adding a domain link between solution manager and satellite systems.
  Ahmed

• Unable to find domain controller for the specified domain. Please explicitly specify the domain controller.

  Im getting error "Unable to find domain controller for the specified domain. Please explicitly specify the domain controller."   when I try to create an AD connection for my User Profile Service.  The entire sharepoint environment is installed
  on one server.  That server has everyting on it, AD, SQL, Sharepoint, and its the domain controller. I cant figure out why this will not identify?Trevor Fielder

  Hi,
  Did you get this error when clicking on the Populate Containers button?
  If yes, please make sure that you have provide the domain credentials in the account name and password
  boxes below when entering the domain information. The account must be granted the replicating directory changes permission on the domain.
  You can refer to this blog:
  http://www.harbar.net/articles/sp2010ups.aspx
  Xue-Mei Chang

• Connection for Source failed because the environment is not trusted

  Good day all,
  This is the second time I come across this error on two different forms.
  This happens whenever I have a form connected to my database(SQL) and configured my ODBC.
  My form is Reader Extended, when I load it outside LC Designer I get this error : "Connection for Source failed because the environment is not trusted".
  I have searched for solution, one that I saw says one must change bindings from None to Normal, I've done that and didnt solve my problem.
  Can someone please assist me.
  Regards,
  Ace

  Check the two below links and see if they can be of any helpful to resolve your issue.
  In this thread Paul is asking to change the DSN setting.
  "If you set up your DSN as a system DSN instead of a user DSN then that message shoudl disappear."
  http://forums.adobe.com/message/2873482
  In the below blog, Steve is mentioning to clone the connection to get rid of the issue.
  You should be able to get around this by changing this line:
  var oDB = xfa.sourceSet.nodes.item(nIndex);
  to this:
  var oDB = xfa.sourceSet.nodes.item(nIndex).clone(1);
  http://forms.stefcameron.com/2006/10/12/displaying-all-records-from-an-odbc-data-connectio n/
  Thanks
  Srini

• What happens to a Domain Controller if event id:2213 is not fixed?

  Hi,
  What happens to a Domain Controller if event id:2213 is not fixed? Does it impact the domain replication to other DC's? Also the DC has PDC and RID fsmo roles any impact there?
  Thank you,

  Hi,
  Are you getting below event id ?
  Event Type: Warning
  Event Source: DFSR
  Event Category: Disk
  Event ID: 2213
  Description: "The DFS Replication service stopped replication on volume C. This occurs when a DFSR JET database is not shut down cleanly and Auto Recovery is disabled. To resolve this issue, back up the files in the affected replicated folders, and then
  use the ResumeReplication WMI method to resume replication. 
  Additional Information:
  Volume: C:
  GUID: E18D8280-2379-11E2-A5A0-806E6F6E6963

• Pricing for VM running WS 2012 E R2 primarily as domain controller for ~5 clients

  Hi
  I am starting a small medical clinic, with only about 6 client PCs.  However, I  would like a domain network structure for security purposes moving forward rather than a workgroup.
  I'm looking at either purchasing a modest server (ie HP Proliant ml310) with windows server 2012 essentials r2 and using it locally (total cost ~$1500) or using a Windows Azure virtual machine to run the domain controller over a VPN.  We already use
  office 365 e3, so don't really need a local server for email, storage etc. I already have an old synology NAS that could be used for disk images etc that we would lose out on with the hosted server solution.
  Can someone verify my calculations for monthly cost estimate I tried using the calculator --1 small VM + 225 GB storage for the OS came to $65/month
  Would I be able to run it on the small virtual machine or would I need to go up to medium just for the OS?  If the later is the case it would definitely not be cost effective.
  Thanks for the help
  TM

  hi tdiddy,
  Thanks for posting!
  About VM and azure storage pricing , I suggest you could refer to this pricing details page and calculations fee:
  http://azure.microsoft.com/en-us/pricing/details/virtual-machines/
  http://azure.microsoft.com/en-us/pricing/details/storage/
  Also, for this billing question Please contact azure billing support team via
  http://www.windowsazure.com/en-us/support/contact/
  Hope it helps.
  Regards,
  Will
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• AD account logging to a remote domain controller for authentication

  Hi,
  I have a weird issue with an AD account using a different logonserver when authenticating to AD.  A domain admin account uses the local site domain controller but another account is using a remote domain controller as logonserver. I'm using both account
  to logon to the same server (CRM 2011). But when I issue the command "set l' from the command line, they shows different logonserver value. 
  My issue is the crm account is pointing to a remote domain controller (windows 2012 R2) which I don't want and should use the local site domain controller (windows 2008 R2). The reason being is that the CRM server is on a  test network (isolated) and
  when we test an upgrade of CRM addon product called Experlogix, the upgrade requires to get authenticated by AD but it fails and I think the logonserver is the issue. When the crm account is used on the test server it points not to the local site domain controller
  but to the remote dc which is not in the test server.
  Thanks for your help!!!
  AA

  Start by checking that your are sites and subnets are well configured.
  Use dssite.msc and make sure that:
  You have AD sites that represent your physical sites
  All the subnets in use are created and moved to the correct AD site
  Your DCs belong to the correct AD site
  You can read more about the DC Locator process here: http://social.technet.microsoft.com/wiki/contents/articles/24457.how-domain-controllers-are-located-in-windows.aspx
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• Best pracices for setting up Domain controller for our remote European offices

  Hi,,
  We have about 17 remote site across Europe (HQ in UK), I want to start revoking the offices local DC's and host them in a couple of Cloud servers in Germany with local NAS boxes for file storage. I will have MPLS network between the offices to the Cloud
  DC.
  Now what would be the best practices and tips for this situation in respect to the DC's. How can I prioritize the remote offices to use the Cloud DC/DNS and not our DC at our HQ in the UK. Would it be better to have a sub-domain created (europe.company.co.uk)
  for the other offices.
  Any suggestions on this setup for the DC

  Hiya,
  on the conceptual level. The reason for having local DC's, is that if the local sites internet line is offline, people are still able to authenticate and access local resources. From that point of view, you might as well just run with your HQ DC's only. Note:
  the cloud does offer availability on their services, that might not be matched by your HQ in terms of double internet lines.
  That said.
  The DNS server of the clients as well as the sites & services of Active Directory. Your clients will use the nearest domain controller available from sites and services information.
  Managing Intersite Replication
  http://technet.microsoft.com/en-us/library/cc794799%28v=ws.10%29.aspx

• [Forum FAQ] How to sync time with a Domain Controller for a standalone server

  As we all known, if a computer belongs to an Active Directory domain, it will sync the time automatically by using the Windows Time service that is available on Domain Controllers.
  While a standalone server will synchronize with its local hardware time and Windows time server. (Figure 1)
  Figure 1.
  Under some circumstances, a standalone server is necessary in a product environment. We can sync the time of this standalone server with the Domain Controller using
  the steps below:
  1. Modified the value of the AnnounceFlags:
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
  Under this entry we can see the default value of AnnounceFlags is 10 (Decimal), we configure the value as 5 (Decimal). (Figure 2)
  Figure 2.
  2. Confirm the value of the registry key below is set to 0:
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer 
  Figure 3.
  3. Configure the standalone server to synchronize with a specific time source (Domain Controller).
  In our test, we configured our Domain Controller (192.168.10.200) as the time source. Used the following commands:
  w32tm /config /syncfromflags:manual /manualpeerlist:192.168.10.200
  4. Sync the time with the Domain Controller using the command below:
  w32tm /config /update
  From the figure below (Figure 4), you can see the after we did all the steps above, the time on the standalone server was synced with the Domain Controller.
  Figure 4.
  (Note: Peerlist is a separated list of DNS servers, or IP Addresses for the time servers)
  More information:
  Windows Time Service Tools and Settings
  http://technet.microsoft.com/en-us/library/cc773263(WS.10).aspx#w2k3tr_times_tools_dyax
  Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

  Thank you for the instruction! I am sure it is one of the scenarios that majority of administrators will run into. So I suggest to write a wiki about it and publish it for this month's TechNet Guru in Windows Server section. This month's TechNet Guru can
  be found here:
  Calling All Wise Men! Windows
  Server Gurus Needed! Apply Within! No One Turned Away!
  Thanks for your informative post. :)
  Regards.
  Mahdi Tehrani   |  
    |  
  www.mahditehrani.ir
  Please click on Propose As Answer or to mark this post as
  and helpful for other people.
  This posting is provided AS-IS with no warranties, and confers no rights.
  How to query members of 'Local Administrators' group in all computers?

• Changing Domain Controller for Exchange 2013

  Folks
  I have an Exchange 2013 running on Server 2012.
  Old DC on Server 2008.
  I want to decommission the 2008 server. I have build a 2012 DC and for the life of can not work out how to change the DC that my exchange box uses????
  Using Set-ADServerSettings cmdlet only seems to change the server for that current session?? reboot and back to the old DC...
  When I use the Se-ExchangeServer cmdlet, I get domain controller cant be found. I have set the execution policy on the dc to unrestricted and still Domain controlleer cant be found..
  New dc is a GC..
  Any ideas would be good.
  -graham

  First, the behavior observed for the cmdlet Set-ADServerSettings is normal. The values for the domain controllers
  designated are " per session". For example:
  The PreferredServer parameter
  specifies the FQDN of the domain controller to be used for this session.
  http://technet.microsoft.com/en-us/library/dd298063(v=exchg.150).aspx
  +++
  What parameters, exactly, did you use for Set-ExchangeServer? What was the entire command?
  If the domain controller(s) were found for "Set-ADServerSettings"
  and... if Exchange is functioning OK in general, the domain controllers should be accessible.
  +++
  Are you in a position where you could shut down the older server (during off hours for example) and see if Exchange can
  find - and use - the newer DC?
  Will you only have one DC after decommission of the old one?
  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

• Question about adding Windows 2012 R2 Domain Controller, into a native Windows 2008 R2 single forest domain

  I current have a two server domain, both Windows 2008 R2 and fully updated.   The two servers are on subnet 10.0.1.0 /24
  - Windows 2008 R2 Server A: 10.0.1.1 (DC, GC, FSMO, DNS)
  - Windows 2008 R2 Server B: 10.0.1.2 (DC, GC)
  AD Domain: COMPANY.LOCAL
  I have a second connected subnet, 192.168.1.0 /24) which is routed to the 10.0.1.0/24 subnet and I would like to install a Windows 2012 R2 server onto a server on that subnet and make it a domain controller with AD-Integrated DNS and DHCP for the 192.168.1.0
  /24 subnet.
  - Windows 2012 R2 Server C: 192.168.1.1
  What are the proper progression steps, in order to bring up the Windows 2012 R2 server and then add it to my COMPANY.LOCAL domain and then promote it do a DC/GC/AD-Integrated DNS server?   Are they anything like the following:
  1. Install Windows 2012 R2 server (Server C)
  2. Point Windows 2012 R2 server DNS servers at Server's A and B
  3. Perform AD prep to extend AD schema to support Windows 2012 R2 domain controllers
  4. Promote Windows 2012 R2 server to domain controller (install local DNS service on Server C, during this step)
  * Question:  Will Windows automatically create a DNS zone for the Windows 2012 R2 subnet (192.168.1.0/24) AND also include the DNS zone from the previous Windows 2008 R2 domain (10.0.1.0 /24)?  Or will I need to add the 10.0.1.0 /24 zone to the DNS
  server on Server C, even though the DNS from the Windows 2008 R2 domain is AD integrated?

  Hi,
  Regarding the issue here, please take a look into below articles:
  System Requirements and Installation Information for Windows Server 2012 R2
  http://technet.microsoft.com/en-us/library/dn303418.aspx
  Release Notes: Important Issues in Windows Server 2012 R2
  http://technet.microsoft.com/en-us/library/dn387077.aspx
  Install a Replica Windows Server 2012 Domain Controller in an Existing Domain (Level 200)
  http://technet.microsoft.com/en-us/library/jj574134.aspx
  Here is an example for promoting Windows Server 2012 to a DC, see:
  Step-by-Step Guide for Setting Up A Windows Server 2012 Domain Controller
  http://social.technet.microsoft.com/wiki/contents/articles/12370.step-by-step-guide-for-setting-up-a-windows-server-2012-domain-controller.aspx
  As the server is promoted to a DC, DNS Zones will be replicated and synchronized to it automatically whenever the new one is added to an AD DS domain,  bascially there is no special need to add zones,  for more information, please see:
  Understanding Active Directory Domain Services Integration
  http://technet.microsoft.com/en-us/library/cc726034.aspx
  Hope this may help
  Best regards
  Michael
  If you have any feedback on our support, please click
  here.
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Bad news for "connection failed, wlan / wifi not f...

  Sometime ago I wrote this in my blog: Conn. failed Wlan not found
  And, like most of you who are now reading this post, I've spent hours trying to google a solution, totally without success. But at least, after so much reading and learning, I've come to a definite (and very teaching) conclusion: this issue is due to nothing less but a shameful bug in Symbian^3's DHCP client. There's no blaming the router's settings or characteristics, because with exactly the same routers and settings, most other phones can connect.
  However, I always hoped that the Nokia crew were taking note of this bug and working on it, and I've spent months waiting for a fix in some of the firmware updates. I've done two updates since I got the phone (mine is a C7, but I believe it's a Symbian^3 "feature"), to no avail: disheartedly, both times I've seen that the bug remained there.
  "Maybe in Symbian Belle?" I said to myself. "Of course. They can't be that blunt! The've got to fix it in Belle." So, yesterday I updated my C7 with the "leaked" Belle firmware and, you know what? Yes! They've been certainly working on the bug! This way:
  So far, when trying to connect to some wireless routers we got the error message: "Conn. failed. Wlan not found". Now, after making us wait so much for Belle (and not yet officially released), there's no such message any more!
  Oh, well, certainly we still can't connect to the router, but now the message reads: "Connection failed. Wi-fi netw. not found".
  Nokia, this is un-be-lie-va-ble. I know you're reading this. Will you ever fix the mentioned problem in Symbian? It's no small bug, folks.

  Hi Torben
  Thank you for contacting Nokia Care customer support.
  Since we wrote last I have got a lot more experience with the Belles situation in this area.
  Recently suspicion fell on a bug in old saved data from the "Anna" that causes general network error.
  To solve it, there must be a backup - but NOT the programs / settings, since they bear the error.
  Subsequently, disconnect the phone from, select the Offline profile (Press and hold the cards on the off button and choose the one on this list)
  "Ring" now * # 7370 # accept and enter the security code is 12345, if it asks for it.
  Your security code if you have change it.
  Set Time & Date and reviewing start-up menus.
  Get immediately sent to the settings for data and multimedia.
  Restart your phone and try now about the Internet is working properly.
  Do they do it; you can safely restore contacts and whatever else you have in your backup.
  I would personally appreciate it if you want to participate in a brief survey that will be about my response to you. Customer survey will receive a separate e-mail.
  If there is anything I can do for you, then you're obviously more than welcome to contact me again.
  Sincerely
  Jannik Petersen
  Nokia Care

• Domain Controller SystemState backup failing on 3 servers

  Hi,
  I've been puzzling over this for a few weeks - getting a bit desperate now... Seen a few similar issues on the forums, but no definitive answer that works...
  I have 3 2012R2 domain controllers - 2 are new, clean build, no AV installed, built in the last month and have latest updates installed.
  Windows Server backup installed on all 3 and is failing with same error on all 3 when attempting to do a system state backup.
  This is what I'm running from an elevated command prompt...
  C:\Windows\system32>wbadmin start systemstatebackup -backuptarget:e:
  Also fails exactly the same from the GUI.
  Windows Server Backup Log has this error:
  Error in backup of C:\Windows\WinSxS\amd64_microsoft-windows-alttab_31bf3856ad364e35_6.3.9600.16384_none_599bb25393087eb6\AltTab.ptxml during read: Error [0x80070005] Access is denied.
  I haven't changed any permissions, they are default...
  >cacls AltTab.ptxml
  ...\AltTab.ptxml NT SERVICE\TrustedInstaller:F
                BUILTIN\Administrators:R
                NT AUTHORITY\SYSTEM:R
                BUILTIN\Users:R
                APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:R
  In the Event Log I have:
  Event 517
  The backup operation that started at '‎2015‎-‎01‎-‎05T07:30:13.107907800Z' has failed with following error code '0x80780049' (None of the items included in backup were backed up.). Please review the event details for a solution, and then rerun the backup
  operation once the issue is resolved.
  Same error is present on all DC's, all 3 are failing on files in the winsxs folder - different files on each.
  As per a previous article I read, on one of the servers I have re-applied permissions to the WinSxS folder, which didn't make any difference.
  I cannot see any locks on the winsxs files using sys internals process explorer.
  Interestingly though, system state backup did work before windows update applied huge amount of updates straight after the build.
  At this point, I have no good backups of AD - I have run out of options - all assistance appreciated.
  Thanks,
  Charles.

  OK, this is getting ridiculous.
  Built another clean server from latest 2012 R2 iso... en_windows_server_2012_r2_with_update_x64_dvd_6052708.iso
  joined domain, backups work, windows update works and installs 24 updates
  Promoted to DC, then Windows update and backups fail with 
  WU...
  2015-01-09
  14:30:38:735
  836
  d6c
  AU
  >>##  RESUMED  ## AU: Search for updates [CallId = {6DD3D371-4F02-4D34-95FE-B04899E14E92} ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}]
  2015-01-09 14:30:38:735
  836 d6c
  AU  # 4 updates detected
  2015-01-09 14:30:38:735
  836 d6c
  AU #########
  2015-01-09 14:30:38:735
  836 d6c
  AU ##  END  ##  AU: Search for updates  [CallId = {6DD3D371-4F02-4D34-95FE-B04899E14E92} ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}]
  2015-01-09 14:30:38:735
  836 d6c
  AU #############
  2015-01-09 14:30:38:735
  836 d6c
  AU All AU searches complete.
  2015-01-09 14:30:38:735
  836 d6c
  AU  # WARNING: Failed to find updates with error code 80070005
  2015-01-09 14:30:38:735
  836 d6c
  AU AU setting next detection timeout to 2015-01-09 19:30:38
  2015-01-09 14:30:38:735
  836 d6c
  AU Adding timer: 
  2015-01-09 14:30:38:735
  836 d6c
  AU    Timer: 31DA7559-FE27-4810-8FF6-987195B1FD98, Expires 2015-01-09 19:30:38, not idle-only, not network-only
  2015-01-09 14:30:38:735
  836 d6c
  AU WARNING: ISusInternal::CanInstallNow failed, error = 0x80070005
  Backups failing with:
  Error in backup of C:\Windows\WinSxS\amd64_microsoft-windows-alttab_31bf3856ad364e35_6.3.9600.16384_none_599bb25393087eb6\AltTab.ptxml during read: Error [0x80070005] Access is denied.
  Any suggestions?
  Thanks.