Al Mulnick wrote:
Denying access? Hmm.... so logged on to the w2K machine you can't
access the admin$ share of either of the DC's right?
Correct.
I can access any member server admin$ share from the w2k machine. I can
access the w2k3 DC admin$ share from any other w2k3 machine in the domain.
I just can't access the w2k3 DC admin$ share from the w2k DC.
al
On 6/20/06, *Al Lilianstrom* <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
Robert Rutherford wrote:
> Hi,
>
> It does sound like our old pal DNS.
>
> If you run a dcdiag and netdiag, do they both run clean? If not then
> please post the results.
Both clean. Every test I can think of comes up clean. The only real
symtom was in the orginal message - lack of admin access to the w2k3 DCs
from the w2k DC. Checking the event log on the w2k3 DC I see the
computer and user log in and out successfully. Just something denying
access.
> If all is clean and it's a test environment then pull it and
clean it up
> with ntdsutil et al.
Sounds like a fun way to spend the morning. :-)
al
> If it's a new situation then just replicate and see if you still have
> the issue. I have always found a couple of hours helps many ills.
>
> BR
>
> Rob
>
> Robert Rutherford
> QuoStar Solutions Limited
>
> The Enterprise Pavilion
> Fern Barrow
> Wallisdown
> Poole
> Dorset
> BH12 5HH
> T: +44 (0) 8456 440 331
> F: +44 (0) 8456 440 332
> M: +44 (0) 7974 249 494
> E: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
> W: www.quostar.com <http://www.quostar.com>
> -----Original Message-----
> From: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
> [mailto:[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>] On Behalf Of Al Lilianstrom
> Sent: 19 June 2006 20:52
> To: [email protected]
<mailto:[email protected]>
> Subject: [ActiveDir] Problem removing last w2k DC from a w2k3 domain
>
> I've in the process of upgrading my test domain (empty root and 1
child)
>
> to w2k3 R2 based DCs and (thanks to help from the friendly folks
here)
> am just about done. I have one last w2k dc left to remove. It
doesn't
> want to go peacefully.
>
> I moved the FSMO roles off and the next day tried to dcpromo it
down to
> a simple server. I get
>
> Managing the network session with FBDC1.fnal.gov
<http://FBDC1.fnal.gov> failed
>
> "Access is denied. "
> dcpromoui t:0x848 00479 Exit State::GetFailureMessage The
> operation failed because:
>
> Managing the network session with FBDC1.fnal.gov
<http://FBDC1.fnal.gov> failed
>
> A quick check shows that I can't get to the admin shares of my
new w2k3
> dc/FSMO role holder from the w2k dc. I can get to the admin
shares of
> the other simple servers but not either of the 2 DCs. Other
systems can
> access the admin shares via the domain admin account I'm using on the
> w2k DC.
>
> I've been searching and have found people having a similar
problem when
> promoting a w2k machine to be a DC but not when demoting. I've
tried a
> number of the things that were suggested in those articles and
they have
>
> had no affect.
>
> There is no firewall in the way. AD replication and FRS work.
>
> Any ideas before I rip it out?
>
> al
>
--
Al Lilianstrom
CD/CSS/CSI
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
<http://www.activedir.org/ml/threads.aspx>
--
Al Lilianstrom
CD/CSS/CSI
[EMAIL PROTECTED]
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
