What do you see in the network trace? Is it attempting the connection? Is it establishing the TCP/IP connection and then blowing out in the NetBIOS handshake? Does it get through the handshake and then fail?
-- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Lilianstrom Sent: Tuesday, June 20, 2006 10:53 AM To: [email protected] Subject: Re: [ActiveDir] Problem removing last w2k DC from a w2k3 domain Al Mulnick wrote: > Denying access? Hmm.... so logged on to the w2K machine you can't > access the admin$ share of either of the DC's right? Correct. I can access any member server admin$ share from the w2k machine. I can access the w2k3 DC admin$ share from any other w2k3 machine in the domain. I just can't access the w2k3 DC admin$ share from the w2k DC. al > > On 6/20/06, *Al Lilianstrom* <[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>> wrote: > > Robert Rutherford wrote: > > Hi, > > > > It does sound like our old pal DNS. > > > > If you run a dcdiag and netdiag, do they both run clean? If not then > > please post the results. > > Both clean. Every test I can think of comes up clean. The only real > symtom was in the orginal message - lack of admin access to the w2k3 DCs > from the w2k DC. Checking the event log on the w2k3 DC I see the > computer and user log in and out successfully. Just something denying > access. > > > If all is clean and it's a test environment then pull it and > clean it up > > with ntdsutil et al. > > Sounds like a fun way to spend the morning. :-) > > al > > > If it's a new situation then just replicate and see if you still have > > the issue. I have always found a couple of hours helps many ills. > > > > BR > > > > Rob > > > > Robert Rutherford > > QuoStar Solutions Limited > > > > The Enterprise Pavilion > > Fern Barrow > > Wallisdown > > Poole > > Dorset > > BH12 5HH > > T: +44 (0) 8456 440 331 > > F: +44 (0) 8456 440 332 > > M: +44 (0) 7974 249 494 > > E: [EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]> > > W: www.quostar.com <http://www.quostar.com> > > -----Original Message----- > > From: [EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]> > > [mailto:[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>] On Behalf Of Al Lilianstrom > > Sent: 19 June 2006 20:52 > > To: [email protected] > <mailto:[email protected]> > > Subject: [ActiveDir] Problem removing last w2k DC from a w2k3 domain > > > > I've in the process of upgrading my test domain (empty root and 1 > child) > > > > to w2k3 R2 based DCs and (thanks to help from the friendly folks > here) > > am just about done. I have one last w2k dc left to remove. It > doesn't > > want to go peacefully. > > > > I moved the FSMO roles off and the next day tried to dcpromo it > down to > > a simple server. I get > > > > Managing the network session with FBDC1.fnal.gov > <http://FBDC1.fnal.gov> failed > > > > "Access is denied. " > > dcpromoui t:0x848 00479 Exit State::GetFailureMessage The > > operation failed because: > > > > Managing the network session with FBDC1.fnal.gov > <http://FBDC1.fnal.gov> failed > > > > A quick check shows that I can't get to the admin shares of my > new w2k3 > > dc/FSMO role holder from the w2k dc. I can get to the admin > shares of > > the other simple servers but not either of the 2 DCs. Other > systems can > > access the admin shares via the domain admin account I'm using on the > > w2k DC. > > > > I've been searching and have found people having a similar > problem when > > promoting a w2k machine to be a DC but not when demoting. I've > tried a > > number of the things that were suggested in those articles and > they have > > > > had no affect. > > > > There is no firewall in the way. AD replication and FRS work. > > > > Any ideas before I rip it out? > > > > al > > > > -- > > Al Lilianstrom > CD/CSS/CSI > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ml/threads.aspx > <http://www.activedir.org/ml/threads.aspx> > > -- Al Lilianstrom CD/CSS/CSI [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
