Issues after promoting Windwows Server 2019 to DC

rsn71 1 Reputation point
2022-01-07T22:30:20.977+00:00

I had been using Windows Server 2008 as my domain controller. I then bought a new server and installed Windows Server 2019 on it and applied all updates. I then promoted the Windows Server 2019 to a DC, keeping the 2008 DC as the primary.

I followed the instructions of posts I found on Microsoft, including making changes to the forest and domain functional levels and then followed the post about migrating to DFSR - was able to do without any errors.

However, after more than 24 hours I am still getting some errors on the new 2019 DC and the older 2008 DC.

I have attached a text file that has the DCDIAG results from both the DC1 and DC2

Windows Server 2008 = DC1
Windows Server 2019 = DC2
domain -= domain.local

Please help.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,170 questions
0 comments

8 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Dave Patrick 426.1K Reputation points MVP
    2022-01-07T23:53:06.073+00:00

    Not sure what order you performed? As you described was not correct.

    The two prerequisites to introducing the first 2019 or 2022 domain controller are that domain functional level needs to be 2008 or higher and older sysvol FRS replication needs to have been migrated to DFSR
    https://techcommunity.microsoft.com/t5/Storage-at-Microsoft/Streamlined-Migration-of-FRS-to-DFSR-SYSVOL/ba-p/425405

    I'd use dcdiag / repadmin tools to verify health correcting all errors found before starting any operations. Then stand up the new 2019 or 2022, patch it fully, license it, join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over (optional), transfer pdc emulator role (optional), use dcdiag / repadmin tools to again verify health, when all is good you can decommission / demote old one.

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    1 person found this answer helpful.
  2. rsn71 1 Reputation point
    2022-01-08T15:45:12.58+00:00

    Sorry, my post was a summary and then an after thought of what I had done. I should have been more clear.

    I did set domain functional level to 2008 and older sysvol FRS replication migrated to DFSR...and I did use the URL you had provided.

    Now that I think about it, I may have setup the 2019 server, installed Domain Services and then applied all updates on the 2019 server. I think I THEN started the above process of setting functional level on the 2008 server and did the DFSR migration. Now I am having the errors mentioned in this post (and the other post, you are helping me with).

    What do you think I should do to correct? Remove the 2019 DC from the domain, remove domain services from the 2019 server and then reboot. (The 2019 server is fully patched.) Then re-join to existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over (optional), transfer pdc emulator role (optional), use dcdiag / repadmin tools to again verify health, when all is good you can decommission / demote old one?

    0 comments
  3. Dave Patrick 426.1K Reputation points MVP
    2022-01-08T15:53:00.633+00:00

    I'd suggest moving the roles back to 2008, demote the 2019, then check the health status (dcdiag, repadmin) is 100%

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    0 comments
  4. rsn71 1 Reputation point
    2022-01-08T17:28:23.723+00:00

    Ok, I demoted the 2019 server and then removed domain services, rebooted and made sure everything was good on the 2019 server.

    I then stop and restarted the DFS replicator service on the 2008 DC and checked the dcdiag. 1 error:

    Starting test: DFSREvent
   There are warning or error events within the last 24 hours after the
   SYSVOL has been shared.  Failing SYSVOL replication problems may cause
   Group Policy problems.
   ......................... SERVER failed test DFSREvent

    The error in the event log I see is this:

    The DFS Replication service failed to communicate with partner DC2 for replication group Domain System Volume. This error can occur if the host is unreachable, or if the DFS Replication service is not running on the server. 

Partner DNS Address: DC2.domain.local 

Optional data if available: 
Partner WINS Address: DC2 
Partner IP Address:  

The service will retry the connection periodically. 

Additional Information: 
Error: 1722 (The RPC server is unavailable.)

    No errors in the event log after the restart of the DFS services, so I think I want to wait till tomorrow to make sure there are no errors in the last 24 hours, correct? Or I can check the event log on the 2008 DC all day to see if a replication error ever pops up again.

    If there are no errors, should I start the install of domain services on the 2019 server again?

    0 comments
  5. Dave Patrick 426.1K Reputation points MVP
    2022-01-08T19:15:12.237+00:00

    Is the event log error before or after demotion? If the latter you may need to perform some cleanup of remnants.
    https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-metadata-cleanup
    https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-manually-removing-a-domain-controller-server/ba-p/280564

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    0 comments