none
Copy of production AD Directory Servers Hyper-V VMs from production host to a test host

    Question

  • Hi,

    we're running two AD Services replicating to each other on two separate Hyper-V host machines (DC05 & DC07).  The AD servers are setup as VMs and run under Windows 2012 R2.  We are running DNS and DHCP servers on DC05 which replicate to DC07.  In the production environment the servers are functioning normally, they replicate to each other without any issue.  The primary server is DC05.

    For testing purposes we have another physical server in another location using the same IPV4 subnet 255.255.255.0 (internally 192.168.0.xxx).  The AD servers have static IPV4 IP addresses DC05 (192.168.0.10) & DC07 (192.168.9.12).  I shutdown the AD servers on the production site and exported the VMs to a USB disk and re-imported them on the test server which also runs Windows 2012 R2.  I have disabled the DHCP service on my router so that it doesn't interfere with the DHCP server running on DC05.

    When I start both AD servers on the test server they don't see each other.  Yet I can ping them okay and do NSLOOKUPs using the DNS server on DC05.  The domain name is HBM.ASC

    When I do a DCDIAG of each server I get the following errors:

      Testing server: Default-First-Site-Name\VM-HBMCDC05

          Starting test: Advertising
             Fatal Error:DsGetDcName (VM-HBMCDC05) call failed, error 1355
             The Locator could not find the server.
             ......................... VM-HBMCDC05 failed test Advertising

          Starting test: FrsEvent
             There are warning or error events within the last 24 hours after the
             SYSVOL has been shared.  Failing SYSVOL replication problems may cause
             Group Policy problems. Starting test: NetLogons
             Unable to connect to the NETLOGON share! (\\VM-HBMCDC05\netlogon)
             [VM-HBMCDC05] An net use or LsaPolicy operation failed with error 67,
             The network name cannot be found..
             ......................... VM-HBMCDC05 failed test NetLogons

      Running enterprise tests on : HBM.ASC
          Starting test: LocatorCheck
             Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
             A Global Catalog Server could not be located - All GC's are down.
             Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
             A Time Server could not be located.
             The server holding the PDC role is down.
             Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355
             A Good Time Server could not be located.
             Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
             A KDC could not be located - All the KDCs are down.
             ......................... HBM.ASC failed test LocatorCheck
          Starting test: Intersite         ......................... HBM.ASC passed test Intersite

    The SYSVOL & NETLOGON shares are not created on both AD servers for reasons unknown.

    IPCONFIG of DC05:

      Windows IP Configuration

       Host Name . . . . . . . . . . . . : VM-HBMCDC05
       Primary Dns Suffix  . . . . . . . : HBM.ASC
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : HBM.ASC

      Ethernet adapter Ethernet 2:

       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter #2
       Physical Address. . . . . . . . . : 00-15-5D-00-07-0A
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::5d2b:cf6:33ae:edea%14(Preferred) 
       IPv4 Address. . . . . . . . . . . : 192.168.0.10(Preferred) 
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.0.1
       DHCPv6 IAID . . . . . . . . . . . : 352327006
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-47-C8-66-00-15-5E-00-07-01
       DNS Servers . . . . . . . . . . . : 127.0.0.1
                                           192.168.0.12
       NetBIOS over Tcpip. . . . . . . . : Enabled

      Tunnel adapter isatap.{4A8B8B72-98A5-4305-98AA-F619CDC24848}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    IPCONFIG /ALL of DC07:


      Windows IP Configuration

       Host Name . . . . . . . . . . . . : VM-HBMCDC07
       Primary Dns Suffix  . . . . . . . : HBM.ASC
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : HBM.ASC

      Ethernet adapter Ethernet:

       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter
       Physical Address. . . . . . . . . : 00-15-5D-00-07-0B
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::d41f:dfe:d48f:cf3d%12(Preferred) 
       IPv4 Address. . . . . . . . . . . : 192.168.0.12(Preferred) 
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.0.1
       DHCPv6 IAID . . . . . . . . . . . : 301995357
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-14-1C-A2-00-15-5D-00-07-0B
       DNS Servers . . . . . . . . . . . : ::1
                                           192.168.0.10
                                           127.0.0.1
                                           192.168.0.12
       NetBIOS over Tcpip. . . . . . . . : Enabled

      Tunnel adapter Teredo Tunneling Pseudo-Interface:

       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv6 Address. . . . . . . . . . . : 2001:0:d5c:5a30:ca3:30b0:3f57:fff3(Preferred) 
       Link-local IPv6 Address . . . . . : fe80::ca3:30b0:3f57:fff3%14(Preferred) 
       Default Gateway . . . . . . . . . : ::
       DHCPv6 IAID . . . . . . . . . . . : 385875968
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-14-1C-A2-00-15-5D-00-07-0B
       NetBIOS over Tcpip. . . . . . . . : Disabled

      Tunnel adapter isatap.{82B2A04C-6113-4BAE-8D97-23E984CA731E}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    If anyone can help me out here I would really appreciate it.  I've been looking at this for weeks and I just can't find the problem.  The IPV6 addresses are dynamically assigned but on production network this is not causing any problems.

    Thank you.

    Joe.

    Friday, January 27, 2017 11:00 PM

All replies

  • DNS on each server's connection properties are wrong. DC05 is missing it's own address. Put it as primary and address of other as secondary. DC07 order is wrong put own address as primary and others as secondary. Then do ipconfig /flushdns, ipconfig /registerdns on both. You can probably turn off IPv6 on the router if that's causing issues.

     

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Saturday, January 28, 2017 4:31 AM
  • Hi Dave,

    I performed the actions you recommended.  IPV4 DHCP server is disabled on router.  IPV6-Automatic and 6rd Tunnel is also disabled on router.

    Here is the new IP configuration after making my the changes you recommended:

    DC05:
      Connection-specific DNS Suffix  . :
      Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter #2
      Physical Address. . . . . . . . . : 00-15-5D-00-07-0A
      DHCP Enabled. . . . . . . . . . . : No
      Autoconfiguration Enabled . . . . : Yes
      Link-local IPv6 Address . . . . . : fe80::5d2b:cf6:33ae:edea%14(Preferred)
      IPv4 Address. . . . . . . . . . . : 192.168.0.10(Preferred)
      Subnet Mask . . . . . . . . . . . : 255.255.255.0
      Default Gateway . . . . . . . . . : 192.168.0.1
      DHCPv6 IAID . . . . . . . . . . . : 352327006
      DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-47-C8-66-00-15-5E-00-07-01
      DNS Servers . . . . . . . . . . . : 192.168.0.10
                                                    192.168.0.12
      NetBIOS over Tcpip. . . . . . . . : Enabled

    DC07:
      Connection-specific DNS Suffix  . :
      Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter
      Physical Address. . . . . . . . . : 00-15-5D-00-07-0B
      DHCP Enabled. . . . . . . . . . . : No
      Autoconfiguration Enabled . . . . : Yes
      Link-local IPv6 Address . . . . . : fe80::d41f:dfe:d48f:cf3d%12(Preferred)
      IPv4 Address. . . . . . . . . . . : 192.168.0.12(Preferred)
      Subnet Mask . . . . . . . . . . . : 255.255.255.0
      Default Gateway . . . . . . . . . : 192.168.0.1
      DHCPv6 IAID . . . . . . . . . . . : 301995357
      DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-14-1C-A2-00-15-5D-00-07-0B

      DNS Servers . . . . . . . . . . . : 192.168.0.12
                                                    192.168.0.10
      NetBIOS over Tcpip. . . . . . . . : Enabled

    Result of NSLOOKUP of DC07 from DC05:

      C:\Users\Administrator.HBM>nslookup vm-hbmcdc07.hbm.asc
      Server:  vm-hbmcdc05.hbm.asc
      Address:  192.168.0.10

      Name:    vm-hbmcdc07.hbm.asc
      Addresses:  2607:fa48:6dbe:a890:d41f:dfe:d48f:cf3d
                        fd2c:33a5:74b6:0:d41f:dfe:d48f:cf3d
                        192.168.0.12

    Result of NSLOOKUP of DC05 from DC07:

      C:\Users\Administrator.HBM>nslookup vm-hbmcdc05.hbm.asc
      Server:  vm-hbmcdc07.hbm.asc
      Address:  192.168.0.12

      Name:    vm-hbmcdc05.hbm.asc
      Addresses:  2607:fa48:6dbe:a890:5d2b:cf6:33ae:edea
                        fd2c:33a5:74b6:0:5d2b:cf6:33ae:edea
                       192.168.0.10

    AD DS servers were rebooted.  The problem persists and in the event log I see the following:

      Event ID: 1126 Error, source: Microsoft-Windows-ActiveDirectory Domain Service
      Active Directory Domain Services was unable to establish a connection with the global catalog. 

      Additional Data 
      Error value:  1355 The specified domain either does not exist or could not be contacted. 
      Internal ID:  32013fa 
     
      User Action:  Make sure a global catalog is available in the forest, and is reachable from this domain controller.   You may use the nltest utility to diagnose this problem.

    Looks like the exact same error.

    Joe.

    Saturday, January 28, 2017 2:56 PM
  • Might work through this one.

    https://technet.microsoft.com/en-us/library/cc756476%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Saturday, January 28, 2017 3:04 PM
  • Hi Dave,

    the only solution found was to take system state backups of both production domain controllers (DC05 and DC07) and do a DSRM restore of system state data on both domain controllers on the test server.  Looks like the AD DS role will no longer function correctly when the virtual DCs are moved to another host machine and in my case to another location.

    After the DSRM restore both DCs came up normally on the test host machine.

    Thank you.

    Monday, January 30, 2017 5:42 PM
  • Good to hear, sounds like your second method restored a global catalog server.

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Monday, January 30, 2017 6:02 PM
  • Hi,
    Thanks for your update and share. Could you please mark it as answer? As it will be greatly helpful to others who have the same question.
    Best regards,
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, January 31, 2017 2:06 AM
    Moderator