Keeping in the spirit of my blog title "Tangent Thoughts" this is another Tangent to my recent post "Known Issues for Upgrading Active Directory to Windows Server 2008R2 from Windows 2003".  This post has two parts: 1. Everything you ever wanted to know about troubleshooting Windows Server 2008 R2 (First 5 links) and 2.A "Notes from the field" collection of errors discovered before, during and after an  actual AD upgrade from Windows Server 2003R2.  The table below is a trace record of Event IDs discovered as well as a collection from MS Support of general AD upgrade errors with KB links for remediation.  The focus is primarily on the Errors and Warnings from the Applications and Systems logs on the Windows 2003 and 2008 Servers.

NOTES FROM THE FIELD :)

  THE Kit and Kaboodle! "Troubleshooting Windows Server 2008 R2  Includes :

Directory Service Event ID /Note

Source

Comments

10009

Source: DCOM

Additional Reference

1006, 1030

Microsoft-Windows-GroupPolicy

The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed).  KB929852

1015

Microsoft-Windows-Wininit

KB976586 Error in Windows 7 or Windows Server 2008 R2 when unlocking a computer or switching users

 1058, 1129  Microsoft-Windows-GroupPolicy

 Event ID1058,   Event ID 1129

1202

SceCli

Support KB

1396 Logon Failure

 

DCDIAG reports that the Active Directory Replications has failed with error  “1396: Logon failure: The target account name is incorrect."

1533

User Profile Service

KB2661663 Stale user profile folders are not deleted completely in Windows 7 or in Windows Server 2008 R2

1722

 

KB2102154 Troubleshooting Active Directory operations that fail with error 1722: The RPC server is unavailable

4106

Group Policy Registry

KB2386730 An item-level targeting security group filter in Group Policy preferences settings does not work on a computer that is running Windows Server 2008 R2 or Windows 7 in a disjoint namespace

5

 

error code when you perform a system state backup operation

5136 Directory Service Changes

Microsoft-Windows-Security-Auditing

The Account Name, Account Domain, and Security ID fields are not populated in event ID 5136 for "Directory Service Changes" on a computer that is running Windows Server 2008 or Windows Server 2008 R2

53528

Source: MSDTC

 

5788, 5799

NETLOGON

 

8028, 6016

 

DFSR SYSVOL Fails to Migrate or Replicate, SYSVOL not shared

8524

Microsoft-Windows-ActiveDirectory_DomainService

KB2021446 Troubleshooting Active Directory operations that fail with error 8524: The DSA operation is unable to proceed because of a DNS lookup failure

948690

Access Encrypted Files after upgrade.  How to Backup the EFS Recovery Agent should be done 1st to preserve the EFS Recovery Agent

If the 1st DC from the source forest no longer exists, you cannot recover the EFS Domain Recovery Agent! PSGetSID This sysinternals utility will quickly help you to identify what the first DC was in the source domain.  RIDs are created sequentially, so the lowest number of all DCs will be the first.

Event 7030

McAfee ePolicy service account

Based on error seems that the service account needs interactive logon on the DCs

Import GPO fails

Message = “The Version Option is invalid”

Forum Post Must use same GPMC version for exporting and importing e.g. if Exported with GPMC 1.0, must import with the same.

 Active Directory Administrative Center

 FIPS-140 policy

 In our test lab, we had a group policy for FIPS-140.  Once it was applied, the administrator could open Active Directory Users and Computers, but not the newer AD Administrative Center.  Removing the policy allowed the ADAC