Keeping in the spirit of my blog title "Tangent Thoughts" this is another Tangent to my recent post "Known Issues for Upgrading Active Directory to Windows Server 2008R2 from Windows 2003". This post has two parts: 1. Everything you ever wanted to know about troubleshooting Windows Server 2008 R2 (First 5 links) and 2.A "Notes from the field" collection of errors discovered before, during and after an actual AD upgrade from Windows Server 2003R2. The table below is a trace record of Event IDs discovered as well as a collection from MS Support of general AD upgrade errors with KB links for remediation. The focus is primarily on the Errors and Warnings from the Applications and Systems logs on the Windows 2003 and 2008 Servers.
NOTES FROM THE FIELD :)
THE Kit and Kaboodle! "Troubleshooting Windows Server 2008 R2 Includes :
Directory Service Event ID /Note
The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). KB929852
KB976586 Error in Windows 7 or Windows Server 2008 R2 when unlocking a computer or switching users
Event ID1058, Event ID 1129
1396 Logon Failure
DCDIAG reports that the Active Directory Replications has failed with error “1396: Logon failure: The target account name is incorrect."
User Profile Service
KB2661663 Stale user profile folders are not deleted completely in Windows 7 or in Windows Server 2008 R2
KB2102154 Troubleshooting Active Directory operations that fail with error 1722: The RPC server is unavailable
Group Policy Registry
KB2386730 An item-level targeting security group filter in Group Policy preferences settings does not work on a computer that is running Windows Server 2008 R2 or Windows 7 in a disjoint namespace
error code when you perform a system state backup operation
5136 Directory Service Changes
The Account Name, Account Domain, and Security ID fields are not populated in event ID 5136 for "Directory Service Changes" on a computer that is running Windows Server 2008 or Windows Server 2008 R2
DFSR SYSVOL Fails to Migrate or Replicate, SYSVOL not shared
KB2021446 Troubleshooting Active Directory operations that fail with error 8524: The DSA operation is unable to proceed because of a DNS lookup failure
Access Encrypted Files after upgrade. How to Backup the EFS Recovery Agent should be done 1st to preserve the EFS Recovery Agent
If the 1st DC from the source forest no longer exists, you cannot recover the EFS Domain Recovery Agent! PSGetSID This sysinternals utility will quickly help you to identify what the first DC was in the source domain. RIDs are created sequentially, so the lowest number of all DCs will be the first.
McAfee ePolicy service account
Based on error seems that the service account needs interactive logon on the DCs
Import GPO fails
Message = “The Version Option is invalid”
Forum Post Must use same GPMC version for exporting and importing e.g. if Exported with GPMC 1.0, must import with the same.
Active Directory Administrative Center
In our test lab, we had a group policy for FIPS-140. Once it was applied, the administrator could open Active Directory Users and Computers, but not the newer AD Administrative Center. Removing the policy allowed the ADAC