Trouble Upgrading Domain Controller: Can’t Log In After Migration

By
Aaron Garnes
-
0
4
Asked By TechWiz456 On

Hey everyone,

I'm reaching out because I've encountered some serious issues while upgrading a couple of our physical domain controllers to virtual machines. I planned to use the same hostname and IP for the new VMs. Here's what I did:

1. I demoted DC01 and removed its metadata using ADSI Edit.
2. Then, I deleted the DC01 computer objects from Active Directory Users and Computers (ADUC).
3. Just as a side note, DC02 holds all the FSMO roles.

Next, I built DC03 as a new Windows Server 2022 with the same hostname and IP and added it to the domain. After promoting it to a DC and restarting, I found that I couldn't log in. When I try using `repadmin`, I keep getting an error 1326 for incorrect login/password.

I can't access DC01 anymore for testing, and I can't get into Directory Services Restore Mode (DSRM) to reset the secure channel due to some UEFI boot limitations on VMware.

Any advice on how I can resolve this situation?

4 Answers

Answered By FailSafe2012 On

Definitely don't stick with the same hostname. The usual method to avoid issues is to have the new DC (like your DC03) set up with a different IP address initially. After everything is sync’d, then demote the old DC. This way, when you're ready, swap the IPs. You also shouldn't need to touch ADSI Edit here. Right now, given your situation, you might need to start fresh with a new DC to keep everything running smoothly.

Answered By BackupGuru32 On

I tried reusing the same hostname once and ran into the same issue where the login was rejected. I started over, cleaned up all old metadata as per Microsoft’s guide, and promoted the new DC again, but I kept hitting that 1326 error too. You definitely have to be careful, especially if you've done upgrades successfully before with this method—each situation can have its quirks.

Answered By NetworkNinja89 On

I’d advise against reusing the same hostname. When I migrated my DCs, every guide and resource I found mentioned it could lead to problems. Sorry I can't offer a direct fix, but you might want to consider that in the future.

Answered By DavidNotFound On

It sounds like you've made things a bit complicated by messing with ADSI Edit. It's usually better to trust the demotion and replication processes instead of trying to force things manually. Make sure you have backups since you can't access your DCs. In the future, try to resolve any replication issues during your pre-upgrade checks rather than risking it with ADSI Edit. Worst case, you might only need to adjust some IP links to get proper replication going again.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.