kerberos 4 authentication error after migration of computer with ADMT3.0
hello.
i'm trying migrate computers 2000sp4 domain 2003x64sp2 in virtual lab environment using admt v3.0
so, 1 network/subnet (192.168.33/24), 1 dc each domain, 1 dns-server on each dc, cross-forwarders setup on both dns-servers each other, dhcp setup onto 'old' domain gives clients both dns servers, 'old' , 'new'.
after migrate computer, can't access unc \\clientxp client, say, clientxp2. receive 'logon failure: target account name incorrect." error , known kerberos error in event log:
perfect, decription case: identically named machine account in target , client realms. migrated machine one.
but, question is, there nothing in migration guide issue. more then, access resource using fqdn or ip-address unc name, in real environment there users mapped drives, scripts , such use short unc.
then, have during migration these errors in log:
these mean , have matter on question? didn't manage find errors in behavior of computer after delete record old ad.
now, questions:
1. supposed manually delete migrated computer records old ad? if this, gain access in same second, not needing reboot or such.
2. after migration have dns on computer still setup 'old dns', 'new dns' setup in dhcp. have 'the domain list creating' stuck on logon screen fixed ctrl+alt+del, logging , changing dns 'new dns' setting. best way of automating this? or should deal dns/dhcp migration in other way?
upd . there assumption in correspondent russian group problem arise due single subnet on both domains. done in production can't check option.
i'm trying migrate computers 2000sp4 domain 2003x64sp2 in virtual lab environment using admt v3.0
so, 1 network/subnet (192.168.33/24), 1 dc each domain, 1 dns-server on each dc, cross-forwarders setup on both dns-servers each other, dhcp setup onto 'old' domain gives clients both dns servers, 'old' , 'new'.
after migrate computer, can't access unc \\clientxp client, say, clientxp2. receive 'logon failure: target account name incorrect." error , known kerberos error in event log:
the kerberos client received krb_ap_err_modified error server clientxp$.
indicates password used encrypt kerberos service ticket
different on target server. commonly, due identically
named machine accounts in target realm (newdomain.local), , client realm.
perfect, decription case: identically named machine account in target , client realms. migrated machine one.
but, question is, there nothing in migration guide issue. more then, access resource using fqdn or ip-address unc name, in real environment there users mapped drives, scripts , such use short unc.
then, have during migration these errors in log:
attempt update dns host name of computer object in active directory failed.
updated value 'clientxp2.olddomain.vm'. following error occurred:
parameter incorrect.
attempt update host service principal names (spns) of computer object in
active directory failed. updated values 'host/clientxp2.olddomain.vm'
, 'host/clientxp2'. following error occurred:
parameter incorrect.
these mean , have matter on question? didn't manage find errors in behavior of computer after delete record old ad.
now, questions:
1. supposed manually delete migrated computer records old ad? if this, gain access in same second, not needing reboot or such.
2. after migration have dns on computer still setup 'old dns', 'new dns' setup in dhcp. have 'the domain list creating' stuck on logon screen fixed ctrl+alt+del, logging , changing dns 'new dns' setting. best way of automating this? or should deal dns/dhcp migration in other way?
upd . there assumption in correspondent russian group problem arise due single subnet on both domains. done in production can't check option.
Windows Server > Migration
Comments
Post a Comment