Clicking the Finish Button
When you click the Finish button, UMove will load Active Directory into the computer. During this process your computer will reboot.
Your computer (and Active Directory) will be ready when the logon prompt appears.
How to Cancel
You can interrupt the procedure by clicking the Cancel button. UMove will stop and roll back all pending changes to the computer.
Execution Time
It will typically take about 10-20 minutes for the operation to complete. The actual time will depend on how fast your computer can reboot.
If you have a large
If you are moving large application databases such as Exchange or SharePoint, extra time will be required.
During the first boot, if you are booting the first domain controller
in a domain and the other domain controllers are not present, Windows may
pause up to 15 minutes
while booting as it searches for the other domain controllers. During this time
Windows will display the
message
In rare cases it may take up to 30 minutes to complete the first boot if DNS is not configured correctly. Be patient and the computer will eventually finish startup and present the logon screen.
If you are running Exchange, there may be an additional 10-15 minute delay during each shutdown.
Error Messages During the First 30 Minutes
When booting for the first time, some error messages may appear in the Event Log during the first 30 minutes. These error messages are normal and can be ignored. The normal error messages include those generated by NetLogon and the NT Directory Service while waiting for the initial dynamic DNS registration of the domain controller and the Global Catalog for the first time.
AD should stabilize within 30 minutes and the error messages will stop automatically.
The normal temporary error messages include the following:
- NetLogon: “Dynamic registration or deletion of one or more DNS records associated with DNS domain MyDomain failed.” (Event ID 5781/5782) More information.
- NetLogon: “The computer was not able to set up a secure session with a domain controller in domain DomainName due to the following: There are currently no logon servers available to service the logon request.” (Event ID 5719)
- LsaSrv: “The Security System detected an authentication error for the server MyServer. There failure code from authentication protocol Kerberos was 'There are current no logon servers available to service the logon request.'” (Event ID 40960)
- LsaSrv: “The Security System could not establish a secured connection with the server ldap/myhost.com@MYHOST.COM. No authentication protocol was available.” (Event ID 40961)
- NTDS Replication: “Active Directory could not resolve the following DNS host name of the domain controller to an IP address: ComputerName” (Event ID 2087) More information.
- NTDS General: “Active Directory attempted to communicate with the global catalog and the attempts were unsuccessful. Global catalog: ComputerName” (Event ID 1655)
- NTDS General: “Active Directory was unable to establish a connection with the global catalog.” (Event ID 1126)
- GroupPolicy: “The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.” (Event ID 1054)
- EventSystem: “The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070005 from line xxx of d:\rtm\com\complus...” (Event ID 4609). This normal error message appears during shutdown because Active Directory was not running.
- DFSR: “The DFS Replication service failed to contact the domain controller to access configuration information. Replication is stopped. The service will try again during the next configuration polling interval which will occur in 60 minutes.” (Event ID 1202).
- DfsSvc: “The DFS Namespace service could not initialize cross forest trust information on this domain controller, but will periodically retry the operation.” (Event ID 14550).
- NtFrs: “File Replication Service is scanning the data in the system volume. Computer cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL.” (Event ID 13566)
- NtFrs: “The File Replication Service moved the preexisting files in
C:\windows\sysvol\domain toc:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog. ” (Event ID 13520). More information. - MSDTC: “MS DTC could not correctly process a DC Promotion/Demotion event.” (Event ID 53258). See KB923977.
- MSMQ: “The Message Queuing service failed to join the computer's domain” (Event ID 2124). See KB839929.
- SChannel: “No suitable default server credential exists on this system. This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections. An example of such an application is the directory server. Applications that manage their own credentials, such as the Internet Information Server, are not affected by this.” (Event ID 36782).
- Userenv: “Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted.) Group Policy processing aborted.” (Event ID 1054).
The error messages shown above are normal during the first 30 minutes. If the above messages persist after 30 minutes you may need to troubleshoot your DNS settings.
Benign Error Messages During Normal Operation
The following error messages may appear in the Event Log during the normal operation of the domain controller. The messages are benign and can be ignored.
- KDC: “The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified.” (Event ID 29). See KB967623.
- WinRM: “The WinRM service failed to create the following SPNs: WSMAN/myhost.com; WSMAN/MyComputerName.”
See also the topics Results of Moving Active Directory, and Unattended Operation.
