Clicking the Finish Button

When you click the Finish button, UMove will load Active Directory into the computer. During this process your computer will reboot.

Your computer (and Active Directory) will be ready when the logon prompt appears.

How to Cancel

You can interrupt the procedure by clicking the Cancel button. UMove will stop and roll back all pending changes to the computer.

Execution Time

It will typically take about 5-15 minutes for the operation to complete depending on how fast your computer can reboot.

If you have a large NTDS.DIT database (more than one gigabyte, for example) the process may take additional time depending the speed of your disk drive.

During the first boot, if you are booting the first domain controller in a domain and the other domain controllers are not present, Windows may pause up to 15 minutes while booting as it searches for the other domain controllers. During this time Windows will display the message Preparing network connections..   The delay is normal.

In rare cases it may take up to 30 minutes to complete the first boot if DNS is not configured correctly. Be patient and the computer will eventually finish startup and present the logon screen.

If you are running Exchange, there may be an additional 10-15 minute delay during each shutdown.

Error Messages During the First 30 Minutes

When booting for the first time, some error messages may appear in the Event Log during the first 30 minutes. These error messages are normal and can be ignored. The normal error messages include those generated by NetLogon and by the NT Directory Service during the initial dynamic DNS registration of the domain controllers and the Global Catalog.

AD should stabilize within 30 minutes and the error messages will stop automatically.

The normal temporary error messages include the following:

• NetLogon: “Dynamic registration or deletion of one or more DNS records associated with DNS domain MyDomain failed.” (Event ID 5781/5782) More information.
• NetLogon: “The computer was not able to set up a secure session with a domain controller in domain DomainName due to the following: There are currently no logon servers available to service the logon request.” (Event ID 5719)
• LsaSrv: “The Security System detected an authentication error for the server MyServer. There failure code from authentication protocol Kerberos was 'There are current no logon servers available to service the logon request.'” (Event ID 40960)
• LsaSrv: “The Security System could not establish a secured connection with the server ldap/myhost.com@MYHOST.COM. No authentication protocol was available.” (Event ID 40961)
• NTDS Replication: “Active Directory could not resolve the following DNS host name of the domain controller to an IP address: ComputerName” (Event ID 2087) More information.
• NTDS General: “Active Directory attempted to communicate with the global catalog and the attempts were unsuccessful. Global catalog: ComputerName” (Event ID 1655)
• NTDS General: “Active Directory was unable to establish a connection with the global catalog.” (Event ID 1126)
• GroupPolicy: “The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.” (Event ID 1054)
• EventSystem: “The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070005 from line xxx of d:\rtm\com\complus...” (Event ID 4609). This error message is normal and expected. It appears during shutdown because Active Directory was not running at shutdown time.
• DFSR: “The DFS Replication service failed to contact the domain controller to access configuration information. Replication is stopped. The service will try again during the next configuration polling interval which will occur in 60 minutes.” (Event ID 1202).
• DfsSvc: “The DFS Namespace service could not initialize cross forest trust information on this domain controller, but will periodically retry the operation.” (Event ID 14550).
• NtFrs: “File Replication Service is scanning the data in the system volume. Computer cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL.” (Event ID 13566)
• NtFrs: “The File Replication Service moved the preexisting files in C:\windows\sysvol\domain to c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog.” (Event ID 13520). More information.
• MSDTC: “MS DTC could not correctly process a DC Promotion/Demotion event.” (Event ID 53258)
• MSMQ: “The Message Queuing sevice failed to join the computer's domain” (Event ID 2124)
• Schannel: “No suitable default server credential exists on this system. This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections. An example of such an application is the directory server. Applications that manage their own credentials, such as the internet information server, are not affected by this.” (Event ID 36782).
• Userenv: “Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted.) Group Policy processing aborted.” (Event ID 1054).
• WinRM: “The WinRM service failed to create the following SPNs: WSMAN/myhost.com; WSMAN/MyComputerName.”

The error messages shown above are norming during the first 30 minutes. If the above messages persist after 30 minutes you may need to troubleshoot your DNS settings.

For More Information

See also the topics Results of Moving Active Directory, and Unattended Operation.