Windows Foundation Edition and Single Label domains

Good morning.  I had an interesting issue a couple of days ago I wanted to cover in depth.  I had a customer with a 2003 single label domain.  He was migrating to 2012 R2 Foundation.  He had added the Foundation server as a peer domain controller to the 2003 domain.  The problems came up when he shutdown the 2003 domain controller.  He would receive errors in the silsvc (Server Infrastructure License service) log.  Initially I was under the impression that that Foundation edition does not support single label domains and this is what I told him.  For my customer he preferred running in a workgroup configuration and so he removed active directory from the server.  I wanted to duplicate this environment in my lab to see if I could determine the root cause of the errors and if it was possible to eliminate them.

My test environment consisted of a 2003 R2 virtual machine that was cleanly loaded.  On that server, I setup a single label domain named “mydomain”.  I then installed a 2012 R2 Foundation virtual machine.  This was a significant challenge in itself.  Look for another blog post on getting 2012 R2 Foundation working in a virtual machine.  These virtual machines were linked by a private virtual switch.  Once the virtual machines were setup, I joined the 2012 R2 Foundation server to the 2003 single label domain.  I then promoted the 2012 R2 Foundation as a domain controller.  Finally I verified that replication was working and that the DNS (Domain Name System) zones were present on the 2012 R2 Foundation server.

At this point I checked the silsvc log.  All tests were passing without issue.  I then shutdown the 2003 server.  This was where things went awry.  On the next check done by silsvc the following popup was received.
popup-error

Checking the silsvc log showed two errors.  The first was an event ID 2 that stated: “The Forest Trust Check in the Licensing component did not pass because error 0x8007054B occurred in function f1 [PHQG].  The specified domain either does not exist or could not be contacted.”  This error is identical to the one I saw with my customer.  Additionally I received an event ID 38 that stated: “The Forest Trust Check detected a condition in your environment that is out of compliance with the licensing policy.  This server will be automatically shut down if the issue is not corrected in x day(s) x hour(s) x minute(s).”

forest-trust-check-failed

I then did some digging around to determine if any of the active directory tools were affected.  Everything seemed to work fine with the exception of the Active Directory Domains and Trusts.  When launching that MMC (Microsoft Management Console) I received the following error: “You cannot modify domain or trust information because a Primary Domain Controller (PDC) emulator cannot be contacted.  Please verify that the PDC emulator for the current domain and the network are both online and functioning properly.”
pdc-emulator

This explains why turning off the 2003 domain controller caused the forest trust check to fail.  The silsvc needs to be able to contact the PDC emulator to check for trusts.  If it cannot, then the check fails.  I powered up the 2003 domain controller and transferred the FSMO (Flexible Single Master Operations) roles to the Foundation server.  I was then able to shutdown the 2003 server without receiving any errors.

I hope you found this article informative.  If you have any comments or suggestions please leave them below.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s