Domain Controller and Bes Server Interaction
Okay I am trying to decomission a WIN2k Domain Controller that acts as a Global Catalog. I already have two Win2k3 Servers that are holding all DC roles as well as one that is a GC. I shutdown the WIN2K DC to see what would break if anything before I decomissioned.
Sure Enough the BES server stopped sending out Message to Blackberries. I check the Log and I have tons of Error Messages. When I turned the Win2k DC back on and rebooted the BES server everything worked fine. Now I rebooted the BES server prior to turning up the WIN2K DC figuring I just needed to re authenticate to the Domain with the service account but no good...
Bottom line is how can I make sure that the BES server is going to work off the WIN2K3 DC's?
Sure Enough the BES server stopped sending out Message to Blackberries. I check the Log and I have tons of Error Messages. When I turned the Win2k DC back on and rebooted the BES server everything worked fine. Now I rebooted the BES server prior to turning up the WIN2K DC figuring I just needed to re authenticate to the Domain with the service account but no good...
Bottom line is how can I make sure that the BES server is going to work off the WIN2K3 DC's?
AJermo
Most likely the BES is contacting it's closest DC which happens to be offline. It does this by a DNS lookup. IF you actually and correctly remove the DC from AD then BES will contact a new DC after restarting the services.
ASKER
But when I shut down the WIN2K DC shouldnt it have gone to the next available DC regardless of whether I properly decomissioned it or not? I mean I rebooted the BES after shutting down the WIN2K DC after which shouldnt it have found the WIN2K3 Server that is acting as GC which I am going to assume if the hitch to all this.... Similiar to Exchange.....
Interesting....
Reboting the BES server after turning off the win2k machine was a good idea, I am surprised that it did not authenticate with a good DC when it came back up. While turning off the DC is not a perfect test as you Ad is "broken" at that point. It should work, at least after a reboot all machines should use the good DCs. I am not aware of any ways to specifically point something on BES to a particular DC.
What were the error messages after rebooting the BES server with the DC down?
Could you log on to the BES service account on the BES console?
Have you checked the DNS ssetting of the BES server so they point to the new DC/DNS servers. (I am assuming here that you are doing dynamic DNS on your DCs)
All you really should have to do is to correctly (and fully) remove the win2k DC from your AD.
Removing it as a GC would be good first and then demoting it.
Below are some articles I found usefull when the demotion did not go smoothly.
Greg J
How to remove data in Active Directory after an unsuccessful domain controller demotion
http://support.microsoft.com/kb/216498
Forcibly Removing Active Directory from a DC
http://www.petri.co.il/forcibly_removing_active_directoy_from_dc.htm
Reboting the BES server after turning off the win2k machine was a good idea, I am surprised that it did not authenticate with a good DC when it came back up. While turning off the DC is not a perfect test as you Ad is "broken" at that point. It should work, at least after a reboot all machines should use the good DCs. I am not aware of any ways to specifically point something on BES to a particular DC.
What were the error messages after rebooting the BES server with the DC down?
Could you log on to the BES service account on the BES console?
Have you checked the DNS ssetting of the BES server so they point to the new DC/DNS servers. (I am assuming here that you are doing dynamic DNS on your DCs)
All you really should have to do is to correctly (and fully) remove the win2k DC from your AD.
Removing it as a GC would be good first and then demoting it.
Below are some articles I found usefull when the demotion did not go smoothly.
Greg J
How to remove data in Active Directory after an unsuccessful domain controller demotion
http://support.microsoft.com/kb/216498
Forcibly Removing Active Directory from a DC
http://www.petri.co.il/forcibly_removing_active_directoy_from_dc.htm
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Okay I shutdown the 2K DC and rebooted Exchange and then rebooted the BES server and I am looking good right now.. If I make it through the day like that gjacknow1 you will get all the points... That is awesome because I can confidently decomission this last 2kDC.... Thanks!
Cool, I hope it keeps working.
I am always annoyed that exchange does not start using a different DC more quickly when one goes down.
Don't forget to decomision your DC "gracefully" with the dcpromo command.
Greg J
I am always annoyed that exchange does not start using a different DC more quickly when one goes down.
Don't forget to decomision your DC "gracefully" with the dcpromo command.
Greg J
ASKER
Yeah its just that this DC was the original and first... So I wanted to make sure I Was good before I proceeded with decomissioning it properly....
alternetly you can lookup the DC with the problem in the registry and edit the key to point to the new Domain Controller, be sure to reboot after you do this. BES users a MAPI profile that has the key in Registry that doesnt change unless you reboot or change it manually. BEST to change it manually, you might be able to just restart the BES services but that's up to you.