Problems when NT4 BDC removed from AD network
Posted on 2005-03-14
Here's our situation:
1 - Windows 2000 AD domain in mixed mode (first DC is SP2 and second DC is SP4)
2 - One NT4 (SP4) BDC (not runing any network service such as WINS or DNS or DHCP)
3 - Exchange 5.5 (SP4) on Win2K SP4 machine
4 - Various Win2K member servers (including a Citrix MetaFrame 1.8 server)
5 - Various XP, Win2K and Win98 clients
I took the BDC offline by just removing it from service. The next morning, anyone with a PC that was 1)Win98 2)Win2K or 3)WinXP upgraded from Win2K would experience really long login times and actually never get a desktop that would function. The machines would just hang. The Upgraded to WinXP machine showed nothing odd in the event logs (when I got in via safe mode). When using Citrix (off the Win2K server), email would process slowly. Also, all of the desktops that were built originally with WinXP were doing just fine.
So, putting 2 and 2 together, I brought the BDC back online and the problem went away. I couldn't find anything in any event log on either DC to point to the problem.
With the DC up again, I went to one of the clients and tried it as I shut down each available service that I could shut down on the BDC and it never caused any problems. So, the server is running but with no user-configurable services running (netlogon, server, RPC locator, computer browser, etc.) and the problem doesn't come back. It's only when the machine is completely off.
I also tried to remove the Upgraded to XP machine from the domain and re-add it (with the BDC off) but the problem persisted.
Also, on the Upgraded to XP machine, this slow down or hesitation also seemed to be happening when I took the machine out of the domain completely and rebooted it as a workgroup member - which I didn't expect. That leads me to believe that it's a computer browsing/network service sort of issue but, again, the BDC does not host any. Maybe there's another network role that I'm missing?
My guess is that it has something to do with the browsing service or communication between the DCs (i.e. they still look for the BDC for some reason and hold up the login of the clients).
Well, now I need to get this thing offline again at some point. Is there a cleaner way to remove a BDC from AD and is it just a matter of removing it and putting the domain in Native Mode to stop this from happening again. Since you can't go back from Native mode, I want to make sure I get this right the first time.
Any thoughts would be appreciated.