We had a single Windows 2000 server acting as an active directory domain controller. All the usual roles were assigned and it was a DNS server but not DHCP.
We then added a Windows 2003 R2 server to the environment; brand new hardware with a fresh install of the server OS. We joined it to the domain as a member server then attempted to install Active Directory and make it a domain controller. The idea was to replace the aging Windows 2000 server box with this new server. We had to update the domain forest to make the legacy domain compatible with Windows 2003 R2 and then the new server was able to join the domain as an AD server / controller. Obviously DNS is installed on the new box and I believed it to be correctly configured since the Active Directory wizard will generally yell at you if it's not. Everything seemed smooth so far.
Retiring the Legacy Server
Finally, yesterday, we were ready to bring the old server offline. All our data had been transferred so we started moving operations master roles to the new 2003 R2 server. They have all appeared to move correctly, with the exception of the schema master role which comes back with an FSMO error saying the current role holder could not be contacted and the role could not be transferred.
In testing, we downed the old server (despite not having the schema master role moved) and attempted to login to the domain from several workstations. The computers login with what I assume is cached domain information but if I try to browse to our 2003 R2 server and view its shares, I’m hit with a “no logon server was available to service your logon request” error. Bringing the old 2000 server back online resolves the error and users are able to login to the domain without a problem.
Obviously there is some role the old server is holding onto that I’m missing. Is the schema master role my problem? Should I attempt to seize the role? I'd hate to do that if I can avoid it. I’ve confirmed that the 2003 R2 server is the RID, PDC and Infrastructure master as well as the GC master. At least that’s what Active Directory is telling me. I've seen a few notes about DNS being the culprit in "no logon server" errors. Could that apply to me as well? Any suggestions would be appreciated.