Solved

Problems after renaming domain controllers and member servers (2003/2000).

Posted on 2007-04-02
5
291 Views
Last Modified: 2012-05-05
I'm inheriting a 2003 Windows Network configured as follows:

1-2003 Small Business Server (domain controller and Exchange server, all FSMO roles)
1-2003 Server acting as a redundant domain controller
2-2000 Member Servers for additional services (DHCP, File Server, etc.)

Here are some recent changes that I am aware of...

I know that 2 new servers were added to this environment (the 2003 servers). Both of the 2000 boxes were demoted from domain controllers making the 2003 servers the only domain controllers. Everything is running at 2000 functional level. After the upgrades were completed, the machines (including domain controllers) were renamed. I know this is a new feature in 2003...All documentation I see says that the forest must be operating at 2003 functional level in order to change DC names, however I verified that the forest is running at 2000 level (not sure if this is a factor or not).

And now the problem...

Ever since these events took place, the backup server (2000 server running Backup Exec 10D) is unable to successfully authenticate with the 2003 small business server only in order to collect data via a remote agent.  After digging through the 2003 SBS, I see that  the old 2000 servers are still listed by their old names in Active Directory Sites and Services. Both of the 2003 servers are listed correctly. In Active Directory Users and Computers both 2003 servers are listed correctly as domain controllers. I am looking through event viewer and everything looks clean, no NTFRS, DNS, or Directory service errors..

How do I attack this problem? I am looking over Microsoft Article ID 316826. Is this what I need to do to resolve? I am unable to communicate with the person who performed the upgrades, etc. so I'm not sure what procedure was followed for renaming the domain controllers, etc. Hopefully someone with some experience renaming 2003 domain controllers and/or 2000 servers can point me in the right direction.
0
Comment
Question by:FIFBA
  • 2
  • 2
5 Comments
 

Author Comment

by:FIFBA
Comment Utility
I just dug a little deeper through the logs on the second 2003 DC (not SBS). I see event 53258 MSDTC could not correctly process a promotion/demotion event...It stopped about a week ago. I also see event 4193 MSDTC that seems to imply that the event is being supressed (filtering duplicate events=1).
0
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 400 total points
Comment Utility
How many users/groups are configured on this domain? How big is the Exchange store?

I ask this because renames on SBS (or anytime Exchange is in the mix) are an -ugly!!!!!- proposition.  Combine this with the fact that you're seeing many errors to begin with and you're walking into a situation in which you don't know where all of the bodies are buried, a question worth asking is: is it worth the trouble to tear your hair out fixing the existing environment, or would it be worth your sanity to blow out SBS, re-configure the domain and start fresh?  

It might be the difference between one LOOOONG weekend re-installing things versus months and months of chasing down niggling errors and things just not working quite right.

In a "big server" enterprise AD deployment I would almost never suggest this approach, but if we're only talking about 10 users on an SBS box and a few GB in the Exchange store, it might end up being the better option.

Hope this helps.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
 

Author Comment

by:FIFBA
Comment Utility
I think there are around 40 users.
0
 
LVL 15

Assisted Solution

by:MarkMichael
MarkMichael earned 100 total points
Comment Utility
Sounds like it may be a SID issue. It may be worth clearing out any of the old/nonexistant names manually from DNS/ADSIedit? I doubt raising the functional level after the event is going to help you either.
0
 
LVL 30

Expert Comment

by:LauraEHunterMVP
Comment Utility
Even with 40 users I might be tempted to just blow the whole thing out and start over.  I would much rather look at a domain and say "Yes, I'm confident that this is configured correctly because -I- did it", rather than "Good grief, what -else- did Skippy my Genius Predecessor do wrong that I haven't found out about yet?"
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Introduction At 19:33 (UST) on Tuesday 21st September the long awaited email arrived with the subject title of “ANNOUNCING THE AVAILABILITY OF WINDOWS SBS 7 PREVIEW”.  It was time to drop whatever I was doing and dedicate as much bandwidth as possi…
Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now