Win2003 dc & workstations freeze-ups

We used to have 2 Domain Controllers on the network: one is Win 2003  and
another one is Win 2000. All the workstations are Windows XP. We replaced
the Windows 2000 dc with a new windows 2003 DC during xmas but had problem when tried to demote the w2k DC, so the win2k DC was not demoted and my collegue just powered it off and unplugged from the network. since then we have intermitent network problems:  The workstaions and servers often hang , the servers seem to recover after 10 - 20 minutes, but the
workstations had to be rebooted; Internet Explorer often load up with Visio
basic debug message, if users click no, then the Internet explorere closes
itself; it is very slow to access any documents saved on the server. We
checked everything we could think off, but could not find out what's causing
the problems. I had 3 consultans on-site and they could not find the problem either.

Your help is much appreciated

Susanne
susanne_zhangAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ryansotoCommented:
First thing to check is your DNS.  Check the tcpip properties for the lan connection, the DNS server should point to itself then in DNS you should have  a forwarder pointing to your ISP dns server.
Also when you brought the new server up did you also make it a global catalog server?  Did you rin adprep and forest prep on the old box.
What happened when you tried to demote it?
0
susanne_zhangAuthor Commented:
Thank you very much for your reply. My collegue did not tell me how he did it even I asked him many times, so I did not know the details. I checked the DNS, it is pointing to itself and another Win2003 dc (we have two DNS servers all the time). I found out a few problems with DNS and DHCP, but all've been fixed. But the 2 dcs and workstations seem have the same problem. How can I check whether the new DC is global catalog server?

Regarding the old win2k dc, I do not think he has done anything to it. when I asked him why he did not demote the w2k dc, he said he could not because the old dc looked for the win2003 dc (not the new one) and could not establish the connection. So he unplugged it from the network and powered the old win2k dc off. I asked whether we could put the win2k dc back to the network, he said that's impossible coz the ad is corrupted.

0
ryansotoCommented:
Global catalog -
Active directory sites and services>Sites>Default First Site name> Servers>Servername>right click and on the general tab there should be a check mark in Global catalog.
You can have both DC's global catalogs.

Also you should download and run dcdiag to see what issues it reports
http://technet2.microsoft.com/windowsserver/en/library/f7396ad6-0baa-4e66-8d18-17f83c5e4e6c1033.mspx?mfr=true


What issues did you fix for DNS/DHCP.
Also it is best to have the DNS server point to itself with NO alternate DNS server in tcpip properties then in the forwarder section of DNS set this up to go out to your ISP DNS.
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

susanne_zhangAuthor Commented:
Both DCs are global catalog servers. I tried that on the old DC & the new one. It passed
the netdiag completely. with dcdiag I had one error message on both DCs:

Systemlog

An error event occured. Event ID: 0x00000457. Time generated:
01/23/2008 09:42:10
<Event String could not be retrived>
<DCname> failed test systemlog

But I thought this is just a report of a failure from the Event Logs, usually nothing too much to worry about. There is not any serious errors or warnings logged in the event logs when I checked on the two DCs except "Application Hang (101)", all the workstations have the same error message in the event log.
0
ryansotoCommented:
When the issue occurs do you have any error logs?
0
susanne_zhangAuthor Commented:
yes, the only error message I am getting is "Application Hang" for the DCs and workstations
0
ryansotoCommented:
Here is how to remove the left over from the old DC

http://support.microsoft.com/default.aspx?scid=kb;en-us;216498&Product=win2000
0
susanne_zhangAuthor Commented:
When I chaned the forwarders to our ISP's DNS, the microsoft website does not work. so I changed it back to the current ones, which I do not quite understand though.

also found more error messages in Directory Service and I am attaching the file. It does say it may slow down the network.
NTDC-replication---Deltac-DC.doc
0
ryansotoCommented:
Did you clean up AD by using the link above?  It cleans up metadata when domain controllers are just taken off the network without demotion.
Also in regards to the forwarder what DNS server provides lookup to the clients now?  Root hints?
Your ISP's DNS should work just fine unless they blacklist MS for some reason but I doubt thats the case.  After you chnaged the forwarders on the client machine did you do an ipconfig /flushdns
0
susanne_zhangAuthor Commented:
All the meta data has been cleaned up while ago. Thanks

I tried to demote the old win2k dc again.  I had the error message:

The operation failed because:

Failed finding a suitable domain controller for the domain <domainname>

"The security database on the server does not have a computer account for this workstattion trust relationship"

Do you think the NTDS replication error cause the network to hang?
0
ryansotoCommented:
Its very possible thats whats causing the hang up.
Can you nail down a time when the issue occurs do you have corresponding error logs (for replication) during the same time
0
ryansotoCommented:
Here is another article on removing a dead domain controller
0
susanne_zhangAuthor Commented:
I cleared up all the meta data already. But the network still has exactly the same problem.When I noticed the replication error messages, I raised the domain and forest functional level to windows 2003 because it used to be winodws 2000 native. It did not solve the problem.
0
ryansotoCommented:
When the network freezes you start getting those messages in AD replication right?
0
susanne_zhangAuthor Commented:
It is difficult to say coz workstations often freeze-up around 12.00pm afterwards. It might be coincidence now as we had the same error messages before and the network worked perfect. It's driving everybody mad.
0
ryansotoCommented:
Short of rebuilding the domain I am out of ideas.  Did you give MS a call?
0
susanne_zhangAuthor Commented:
I am thinking to give MS a call. Thank you very much for all your help
0
ryansotoCommented:
Anytime.  Post back with steps taken and a resolution if one is found
0
Computer101Commented:
PAQed with points refunded (500)

Computer101
EE Admin
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.