Solved

Logon problems when old Domain Controller is unplugged

Posted on 2008-10-20
4
244 Views
Last Modified: 2010-03-17
Windows 2003 Domain in a Windows 2000 Forest.

DC1 = NEW = Windows Server 2008 Standard 64-bit, DNS-server, DHCP-server, Global Catalog, FSMO (all 5)
DC2 = Old that is going to be removed = Windows Server 2003 R2 Standard 32-bit, DNS-server, Global Catalog

The network contains 5 subnets, of which one is on a VPN-side where static ip addresses are configured. The other 4 subnets recieves DHCP-delivered ip addresses. The clients on the VPN-side are checked that they have the right ip-settings/dns-settings.
The VPN-side subnet is a member of the site in the AD Sites and Services, where DC1 and DC2 are servers. DC2 stands as Inter-Site Topology Generator.

After the installation of DC1, the name and ip-number of DC2 were changed to new ones, and DC1 was set to use DC2:s old name and ip-number.

Before I was supposed to demote DC2, we turned it off to see that all is working fine, which it didn't do.
Some users on domain clients at the VPN-side couldn't log on, or: it took extremely long time. Also no GPOs and script were applied. As soon as DC2 were started again it worked as it should.
The clients on the 4 subnets locally at the servern (not the VPN-side) are working without problems when DC2 is shut down/unplugged.

I've run dcdiag and netdiag without errors. The firewalls are disabled on both DC1 and DC2.

Does anyone have a tip or an idea of what is wrong here? Is a solution to demote DC2, which anyway will be done in the end?

/C
0
Comment
Question by:polecats
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 10

Expert Comment

by:kyleb84
ID: 22762923
""After the installation of DC1, the name and ip-number of DC2 were changed to new ones, and DC1 was set to use DC2:s old name and ip-number.""

Bad move.

You should have just left it as is, then promoted the 2008 server as PDC.

If you changed the name of DC1 to DC2, and vice versa for the other server all hell would break loose in the AD config, and you'll just confuse all the servers.

You must first revert back to the way it was, demote and then remove the old server from the domain altogether.
0
 

Author Comment

by:polecats
ID: 22763019
Thanks for the answer.

The old DC name was: SERVER with ip. 192.168.0.2
I changed the name of it to: SERVER3 with ip. 192.168.0.3 using this guide: http://www.petri.co.il/windows_2003_domain_controller_rename.htm, and Netdom...
Then I namned the new DC that had the name: SERVER2 with ip. 192.168.0.8
to: SERVER with ip. 192.168.0.2

Do you think this is the problem? I mean, the only place we have this problems on are at the VPN-site, which is strange... If we turn of DC2, all traffic on non-VPN-site works fine.

PDC, there are no PDC in Windows 2k3 and 2k8, all of them work as DC, isn't it so?

You think I should revert back and use the "old" name configuration on the servers, and then demote the old DC... and then maybe change the new DC:s name (and ip). (we have scripts and other using the name of the server)
0
 
LVL 10

Expert Comment

by:kyleb84
ID: 22763182
By PDC I mean there's an authoritative DC. One that is considered "the master". There are several roles it can be the master of, but non-the-less, a PDC does still exists it just doesn't take all the load.

""You think I should revert back and use the "old" name configuration on the servers, and then demote the old DC... and then maybe change the new DC:s name (and ip). (we have scripts and other using the name of the server)""

Go back to the old way, re-write the scripts. Either way will have work to be done, re-writing scripts will give you less of a headache.
0
 

Accepted Solution

by:
polecats earned 0 total points
ID: 22812826
I solved the problem.

It had nothing to do to with the name change, but it was a really strange thing.
Nothing helped, some users could logon and some couldn't.
I upgraded the VPN router FW, and then it worked, really creapy.

/C
0

Featured Post

Free Webinar: AWS Backup & DR

Join our upcoming webinar with experts from AWS, CloudBerry Lab, and the Town of Edgartown IT to discuss best practices for simplifying online backup management and cutting costs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question