Solved

Logon problems when old Domain Controller is unplugged

Posted on 2008-10-20
4
239 Views
Last Modified: 2010-03-17
Windows 2003 Domain in a Windows 2000 Forest.

DC1 = NEW = Windows Server 2008 Standard 64-bit, DNS-server, DHCP-server, Global Catalog, FSMO (all 5)
DC2 = Old that is going to be removed = Windows Server 2003 R2 Standard 32-bit, DNS-server, Global Catalog

The network contains 5 subnets, of which one is on a VPN-side where static ip addresses are configured. The other 4 subnets recieves DHCP-delivered ip addresses. The clients on the VPN-side are checked that they have the right ip-settings/dns-settings.
The VPN-side subnet is a member of the site in the AD Sites and Services, where DC1 and DC2 are servers. DC2 stands as Inter-Site Topology Generator.

After the installation of DC1, the name and ip-number of DC2 were changed to new ones, and DC1 was set to use DC2:s old name and ip-number.

Before I was supposed to demote DC2, we turned it off to see that all is working fine, which it didn't do.
Some users on domain clients at the VPN-side couldn't log on, or: it took extremely long time. Also no GPOs and script were applied. As soon as DC2 were started again it worked as it should.
The clients on the 4 subnets locally at the servern (not the VPN-side) are working without problems when DC2 is shut down/unplugged.

I've run dcdiag and netdiag without errors. The firewalls are disabled on both DC1 and DC2.

Does anyone have a tip or an idea of what is wrong here? Is a solution to demote DC2, which anyway will be done in the end?

/C
0
Comment
Question by:polecats
  • 2
  • 2
4 Comments
 
LVL 10

Expert Comment

by:kyleb84
ID: 22762923
""After the installation of DC1, the name and ip-number of DC2 were changed to new ones, and DC1 was set to use DC2:s old name and ip-number.""

Bad move.

You should have just left it as is, then promoted the 2008 server as PDC.

If you changed the name of DC1 to DC2, and vice versa for the other server all hell would break loose in the AD config, and you'll just confuse all the servers.

You must first revert back to the way it was, demote and then remove the old server from the domain altogether.
0
 

Author Comment

by:polecats
ID: 22763019
Thanks for the answer.

The old DC name was: SERVER with ip. 192.168.0.2
I changed the name of it to: SERVER3 with ip. 192.168.0.3 using this guide: http://www.petri.co.il/windows_2003_domain_controller_rename.htm, and Netdom...
Then I namned the new DC that had the name: SERVER2 with ip. 192.168.0.8
to: SERVER with ip. 192.168.0.2

Do you think this is the problem? I mean, the only place we have this problems on are at the VPN-site, which is strange... If we turn of DC2, all traffic on non-VPN-site works fine.

PDC, there are no PDC in Windows 2k3 and 2k8, all of them work as DC, isn't it so?

You think I should revert back and use the "old" name configuration on the servers, and then demote the old DC... and then maybe change the new DC:s name (and ip). (we have scripts and other using the name of the server)
0
 
LVL 10

Expert Comment

by:kyleb84
ID: 22763182
By PDC I mean there's an authoritative DC. One that is considered "the master". There are several roles it can be the master of, but non-the-less, a PDC does still exists it just doesn't take all the load.

""You think I should revert back and use the "old" name configuration on the servers, and then demote the old DC... and then maybe change the new DC:s name (and ip). (we have scripts and other using the name of the server)""

Go back to the old way, re-write the scripts. Either way will have work to be done, re-writing scripts will give you less of a headache.
0
 

Accepted Solution

by:
polecats earned 0 total points
ID: 22812826
I solved the problem.

It had nothing to do to with the name change, but it was a really strange thing.
Nothing helped, some users could logon and some couldn't.
I upgraded the VPN router FW, and then it worked, really creapy.

/C
0

Join & Write a Comment

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now