Solved

Logon problems when old Domain Controller is unplugged

Posted on 2008-10-20
4
243 Views
Last Modified: 2010-03-17
Windows 2003 Domain in a Windows 2000 Forest.

DC1 = NEW = Windows Server 2008 Standard 64-bit, DNS-server, DHCP-server, Global Catalog, FSMO (all 5)
DC2 = Old that is going to be removed = Windows Server 2003 R2 Standard 32-bit, DNS-server, Global Catalog

The network contains 5 subnets, of which one is on a VPN-side where static ip addresses are configured. The other 4 subnets recieves DHCP-delivered ip addresses. The clients on the VPN-side are checked that they have the right ip-settings/dns-settings.
The VPN-side subnet is a member of the site in the AD Sites and Services, where DC1 and DC2 are servers. DC2 stands as Inter-Site Topology Generator.

After the installation of DC1, the name and ip-number of DC2 were changed to new ones, and DC1 was set to use DC2:s old name and ip-number.

Before I was supposed to demote DC2, we turned it off to see that all is working fine, which it didn't do.
Some users on domain clients at the VPN-side couldn't log on, or: it took extremely long time. Also no GPOs and script were applied. As soon as DC2 were started again it worked as it should.
The clients on the 4 subnets locally at the servern (not the VPN-side) are working without problems when DC2 is shut down/unplugged.

I've run dcdiag and netdiag without errors. The firewalls are disabled on both DC1 and DC2.

Does anyone have a tip or an idea of what is wrong here? Is a solution to demote DC2, which anyway will be done in the end?

/C
0
Comment
Question by:polecats
  • 2
  • 2
4 Comments
 
LVL 10

Expert Comment

by:kyleb84
ID: 22762923
""After the installation of DC1, the name and ip-number of DC2 were changed to new ones, and DC1 was set to use DC2:s old name and ip-number.""

Bad move.

You should have just left it as is, then promoted the 2008 server as PDC.

If you changed the name of DC1 to DC2, and vice versa for the other server all hell would break loose in the AD config, and you'll just confuse all the servers.

You must first revert back to the way it was, demote and then remove the old server from the domain altogether.
0
 

Author Comment

by:polecats
ID: 22763019
Thanks for the answer.

The old DC name was: SERVER with ip. 192.168.0.2
I changed the name of it to: SERVER3 with ip. 192.168.0.3 using this guide: http://www.petri.co.il/windows_2003_domain_controller_rename.htm, and Netdom...
Then I namned the new DC that had the name: SERVER2 with ip. 192.168.0.8
to: SERVER with ip. 192.168.0.2

Do you think this is the problem? I mean, the only place we have this problems on are at the VPN-site, which is strange... If we turn of DC2, all traffic on non-VPN-site works fine.

PDC, there are no PDC in Windows 2k3 and 2k8, all of them work as DC, isn't it so?

You think I should revert back and use the "old" name configuration on the servers, and then demote the old DC... and then maybe change the new DC:s name (and ip). (we have scripts and other using the name of the server)
0
 
LVL 10

Expert Comment

by:kyleb84
ID: 22763182
By PDC I mean there's an authoritative DC. One that is considered "the master". There are several roles it can be the master of, but non-the-less, a PDC does still exists it just doesn't take all the load.

""You think I should revert back and use the "old" name configuration on the servers, and then demote the old DC... and then maybe change the new DC:s name (and ip). (we have scripts and other using the name of the server)""

Go back to the old way, re-write the scripts. Either way will have work to be done, re-writing scripts will give you less of a headache.
0
 

Accepted Solution

by:
polecats earned 0 total points
ID: 22812826
I solved the problem.

It had nothing to do to with the name change, but it was a really strange thing.
Nothing helped, some users could logon and some couldn't.
I upgraded the VPN router FW, and then it worked, really creapy.

/C
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question