Logon problems when old Domain Controller is unplugged
Posted on 2008-10-20
Windows 2003 Domain in a Windows 2000 Forest.
DC1 = NEW = Windows Server 2008 Standard 64-bit, DNS-server, DHCP-server, Global Catalog, FSMO (all 5)
DC2 = Old that is going to be removed = Windows Server 2003 R2 Standard 32-bit, DNS-server, Global Catalog
The network contains 5 subnets, of which one is on a VPN-side where static ip addresses are configured. The other 4 subnets recieves DHCP-delivered ip addresses. The clients on the VPN-side are checked that they have the right ip-settings/dns-settings.
The VPN-side subnet is a member of the site in the AD Sites and Services, where DC1 and DC2 are servers. DC2 stands as Inter-Site Topology Generator.
After the installation of DC1, the name and ip-number of DC2 were changed to new ones, and DC1 was set to use DC2:s old name and ip-number.
Before I was supposed to demote DC2, we turned it off to see that all is working fine, which it didn't do.
Some users on domain clients at the VPN-side couldn't log on, or: it took extremely long time. Also no GPOs and script were applied. As soon as DC2 were started again it worked as it should.
The clients on the 4 subnets locally at the servern (not the VPN-side) are working without problems when DC2 is shut down/unplugged.
I've run dcdiag and netdiag without errors. The firewalls are disabled on both DC1 and DC2.
Does anyone have a tip or an idea of what is wrong here? Is a solution to demote DC2, which anyway will be done in the end?