Problems removing upgraded 2003 DC from domain

Posted on 2008-11-12
Last Modified: 2012-05-05
Please help me, this is driving me mad!
First a little of the history:
We have 2 domains 3b and 4d and they have a trust between them.
3b was a NT4 pdc upgraded to 2003 std server and DNS added (called DC3)
2 more 3b DCs were created both with DNS as I want to remove DC3
All the member servers in the 3b domain have dc1 or dc2 as their logon server in environment variables
dc1 and dc2 have all the fsmo roles and the ad schema transferred to them
Nothing is running WINS or LMhosts

When I  stop dc3 after an hour or so, delays start occuring in the data transfers between member servers, and the trust between domains stops trusting on the basis that it can no longer locate a logon server.
If I try to re-establish the trust without dc3, I get the cannot find logon server message.
If I stop the Server service on dc3 (Server, logon and browser stop) everything stays ok
When I stop the DNS service on dc3 the trust stops and I get delays after about an hour.

Does anybody have any ideas what could be causing this - I do not want to demote dc3 until I know for definite that the domain and the servers will be stable without dc3.

Thanks in advance

Question by:Eric
    LVL 13

    Expert Comment

    It seems that dc3 is the primary dns, and the others are secondaries drawing their info from this;
    try switching dns per this article:
    Also, check in your dhcp server (server options) that this is not still listed as the first dns server
    hope this helps you

    Author Comment

    Hi RobinHuman
    No the dc1 is set to primary and active directory, and nslookup on all member servers point to either dc1 or dc2.
    DHCP is not running.
    I dare not remove the DNS service from dc3 as the delays cause reports and business services to fail.
    LVL 18

    Expert Comment

    How are your trusts configured to handle name resolution?  Check DNS in 4d and see what it's using as a forwarder address for resolution.  It might be using DC3.

    I'm not sure what you mean by "logon server in environment variables"..   ??  This should be automatically chosen using DNS via sites/services.  Is this properly configured?

    Also, you can't have "primary" AND "active directory"..   The AD-integrated DNS zone is writable by all servers in the domain that hold a copy).  Primary means a primary/secondary setup..



    Author Comment

    When I say environment variables I mean the set command shows logon server=dc1
    Where do I configure trusts to handle name resolution?  It only asks for the domain you want to trust doesn't it?
    4D is using a forwarder to 3b\dc1, however, this may be related to the whole thing, I have problems resolving non qualified names, if I use the fqdn I find the server.
    So if all the servers are AD integrated, is that a bad thing?
    Sites and services  - I found that it did not have a subnet configured last night - how much difference should that make?
    Thanks for the suggestions so far.

    Accepted Solution

    I have now sort of sorted this - I have added both domain names to the NIC TCPIP settings for unqualified resolution - not ideal as I have to set up each NIC now but at least it enables me take demote the old server.

    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
    BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (, affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now