• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 193
  • Last Modified:

Problems removing upgraded 2003 DC from domain

Please help me, this is driving me mad!
First a little of the history:
We have 2 domains 3b and 4d and they have a trust between them.
3b was a NT4 pdc upgraded to 2003 std server and DNS added (called DC3)
2 more 3b DCs were created both with DNS as I want to remove DC3
All the member servers in the 3b domain have dc1 or dc2 as their logon server in environment variables
dc1 and dc2 have all the fsmo roles and the ad schema transferred to them
Nothing is running WINS or LMhosts

When I  stop dc3 after an hour or so, delays start occuring in the data transfers between member servers, and the trust between domains stops trusting on the basis that it can no longer locate a logon server.
If I try to re-establish the trust without dc3, I get the cannot find logon server message.
If I stop the Server service on dc3 (Server, logon and browser stop) everything stays ok
When I stop the DNS service on dc3 the trust stops and I get delays after about an hour.

Does anybody have any ideas what could be causing this - I do not want to demote dc3 until I know for definite that the domain and the servers will be stable without dc3.

Thanks in advance

  • 3
1 Solution
It seems that dc3 is the primary dns, and the others are secondaries drawing their info from this;
try switching dns per this article:
Also, check in your dhcp server (server options) that this is not still listed as the first dns server
hope this helps you
EricIT Systems and Asset ManagerAuthor Commented:
Hi RobinHuman
No the dc1 is set to primary and active directory, and nslookup on all member servers point to either dc1 or dc2.
DHCP is not running.
I dare not remove the DNS service from dc3 as the delays cause reports and business services to fail.
How are your trusts configured to handle name resolution?  Check DNS in 4d and see what it's using as a forwarder address for resolution.  It might be using DC3.

I'm not sure what you mean by "logon server in environment variables"..   ??  This should be automatically chosen using DNS via sites/services.  Is this properly configured?

Also, you can't have "primary" AND "active directory"..   The AD-integrated DNS zone is writable by all servers in the domain that hold a copy).  Primary means a primary/secondary setup..


EricIT Systems and Asset ManagerAuthor Commented:
When I say environment variables I mean the set command shows logon server=dc1
Where do I configure trusts to handle name resolution?  It only asks for the domain you want to trust doesn't it?
4D is using a forwarder to 3b\dc1, however, this may be related to the whole thing, I have problems resolving non qualified names, if I use the fqdn I find the server.
So if all the servers are AD integrated, is that a bad thing?
Sites and services  - I found that it did not have a subnet configured last night - how much difference should that make?
Thanks for the suggestions so far.
EricIT Systems and Asset ManagerAuthor Commented:
I have now sort of sorted this - I have added both domain names to the NIC TCPIP settings for unqualified resolution - not ideal as I have to set up each NIC now but at least it enables me take demote the old server.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now