Problems removing upgraded 2003 DC from domain
Please help me, this is driving me mad!
First a little of the history:
We have 2 domains 3b and 4d and they have a trust between them.
3b was a NT4 pdc upgraded to 2003 std server and DNS added (called DC3)
2 more 3b DCs were created both with DNS as I want to remove DC3
All the member servers in the 3b domain have dc1 or dc2 as their logon server in environment variables
dc1 and dc2 have all the fsmo roles and the ad schema transferred to them
Nothing is running WINS or LMhosts
PROBLEM:
When I stop dc3 after an hour or so, delays start occuring in the data transfers between member servers, and the trust between domains stops trusting on the basis that it can no longer locate a logon server.
If I try to re-establish the trust without dc3, I get the cannot find logon server message.
If I stop the Server service on dc3 (Server, logon and browser stop) everything stays ok
When I stop the DNS service on dc3 the trust stops and I get delays after about an hour.
Does anybody have any ideas what could be causing this - I do not want to demote dc3 until I know for definite that the domain and the servers will be stable without dc3.
Thanks in advance
First a little of the history:
We have 2 domains 3b and 4d and they have a trust between them.
3b was a NT4 pdc upgraded to 2003 std server and DNS added (called DC3)
2 more 3b DCs were created both with DNS as I want to remove DC3
All the member servers in the 3b domain have dc1 or dc2 as their logon server in environment variables
dc1 and dc2 have all the fsmo roles and the ad schema transferred to them
Nothing is running WINS or LMhosts
PROBLEM:
When I stop dc3 after an hour or so, delays start occuring in the data transfers between member servers, and the trust between domains stops trusting on the basis that it can no longer locate a logon server.
If I try to re-establish the trust without dc3, I get the cannot find logon server message.
If I stop the Server service on dc3 (Server, logon and browser stop) everything stays ok
When I stop the DNS service on dc3 the trust stops and I get delays after about an hour.
Does anybody have any ideas what could be causing this - I do not want to demote dc3 until I know for definite that the domain and the servers will be stable without dc3.
Thanks in advance
ASKER
Hi RobinHuman
No the dc1 is set to primary and active directory, and nslookup on all member servers point to either dc1 or dc2.
DHCP is not running.
I dare not remove the DNS service from dc3 as the delays cause reports and business services to fail.
No the dc1 is set to primary and active directory, and nslookup on all member servers point to either dc1 or dc2.
DHCP is not running.
I dare not remove the DNS service from dc3 as the delays cause reports and business services to fail.
How are your trusts configured to handle name resolution? Check DNS in 4d and see what it's using as a forwarder address for resolution. It might be using DC3.
I'm not sure what you mean by "logon server in environment variables".. ?? This should be automatically chosen using DNS via sites/services. Is this properly configured?
Also, you can't have "primary" AND "active directory".. The AD-integrated DNS zone is writable by all servers in the domain that hold a copy). Primary means a primary/secondary setup..
HTH,
exx
I'm not sure what you mean by "logon server in environment variables".. ?? This should be automatically chosen using DNS via sites/services. Is this properly configured?
Also, you can't have "primary" AND "active directory".. The AD-integrated DNS zone is writable by all servers in the domain that hold a copy). Primary means a primary/secondary setup..
HTH,
exx
ASKER
Hi
When I say environment variables I mean the set command shows logon server=dc1
Where do I configure trusts to handle name resolution? It only asks for the domain you want to trust doesn't it?
4D is using a forwarder to 3b\dc1, however, this may be related to the whole thing, I have problems resolving non qualified names, if I use the fqdn I find the server.
So if all the servers are AD integrated, is that a bad thing?
Sites and services - I found that it did not have a subnet configured last night - how much difference should that make?
Thanks for the suggestions so far.
When I say environment variables I mean the set command shows logon server=dc1
Where do I configure trusts to handle name resolution? It only asks for the domain you want to trust doesn't it?
4D is using a forwarder to 3b\dc1, however, this may be related to the whole thing, I have problems resolving non qualified names, if I use the fqdn I find the server.
So if all the servers are AD integrated, is that a bad thing?
Sites and services - I found that it did not have a subnet configured last night - how much difference should that make?
Thanks for the suggestions so far.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
try switching dns per this article:
http://support.microsoft.com/kb/323383
Also, check in your dhcp server (server options) that this is not still listed as the first dns server
hope this helps you