?
Solved

Joining a Server 2003 box to a 2008 R2 Domain

Posted on 2010-08-23
21
Medium Priority
?
345 Views
Last Modified: 2012-05-10
Hi

I have a Server 2008 R2 PDC. Within this I have another box sat just as a domain member (another 2008 ver R2 no promo just sits there all happy as file server)

I have taken a server 2003 box off of another domain and now have joined it to the above domain again as a member no promo or anything. This runs a SQL server database thats all it does.
Soon as it is a member of the above new domain I cannot RDP into it (access is denied contact your administrator) Also logging onto the machine using the domain credentials is very slow like 15 mins and still going. I have done the dns thing etc and they are ok. Is there something I am missing??  If I log on locally the machine is as bright and fast as a spark.

I have just joined 70 PC's to the new domain no problem and they work all ok.
0
Comment
Question by:rmfb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 7
  • 5
  • +1
21 Comments
 
LVL 4

Expert Comment

by:joeyw
ID: 33500583
are your server ip settings hardcoded or do they pull from dhcp.  I had this problem before and the DNS servers were hardcoded to an old server that no longer existed.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 33500937
Make sure you are only pointing to the DC for DNS you should not have external DNS servers listed.

Post ipconfig /all
0
 
LVL 4

Expert Comment

by:evilsi
ID: 33500964
Hi,
After checking the network configuration as reccommended above you could also check there are no group policies preventing RDP connections or other restrictions.

Regards
Si.
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 

Author Comment

by:rmfb
ID: 33501303
Firstly

Tried both DHCP and static and yes my server dns only points to the primary dns server on the network.

I have searched the registry for IP relating to the old server and found one and dealt with this.

No there are no policies stopping it remoting in as i can remte into the other server in the ou.

Have checked local policy and nothing.

Its almost as if the machine is not authenticating properly with 08 or something but i dont want to throw you off the scent. If I go down to local policy and try to add a account in security for ex allow logon through terminal services it hangs and tries to search active directory then eventually comes up with something.

Any ideas how to rid the system of the last domin traces etc like dns??

0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 33501357
Seems like a DNS issue or an AD issue.

Remove system off the domain and delete the computer account from AD. Reboot server.

Rejoin server to the domain.
0
 
LVL 4

Expert Comment

by:joeyw
ID: 33501519
Is the server using a one to one nat in your firewall, mapping an external address to your internal address?  If so you may have to create a rule to allow internal traffic to hit the NAT.

for the domain stuff, try nslookup.  once active, just type the server address like www.acme.com to see what ip comes back.  this will also tell you which dns server is trying to supply you the information.  Also, if these ip's changed recently, try doing a ipconfig /flushdns on your dns server to clear the cache.
0
 

Author Comment

by:rmfb
ID: 33501752
No Nats all on same network and same subnet. DNS working fine other machines log on swiftly,
dns resolves etc.

Interestingly when ever i try though to browse active directory from the server 2003 machine it says the system detected a possible attempt to compromise security. Please ensure you can contact the server that attempted to authenticated you.

This is weird.

Just joined another xp machine to the domain to show im not going mad and all went ok.

Yet from all other machines can browse active directory and other parts at will.

0
 
LVL 4

Expert Comment

by:joeyw
ID: 33501999
Was this server a DC or did it run any roles (like dns or dhcp) in the old network?  If so, you may need to stop these services.

Another thing to check is static routes. do a netstat -r and check for any persistent routes or do a tracert to see what path the server thinks it should take.
0
 

Author Comment

by:rmfb
ID: 33502200
this server did not house dhcp but it did house a dns server which has been removed all services are stopped
0
 

Author Comment

by:rmfb
ID: 33502217
if i put it back on the old domain it works perfectly again i will look at the what you suggested
0
 
LVL 4

Expert Comment

by:joeyw
ID: 33502267
Gnerally, a machine has to be a DC to run dns.  If this is the case, you need to dcpromo this server to demote it before you try to move it.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 33502786
Are you sure that the 2003 server is joined the to new domain?
0
 

Author Comment

by:rmfb
ID: 33505138
no im not sure that this machine has fully joined to the domain although it exhibits that it has. Thats what im trying to explain. It joins but has no access to the PDC because it is always denied. The acount shows in Active directory and exhibits characteristics that it hjas joined but nothing can access the dc not even if i try to add a security group to a file it cannot find the DC. It sees it but is being denied access for some reason



0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 33505303
So, remove the server from the domain then add the server to the new domain. Disable any firewalls or AVs installed.

Post ipconfig /all from server and DC.

Run dcdiag post results.
0
 

Author Comment

by:rmfb
ID: 33526058
Okay on a little more investigation I have some other news about this machine (perhaps i should have mentioned ive inherited this site).

The machine is running on a intranet its a uk schools intranet. There are several thousand schools on this intranet. The school is running a program called serco which uses IIS to promote a working website link to the program for external use. When we did a nslookup it revealed that the machine was resolving to eportal.name of school.sch.uk. Talking to the previous tech this was because the intranets techs made a dns entry on their servers to resolve this to the ip of the machine. Externally they made an entry so that the website resolved to the static ip then on to the internal (on the intranet and machine IP)>
I have now changed the ip of the machine and it is now resolving to the internal name of the machine (serverF) when i do a nslookup) But still the machine will not allow me to log on remotely (access denied). The machine hangs if i log on locally and try to add a security item (user) to a file for a test which indicatates to me it is still not finding or accessing active directory or ven the pdc. It cannot register a entry into dns on the pdc, I have repaied the lan connection and reset the winsock incase this was damaged. There must be a entry some where polluting this machine looking in the right direction but can i find it No.

I am convinced this is a dns problem now, I have done all dns tests run dcdiag on the pdc and cannot see anything untoward. Im not great on IIs so dont know where to look to see if this is a possible cause.
0
 
LVL 4

Expert Comment

by:joeyw
ID: 33526110
On the remote desktop issue, did you click on the select remote users button to see if access was limited to only remote users.  Also, if the firewall is running, i would turn it off until this situation is resolved.
0
 

Author Comment

by:rmfb
ID: 33526138
there is no firewall internally in the school on our scope only at the gateway which is controlled by the county authority. Access I have tried different configs to try to eliminate that
0
 
LVL 4

Expert Comment

by:joeyw
ID: 33526144
on the website access, since this was on a intranet, the previous admin could have locked it down to the old domain.  In IIS admin screen (found on administrative tools), right click on the website and select properties.  Choose the directory security tab and verify each of the settings.
0
 
LVL 4

Expert Comment

by:joeyw
ID: 33526161
Is the windows firewall service turned off? Also, is the server running anything like McAfee security suite that would have a firewall on or access permissions configured on the virus tab?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 33526561
Please post ipconfig /all for the server and a working DC.
0
 

Accepted Solution

by:
rmfb earned 0 total points
ID: 33625703
Okay upgraded the server to 2008 and all cured now
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question