Domain wide DNS issues


We have recently upgraded our network and have been having constant problems since with DNS and replication.

We started with a 2003 DC running DHCP, DNS and all FSMO roles. We have built a VM 2008 DC, upgraded the forest schema and transferred all FSMO roles to this new 2008 DC. DNS has been setup and configured on this server as an AD Primary.

The 2003 DC is still online but not contactable as i have disabled the NIC until happy to dcpromo and decom from the domain.

This morning we had an issue with a VIP logging on and his profile not loading. The admin account would not show his profile on the local laptop at all in any root. Renaming his profile and logging on again only gave him a temp account. He has no roaming profile configured. We quickly realized that connection to the file server (where his user data is stored) was contactable by rdp, ping to ip and hostname but browsing to it did not show the shared folders.

Therefore i rebooted the main DC and all other servers there after.  I gave his laptop a static IP outside the DHCP scope and rebooted. This resolved the issue with the missing profile, but doesn't explain what happened in the first place. I believe this is something to with the DNS issues we are having but cant see what I'm missing.
Who is Participating?
Bruno PACIIT ConsultantCommented:
Take a look at your RDP server and at the file server that hosts users profiles. Look at the DNS configuration on them to verify that these servers are able to interrogate a reachable DNS server.

Before you stop the old DC did you think about changing IP configuration on every server so that they can interrogate DNS service on the new DC ??

Bruno PACIIT ConsultantCommented:

Did you give the GC (Global Catalog) function to your new 2008 DC ?
Clients need to contact a GC to authenticate in the domain. If you forgot to give the GC function to your new DC and shut down the old DC your users are not authenticated in the domain. They probably can opn their Windows desktop by the way of the credentials cache that exists in Windows but they can not reach any network ressource...

Does the problem appear for any user or only this one ?

Have a good day
ncomperAuthor Commented:
I have double checked the 2008 DC and it is a GC. The origional 2003 DC within Sites and Services is also still showing as a GC, would it be worth removing this role to aviod confusion?

Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

Bruno PACIIT ConsultantCommented:
Hi again,

No need to remove the GC role. Let it like this on both DCs.

Check time synchronization with command "W32TM /MONITOR" on each DC and look at the offset.
DCs in an Active Directory domain must be time synchronized and offset must be less than 5 seconds. In normal situation, if time synchronization works well you should see an offset les than one second.
ncomperAuthor Commented:
For your Ref:

SBDC01 = New 2008 DC (active)
Schdc03 = Remote site DC (active)
Schsbs2003 = Old 2003 DC (NIC disabled)

Results posted below:

C:\Windows\system32>w32tm /monitor
    ICMP: error IP_REQ_TIMED_OUT - no response in 1000m
    NTP: error ERROR_TIMEOUT - no response from server
    ICMP: 10ms delay
    NTP: -0.0104486s offset from SBDC01.Scheldebouw.loc
        RefID: SBDC01.Scheldebouw.local []
        Stratum: 2
SBDC01.Scheldebouw.local *** PDC ***[[fe80::5905:cd56:2
    ICMP: 0ms delay
    NTP: +0.0000000s offset from SBDC01.Scheldebouw.loc
        RefID: 'LOCL' [0x4C434F4C]
        Stratum: 1

Reverse name resolution is best effort. It may not be
correct since RefID field in time packets differs acros
NTP implementations and may not be using IP addresses.
If DHCP is still on your old server and you disabled the NIC then you won't be able to contact a DHCP server at all...unless you set that up on the new 2008 server.
This would explain why a static IP address worked.

Is that the case?

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.