Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

I migrated Active Directory 2003 Domain Controller to 2008, Moved DHCP to 2008 R2. When I turn off the 2003 then the Internet access becomes very slow.

Posted on 2011-10-16
25
Medium Priority
?
283 Views
Last Modified: 2012-06-22
I completed the Primary AD DC from 2003 to 2008 R2, setup and moved the DHCP to 2008 R2. I changed the primary DNS setup in DHCP property to the new 2008 IP address.
I did not not demote the 2003 AD DC yet. I shut it down and realized the Internet access became extremely slow.
I can't think of anything that I have missed to complete the migration. Please help!

Thanks
Jay
0
Comment
Question by:Jay555
  • 15
  • 9
25 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 36976504
See if you have any forwarders setup on the 2003 box or are you just using root hints for internet resolution.


Thanks

Mike
0
 

Author Comment

by:Jay555
ID: 36976518
I will check it and let you know. I forgot to mention that DHCP is disabled on 2003 box.

Thanks

Jay
0
 
LVL 14

Expert Comment

by:JAN PAKULA
ID: 36976532
do you have option 4 set up properly in dhcp scope options *default router,gateway)
is your DNS is configured properly on client and server (gp to point to  dns server)

http://support.microsoft.com/kb/294785

Also check if you clients dns registry points to right dns server ip

http://technet.microsoft.com/en-us/library/dd197418(WS.10).aspx

JAN MA CCNA

0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:Jay555
ID: 36976556
On my 2003 box forwarders, under Interfaces I only have the 2003 box IP, not the private IP of 2008R2 box
0
 

Author Comment

by:Jay555
ID: 36976596
Janpakula,

Where is tghe option 4 ?
0
 

Author Comment

by:Jay555
ID: 36976597
Janpakula,

Sorry for typo. Could you please explain more about option 4?
0
 
LVL 14

Expert Comment

by:JAN PAKULA
ID: 36976652
http://technet.microsoft.com/en-us/library/cc958929.aspx


 option 3 = router (default gateway on subnet)
0
 

Author Comment

by:Jay555
ID: 36979430
Jampakula,

I have the router configured properly.
0
 

Author Comment

by:Jay555
ID: 36979562
Could someone help me how to view a gp to point to  dns server?

Thanks
0
 
LVL 14

Expert Comment

by:JAN PAKULA
ID: 36979893
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient]
"NameServer"="1192.168.1.25"


save as .reg and change ip address to you dns server

or gp it is in

go to gp editor
create and ling new group policy

It is in Computer Configuration\Policies\Administrative
Templates\Network\DNS Client - "DNS Servers".

change to enabled + add ip address


0
 

Author Comment

by:Jay555
ID: 36981446
I followed all the instructions.
 I stopped DNS service on old 2003 primary domain controller, immediately found that I was not able to browse any web site. Then I started the DNS service web browsing turned to work seamlessly.
I also have to mention that DHCP on 2003 has been disabled since mid last week.
Does anybody think by stopping DNS service on 2003, I caused stopping DNS service on whole domain?
Here is screen shut of my desktop IP config:
Old 2003 DC 10.1.0.1
New 2008 R2 DC 10.1.0.18
Gateway/Router 10.1.0.2


Windows IP Configuration



        Host Name . . . . . . . . . . . . : MC191

        Primary Dns Suffix  . . . . . . . : MAIN.com

        Node Type . . . . . . . . . . . . : Hybrid

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . : MAIN.com

                                            main.com



Ethernet adapter Local Area Connection:



        Connection-specific DNS Suffix  . : main.com

        Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet

        Physical Address. . . . . . . . . : 00-25-64-8C-7E-B0

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 10.1.0.101

        Subnet Mask . . . . . . . . . . . : 255.255.254.0

        Default Gateway . . . . . . . . . : 10.1.0.2

        DHCP Server . . . . . . . . . . . : 10.1.0.18

        DNS Servers . . . . . . . . . . . : 10.1.0.18

                                            10.1.0.1

        Primary WINS Server . . . . . . . : 10.1.0.1

        Secondary WINS Server . . . . . . : 10.1.0.18

        Lease Obtained. . . . . . . . . . : Monday, October 17, 2011 2:13:26 PM

        Lease Expires . . . . . . . . . . : Thursday, October 20, 2011 2:13:26 PM

0
 
LVL 14

Expert Comment

by:JAN PAKULA
ID: 36984844
best way to do it would be to swap ip addresses around (leave dns off on 2003) turn off ipv6 on new one

also check this registry


[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient]
"NameServer"="192.168.1.25"

is your dns server is rigt in there?

0
 

Author Comment

by:Jay555
ID: 36986441
I checked the 2008 DC registery. It is correct; the same as you explained with 10.1.0.18.
0
 

Author Comment

by:Jay555
ID: 36986519
I also see the following Error:

The local domain controller is both a global catalog and the infrastructure operations master. These two roles are not compatible.
 If another domain controller exists in the domain, it should be made the infrastructure operations master. The following domain controller is a good candidate for this role.
 Domain controller:
CN=NTDS Settings,CN=HONESTY,CN=Servers,CN=WestVirginia,CN=Sites,CN=Configuration,DC=MAIN,DC=com
 If all domain controllers in this domain are global catalogs, then there are no infrastructure update tasks to complete, and this message might be ignored.
0
 
LVL 14

Expert Comment

by:JAN PAKULA
ID: 36986601
1  - do that

http://technet.microsoft.com/en-us/library/cc758330(WS.10).aspx

turn of GC on DC with Infraxtructure master

2 - 2008 DC should have  Old 2003 DC  ip address 10.1.0.1
why - are setup to point to 10.1.0.1 as dns sever

You have to check that on clients also:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient]
"NameServer"="10.1.0.1"

0
 

Author Comment

by:Jay555
ID: 36986956
What I posted yesterday is from my local desktop. As you see there are Primary DNS server 10.1.0.18
and secondary 10.1.0.1
Should I remove the secondary DNS server completely?
0
 

Author Comment

by:Jay555
ID: 36987088
I removed the secondary DNS server from DHCP Scop. I renewd my Local PC IP after that. I still can browse different web sites. Here is my IPCONFIG /ALL ststus:



Windows IP Configuration



        Host Name . . . . . . . . . . . . : MC191

        Primary Dns Suffix  . . . . . . . : MAIN.com

        Node Type . . . . . . . . . . . . : Hybrid

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . : MAIN.com

                                            main.com



Ethernet adapter Local Area Connection:



        Connection-specific DNS Suffix  . : main.com

        Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet

        Physical Address. . . . . . . . . : 00-25-64-8C-7E-B0

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 10.1.0.101

        Subnet Mask . . . . . . . . . . . : 255.255.254.0

        Default Gateway . . . . . . . . . : 10.1.0.2

        DHCP Server . . . . . . . . . . . : 10.1.0.18

        DNS Servers . . . . . . . . . . . : 10.1.0.18

        Primary WINS Server . . . . . . . : 10.1.0.18

        Lease Obtained. . . . . . . . . . : Tuesday, October 18, 2011 11:50:34 AM

        Lease Expires . . . . . . . . . . : Friday, October 21, 2011 11:50:34 AM

0
 
LVL 14

Expert Comment

by:JAN PAKULA
ID: 36987212
is it ok now?
0
 

Author Comment

by:Jay555
ID: 36988859
I can browse any web site now, from my desktop. How can I make sure everything will be okay if I demote the 2003 previous primary DC? Should I just shut down the 2003 Box and see what happens?  or should I just stop the DNS service on 2003 and see the results?

Thanks
0
 

Author Comment

by:Jay555
ID: 36988915
I just stopped the DNS service on 2003 DC box, suddenly saw the internet access became very slow. It was taking a long time to open a web site.
It had no choice to start it again.
0
 
LVL 14

Expert Comment

by:JAN PAKULA
ID: 36989031
0
 

Author Comment

by:Jay555
ID: 36989334
I tried to change DNS forwarder or Root Hints on 2008 DC, when I enter 10.1.0.18 it will come up with check mark (Found). As soon as I click on APPLY or OK then I get the following Mesage:
The Server Forwarders can not be updated.
The IP address is invalid
0
 

Author Comment

by:Jay555
ID: 36992776
I removed 10.1.0.1 from the DNS Forwarder and Root Hunts on 2008 DC, then I can browse any web site now.
There is nothing in DNS forwarder and Root Hints now.
Openning a web site seems a little slower than what felt before when using 2003 as DNS.
Should I just turn off the 2003 Dc server and see the results before demoting it? Do I need to be worried about anything before demoting the 2003 DC?
Thanks
0
 
LVL 14

Accepted Solution

by:
JAN PAKULA earned 1000 total points
ID: 37016411
you need at least one server in dns forwarder - any quaries not resolved by your dns will go to this forwarded dns - (usually it is ISP dns server)
do backup of PDS before demoting - there shouldnt be any problems then:)
0
 
LVL 14

Expert Comment

by:JAN PAKULA
ID: 37016415
sorry PDC - Primary Domain Controller (holds 5 FSMO operation masters)
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question