[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Slow logins after IP change on DC

Posted on 2014-02-07
6
Medium Priority
?
650 Views
Last Modified: 2014-02-12
I just moved my company to a new office. We were on a flat 192.168.16.0 network. We now have multiple vlans. I have modified the IP address of my 2 DC's along with all other servers.  I have changed the DNS server settings on each machine to point to the new IPs as well. I am obviously missing something because logging into these servers takes forever.... GPOs do not seem to be running , etc.  What am I missing and how can I troubleshoot?
0
Comment
Question by:BSModlin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 19

Expert Comment

by:Miguel Angel Perez Muñoz
ID: 39841631
Try logon on your DC (may requires lot of time to able logons) and as administrator run ipconfig /registerdns.
0
 
LVL 11

Accepted Solution

by:
Manjunath Sullad earned 2000 total points
ID: 39841687
Reboot the Server,

ipconfig /flushdns & ipconfig /registerdns

If IP address subnet is new, you need to add it to AD sites and services and move the DC to the site that belongs to the new subnet.

Once you changed all the settings, Run "dcdiag" and check any errors are found.

If any errors , Run dcdiag /fix to correct the service records,

Refer some of the standards : http://technet.microsoft.com/en-us/library/cc758579(v=ws.10).aspx
0
 

Author Comment

by:BSModlin
ID: 39841856
Just did all that with same result.... What else can I test or modify?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 

Author Comment

by:BSModlin
ID: 39842043
Here is the DCDIAG Results:


C:\Users\bmodlin>dcdiag

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = sasmail
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\SASMAIL
      Starting test: Connectivity
         ......................... SASMAIL passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\SASMAIL
      Starting test: Advertising
         ......................... SASMAIL passed test Advertising
      Starting test: FrsEvent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... SASMAIL passed test FrsEvent
      Starting test: DFSREvent
         ......................... SASMAIL passed test DFSREvent
      Starting test: SysVolCheck
         ......................... SASMAIL passed test SysVolCheck
      Starting test: KccEvent
         ......................... SASMAIL passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... SASMAIL passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... SASMAIL passed test MachineAccount
      Starting test: NCSecDesc
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=DomainDnsZones,DC=StructuredAssetServices,DC=local
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=ForestDnsZones,DC=StructuredAssetServices,DC=local
         ......................... SASMAIL failed test NCSecDesc
      Starting test: NetLogons
         ......................... SASMAIL passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... SASMAIL passed test ObjectsReplicated
      Starting test: Replications
         ......................... SASMAIL passed test Replications
      Starting test: RidManager
         ......................... SASMAIL passed test RidManager
      Starting test: Services
         ......................... SASMAIL passed test Services
      Starting test: SystemLog
         An Warning Event occurred.  EventID: 0x000727A5
            Time Generated: 02/07/2014   10:13:26
            Event String:
            The WinRM service is not listening for WS-Management requests.
         An Warning Event occurred.  EventID: 0x00000420
            Time Generated: 02/07/2014   10:26:54
            Event String:
            The DHCP service has detected that it is running on a DC and has no
credentials configured for use with Dynamic DNS registrations initiated by the D
HCP service.   This is not a recommended security configuration.  Credentials fo
r Dynamic DNS registrations may be configured using the command line "netsh dhcp
 server set dnscredentials" or via the DHCP Administrative tool.
         An Warning Event occurred.  EventID: 0x825A0086
            Time Generated: 02/07/2014   10:27:02
            Event String:
            NtpClient was unable to set a manual peer to use as a time source be
cause of DNS resolution error on '"ntp.myfloridacity.us,0x8'. NtpClient will try
 again in 15 minutes and double the reattempt interval thereafter. The error was
: No such host is known. (0x80072AF9)
         An Warning Event occurred.  EventID: 0x00002724
            Time Generated: 02/07/2014   10:27:02
            Event String:
            This computer has at least one dynamically assigned IPv6 address.For
 reliable DHCPv6 server operation, you should use only static IPv6 addresses.
         An Warning Event occurred.  EventID: 0x825A0086
            Time Generated: 02/07/2014   10:27:04
            Event String:
            NtpClient was unable to set a manual peer to use as a time source be
cause of DNS resolution error on '"ntp.myfloridacity.us,0x8'. NtpClient will try
 again in 15 minutes and double the reattempt interval thereafter. The error was
: No such host is known. (0x80072AF9)
         An Error Event occurred.  EventID: 0xC0001B58
            Time Generated: 02/07/2014   10:27:06
            Event String:
            The Microsoft IPv6 Protocol Driver service failed to start due to th
e following error:
         An Error Event occurred.  EventID: 0xC0001B70
            Time Generated: 02/07/2014   10:27:12
            Event String:
            The HP Insight Event Notifier service terminated with service-specif
ic error 4 (0x4).
         An Error Event occurred.  EventID: 0xC0001B72
            Time Generated: 02/07/2014   10:27:22
            Event String:
            The following boot-start or system-start driver(s) failed to load:
         An Warning Event occurred.  EventID: 0x8000001D
            Time Generated: 02/07/2014   10:27:27
            Event String:
            The Key Distribution Center (KDC) cannot find a suitable certificate
 to use for smart card logons, or the KDC certificate could not be verified. Sma
rt card logon may not function correctly if this problem is not resolved. To cor
rect this problem, either verify the existing KDC certificate using certutil.exe
 or enroll for a new KDC certificate.
         An Warning Event occurred.  EventID: 0x8435046F
            Time Generated: 02/07/2014   10:27:34
            Event String:
            System Information Agent: Health: A Temperature Sensor Condition has
 been set to degraded.  The system may or may not shutdown depending on the stat
e of the thermal degraded action value '3'.
         An Warning Event occurred.  EventID: 0x8435046F
            Time Generated: 02/07/2014   10:27:34
            Event String:
            System Information Agent: Health: A Temperature Sensor Condition has
 been set to degraded.  The system may or may not shutdown depending on the stat
e of the thermal degraded action value '3'.
         An Warning Event occurred.  EventID: 0x8435046F
            Time Generated: 02/07/2014   10:27:34
            Event String:
            System Information Agent: Health: A Temperature Sensor Condition has
 been set to degraded.  The system may or may not shutdown depending on the stat
e of the thermal degraded action value '3'.
         An Warning Event occurred.  EventID: 0x8435046F
            Time Generated: 02/07/2014   10:27:34
            Event String:
            System Information Agent: Health: A Temperature Sensor Condition has
 been set to degraded.  The system may or may not shutdown depending on the stat
e of the thermal degraded action value '3'.
         An Warning Event occurred.  EventID: 0x000727AA
            Time Generated: 02/07/2014   10:29:25
            Event String:
            The WinRM service failed to create the following SPNs: WSMAN/sasmail
.StructuredAssetServices.local; WSMAN/sasmail.
         ......................... SASMAIL failed test SystemLog
      Starting test: VerifyReferences
         ......................... SASMAIL passed test VerifyReferences


   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : StructuredAssetServices
      Starting test: CheckSDRefDom
         ......................... StructuredAssetServices passed test
         CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... StructuredAssetServices passed test
         CrossRefValidation

   Running enterprise tests on : StructuredAssetServices.local
      Starting test: LocatorCheck
         ......................... StructuredAssetServices.local passed test
         LocatorCheck
      Starting test: Intersite
         ......................... StructuredAssetServices.local passed test
         Intersite

C:\Users\bmodlin>
0
 
LVL 11

Expert Comment

by:Manjunath Sullad
ID: 39842180
Can you cross verify,
All the settings in AD Sites and Servies settings are configured correctly,

If IP address subnet is new, you need to add it to AD sites and services and move the DC to the site that belongs to the new subnet.



Based on Dcdiag logs seems to be there is some issue with AD Replication,

Run below commands and check for error,

ipconfig /all >c:\ipconfig.txt

dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt

repadmin /showrepl dc* /verbose /all /intersite >c:\repl.txt  

dnslint /ad /s "DCipaddress" (http://support.microsoft.com/kb/321045)
0
 
LVL 10

Expert Comment

by:Pramod Ubhe
ID: 39844005
Assuming that all setting in sites and services are correct, including the mapping of new subnet to the site where client computers are running. you might want to use a network capture tool to see what is happening during the authentication process.
Also you can check on one of the computer below command to see where authentication requests are going -
set logonserver
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question