Authenticating to Old Domain Server
Posted on 2014-02-10
I have a client that had a Windows 2003 server as their primary domain controller. Several months ago, we added a new Windows 2012 server on the network and went through the process to make it the primary domain controller. The old server was kept on the network while the client migrated applications to the new server. That has been done and the client wants to take down the 2003 server. But, when they shut that server down, users are no long able to authenticate to the domain.
We have gone through a series of steps to try and determine why this may be happening. Some of the steps we have checked include:
1. The new server is the global catalog.
2. DNS is up and running.
3. SRV records in the DNS are fine and exist for both servers (there are kerberos and ldap entries; the _gc entry is for the new server).
4. DHCP is handing out addresses correctly - including DNS. All of the clients are using the IP address of the new server as primary DNS.
5. The new server is a member of the domain controller group.
6. AD subnet entries are blank on both servers (we aren't using any).
7. Ran netdom query fsmo. Everything is pointing to the new server.
Can anyone offer any ideas why the clients are still trying (apparently) to use the old server to authenticate or what further troubleshooting steps we can perform to resolve the issue?