Solved

Loss of internet when rebooting old Domain controller

Posted on 2014-03-06
18
341 Views
Last Modified: 2014-03-06
I have replaced and old 2003 DC with a Server 2008 box a few years back and moved all the FMSO roles over to the 2008 box. Now we have noticed if we reboot the 2003 DC everyone losses internet.

We don't use DHCP and all of the computers have been setup with static IPs.
The nic's of the computers are configured so the Default GW is the main switch's IP, and the DNS 1 is the 2008 box and DNS 2 is the old 2003 box.

I did a route print on both servers, and did notice that the metrics on the 2008 box were much much higher than the 2003 box, like 306 an 276 for the route metrics.

Any idea's?
0
Comment
Question by:nicolausj
  • 10
  • 4
  • 4
18 Comments
 
LVL 33

Expert Comment

by:paulmacd
ID: 39909460
I would remove the DNS reference to the old DC on all your computers, then demote the old DC and remove it from AD.

If the hardware is adequate, I'd take the now-demoted server and set it up as a second 2008 DC, with DNS.  If the hardware is not adequate, I'd build a new secondary DC.

(I would then put DHCP on both DCs, each with its own complimentary zone, and configure all your computers to be DHCP clients, but this is optional.)
0
 
LVL 29

Expert Comment

by:Rich Weissler
ID: 39909461
Does the DNS Server on the Windows 2008 box have it's conditional forwarder pointed at the 2003 server by any chance?
0
 
LVL 3

Author Comment

by:nicolausj
ID: 39909474
No DNS forward on the 2008 Box to the 2003 box that I know of. How would I would I check?
0
 
LVL 3

Author Comment

by:nicolausj
ID: 39909482
Nope, No conditional forwards.
0
 
LVL 29

Expert Comment

by:Rich Weissler
ID: 39909488
What about forwarders on the server properties itself?
(You should be able to open properties on the server object within the DNS Manager, and check the Forwarder tab.)
0
 
LVL 3

Author Comment

by:nicolausj
ID: 39909497
paulmacd, I was actually wrong about the 2003 box being in the dns for the computers, I just have the 1 DNS IP for the 2008 box on all the computers.

I do want to get rid of the old server, but until I can shut it down without losing internet for my users I can't really demote it.
0
 
LVL 3

Author Comment

by:nicolausj
ID: 39909514
SOA is the 2008 box, the first name server listed is the 2003 box, followed by the 2008.
The first host (A) record is the 2003 box followed by the 2008.

Not sure if thats what you are looking for Razmus.
0
 
LVL 33

Expert Comment

by:paulmacd
ID: 39909551
Is the old DC a proxy for your web browsers?  That would explain the problem.

If the old DC is turned off, can you still PING or TRACERT to an Internet host (www.google.com, say)?
0
 
LVL 3

Author Comment

by:nicolausj
ID: 39909590
hum... I don't know. Is there a way to check without shutting the server down? Otherwise I will have to test it tomorrow night when no one is here.
0
Too many email signature changes to deal with?

Are you constantly being asked to update your organization's email signatures? Do they take up too much of your time? Wouldn't you love to be able to manage all signatures from one central location, easily design them and deploy them quickly to users. Well, you can!

 
LVL 29

Expert Comment

by:Rich Weissler
ID: 39909616
I made a mistake in my rush initially... and said conditional forwarders instead of forwards for the DNS server.  Conditional forwarders show up in the DNS manager in the tree structure.  The forwarders show up as a property of the server:
Forwarder Confirmation paneConfirm in the properties on the 2008 server, that this pane is either blank (and is using root hints), or is pointed to your ISP's name server... but if it's pointed at the 2003 server, that could be a source of the problem.
(That assumes that 'Internet unavailable' also means that clients are simply not able to resolve internet names.)
Paulmacd's suggestion to confirm you can ping IP addresses on the internet while the 2003 box is down is also a good one, and will help narrow the symptoms of the problem!
(I'm focusing on DNS and name resolution, because it is far easier to believe the problem caused by a missing DC is name resolution than internet connectivity.  The latter is not impossible, there would just have to be more that we don't know about yet... proxy or NAT (internet connection sharing) going through the DC, for example.
0
 
LVL 33

Expert Comment

by:paulmacd
ID: 39909627
How to configure Internet Explorer to use a proxy server.  Of course, you want to clear out the old DC's information if it's in there.
0
 
LVL 3

Author Comment

by:nicolausj
ID: 39909631
paulmacd if I do a tracert for www.google.ca with the old box running, should I not see it first hit the server, then our firewall?

With the box running still the first hop is to our main switch, then our firewall then it times out.
0
 
LVL 3

Author Comment

by:nicolausj
ID: 39909667
Razmus, there was a pointer on the new server to the old one... I will test it over the weekend and see what happens.

Thanks both of you and for your quick responses
0
 
LVL 33

Expert Comment

by:paulmacd
ID: 39909711
A tracert would resolve www.gooogle.ca first, and then ping all the points in between, starting with your firewall.  If you can tracert with the old DC turned off, you'll know your problem isn't with DNS.
0
 
LVL 3

Author Comment

by:nicolausj
ID: 39909720
After taking the Forwarding ip now staff are telling me they cannot surf the internet.
0
 
LVL 29

Accepted Solution

by:
Rich Weissler earned 500 total points
ID: 39909782
... just like they would when the 2003 machine was down.
Find the value in the 2003 server, which should be in a similar spot... it'll likely be the DNS server for your ISP.  Put THAT value in the Forwarders on the 2008 server.  (OR worst case... plug in the value 8.8.8.8 temporarily.  That'll be one of the public google dns servers, as I recall.)
0
 
LVL 3

Author Comment

by:nicolausj
ID: 39909811
alright, thanks
0
 
LVL 3

Author Closing Comment

by:nicolausj
ID: 39909840
Thanks for the speedy response!
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now