Solved

Loss of internet when rebooting old Domain controller

Posted on 2014-03-06
18
346 Views
Last Modified: 2014-03-06
I have replaced and old 2003 DC with a Server 2008 box a few years back and moved all the FMSO roles over to the 2008 box. Now we have noticed if we reboot the 2003 DC everyone losses internet.

We don't use DHCP and all of the computers have been setup with static IPs.
The nic's of the computers are configured so the Default GW is the main switch's IP, and the DNS 1 is the 2008 box and DNS 2 is the old 2003 box.

I did a route print on both servers, and did notice that the metrics on the 2008 box were much much higher than the 2003 box, like 306 an 276 for the route metrics.

Any idea's?
0
Comment
Question by:nicolausj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 4
  • 4
18 Comments
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 39909460
I would remove the DNS reference to the old DC on all your computers, then demote the old DC and remove it from AD.

If the hardware is adequate, I'd take the now-demoted server and set it up as a second 2008 DC, with DNS.  If the hardware is not adequate, I'd build a new secondary DC.

(I would then put DHCP on both DCs, each with its own complimentary zone, and configure all your computers to be DHCP clients, but this is optional.)
0
 
LVL 30

Expert Comment

by:Rich Weissler
ID: 39909461
Does the DNS Server on the Windows 2008 box have it's conditional forwarder pointed at the 2003 server by any chance?
0
 
LVL 3

Author Comment

by:nicolausj
ID: 39909474
No DNS forward on the 2008 Box to the 2003 box that I know of. How would I would I check?
0
Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

 
LVL 3

Author Comment

by:nicolausj
ID: 39909482
Nope, No conditional forwards.
0
 
LVL 30

Expert Comment

by:Rich Weissler
ID: 39909488
What about forwarders on the server properties itself?
(You should be able to open properties on the server object within the DNS Manager, and check the Forwarder tab.)
0
 
LVL 3

Author Comment

by:nicolausj
ID: 39909497
paulmacd, I was actually wrong about the 2003 box being in the dns for the computers, I just have the 1 DNS IP for the 2008 box on all the computers.

I do want to get rid of the old server, but until I can shut it down without losing internet for my users I can't really demote it.
0
 
LVL 3

Author Comment

by:nicolausj
ID: 39909514
SOA is the 2008 box, the first name server listed is the 2003 box, followed by the 2008.
The first host (A) record is the 2003 box followed by the 2008.

Not sure if thats what you are looking for Razmus.
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 39909551
Is the old DC a proxy for your web browsers?  That would explain the problem.

If the old DC is turned off, can you still PING or TRACERT to an Internet host (www.google.com, say)?
0
 
LVL 3

Author Comment

by:nicolausj
ID: 39909590
hum... I don't know. Is there a way to check without shutting the server down? Otherwise I will have to test it tomorrow night when no one is here.
0
 
LVL 30

Expert Comment

by:Rich Weissler
ID: 39909616
I made a mistake in my rush initially... and said conditional forwarders instead of forwards for the DNS server.  Conditional forwarders show up in the DNS manager in the tree structure.  The forwarders show up as a property of the server:
Forwarder Confirmation paneConfirm in the properties on the 2008 server, that this pane is either blank (and is using root hints), or is pointed to your ISP's name server... but if it's pointed at the 2003 server, that could be a source of the problem.
(That assumes that 'Internet unavailable' also means that clients are simply not able to resolve internet names.)
Paulmacd's suggestion to confirm you can ping IP addresses on the internet while the 2003 box is down is also a good one, and will help narrow the symptoms of the problem!
(I'm focusing on DNS and name resolution, because it is far easier to believe the problem caused by a missing DC is name resolution than internet connectivity.  The latter is not impossible, there would just have to be more that we don't know about yet... proxy or NAT (internet connection sharing) going through the DC, for example.
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 39909627
How to configure Internet Explorer to use a proxy server.  Of course, you want to clear out the old DC's information if it's in there.
0
 
LVL 3

Author Comment

by:nicolausj
ID: 39909631
paulmacd if I do a tracert for www.google.ca with the old box running, should I not see it first hit the server, then our firewall?

With the box running still the first hop is to our main switch, then our firewall then it times out.
0
 
LVL 3

Author Comment

by:nicolausj
ID: 39909667
Razmus, there was a pointer on the new server to the old one... I will test it over the weekend and see what happens.

Thanks both of you and for your quick responses
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 39909711
A tracert would resolve www.gooogle.ca first, and then ping all the points in between, starting with your firewall.  If you can tracert with the old DC turned off, you'll know your problem isn't with DNS.
0
 
LVL 3

Author Comment

by:nicolausj
ID: 39909720
After taking the Forwarding ip now staff are telling me they cannot surf the internet.
0
 
LVL 30

Accepted Solution

by:
Rich Weissler earned 500 total points
ID: 39909782
... just like they would when the 2003 machine was down.
Find the value in the 2003 server, which should be in a similar spot... it'll likely be the DNS server for your ISP.  Put THAT value in the Forwarders on the 2008 server.  (OR worst case... plug in the value 8.8.8.8 temporarily.  That'll be one of the public google dns servers, as I recall.)
0
 
LVL 3

Author Comment

by:nicolausj
ID: 39909811
alright, thanks
0
 
LVL 3

Author Closing Comment

by:nicolausj
ID: 39909840
Thanks for the speedy response!
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
how to force a GPO update on all computers in a domain at once? 1 92
Windows 10 64bit Mapped drive issue 38 124
Windows 10 Policy for Flash 3 59
Copy user profile 6 36
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question