Big connectivity problems on a small network
Posted on 2014-08-31
I was called to check on the issues on this small network, and why clients continuously loose their network mappings.
Turns out they have 3 servers and 15 Windows 7 Pro Clients.
Server1: Domain controller, AD, DNS, DHCP. Windows 2012 R2 to the latest updates. Static IP 18.104.22.168
Server2: It's only a file server, for shares. Hyper V. Turns out it still has some AD services installed (More on this later )Static IP 22.214.171.124
Server 3: Windows 2008R2 patched to the latest updates. File Server, Hyper V, and Miscrosoft Dynamics.
This place has been running without major glitches for 1 1/2 years. Two weeks ago, clients cant find the mappings to Server2.
Upon reading the event viewer, I find a bunch of errors strange errors (all in Server1):
Event 1206 ADWS Active Directory Web Services was unable to determine if the computer is a global catalog server.
Event 1232 Active Directory_Domain Service Active Directory Domain Services attempted to perform a remote procedure call (RPC) to the following server. The call timed out and was cancelled.
Event 1188 Active Directory_Domain Service A thread in Active Directory Domain Services is waiting for the completion of a RPC made to the following directory service.
Event 1059 DHCP
The DHCP service failed to see a directory server for authorization.
Event 1056 DHCP
The DHCP service has detected that it is running on a DC and has no credentials configured for use with Dynamic DNS registrations initiated by the DHCP service
Searching in the back-history turns out Server2 used to be a Full AD server (PDC) and the main authentication server. Then (a year ago) someone installed Server4 to become the main PDC, and demoted Server2. Then Server4 crashed, and that's when they brought in Server1 the one they have been using for more than 1 year.
And they haven't had these problems until two weeks ago.
Also around the time these problems started, someone installed HyperV in Server1 and also a software called Netwrix (for log management). I uninstalled both from Server1.
But the clients keep loosing the mapping to share drives in Server2. And the main solution is to run on the client workstattion IPCONFIG /RELEASE/RENEW and then /FLUSHDNS and then GPUPDATE /FORCE
Then most of the time works.
Another weird sympton is that when I ping Server2 from a workstation instead of getting 192.168.1.200 i usually get 192.168.1.80 which is a Multifunction printer with a static IP in our network.
Who can be giving my clients that IP address?
Also, upon rebooting the Server1, I get the failures to start DHCP. But when I go to services, and restart it manually, DHCP gives me a message that was able to start normally and service clients.
My intuition leans towards Server2 still being a DC, and Server1's DNS still refers to it as an alternate DC. I think it should be relegated to just a plain File server, since it is NOT supposed to have any roles. Also, although AD shows as not being installed in the roles of the server, when I ran DCPromo it asks me if I want to remove AD from this server and have it join the domain, so that leads me to think I should.
QUESTION: Given the scenario, and taking into account that Server2 is not supposed to have any roles other than a file server, should I run a DCPromo and demote it?
When I check the DNS records in Server1 I see a reference to Server2 everywhere, and Server2 does not have DNS at all.
Any suggestions will be greatly appreciated. Also any other line of thought or making me look at another type of issue would be welcome.