Solved

Network slowness after decommissioning SBS 2003

Posted on 2014-09-10
18
122 Views
Last Modified: 2014-12-08
We recently demoted and decommissioned a Windows Small Business Server 2003 box that was previously an Exchange and PDC. We now have three Windows Server 2008 R2 VMs as domain controllers and have raised our forest/domain functional levels to Windows Server 2008 R2. After turning off the SBS 2003 server, we received complaints of network slowness (opening files, browsing). Powering on the SBS 2003 server resolved the issue, so there must be something still pointing to it. So far we have done the following to no avail:

 * Updated the folder redirection group policy to point to the new file server and unchecked the option to "move contents of documents to the new location"
 * Disabled DNS and WINS services on the SBS 2003
 * Ensured all devices are using active domain controllers for DNS
 * Disabled offline files
 * Ensured client devices do not have any network drives or printers mapped to the old server
 * Checked the "ShellFolders" registry key under HKCU and HKLM, and nothing is pointing to the old server

Despite the above, it appears some clients are still pointing to the old server for some reason:

 * Under Computer Management -> Shared Folders -> Sessions, I see a couple client PCs that are connected to the server for "Windows" type sessions. However, there is nothing listed as open under Shared Folders -> Open Files. Most of the "Windows" type sessions only stay open for a few seconds every so often.
 * If I use TCPView from Sysinternals, I see a few clients connected under the "microsoft-ds" Local Port. I logged in to one such client and didn't see any open applications, nor were there any network drives or printers pointing to the old server. Most of these "microsoft-ds" sessions only stay open for a few seconds periodically and then close.

Any help is greatly appreciated. Thanks in advance!
0
Comment
Question by:brainsurf1
  • 7
  • 4
  • 3
  • +2
18 Comments
 
LVL 22

Expert Comment

by:David Atkin
Comment Utility
Hello,

Is this a brand new domain or have the new servers been added as domain controllers?  If so, have you transferred the FSMO roles?
0
 
LVL 17

Expert Comment

by:Spartan_1337
Comment Utility
Definitely sounds like the roles have not been transferred over.

http://www.petri.com/determining_fsmo_role_holders.htm#

Use this link as there are screenshots of how to check which server has the roles and how to change them.

Let us know if you have any further issues.
0
 

Author Comment

by:brainsurf1
Comment Utility
This is not a brand new domain. The roles have absolutely been transferred over. Dcdiag runs successfully without any failures on all domain controllers, and this is reflected in DNS and through ADUC.
0
 
LVL 22

Expert Comment

by:David Atkin
Comment Utility
Ok.  Double check Group Policy to ensure that non of the existing policies are referring to the old SBS.

AV questions:

With regards to Anti-Virus, what do you use?  Has it ever been installed via a console on the old SBS or using it as an update source?  Is it updating correctly? New mapped drives been excluded?
0
 

Author Comment

by:brainsurf1
Comment Utility
Thanks David for your assistance. We've checked all of our GPOs a few times and cannot find any trace of the old server. We use LANDesk Anti-Virus and have a core server on our (not the customer's) network that provides updates.  I have also uninstalled all non-essential software on the old server, so there is nothing except Windows components running anymore.
0
 
LVL 22

Expert Comment

by:David Atkin
Comment Utility
With the SBS2003 machine on, can you see any sessions active or anything?

You could try using processmon on one of the client machines to whats happening with the machine when its freezing.
0
 

Author Comment

by:brainsurf1
Comment Utility
David, there are several "Windows" type sessions open, but there are no open files.
0
 
LVL 16

Expert Comment

by:Joshua Grantom
Comment Utility
has your DHCP Server Options been updated to make sure that the SBS 2003 server is no longer an auto assigned DNS server?
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:brainsurf1
Comment Utility
Joshua, yes, the only authorized DHCP servers are active domain controllers.
0
 
LVL 16

Expert Comment

by:Joshua Grantom
Comment Utility
im not talking about authorized DHCP lists. Im referring to your DHCP Scope Options under the DHCP scope and DHCP Server Options

dhcp.jpg
Once the DHCP server options are checked I would suggest everyone having slowness issues perform an ipconfig /flushdns to remove the old server from DNS on client side
0
 

Author Comment

by:brainsurf1
Comment Utility
Joshua, the old server is not listed for any DHCP server/scope option.
0
 
LVL 16

Expert Comment

by:Joshua Grantom
Comment Utility
ipconfig /flushdns

or

ipconfig /renew
0
 
LVL 37

Accepted Solution

by:
Neil Russell earned 500 total points
Comment Utility
Run wireshark on a few of the affected PC's and run a full packet trace. Inspect and search for all traffic going TO and FROM the old SBS box. This should enable you to tell exactly what traffic is bound for it and why.

Also you could try running a copy of WhatsRunning on the PC's and looking at the network traffic and then what process owns each connection.

Also you could do

NETSTAT -abn

in a command window on the workstations, this will show what executable is talking to your SBS box too.
0
 

Author Comment

by:brainsurf1
Comment Utility
"NETSTAT -abn" is showing the SYSTEM process (PID 4) is talking  to the old SBS.

I am seeing the IPC$ share on the old server has a couple sessions open, and these close/open periodically.
0
 
LVL 16

Expert Comment

by:Joshua Grantom
Comment Utility
shutdown the old SBS server and flush the dns on all clients, this should close all connection and keep the SYSTEM from trying to reconnect to any shares on the old server.
0
 

Author Comment

by:brainsurf1
Comment Utility
I've requested that this question be deleted for the following reason:

Delete
0
 
LVL 37

Expert Comment

by:Neil Russell
Comment Utility
Delete why?
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now