Solved

Network slowness after decommissioning SBS 2003

Posted on 2014-09-10
18
128 Views
Last Modified: 2014-12-08
We recently demoted and decommissioned a Windows Small Business Server 2003 box that was previously an Exchange and PDC. We now have three Windows Server 2008 R2 VMs as domain controllers and have raised our forest/domain functional levels to Windows Server 2008 R2. After turning off the SBS 2003 server, we received complaints of network slowness (opening files, browsing). Powering on the SBS 2003 server resolved the issue, so there must be something still pointing to it. So far we have done the following to no avail:

 * Updated the folder redirection group policy to point to the new file server and unchecked the option to "move contents of documents to the new location"
 * Disabled DNS and WINS services on the SBS 2003
 * Ensured all devices are using active domain controllers for DNS
 * Disabled offline files
 * Ensured client devices do not have any network drives or printers mapped to the old server
 * Checked the "ShellFolders" registry key under HKCU and HKLM, and nothing is pointing to the old server

Despite the above, it appears some clients are still pointing to the old server for some reason:

 * Under Computer Management -> Shared Folders -> Sessions, I see a couple client PCs that are connected to the server for "Windows" type sessions. However, there is nothing listed as open under Shared Folders -> Open Files. Most of the "Windows" type sessions only stay open for a few seconds every so often.
 * If I use TCPView from Sysinternals, I see a few clients connected under the "microsoft-ds" Local Port. I logged in to one such client and didn't see any open applications, nor were there any network drives or printers pointing to the old server. Most of these "microsoft-ds" sessions only stay open for a few seconds periodically and then close.

Any help is greatly appreciated. Thanks in advance!
0
Comment
Question by:brainsurf1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
  • 3
  • +2
18 Comments
 
LVL 22

Expert Comment

by:David Atkin
ID: 40314675
Hello,

Is this a brand new domain or have the new servers been added as domain controllers?  If so, have you transferred the FSMO roles?
0
 
LVL 17

Expert Comment

by:Spartan_1337
ID: 40314742
Definitely sounds like the roles have not been transferred over.

http://www.petri.com/determining_fsmo_role_holders.htm#

Use this link as there are screenshots of how to check which server has the roles and how to change them.

Let us know if you have any further issues.
0
 

Author Comment

by:brainsurf1
ID: 40314749
This is not a brand new domain. The roles have absolutely been transferred over. Dcdiag runs successfully without any failures on all domain controllers, and this is reflected in DNS and through ADUC.
0
Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 
LVL 22

Expert Comment

by:David Atkin
ID: 40314773
Ok.  Double check Group Policy to ensure that non of the existing policies are referring to the old SBS.

AV questions:

With regards to Anti-Virus, what do you use?  Has it ever been installed via a console on the old SBS or using it as an update source?  Is it updating correctly? New mapped drives been excluded?
0
 

Author Comment

by:brainsurf1
ID: 40314809
Thanks David for your assistance. We've checked all of our GPOs a few times and cannot find any trace of the old server. We use LANDesk Anti-Virus and have a core server on our (not the customer's) network that provides updates.  I have also uninstalled all non-essential software on the old server, so there is nothing except Windows components running anymore.
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 40314875
With the SBS2003 machine on, can you see any sessions active or anything?

You could try using processmon on one of the client machines to whats happening with the machine when its freezing.
0
 

Author Comment

by:brainsurf1
ID: 40314892
David, there are several "Windows" type sessions open, but there are no open files.
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40314921
has your DHCP Server Options been updated to make sure that the SBS 2003 server is no longer an auto assigned DNS server?
0
 

Author Comment

by:brainsurf1
ID: 40314969
Joshua, yes, the only authorized DHCP servers are active domain controllers.
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40314984
im not talking about authorized DHCP lists. Im referring to your DHCP Scope Options under the DHCP scope and DHCP Server Options

dhcp.jpg
Once the DHCP server options are checked I would suggest everyone having slowness issues perform an ipconfig /flushdns to remove the old server from DNS on client side
0
 

Author Comment

by:brainsurf1
ID: 40314987
Joshua, the old server is not listed for any DHCP server/scope option.
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40315000
ipconfig /flushdns

or

ipconfig /renew
0
 
LVL 37

Accepted Solution

by:
Neil Russell earned 500 total points
ID: 40315155
Run wireshark on a few of the affected PC's and run a full packet trace. Inspect and search for all traffic going TO and FROM the old SBS box. This should enable you to tell exactly what traffic is bound for it and why.

Also you could try running a copy of WhatsRunning on the PC's and looking at the network traffic and then what process owns each connection.

Also you could do

NETSTAT -abn

in a command window on the workstations, this will show what executable is talking to your SBS box too.
0
 

Author Comment

by:brainsurf1
ID: 40315223
"NETSTAT -abn" is showing the SYSTEM process (PID 4) is talking  to the old SBS.

I am seeing the IPC$ share on the old server has a couple sessions open, and these close/open periodically.
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40315246
shutdown the old SBS server and flush the dns on all clients, this should close all connection and keep the SYSTEM from trying to reconnect to any shares on the old server.
0
 

Author Comment

by:brainsurf1
ID: 40481269
I've requested that this question be deleted for the following reason:

Delete
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 40481270
Delete why?
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question