Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Network slowness after decommissioning SBS 2003

Posted on 2014-09-10
18
Medium Priority
?
132 Views
Last Modified: 2014-12-08
We recently demoted and decommissioned a Windows Small Business Server 2003 box that was previously an Exchange and PDC. We now have three Windows Server 2008 R2 VMs as domain controllers and have raised our forest/domain functional levels to Windows Server 2008 R2. After turning off the SBS 2003 server, we received complaints of network slowness (opening files, browsing). Powering on the SBS 2003 server resolved the issue, so there must be something still pointing to it. So far we have done the following to no avail:

 * Updated the folder redirection group policy to point to the new file server and unchecked the option to "move contents of documents to the new location"
 * Disabled DNS and WINS services on the SBS 2003
 * Ensured all devices are using active domain controllers for DNS
 * Disabled offline files
 * Ensured client devices do not have any network drives or printers mapped to the old server
 * Checked the "ShellFolders" registry key under HKCU and HKLM, and nothing is pointing to the old server

Despite the above, it appears some clients are still pointing to the old server for some reason:

 * Under Computer Management -> Shared Folders -> Sessions, I see a couple client PCs that are connected to the server for "Windows" type sessions. However, there is nothing listed as open under Shared Folders -> Open Files. Most of the "Windows" type sessions only stay open for a few seconds every so often.
 * If I use TCPView from Sysinternals, I see a few clients connected under the "microsoft-ds" Local Port. I logged in to one such client and didn't see any open applications, nor were there any network drives or printers pointing to the old server. Most of these "microsoft-ds" sessions only stay open for a few seconds periodically and then close.

Any help is greatly appreciated. Thanks in advance!
0
Comment
Question by:brainsurf1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
  • 3
  • +2
18 Comments
 
LVL 22

Expert Comment

by:David Atkin
ID: 40314675
Hello,

Is this a brand new domain or have the new servers been added as domain controllers?  If so, have you transferred the FSMO roles?
0
 
LVL 17

Expert Comment

by:James H
ID: 40314742
Definitely sounds like the roles have not been transferred over.

http://www.petri.com/determining_fsmo_role_holders.htm#

Use this link as there are screenshots of how to check which server has the roles and how to change them.

Let us know if you have any further issues.
0
 

Author Comment

by:brainsurf1
ID: 40314749
This is not a brand new domain. The roles have absolutely been transferred over. Dcdiag runs successfully without any failures on all domain controllers, and this is reflected in DNS and through ADUC.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 22

Expert Comment

by:David Atkin
ID: 40314773
Ok.  Double check Group Policy to ensure that non of the existing policies are referring to the old SBS.

AV questions:

With regards to Anti-Virus, what do you use?  Has it ever been installed via a console on the old SBS or using it as an update source?  Is it updating correctly? New mapped drives been excluded?
0
 

Author Comment

by:brainsurf1
ID: 40314809
Thanks David for your assistance. We've checked all of our GPOs a few times and cannot find any trace of the old server. We use LANDesk Anti-Virus and have a core server on our (not the customer's) network that provides updates.  I have also uninstalled all non-essential software on the old server, so there is nothing except Windows components running anymore.
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 40314875
With the SBS2003 machine on, can you see any sessions active or anything?

You could try using processmon on one of the client machines to whats happening with the machine when its freezing.
0
 

Author Comment

by:brainsurf1
ID: 40314892
David, there are several "Windows" type sessions open, but there are no open files.
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40314921
has your DHCP Server Options been updated to make sure that the SBS 2003 server is no longer an auto assigned DNS server?
0
 

Author Comment

by:brainsurf1
ID: 40314969
Joshua, yes, the only authorized DHCP servers are active domain controllers.
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40314984
im not talking about authorized DHCP lists. Im referring to your DHCP Scope Options under the DHCP scope and DHCP Server Options

dhcp.jpg
Once the DHCP server options are checked I would suggest everyone having slowness issues perform an ipconfig /flushdns to remove the old server from DNS on client side
0
 

Author Comment

by:brainsurf1
ID: 40314987
Joshua, the old server is not listed for any DHCP server/scope option.
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40315000
ipconfig /flushdns

or

ipconfig /renew
0
 
LVL 37

Accepted Solution

by:
Neil Russell earned 2000 total points
ID: 40315155
Run wireshark on a few of the affected PC's and run a full packet trace. Inspect and search for all traffic going TO and FROM the old SBS box. This should enable you to tell exactly what traffic is bound for it and why.

Also you could try running a copy of WhatsRunning on the PC's and looking at the network traffic and then what process owns each connection.

Also you could do

NETSTAT -abn

in a command window on the workstations, this will show what executable is talking to your SBS box too.
0
 

Author Comment

by:brainsurf1
ID: 40315223
"NETSTAT -abn" is showing the SYSTEM process (PID 4) is talking  to the old SBS.

I am seeing the IPC$ share on the old server has a couple sessions open, and these close/open periodically.
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40315246
shutdown the old SBS server and flush the dns on all clients, this should close all connection and keep the SYSTEM from trying to reconnect to any shares on the old server.
0
 

Author Comment

by:brainsurf1
ID: 40481269
I've requested that this question be deleted for the following reason:

Delete
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 40481270
Delete why?
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question