Solved

Network slowness after decommissioning SBS 2003

Posted on 2014-09-10
18
129 Views
Last Modified: 2014-12-08
We recently demoted and decommissioned a Windows Small Business Server 2003 box that was previously an Exchange and PDC. We now have three Windows Server 2008 R2 VMs as domain controllers and have raised our forest/domain functional levels to Windows Server 2008 R2. After turning off the SBS 2003 server, we received complaints of network slowness (opening files, browsing). Powering on the SBS 2003 server resolved the issue, so there must be something still pointing to it. So far we have done the following to no avail:

 * Updated the folder redirection group policy to point to the new file server and unchecked the option to "move contents of documents to the new location"
 * Disabled DNS and WINS services on the SBS 2003
 * Ensured all devices are using active domain controllers for DNS
 * Disabled offline files
 * Ensured client devices do not have any network drives or printers mapped to the old server
 * Checked the "ShellFolders" registry key under HKCU and HKLM, and nothing is pointing to the old server

Despite the above, it appears some clients are still pointing to the old server for some reason:

 * Under Computer Management -> Shared Folders -> Sessions, I see a couple client PCs that are connected to the server for "Windows" type sessions. However, there is nothing listed as open under Shared Folders -> Open Files. Most of the "Windows" type sessions only stay open for a few seconds every so often.
 * If I use TCPView from Sysinternals, I see a few clients connected under the "microsoft-ds" Local Port. I logged in to one such client and didn't see any open applications, nor were there any network drives or printers pointing to the old server. Most of these "microsoft-ds" sessions only stay open for a few seconds periodically and then close.

Any help is greatly appreciated. Thanks in advance!
0
Comment
Question by:brainsurf1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
  • 3
  • +2
18 Comments
 
LVL 22

Expert Comment

by:David Atkin
ID: 40314675
Hello,

Is this a brand new domain or have the new servers been added as domain controllers?  If so, have you transferred the FSMO roles?
0
 
LVL 17

Expert Comment

by:James H
ID: 40314742
Definitely sounds like the roles have not been transferred over.

http://www.petri.com/determining_fsmo_role_holders.htm#

Use this link as there are screenshots of how to check which server has the roles and how to change them.

Let us know if you have any further issues.
0
 

Author Comment

by:brainsurf1
ID: 40314749
This is not a brand new domain. The roles have absolutely been transferred over. Dcdiag runs successfully without any failures on all domain controllers, and this is reflected in DNS and through ADUC.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 22

Expert Comment

by:David Atkin
ID: 40314773
Ok.  Double check Group Policy to ensure that non of the existing policies are referring to the old SBS.

AV questions:

With regards to Anti-Virus, what do you use?  Has it ever been installed via a console on the old SBS or using it as an update source?  Is it updating correctly? New mapped drives been excluded?
0
 

Author Comment

by:brainsurf1
ID: 40314809
Thanks David for your assistance. We've checked all of our GPOs a few times and cannot find any trace of the old server. We use LANDesk Anti-Virus and have a core server on our (not the customer's) network that provides updates.  I have also uninstalled all non-essential software on the old server, so there is nothing except Windows components running anymore.
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 40314875
With the SBS2003 machine on, can you see any sessions active or anything?

You could try using processmon on one of the client machines to whats happening with the machine when its freezing.
0
 

Author Comment

by:brainsurf1
ID: 40314892
David, there are several "Windows" type sessions open, but there are no open files.
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40314921
has your DHCP Server Options been updated to make sure that the SBS 2003 server is no longer an auto assigned DNS server?
0
 

Author Comment

by:brainsurf1
ID: 40314969
Joshua, yes, the only authorized DHCP servers are active domain controllers.
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40314984
im not talking about authorized DHCP lists. Im referring to your DHCP Scope Options under the DHCP scope and DHCP Server Options

dhcp.jpg
Once the DHCP server options are checked I would suggest everyone having slowness issues perform an ipconfig /flushdns to remove the old server from DNS on client side
0
 

Author Comment

by:brainsurf1
ID: 40314987
Joshua, the old server is not listed for any DHCP server/scope option.
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40315000
ipconfig /flushdns

or

ipconfig /renew
0
 
LVL 37

Accepted Solution

by:
Neil Russell earned 500 total points
ID: 40315155
Run wireshark on a few of the affected PC's and run a full packet trace. Inspect and search for all traffic going TO and FROM the old SBS box. This should enable you to tell exactly what traffic is bound for it and why.

Also you could try running a copy of WhatsRunning on the PC's and looking at the network traffic and then what process owns each connection.

Also you could do

NETSTAT -abn

in a command window on the workstations, this will show what executable is talking to your SBS box too.
0
 

Author Comment

by:brainsurf1
ID: 40315223
"NETSTAT -abn" is showing the SYSTEM process (PID 4) is talking  to the old SBS.

I am seeing the IPC$ share on the old server has a couple sessions open, and these close/open periodically.
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40315246
shutdown the old SBS server and flush the dns on all clients, this should close all connection and keep the SYSTEM from trying to reconnect to any shares on the old server.
0
 

Author Comment

by:brainsurf1
ID: 40481269
I've requested that this question be deleted for the following reason:

Delete
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 40481270
Delete why?
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question