[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


AD Login Issues after DC demoted

Posted on 2014-12-04
Medium Priority
Last Modified: 2014-12-10
Here is my environment.  I had 1 2008 Domain Controller and 2 Server 2012 R2 DC's.  All of the roles are on DC1 (2012 R2 Server).  I just demoted the 2008  server and now login are taking forever, and users are having issues opening and saving documents to network drives.  I checked DNS and all "seems" well.  I run a repadmin /syncall and no errors are returned.

I saw errors in the event viewer regarding time... I then saw that the time server was the 2008 box.....  I configured the 2012 R2 box to get the time from an external source...  Now both of the DCs are syncing the time exactly the same....  I have also verified that the DHCP clients are poiinting to the correct DNS servers... both 2012 r2 boxes....

What am I missing.... please help!!
Question by:BSModlin
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 35

Expert Comment

by:Seth Simmons
ID: 40481197
what does netdom query fsmo show on the 2012 servers?
if the roles are between those servers then the 2008 server was not the time server since clients get their time from the server with the PDC emulator role

Author Comment

ID: 40481201
All roles are on the 2012 R2 server DC1, as they should..... What else to check for the slow logins?
LVL 35

Expert Comment

by:Seth Simmons
ID: 40481276
are the 2012 servers global catalogs?
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.


Author Comment

ID: 40481289
LVL 10

Expert Comment

by:Walter Padrón
ID: 40481554
Have you raised the functional level of the domain?

Also, restart the KDC (Kerberos Key Distribution Center) service on both DC's

Best regards
LVL 20

Expert Comment

ID: 40487801
have you run a dcdiag /v /e >c:dcdiag.txt

Are saving files to the network the only thing that is slow? how about user logins from their workstations?

Was your old server running WINS?

Accepted Solution

BSModlin earned 0 total points
ID: 40488903
Found the issue... It was my EMC SAN/NAS.... Had old DNS info in it, and user home directories where contributing to slow logon times..... thank you all!!

Author Comment

ID: 40488930
I've requested that this question be closed as follows:

Accepted answer: 0 points for BSModlin's comment #a40488903
Assisted answer: 167 points for Seth Simmons's comment #a40481197
Assisted answer: 167 points for Walter Padrón's comment #a40481554
Assisted answer: 166 points for compdigit44's comment #a40487801

for the following reason:

Found my own solution
LVL 35

Expert Comment

by:Seth Simmons
ID: 40488931
select your own comment as the solution
nobody else gets points since not all details were provided and none of us would have known your NAS was a contributing factor

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question