Network/internet Slowness since replacing primary domain contoller

I inherited an older Microsoft Server 2008R2 DC running AD/DNS/DHCP taht was converted to a VM.  I was having some issues with it but I was trying to wait until we moved to a new circuit and made some other networking issues.  It crashed.

I built a new DC with 2012R2- I was able to get everything up and running no problems.

That being said have some quirky issues.  There are some people who were experiencing slowness- if I gave them a static ip address slowness went away

I have one server that doesn't seem to resolve to DNS anymore.

i realize that not running dcpromo is not ideal but I did not have an option.  Everything else seems to be ok
funkyone60Asked:
Who is Participating?
 
Will SzymkowskiSenior Solution ArchitectCommented:
First of all, did you Seize the roles to the current domain controller? If you have not you need to do so.

If you have Seized the roles of this machine you cannot even bring this server back into the environment.

Have you gone through everything in my original post to ensure that all remnants are removed properly?

You need to start there.

Will.
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
moved to a new circuit and made some other networking issues.  It crashed.

Did this DC hold any of the roles? if so, you need to make sure that you have seized the roles to the domain controller that is still online. You will also need to setup the new DC as the PDC (external time source provider)

External Time Source - http://blogs.technet.com/b/nepapfe/archive/2013/03/01/it-s-simple-time-configuration-in-active-directory.aspx

You will also need to perform metadata cleanup as well.
Metadata Cleanup
https://technet.microsoft.com/fr-ca/library/cc816907%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

Also you need to change the DHCP user scopes not to point to the old domain controller for DNS. If you have this entry there this could very well be a reason why your users are getting a delay.

Another very important thing you ensure is that the SRV records for the old DC have been cleaned up. This is the folder under the DNS Zones for domain.com. It is the _msdcs.domain.com folder. In there you will see several folders gc,dc,pdc, etc. You need to go through all of those folders and remove/delete any references that still exists from the old DC. This is also another common reason why users have slowness if SRV records are not cleaned up.

Will.
0
 
funkyone60Author Commented:
I am using the same ip address on the rebuilt DC- so since the records refer to ip address the scope options - did not have to change

the DC has a different name though
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
Hypercat (Deb)Commented:
Try adding an alias in DNS with the old server same, and (obviously) resolving to the new server name.
0
 
funkyone60Author Commented:
i have never see that before- can you tell me how that is done?
0
 
Hypercat (Deb)Commented:
You simply open the DNS management console, navigate down to your domain forward lookup zone, right-click and select New Alias.  Here are a couple of screen captures:

 DNS console right-click menuAdd DNS alias record

The reason I'm suggesting this is because the new server's IP is the same but the name is different, so there may be devices on your network that have the older server name cached with that IP.  This could cause name resolution slowness and browsing problems until that cached record is removed.  So, a way around that is to put in the old server name as an alias to the new one, so if a device looks for the old server name it will find it immediately and then go to the new server name to resolve the IP address.
0
 
funkyone60Author Commented:
Will- I have done all the steps you have suggested except that I cannot delete thee old DC for AD Sites and Services- it keeps giving me an access denied error.

Also I am not sure what you mean about the seize the roles
0
 
compdigit44Commented:
Can you post the results for the following command so we can get an overview of your AD environement

dcdiag /v /e >c:\dcidag.txt
0
 
funkyone60Author Commented:
0
 
compdigit44Commented:
You dcdiag seems ok.

On an affected workstation install Network Monitor or Wireshark and capture traffic while the workstation is using DHCP the upload the results so we can help you review them
0
 
compdigit44Commented:
Stupid question but DNS is set for Dynamic updates correct???
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
If you are getting access denied it is most like "protected from accidental deletion". Right click on the computer object in sites and services, properties, click on the object tab and if it is enabled remove the checkmark.

Then delete the computer object. If this is not the case your account probably doesn't have access to do this.

Also for any other objects you might have issues deleting associated with the old DC make sure you check accidental deletion is not enabled.

Even if you have domain admin permissions you will not be able to delete objects if protect from accidental deletion is enabled.

Sorry for the delayed response.

Will.
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
Run the command netdom query fsmo

If the command comes back and it is pointing to the old dc then you need to seize the roles on the new dc.

Will.
0
 
funkyone60Author Commented:
everything says its good excpet I get
dns.JPG
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.