Slowness Response after old DC shutdown

Hi Experts,

We have Windows 2003 AD network and are upgrading to Windows 2012 AD network.  We have two old DCs (Windows 2003) and we've created two Windows 2012 DCs.  Also we transferred all DC functions to the new DC including 5 roles, dns, dhcp, ldap and what we can think about.  Currently we've shutdown one of old DCs (it is not the main one) without any issue.   Then we shutdown the last old dc (it is a first DC in domain and forest).  We are experiencing:

Users feel slow response on their pc.  Example, when I type cmd, take me a long time to open it. Also users feel slow to open and save files on servers. when I open Users and Computers AD tool, it takes a long time to open on new DC.

We received the event log 1112:
The Group Policy Client Side Extension Folder Redirection was unable to apply one or more settings because the changes must be processed before system startup or user logon. The system will wait for Group Policy processing to finish completely before the next startup or logon for this user, and this may result in slow startup and boot performance.

Also the event log 36887: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 48.

Thank you very much in advance.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

The first thing that I'd check is the Primary DNS Server on the clients:
ipconfig /all

If it is pointing at the decommissioned server it could cause the symptoms that you describe.
EnjoyNetAuthor Commented:
Thank you for quick response.  We pointed to new server.
Will SzymkowskiSenior Solution ArchitectCommented:
Currently we've shutdown one of old DCs (it is not the main one) without any issue.   Then we shutdown the last old dc (it is a first DC in domain and forest).  We are experiencing:

The EXACT reason for this is that you should NEVER just power down the DC. Demote it, then shutdown. When you shutdown these DC's they are still present in your AD DNS environment.

Even if you are pointing to your new DNS servers it still does DNS Round Robin on the SRV records. SRV records are located in the folder. When a client queries the network they will point to a specific DNS server, however that DNS server will tell them to use whatever SRV records are present in DNS (which you will still have the 2003 DC in there because they have not been demoted) .

So that is why you are running into these issues.

Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

EnjoyNetAuthor Commented:
Thank you for your advice.   I am really afraid that if I demote them and in case we run into some issues or something we didn't transfer to the new DC, we will be in trouble and no way to bring the old DC back.   I really want to make sure the slow response issue is not something else.   We have two old DCs and I shutdown one a couple weeks ago without any issue, but this last one.  

Will, I think you might be correct since the slow responses are random.  Do you have more info or links to support this theory?  Sorry it is very hard for me to decide demoting it.  Thank you so much again
Will SzymkowskiSenior Solution ArchitectCommented:
As long as you have transfered the FSMO roles any thing else can be easily corrected. As you have tested already, you have powered down the DC's and everything is still working (slowly). This will be intermittent due to the Round Robin mechanism in AD DNS.

If you even check those SRV records you will see them present in these folders. Once you demote the DC they will get removed automatically.

I cannot find any documentation right now, however i have done migrations like this several times and this is expected when you power off a DC that is not demoted properly. Active Directory does not know that the DC is powered off and it will continue to send queries to it. If you have alot of DC in your site then you would not see this slowness as much becaues you have more DC's online.

However, when it does try to query a DC that is offline it will wait for a timeout period, before it trys another DC in the SRV lookup. This is where you are getting your delays.

The only other thing i can think of is make sure that your servers are pointing to the new DNS. Other than that, nothing else left to explain.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
EnjoyNetAuthor Commented:
You are right.  I did shutdown the dc and looks like everything  is OK except of what you mentioned.  

Thank you so much.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.