Decommissioned Domain Controller - All Roles moved to new DC. When "old DC" is shutdown - internet is lost. WTF?

1). Installed a New DC
2). Installed AD, DHCP, WINS and Joined to the forest).
3). Ran DCPromo, Joined to the forest and allowed time for replication (verified replication with MS Utility)
4). Configured DHCP/Scopes, DNS Forwarders, Transferred all 5 Schema Roles, etc...
5). Removed OLD DC from the Forest (dcpromo.exe) and uninstalled all roles (AD, DNS and DHCP).
6). All the systems on the network are running on the new server (Verified with IPCONFIG)
7).Rebooted the "OLD DC" several times with no issues.

At this point everything is working as intended. Here's the thing... When I shutdown the old server, the entire network looses Internet (Still has network connectivity). They do have a old Sonicwall (TZ-170 - 10 node license) for there router. The customer/I do not have the credentials to access the setup/settings.

When I ran DCPromo to remove the "old DC" from the forest I got an error saying:

"DCPromo was unable to remove DNS delegations from the parent zone: com.  This could be because you do not have permissions to do so, or because the zone is hosted by a server that does not run windows.  You should delete DNS delegations in the parent zone for this domain.  To do so, contact an administer who is responsible for the DNS zone: com.  The error was:  The RPC sever is unavailable."

I have removed the corresponding entries from the DNS settings on the New DC (or at least I believe I have all of them).

Any Ideas?
Todd HSenior Solutions EngineerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Kamal KhaleefaInformation Security SpecialistCommented:
You need to configure network firewall if exist to map to the new school to authenticate internet access for users

If you don't v. Firewall in ur criteria check client up/ end configuration
If it's right give client public dns 4.4.4.4 and test
If test run okay you need to configure router dns entry and check ur Dina server forwarding enabled
0
asavenerCommented:
Check the DNS entries on the client machines and see if they're still pointing to the original DC.

Next, open the DNS snap-in on the new DC and run the test that checks if recursive lookups are working.

Finally, check whether the firewall is blocking the traffic.  (This is a common practice, since it can help mitigate malware.)

One option might be to change the IP address of the new domain controller to the IP of the original DC.
0
Todd HSenior Solutions EngineerAuthor Commented:
Thanks for the comments/suggestions.

I have tried all the steps you have mentioned, it's not like the DNS just goes out. It's the entire Internet itself (almost instantly after the PC has been shutdown). I am assuming this has to do with some setting in the Sonicwall (although for the life of me I cannot think of a setting that would do this).

Finally, check whether the firewall is blocking the traffic.  (This is a common practice, since it can help mitigate malware.)

One option might be to change the IP address of the new domain controller to the IP of the original DC.

That is interesting... IDK why all the other new computers would be able to access the internet however. I have added 4 new devices (1 NAS, 2 VM's and 1 Hyper-V Server).

I am going onsite tomorrow to investigate, I will keep you informed.

Thanks for the help. Appreciated.
0
Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

asavenerCommented:
Did/does the original server have multiple NICs?  Or is its IP address set as the default gateway for clients?  It's possible that it was being used for routing, although it's not a standard configuration.
0
Todd HSenior Solutions EngineerAuthor Commented:
The original DC does have 2 NICs. Only 1 is connected. The clients are point to the Sonicwall as the gateway and the New DC as the DNS.

At this point I have completely removed roles and everything. It's literally just another computer on the network.
0
asavenerCommented:
Is the SonicWall configured to authenticate users?  That would be my next guess.  Check if the clients have a proxy configuration set up in their browser.
0
Todd HSenior Solutions EngineerAuthor Commented:
No proxy config. I am able to go in with an entirely new system and hook it up with no issues. So it's not like it's MAC filtering, has an access control list, etc...

It does however have something to do with that server running.

It's not connected through the server (Modem -> Sonicwall -> 16 Port Switch -> Clients)

When the Internet is "down" we can also still ping the external IP and get a response.
0
asavenerCommented:
What about a WinSock proxy client?  Was the original server an ISA or TMG proxy server?
0
Todd HSenior Solutions EngineerAuthor Commented:
Nope. No proxy involved. Very small business (1 Server and 5 Clients)
0
Patrick GohEngineerCommented:
Could the new DNS server resolve internet addresses? It might need a forwarder or root hint configured, so that it can resolve the internet addresses.
0
Todd HSenior Solutions EngineerAuthor Commented:
Just so this is closed.

I went on-site. The server was plugged into an APC UPS "Master" port. When the server shut down it powered off the corresponding "Sub-Master" ports. This was powering off the Sonicwall which is why there was no internet but everything internally worked fine.

I have really grown to hate APC.

Anyway thanks for all the help/replies... you guys rock!
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
asavenerCommented:
You win for this week's most bizarre problem.  Glad you got it fixed.
0
Todd HSenior Solutions EngineerAuthor Commented:
Sometimes the issue is not what it seems. NEVER trust what other people are telling you on the other end of the phone ;)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.