Network slow after removing old DC 7

[M3Fan]

I have a small business network with about 65 users and 6 servers. All of our current servers are W2k3 boxes and one of those boxes is our new DC. Our previous DC was a W2K box. For a while, they were both DCs in parallel. I transferred the FSMO roles to the new DC using the command line utility and then used DCPromo to demote the old W2K box. DNS was also set up on the new DC, as well as DHCP. All was well and it seemed that everything had transferred over just fine.

Here's the problem: when I turn off the old W2K DC the network slows down considerably. When I power it back on, the network moves along swimmingly, instantly. What could this be? When I say the network slows down, I mean that mapped drives take 30 seconds to open, RDP client takes 30 seconds to open, Outlook absolutely crawls, IE hangs, etc. on most of my clients. It's a huge, noticeable difference. What remnants of the old server could be out there?

 

[M3Fan]

TechyMc,

I just checked and the new server does have Global Catalog checked. The old server is listed under "Servers" but it does not have any NTDS settings at all.

 

[58sniper]

GC isn't a FSMO role.

Just to clarify, you have a DC that's also running SMTP? And RRAS? Pretty bold.

I didn't think anyone used Jet Admin anymore.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.

http://www.ucblogs.net/blogs/exchange/

 

[M3Fan]

Sniper,

Those services are what are running on the OLD server. The do-everything server (old, demoted no-longer-DC) which now does nothing except serve up legacy applications.

Guys, my packet sniffer is clearly showing netbios requests to the old server IP from my client PC. If I had to guess I'd say this is probably the issue. If we were to focus on netbios being the issue, what options do I have?

 

[Freestone]

Was/is WINS configured pointing to old server?

 

[M3Fan]

Freestone- on my client PC? No. It was configured to take the settings from DHCP. The DCHP setup on my new server does not appear to be configured to point to the old server for anything that I can see.

 

[M3Fan]

Another clue- if I disable Netbios over TCP/IP on my client machine, I still see a request to the old server using my packet sniffer, but on a different port:

7 TCP 172.16.100.47 172.16.100.15 2882 445 microsoft-ds 74 1,410 Bytes 4,522 Bytes 12/4/2008 11:02:33 AM:684

 

[58sniper]

You still need to verify the new server is a GC. If it's not, that will certainly slow things down. Also, verify the new DC is in the correct AD site.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.

http://www.ucblogs.net/blogs/exchange/

 

[TechyMcSe2k]

Are you seeing this request just sitting idle on the PC? Is there an application or service on the PC's requesting this info? Have you UNINSTALLED DNS from the old server. This will remove all traces of that server from the DNS architecture, since I would believe it was the Master for your AD Integrated Primary DNS Zone. How many DC's do you have without the old one? Are you using WINS? Nevermind that one, it is not listed in the services above.

 

[M3Fan]

Sniper, I already verified that the new server is a GC by noting the checkbox in the global catalog option in the AD Sites/services MMC.

Techy, I see this request when I try to do something that would previously hang when the old server was unplugged, such as mapping a file share or opening RDC.

I have not uninstalled DNS from the old server. Without the old one, we only have the 1 new DC.

 

[TechyMcSe2k]

Very dangerous to just have the one DC. Are you planning a new secondary?

 

[TechyMcSe2k]

Also, another thought...when you unplug the old DC, have you tried rebooting the PC to see if things get better? I would do this test before and after you uninstall DNS.

 

[M3Fan]

Techy, I just unplugged the server and rebooted my laptop. Slow as could be. Major hang on startup after login, and major hang (20 seconds +) opening a file share on a different server or clicking around in Outlook, and major hang merely opening the remote desktop client.

I had the packet sniffer running during this time and it detected no packets going to the old IP address. However, once I plugged the server back in I traced these packets from my machine going to the old server:

31 ICMP 172.16.100.47 172.16.100.15 2 64 Bytes 180 Bytes 12/4/2008 2:16:27 PM:117
32 TCP 172.16.100.47 172.16.100.15 1181 445 microsoft-ds 19 2,884 Bytes 3,821 Bytes 12/4/2008 2:16:27 PM:117

If I stop the DNS service on the old server it does not slow things down at all. Should I still uninstall it?

 

[TechyMcSe2k]

Protocol 445 is strange. Can you run the packet sniffer on the server?

You need to discover which application 'owns' that port.. use the netstat -b switch for this...

With the -b option, Netstat displays the TCP or UDP port, the file names corresponding to the components of the service that owns the port, and the PID. From the file names and PID, you can determine which of the services in the display of the tasklist /svc command owns the port

 

[TechyMcSe2k]

What type of clients do you have? 2K, XP, or Vista>?

 

[TechyMcSe2k]

Port 445 or CIFS is used in name resolution (i.E. DNS).

http://www.snia.org/tech_activities/CIFS/CIFS-TR-1p00_FINAL.pdf

Chapter 2 speaks of this.

The weird fact that you did not see these packets while the server was off is leading me to believe that there is still some underlying name resolution issue and is causing the PC/network to be slow. And all of the clients are somehow linked to the old server (in some way yet undiscovered by this forum) to get this information it needs.

 

[TechyMcSe2k]

Then I thought of your 2K domain with one 2K DC...then you added a W2K3 DC. Did you follow these guidelines>?

http://www.petri.co.il/windows_2003_adprep.htm

Then, what I would recommend, is upgrading the old DC to 2003, see how things go. Even unplug it to see if the network slows down again. Then demote the server to remove it properly from AD. Otherwise, if it does upgrade OK...you may even consider keeping it as your secondary for now until you acquire a new server to run a second DC.

 

[TechyMcSe2k]

Also, have you raised your domain and forest functional levels? What are they at currently

 

[M3Fan]

Techy, you're on to something for sure. There is definitely a name resolution issue of some sort. I just uninstalled DNS on the old server, by the way. No noticeable difference with my computer. I'll also say that not all clients are experiencing this. All clients are XP SP3 but I've gotten complaints from the Mac OSX clients about file sharing latency as well. All clients are set to use DCHP.

 

[M3Fan]

Techie, the old server has already been completely demoted and all FSMO roles have been moved over. The AD is still at the W2K level though- I haven't upgraded the AD to 2003 mode. Keep ing the server around is not an option.

 

[TechyMcSe2k]

Note: "The AD is still at the W2K level though- I haven't upgraded the AD to 2003 mode" - If the 2003 DC is all you have, then I would move domain and Forest to Windows Server 2003. You say it is still 2K, but in 2003 that is not an option. only Windows 2003 Interim and Windows server 2003 (the same as the old 2000 native)....something screwy there if it still says Windows 2000