Ok, so last week we moved the aforementioned things to a new server. Everything SEEMED to go ok, but now I am getting a few windows xp clients with kerberos errors. I am also getting Netlogon errors on the new "PDC" referring to broken trusts for computer accounts and also corrupt computer accounts.
We have unjoined these pc's from the domain and rejoined them..the issue remains.
This is causing them to not be able to browse the old "PDC" nor the new one. Strangely if I ping the old one it resolves to the old IP it was using (now switched to the new operations master). It resolves..but not to a domain account. For instance...
Ping sbcg-pdc-atl
resolves to sbcg-pdc-atl not sbcg-pdc-atl.atlanta.com like it should.
If i ping the FQDN then it resolves to the proper IP. If I browse to the FQDN from the start/run prompt it works. If i browse to just sbcg-pdc-atl then it tells me the target name is invalid or perhaps i dont have permission to access the resource.
I thought at first that I should remove the old machine (still a DC) as a Global Catalog...so I did. This didn't help. I am at a loss currently and would like to avoid calling MS but I will if I have some serious AD issues. I am thinking perhaps I didn't give enough time for synching in between these changes and perhaps the security database is fubar.
Has ANYONE seen any issues like this before?
We have unjoined these pc's from the domain and rejoined them..the issue remains.
This is causing them to not be able to browse the old "PDC" nor the new one. Strangely if I ping the old one it resolves to the old IP it was using (now switched to the new operations master). It resolves..but not to a domain account. For instance...
Ping sbcg-pdc-atl
resolves to sbcg-pdc-atl not sbcg-pdc-atl.atlanta.com like it should.
If i ping the FQDN then it resolves to the proper IP. If I browse to the FQDN from the start/run prompt it works. If i browse to just sbcg-pdc-atl then it tells me the target name is invalid or perhaps i dont have permission to access the resource.
I thought at first that I should remove the old machine (still a DC) as a Global Catalog...so I did. This didn't help. I am at a loss currently and would like to avoid calling MS but I will if I have some serious AD issues. I am thinking perhaps I didn't give enough time for synching in between these changes and perhaps the security database is fubar.
Has ANYONE seen any issues like this before?