Users cannot login when turning off DC...

[bobolito]

Environment: Windows 2000 Servers and Clients.
Server Taurus: 10.51.40.16
Server Aries: 10.51.40.15

I had one DC named Taurus with DNS AD integrated. This was the first and only DC in the network. I got a new more powerful server (and I named it Aries) to replace the old Taurus DC. I installed AD in Aries, also DNS AC-integrated and transferred all 5 FSMO roles and the Global Catalog from Taurus to Aries. Also, all WINS and DNS records are pointing to the correct IP addresses. I made Aries the Primary DNS and all clients are using Aries as their Primary DNS which is resolving names just fine. I can see the AD database and settings from both Aries and Taurus. I want to demote Taurus (the old server) but when I run DCPromo I get a message saying that it cannot find domain controllers so Taurus is still a DC.
The other problem is that if I power off Taurus, none of the clients can find a DC even though the now primary DC Aries is online with all domain roles in it and available. How can I unload AD from Taurus and how can I make the clients login using Aries instead of Taurus? I have rebooted all clients and servers and clients still cannot find Aries as their DC.

 

[CCNI]

Did you set your DHCP to hand down the new DNS server IP?

Mike Jones, A+ MCSE
Systems Engineer/Owner
CCNI

http://www.ccni.com

 

[bobolito]

Thanks for the response. Yes, the DHCP server (which is another server) assigns the correct address for the new DNS server to the clients which is Aries (10.51.40.15). So when you go to the clients the primary DNS appears as 10.51.40.15. Aries is also WINS server and clients use it as the WINS server as well. All DNS and WINS are correctly assigned and pointing to Aries. All DNS and WINS records are pointing to the correct IP address which is 10.51.40.15 for Aries and 10.51.40.16 for Taurus. I lost track of how many times I double checked those settings.

 

[GrnEyedLdy]

Have you checked that Aries has all the proper SRV records that identify it as a Global Catalog as well as a DC?


This may help,

Service Records and Locating Domain Controllers

http://www.2000trainers.com/article.aspx?articleID=32&page=1

Patty

 

[bobolito]

hmmm...interesting.

I ran nslookup and typed [ls –t SRV mydomainname] and it responded that it can't list my domain because "Query refused"
However, the article says I can check the SRV records using the MMC. I suppose the SRV records are the SOA, NS, WINS, and A records listed in my Forward lookup zone. They already exist inside the Forward Lookup Zone under the domain name and they are all pointing to Aries [10.51.40.15], in other words, pointing to itself. I tried testing name lookups from the clients and they all responded just fine using the ping -a command. These name lookups I tested were names from Internet websites that were not in the DNS cache in the first place. Then, I went to Aries and looked at the Cached lookups and sure enough the lookups I had done from the clients were now there. This means the DNS is caching and solving names just fine. Lookups for the name Aries and/or its IP address from the clients returned the name "Aries" and its IP address with no delay and no problems. I don't know what else to do.

What I don't understand is the "Query Refused" message I got when running nslookup. I was sitting on the server itself using my administrator account.

 

[rphips]

Hello hate to break in but I just had the same problem....

I fixed it by doing the following

At the CMD on the new server i ran

ipconfig /flushdns
ipconfig /registerdns
net stop netlogon
net start netlogon

Then with my old server unpluged
I forced the clients to recieve thier IP addresses from the new server.

Ipconfig /release_all
Ipconfig /renew_all

so how do the leasing of IP address the clients pointed to the old server even when it wasn't on line.

rphips

 

[bobolito]

hmmm....sorry, but that has not helped. The clients are pointing to the correct DNS server (Aries) so the DHCP server is sending the correct info. Also, the clients are pointing to the same server (Aries) for WINS. However, I cannot make them login to Windows using Aries. They are obstinated to use Taurus. As soon as I power off Taurus, all clients are not able to login saying that there are no logon servers available in the domain. Any other suggestions?

 

[bobolito]

What if I use DCPROMO to demote Taurus to member server? I am afraid that if I do that the clients will not be able to login anymore because they don't want to use Aries anyway.

 

[LoJACK]

When you add another server and you want it to be the PDC you are supposed to transfer the 5 FSMO roles and the Global Catalog over and you are supposed to DCPROMO your old server as a member server. This way your new server gets promoted as the primary server.





Thanks,
LoJACK

 

[bobolito]

Thanks...that's exactly what I tried to do, but I don't know what went wrong. I didn't get any error messages. All 5 FSMO roles and the global catalog were transferred to Aries. I ran the NETDOM utility and it reported all the 5 roles are on Aries which is my new server. However, when I tried to demote the old server (Taurus) to member server, I got an error message saying that it could not find the domain controller and refused to continue. I tried transferring the roles back to Taurus, but I got an error message saying that it cannot find the domain controller. However, all the AD information is still visible from both servers. I am going to try to make Taurus sieze all the roles again and just scrap Aries and rebuild it. I guess I have no other choice.