Re: Windows 2008 DC in Windows 2003 domain = slow logons , warning long story

Hi Ace and thanks for the reply.

The plan is to dcpromo the old server after we verify full functionality of
the new server wanting to make sure everything worked with Windows 2008 64
bit. I am just surprised in the slowdown of logons with the old DC off the
network as I thought that the domain client would try to use the other and
only new DC in the site after it was discovered the old DC was no longer
available after a short period of time but not only after several minutes.

Thanks for the info on changing SRV records in that it needs to be done in
the registry.

Both servers/domain controllers appear as name servers for both forward look
up and reverse zones so I am not sure what is up with that but I don't
believe that is the issue anyhow.

The only other thing I am noticing is a frequent warning in the application
log on the new server about a Group Policy preference issue. It reports that
a setting is not working though all the domain computers have the printer
mapped via that policy.

"The user 'RICOH Aficio MP 4000 PCL 5e' preference item in the 'cyberbond
{D69EF6A9-16F6-47ED-8549-24BF4031DCBE}' Group Policy object did not apply
because it failed with error code '0x8007007b The filename, directory name,
or volume label syntax is incorrect.' This error was suppressed."

I appreciate your advice to simply dcpromo as that makes me feel better. I
though that maybe there was some Windows 2008 specific issue causing the
problem. I will reply back results after we dcpromo proably this weekend.

Steve


"Ace Fekay [MCT]" <aceman@xxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:%23OWeqmzOKHA.1232@xxxxxxxxxxxxxxxxxxxxxxx
"Old Rookie" <somewhere@xxxxxxxxxxxxx> wrote in message
news:udlMJCzOKHA.388@xxxxxxxxxxxxxxxxxxxxxxx
Sorry.

I should add that once user is logged on everything works fine. They have
full access to files shares via mapped drives on new server and quick
access. New server can be pinged by IP address, netbios name, or FQDN
from client workstations. I also disabled SMB signing for server "always"
in local security policy on new server and changed authentication to be
send LM and NTLM - use NTLMv2 if can be negotiated instead of default
send NTLM only. No logon failures of any kind are seen in the security
logs of the new server either.

Steve

Steve,

I guess you've gathered you can't simply unplug the old DC. It has to be
demoted. Changing the SRV records manually do not work. To alter them, you
must alter the Netlogon registry setting on the DC you want its values
changed.

I think you ran the tests either while it was unplugged or shortly
afterwards, which is why some of the messages stated there were errors in
'the last 24 hours,' etc.

Also, as far as this message:
TEST: Delegations (Del)
Error: DNS server: apollo1.cyberbond1.com.
IP:<Unavailable>
[Missing glue A record]

Look in DNS, zone properties, nameserver tab. What's in there.

If you ask me, demote the old one, period, and move on with the new one.
:-)


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit
among responding engineers, and to help others benefit from your
resolution.

Ace Fekay, MCT, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA Messaging
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.




.

Relevant Pages

  • Access is Denied to W2k3 GPOs - Really Stumped!
    ... Policy Manager or from the default GPO editor since upgrading from Windows ... Emulator server or the current selection server or any writable DC. ... I physically applied an enterprise admin account to the sysvol folder ...
    (microsoft.public.windows.server.general)
  • Re: Win2003SP1 DC loses all shares, roaming profiles cannot logon or logoff
    ... If so check youir DNS server settings from your network card, that it points to the right DNS IP address. ... Windows 2003 Standard Domain Controller and a bunch of Windows XP SP2 ... Information item that tells me "Security policy in the Group ...
    (microsoft.public.windows.server.networking)
  • RE: Migration of NT4 to Windows 2003 server
    ... Upgrade the PDC to Windows 2003. ... Do not cancel the DCPROMO process. ... member server. ... Microsoft is providing this information as a convenience to you. ...
    (microsoft.public.windows.server.migration)
  • Re: Group Policy
    ... you should be running Terminal Services on a dedicated member server ... user policy settings). ... Windows Server group, as I was actually talking about AD ...
    (microsoft.public.windowsxp.security_admin)
  • Access is Denied to win2k3 GPOs - really stumped!!
    ... Policy Manager or from the default GPO editor since upgrading from Windows ... Emulator server or the current selection server or any writable DC. ...
    (microsoft.public.windows.server.active_directory)