I'm having several problems with a windows 2003 server

starriolstarriol Member Posts: 4 ■□□□□□□□□□
OK, the story is this: at our company we where using Windows 2000 server.
We decided to buy a shining new PC (Dual core P4, 1 GB of ram, 2 SATA disks in raid) and upgrade to windows 2003.

We did. But in the middle, things got quite complicated.

Now, the network works WORSE than it did before.

The server is the only one and it's a file server; all the files of the company are worked on it.
Word files, photos, Excel, everything is there...
It's also important that we connect to Internet with router, that is configured on every PC as the alternative DNS server, including the only server (Which is DNS and domain controller with active directory).

I read somewhere that this could be the cause of my troubles...

My problems are basically 3:

1) In some PCs of my network, when working with Word files the response time gets REALLY slow. That is, you type something in the keyboard and the cursor turns to the clock and 5 secs later you see the letter you typed. THAT bad. Tried changing from Office 2000 to Office 2003, nothing. Disabling the antivirus (nod 32, know to cause problems with networks), nothing. Even added ram to one of the PCs affected. NUTHING!

This happens ONLY when working with Word files on the server. If I copy THE SAME file to the affected PC, it's all good. On some other PC of similar specs, I don't have the same problem.

2) All the PCs take between 1 and 2 minutes to start the windows session after I log with user & pass. This didn't happen with Windows 2000 server (Which wasn't installed by me. I admit I'm a newbie and it was too eager from me to install windows 2003 personally. I'm taking classes now, so please help me out).

3) Some people report that the time when browsing through the files on the server or when opening a file are SLOWER, with a PC 5 years newer!

Anyway, as I said, some guy in another forum suggested that I should erase the router as the secundary DNS server on the client PCs and the server. I did that just to try it out, but then the PC wouldn't access to Internet!

So, what do you think about his idea?

When using Netdiag from Microsoft's Windows Support Tools, I get the following errors:

DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative DNS server for the name
'server.ces.'. [RCODE_SERVER_FAILURE]
The name 'server.ces.' may not be registered in DNS.
[WARNING] The DNS entries for this DC cannot be verified right now on DNS
server 192.168.0.151, ERROR_TIMEOUT.
[WARNING] The DNS entries for this DC are not registered correctly on DNS se
rver '192.168.0.10'. Please wait for 30 minutes for DNS server replication.
[FATAL] No DNS servers have the DNS records for this DC registered.


DC list test . . . . . . . . . . . : Failed
'CES': No DCs are up.

CES is the name of my domain.

192.168.0.151 is the IP of my only server. It SHOULD be working as active directory, DNS and active directory server... but I'm getting problems...
192.168.0.10 is the IP of the router; it's only function is to provide internet to all the PCs of the domain.

Ideas guys! I need them!

Comments

  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    With this experience you will remember to always have a plan to fail back to the original setup if need be.

    Not knowing anything about the network settings you had on the previous server or how you set up your new one, It certainly sounds like Active Directly and/or DNS are not configured correctly on the server, if it were, your clients would not be using the secondary DNS at all, it would always use the Primary DNS server, if that DNS server is accessible.

    Did you use any kind of guide when you were installing it or did you just wing it?
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • starriolstarriol Member Posts: 4 ■□□□□□□□□□
    Actually, just winget it icon_confused.gif .

    Anyway... I'm actually taking classes about the subject, but anyway I need it solved ASAP. Any ideas?
  • garv221garv221 Member Posts: 1,914
    blargoe is right, you need a good plan before doing this kind of stuff. Users get highly inpatient when things do not go smoothly on the network.

    It sounds like when you removed your old server, you removed the only server on the network with DNS and AD on it, crippling your network. Your router surely isn't replicating DNS/AD, that should actually be setup as the defaut gateway and you should issue another DC for seconday DNS. I would highly suggest getting that old server backonline and having it replicate to your new server or just set the DNS/AD up manualy on the new server.
  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    starriol wrote:
    Actually, just winget it icon_confused.gif .

    Anyway... I'm actually taking classes about the subject, but anyway I need it solved ASAP. Any ideas?

    Honestly?

    Get your old server back online and get all of the settings on each of the PC's back the way they were. If this is not possible, call a local IT consultant and have them come in and look at this. There is too much going on to troubleshoot over a message board in the amount of time you have to get this working.
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    Did you set the new server up as a DC by running DC Promo?
    Did you do it with the old server online or offline? The very first DC set up on a domain is different than all others (Catalog Server, PDC Emulator, etc) and if you take it offline you need to transfer those functions to another DC first.
    Were you connected to the Internet when you set up the new server?
    Did you install DNS on the new server and was it set up on the old one?
    More info would be helpful if you can provide it.

    The clients may be logging in with a cached domain profile if you didn't properly set up the new server in AD. Also, you need to have the clients DNS point to the server ONLY (make sure you actually have DNS running on the new server - based on netdiag output it may not be) and set the server up as a forwarder to your ISP/router DNS.
    All things are possible, only believe.
  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    Did you use the same domain when you installed AD on this new server or did you create a new one?

    What OSes are the clients running?
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • Danman32Danman32 Member Posts: 1,243
    DNS surely seems to be your issue.
    The entire network should be pointing to the DNS server responsible for AD records EXCLUSIVELY. This includes the DC, which in your case should be running DNS and have a zone for the AD domain, and the DC network connection should be pointing to itself for DNS.

    The side item of not getting internet DNS resolution, the AD DNS server should have its forwarder set to forward unresolvable queries to the DNS server you have been using for internet DNS. Of course that also requires internet IP connectivity, so be sure your default gateways are properly configured. The WS can point to the router for the gateway, and the server certainly should. If you can ping 72.14.203.99 then you're in good shape in that respect.

    Once you got DNS properly configured, then you can run Netdiag. If netdiag reports DNS failures and fails to indicate fixes, (use the /fix option), then AD won't work properly and you will get the symptoms you describe. Now Nediag can report FAILED but yet fix the registrations thus a subsequent run would indicate PASS.
    One thing that can cause Netdiag to fail to fix problems is dynamic registration. Although the DC should be able to authenticate to itself to register records, sometimes it can't. Try setting the zone dynamic security to secure and unsecure. BE SURE THAT DYNAMIC DNS IS ON! If it is off, that surely will cause Netdiag to fail, since even Netlogon can't register its records.

    This should give you a big leap into your problems.

    Sometimes I have to go as far as having a client completely redo his zone for AD, and then again having Netdiag fix the registrations.
    If W2K3 is set to 2003 native, then you not only need a zone for your domain (such as Mycompany.local), you also need a separate zone for _msdcs.mycompany.local. If AD is 2000 native or lower, then the _msdcs will be a subordinate domain within the Mycompany.com zone.
    The reason for this split is because originally W2K could only replicate AD integrated zones within a domain boundary, which could be an issue for records that are needed forest-wide.
    So AD integration replication type should be for all DNS within a domain for mycompany.com zone, and all DNS within the forest for _msdcs.mycompany.com zone, assuming you don't have any W2K DCs any longer.
  • strauchrstrauchr Member Posts: 528 ■■■□□□□□□□
    blargoe wrote:
    starriol wrote:
    Actually, just winget it icon_confused.gif .

    Anyway... I'm actually taking classes about the subject, but anyway I need it solved ASAP. Any ideas?

    Honestly?

    Get your old server back online and get all of the settings on each of the PC's back the way they were. If this is not possible, call a local IT consultant and have them come in and look at this. There is too much going on to troubleshoot over a message board in the amount of time you have to get this working.

    Thats what I was thinking.

    The implication of this activity are far beyond writing a post in a froum. It could be a thousand things of which half of them would be your text book issues.

    Get a consultant in to go through the entire set up and maybe expain a few things to you. No offense but an experienced or skilled IT person would not have performed the 'upgrade' the way you did.

    BTW it your based in London I can offer my services.
  • Danman32Danman32 Member Posts: 1,243
    I don't know how you guys can knock his upgrade path since he never specified how he upgraded. There are several ways one could upgrade a network. Since he has new hardware, the 2 common ways are the following:

    1. add the new server to the existing domain, then migrate out the old server. This is safest, but once in a while this can be problematic. You can also inherit existing AD problems you may not even known about.

    2. Create a brand new domain.
    You're guaranteed a clean AD, though you have to completely re-enter all the objects manually. The users and computers will have new security IDs so existing profiles will no longer be associated with newly created accounts, even if they have the same name. WS have to be rejoined to the new domain.

    I suspect he chose option one, since he implies he still has his existing accounts and profiles since he didn't complain about it.

    Clearly the problem is DNS, at least the biggest problem. Netdiag proves it.
  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    Are you serious? He has never done this before, doesn't have very much experience with networking, and he admitted that he just winged it. And he didn't have a plan to fail back if something went wrong. How could it even remain a possibility in your mind that this could be a good plan?
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    That said, there are all kinds of things that could be going wrong behind the scenes. DNS being broken is kind of obvious and I think sprkymrk is right about the users logging in with cached credentials too.

    If the new server is a member of the same domain as the old one, I imagine he ran dcpromo on the new on and didn't transfer the FSMO's to the new DC before powering the old one off for one thing. All kinds of possibilities.

    Maybe he could

    Power back on the orignial domain controller
    make the old DC the primary DNS server for the new DC
    uninstall DNS from the new server completely
    Re-Install DNS to new server, AD-integrated, etc
    Set forwarders in DNS to forward requests to the IP of the router or more preferably the IP of the ISP's DNS server
    Install global calalog on new server
    Transfer all FSMO's to new server
    run dcdiag again
    Point clients to new dns server and remove the secondary entry
    Test, test, test
    Power down old server
    Test, test, test
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • garv221garv221 Member Posts: 1,914
    No offense, but this is the fastest way to loose a job in a IT department. Being in this field you cannot wing anything, every step you make has to be calcluated from every angle because business itself is relying on IT to handle it. Explain to your boss the reason the network crashed is becasue "You just winged it" icon_eek.gif and see what he thinks. Companies try to avoid situations like this by not hiring employees who make these decisions. This is why experience rides very far with companies in the hiring process. I hope you get it fixed quickly.
  • Danman32Danman32 Member Posts: 1,243
    Hmm. Forgot that the FSMO roles might not be on the new server. I don't think Netdiag would report the DNS error that way though if it were only FSMO.

    Get the DNS going, then check FSMO, seize if needed. Then work from there.

    He is able to get to his data, it just takes a while, so I doubt he is using cached credentials and not logging into the new server.

    But it would be nice to find out exactly what was done, and what we have now.

    1. Is this a new domain, or has the new DC been made a member of the original domain?
    2. What was done with the original W2K?
    3. If a new domain, were the WS made members of this new domain? If not was it attempted but failed? (symptoms of bad DNS config).
  • garv221garv221 Member Posts: 1,914
    I would get the old server online and spend the time getting that working first. After you get the network back online, try replicating DNS/AD over to the new server and shutdown the old server. Thats the easiest thing you can do right now, just back track your footsteps and get it working like t was before all of this.
  • Danman32Danman32 Member Posts: 1,243
    garv221 wrote:
    I would get the old server online and spend the time getting that working first. After you get the network back online, try replicating DNS/AD over to the new server and shutdown the old server. Thats the easiest thing you can do right now, just back track your footsteps and get it working like t was before all of this.

    That's probably what he did, and that's why he is in trouble now. You have to transfer the DNS, and if both servers are in the same domain, demote the 2K before removing it. At least the FSMO roles need to be transferred if you are going to test function by temporarily turning off the 2K before permenantly demoting.

    But unil the OP responds, I think we should leave this alone for now.
  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    Danman32 wrote:
    He is able to get to his data, it just takes a while, so I doubt he is using cached credentials and not logging into the new server.
    It could be if he didn't make the new server a global calalog.
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • garv221garv221 Member Posts: 1,914
    I would assume he just turned the old server off. If he removes the new server, he can boot the old server back up just as if he never made this mistake. Just like a power outage. Nothing replicated and destroyed anything unless he has kept the old server online this whole time... icon_confused.gif
  • Danman32Danman32 Member Posts: 1,243
    The old server would now know about the new server if he joined the new server to this domain and promoted it. He would have to demote the new server in the presence of the old server, or else he has to do an AD cleanup. If he is going to do that, he might as well fix his DNS and allow the two servers to complete replication.

    We still need to know, is the new server in its own domain, even if the name is the same (new forest) or is it part of the original domain/forest?
  • RTmarcRTmarc Member Posts: 1,082 ■■■□□□□□□□
    I may have missed this somewhere in the thread but has the DHCP scope been altered to reflect the changes in DNS servers? If he hasn't altered the scope DHCP could still be pushing out the old IP address for the DNS server? I see where he says .151 is the only server but hopefully he didn't give both servers the same IP address and then power the old server down?

    Based on this error message:
    [WARNING] The DNS entries for this DC are not registered correctly on DNS se
    rver '192.168.0.10'. Please wait for 30 minutes for DNS server replication.
    It looks like it's trying to fail over to the secondary DNS server -since the primary is down- but it's not able to locate the SRV records on the router.

    The server should be it's own DNS server and the clients point to the server. In an environment as small as you have there should be no other settings. Your server should resolve internal addresses and also serve as a caching server. I'm also assuming the router is indeed a router and not a server running as a router. If that's the case the router needs to be, at most, the internet gateway and should not be handling anything else.
  • garv221garv221 Member Posts: 1,914
    Danman32 wrote:
    The old server would now know about the new server if he joined the new server to this domain and promoted it. He would have to demote the new server in the presence of the old server, or else he has to do an AD cleanup. If he is going to do that, he might as well fix his DNS and allow the two servers to complete replication.

    We still need to know, is the new server in its own domain, even if the name is the same (new forest) or is it part of the original domain/forest?

    Yeah but if he just shut the old server off and booted up the new server thinking it would automaticaly work then taking the new server off the network for right now would fix the problem if he booted up the old server. LOL icon_eek.gif (This would bring us back to it running correctly.) Then next week after alot of reading, do the promotion your talking about. Where is this guy?
  • Silver BulletSilver Bullet Member Posts: 676 ■■■□□□□□□□
    Wow....you guys have created alot of what if's on alot of unknowns. This guy needs to post back with more info about what actually took place or is taking place. Otherwise this thread is going no where. icon_lol.gif
  • strauchrstrauchr Member Posts: 528 ■■■□□□□□□□
    Wow....you guys have created alot of what if's on alot of unknowns. This guy needs to post back with more info about what actually took place or is taking place. Otherwise this thread is going no where. icon_lol.gif

    Thats what I was saying in the first place - and there is even more.

    TBH I can think of a few things that haven't been mentioned yet that would probably help quite a bit but why should I give my services away for free?

    I don't mind helping people who are learning or posting about strange quirky problems but sharing my knowledge that I worked hard to obtain doesn't seem right.

    The guy didn't test it nor had a fallback plan nor did he take the time to research issues correctly and admitted he just winged it. Someone who is inexperienced should not be performing this kind of work and if I/we bail him out this time he'll just do other things he probably shouldn't be doing and his company would not have learnt a lesson from not hiring the correct people to do the job correctly.

    Sound harsh? Well I'm in a bad mood.
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    strauchr wrote:
    Sound harsh? Well I'm in a bad mood.
    Sorry to hear that. Go home and kick the dog. Watch a movie (Clint Eastwood preferably). Have some ice cream. Just don't bawl out your boss. icon_wink.gif
    All things are possible, only believe.
  • strauchrstrauchr Member Posts: 528 ■■■□□□□□□□
    Nothing serious, just got the morning blues. I am not a morning person and woke up tired this morning.

    But I just went to the gym and had a good work out. pounded that boxing bag too - I feel much better ;)

    Thanks for your concern.
  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    What happened to the OP? My morbid curiousity wants to know how this turned out.
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • garv221garv221 Member Posts: 1,914
    strauchr wrote:
    TBH I can think of a few things that haven't been mentioned yet that would probably help quite a bit but why should I give my services away for free?

    I don't mind helping people who are learning or posting about strange quirky problems but sharing my knowledge that I worked hard to obtain doesn't seem right.

    The guy didn't test it nor had a fallback plan nor did he take the time to research issues correctly and admitted he just winged it. Someone who is inexperienced should not be performing this kind of work and if I/we bail him out this time he'll just do other things he probably shouldn't be doing and his company would not have learnt a lesson from not hiring the correct people to do the job correctly.

    Sound harsh? Well I'm in a bad mood.

    I agree, you/I could check the posters number of posts before handing out useful information. I think everyone posted because its fun to discuss possible resolutions. Someone could tell this guy exactly what needs to happen to fix this problem, but its the same concept as cheating on a exam, he doesn't learn anything and still doesn't understand how or why this system is now working.
  • strauchrstrauchr Member Posts: 528 ■■■□□□□□□□
    Perhaps he got the message from my ramblings, or perhaps he took our advice and hired someone.

    I hate to come off sounding unfriendly but this site is not here to give free advice to unskilled IT people and tell them how to fix everything.

    Sharing ideas, methodologies, studying tips and non-textbook style problems is what we're here for.

    *Did I already say this??*
Sign In or Register to comment.