Questions

why new 2008 DC won't serve AD in sbs 2003 domain when sbs 2003 offline?

+
0 Votes
Locked

why new 2008 DC won't serve AD in sbs 2003 domain when sbs 2003 offline?

ZeligWeb
I just added a new 2008 R2 std to a SBS 2003 domain. addprep and dcpromo went well and all seemed to be working. So I decided to take the SBS 2003 off-line and see if the new 2008 R2 DC would be an actual backup DC and would let my users log in. To my surprise all login attempts were unsuccessful. When I even tried to check AD domain users and domains from the 2008 R2 console the server responded the domain could not be reached.

I thought that adding a new DC would prevent such scenarios in the event of the main SBS 2003 being off-line/down.

Any ideas?

BTW, my next move is to retire the old SBS 2003 and migrate the domain to W2k8, but I guess I don't want to demote the SBS until I'm certain the new DC will take his place.
+
0 Votes
OH Smeg

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=52b7ea63-78af-4a96-811e-284f5c1de13b

If I am reading your question correctly this is to do with the different way that 2008 works as a Domain Controller and has different Networking Protocols.

Col

+
0 Votes
CG IT

The W2008 DC must be a member server of the SBS domain and must also be a domain controller of the SBS domain with the Global Catalog role assigned to it. It must also provide sysvol and netlogon shares redundancy.

+
0 Votes
ZeligWeb

Hi there.The W2008 ADC is a member server, dcpromo'ed it flawlessly after running addprep /forestprep and addprep /domainprep at the SBS2003. Both servers now list as Global Catalogs in the AD Users and Computers mmc. I'm also running a secondary AD intregrated DNS at the w2008 ADC: all records at the SBS2003 where properly replicated at the w2008DC. All network nodes (PC's, servers, nas...) have been configured with both DNS records.

So I gave it another try and shut down the SBS2003 again to test if the domain would work without the SBS2003: unfortunately I still got unsuccessful logons and "unreacheable domain errors" whenever I tried to log to a terminal server or I tried to browse a shared folder in our NAS or file servers. It's like the logged user credentials could not be confirmed against the domain's DCs, or the new W2008 ADC would not be responding to such requests.

So I guess (and pray) that I'm only missing redundancy for sysvol and netlogon redundancy as CG IT mentions. The thing is that I'm not quite sure know how to provide that redundancy you mention. can you give me some more detailed instructions?

thanks

+
0 Votes
p.j.hutchison

Run NET SHARE on the new DC and check that SYSVOL and NETLOGON shares are shown. If they show up and you can access them ok then they have been setup ok. DFS will automatically replicate the content from the old server to the new server.

Make sure any FSMO roles (PDC, Schema master, Domain naming master, Infrsatructure master and RID master) have been transferred to the new DC as well.

+
0 Votes
CG IT

unlike all other versions of Windows server. SBS is unique in that way.

Microsoft technet is your friend for SBS. Just read everything on SBS. plenty of articles on how to add an additional DC for authentication to an SBS domain.

there are caveates though... the second DC is strictly authentication to Active Directory because all FSMO roles must remain on the SBS box.