DC Demotion and problems have begun
Hoping if someone can help me on this major problem I am having.
Over the summer we introduced 2008 onto our network, we had an old 2003 server which was the first DC ever created on the network when it was created back in 2004.
The plan over the summer was to remove all of our 2003 servers and the whole AD structure to run on 2008 only. After some testing we realised that the primary 2003 DC was going to be a bit more difficult to demote as other services relied on it such as old linux boxes we had on the network.
After months of planning and finally deciding to go ahead and do it, I demoted the 2003 server last night so the network was only running on the 2 2008 DC's DNS server we had on the network. just to point out one of these 2008 servers also has all the FSMO roles and both are AD integreated DNS and global catalogs. so in theory windows services should have worked fine and for the most part that worked, users were able to login and see their files.
Today though I have noticed some problems which I am hoping someone may have come across. If I dont act these soon I see big problems ahead... I'll list the problems below:
- One 200R2 member server I am not able to RDP into anymore. It says "remote desktop cannot verify the identity of the remote computer because there is a time or date difference between your computer and the remote computer. Make sure your computers clock is set to the correct time..." As this server is a VM I logged in through the vcenter client and checked the time and it seems to be identitical to my local machine.
- Both of our file servers which have shares for home documents and shared areas (1 2003 and 1 2008 R2 server) seem to be working but when I look at the permission it seems to show them as SIDS and not with the naming scheme and from what I can see it only shows some users, never shows groups
- The same 2008 R2 server is also an NPS and active directory certificate server ( this is used for wireless logins using RADIUS). in the event log I am getting all sorts of errors " There is no domain controller available for domain...., on the ad certificate event log I am getting Active Directory Certificate Services could not publish a Delta CRL for key 0 to the following location: ldap:///CN=DOMAINNAME-CLANCY-CA,CN=clancy,CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,DC=DOMAINNAM E,DC=PRI. Operation aborted 0x80004004 (-2147467260).
- On the 2008 R2 server i am also getting a certificate templates message saying "windows encountered problems emumerating writable domain controllers for the DOMAIN. the format of the specified domain name is invalid.
- the system cannot log you on due to the following error: the specified domain either does not exist or could not be contacted.
If anyone could advise if they have come across any of these problems, it would be most appreciated