Question : 'Cannot obtain the domain controller name' on clients after 2000 to 2008 migration. Major connection problems...

Having rather large problems across the whole site, any advice would be really helpful here:


Background:

Our old network included 4 Server2000 DC's and some other member servers. We have moved over to a completely new network with xenserver running on three physical servers connected to a SAN.

We updated the schema, dcpromo'd a 2008 r2 VM, moved over FSMO roles, and then demoted the 4 old 2000 boxes to member servers.

We then added another r2 DC so we are now left with DC1 with all FSMO roles, DNS and DHCP, and DC2with DNS. Both are GCs.



Problems:

Now connecting clients to the domain has been a nightmare. Lots of "No (DOMAIN) Available" messages on logon.

Some PCs are showing in the event log the following events:

"Event 1054

Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted. "

"Event 4356

The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{6295DF2D-35EE-11D1-8707-00C04FD93327}.  CoGetObject returned HRESULT 8000401A."

Logon times are nowhere near acceptable at the moment, clients can sometimes take 45 seconds or longer to logon, other times they'll logon as expected within 15-25 seconds.



Things I've checked:

I have run DCDIAG on the first DC and all tests have passed with exception to its ability to read Event logs (due to not creating hole in firewall).

Checked DNS entries in both DNS servers and they both appear to be replicating properly. All SRV records for the DC's appear to also be correct.

When I gpresult a machine after logging in, unless I have previously forced a gpupdate, it will show one of the old DC's as its source for applying policy which is odd. If I do run a gpupdate, then it connects to one of the new DC's and pulls the correct policies.

Also, on the clients i have logged into local administrator, flushed the dns cache, and can succesfully resolve DC1, and DC2s names still through nslookup.

It appears that pulling the machines completely from the domain and rejoining them seems to help but we are still experiencing massively increased logon times.
Even after being completely removed from the domain and re-added, clients are still sticking at 'Applying User Settings' for a good 30-45seconds occasionally more...

I have attached the dcdiag results if it is any help.

Answer : 'Cannot obtain the domain controller name' on clients after 2000 to 2008 migration. Major connection problems...

Sorry I didn't see the DC1 and DC2 listing but disable IPv6.

Also, on DC2 remove the "1" from DNS servers. Once you have done that run ipconfig /flushdns, ipconfig /registerdns, dcdiag /fix


   DNS Servers . . . . . . . . . . . : ::1
                                       10.0.9.2