Recently in our Single Domain site we installed a new Domain Controller. The purpose for the new domain controller was so that we can retire one of our old Domain Controllers. The new Domain Controller gives us a total of 3 Domain Controllers.The new Domain Controller is a Windows Server 2008 machine. The other 2 domain controllers are Windows Server 2003 Domain Controllers.The new Domain Controller is a Global Catalog Server. He also now holds all 5 FSMO roles. He is also serving DNS, DHCP, and WINS.We have tried several times in the past couple of weeks to power off 1 of the 2 old DC's (the one we want to retire) to make sure that Logons, resource sharing, and effectively all other AD activities still work.Everyting works fine except our Exchange system. Each time that we power off the old domain controller, users cant connect in outlook to our Exchange Server.We have physically pointed our two Exchange Servers, (one Front End and one Back End) for DNS to the new DC. When I run a sniffer, I see plenty of activity for ldap, Global Catalog, and kerberos bound for the New DC.What could be the issue here?KMNR Owner

Check the followingWhen you say , your users gets disconnec ted, what happens to the exchange services at that time specially AD topology discovery service and system attendant.1. Check if the AD replication is fine between all the DCs.2. Run EXBPA on exchange and on step 1 , select the new DC when it asks for connect to Active diretory and then look for error.3. check for event IDs on exchange and the new DC.4. Disable IPv6 and the firewall on 2008 box.Raj

Are the problems with internal or external users? Over a vpn? Were the proper firewall settings changed for systems to reach the DC's for the GC, externally and internally?

RajThanks for your suggesitons. Here are the results:1. AD replication works fine between all 3 of the DC's2. I ran EXBPA and it came back saying something about only having 1 GC in the domain. I am not sure why it thinks this, as all three DC's are GC servers. I had tried removing the GC from the old server we want to demote, and when I did no one could connect to Mail. Also when we rebooted the Mail servers, they hung at "Applying computer settings" until such time as I restored GC on the old server. 3. I see alot of errors on the Back End mail server about DSAccess. The event ID is 2103.Also seeing Event ID 2114: Topology discovery failed. Here is the message with Event ID 2103: ""Process MAD.EXE (PID=2272). All Global Catalog Servers in use are not responding: bhidc2.boarsheadinn.com ; bhiprint1.boarsheadinn.com ; bhidc3.boarsheadinn.com ""**There are several other errors in the EV where it is looking for the old DC bhidc2.boarsheadinn.com. Event ID's 2102 (Domain Controllers not responding), Event ID 8026 (Failed LDAP bind to bhidc2.boarsheadinn.com)4. IPv6 is disabled and also the FW is disabled...After examing all of this, it is obvious at this point that the Mail server is still trying to access our old DC bhidc2. How can we get it to look to the New DC ?? KMNR Owner

Please follow the posts in this thread to troubleshoot the issueJames Luo TechNet Subscriber Support (http://technet.microsoft.com/en-us/subscriptions/ms788697.aspx) If you have any feedback on our support, please contact tngfb@microsoft.com

Internal users. No VPN's involved. Only a couplesettings on the Firewall needed to be adjusted. Iopened an existing port (Global Catalog - tcp 3268) on our Firewall from our DMZ network so that the Exchange Front End server could talk GC to the new DC as well as the old DC.All DC's and our Back End exchange server are located on the inside network.I did open ports for Global Catalog (tcp 3268) on our Firewall from our DMZ network so that the Exchange Front End server could talk GC to the new DC.KMNR Owner