Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » DC question - Single point of failure?
DC question - Single point of failure? [message #157194] Tue, 30 June 2009 19:15 Go to next message
Jordan  is currently offline Jordan  Norway
Messages: 66
Registered: July 2009
Member
Have 2 DC's W2K3, DC1 with all FSMOS's.
DC2 with no roles, booth are GC's.
Users can't logon when DC1 is down.
Is this right behavior?

Jordan
Re: DC question - Single point of failure? [message #157200 is a reply to message #157194] Wed, 01 July 2009 20:46 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Jordan" wrote in message news:es6l459g7u0t7svllm4mk3810k7nsr8d5q@4ax.com...
>
> Have 2 DC's W2K3, DC1 with all FSMOS's.
> DC2 with no roles, booth are GC's.
> Users can't logon when DC1 is down.
> Is this right behavior?
>
> Jordan

That depends. Please provide an unedited ipconfig /all of both DCs and of a sample desktop, so we can get a better idea of your AD configuration to offer a specific response.


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.

Please reply back to the newsgroup/forum to benefit from collaboration among responding engineers, as well as to help others benefit from your resolution.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
Microsoft Certified Trainer
aceman@mvps.RemoveThisPart.org
http://twitter.com/acefekay

For urgent issues, you may want to contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.
Re: DC question - Single point of failure? [message #157203 is a reply to message #157194] Thu, 02 July 2009 01:18 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello Jordan,

Is DC2 also DNS server and are the clients configured to use it as secondary
on the NIC?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Have 2 DC's W2K3, DC1 with all FSMOS's.
> DC2 with no roles, booth are GC's.
> Users can't logon when DC1 is down.
> Is this right behavior?
> Jordan
>
Re: DC question - Single point of failure? [message #157206 is a reply to message #157194] Thu, 02 July 2009 01:57 Go to previous messageGo to next message
florian  is currently offline florian  Switzerland
Messages: 484
Registered: July 2009
Senior Member
Howdie!

Jordan schrieb:
> Have 2 DC's W2K3, DC1 with all FSMOS's.
> DC2 with no roles, booth are GC's.
> Users can't logon when DC1 is down.
> Is this right behavior?

Depending on how you configured things, this is at least expected
behavior. Clients need DNS to find DCs on logon - so make sure they find
DC2 (if it's configured as a DNS server, too) and can authenticate on
it. If it's a single domain forest, that should be good. If there are
multiple domains in the forest, you'd need to make DC2 a Global Catalog,
too.

Cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste
Re: DC question - Single point of failure? [message #157208 is a reply to message #157206] Thu, 02 July 2009 02:19 Go to previous messageGo to next message
Syed Khairuddin  is currently offline Syed Khairuddin  Saudi Arabia
Messages: 77
Registered: June 2009
Member
Hello,

As told by Florian depends upon the configuration if your
additional domain controller is also configured as a dns server and
the clients are pointing to it as secondry dns then there should be no
issues. The only thing is that you will not be able to create new
users from the Adc until you seize the fsmo roles.


Thanks
Re: DC question - Single point of failure? [message #157219 is a reply to message #157200] Thu, 02 July 2009 08:19 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Ace Fekay [Microsoft Certified Trainer]" <aceman@mvps.RemoveThisPart.org> wrote in message news:ORdQF6q%23JHA.4168@TK2MSFTNGP05.phx.gbl...

Jordan,

If reluctant to post info, understandable. Maybe my following blog will help understand what is going on. Keep in mind that if any of the DCs are multihomed (more than one NIC and/or IP), or you are using your ISP's DNS, other problems will occur, and you will get unexpected and undesireable results whether there is one DC down or not.

============================================================ ==========================================
If one DC is down, why does it not logon to the other DC?

As for the second DC responding, this all depends on the DNS settings on the
client side, as well as if the previous logon server and record was cached.

It will use the second address, but only after a timeout period the client
is waiting for a response from the server. You need to understand how the
client side resolver works. If the query sent to the first entry in the DNS
list responds with an NXDOMAIN response, meaning it is an actual response,
but there is no record from the server it asked, then it will look no
further because it is a response. however if it receives a NULL response,
meaning the DNS server is down and there is no response, it will remove the
first entry from the 'eligible resolvers list' for a certain amount of time
(depending on the OS version and SP level), then send the query to the
second one. However, if the record is already cached, it won' even ask the
first entry. Hence why the possibility that the client machine is asking a
DC that is down.

As I mentioned, this is ALL based on the client side resolver, not the DNS
server. This time out period can be perceived as by someone sitting there
waiting as 'it's not working' because it appears to be taking so long. Also,
if it is already cached locally by the client side service, it will not ask
and will send the connection request to the cached record, which if it is
the server that is down, then it can't connect anyway, and no response, but
you may be sitting there expecting it to go to the other DC that is up. The
way to reset the list is to restart the DHCP Client service (not the DHCP
server) on the workstation, and the way to delete the cache on the client is
to run ipconfig /flushdns, or simply restart the machine.

I hope that makes sense.
============================================================ ==========================================

Ace
More info- DC question - Single point of failure? [message #157247 is a reply to message #157194] Thu, 02 July 2009 18:08 Go to previous messageGo to next message
Jordan  is currently offline Jordan  Norway
Messages: 66
Registered: July 2009
Member
Thanks for all answers so far.

More info:
This is a Single Domain Forest.
Booth W2K3 DC's have DNS, GC & single NIC.
Primary DNS entry on each DC point to the other DC, Cross pointing.
Windows XP clients.
Dcdiag looks good, no errors.

Jordan
Re: More info- DC question - Single point of failure? [message #157250 is a reply to message #157247] Thu, 02 July 2009 19:34 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Jordan" wrote in message news:jlbq459sub0qc7t3egtp9arve7f1engiar@4ax.com...
>
> Thanks for all answers so far.
>
> More info:
> This is a Single Domain Forest.
> Booth W2K3 DC's have DNS, GC & single NIC.
> Primary DNS entry on each DC point to the other DC, Cross pointing.
> Windows XP clients.
> Dcdiag looks good, no errors.
>
> Jordan


Jordan,

Best practice is point to itself as the first DNS entry, the partner as the second. As for your original question, I hope my explanation gives light on how it works. The best thing is if one does go down for any length of time, is to change DHCP Scope Option 006 so it only offers the DNS IP of the server that is up.

Ace
Re: More info- DC question - Single point of failure? [message #157256 is a reply to message #157247] Fri, 03 July 2009 03:06 Go to previous message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello Jordan,

What about DNS ont eh XP machines, does they have both DNS servers on the
NIC?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Thanks for all answers so far.
>
> More info:
> This is a Single Domain Forest.
> Booth W2K3 DC's have DNS, GC & single NIC.
> Primary DNS entry on each DC point to the other DC, Cross pointing.
> Windows XP clients.
> Dcdiag looks good, no errors.
> Jordan
>
Previous Topic:2008 DC wbadmin
Next Topic:WSUS question
Goto Forum:
  


Current Time: Sat Oct 21 18:50:44 EDT 2017

Total time taken to generate the page: 0.03694 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software