Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Logon issues when local DC goes down
Logon issues when local DC goes down [message #389953] Fri, 12 February 2010 04:49 Go to next message
Sams2  is currently offline Sams2  United States
Messages: 4
Registered: February 2010
Junior Member
All,
In my current project, I am evaluating the AD environment with Microsoft guy
for upgrade.
Currently client has 70 locations world-wide with HQ in US. All the
locations are configured as sites and their network segment as subnet. Each
site has manually created two connection objects(KCC is disabled) to
Datacenter1 and Datacenter2. The client wants that each site DC must
replicate to and from HQ DCs, that is why they created manual connections.
There is one sitelink from the site to Datacenter1 or Datacenter2. Physical
network is MPLS in mess topology that each and every location is reachable
from each other.
Now the biggest problem is, when a DC goes down in site location, users in
that site are authenticated by the DC located in other site, which very much
slowdown the logon process.
My Questions are:
1. When a DC goes down in a site location, what is the logon process.
2. In that case. how users find the closest DC, during the logon
3. Since there is sitelink with default cost, why users are not being
authenticated by HQ, when DC failed at a location?
4. How can I make sites users to be authenticated by HQ DC only if thier
local DC goes down?

I will appreciated you can answer in the context of the above scenerio.

thanks to all

Sams
Re: Logon issues when local DC goes down [message #389956 is a reply to message #389953] Fri, 12 February 2010 05:09 Go to previous messageGo to next message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello Sams2,

See this article from Jorge about the DCLocator process and what you can do:
http://blogs.dirteam.com/blogs/jorge/search.aspx?q=locator&a mp;p=1

Should answer all questions.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> All,
> In my current project, I am evaluating the AD environment with
> Microsoft guy
> for upgrade.
> Currently client has 70 locations world-wide with HQ in US. All the
> locations are configured as sites and their network segment as subnet.
> Each
> site has manually created two connection objects(KCC is disabled) to
> Datacenter1 and Datacenter2. The client wants that each site DC must
> replicate to and from HQ DCs, that is why they created manual
> connections.
> There is one sitelink from the site to Datacenter1 or Datacenter2.
> Physical
> network is MPLS in mess topology that each and every location is
> reachable
> from each other.
> Now the biggest problem is, when a DC goes down in site location,
> users in
> that site are authenticated by the DC located in other site, which
> very much
> slowdown the logon process.
> My Questions are:
> 1. When a DC goes down in a site location, what is the logon process.
> 2. In that case. how users find the closest DC, during the logon
> 3. Since there is sitelink with default cost, why users are not being
> authenticated by HQ, when DC failed at a location?
> 4. How can I make sites users to be authenticated by HQ DC only if
> thier
> local DC goes down?
> I will appreciated you can answer in the context of the above
> scenerio.
>
> thanks to all
>
> Sams
>
Re: Logon issues when local DC goes down [message #389990 is a reply to message #389953] Fri, 12 February 2010 06:24 Go to previous messageGo to next message
pbbergs  is currently offline pbbergs  United States
Messages: 1024
Registered: July 2009
Senior Member
Meinolf is correct on Jorge's article, it is very detailed and articulate.
Couple of things verify that you have your sites defined properly. One way
to verify is to go the HQ dc's and look at each of the netlogon.log files.

start notepad.exe C:\WINDOWS\Debug\Netlogon.log

This log will detail the subnets that aren't defined in your Enterprise.

Next what about DNS. Do you have a second dns server defined at your remote
sites that points to your HQ? This would probably be a good fault tolerant
step, that way if you lose a local dc/dns server (Making assumption on
Integrated DNS) the client has to have access to a dns server as well.

Also which server's are Global Catalog servers? DO you have enough of these
available?

Bandwidth between sites?

We have a near scenario that you have, we don't want remote sites using
other remote sites to logon so we don't allow remote sites to advertise
outside of their site for availability to authenticate. Checko out an
article I have on this, maybe it will help.

http://www.pbbergs.com/windows/articles.htm
Select Prevent DC's from Registering Service Records

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Sams2" <sams2@newsgroup.com> wrote in message
news:%23Qmq0l9qKHA.6064@TK2MSFTNGP02.phx.gbl...
> All,
> In my current project, I am evaluating the AD environment with Microsoft
> guy for upgrade.
> Currently client has 70 locations world-wide with HQ in US. All the
> locations are configured as sites and their network segment as subnet.
> Each site has manually created two connection objects(KCC is disabled) to
> Datacenter1 and Datacenter2. The client wants that each site DC must
> replicate to and from HQ DCs, that is why they created manual connections.
> There is one sitelink from the site to Datacenter1 or Datacenter2.
> Physical network is MPLS in mess topology that each and every location is
> reachable from each other.
> Now the biggest problem is, when a DC goes down in site location, users in
> that site are authenticated by the DC located in other site, which very
> much slowdown the logon process.
> My Questions are:
> 1. When a DC goes down in a site location, what is the logon process.
> 2. In that case. how users find the closest DC, during the logon
> 3. Since there is sitelink with default cost, why users are not being
> authenticated by HQ, when DC failed at a location?
> 4. How can I make sites users to be authenticated by HQ DC only if thier
> local DC goes down?
>
> I will appreciated you can answer in the context of the above scenerio.
>
> thanks to all
>
> Sams
Re: Logon issues when local DC goes down [message #390103 is a reply to message #389953] Fri, 12 February 2010 09:07 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Sams2" <sams2@newsgroup.com> wrote in message
news:%23Qmq0l9qKHA.6064@TK2MSFTNGP02.phx.gbl...
> All,
> In my current project, I am evaluating the AD environment with Microsoft
> guy for upgrade.
> Currently client has 70 locations world-wide with HQ in US. All the
> locations are configured as sites and their network segment as subnet.
> Each site has manually created two connection objects(KCC is disabled) to
> Datacenter1 and Datacenter2. The client wants that each site DC must
> replicate to and from HQ DCs, that is why they created manual connections.
> There is one sitelink from the site to Datacenter1 or Datacenter2.
> Physical network is MPLS in mess topology that each and every location is
> reachable from each other.
> Now the biggest problem is, when a DC goes down in site location, users in
> that site are authenticated by the DC located in other site, which very
> much slowdown the logon process.
> My Questions are:
> 1. When a DC goes down in a site location, what is the logon process.
> 2. In that case. how users find the closest DC, during the logon
> 3. Since there is sitelink with default cost, why users are not being
> authenticated by HQ, when DC failed at a location?
> 4. How can I make sites users to be authenticated by HQ DC only if thier
> local DC goes down?
>
> I will appreciated you can answer in the context of the above scenerio.
>
> thanks to all
>
> Sams


I have to agree with Paul and Meinolf. Jorge's article explains it, and I
think Paul's method hits the spot with this. You can control (juggle)
weights and priorities with the Netlogon service, but that would have to be
done on all DCs, and is quite a mess doing it that way.

You have to also keep in mind how the client side DNS resolution process
plays a role in this, too, as well as how Outlook and Exchange works. I have
info on this, if you like to look at it, too.

DNS, WINS & the Client Side Resolver, NetBIOS, Browser Service, Disabling
NetBIOS, Direct Hosted SMB (DirectSMB), If One DC is Down,

Does a Client logon to Another DC, and DNS Forwarders Algorithm
http://msmvps.com/blogs/acefekay/archive/2009/11/29/dns-wins -netbios-amp-the-client-side-resolver-browser-service-disabl ing-netbios-direct-hosted-smb-directsmb-if-one-dc-is-down-do es-a-client-logon-to-another-dc-and-dns-forwarders-algorithm .aspx

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services

If you feel this is an urgent issue and require immediate assistance, please
contact Microsoft PSS directly. Please check http://support.microsoft.com
for regional support phone numbers.
Re: Logon issues when local DC goes down [message #390128 is a reply to message #390103] Fri, 12 February 2010 09:42 Go to previous messageGo to next message
KevinJ.SBS  is currently offline KevinJ.SBS  United States
Messages: 653
Registered: July 2009
Senior Member
Ace Fekay [MVP-DS, MCT] wrote:
> "Sams2" <sams2@newsgroup.com> wrote in message
> news:%23Qmq0l9qKHA.6064@TK2MSFTNGP02.phx.gbl...
>> All,
>> In my current project, I am evaluating the AD environment with
>> Microsoft guy for upgrade.
>> Currently client has 70 locations world-wide with HQ in US. All the
>> locations are configured as sites and their network segment as
>> subnet. Each site has manually created two connection objects(KCC is
>> disabled) to Datacenter1 and Datacenter2. The client wants that
>> each site DC must replicate to and from HQ DCs, that is why they
>> created manual connections. There is one sitelink from the site to
>> Datacenter1 or Datacenter2. Physical network is MPLS in mess
>> topology that each and every location is reachable from each other.
>> Now the biggest problem is, when a DC goes down in site location,
>> users in that site are authenticated by the DC located in other
>> site, which very much slowdown the logon process.
>> My Questions are:
>> 1. When a DC goes down in a site location, what is the logon process.
>> 2. In that case. how users find the closest DC, during the logon
>> 3. Since there is sitelink with default cost, why users are not being
>> authenticated by HQ, when DC failed at a location?
>> 4. How can I make sites users to be authenticated by HQ DC only if
>> thier local DC goes down?
>>
>> I will appreciated you can answer in the context of the above
>> scenerio. thanks to all
>>
>> Sams
>
>
> I have to agree with Paul and Meinolf. Jorge's article explains it,
> and I think Paul's method hits the spot with this. You can control
> (juggle) weights and priorities with the Netlogon service, but that
> would have to be done on all DCs, and is quite a mess doing it that
> way.
> You have to also keep in mind how the client side DNS resolution
> process plays a role in this, too, as well as how Outlook and
> Exchange works. I have info on this, if you like to look at it, too.
>
> DNS, WINS & the Client Side Resolver, NetBIOS, Browser Service,
> Disabling NetBIOS, Direct Hosted SMB (DirectSMB), If One DC is Down,
>
> Does a Client logon to Another DC, and DNS Forwarders Algorithm
> http://msmvps.com/blogs/acefekay/archive/2009/11/29/dns-wins -netbios-amp-the-client-side-resolver-browser-service-disabl ing-netbios-direct-hosted-smb-directsmb-if-one-dc-is-down-do es-a-client-logon-to-another-dc-and-dns-forwarders-algorithm .aspx

btw Ace, as I recall you'd done a lot of work with Outlook and DC down
conditions. Did you happen to see the recent KB on Outllook and GC's now
with a 'fix-it' for me?

http://support.microsoft.com/default.aspx/kb/319206


--
/kj
Re: Logon issues when local DC goes down [message #390156 is a reply to message #390128] Fri, 12 February 2010 10:28 Go to previous messageGo to next message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello kj [SBS MVP],

That's a nice "Fix it", didn't see it until today. :-)

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Ace Fekay [MVP-DS, MCT] wrote:
>
>> "Sams2" <sams2@newsgroup.com> wrote in message
>> news:%23Qmq0l9qKHA.6064@TK2MSFTNGP02.phx.gbl...
>>> All,
>>> In my current project, I am evaluating the AD environment with
>>> Microsoft guy for upgrade.
>>> Currently client has 70 locations world-wide with HQ in US. All the
>>> locations are configured as sites and their network segment as
>>> subnet. Each site has manually created two connection objects(KCC is
>>> disabled) to Datacenter1 and Datacenter2. The client wants that
>>> each site DC must replicate to and from HQ DCs, that is why they
>>> created manual connections. There is one sitelink from the site to
>>> Datacenter1 or Datacenter2. Physical network is MPLS in mess
>>> topology that each and every location is reachable from each other.
>>> Now the biggest problem is, when a DC goes down in site location,
>>> users in that site are authenticated by the DC located in other
>>> site, which very much slowdown the logon process.
>>> My Questions are:
>>> 1. When a DC goes down in a site location, what is the logon
>>> process.
>>> 2. In that case. how users find the closest DC, during the logon
>>> 3. Since there is sitelink with default cost, why users are not
>>> being
>>> authenticated by HQ, when DC failed at a location?
>>> 4. How can I make sites users to be authenticated by HQ DC only if
>>> thier local DC goes down?
>>> I will appreciated you can answer in the context of the above
>>> scenerio. thanks to all
>>>
>>> Sams
>>>
>> I have to agree with Paul and Meinolf. Jorge's article explains it,
>> and I think Paul's method hits the spot with this. You can control
>> (juggle) weights and priorities with the Netlogon service, but that
>> would have to be done on all DCs, and is quite a mess doing it that
>> way.
>> You have to also keep in mind how the client side DNS resolution
>> process plays a role in this, too, as well as how Outlook and
>> Exchange works. I have info on this, if you like to look at it, too.
>> DNS, WINS & the Client Side Resolver, NetBIOS, Browser Service,
>> Disabling NetBIOS, Direct Hosted SMB (DirectSMB), If One DC is Down,
>>
>> Does a Client logon to Another DC, and DNS Forwarders Algorithm
>>
>> http://msmvps.com/blogs/acefekay/archive/2009/11/29/dns-wins -netbios-
>> amp-the-client-side-resolver-browser-service-disabling-netbi os-direct
>> -hosted-smb-directsmb-if-one-dc-is-down-does-a-client-logon- to-anothe
>> r-dc-and-dns-forwarders-algorithm.aspx
>>
> btw Ace, as I recall you'd done a lot of work with Outlook and DC down
> conditions. Did you happen to see the recent KB on Outllook and GC's
> now with a 'fix-it' for me?
>
> http://support.microsoft.com/default.aspx/kb/319206
>
Re: Logon issues when local DC goes down [message #390171 is a reply to message #390156] Fri, 12 February 2010 10:46 Go to previous messageGo to next message
KevinJ.SBS  is currently offline KevinJ.SBS  United States
Messages: 653
Registered: July 2009
Senior Member
I think it will help with some problem sites. Honestly a bit surprised this
wasn't the Outlook way all along.

Meinolf Weber [MVP-DS] wrote:
> Hello kj [SBS MVP],
>
> That's a nice "Fix it", didn't see it until today. :-)
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
>> Ace Fekay [MVP-DS, MCT] wrote:
>>
>>> "Sams2" <sams2@newsgroup.com> wrote in message
>>> news:%23Qmq0l9qKHA.6064@TK2MSFTNGP02.phx.gbl...
>>>> All,
>>>> In my current project, I am evaluating the AD environment with
>>>> Microsoft guy for upgrade.
>>>> Currently client has 70 locations world-wide with HQ in US. All the
>>>> locations are configured as sites and their network segment as
>>>> subnet. Each site has manually created two connection objects(KCC
>>>> is disabled) to Datacenter1 and Datacenter2. The client wants that
>>>> each site DC must replicate to and from HQ DCs, that is why they
>>>> created manual connections. There is one sitelink from the site to
>>>> Datacenter1 or Datacenter2. Physical network is MPLS in mess
>>>> topology that each and every location is reachable from each other.
>>>> Now the biggest problem is, when a DC goes down in site location,
>>>> users in that site are authenticated by the DC located in other
>>>> site, which very much slowdown the logon process.
>>>> My Questions are:
>>>> 1. When a DC goes down in a site location, what is the logon
>>>> process.
>>>> 2. In that case. how users find the closest DC, during the logon
>>>> 3. Since there is sitelink with default cost, why users are not
>>>> being
>>>> authenticated by HQ, when DC failed at a location?
>>>> 4. How can I make sites users to be authenticated by HQ DC only if
>>>> thier local DC goes down?
>>>> I will appreciated you can answer in the context of the above
>>>> scenerio. thanks to all
>>>>
>>>> Sams
>>>>
>>> I have to agree with Paul and Meinolf. Jorge's article explains it,
>>> and I think Paul's method hits the spot with this. You can control
>>> (juggle) weights and priorities with the Netlogon service, but that
>>> would have to be done on all DCs, and is quite a mess doing it that
>>> way.
>>> You have to also keep in mind how the client side DNS resolution
>>> process plays a role in this, too, as well as how Outlook and
>>> Exchange works. I have info on this, if you like to look at it, too.
>>> DNS, WINS & the Client Side Resolver, NetBIOS, Browser Service,
>>> Disabling NetBIOS, Direct Hosted SMB (DirectSMB), If One DC is Down,
>>>
>>> Does a Client logon to Another DC, and DNS Forwarders Algorithm
>>>
>>> http://msmvps.com/blogs/acefekay/archive/2009/11/29/dns-wins -netbios-
>>> amp-the-client-side-resolver-browser-service-disabling-netbi os-direct
>>> -hosted-smb-directsmb-if-one-dc-is-down-does-a-client-logon- to-anothe
>>> r-dc-and-dns-forwarders-algorithm.aspx
>>>
>> btw Ace, as I recall you'd done a lot of work with Outlook and DC
>> down conditions. Did you happen to see the recent KB on Outllook and
>> GC's now with a 'fix-it' for me?
>>
>> http://support.microsoft.com/default.aspx/kb/319206

--
/kj
Re: Logon issues when local DC goes down [message #390535 is a reply to message #389990] Fri, 12 February 2010 19:58 Go to previous messageGo to next message
Sams2  is currently offline Sams2  United States
Messages: 4
Registered: February 2010
Junior Member
Hi Paul,
All the domain controllers are DNS and GC servers. Sites and Subnets are
clearly defined. There is no additional domain controller/DNS at remote
site. Users are having local DC/DNS as preferred DNS and HQ DNS as Secondary
DNS. Each remote site and two connections pointing to two different
datacenters.
All DNS zones are AD ingrated. Its randomly happenes when users are being
authenticated by a DC located at diffrent locations. Whole network is high
speed MPLS so bandwidth is not a issue.

thanks
Sam

--

"Paul Bergson [MVP-DS]" <pbbergs@no_spammsn.com> wrote in message
news:OwSA6a%23qKHA.728@TK2MSFTNGP04.phx.gbl...
> Meinolf is correct on Jorge's article, it is very detailed and articulate.
> Couple of things verify that you have your sites defined properly. One
> way to verify is to go the HQ dc's and look at each of the netlogon.log
> files.
>
> start notepad.exe C:\WINDOWS\Debug\Netlogon.log
>
> This log will detail the subnets that aren't defined in your Enterprise.
>
> Next what about DNS. Do you have a second dns server defined at your
> remote sites that points to your HQ? This would probably be a good fault
> tolerant step, that way if you lose a local dc/dns server (Making
> assumption on Integrated DNS) the client has to have access to a dns
> server as well.
>
> Also which server's are Global Catalog servers? DO you have enough of
> these available?
>
> Bandwidth between sites?
>
> We have a near scenario that you have, we don't want remote sites using
> other remote sites to logon so we don't allow remote sites to advertise
> outside of their site for availability to authenticate. Checko out an
> article I have on this, maybe it will help.
>
> http://www.pbbergs.com/windows/articles.htm
> Select Prevent DC's from Registering Service Records
>
> --
> Paul Bergson
> MVP - Directory Services
> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
> 2008, 2003, 2000 (Early Achiever), NT4
> Microsoft's Thrive IT Pro of the Month - June 2009
>
> http://www.pbbergs.com
>
> Please no e-mails, any questions should be posted in the NewsGroup This
> posting is provided "AS IS" with no warranties, and confers no rights.
>
> "Sams2" <sams2@newsgroup.com> wrote in message
> news:%23Qmq0l9qKHA.6064@TK2MSFTNGP02.phx.gbl...
>> All,
>> In my current project, I am evaluating the AD environment with Microsoft
>> guy for upgrade.
>> Currently client has 70 locations world-wide with HQ in US. All the
>> locations are configured as sites and their network segment as subnet.
>> Each site has manually created two connection objects(KCC is disabled) to
>> Datacenter1 and Datacenter2. The client wants that each site DC must
>> replicate to and from HQ DCs, that is why they created manual
>> connections. There is one sitelink from the site to Datacenter1 or
>> Datacenter2. Physical network is MPLS in mess topology that each and
>> every location is reachable from each other.
>> Now the biggest problem is, when a DC goes down in site location, users
>> in that site are authenticated by the DC located in other site, which
>> very much slowdown the logon process.
>> My Questions are:
>> 1. When a DC goes down in a site location, what is the logon process.
>> 2. In that case. how users find the closest DC, during the logon
>> 3. Since there is sitelink with default cost, why users are not being
>> authenticated by HQ, when DC failed at a location?
>> 4. How can I make sites users to be authenticated by HQ DC only if thier
>> local DC goes down?
>>
>> I will appreciated you can answer in the context of the above scenerio.
>>
>> thanks to all
>>
>> Sams
>
>
Re: Logon issues when local DC goes down [message #390536 is a reply to message #390103] Fri, 12 February 2010 20:03 Go to previous messageGo to next message
Sams2  is currently offline Sams2  United States
Messages: 4
Registered: February 2010
Junior Member
Ace,
thanks for reply. We dont have Exchange in our environment.
Thats a good point to go through the Netlogon.log file starting from the
site which has showed the said problem.

I can not open the link you pasted in your reply.

thanks a lot
--

"Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in message
news:uXodA2$qKHA.6140@TK2MSFTNGP05.phx.gbl...
> "Sams2" <sams2@newsgroup.com> wrote in message
> news:%23Qmq0l9qKHA.6064@TK2MSFTNGP02.phx.gbl...
>> All,
>> In my current project, I am evaluating the AD environment with Microsoft
>> guy for upgrade.
>> Currently client has 70 locations world-wide with HQ in US. All the
>> locations are configured as sites and their network segment as subnet.
>> Each site has manually created two connection objects(KCC is disabled) to
>> Datacenter1 and Datacenter2. The client wants that each site DC must
>> replicate to and from HQ DCs, that is why they created manual
>> connections. There is one sitelink from the site to Datacenter1 or
>> Datacenter2. Physical network is MPLS in mess topology that each and
>> every location is reachable from each other.
>> Now the biggest problem is, when a DC goes down in site location, users
>> in that site are authenticated by the DC located in other site, which
>> very much slowdown the logon process.
>> My Questions are:
>> 1. When a DC goes down in a site location, what is the logon process.
>> 2. In that case. how users find the closest DC, during the logon
>> 3. Since there is sitelink with default cost, why users are not being
>> authenticated by HQ, when DC failed at a location?
>> 4. How can I make sites users to be authenticated by HQ DC only if thier
>> local DC goes down?
>>
>> I will appreciated you can answer in the context of the above scenerio.
>>
>> thanks to all
>>
>> Sams
>
>
> I have to agree with Paul and Meinolf. Jorge's article explains it, and I
> think Paul's method hits the spot with this. You can control (juggle)
> weights and priorities with the Netlogon service, but that would have to
> be done on all DCs, and is quite a mess doing it that way.
>
> You have to also keep in mind how the client side DNS resolution process
> plays a role in this, too, as well as how Outlook and Exchange works. I
> have info on this, if you like to look at it, too.
>
> DNS, WINS & the Client Side Resolver, NetBIOS, Browser Service, Disabling
> NetBIOS, Direct Hosted SMB (DirectSMB), If One DC is Down,
>
> Does a Client logon to Another DC, and DNS Forwarders Algorithm
> http://msmvps.com/blogs/acefekay/archive/2009/11/29/dns-wins -netbios-amp-the-client-side-resolver-browser-service-disabl ing-netbios-direct-hosted-smb-directsmb-if-one-dc-is-down-do es-a-client-logon-to-another-dc-and-dns-forwarders-algorithm .aspx
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Please reply back to the newsgroup or forum for collaboration benefit
> among responding engineers, and to help others benefit from your
> resolution.
>
> Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
> MCSA 2003/2000, MCSA Messaging 2003
> Microsoft Certified Trainer
> Microsoft MVP - Directory Services
>
> If you feel this is an urgent issue and require immediate assistance,
> please contact Microsoft PSS directly. Please check
> http://support.microsoft.com for regional support phone numbers.
>
>
Re: Logon issues when local DC goes down [message #390661 is a reply to message #389956] Sat, 13 February 2010 05:02 Go to previous messageGo to next message
Sams2  is currently offline Sams2  United States
Messages: 4
Registered: February 2010
Junior Member
I must say everything is there in Jorge document what I am looking for.

thanks to all

--

"Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
news:6cb2911dd7038cc79fbce953deb@msnews.microsoft.com...
> Hello Sams2,
>
> See this article from Jorge about the DCLocator process and what you can
> do:
> http://blogs.dirteam.com/blogs/jorge/search.aspx?q=locator&a mp;p=1
>
> Should answer all questions.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> All,
>> In my current project, I am evaluating the AD environment with
>> Microsoft guy
>> for upgrade.
>> Currently client has 70 locations world-wide with HQ in US. All the
>> locations are configured as sites and their network segment as subnet.
>> Each
>> site has manually created two connection objects(KCC is disabled) to
>> Datacenter1 and Datacenter2. The client wants that each site DC must
>> replicate to and from HQ DCs, that is why they created manual
>> connections.
>> There is one sitelink from the site to Datacenter1 or Datacenter2.
>> Physical
>> network is MPLS in mess topology that each and every location is
>> reachable
>> from each other.
>> Now the biggest problem is, when a DC goes down in site location,
>> users in
>> that site are authenticated by the DC located in other site, which
>> very much
>> slowdown the logon process.
>> My Questions are:
>> 1. When a DC goes down in a site location, what is the logon process.
>> 2. In that case. how users find the closest DC, during the logon
>> 3. Since there is sitelink with default cost, why users are not being
>> authenticated by HQ, when DC failed at a location?
>> 4. How can I make sites users to be authenticated by HQ DC only if
>> thier
>> local DC goes down?
>> I will appreciated you can answer in the context of the above
>> scenerio.
>>
>> thanks to all
>>
>> Sams
>>
>
>
Re: Logon issues when local DC goes down [message #390811 is a reply to message #390661] Sat, 13 February 2010 10:50 Go to previous messageGo to next message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello Sams2,

He is indeed great with his articles.:-)

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> I must say everything is there in Jorge document what I am looking
> for.
>
> thanks to all
>
Re: Logon issues when local DC goes down [message #391167 is a reply to message #390536] Sun, 14 February 2010 00:13 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Sams2" <sams2@newsgroup.com> wrote in message
news:OH72ckFrKHA.3536@TK2MSFTNGP06.phx.gbl...
> Ace,
> thanks for reply. We dont have Exchange in our environment.
> Thats a good point to go through the Netlogon.log file starting from the
> site which has showed the said problem.
>
> I can not open the link you pasted in your reply.
>
> thanks a lot
> --
>


Hi Sams,

The word wrap may truncated the URL. Try this:
http://tinyurl.com/yzdfmxk

Ace
Re: Logon issues when local DC goes down [message #391168 is a reply to message #390171] Sun, 14 February 2010 00:17 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"kj [SBS MVP]" <KevinJ.SBS@SPAMFREE.gmail.com> wrote in message
news:%23dfGQtArKHA.728@TK2MSFTNGP04.phx.gbl...
>I think it will help with some problem sites. Honestly a bit surprised this
>wasn't the Outlook way all along.

I was aware of this registry entry, but I've never used it. Nice to know it
turrned into a "fix it." The only qualms I have about it, is Outlook is
being forced. Just for a downed DC scenario? Once the link is up again,
Outlook will reconnect. But if the line goes down for lengthy periods, I
would look into another ISP.

Ace
Re: Logon issues when local DC goes down [message #397119 is a reply to message #390535] Mon, 22 February 2010 06:29 Go to previous message
pbbergs  is currently offline pbbergs  United States
Messages: 1024
Registered: July 2009
Senior Member
Been gone for a week. Did you check the log file and if so what was the
feedback from it?


--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Sams2" <sams2@newsgroup.com> wrote in message
news:OYYm4hFrKHA.3908@TK2MSFTNGP05.phx.gbl...
> Hi Paul,
> All the domain controllers are DNS and GC servers. Sites and Subnets are
> clearly defined. There is no additional domain controller/DNS at remote
> site. Users are having local DC/DNS as preferred DNS and HQ DNS as
> Secondary DNS. Each remote site and two connections pointing to two
> different datacenters.
> All DNS zones are AD ingrated. Its randomly happenes when users are being
> authenticated by a DC located at diffrent locations. Whole network is high
> speed MPLS so bandwidth is not a issue.
>
> thanks
> Sam
>
> --
>
> "Paul Bergson [MVP-DS]" <pbbergs@no_spammsn.com> wrote in message
> news:OwSA6a%23qKHA.728@TK2MSFTNGP04.phx.gbl...
>> Meinolf is correct on Jorge's article, it is very detailed and
>> articulate. Couple of things verify that you have your sites defined
>> properly. One way to verify is to go the HQ dc's and look at each of the
>> netlogon.log files.
>>
>> start notepad.exe C:\WINDOWS\Debug\Netlogon.log
>>
>> This log will detail the subnets that aren't defined in your Enterprise.
>>
>> Next what about DNS. Do you have a second dns server defined at your
>> remote sites that points to your HQ? This would probably be a good fault
>> tolerant step, that way if you lose a local dc/dns server (Making
>> assumption on Integrated DNS) the client has to have access to a dns
>> server as well.
>>
>> Also which server's are Global Catalog servers? DO you have enough of
>> these available?
>>
>> Bandwidth between sites?
>>
>> We have a near scenario that you have, we don't want remote sites using
>> other remote sites to logon so we don't allow remote sites to advertise
>> outside of their site for availability to authenticate. Checko out an
>> article I have on this, maybe it will help.
>>
>> http://www.pbbergs.com/windows/articles.htm
>> Select Prevent DC's from Registering Service Records
>>
>> --
>> Paul Bergson
>> MVP - Directory Services
>> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
>> 2008, 2003, 2000 (Early Achiever), NT4
>> Microsoft's Thrive IT Pro of the Month - June 2009
>>
>> http://www.pbbergs.com
>>
>> Please no e-mails, any questions should be posted in the NewsGroup This
>> posting is provided "AS IS" with no warranties, and confers no rights.
>>
>> "Sams2" <sams2@newsgroup.com> wrote in message
>> news:%23Qmq0l9qKHA.6064@TK2MSFTNGP02.phx.gbl...
>>> All,
>>> In my current project, I am evaluating the AD environment with Microsoft
>>> guy for upgrade.
>>> Currently client has 70 locations world-wide with HQ in US. All the
>>> locations are configured as sites and their network segment as subnet.
>>> Each site has manually created two connection objects(KCC is disabled)
>>> to Datacenter1 and Datacenter2. The client wants that each site DC must
>>> replicate to and from HQ DCs, that is why they created manual
>>> connections. There is one sitelink from the site to Datacenter1 or
>>> Datacenter2. Physical network is MPLS in mess topology that each and
>>> every location is reachable from each other.
>>> Now the biggest problem is, when a DC goes down in site location, users
>>> in that site are authenticated by the DC located in other site, which
>>> very much slowdown the logon process.
>>> My Questions are:
>>> 1. When a DC goes down in a site location, what is the logon process.
>>> 2. In that case. how users find the closest DC, during the logon
>>> 3. Since there is sitelink with default cost, why users are not being
>>> authenticated by HQ, when DC failed at a location?
>>> 4. How can I make sites users to be authenticated by HQ DC only if thier
>>> local DC goes down?
>>>
>>> I will appreciated you can answer in the context of the above scenerio.
>>>
>>> thanks to all
>>>
>>> Sams
>>
>>
>
Previous Topic:Set AD account to never lock out?
Next Topic:Windows 2008 domain and XP not seeing all servers
Goto Forum:
  


Current Time: Tue Jan 16 04:29:32 MST 2018

Total time taken to generate the page: 0.04986 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software