DC issues

  • Thread starter Thread starter CAMC1
  • Start date Start date
C

CAMC1

Hello,

We use windwos 2000 SP4 Active Directory with DC2, and DC3 servers
Both DC is are set to synronize (replicate) with each other having DC3 is
the master catalog holder.

When DC2 goes down, DC3 seem to take care authentication of logon, and all
other services that servers need.
But when DC3 goes down, (if I re-boot) everyone in the network have
logon/disconnect issues where it should not happen.
No even log info for raplication failure on DCs.

Anyone idea why DC2 is not doing the job when DC3 is down?

Thanks
MC
 
Do you have Active Directory integrated DNS zones on both? Do your clients
point to one DC as their preferred DNS server and the other as the
alternate? Is your DNS updated on both DCs?

....kurt
 
Yes, Both DCs are GC and
And yes DNS, DHCP in both
Only servers with fixed IP address uses prefered DNS over the other
workstations, logon to domain, with dynamics IPs

MC
 
Please see if my operation master role settings is appropriate

DC2 Operation Master properties shows as follows

RID TAb
-Opeartion Master=DC3, Transfer of Omeration Master Role DC2
PDC Tab
-Opeartion Master=DC3, Transfer of Omeration Master Role DC2
Infrastructure Tab
-Opeartion Master=DC2, Transfer of Omeration Master Role DC2

DC3 Operation Master properties shows as follows

RID TAb
-Opeartion Master=DC3, Transfer of Omeration Master Role =DC3
PDC Tab
-Opeartion Master=DC3, Transfer of Omeration Master Role DC3
Infrastructure Tab
-Opeartion Master=DC2 Transfer of Omeration Master Role DC3
 
They are both GCs
and clients are set to obtain DNS automatically.
MC

"Jorge de Almeida Pinto [MVP]"
 
one of us is not understanding the other....

you are saying...."clients obtain auto DNS"

please tell what you mean with that...

IMHO I understand that you are saying that clients receive their DNS
information from the DHCP server. Right?

So you have 2 DCs DC1 and DC2 and both DCs are also a DNS servers. The DHCP
server should provide an IP address and several options like DNS Domain
Name, DNS servers, etc.
For the DNS servers, is only ONE DNS server being handed out by DHCP or
both?
If you would type IPCONFIG /ALL do you see the IP of both DNS servers?

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
 
Code them to point specifically to the DNS servers. Don't let them
"default"...

Regards,
Hank Arnold
 
In all clients network TCP/IP settings, clients are configured to obtain IP
addresss and DNS information automatically.
IPCONFIG /ALL information shows both my DNS1 IP and DNS2 IP information
Having PRIMARY WINS Server as DC2 (not sure if I should enable secondary
WINS server as DC1, and wheather this is the issue or not)

So both DCs are visible and both DC are DHCP enabled with IP scope.
Both DC1 and DC2 handles a separate IP range to hand out to clients
(Example: DC1 handles IP like 10.1.20.1 to 10.1.20.200
DC2 handles IP like 10.1.0.1 to 10.1.10.255)
In same Class C subnet 255.255.0.0
I have 1 domain, 1 subnet
No complicated setup.

MC


"Jorge de Almeida Pinto [MVP]"
 
Have you tried manually entering the DNS addresses??? The results could
be helpful in determining where the problem lies. It shouldn't take long
to resolve:

1) Modify the DNS settings on a single workstation
2) Stop the logon service on DC3
3) Test the workstation
4) Start the logon service on DC3
5) Change the settings back (if no difference)

Frankly, I don't trust automatic DNS detection. I have found that
automatic DNS detection isn't always the best. We had a situation
recently where our laptops were not getting updates from the WSUS server
even though they were connected to the network at the same site. Turned
out that it only happened when the laptop was using wireless vs. an
Ethernet cable. Both connections had default detection, but the wireless
only worked with WSUS when I hard coded the DNS addresses.

All our workstations are hard coded for the DNS servers

Regards,
Hank Arnold
 
Hi,

Can each of your client machine able to ping DC2?
Check if DC2 has registered SRV records in DNS.
What are the IP address of your preffered and secondry DNS servers?
Can each of your client machine able to ping them.
Once DC3 is down Just transfer the FSMO roles hosted by DC3 to DC2 (see
if that works).
Also what is the exact error message that you r getting?Kindly let me
know.
Check all the necessary records in DNS.
Try now and revert

Wishing u luck
regards,
Ankit
 
If what you are saying correct, then I should not have any problem with any
of my windows servers,
(especiall my Exchange 2003) where their IPS and DNS IPs are hard coded.

As soon as I re-boot DC1, on my Exchange Server, I see a lot of "LDAP Bind
unscuccessfull on Directory DC1..."
and then MAD.EXE error saying "All Domain Controllers are not responding"
Exchange continues regardless of these errors, but If re-boot DC2, Exchange
totally halts and have to re-boot exchange after.

When I down DC2, my SQL servers also start having problem with domain logon
and authentication issues.

Thanks
MC


Hank Arnold said:
Have you tried manually entering the DNS addresses??? The results could
be helpful in determining where the problem lies. It shouldn't take long
to resolve:

1) Modify the DNS settings on a single workstation
2) Stop the logon service on DC3
3) Test the workstation
4) Start the logon service on DC3
5) Change the settings back (if no difference)

Frankly, I don't trust automatic DNS detection. I have found that
automatic DNS detection isn't always the best. We had a situation
recently where our laptops were not getting updates from the WSUS server
even though they were connected to the network at the same site. Turned
out that it only happened when the laptop was using wireless vs. an
Ethernet cable. Both connections had default detection, but the wireless
only worked with WSUS when I hard coded the DNS addresses.

All our workstations are hard coded for the DNS servers

Regards,
Hank Arnold
In all clients network TCP/IP settings, clients are configured to obtain IP
addresss and DNS information automatically.
IPCONFIG /ALL information shows both my DNS1 IP and DNS2 IP information
Having PRIMARY WINS Server as DC2 (not sure if I should enable secondary
WINS server as DC1, and wheather this is the issue or not)

So both DCs are visible and both DC are DHCP enabled with IP scope.
Both DC1 and DC2 handles a separate IP range to hand out to clients
(Example: DC1 handles IP like 10.1.20.1 to 10.1.20.200
DC2 handles IP like 10.1.0.1 to 10.1.10.255)
In same Class C subnet 255.255.0.0
I have 1 domain, 1 subnet
No complicated setup.

MC


"Jorge de Almeida Pinto [MVP]"
Click to expand...
------------------------------------------------------------------------- -
----------------
Click to expand...
------------------------------------------------------------------------- -
----------------
Click to expand...
------------------------------------------------------------------------- -
----------------
GC are on both DC
clients obtain auto DNS

"Jorge de Almeida Pinto [MVP]"
for both DNS servers?

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------
Click to expand...
-
-
----------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
------------------------------------------------------------------------
Click to expand...
-
- -
-
----------------
They are both GCs
and clients are set to obtain DNS automatically.
MC

"Jorge de Almeida Pinto [MVP]"
message
and make sure the clients and the servers point to both DNS servers

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
-----------------------------------------------------------------------
Click to expand...
-
-
-
----------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
-----------------------------------------------------------------------
Click to expand...
-
-
-
Click to expand...
-
-
-
----------------
"Jorge de Almeida Pinto [MVP]"
message
make sure BOTH DCs are a GC
make sure both DCs host DNS

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)-->
http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
-----------------------------------------------------------------------
Click to expand...
-
-
-
----------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
-----------------------------------------------------------------------
Click to expand...
-
-
-
Click to expand...
-
-
-
----------------
Hello,

We use windwos 2000 SP4 Active Directory with DC2, and DC3 servers
Both DC is are set to synronize (replicate) with each other having
DC3
is
the master catalog holder.

When DC2 goes down, DC3 seem to take care authentication of logon,
and
all
other services that servers need.
But when DC3 goes down, (if I re-boot) everyone in the network have
logon/disconnect issues where it should not happen.
No even log info for raplication failure on DCs.

Anyone idea why DC2 is not doing the job when DC3 is down?

Thanks
MC
Click to expand...
Click to expand...
Click to expand...
 
Yes, every client can ping DC2
Both DC are registered in DNS, workstations do not use preferred DNS, but
Servers do.
Error message is from workstations are usually logon failure to Domain, then
it will either logg peple to workstation with their cashed account.

I have so called 2 MCSEs who looked at issue, could not figured it out so
far.
Thanks
MC
 
Wht do you mean by "workstations do not use preferred DNS"? ALL Domain
computers - Workstations and Servers - MUST use the local Active Directory
DNS server(s) as their ONLY DNS server(s).

....kurt
 
please read my previous answer to same question,
(Do you guys hard code DNS IP to each workstation PCs, like if you have more
then 200PC on the LAN?)

MC
 
How do you manage more then 200 workstations + 200 LAN devices like
switches, printers, ... on a LAN if you hard code on each workstation?

That would not be best way for LANs having 1000 + devices on LAN

MC
Hank Arnold said:
Have you tried manually entering the DNS addresses??? The results could
be helpful in determining where the problem lies. It shouldn't take long
to resolve:

1) Modify the DNS settings on a single workstation
2) Stop the logon service on DC3
3) Test the workstation
4) Start the logon service on DC3
5) Change the settings back (if no difference)

Frankly, I don't trust automatic DNS detection. I have found that
automatic DNS detection isn't always the best. We had a situation
recently where our laptops were not getting updates from the WSUS server
even though they were connected to the network at the same site. Turned
out that it only happened when the laptop was using wireless vs. an
Ethernet cable. Both connections had default detection, but the wireless
only worked with WSUS when I hard coded the DNS addresses.

All our workstations are hard coded for the DNS servers

Regards,
Hank Arnold
In all clients network TCP/IP settings, clients are configured to obtain IP
addresss and DNS information automatically.
IPCONFIG /ALL information shows both my DNS1 IP and DNS2 IP information
Having PRIMARY WINS Server as DC2 (not sure if I should enable secondary
WINS server as DC1, and wheather this is the issue or not)

So both DCs are visible and both DC are DHCP enabled with IP scope.
Both DC1 and DC2 handles a separate IP range to hand out to clients
(Example: DC1 handles IP like 10.1.20.1 to 10.1.20.200
DC2 handles IP like 10.1.0.1 to 10.1.10.255)
In same Class C subnet 255.255.0.0
I have 1 domain, 1 subnet
No complicated setup.

MC


"Jorge de Almeida Pinto [MVP]"
Click to expand...
------------------------------------------------------------------------- -
----------------
Click to expand...
------------------------------------------------------------------------- -
----------------
Click to expand...
------------------------------------------------------------------------- -
----------------
GC are on both DC
clients obtain auto DNS

"Jorge de Almeida Pinto [MVP]"
for both DNS servers?

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------
Click to expand...
-
-
----------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
------------------------------------------------------------------------
Click to expand...
-
- -
-
----------------
They are both GCs
and clients are set to obtain DNS automatically.
MC

"Jorge de Almeida Pinto [MVP]"
message
and make sure the clients and the servers point to both DNS servers

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
-----------------------------------------------------------------------
Click to expand...
-
-
-
----------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
-----------------------------------------------------------------------
Click to expand...
-
-
-
Click to expand...
-
-
-
----------------
"Jorge de Almeida Pinto [MVP]"
message
make sure BOTH DCs are a GC
make sure both DCs host DNS

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)-->
http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
-----------------------------------------------------------------------
Click to expand...
-
-
-
----------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
-----------------------------------------------------------------------
Click to expand...
-
-
-
Click to expand...
-
-
-
----------------
Hello,

We use windwos 2000 SP4 Active Directory with DC2, and DC3 servers
Both DC is are set to synronize (replicate) with each other having
DC3
is
the master catalog holder.

When DC2 goes down, DC3 seem to take care authentication of logon,
and
all
other services that servers need.
But when DC3 goes down, (if I re-boot) everyone in the network have
logon/disconnect issues where it should not happen.
No even log info for raplication failure on DCs.

Anyone idea why DC2 is not doing the job when DC3 is down?

Thanks
MC
Click to expand...
Click to expand...
Click to expand...
 
Back
Top