Logging on when WAN link is down

  • Thread starter Thread starter Pacman
  • Start date Start date
P

Pacman

We are running a single domain AD across 16 sites, with a domain controller
and global catalogue in each site.

We have a problem: if a site's WAN link goes down, no one can log on; the
error on the client says "Domain is not available". The clients DNS points
to the local domain controller. The DNS of the domain controller points to
the DNS server at head office which is at the other end of the link. We
have to wait for the link to come back up before anyone can log on.

Why does this happen? I understood AD to not care about other sites, as
long as there was a DC and a GC in a remote site. IS there something that I
am doing wrong?

Your help is greatly appreciated.

Paul.
 
From what you describe it sounds like an issue with DNS when the WAN link
goes down.
The clients DNS points
to the local domain controller. The DNS of the domain controller points to
the DNS server at head office which is at the other end of the link. We
have to wait for the link to come back up before anyone can log on.
Click to expand...

Are you running DNS on your domain controllers at the remote sites? If so,
it would be good to point the DC to itself for DNS. You also would want the
DNS server on the DC at the remote sites to get updates from the DNS at the
main office. Doing that should help if the WAN link goes dow. Then DNS is
still available to the DC.

Jeff
 
Are you running DNS on your domain controllers at the remote sites? If so,
it would be good to point the DC to itself for DNS. You also would want the
DNS server on the DC at the remote sites to get updates from the DNS at the
main office. Doing that should help if the WAN link goes dow. Then DNS is
still available to the DC.
Click to expand...
AIUI you shouldn't point a DC DNS to itself as this can cuase problems at
startup, as some services may start that require DNS before the DNS service
has started. Am I wrong?
 
Perhaps others can comment on this. . .But at our remote sites, I have DCs
configured as DNS servers as well. For primary DNS server they point to
themselves and secondary points back to our main site DNS server. So far it
has worked well.
 
Pacman,

If you have two DCs that are running Active Directory Integrated DNS ( aka
Dynamic DNS or DDNS ) then you should set it up as follows:

DC1

DC2
DC1


DC2

DC1
DC2


So, you should always point a DC to the internal DNS Servers ( as with all
WIN2000+ computers in your network ).
If running DDNS then you have to point the DCs to themselves. If you have
multiple DDNS Servers then you want to avoid the "isolated island"
situation.

BTW - Ace Fekay is the "owner" of this diagram. I saw his response to a
similar post and think that it sums up everything nicely!

Cary
 
Back
Top