Multi-Homed Domain Controller

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Need some help on the following:

I am building a control system that uses 2 domain controllers and 33 workstations. All of the workstations are using W2K Professional and the 2 DC are using W2K Advanced Server. I am using a dual ethernet topology for redundancy and they are IP'd 192.168.2.X / 24 and 192.168.3.X / 24. All the machines in the system use Intel S845WD-1E motherboards with dual NIC's and I am using 2 Cisco 2950 48 Port Ethernet switches. There is no cross connect on the two switches and one is configured for subnet 192.168.2.0 and one is configured for subnet 192.168.3.0.

I installed the server O/S on both of the machines that the DC's will reside. I configured DNS on both machines using the first server as the primary DNS and the other as secondary. It appeared that everything was working correct. I could see the records on both machines and would replicate with no problems.

I promoted the first server to Active directory and everything appeared to work.

When I promoted the second server is when my current problem appeared.

1: The Active Directory has not completely replicated. In the event log I am getting the following events:
File Replication Log: Event 13565 stating that file replication cannot be completed. These errors of course started after the DC Promo was attempted.
Directory Service Log: Event 1557 stating that a full replication has not occured.
System Log: Event 16650 Account-Identifier Allocator failed to initialize properly
Application Log: Event 1202 Security policies are pobabagated with warning 0x534: no mapping between account names and security ID were done.

2: I cannot communicate with the second DNS. If I try to replicate, try to demote the second DC now it gives errors it cannot find the forward lookup records.

Anyone have any tips on this problem????
 
Part of the problem here is that multi-homed domain controllers have all
kinds of problems, and as a general rule it is not a good idea to run a
multihomed DC, especially with both adapters on the same subnet.

272294 Active Directory Communication Fails on Multihomed Domain Controllers
http://support.microsoft.com/?id=272294

191611 Symptoms of Multihomed Browsers
http://support.microsoft.com/?id=191611

325641 Cannot Connect in the Active Directory Users and Computers Tool
http://support.microsoft.com/?id=325641

292822 Name Resolution and Connectivity Issues on Windows 2000 Domain
http://support.microsoft.com/?id=292822

These are just of few of the articles that describe issues that arise and
some of the things that can be done to get around some of them. But the
bottom line is multihomed DCs can be a real pain.

--
Curtis Koenig
Support Professional
Microsoft Clustering Technologies Support
MCSA, MCSE, MCSAS, MCSES, CISSP

This posting is provided "AS IS" with no warranties and confers no rights.
Please reply to the newsgroup so that others may benefit. Thanks!

--------------------
From: "=?Utf-8?B?SmltIEJyaWdncw==?=" <[email protected]>
Subject: Multi-Homed Domain Controller
Date: Mon, 27 Oct 2003 11:16:18 -0800

Need some help on the following:
Click to expand...

I am building a control system that uses 2 domain controllers and 33
workstations. All of the workstations are using W2K Professional and the 2
DC are using W2K Advanced Server. I am using a dual ethernet topology for
redundancy and they are IP'd 192.168.2.X / 24 and 192.168.3.X / 24. All
the machines in the system use Intel S845WD-1E motherboards with dual NIC's
and I am using 2 Cisco 2950 48 Port Ethernet switches. There is no cross
connect on the two switches and one is configured for subnet 192.168.2.0
and one is configured for subnet 192.168.3.0.

I installed the server O/S on both of the machines that the DC's will
reside. I configured DNS on both machines using the first server as the
primary DNS and the other as secondary. It appeared that everything was
working correct. I could see the records on both machines and would
replicate with no problems.

I promoted the first server to Active directory and everything appeared to
work.

When I promoted the second server is when my current problem appeared.

1: The Active Directory has not completely replicated. In the event log I
am getting the following events:
File Replication Log: Event 13565 stating that file replication
cannot be completed. These errors of course started after the DC Promo was
attempted.
Directory Service Log: Event 1557 stating that a full replication has
not occured.
System Log: Event 16650 Account-Identifier Allocator failed to
initialize properly
Application Log: Event 1202 Security policies are pobabagated with
warning 0x534: no mapping between account names and security ID were done.

2: I cannot communicate with the second DNS. If I try to replicate, try to
demote the second DC now it gives errors it cannot find the forward lookup
records.

Anyone have any tips on this problem????
 
Hi, I was just about to create a cluster with three Win2k Advanced Server
domain controllers with 3 Nics in each box.... And I saw a lot of hypes
about running in a Cluster. Until I saw this remark of yours..
What would be your advice about running 3 DC with 3Nics in each DC in
multicast mode????
 
Hi Joe,
It is strongly recomended to not run clusters (either NLB clusters or
Cluster Service clusters) that are DCs. It also appears your specific
question is about NLB (as Cluster Service clusters don't have a multicast
mode choice). Runnig in clusters can be very beneficial for some services,
however for DCs you gain no advantage and only create more problems that
have to be dealt with by very specific and restrictive configurations.
--
Curtis Koenig
Support Professional
Microsoft Clustering Technologies Support
MCSA, MCSE, MCSAS, MCSES, CISSP

This posting is provided "AS IS" with no warranties and confers no rights.
Please reply to the newsgroup so that others may benefit. Thanks!

--------------------
 
Back
Top