Multple Domain Controllers at remote sites

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hello

I have several w2k servers located at various remote sites within my domain
and have installed a domain controller at each location. I hoped that would
allow users located at these sites to still be able to log on locally if the
network link went down. Unfortunately this doesn't seem to work. As soon as
the network link drops the users at that remote site are unable to log on.
Seems to defeat the object of having DC's at these sites.

Have I missed configured something, somewhere ?? Perhaps during the DCPROMO
wizard ??

Thanks for the help

Gary
 
The DC's were already GC's (i didn't realise). Must be some other issue ??

Regards

Gary
 
Andrei

I've run a netdiag.exe on a client machine and noticed this error in the log;

Expected registration with PDN (primary DNS domain name):
Hostname: abc.def.ghi.jkl
[WARNING] Cannot find a primaryauthoritative DNS server for the name
'abc.def.ghi.jkl...'. [ERROR_INVALID_NAME]
The name 'abc.def.ghi.jkl...' may not be registered in DNS.
Expected registration with adapter's DNS Domain Name:
Hostname: abc.def.ghi.jkl
Registration with adapters DNS domain name is disabled.

I guess this is significant ?? I've looked in the 'Advanced TCP/IP settings
window' and confirmed that 'Register this connections address in DNS' is
checked. Something else not configured ??

Many thanks for your assistance

Gary
 
Please check if the DCs from the remote sites are DNS servers. Your dns zone
should be Active Directory Integrated so that it can replicate to all domain
controllers, and it should support dynamic updates.

--
Regards,
Andrei Ungureanu
www.eventid.net
Test our new EventReader!
http://www.altairtech.ca/eventreader/default2.asp?ref=au

Gabble Ratchet said:
Andrei

I've run a netdiag.exe on a client machine and noticed this error in the
log;

Expected registration with PDN (primary DNS domain name):
Hostname: abc.def.ghi.jkl
[WARNING] Cannot find a primaryauthoritative DNS server for the name
'abc.def.ghi.jkl...'. [ERROR_INVALID_NAME]
The name 'abc.def.ghi.jkl...' may not be registered in DNS.
Expected registration with adapter's DNS Domain Name:
Hostname: abc.def.ghi.jkl
Registration with adapters DNS domain name is disabled.

I guess this is significant ?? I've looked in the 'Advanced TCP/IP
settings
window' and confirmed that 'Register this connections address in DNS' is
checked. Something else not configured ??

Many thanks for your assistance

Gary

Andrei Ungureanu said:
tell me something about your DNS settings... The clients must be able to
contact a DNS server authoritative for your domain zone so that they can
find the DC responsible for their site.
Also some event id errors from the DCs and clients may help.

--
Regards,
Andrei Ungureanu
www.eventid.net
Test our new EventReader!
http://www.altairtech.ca/eventreader/default2.asp?ref=au

message
Click to expand...
Click to expand...
 
Andrei

Yes, the remote site DC's are DNS servers. The DNS zone in the forward
lookup zone is Active Directory Integrated and is set to 'Yes' to allow
dynamic updates. I've noticed in the reverse lookup zones that 'Allow dynamic
updates' is set to 'only secure updates'. I'm not sure if that's significant
??

Gary

Andrei Ungureanu said:
Please check if the DCs from the remote sites are DNS servers. Your dns zone
should be Active Directory Integrated so that it can replicate to all domain
controllers, and it should support dynamic updates.

--
Regards,
Andrei Ungureanu
www.eventid.net
Test our new EventReader!
http://www.altairtech.ca/eventreader/default2.asp?ref=au

Gabble Ratchet said:
Andrei

I've run a netdiag.exe on a client machine and noticed this error in the
log;

Expected registration with PDN (primary DNS domain name):
Hostname: abc.def.ghi.jkl
[WARNING] Cannot find a primaryauthoritative DNS server for the name
'abc.def.ghi.jkl...'. [ERROR_INVALID_NAME]
The name 'abc.def.ghi.jkl...' may not be registered in DNS.
Expected registration with adapter's DNS Domain Name:
Hostname: abc.def.ghi.jkl
Registration with adapters DNS domain name is disabled.

I guess this is significant ?? I've looked in the 'Advanced TCP/IP
settings
window' and confirmed that 'Register this connections address in DNS' is
checked. Something else not configured ??

Many thanks for your assistance

Gary

Andrei Ungureanu said:
tell me something about your DNS settings... The clients must be able to
contact a DNS server authoritative for your domain zone so that they can
find the DC responsible for their site.
Also some event id errors from the DCs and clients may help.

--
Regards,
Andrei Ungureanu
www.eventid.net
Test our new EventReader!
http://www.altairtech.ca/eventreader/default2.asp?ref=au

message
The DC's were already GC's (i didn't realise). Must be some other issue
??

Regards

Gary

:

Thanks Andrei,

I didn't know that. I'll give it a go!

Gary

:

you've forgot to make those DCs Global Catalogs.
You'll need at least one GC per site for logon to work.
--
Regards,
Andrei Ungureanu
www.eventid.net
Test our new EventReader!
http://www.altairtech.ca/eventreader/default2.asp?ref=au

message
Hello

I have several w2k servers located at various remote sites within
my
domain
and have installed a domain controller at each location. I hoped
that
would
allow users located at these sites to still be able to log on
locally
if
the
network link went down. Unfortunately this doesn't seem to work.
As
soon
as
the network link drops the users at that remote site are unable to
log on.
Seems to defeat the object of having DC's at these sites.

Have I missed configured something, somewhere ?? Perhaps during
the
DCPROMO
wizard ??

Thanks for the help

Gary
Click to expand...
Click to expand...
Click to expand...
 
"only secure updates" is ok.
Run the SET command on a client computer and check the LOGON SERVER env
variable to see the authenticating domain controller.

--
Regards,
Andrei Ungureanu
www.eventid.net
Test our new EventReader!
http://www.altairtech.ca/eventreader/default2.asp?ref=au

Gabble Ratchet said:
Andrei

Yes, the remote site DC's are DNS servers. The DNS zone in the forward
lookup zone is Active Directory Integrated and is set to 'Yes' to allow
dynamic updates. I've noticed in the reverse lookup zones that 'Allow
dynamic
updates' is set to 'only secure updates'. I'm not sure if that's
significant
??

Gary

Andrei Ungureanu said:
Please check if the DCs from the remote sites are DNS servers. Your dns
zone
should be Active Directory Integrated so that it can replicate to all
domain
controllers, and it should support dynamic updates.

--
Regards,
Andrei Ungureanu
www.eventid.net
Test our new EventReader!
http://www.altairtech.ca/eventreader/default2.asp?ref=au

message
Andrei

I've run a netdiag.exe on a client machine and noticed this error in
the
log;

Expected registration with PDN (primary DNS domain name):
Hostname: abc.def.ghi.jkl
[WARNING] Cannot find a primaryauthoritative DNS server for the name
'abc.def.ghi.jkl...'. [ERROR_INVALID_NAME]
The name 'abc.def.ghi.jkl...' may not be registered in DNS.
Expected registration with adapter's DNS Domain Name:
Hostname: abc.def.ghi.jkl
Registration with adapters DNS domain name is disabled.

I guess this is significant ?? I've looked in the 'Advanced TCP/IP
settings
window' and confirmed that 'Register this connections address in DNS'
is
checked. Something else not configured ??

Many thanks for your assistance

Gary

:

tell me something about your DNS settings... The clients must be able
to
contact a DNS server authoritative for your domain zone so that they
can
find the DC responsible for their site.
Also some event id errors from the DCs and clients may help.

--
Regards,
Andrei Ungureanu
www.eventid.net
Test our new EventReader!
http://www.altairtech.ca/eventreader/default2.asp?ref=au

message
The DC's were already GC's (i didn't realise). Must be some other
issue
??

Regards

Gary

:

Thanks Andrei,

I didn't know that. I'll give it a go!

Gary

:

you've forgot to make those DCs Global Catalogs.
You'll need at least one GC per site for logon to work.
--
Regards,
Andrei Ungureanu
www.eventid.net
Test our new EventReader!
http://www.altairtech.ca/eventreader/default2.asp?ref=au

in
message
Hello

I have several w2k servers located at various remote sites
within
my
domain
and have installed a domain controller at each location. I
hoped
that
would
allow users located at these sites to still be able to log on
locally
if
the
network link went down. Unfortunately this doesn't seem to
work.
As
soon
as
the network link drops the users at that remote site are unable
to
log on.
Seems to defeat the object of having DC's at these sites.

Have I missed configured something, somewhere ?? Perhaps during
the
DCPROMO
wizard ??

Thanks for the help

Gary
Click to expand...
Click to expand...
Click to expand...
 
You probably already checked this, but, does each of your clients have ALL
of your DCs listed in the TCP/IP config of their NIC? This would allow any
one client to reach another DC DNS server upon logon. If only the local DC
was listed, and it was down, there'd be a problem.

-Frank

Gabble Ratchet said:
Andrei

Yes, the remote site DC's are DNS servers. The DNS zone in the forward
lookup zone is Active Directory Integrated and is set to 'Yes' to allow
dynamic updates. I've noticed in the reverse lookup zones that 'Allow
dynamic
updates' is set to 'only secure updates'. I'm not sure if that's
significant
??

Gary

Andrei Ungureanu said:
Please check if the DCs from the remote sites are DNS servers. Your dns
zone
should be Active Directory Integrated so that it can replicate to all
domain
controllers, and it should support dynamic updates.

--
Regards,
Andrei Ungureanu
www.eventid.net
Test our new EventReader!
http://www.altairtech.ca/eventreader/default2.asp?ref=au

message
Andrei

I've run a netdiag.exe on a client machine and noticed this error in
the
log;

Expected registration with PDN (primary DNS domain name):
Hostname: abc.def.ghi.jkl
[WARNING] Cannot find a primaryauthoritative DNS server for the name
'abc.def.ghi.jkl...'. [ERROR_INVALID_NAME]
The name 'abc.def.ghi.jkl...' may not be registered in DNS.
Expected registration with adapter's DNS Domain Name:
Hostname: abc.def.ghi.jkl
Registration with adapters DNS domain name is disabled.

I guess this is significant ?? I've looked in the 'Advanced TCP/IP
settings
window' and confirmed that 'Register this connections address in DNS'
is
checked. Something else not configured ??

Many thanks for your assistance

Gary

:

tell me something about your DNS settings... The clients must be able
to
contact a DNS server authoritative for your domain zone so that they
can
find the DC responsible for their site.
Also some event id errors from the DCs and clients may help.

--
Regards,
Andrei Ungureanu
www.eventid.net
Test our new EventReader!
http://www.altairtech.ca/eventreader/default2.asp?ref=au

message
The DC's were already GC's (i didn't realise). Must be some other
issue
??

Regards

Gary

:

Thanks Andrei,

I didn't know that. I'll give it a go!

Gary

:

you've forgot to make those DCs Global Catalogs.
You'll need at least one GC per site for logon to work.
--
Regards,
Andrei Ungureanu
www.eventid.net
Test our new EventReader!
http://www.altairtech.ca/eventreader/default2.asp?ref=au

in
message
Hello

I have several w2k servers located at various remote sites
within
my
domain
and have installed a domain controller at each location. I
hoped
that
would
allow users located at these sites to still be able to log on
locally
if
the
network link went down. Unfortunately this doesn't seem to
work.
As
soon
as
the network link drops the users at that remote site are unable
to
log on.
Seems to defeat the object of having DC's at these sites.

Have I missed configured something, somewhere ?? Perhaps during
the
DCPROMO
wizard ??

Thanks for the help

Gary
Click to expand...
Click to expand...
Click to expand...
 
Went to one of our remote sites yesterday and did some testing. Seems that it
may well be a problem with the client NIC config.

1. Logged on a client and run >SET to confirm correct logon server.
2. Logged off client and dropped network link.
3. Logged on client; no errors and >SET again confirmed correct logon server.
4. Brought network link back up and logged off client.
5. Shutdown local DC and logged on client.
6. >SET confirmed alternative logon server DC.
7. Restarted local DC.

At this point we thought we had a ‘non’ problem. However, we again tried the
tests with another client machine which, although confirmed with the correct
local logon server, would not logon with the network link down!!

To get this client to logon we typed in the domain name into the field ‘DNS
suffix for this connection:’ in the Advanced TCP/IP settings window. Seems
that some of our client machines are configured differently. Should this be
completed in all cases ?? How about the two boxes below (‘Register this
connection’s addresses in DNS’, and ‘use this connection’s DNS suffix in DNS
registration’) ??

Thanks again

Gary


Frankster said:
You probably already checked this, but, does each of your clients have ALL
of your DCs listed in the TCP/IP config of their NIC? This would allow any
one client to reach another DC DNS server upon logon. If only the local DC
was listed, and it was down, there'd be a problem.

-Frank

Gabble Ratchet said:
Andrei

Yes, the remote site DC's are DNS servers. The DNS zone in the forward
lookup zone is Active Directory Integrated and is set to 'Yes' to allow
dynamic updates. I've noticed in the reverse lookup zones that 'Allow
dynamic
updates' is set to 'only secure updates'. I'm not sure if that's
significant
??

Gary

Andrei Ungureanu said:
Please check if the DCs from the remote sites are DNS servers. Your dns
zone
should be Active Directory Integrated so that it can replicate to all
domain
controllers, and it should support dynamic updates.

--
Regards,
Andrei Ungureanu
www.eventid.net
Test our new EventReader!
http://www.altairtech.ca/eventreader/default2.asp?ref=au

message
Andrei

I've run a netdiag.exe on a client machine and noticed this error in
the
log;

Expected registration with PDN (primary DNS domain name):
Hostname: abc.def.ghi.jkl
[WARNING] Cannot find a primaryauthoritative DNS server for the name
'abc.def.ghi.jkl...'. [ERROR_INVALID_NAME]
The name 'abc.def.ghi.jkl...' may not be registered in DNS.
Expected registration with adapter's DNS Domain Name:
Hostname: abc.def.ghi.jkl
Registration with adapters DNS domain name is disabled.

I guess this is significant ?? I've looked in the 'Advanced TCP/IP
settings
window' and confirmed that 'Register this connections address in DNS'
is
checked. Something else not configured ??

Many thanks for your assistance

Gary

:

tell me something about your DNS settings... The clients must be able
to
contact a DNS server authoritative for your domain zone so that they
can
find the DC responsible for their site.
Also some event id errors from the DCs and clients may help.

--
Regards,
Andrei Ungureanu
www.eventid.net
Test our new EventReader!
http://www.altairtech.ca/eventreader/default2.asp?ref=au

message
The DC's were already GC's (i didn't realise). Must be some other
issue
??

Regards

Gary

:

Thanks Andrei,

I didn't know that. I'll give it a go!

Gary

:

you've forgot to make those DCs Global Catalogs.
You'll need at least one GC per site for logon to work.
--
Regards,
Andrei Ungureanu
www.eventid.net
Test our new EventReader!
http://www.altairtech.ca/eventreader/default2.asp?ref=au

in
message
Hello

I have several w2k servers located at various remote sites
within
my
domain
and have installed a domain controller at each location. I
hoped
that
would
allow users located at these sites to still be able to log on
locally
if
the
network link went down. Unfortunately this doesn't seem to
work.
As
soon
as
the network link drops the users at that remote site are unable
to
log on.
Seems to defeat the object of having DC's at these sites.

Have I missed configured something, somewhere ?? Perhaps during
the
DCPROMO
wizard ??

Thanks for the help

Gary
Click to expand...
Click to expand...
Click to expand...
 
Back
Top