I have problems configuring a second DNS server on Windows 2003 enviroment, here is the schema:
Server A: First domain controller, Active Directory and first DNS server integrated with AD and dinamic updates allowed (Primary Zones created).
Server B: Second domain controller, Active Directory.
I want to configure a second DNS for fault tolerance in my network, but everytime i try it same errors appears.
I install DNS service on Server B (Add/Remove programs, etc...), when it's installed there are no zones but minutes later they appear replicated from AD or server A DNS service. In that point, the two servers have DNS service installed with the same Primary Zones, integrated on AD and dinamic updates allowed.
Well, i change TCP/IP parameters on both servers in this way:
Server A: Server B:
Primary DNS: Server A Server B
Secondary DNS: Server B Server A
Everything is working fine, but if i shut down Server A and then restart Server B, Server B takes 10 minutes to show netlogon screen (in normal conditions this screen is shown in 2 or 3 minutes) and event viewer reports some errors:
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
Description: The Security System detected an authentication error for the server ldap/serverA.domain.local(
*). The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request. (0xc000005e)".
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp
Data: 0000: c000005e
(*) In the other errors this line is changed to ServerB.
Is this normal behavior? Is second DNS server bad installed?
The workstations logon on server B with no errors.
I need some help, thanks!!!