Domain Controller authentication not working when one DC is down
Posted on 2007-03-19
We have two W2k3 domain controllers - the FSMO and a GC. When we shutdown the FSMO, say to apply patches, users cannot authenticate to the domain. Because a GC is still up, there should be no authentication problem. But, users cannot authenticate. The reverse is also true: If I shutdown my GC, and the FSMO is up, I cannot authenticate to the domain in Chicago.
Why? Ive been trying to resolve this issue literally for months and have yet to find any problems with my DNS, stub zones, event log errors, replication, anything...
When I use replmon to search domain controllers for replication errors, none are posted. Both DCs are running AD integrated DNS, and are the primary and secondary name servers advertised via dhcp. Replication-wise, the data is consistent across both DCs. So, why cant I log onto my workstation if one server is not available?
Furthermore, I have a 3rd DC (a GC) in another state. If both DCs fail locally here, I should be able to reach that remote GC. Exchange seems to redirect itself to the GC in Washington correctly if I fail the GC in Chicago, but I still cannot log into a workstation or other machine on the local network if one or the other local DC servers is down.
It really makes no sense to me...