Solved

2003 Server clients authenticating to second DC

Posted on 2007-04-02
4
218 Views
Last Modified: 2010-03-05
We have a second 2003 DC setup as a backup in case the first 2003 DC fails.  Setup on both machines are the same except on the second DC DHCP not installed or setup.  Both are running and authinticating to each other.  Second DC is also setup as backup DNS.  Oh sorry 2003 Standard Edition.  Ok this is what is happening...

When a client logs into the domain it is grabbing the login script from the second DC and not the first.  Checked ipconfig /all to see what it had for dns and everything there looks good.  Checked DNS on first DC and all looks good. We do have a second nic installed on both DC's that connect to our local SAN network.  I did notice that in DNs on the first DC the ip order was the SAN network ip first and the DC's local network IP second.  I selected the first DC and hit resolve and that moved it back into proper order.  I also checked the advanced settings on the NIC's and the DC's Nics where in the correct order....  Strange that in DNS it was different and i had to click the first DC and hit resolve so it would correct the order...

Why would it grab the login script from the second DC and not the first DC???  & Why would in DNS the NICS ip's order change???
0
Comment
Question by:creativeSD
  • 2
4 Comments
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 175 total points
ID: 18838131
Are both domain controllers in the same site?  If so, and all other things being equal, your clients will choose between either DC in a round-robin fashion. However, once a client "chooses" one DC or the other, it will retain that "DC-affinity" for as long as it can continue to contact that DC. This is by design, since Active Directory is designed to be a multi-master directory service - old notions of the PDC and the BDC are no longer in play.

If you still want clients to authenticate to one DC instead of the other, you can modify the default priority and weight of their SRV records in DNS, see the following tutorial for more information: http://www.2000trainers.com/windows-2000/dns-service-records/. For example, if you have 2 DCs with different priorities in DNS, clients will prefer the DNS with the better (lower-numbered) priority.

Hope this helps.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
 

Author Comment

by:creativeSD
ID: 18838479
Thaks!  great info.  I did a reboot on one of the clients and it did then log into the first DC.  Yes both domain controllers are in the same site.  Wonder why it went back to the other DC after reboot....
0
 
LVL 25

Assisted Solution

by:Ron M
Ron M earned 75 total points
ID: 18838546
Logon scripts for the domain are replicated in AD after they are modified...so it really shouldn't matter where they pull from.

Are both of the DC's...global catalog servers ?
Global catalog servers process logons....So if one is, and one isn't ....well you get the idea.

LauraEHunter is correct.  You can change the priority of the SRV records in DNS...to go to a "preferred server"....but both should be gc's.
0
 

Author Comment

by:creativeSD
ID: 18840855
Ok the the second DC's global catalog was enabled earlier today.  It appears things are back to norm but going to wait a day or so to see if anything else pops up.  thanks for your help thus far.  
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found here: http://www.experts-exchang…
INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now