[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 228
  • Last Modified:

2003 Server clients authenticating to second DC

We have a second 2003 DC setup as a backup in case the first 2003 DC fails.  Setup on both machines are the same except on the second DC DHCP not installed or setup.  Both are running and authinticating to each other.  Second DC is also setup as backup DNS.  Oh sorry 2003 Standard Edition.  Ok this is what is happening...

When a client logs into the domain it is grabbing the login script from the second DC and not the first.  Checked ipconfig /all to see what it had for dns and everything there looks good.  Checked DNS on first DC and all looks good. We do have a second nic installed on both DC's that connect to our local SAN network.  I did notice that in DNs on the first DC the ip order was the SAN network ip first and the DC's local network IP second.  I selected the first DC and hit resolve and that moved it back into proper order.  I also checked the advanced settings on the NIC's and the DC's Nics where in the correct order....  Strange that in DNS it was different and i had to click the first DC and hit resolve so it would correct the order...

Why would it grab the login script from the second DC and not the first DC???  & Why would in DNS the NICS ip's order change???
0
creativeSD
Asked:
creativeSD
  • 2
2 Solutions
 
LauraEHunterMVPCommented:
Are both domain controllers in the same site?  If so, and all other things being equal, your clients will choose between either DC in a round-robin fashion. However, once a client "chooses" one DC or the other, it will retain that "DC-affinity" for as long as it can continue to contact that DC. This is by design, since Active Directory is designed to be a multi-master directory service - old notions of the PDC and the BDC are no longer in play.

If you still want clients to authenticate to one DC instead of the other, you can modify the default priority and weight of their SRV records in DNS, see the following tutorial for more information: http://www.2000trainers.com/windows-2000/dns-service-records/. For example, if you have 2 DCs with different priorities in DNS, clients will prefer the DNS with the better (lower-numbered) priority.

Hope this helps.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
 
creativeSDAuthor Commented:
Thaks!  great info.  I did a reboot on one of the clients and it did then log into the first DC.  Yes both domain controllers are in the same site.  Wonder why it went back to the other DC after reboot....
0
 
Ron MalmsteadInformation Services ManagerCommented:
Logon scripts for the domain are replicated in AD after they are modified...so it really shouldn't matter where they pull from.

Are both of the DC's...global catalog servers ?
Global catalog servers process logons....So if one is, and one isn't ....well you get the idea.

LauraEHunter is correct.  You can change the priority of the SRV records in DNS...to go to a "preferred server"....but both should be gc's.
0
 
creativeSDAuthor Commented:
Ok the the second DC's global catalog was enabled earlier today.  It appears things are back to norm but going to wait a day or so to see if anything else pops up.  thanks for your help thus far.  
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now