Domain configuration question for MSCS(Cluster Service) to work properly

I am about to implement a 2-node cluster on fresh installs of Windows 2008 Enterprise. Microsoft Cluster Service (MSCS) requires that the nodes be joined to a domain, and they recommend that the nodes themselves NOT be domain controllers.

I currently do NOT have a DC on the subnet that these machines reside. So, what's the best option from the choices below:

1) I can connect/join to our PDC which is on another subnet in another office, which it would reach via VPN. However, if the VPN tunnel went down or the PDC was otherwise unavailable, would the cluster continue to function? (BTW - The PDC is Server 2003, but I don't see anything in the literature that says not to do that)

2) What are the drawbacks to making each node a PDC? Microsoft literature says its possible to make the nodes a DC, but they don't say why they recommend against it. Has anyone tried this and not had problems? Any great reasons not to go this route?

3) Other option is to create another DC on a different subnet, but within the same physical network. I have a VM system at the datacenter and could create a DC just for the cluster - but I'd rather avoid this.
LVL 1
TheLinkerGAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Henrik JohanssonSystems engineerCommented:
3. Have a DC in same physical site is best for any authentication as the local machines will prefer the local DCs before trying to authenticate to any remote DC.

BTW: Please skip the talk about PDC as it's an old NT4-term that doesn't exist in AD-environment. All DCs are on same multimaster level.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
TheLinkerGAuthor Commented:
Thanks for the tip on the PDC thing - this is my first experience with Server 08. Actually, I think I will just make a guest OS on my virtual machine at the COLO and promote it to a DC. The servers in question can point to that, and the one on the other end of the VPN tunnel as backup.

As these are Server 08 will it be a problem to run them on a 03 domain?
0
Henrik JohanssonSystems engineerCommented:
Except of not getting all new GPO-functionality, it shouldn't be any problem with joining servers running Server 2008 to a domain running in 2003 functional level.
0
TheLinkerGAuthor Commented:
Thanks for your input!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.