Solved

Domain configuration question for MSCS(Cluster Service) to work properly

Posted on 2008-10-24
4
319 Views
Last Modified: 2012-05-05
I am about to implement a 2-node cluster on fresh installs of Windows 2008 Enterprise. Microsoft Cluster Service (MSCS) requires that the nodes be joined to a domain, and they recommend that the nodes themselves NOT be domain controllers.

I currently do NOT have a DC on the subnet that these machines reside. So, what's the best option from the choices below:

1) I can connect/join to our PDC which is on another subnet in another office, which it would reach via VPN. However, if the VPN tunnel went down or the PDC was otherwise unavailable, would the cluster continue to function? (BTW - The PDC is Server 2003, but I don't see anything in the literature that says not to do that)

2) What are the drawbacks to making each node a PDC? Microsoft literature says its possible to make the nodes a DC, but they don't say why they recommend against it. Has anyone tried this and not had problems? Any great reasons not to go this route?

3) Other option is to create another DC on a different subnet, but within the same physical network. I have a VM system at the datacenter and could create a DC just for the cluster - but I'd rather avoid this.
0
Comment
Question by:TheLinkerG
  • 2
  • 2
4 Comments
 
LVL 31

Accepted Solution

by:
Henrik Johansson earned 250 total points
ID: 22805876
3. Have a DC in same physical site is best for any authentication as the local machines will prefer the local DCs before trying to authenticate to any remote DC.

BTW: Please skip the talk about PDC as it's an old NT4-term that doesn't exist in AD-environment. All DCs are on same multimaster level.
0
 
LVL 1

Author Comment

by:TheLinkerG
ID: 22812009
Thanks for the tip on the PDC thing - this is my first experience with Server 08. Actually, I think I will just make a guest OS on my virtual machine at the COLO and promote it to a DC. The servers in question can point to that, and the one on the other end of the VPN tunnel as backup.

As these are Server 08 will it be a problem to run them on a 03 domain?
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 22812152
Except of not getting all new GPO-functionality, it shouldn't be any problem with joining servers running Server 2008 to a domain running in 2003 functional level.
0
 
LVL 1

Author Closing Comment

by:TheLinkerG
ID: 31509829
Thanks for your input!
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I was asked to look into SCCM 2007 by my employer, having a degree of experience of earlier versions of SMS and some previous SCCM knowledge I didn't expect the procedure to involve to much time. I read a number of guides concerning it…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

27 Experts available now in Live!

Get 1:1 Help Now