Have some questions about the DC locator process and the netlogon cache.
So heres the background. We have three DCs in one of our active directory Sites. Upon logon all clients and servers will locate a DC via the netlogon service. So lets say an application server (appserver1) chooses DC1.domain.com as its DC that its going to authenticate with. Once the netlong service on appserver1.domain.com chooses DC1.domain.com it will cache that information and all subsequent authentication events will go through DC1.domain.com. We had some hardware issues on DC1.domain.com that forced us to bring it down (had to replace some bad memory that kept crashing the server). I figured since AD/DNS load balanced/fault tolerant, that is appserver1.domain.com would try what's in it's cache and would notice DC1.domain.com was unavailable and do a DNS lookup find SRV records and find a new domain controller to do its authentication&say it would find DC2.domain.com.
Well, once we took down dc1.domain.com our monitoring tool reported that many services were down. We quickly brought DC1.domain.com up and all services came back up.
So i got to reading. I found everything under the sun. Some links say that the netlogon service will NOT go and discover a new DC (http://www.smart-x.com/?CategoryID=171&ArticleID=165
< this link says that clients will purge their cache only if the client has cached a DC that is not local to their site.....to a link that says "yes, clients will rediscover" (http://msdn.microsoft.com/en-us/library/ms675983.aspx
Here's a good link for an advicate of "yes, clients will failover" (http://www.improve.dk/blog/2008/03/02/setting-up-and-testing-active-directory-failover
) - see section on domain Controller stick Stickiness
I have a long thread posted on Mark Minasi's Forum: http://web2.minasi.com/forum/topic.asp?TOPIC_ID=30940
if anyone isinterested.
Basically i'm just tryin to get to the bottom of this. If servers do failover, then why does our monitoring tool say services are down when we bounce a Domain Controller? What kinds of checks does a client do to see if a DC is actually servicing authentication requests? Is it a ping only, some kind of LDAP query.....this artical says that "yes clients will failover...." but doesn't go into what kinds of checks the client does to verify http://msdn.microsoft.com/en-us/library/ms675983.aspx
We use What's UP to monitor our servers which uses a service account (domain account) which is an admin on all servers. What's UP uses this account to get into WMI to test the services. When we bounce a DC, What's up is saying that some services are down but not all. We have a 5 min time laps between when serivces are down and when an e-mail will be sent, and when we bounce a DC, we get e-mails saying services are down.
Any help would be MUCH appreciated,