[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Secondary Active Directory Controller not taking authorizations, not doing DNS

Posted on 2009-05-18
8
Medium Priority
?
345 Views
Last Modified: 2012-05-07
We have 2 AD controllers at 2 sites.  They are both on the same subnet, connected via fiber relay between buildings (on a 10.0.10.* network).  When the 'main' controller (ADSERVER1) goes down, the secondary one (ADSERVER2) appears to not be taking over authentication and DNS.

Our primary server went down this morning, and until I could get it back up, we had no DNS, and no authentication whatsoever.

How would I check to see if the ADSERVER2 is set to take over domain control when ADSERVER1 is down?
0
Comment
Question by:gracewild
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 27

Assisted Solution

by:bluntTony
bluntTony earned 600 total points
ID: 24414179
I assume if they are both on the same subnet, then you haven't configured the two physical sites as two sites in AD Sites and Services?

Are both DCs also DNS servers, and do your clients have both servers' IP addresses in their preferred DNS servers list?
0
 
LVL 6

Accepted Solution

by:
Gunter17 earned 800 total points
ID: 24414214
The first active directory servers DNS should be set to itself, and the seconds DNS server set to itself as well. Your clients DNS should be set to your primary and secondary active directory servers.

As long as there are no sync problems (which would be logged in the FRS event log) the other server should function fine and serve logon requests after the timeout period on the primary dns expires.

Are both servers providing global catalog services?
http://technet.microsoft.com/en-us/library/cc758330(WS.10).aspx
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24414227
Is your second domain controller also a global catalog server?
Thanks
Mike
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 600 total points
ID: 24414243
The AD servers don't have to be pointing to themselves for DNS (although that is ok)
You can have them pointing to each other for primary and each other for secondary.  Both methods are valid.
Thanks
Mike
0
 

Author Closing Comment

by:gracewild
ID: 31582682
Thank you for the quick replies.
The DNS server settings were pointed both the ADSERVER1, so I put ADSERVER2's IP address for the primary, and ADSERVER1 for the secondary.  Global catalog was NOT checked on ADSERVER2, but now it is.

Thanks a ton.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24414433
ok thanks let us know if ADServer2 takes over next time AD1 goes down.
Thanks
Mike
0
 

Author Comment

by:gracewild
ID: 24414445
I certainly will.  I am going to test it tonight or tomorrow after everyone goes home for the day.

I really appreciate it.

0
 

Author Comment

by:gracewild
ID: 24585232
Sorry it took me so long to reply, things have been crazy here, and I have been ill.  

The fix did work.  Our ADSERVER2 does take over the domain authorization and DNS when ADSERVER1 is down.  This is a very good thing, because the motherboard just died on ADSERVER1.  Parts are on order and ADSERVER2 is doing everything until we get it rebuilt.

Thanks
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question