Solved

Secondary Active Directory Controller not taking authorizations, not doing DNS

Posted on 2009-05-18
8
338 Views
Last Modified: 2012-05-07
We have 2 AD controllers at 2 sites.  They are both on the same subnet, connected via fiber relay between buildings (on a 10.0.10.* network).  When the 'main' controller (ADSERVER1) goes down, the secondary one (ADSERVER2) appears to not be taking over authentication and DNS.

Our primary server went down this morning, and until I could get it back up, we had no DNS, and no authentication whatsoever.

How would I check to see if the ADSERVER2 is set to take over domain control when ADSERVER1 is down?
0
Comment
Question by:gracewild
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 27

Assisted Solution

by:bluntTony
bluntTony earned 150 total points
ID: 24414179
I assume if they are both on the same subnet, then you haven't configured the two physical sites as two sites in AD Sites and Services?

Are both DCs also DNS servers, and do your clients have both servers' IP addresses in their preferred DNS servers list?
0
 
LVL 6

Accepted Solution

by:
Gunter17 earned 200 total points
ID: 24414214
The first active directory servers DNS should be set to itself, and the seconds DNS server set to itself as well. Your clients DNS should be set to your primary and secondary active directory servers.

As long as there are no sync problems (which would be logged in the FRS event log) the other server should function fine and serve logon requests after the timeout period on the primary dns expires.

Are both servers providing global catalog services?
http://technet.microsoft.com/en-us/library/cc758330(WS.10).aspx
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24414227
Is your second domain controller also a global catalog server?
Thanks
Mike
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 150 total points
ID: 24414243
The AD servers don't have to be pointing to themselves for DNS (although that is ok)
You can have them pointing to each other for primary and each other for secondary.  Both methods are valid.
Thanks
Mike
0
 

Author Closing Comment

by:gracewild
ID: 31582682
Thank you for the quick replies.
The DNS server settings were pointed both the ADSERVER1, so I put ADSERVER2's IP address for the primary, and ADSERVER1 for the secondary.  Global catalog was NOT checked on ADSERVER2, but now it is.

Thanks a ton.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24414433
ok thanks let us know if ADServer2 takes over next time AD1 goes down.
Thanks
Mike
0
 

Author Comment

by:gracewild
ID: 24414445
I certainly will.  I am going to test it tonight or tomorrow after everyone goes home for the day.

I really appreciate it.

0
 

Author Comment

by:gracewild
ID: 24585232
Sorry it took me so long to reply, things have been crazy here, and I have been ill.  

The fix did work.  Our ADSERVER2 does take over the domain authorization and DNS when ADSERVER1 is down.  This is a very good thing, because the motherboard just died on ADSERVER1.  Parts are on order and ADSERVER2 is doing everything until we get it rebuilt.

Thanks
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question