Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Secondary Active Directory Controller not taking authorizations, not doing DNS

Posted on 2009-05-18
8
326 Views
Last Modified: 2012-05-07
We have 2 AD controllers at 2 sites.  They are both on the same subnet, connected via fiber relay between buildings (on a 10.0.10.* network).  When the 'main' controller (ADSERVER1) goes down, the secondary one (ADSERVER2) appears to not be taking over authentication and DNS.

Our primary server went down this morning, and until I could get it back up, we had no DNS, and no authentication whatsoever.

How would I check to see if the ADSERVER2 is set to take over domain control when ADSERVER1 is down?
0
Comment
Question by:gracewild
8 Comments
 
LVL 27

Assisted Solution

by:bluntTony
bluntTony earned 150 total points
ID: 24414179
I assume if they are both on the same subnet, then you haven't configured the two physical sites as two sites in AD Sites and Services?

Are both DCs also DNS servers, and do your clients have both servers' IP addresses in their preferred DNS servers list?
0
 
LVL 6

Accepted Solution

by:
Gunter17 earned 200 total points
ID: 24414214
The first active directory servers DNS should be set to itself, and the seconds DNS server set to itself as well. Your clients DNS should be set to your primary and secondary active directory servers.

As long as there are no sync problems (which would be logged in the FRS event log) the other server should function fine and serve logon requests after the timeout period on the primary dns expires.

Are both servers providing global catalog services?
http://technet.microsoft.com/en-us/library/cc758330(WS.10).aspx
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24414227
Is your second domain controller also a global catalog server?
Thanks
Mike
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 150 total points
ID: 24414243
The AD servers don't have to be pointing to themselves for DNS (although that is ok)
You can have them pointing to each other for primary and each other for secondary.  Both methods are valid.
Thanks
Mike
0
 

Author Closing Comment

by:gracewild
ID: 31582682
Thank you for the quick replies.
The DNS server settings were pointed both the ADSERVER1, so I put ADSERVER2's IP address for the primary, and ADSERVER1 for the secondary.  Global catalog was NOT checked on ADSERVER2, but now it is.

Thanks a ton.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24414433
ok thanks let us know if ADServer2 takes over next time AD1 goes down.
Thanks
Mike
0
 

Author Comment

by:gracewild
ID: 24414445
I certainly will.  I am going to test it tonight or tomorrow after everyone goes home for the day.

I really appreciate it.

0
 

Author Comment

by:gracewild
ID: 24585232
Sorry it took me so long to reply, things have been crazy here, and I have been ill.  

The fix did work.  Our ADSERVER2 does take over the domain authorization and DNS when ADSERVER1 is down.  This is a very good thing, because the motherboard just died on ADSERVER1.  Parts are on order and ADSERVER2 is doing everything until we get it rebuilt.

Thanks
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article runs through the process of deploying a single EXE application selectively to a group of user.
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question