User's PC unable to login to domain on backup AD server

I have 2 AD servers (one master) on Windows 2008 STD, but when the master AD is down, user PCs are unable to login to the domain on the backup AD server.

The master and backup AD are defined in AD. User's PC are pointing to the AD servers for DNS and WINS (AD servers run DNS and WINS as well). All User PCs are Win XP Pro SP3.

Any suggestions where I should start looking at ? Thanks.
sidartraAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Michael OrtegaConnect With a Mentor Sales & Systems EngineerCommented:
So are you saying that all your XP clients have DNS configured to point at Primary DNS - AD server 1 and Secondardy DNS - AD server 2? Are any XP clients working? All addresses handed out through DHCP server or are they Static? If DHCP, does the AD server in question hold that role?

Are you getting good replication between AD servers? Have you checked by running DCDIAG on AD server 2?

MO
0
 
Henrik JohanssonConnect With a Mentor Systems engineerCommented:
To be correct, there's no such thing as backup AD. All DCs are multi-master. Backup DC (BDC) is an old NT4 term that doesn't exist when talking about native AD.

First thing is that clients nead to point on both DC/DNS servers for redundancy. As I understand it, that's already done.
Also check that there's no external (ISP or routers) as DNS servers on the client as it will give issues.

If clients are correctly configured, it sounds like a replication issue between the two DCs. The DCs should point on both itself and the other as DNS servers, not only itself.
Is there any issues reported by dcdiag command line tool on the DCs? Anything in the DC's eventlog?
0
 
Krzysztof PytkoConnect With a Mentor Active Directory EngineerCommented:
If you use DHCP server, please modify option no 006. You have to type 2 DNS servers (DC1 and DC2). If one of them will be unavailable, then clients will proceed with another one
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
Krzysztof PytkoConnect With a Mentor Active Directory EngineerCommented:
I hope, you have DHCP server on separate machine. If not, you have to configure it also on DC2
0
 
Darius GhassemConnect With a Mentor Commented:
Make sure both DCs are Global catalogs. When you have your DC go down that holds FSMO roles you will see this type of issues since the FSMO roles are not searchable. Seizing these roles should fix the problem but this will make the DC that holds these roles unusable and would have to be demoted then promoted again

First try to make sure that the second DC is a GC.

Run dcdiag to check for errors to see if you have exsiting problems with replication.
0
 
sidartraAuthor Commented:
Hi,

I came across a setting "enable Password cache" (?) while setting up AD2 so I am clarifying if this needs to be enabled for users to login.

PCs are getting DNS resolved correctly and can access Internet etc (DNS1 -> AD1, DNS2 -> AD2).

PCs are using sttaic IP. Both AD servers are global catalog.

I will test again this weekend. Any other comments welcomed. Thanks.
0
 
Krzysztof PytkoConnect With a Mentor Active Directory EngineerCommented:
It looks like internal DNS problem. Could you tell me please how is your DC2 DNS configured (forwarding etc.)?
0
 
Henrik JohanssonConnect With a Mentor Systems engineerCommented:
It's possibly that it's a replication issue between the two DCs..
Any errors in output from dcdiag command tool on DCs?
0
 
Darius GhassemConnect With a Mentor Commented:
Please post dcdiag. Make sure both are GCs. When your fsmo roles are down then you will see issues like this as well.
0
All Courses

From novice to tech pro — start learning today.