Solved

AD Windows Server 2003 DC is not recognized as a GC when another GC is bounced

Posted on 2011-02-25
17
468 Views
Last Modified: 2012-05-11
good day everyone,

we have 2 servers with the role of global catalog servers, they both have FSMO roles distributed amongst each other, server 1 is a GC, DNS, DHCP AD server, server 2 has AD and is acting as a GC as well. server 2 has been around longer then server 1, server 1 replaced an old DC we had which has been d'commd. this is what happens:

when we restart server 2, everyone looses connection to the internet and are not able to log in. we find this strange being server 1 has DNS, AD and is a GC. we are wondering why users are not able to auhtenticate while server server 2 is being rebooted?

any ideas?
0
Comment
Question by:GridLock137
  • 8
  • 4
  • 3
  • +1
17 Comments
 
LVL 12

Expert Comment

by:Navdeep
ID: 34984322
Hi,

are both of your DC is in Same site/Same Domain?

Do you have multiple sites?

If you run the following command do you see your DC as GC
use following command

nltest /dsgetdc:domain.com

check under flags if your server is marked as GC

If not, then go to active directory sites and service, site / servers / properties of ntds settings and mark it as GC and reboot.
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 34984373
You only have 1 DNS server???

Do users have to authenticate to a proxy to get internet access?

Does DC2 hold the PDC Emulator role?
0
 
LVL 7

Author Comment

by:GridLock137
ID: 34984480
let me remote in and check this.
0
 
LVL 7

Author Comment

by:GridLock137
ID: 34984563
ok so both DCs are in the same site same domain, we do not have multiple site but we do have other domains configured, i guess they can be called child domains. v-2 i could not run that command, where do i run it from? i checked and both are GC. i just found out we have a server 3 that holds the roles of infrastructure and rid and is currently the operations master.

server 3 has no DNS installed

server 1 and 2 both have DNS installed.

craigbeck DC2 dows not hold the PDC Em role, just looked it up and server 3 holds it.
0
 
LVL 3

Accepted Solution

by:
Axcess Internet® earned 500 total points
ID: 34984589
We see this problem all the time, and have been told by Microsoft Support that it has to do with the timeout of the client.  If the client was logged in using DC1 and DC1 is rebooted, the secure channel has to be rebuilt, resulting in a longer than normal period for login.

Is this what you are seeing?
0
 
LVL 7

Author Comment

by:GridLock137
ID: 34984689
yes we see that as well as loss of internet conectivity. i thought if one GC goes down then the other takes over, or it does not work this way?
0
 
LVL 3

Expert Comment

by:Axcess Internet®
ID: 34984713
As far as I know it does not work this way.  Any clients logged into the rebooting DC, will have to rebuild the secure channel to the remaining DC and that can take some time.  If we take down DC1 for maintenance, we always inform staff to reboot their machines before attempting to login again.
0
 
LVL 12

Expert Comment

by:Navdeep
ID: 34984726
Hi,

You would run that command in command prompt. You need to install support tools for that.
0
 
LVL 7

Author Comment

by:GridLock137
ID: 34984811
i see. ok. no problem. i will have to test further since there is another person involved in this troubleshooting process. i will post my results monday guys. thank you.
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 34984885
Do your clients look at DC2 first for DNS?
Also, does DC1 use DC2 as its primary DNS server, and vice-versa for DC2?
0
 
LVL 7

Author Comment

by:GridLock137
ID: 34988539
i believe the clients are looking at DC1 first but i could be wrong, we have desktop admins and they might be mixing up the order of which they should put first. i will verify what the DCs have as their primary DNS. should each one point to the other or themselves as the primary?
0
 
LVL 3

Expert Comment

by:Axcess Internet®
ID: 34989000
We have them point to each other and a 3rd party (out upstream provider) DNS.
0
 
LVL 7

Author Comment

by:GridLock137
ID: 34989189
I will verify that, but what about server three that seems to hold some of the fsmo roles but is not a gc, don't point to that guy correct, if anything that guy should point to server 1 and 2 yes?
0
 
LVL 3

Expert Comment

by:Axcess Internet®
ID: 34989197
Yes, since Server3 doesn't have the GC role, I would have it point to 1 and 2.
0
 
LVL 7

Author Comment

by:GridLock137
ID: 34989235
Ok I will verify the setting, change if needed and test it... Have a great weekend. Will post monday. Thank you
0
 
LVL 12

Expert Comment

by:Navdeep
ID: 34989289
Hi
Also u need to remove external dns from clients n put it under forwarders of dns server properties. Reason being ur clients will look for gc dc on external dns when dc1 n dc2 won't respond
0
 
LVL 7

Author Closing Comment

by:GridLock137
ID: 35020686
thank you guys!
0

Join & Write a Comment

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
I wrote this article to explain some important DNS concepts that should be known to avoid some typical configuration errors I often see in forums. I assume that what is described here is the typical behavior of Microsoft DNS client. I don't know …
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now