Network Logon/performance issues

I have 2 DC's on my Windows 2008 domain.  If in power down one of the domain controllers I lose connectivity to some of my netwrok resources.  Some, but not all, users will lose access to their Exchange mailbox.  Accessing shares takes a very long time.  I checked both domain controllers and they are both global catalog servers.  One DC has all of the FSMO roles.  What is it about the dc's that could be causing thsi issue? I thought that you should be able to run the network if one of the dc's goes down without issue.  One thing that changed was the dc's were both physical servers but have been conerted to vm's.  Could that have anything to do with this issue?
Who is Participating?
Leon FesterConnect With a Mentor Senior Solutions ArchitectCommented:
Please see my previous post about the PDC emulator role.
If that role-holder is not available then you can expect to see this behaviour.

Have a read through this blog by Microsoft MVP for better understanding of the impact of FSMO role being unavailable.

And yes, if your exchange server is pointing to a specific DC and that DC becomes unavailable then yes, your Exchange server will start having issues.
One quick thought, since not mentioned (and can make a dramatic difference): Make sure both DCs are running DNS and hosting the AD-integrated zone(s).  Have both servers reference the other server as a DNS provider in the network settings.  Make sure clients are assigned (handed out via DHCP or hardcoded, etc.) both servers for DNS.
Having all the FSMO roles on one machine is not the cause of the issues you are having - indeed its generally better to have all the roles on one machine. I agree that DNS is more likely to be the issue. in addition to making sure that both machines are running DNS make sure the clients care configured with the addresses of both servers on as the preferred DNS server, the other as the alternate.
Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

the dns could be the problem for users logon.
The exchange server has an specific configuration zone for ad . You should look if it talk with both or only a server. For two servers you can use even the manual configuration.
If the fsmo roles holder is offine some old apps can have some difficulty but only if required the pdc role. In rest you can have
Some problem adding user or computers
anyway if you have the 2dns on each computers the windows should switch to secondary server when the first is unavailable
sorry for posting in two pieces but my mobile phone is not so great
Leon FesterSenior Solutions ArchitectCommented:
One DC has all of the FSMO roles.  What is it about the dc's that could be causing thsi issue? I thought that you should be able to run the network if one of the dc's goes down without issue.
Are you switching of the DC with the FSMO roles?
How long have you left the DC's off before testing?
Does the slow response resolve itself?

Remember, your DC's will still function, but with a missing PDCe you could find that the network takes a little longer to authenticate your users.

Primary and Secondary DNS switch over can take up to 15 minutes.

It is assumed that when you one DC fails, that you will move the FSMO roles too.
No FSMO roles running means that AD is not setup correctly.

A better test is to leave the DC with the FSMO roles online and shutdown the other DC.
Remember in a DR scenario, you would have to move the FSMO roles in order to pass your AD health checks. So don't bother testing while your server holding the FSMO roles are down as this can return some incorrect results/experiences
NytroZAuthor Commented:
Current DNS setup:

DC1's preferred dns server is dc1 and its alternate is dc2.

DC2's preferred is dc1 and no alternate.
ALL DC must have itself as preferred and other as alternate.
That can explain why the second server has stopped working when it was by itself.
NytroZAuthor Commented:
I configured the DNS servers to point to themselves as primary and the other as the alternate.  No help.  The problem seems to be isolated to DC2.  If this server is not up then there is no authentication on the network even though DC1(which wsa the original DC on the network) is up and runnng.  With DC2 down(disabled), if I try to logon to the network it will not authenticate to DC1.  Instead it still shows its logonserver as DC2. I was told that DC1 was originally a physical server that was converted to a VM by a contracted IT firm.  They also think the vm was cloned to make DC2 but this can't be verified.  Is ther a way to force a workstation to logon to one dc over another?

CommonProgramFiles=C:\Program Files\Common Files
NytroZAuthor Commented:
One thing I notice when I look at the SRV records is teh timestamp on DC1 is from 7/2009 while the timestamp on DC2 is current, 2/4/2013.

Does this mean anything?
The DC cloning is not a procedure. I see that one time, and that can't be happening on a true domain. (the two dc will have the same SSID , so you can't rename it)
one more thing to test is what is happening on the schema (ad schema)
there you can suggest to your wks to prefere one controler instead other if you can manage the sites, but only if you have more that one network.

NytroZAuthor Commented:
I have recently been informed that the Exchange server also played the role of a domain controller and was demoted.   A new domain controller was created and the Exchange configuration points to that dc.  Now if that dc goes offline Exchange does as well.   I am curious if that could be part of the problem
NytroZAuthor Commented:
The DC that goes offlien and causes issues is not the PDCe.  Isn't Exchagne smart enough to find another DC if the oen it points to goes down?
dan_blagutConnect With a Mentor Commented:
Well many things are related...
If the AD server refered by Exchange is down, Exchange is down for a while, and if the servers parametres are not on automatically it rest down.
If the DNS server configured in the exchange parameters is down, the Exchange is unable to contact the AD so is down and even if it can search another DC controller it will rest down because without DNS it can't search.
So DNS is very important in AD, the rest is fail-safe configuration.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.