Solved

Network Logon/performance issues

Posted on 2013-02-01
15
274 Views
Last Modified: 2013-02-07
I have 2 DC's on my Windows 2008 domain.  If in power down one of the domain controllers I lose connectivity to some of my netwrok resources.  Some, but not all, users will lose access to their Exchange mailbox.  Accessing shares takes a very long time.  I checked both domain controllers and they are both global catalog servers.  One DC has all of the FSMO roles.  What is it about the dc's that could be causing thsi issue? I thought that you should be able to run the network if one of the dc's goes down without issue.  One thing that changed was the dc's were both physical servers but have been conerted to vm's.  Could that have anything to do with this issue?
0
Comment
Question by:NytroZ
  • 6
  • 5
  • 2
  • +2
15 Comments
 
LVL 9

Expert Comment

by:Aeriden
ID: 38845554
One quick thought, since not mentioned (and can make a dramatic difference): Make sure both DCs are running DNS and hosting the AD-integrated zone(s).  Have both servers reference the other server as a DNS provider in the network settings.  Make sure clients are assigned (handed out via DHCP or hardcoded, etc.) both servers for DNS.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 38845583
Having all the FSMO roles on one machine is not the cause of the issues you are having - indeed its generally better to have all the roles on one machine. I agree that DNS is more likely to be the issue. in addition to making sure that both machines are running DNS make sure the clients care configured with the addresses of both servers on as the preferred DNS server, the other as the alternate.
0
 
LVL 21

Expert Comment

by:dan_blagut
ID: 38847408
Hi
the dns could be the problem for users logon.
The exchange server has an specific configuration zone for ad . You should look if it talk with both or only a server. For two servers you can use even the manual configuration.
If the fsmo roles holder is offine some old apps can have some difficulty but only if required the pdc role. In rest you can have
0
 
LVL 21

Expert Comment

by:dan_blagut
ID: 38847414
Some problem adding user or computers
anyway if you have the 2dns on each computers the windows should switch to secondary server when the first is unavailable
sorry for posting in two pieces but my mobile phone is not so great
Dan
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 38850984
One DC has all of the FSMO roles.  What is it about the dc's that could be causing thsi issue? I thought that you should be able to run the network if one of the dc's goes down without issue.
Are you switching of the DC with the FSMO roles?
How long have you left the DC's off before testing?
Does the slow response resolve itself?

Remember, your DC's will still function, but with a missing PDCe you could find that the network takes a little longer to authenticate your users.

Primary and Secondary DNS switch over can take up to 15 minutes.

It is assumed that when you one DC fails, that you will move the FSMO roles too.
No FSMO roles running means that AD is not setup correctly.

A better test is to leave the DC with the FSMO roles online and shutdown the other DC.
Remember in a DR scenario, you would have to move the FSMO roles in order to pass your AD health checks. So don't bother testing while your server holding the FSMO roles are down as this can return some incorrect results/experiences
0
 

Author Comment

by:NytroZ
ID: 38851257
Current DNS setup:

DC1's preferred dns server is dc1 and its alternate is dc2.

DC2's preferred is dc1 and no alternate.
0
 
LVL 21

Expert Comment

by:dan_blagut
ID: 38851512
ALL DC must have itself as preferred and other as alternate.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 21

Expert Comment

by:dan_blagut
ID: 38851521
That can explain why the second server has stopped working when it was by itself.
0
 

Author Comment

by:NytroZ
ID: 38851628
I configured the DNS servers to point to themselves as primary and the other as the alternate.  No help.  The problem seems to be isolated to DC2.  If this server is not up then there is no authentication on the network even though DC1(which wsa the original DC on the network) is up and runnng.  With DC2 down(disabled), if I try to logon to the network it will not authenticate to DC1.  Instead it still shows its logonserver as DC2. I was told that DC1 was originally a physical server that was converted to a VM by a contracted IT firm.  They also think the vm was cloned to make DC2 but this can't be verified.  Is ther a way to force a workstation to logon to one dc over another?

C:\Users\torszula>set
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\torszula\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=C4HTIM
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\torszula
LOCALAPPDATA=C:\Users\torszula\AppData\Local
LOGONSERVER=\\DC2
NUMBER_OF_PROCESSORS=2
0
 

Author Comment

by:NytroZ
ID: 38851673
One thing I notice when I look at the SRV records is teh timestamp on DC1 is from 7/2009 while the timestamp on DC2 is current, 2/4/2013.

Does this mean anything?
0
 
LVL 21

Expert Comment

by:dan_blagut
ID: 38851796
The DC cloning is not a procedure. I see that one time, and that can't be happening on a true domain. (the two dc will have the same SSID , so you can't rename it)
one more thing to test is what is happening on the schema (ad schema)
there you can suggest to your wks to prefere one controler instead other if you can manage the sites, but only if you have more that one network.

Dan
0
 

Author Comment

by:NytroZ
ID: 38864131
I have recently been informed that the Exchange server also played the role of a domain controller and was demoted.   A new domain controller was created and the Exchange configuration points to that dc.  Now if that dc goes offline Exchange does as well.   I am curious if that could be part of the problem
0
 
LVL 26

Accepted Solution

by:
Leon Fester earned 250 total points
ID: 38864163
Please see my previous post about the PDC emulator role.
If that role-holder is not available then you can expect to see this behaviour.

Have a read through this blog by Microsoft MVP for better understanding of the impact of FSMO role being unavailable.
http://msmvps.com/blogs/acefekay/archive/2011/01/16/active-directory-fsmo-roles-explained.aspx

And yes, if your exchange server is pointing to a specific DC and that DC becomes unavailable then yes, your Exchange server will start having issues.
0
 

Author Comment

by:NytroZ
ID: 38864206
The DC that goes offlien and causes issues is not the PDCe.  Isn't Exchagne smart enough to find another DC if the oen it points to goes down?
0
 
LVL 21

Assisted Solution

by:dan_blagut
dan_blagut earned 250 total points
ID: 38864317
Well many things are related...
If the AD server refered by Exchange is down, Exchange is down for a while, and if the servers parametres are not on automatically it rest down.
If the DNS server configured in the exchange parameters is down, the Exchange is unable to contact the AD so is down and even if it can search another DC controller it will rest down because without DNS it can't search.
So DNS is very important in AD, the rest is fail-safe configuration.

Dan
0

Featured Post

Wish Marketing would stop bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

Join & Write a Comment

Learn about cloud computing and its benefits for small business owners.
Resolve DNS query failed errors for Exchange
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now