Issues with a domain controller running in a DR environment
Hi
We replicate our environment to a DR site every night using Veeam backup and replication 7 patch 1. In order to do our DR testing perform a failover, do our testing, then undo failover. In the past this has worked well, but trying to do a test now and it is becomming a nightmare, spent two full days trying to resolve, Really need to get a DR test in before EOY
We have two domain controllers, 1 virtual which we replicate and 1 physical which we do not.
Primary site is ESX 4.1
DR Site is ESXi 5.5
Veeam is configured correctly for replications, checked with Veeam support.
The issues we are having is
1) when booting the DC from the replica, no clients can login, they get an error saying "there are not domain controllers available......" login to the DC and try load ADUC, get errors "naming information cannot be located because: The specified domain either does not exist or could not be contacted"
2) doing anything on this VM only takes a very long time, login takes 15 mins, things like my computer etc take upto a minute to load etc, other VMs running at the DR are runing at expected speed (DR server / Storage is of HIGH spec)
3) The network on the DC is classed as unidentified, not domain.
We replicate our environment to a DR site every night using Veeam backup and replication 7 patch 1. In order to do our DR testing perform a failover, do our testing, then undo failover. In the past this has worked well, but trying to do a test now and it is becomming a nightmare, spent two full days trying to resolve, Really need to get a DR test in before EOY
We have two domain controllers, 1 virtual which we replicate and 1 physical which we do not.
Primary site is ESX 4.1
DR Site is ESXi 5.5
Veeam is configured correctly for replications, checked with Veeam support.
The issues we are having is
1) when booting the DC from the replica, no clients can login, they get an error saying "there are not domain controllers available......" login to the DC and try load ADUC, get errors "naming information cannot be located because: The specified domain either does not exist or could not be contacted"
2) doing anything on this VM only takes a very long time, login takes 15 mins, things like my computer etc take upto a minute to load etc, other VMs running at the DR are runing at expected speed (DR server / Storage is of HIGH spec)
3) The network on the DC is classed as unidentified, not domain.
ASKER
Yes it is a replica, Which is created using Veeam and is supported.
I am not replicating the DC2 however as it is a physical box.
I am not replicating the DC2 however as it is a physical box.
Ok I won't blow smoke never used this scenario. I'd just have another DC and have it replicate normally. If Primary goes down then DC2 is still there and working.
It will be interesting to see the ideas.
Thanks
Mike
It will be interesting to see the ideas.
Thanks
Mike
Is the subnet the same? This sounds like a DNS issue. If on the same subnet, possibly an ARP Cache issue or a change in IP address? For instance, the DNS client ooking for a DNS server at an address that currently doesn't exist.
ASKER
Sorry, I do have that scenario running
two DCs, one virtual, one physical, in production running fine
BUT part of our Disaster Recovery plan is to have all virtual machines replicated to our DR site every night, then in event of DR test, or disaster you can fire them up and use them
So, Im replicating DC1 only, each night using Veeam, but upon boot i am plagued with issues.
two DCs, one virtual, one physical, in production running fine
BUT part of our Disaster Recovery plan is to have all virtual machines replicated to our DR site every night, then in event of DR test, or disaster you can fire them up and use them
So, Im replicating DC1 only, each night using Veeam, but upon boot i am plagued with issues.
ASKER
Yes the subnet / network infrastructure is also replicated at the DR site, so all IP addressing etc remains the same, just in an isolated network obviously.
Probably a stupid question but where is the GC?
ASKER
I believe both the DCs are a GC
I'm confused. How does the virtual test machine run on an isolated network? Doesn't it need the physical DC to performe some roles?
You could test: How does the virtual machine run in the production environment WITHOUT the physcial DC connected? Do you get the same problems as in your test environment?
You could test: How does the virtual machine run in the production environment WITHOUT the physcial DC connected? Do you get the same problems as in your test environment?
ASKER
We have two DCs in our prod environment, One is virtual, one is physical, called DC1 (virtual) and DC2 (Physical) Now they replicate between each other fine and everything works fine.
Now, nightly, we use Veeam to perform a backup replication to another ESX server at a remote site on an isolated network.
Now, nightly, we use Veeam to perform a backup replication to another ESX server at a remote site on an isolated network.
So, does DC2 (physical), or a virtual copy of it, exist at the remote test site?
Perhaps I am misinterpreting replication... do you mean the whole server using virtualization, or just active director replication?
Perhaps I am misinterpreting replication... do you mean the whole server using virtualization, or just active director replication?
ASKER
Using virtualization replication, for DR use only.
No DC2 does not exist at remote site.
No DC2 does not exist at remote site.
What is the OS version of both domain controllers ?
Mahesh
Mahesh
I have a lot of questions to try to get a better idea of your environment...
When DC1 is brought online on the isolated DR network, does it retain the same IP address?
Does DC1 also run DNS services or is there another DNS server on that isolated network?
Do all the PC's on that isolated network point to the correct DNS server?
Does the DC1 point to the correct DNS server?
Is the isolated Network the same network address/subnets as your production?
When DC1 is brought online on the isolated DR network, does it retain the same IP address?
Does DC1 also run DNS services or is there another DNS server on that isolated network?
Do all the PC's on that isolated network point to the correct DNS server?
Does the DC1 point to the correct DNS server?
Is the isolated Network the same network address/subnets as your production?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The other aspect is one I know very little about which would be how the networking on the ESXi 5.5 is configured. A VLAN configuration assigned to the physical NIC's could interfere, or a misconfigured vSwitch. Or the NIC assigned to the DC is in on the Management Switch and not on the same vSwitch.
On the replicated DC in the virtual offsite environment do you still have Internet access? Once the DC finally boots and lets you get to a desktop can you hit google or any other websites? Can it also see any replicated virtualized workstations on the same ESXi host?
I can practically guarantee the issue is related to DNS but without hands-on I can't quite see the answer, unfortunately.
On the replicated DC in the virtual offsite environment do you still have Internet access? Once the DC finally boots and lets you get to a desktop can you hit google or any other websites? Can it also see any replicated virtualized workstations on the same ESXi host?
I can practically guarantee the issue is related to DNS but without hands-on I can't quite see the answer, unfortunately.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I've requested that this question be closed as follows:
Accepted answer: 0 points for wsc-it's comment #a39766596
for the following reason:
I was able to resolve this myself.
Accepted answer: 0 points for wsc-it's comment #a39766596
for the following reason:
I was able to resolve this myself.
If you could share exact issue ad resolution you done for knowledge sharing, it will be great
Mahesh
Mahesh
Did I not help find this resolution on my post "ID: 39726877" when I said "Something else you should know is who has the FSMO roles in your domain. I suspect that the replicated DC should have all these roles"?
/Steve
/Steve
ASKER
I was able to resolve this myself, as above
Thanks
Mike