Solved

Server 2012 R2 Strange DC Behaviour

Posted on 2014-10-08
2
293 Views
Last Modified: 2014-10-08
We are getting some strange behavior on our primary server.

Server Background:
Server 2012 R2, DC, File Server, Hyper-V host
Hosts around 10tb of data which is DFSr'd to 2 oversea servers
Hosts an Exchange VM plus an assortment of application VMs

Issue:
Works fine after reboot for around 2 weeks, after this the first issue noticed is that we can't RDP to the box. Sits for ever on applying group policies. A reboot resolves the issue, however today out of luck, I was logged on when one of the other techs complained they could not get on.

All end user services seem unaffected, Everyone can access the shares, log on, all the VMs are still running.

The first thing I check is group policies: gpresult /h gp.html - This has now locked up (or taking a long time, has been an hour)
Event viewer is uninformative except for the <GPClient> is taking a long time for operation Logon.

Went to check the status of GPO sync. GPO Manager hangs.

I check GPO sync from our backup DC and everything is in sync. Ironically, when I forced the GPO Manager to user the main DC it still works fine from that box.

I open Hyper-V manager on an unrelated issue, and can not connect to Hyper-V server, yet VMs are running ok.

I attempt to use Hyper-V manager on the backup DC to open the main server, but it won;t connect to the main server. No error, just nothing.

I goto check on services, Get an hourglass for half a second, then nothing. Again no error, just nothing. - Update, in the time it took me to write this, the services window came up.

Task manager looks healthy enough, no run-away tasks that can be seen.

I'm after 1 of 2 options at this stage. Since I know a reboot solves it for a while, something somewhere has hung. If I can find that bit, maybe I can restart it without having to restart the entire server.

Or 2, actually fixing the issue.

Any idea guys on where to start?
0
Comment
Question by:Wargameskhaine
2 Comments
 
LVL 57

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 40369820
This is very common when ADDS and Hyper-V are installed on the same OS. Simple resource contention and eventually it just falls over.

Hyoer-V should *always* (without exception!) be isolated if you are going to run it. All other roles should be in VMs or on other servers.
0
 

Author Closing Comment

by:Wargameskhaine
ID: 40369823
Thanks Cliff,

I've done some research and it appears you are spot on! In addition to other security matters. Since we have other DC's at this site I believe that I'll have to reboot to return to a normal state, then DC Promo the Hpyer-V box out of the domain, which will likely solve the problem moving forward.

A link for future readers:
http://www.altaro.com/hyper-v/reasons-not-to-make-hyper-v-a-domain-controller/

Regards,

Allan
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
In-place Upgrading Dirsync to Azure AD Connect
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question