Domain controller is not available

On we have  two sites  and  both  sites  have DCs. DC on one site was down and no users we're able log in.
My impression was that users will be authenticated  via other site and domain controller.
What could be the reason the users we're not able to log in?
LVL 2
sara2000Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Michael MachieIT SupervisorCommented:
The two sites must be connected in order for that failover to occur. Are they connected via a tunnel or MPLS or in some other manner? If not, no immediate authentication will occur.
Are you able to ping and/ or RDP to the other DC?

If they are connected and accessible from both locations then either of them should have been able to authenticate Users for either location.
Will SzymkowskiSenior Solution ArchitectCommented:
There is no failover mechansim here... What you need to do is that if the DC in site 1 is down you need to point your clients in Site 1 to the DNS/DC server in Site 2. Once you have done that your users will be able to authenticate.

This is why it is a good idea to have atleast 2 DC's per site. If you cannot do that then when you need to do is add the DC from the preceeding site as a secondary DNS entry within the network adapter.

This means modifying your DNS entries for DHCP to hit all of the clients and manually doing this for all of the servers.

Example...
Site 1 = 192.168.1.3 (DC)
Site 2 = 192.168.2.3 (DC)

Site 1 Client  = PrimaryDNS - 192.168.1.3, Secondary 192.168.2.3
Site 2 Client = PrimaryDNS - 192.168.2.3, Secondary 192.168.1.3

With this configuration users will still be able to authenticate.

Now if you have Exchange in both Sites Exchange will not work with this scenario because it needs a read/write DC/GC in the site for it to work properly.

Will.
sara2000Author Commented:
Strange,  able to ping either way from site 1 to site 2 and tcp configuration with both site dns as alternative.
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Will SzymkowskiSenior Solution ArchitectCommented:
Yes that is good that you can PING the servers, that means there is Network communication present. This does not mean that your clients will use the alternate Site for DNS queries if it is not set in the DNS configuration on the client/server machines. You HAVE TO ADD it as a SECONDARY DNS IP for this to work, as i have illustrated in my first post.

Will.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sara2000Author Commented:
Waiting to test the all the above .
Will SzymkowskiSenior Solution ArchitectCommented:
Ok sounds good.

Will.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.