Configure system to reference an alternate DC if LOGONSERVER cannot be contacted
We have a web server (WEB_HOSTED) and DC (DC_HOSTED) hosted by hosting.com. WEB_HOSTED hosts several sites which use Windows Authentication. This works well for us but every day or two these websites report they are unable to contact the DC (LDAP Server is Unavailable). The raw error is as follows. After 10-15 minutes the issue resolves itself without any intervention on our part.
We are working on identifying and resolving the root cause and happy if anyone had any suggestions. However in the meantime I would like to configure the WEB_HOSTED to connect to our DC located on our local network (DC_LOCAL) if it cannot successfully connect to DC_HOSTED. How can we achieve this?
All servers are Windows Server 2012 R2.
We are working on identifying and resolving the root cause and happy if anyone had any suggestions. However in the meantime I would like to configure the WEB_HOSTED to connect to our DC located on our local network (DC_LOCAL) if it cannot successfully connect to DC_HOSTED. How can we achieve this?
All servers are Windows Server 2012 R2.
Qlemo
Does the hosted site have access to your local domain at all? Are you talking about the same domain for hosted and local?
ASKER
Yes, I should have called that out. While they are physically separate and have different subnets, they are the same domain and there is a link in place so they are available on the network to one another.
If the DCs are replicating, DC info should be in DNS, and failover taking place already (after a short timeout) for each client. If you used AD Sites and Services to define preferences, which I assume to allow local traffic to stay local, check there for both sites/subnets.
ASKER
Thanks Qlemo. Yes, the DCs are replicating every 20 minutes.
Unfortunately I'm not a proper network guy and have inherited this problem. Would you have screenshot or link to follow so I can educate myself on what I should be looking for specifically?
Unfortunately I'm not a proper network guy and have inherited this problem. Would you have screenshot or link to follow so I can educate myself on what I should be looking for specifically?
Sorry no, I don't have a distributed domain available. Just look into the Sites and Services if you can see both subnets and both DCs.
Who set up the whole config?
Who set up the whole config?
ASKER
Does look right to you? The Ip addresses for our local (Boca) and hosted (Hosting) are correct:
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The thing is when these outages occur I have logged into WEB_HOSTED and ping both DCs; DC_LOCAL) and DC_HOSTED. Would you expect that to work if the issue was DNS-related?
When the next outage occurs can you think of any tests I could run on the web server to try and pinpoint what is failing?
When the next outage occurs can you think of any tests I could run on the web server to try and pinpoint what is failing?
If name resolution works, the DCs are pingable, then probably the LDAP port is not reachable - which would be strange. Doing a telnet DC_HOSTED 389 should show if the port is reachable (if the screen goes black, and typing something terminates the connection).
On DC_HOSTED I would look both into the event log (after the fact), and run netstat -an in a DOS prompt to get a feeling whether there is something going on with the ports, e.g. to many TIME_WAIT or open connections.
On DC_HOSTED I would look both into the event log (after the fact), and run netstat -an in a DOS prompt to get a feeling whether there is something going on with the ports, e.g. to many TIME_WAIT or open connections.
ASKER
Thanks..I'll give that a go when it next fails.
I've been thinking about your comment re auto-managed zones and had a final question. In the image below I call out the local and remotely hosted sites. In the hosted group there is only a single DC; DC07. If that goes down we would want DC01 to be contacted. Would there need to be a config for this or should it just nab DC01 or DC03 from the local site automatically as-is?
I've been thinking about your comment re auto-managed zones and had a final question. In the image below I call out the local and remotely hosted sites. In the hosted group there is only a single DC; DC07. If that goes down we would want DC01 to be contacted. Would there need to be a config for this or should it just nab DC01 or DC03 from the local site automatically as-is?
It should switch over without manual intervention, as that is one of the purposes of setting up Site and Services. But I cannot tell for sure.
ASKER
This hasn't fixed our issue but we will now focus on getting the fail-over working properly which may help us work out the LDAP connectivity issue we have.