Backup AD DC does not authenticate when the primary DC is down

Discussion in 'Active Directory' started by Jason Carter, Jun 20, 2005.

  1. Jason Carter

    Jason Carter Guest

    We had an AC unit go out this weekend and had to shut down our servers in one
    location. We have a one DC each in three locations connected via point to
    point T1 lines. When I shut down the DC in our primary location, I could not
    get logged into other servers to shut them down. A message came up saying
    that the domain could not be found. I was able to get the machines shut down
    using the local admin account, but I thought the loss of any one DC should
    not affect my ability to preform day to day domain functions, like logging
    in. All three servers are in the same AD "Site" and all three IP ranges in my
    network are associated with that AD Site. Is there some setting that I am
    missing?

    I did verify after logging in locally that the server could ping each of the
    other two domain controllers and could even use Remote Desktop to log into
    those machines.
     
    Jason Carter, Jun 20, 2005
    #1
    1. Advertisements

  2. I would start by verifying DNS is properly configured and working.
     
    Joe Richards [MVP], Jun 20, 2005
    #2
    1. Advertisements

  3. Jason Carter

    Alex Guest

    Are all 3 DCs configured to use AD Integrated-Zone DNS?

    Do the 3 members have alternate DNS IP addresses setup?
     
    Alex, Jun 20, 2005
    #3
  4. Jason Carter

    Jason Carter Guest

    Yes, all three use AD integrated zone dns. All three also have themselves
    listed as the primary DNS and one of the other DCs as the secondary.

    The clients that could not be authenticated were all test servers that only
    had the primary DC listed as the only DNS server. I have corrected that but
    will need to wait for a good time to test this out.

    So, this brings up another question. If the DNS servers that a client is
    pointing to are down, will the client not be able to log into the domain?
     
    Jason Carter, Jun 20, 2005
    #4
  5. this is basic ... is the other server configured as a Global Catalog?

    Andrei Ungureanu
    www.eventid.net
     
    Andrei Ungureanu, Jun 20, 2005
    #5
  6. Jason Carter

    Al Mulnick Guest

    DNS is a requirement for Active Directory. You must have DNS name
    resolution available for Active Directory to function correctly.
    Having multiple DNS servers specified, is a best practice and is highly
    advised for both your servers and your client machines.

    Al
     
    Al Mulnick, Jun 20, 2005
    #6
  7. Jason Carter

    Jason Carter Guest

    All three servers are global catalogs.

    Should I just list all the possible DNS servers with all the clients and
    servers to make sure they can log in if a DC goes down?
     
    Jason Carter, Jun 20, 2005
    #7
  8. yes. add all the DNS servers on all the clients.

    Andrei Ungureanu
    www.eventid.net
     
    Andrei Ungureanu, Jun 20, 2005
    #8
  9. Jason Carter

    Alex Guest

    So, this brings up another question. If the DNS servers that a client is
    DNS is needed in the process of locating the Domain Controller.
     
    Alex, Jun 21, 2005
    #9
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.