Can't login into domain when 1 of the DCs is down?

Discussion in 'Server Migration' started by Research Services, Jul 20, 2004.

  1. We are a child domain in an AD forest.

    Until recently, we had 2 Windows 2000 DCs (native mode) configured as such:

    W2K DC1: RID & PDC FSMO and GC
    W2K DC2: Infrastructure FSMO

    We could take either one of these servers offline and clients would still be
    able to login to the domain as long as the other DC was up.
    Now in our migration to Windows 2003, we've brought up a new Windows 2003
    DC, now our configuration looks like:

    W2K DC1: GC
    W2K DC2: Infrastructure FSMO
    W2K3 DC3: RID & PDC FSMO and GC

    We've rebooted all 3 DCs several times since configuring them this way.
    Now, when DC1 is down, no one can log into the Domain - even though
    there are 2 other DCs available.
    Error messages on clients indicate that the Domain is not available.
    2 central Windows DNS servers "live" at the root of the forest, so we
    don't run DNS at the child domain level. Clients that had already been
    logged on to the domain during the period when DC1 was offline have no
    obvious DNS issues. DNS knowledge is either pushed down thru DHCP to XP
    clients (from the DC1 box) and member servers have the DNS info hard-coded
    staticly.

    Any ideas of what to look at? Thanks in advance!
     
    Research Services, Jul 20, 2004
    #1
    1. Advertisements

  2. Hello,

    Thanks for your posting here.

    Do you mean that the Windows 2003 DC is in the child domain and there is no
    DNS in the child domain? Can you ping the FQDN of the child domain DC?

    I would like to recommend that you set up DNS in the child domain and
    create a delegation for the child domain on the root DNS Server. Set all
    the clients point to the Please refer to the following document for the
    detailed information.

    255248 How To Create a Child Domain in Active Directory and Delegate the DNS
    http://support.microsoft.com/?id=255248

    Have a nice day!

    Regards,
    Bob Qin
    Product Support Services
    Microsoft Corporation

    Get Secure! - www.microsoft.com/security

    ====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    ====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Bob Qin [MSFT], Jul 21, 2004
    #2
    1. Advertisements

  3. What I meant was: Windows DNS services are running at the root of the AD
    Forest. Us, being a child domain, don't run DNS services as we point all of
    our clients and servers to look at the root DNS servers.
    We are only migrating our child domain to Windows 2003 and are having issues
    logging into our domain when DC1 (as listed below) is offline.
    Yes we can ping the FQDN of the child domain from within and from outside
    the child domain.
    Other child domains have successfully migrated their domains to Windows 2003
    without any extra "DNS" work.
    Are there particular SRV records I should verify the existence of? Or other
    DNS connectivity issues to check that might cause the issues we are seeing?
    Thanks for your help!
     
    Research Services, Jul 21, 2004
    #3
  4. Did you create a zone for the child domain one root DNS server?

    If so, the clients still cannot locate the DC in the child domain.

    Regards,
    Bob Qin
    Product Support Services
    Microsoft Corporation

    Get Secure! - www.microsoft.com/security

    ====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    ====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Bob Qin [MSFT], Jul 22, 2004
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.