Multiple DCs but can't login if FSMO role holder is offline

Discussion in 'Active Directory' started by Just Askin, Jan 14, 2008.

  1. Just Askin

    Just Askin Guest

    I should probably know this.

    In a Windows 2003 network with multiple DCs and AD integrated DNS servers
    why would one be unable to login if the FSMO role holder is down? All ADs are
    Global Catalog Servers.

    As soon as the FSMO role holder is back up logins and Exchange behave

    Just Askin, Jan 14, 2008
    1. Advertisements

  2. What is the error they get when trying to log in?

    Danny Sanders, Jan 14, 2008
    1. Advertisements

  3. Just Askin

    Just Askin Guest

    Thanks for the reply.

    No error. Logins and Outlook hang until the DC is back. I see this primarly
    when rebooting the DC so it's normally never more than a few minutes.

    What behavior should I expect?
    Just Askin, Jan 14, 2008
  4. No error. Logins and Outlook hang until the DC is back.

    Is this DC a DNS server? If so is it the preferred DNS server on the

    Danny Sanders, Jan 14, 2008
  5. Just Askin

    JBP Guest

    Is the server you are rebooting is DNS, DHCP, WINS? then it is expected.
    JBP, Jan 14, 2008
  6. Just Askin

    Ryan Hanisco Guest

    Hi Just,

    As Danny is implying, this problem is usually an issue with DNS and is not
    the expected behavior in a well-configured domain. In a domain you will
    generally have more than one domain controllers. In a smaller domain that is
    not handling thousands of clients and many sites, you will generally have
    all of the domain controllers running AD Integrated DNS and, if there is only
    one domain, all GCs.

    In this configuration, you would want to make sure that every DHCP scope was
    handing out a primary DNS server and a backup. This means that when one is
    not available, another one should be able to pick up the load and will keep
    the clients humming along.

    In a special case where the PDCe is unavailable, some services will lag and
    you will have issues with password changes, GPO changes and the like, but
    this is easily fixed by repairing the DC or moving the FSMO role until
    service is restored.

    If you are sure that your clients have the correct DNS and that they are
    able to find other servers, you might look at the SRV records in the DNS and
    the configuration of your sites vs subnets. If there is a mismatch here, you
    can see huge timeouts as the workstations try to negotiate which site they
    should be talking to -- they don't always make the best choice if the sites
    aren't well planned.

    Hope this helps to clarify.
    Ryan Hanisco
    MCSE, MCTS: SQL 2005, Project+
    Chicago, IL

    Remember: Marking helpful answers helps everyone find the info they need
    Ryan Hanisco, Jan 15, 2008
  7. Hello Just,

    Outlooks hang because the DC is set in Recipients update service from Exchange
    system manager. So if this DC is down user can not authenticate for the mailbox.

    Best regards

    Meinolf Weber
    Meinolf Weber, Jan 15, 2008
  8. Just Askin

    Yasen Guest

    Yasen, Mar 14, 2008
  9. Just Askin

    Saral6978 Guest

    You know, I figured this was sort of known behavior. This happens to me
    as well and has always happened to me in the various networks I have worked
    in whenever the DC with all the roles is shut-down, or at least the one that
    holds the Schema Master role. If there is a fix to this behavior, that would
    be helpful to know. I have no problems with replication or anything, and
    I've run the tools before with no problems found.
    Saral6978, Mar 14, 2008
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.