Announcement

Collapse
No announcement yet.

DC failover questions

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • DC failover questions

    We have 4 domain controllers at our main office, 2 on site, 2 at a CO-LO. I had previously thought that DCs were chosen by distance, but apparently a lot of our users are connecting through the co-location at times.

    How are DCs chosen when a user authenticates? Is it completely random?

    Is there any way to set this up where users only connect to DCs 1&2 and have 3&4 kick in only if 1&2 both fail? Or better yet, have corporate users only connect to 1&2 and colo users only connect to 3&4, with the DCs failing over to each other if both fail on either side.

    We do not want to set up any additional domains to do this.

  • #2
    Re: DC failover questions

    Are the DC's all in the same site in Active Directory Sites and Services? If so, that is the problem. You need to create sites for each network in order for clients to log into the DC closest to them (a DC in the same site).

    Comment


    • #3
      Re: DC failover questions

      Nope, DCs 1&2 are under our primary site, DCs 3&4 are under Colo.
      Last edited by f21; 16th May 2008, 20:54. Reason: typo

      Comment


      • #4
        Re: DC failover questions

        Are the sites using the same RFC1918 address space separated by different NAT addresses?

        Comment


        • #5
          Re: DC failover questions

          We are under the same private address space, I'm not too sure about the second part of your question.

          Comment


          • #6
            Re: DC failover questions

            Originally posted by f21 View Post
            Nope, DCs 1&2 are under our primary site, DCs 3&4 are under Colo.
            did you add the subnets in Site and services and attaching the subnets to the relevant sites?

            Comment


            • #7
              Re: DC failover questions

              It would seem to me that if Site1 is using 192.168.1.0/24 (for example) and Site2 is also using 192.168.1.0/24 then how will the clients know which site they are in? The Site and Subnet are written to the client registry and that is what the client uses to determine what site it is in and therefore which DC to contact. If you are using the same RFC1918 subnet address in both sites then the client will think that all DC's are in the same site that it is in.

              Can anyone else verify my assumption?

              Comment


              • #8
                Re: DC failover questions

                Originally posted by joeqwerty View Post
                It would seem to me that if Site1 is using 192.168.1.0/24 (for example) and Site2 is also using 192.168.1.0/24 then how will the clients know which site they are in? The Site and Subnet are written to the client registry and that is what the client uses to determine what site it is in and therefore which DC to contact. If you are using the same RFC1918 subnet address in both sites then the client will think that all DC's are in the same site that it is in.

                Can anyone else verify my assumption?
                you are pretty much right.

                f21:
                could you please tell us what IP addresses you use in your main office and what IP Addresses you use in colo?
                that would be a simple question rather then mixing him up with RFC questions
                Last edited by Akila; 16th May 2008, 21:40.

                Comment


                • #9
                  Re: DC failover questions

                  Each site falls under a different subnet and VLAN. The subnets are defined correctly under ADSS.

                  Comment


                  • #10
                    Re: DC failover questions

                    Think it's solved. A handful of our newest subnets were not listed anywhere. Went back through older logs and the users who were appearing earlier seem to be primarily from these subnets.

                    Comment


                    • #11
                      Re: DC failover questions

                      Do you have a reverse lookup zone in DNS for each subnet? Maybe that's the problem.

                      Comment


                      • #12
                        Re: DC failover questions

                        Yep we do, but I'm fairly certain that wasn't the issue. We recently moved several departments to different buildings and created new subnets for them. I guess I neglected to add them into ADSS so they weren't assigned to any site at all. I was only looking at the older subnets, and didn't notice until I checked the evt logs again.

                        Comment


                        • #13
                          Re: DC failover questions

                          Glad you got it figured out.

                          Comment


                          • #14
                            Re: DC failover questions

                            for more details on how to locate orphaned subnets, you can go over the netlogon.log in windows\debug on the DC.
                            there you will find Subnets that do not belong to any site.

                            Comment


                            • #15
                              Re: DC failover questions

                              Originally posted by joeqwerty View Post
                              Do you have a reverse lookup zone in DNS for each subnet? Maybe that's the problem.
                              Reverse lookup is not required for proper AD operation.
                              Guy Teverovsky
                              "Smith & Wesson - the original point and click interface"

                              Comment

                              Working...
                              X