Announcement

Collapse
No announcement yet.

secondary DC quetions

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • secondary DC quetions

    We have only one location, with two DC, both on win 2000 sp4,
    Last week I ran the update on secondary DC and then restarted it thinking that primary is still there and no one should be affected, but to my surprise two users called me up saying that their outlook is asking for password and it appear to me that they have lost the connection to the domain, one user also complain about not able to access our intranet which has background connection to SQL server.

    Is there any way to find out which computer or users connects which DC?

    Isn't it true that when one DC fails other take over? our primary DC with GC was still on and there should not be any problem, I am puzzled.

  • #2
    secondary DC quetions

    We have only one location, with two DC, both on win 2000 sp4,
    Last week I ran the update on secondary DC and then restarted it thinking that primary is still there and no one should be affected, but to my surprise two users called me up saying that their outlook is asking for password and it appear to me that they have lost the connection to the domain, one user also complain about not able to access our intranet which has background connection to SQL server.

    Is there any way to find out which computer or users connects which DC?

    Isn't it true that when one DC fails other take over? our primary DC with GC was still on and there should not be any problem, I am puzzled.

    Comment


    • #3
      Re: secondary DC quetions

      I understand it was during the time of the DC Restart you are talking about, is that correct?

      Comment


      • #4
        Re: secondary DC quetions

        Basic rules of thumb:

        1) You need the client to be able to find the DC (DNS/broadcast/WINS), which in most cases means that the client has to have at least 2 DNS servers configured (assuming MS DNS on DCs)
        2) You need at least one of the DCs that are alive to be Global Catalog (the requirement con be disabled via reg key or GPO setting)

        To make it simple:

        1) Make sure both DCs are running DNS
        2) Make sure both DCs are GCs
        3) Make sure the clients have both DNS servers configured in their TCP/IP settings
        Guy Teverovsky
        "Smith & Wesson - the original point and click interface"

        Comment


        • #5
          Re: secondary DC quetions

          1. You can use "set" command and find the logon server.

          2. You need to verity that eacf DC = GC = DNS and users/servers set to use two
          of this servers as DNS servers.

          3. http://support.microsoft.com/kb/247811
          Best Regards,

          Yuval Sinay

          LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

          Comment


          • #6
            Re: secondary DC quetions

            Thanks for reply,

            Both my DC have DNS on them, secondary DC is also DHCP, could this be a problem? I had restarted the secondary DC and there was no DHCP available during that time,
            Here is the event viewer log

            The Security System detected an attempted downgrade attack for server HTTP/server1.toronto. The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.

            The time provider NtpClient was unable to find a domain controller to use as a time source. NtpClient will try again in 15 minutes.

            Is it possible that computer will loose the lease when DHCP is down?

            Here is one more event

            Your computer has automatically configured the IP address for the Network Card with network address 00065B5E9408. The IP address being used is 169.254.43.188.

            Comment


            • #7
              Re: secondary DC quetions

              Hi,

              It clearly shows here that client has got the IP from APIPA not from a DHCP. As you were not having the proper IP so you will not be able to talk to the NTP server.

              Regards,
              Kapil Sharma
              Kapil Sharma
              ~~~~~~~~~~~~~
              Life is too short, Enjoy It.

              Comment


              • #8
                Re: secondary DC quetions

                the computer where outlook was asking for username and password when I restarted the Secondary DC has the following error at that time

                Time Provider NtpClient: The response received from domain controller dcold.TORONTO is missing the signature. The response may have been tampered with and will be ignored"

                It looks like once this machine lost the connection with the sec DC it did not resync with Primary DC. I don't know why.

                On My computer I got 169.x.x. IP when I restarted Secondary DC which is also a DHCP server, very strange cause I thought once the computer has lease it should be OK even without DHCP.

                Comment

                Working...
                X