No announcement yet.

Bit of a weird AD question

  • Filter
  • Time
  • Show
Clear All
new posts

  • Bit of a weird AD question

    Hi I have 3 AD servers here all 2003 std r2 32bit

    2 are running within VMware and 1 is physical.

    The Physical is role holder for all the FSMO roles.

    My question is that the physical box is performing all the user logon/authentication requests and that seems to be a little strange that one of the others doesnt perform any of the authentication at all.

    My boss is a little worried about the AD and replication might have a problem but there is nothing in logs on any of the boxes.

    They are able to authenticate users as the VM ones are used for AD auth on the firewall for users connecting via VPN, plus they are both acting as DHCP and DNS servers for the internal users.

    Any ideas or suggestions would be greatly appreciated

  • #2
    Re: Bit of a weird AD question

    Either your site configuration is incorrect or the physical machine is simply the fasted to respond.

    If you run a dcdiag from your physical server to your virtual machines, what do you get?

    "dcdiag /server:%virtualmachinename%"

    i have seen that virtual machines usually use the virtual dc's as logon server.

    How to check the logon server:

    "set logonserver"
    Set-Location Malibu Beach



    • #3
      Re: Bit of a weird AD question

      I suspect Killerbe is right and the physical DC is responding quicker to the DC locator process.

      Also the client will cache the DC details so it doesn't need to perform the locator process for future logons.

      You say your virtual DC is performing authentication for your VPN users so I don't really think you have a problem here.

      If you desperately want to have your virtual DC perform logon requests for your LAN clients then you could always alter the weight of the SRV records, although I don't think this is neccessaryy but see here for details:



      • #4
        Re: Bit of a weird AD question

        Just for interest

        Seems, after much messing about with dcdiag and replmon that the 2 virtual machines USN numbers were out of sync.

        Easiest way to repair was to demote the 2 machines to member servers again and then promote back to DCs.

        We has a powercut about the time it all went wrong so I think that might have had something to do with it.

        Luckily I still had the physical server which was behaving to make the rebuild easy.

        Thanks for the input tho guys.


        • #5
          Re: Bit of a weird AD question

          Our office is located in the sticks and we are subject to frequent power-cuts. Each time one happened the servers freaked after being rebooted. We would see odd things happening.

          Get yourself a UPS. Worth their weight in gold. Keeps your servers happy.
          A recent poll suggests that 6 out of 7 dwarfs are not happy