Announcement

Collapse
No announcement yet.

Logon in event of DC Failure

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Logon in event of DC Failure

    I am wondering about computer authentication and user authentication when a DC fails if you have more than one DC? If I have 2 DC's and both are GC's as well, along with both being DNS servers also. The computers and users will authenticate to one of those DC lets just say a user and computer authenticate to DC1. if DC1 fails does that computer have to re authenticate to DC2 or is the authentication done on the domain level where the authentication is replicated or monitored by the other DC so it know that computer is ok?

  • #2
    Re: DC Failure

    I think this is more suited in the Active Directory Forum,

    Providing the machines are configured with both DNS servers and both DCs are also GC (which stores partial replicas of all AD partitions, inc User, computer object info) there should be authentication to the domain resulting in a successful logon.
    Caesar's cipher - 3

    ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

    SFX JNRS FC U6 MNGR

    Comment


    • #3
      Re: DC Failure

      There's a few factors at play here but good luck finding the right answer.

      Kerberos tickets and the authenticating DC get cached and authentication gets flakey when DCs fail in the middle of all that.

      Comment


      • #4
        Re: DC Failure

        Moved to AD forum.

        The logon process works by the computer contacting an available DC and asking for a ticket.
        Once that ticket is granted, it is presented to servers and acts as credentials. When the ticket expires, the process repeats.

        If a DC is not available, another will be contacted, first in the same site and then in other sites. Only if this fails will cached credentials be used.
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment

        Working...
        X