Announcement

Collapse
No announcement yet.

Domain Controllers Abrupt Restart and login issue

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Domain Controllers Abrupt Restart and login issue

    I have a AD domain with two domain controllers PDC & BDC in same subnet running on 2008 R2.

    We need to carry out a abrupt shutdown/restart test of both domain controllers and clients/switches etc.

    When I do that (after abrupt restart)

    1) I can not login to domain from client PC (both DC's are fully up). I found that I can not ping by hostnames (any system).

    2) From PDC -> AD Users & Computers -> Connect to BDC. The error is
    the following domain controller cannot be contacted.... the server is not operational

    The only way to resolve this issue is again rebooting the domain controllers gracefully.

    What is causing this issue?

  • #2
    Initializing AD on the Domain Controllers is dependent upon DNS and the timing of the network stack. You shouldn't expect things to work right out of the gate after a hard simultaneous power cycle of both DC's. This usually straightens itself out after a number of minutes but TBH, you ought to be doing graceful shutdowns and restarts of the DC's one at a time.

    Additionally, you need to make sure your DC's DNS client settings are configured correctly to reduce the likelihood and duration of this issue if it does happen:

    Each DC should use it's partner DC for primary DNS. Each DC should use itself for secondary DNS. Each DC should use 127.0.0.1 for tertiary DNS.

    Comment


    • #3
      I understand your point. But unfortunately I need to demonstrate this to my customer. If I can show some Microsoft links related to this, he will be convinced.

      Also you have put an interesting point below
      Each DC should use it's partner DC for primary DNS. Each DC should use itself for secondary DNS. Each DC should use 127.0.0.1 for tertiary DNS.
      Why should I put 127.0.0.1 for tertiary DNS?

      Comment


      • #4
        Why should I put 127.0.0.1 for tertiary DNS?

        Because that is Microsoft's best practice. If you run the Best Practices Analzyer for AD DS and DNS on your Domain Controllers this will be pointed out.

        Comment


        • #5
          Also, because the IP address assigned to any adaptor is registered with DNS. If DNS goes bad, you can potentially not be able to resolve any address including your own (e.g. if the network stack has not fully loaded). But, if you use the loopback address 127.0.0.1 you guarantee the server being able to reference itself for DNS. 127.0.0.1 always refers to 'this adaptor' and does not rely on DNS resolution. Hence, if something weird happens with DNS, it can potentially be fixed if the DC can look at itself without the need to go out on the network.

          Which leads onto why you should gracefully restart DNS servers, one at a time. If both servers are off at the same time, there is no DNS server available to use as a reference (unless you use the 127.0.0.1 as Joe suggests). But, even so, you will experience problems if you restart everything at the same time. Leave it long enough and the domain will eventually become accessible but you will have myriad warning and critical events in the system and event logs - and the time wasted going through them.
          A recent poll suggests that 6 out of 7 dwarfs are not happy

          Comment

          Working...
          X