Bit of a weird AD question

This topic contains 4 replies, has 4 voices, and was last updated by Avatar Hanley 9 years, 11 months ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • Avatar
    g7rpo
    Member
    #145587

    Hi I have 3 AD servers here all 2003 std r2 32bit

    2 are running within VMware and 1 is physical.

    The Physical is role holder for all the FSMO roles.

    My question is that the physical box is performing all the user logon/authentication requests and that seems to be a little strange that one of the others doesnt perform any of the authentication at all.

    My boss is a little worried about the AD and replication might have a problem but there is nothing in logs on any of the boxes.

    They are able to authenticate users as the VM ones are used for AD auth on the firewall for users connecting via VPN, plus they are both acting as DHCP and DNS servers for the internal users.

    Any ideas or suggestions would be greatly appreciated

    Avatar
    Killerbe
    Member
    #306016

    Re: Bit of a weird AD question

    Either your site configuration is incorrect or the physical machine is simply the fasted to respond.
    http://support.microsoft.com/kb/247811

    If you run a dcdiag from your physical server to your virtual machines, what do you get?

    “dcdiag /server:%virtualmachinename%”

    i have seen that virtual machines usually use the virtual dc’s as logon server.

    How to check the logon server:

    “set logonserver”

    Avatar
    Hanley
    Member
    #354117

    Re: Bit of a weird AD question

    I suspect Killerbe is right and the physical DC is responding quicker to the DC locator process.

    Also the client will cache the DC details so it doesn’t need to perform the locator process for future logons.

    You say your virtual DC is performing authentication for your VPN users so I don’t really think you have a problem here.

    If you desperately want to have your virtual DC perform logon requests for your LAN clients then you could always alter the weight of the SRV records, although I don’t think this is neccessaryy but see here for details:

    http://technet.microsoft.com/en-us/library/cc778225(WS.10).aspx

    Hanley

    :smile:

    Avatar
    g7rpo
    Member
    #346304

    Re: Bit of a weird AD question

    Just for interest



    Seems, after much messing about with dcdiag and replmon that the 2 virtual machines USN numbers were out of sync.

    Easiest way to repair was to demote the 2 machines to member servers again and then promote back to DCs.

    We has a powercut about the time it all went wrong so I think that might have had something to do with it.

    Luckily I still had the physical server which was behaving to make the rebuild easy.

    Thanks for the input tho guys.

    Blood
    Blood
    Moderator
    #335468

    Re: Bit of a weird AD question

    Our office is located in the sticks and we are subject to frequent power-cuts. Each time one happened the servers freaked after being rebooted. We would see odd things happening.

    Get yourself a UPS. Worth their weight in gold. Keeps your servers happy.

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.