Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

2 DC's - first one down no one can logon - why? 1

Status
Not open for further replies.
1665

1665

Technical User
Mar 19, 2003
119
GB
Hi, in my test environment I have 2 DC's however if the first one is turned off no one can logon - why? I thought the 2nd one should take over?
 
Sort by date Sort by votes
The first thing to check is if the first server is also the DNS server, then that is the problem. AD relies on DNS, so if DNS is unavailable then things that require access to AD (such as logging on) can have problems.
 
Upvote 0 Downvote
But my second DC has DNS on it to and it is everyones alternative DNS....is this no good?

Andy
 
Upvote 0 Downvote
First Server probably had the PDC emulator FSMO role. Look up seizing FSMO roles from crashed servers on MS site. Need to transfer the roles the first server held to the second server and all should be good.

Z
 
Upvote 0 Downvote
Can only one DC have the FSMO roles, all I want to achieve is fault tolerance, if one DC goes down the 2nd one takes over - possible?
 
Upvote 0 Downvote
No it is not possible to have failover for the FSMO roles. There are 5 roles, different DC can have one or more of the roles. But if a DC goes down that hosts a FSMO role, you have to manually seize and move the role to another DC.

HTH,

Z
 
Upvote 0 Downvote
If i remember correctly the pdc emulator is only important with down level clients like NT4 boxes and password changes for those clients.

Might want to try setting your second server up as a Global Catalog server also. That might be part of it.
 
Upvote 0 Downvote
We had the same problem. Setting the other one up as a second Global Catalog fixed it.
 
Upvote 0 Downvote
Yes, you can live without most FSMO roles for a few days at least. The problem is most likely the global catalog.

If you have a native mode domain, a global catalog is a requirement for logon. This is because your authenticating DC must contact a GC to enumerate your group membership and check for universal groups. If the authenticating DC is unable to contact a GC, it cannot verify your group membership, and will deny you access.
 
Upvote 0 Downvote
Can I put the GC on our other DC for fault tolerance, so we have 2?

S
 
Upvote 0 Downvote
Go into Active Directory Sites and Services...expand your site, find the DC that you would like to add the GC role to...expand the server and expand the NTDS settings. Right click the NTDS connection and choose properties. There will be a check box for making the server a Global Catalog.

(I don't have a DC in front of me to verify these steps, but I am pretty sure that I am close.) Else, view help on Windows 2000/2003 for Global Catalog.

-I hope this helps..

Joseph L. Poandl
MCSE 2000

If your company is in need of experts to examine technical problems/solutions, please check out (Sales@njcomputernetworks.com)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
222
microsGuy16
microsGuy16
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
134
ADB100
ADB100
Theo2k
  • Locked
  • Question
RDS 2016
Replies
0
Views
173
Theo2k
Theo2k
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
292
suncit
suncit
maybeimaleo
  • Locked
  • Question
Can SMTP Be Migrated From 2008 R2 to 2019?
Replies
1
Views
107
maybeimaleo
maybeimaleo

Part and Inventory Search

Sponsor

Back
Top