Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

why does loss of one DC stop all AD clients

Status
Not open for further replies.
bookouri

bookouri

IS-IT--Management
Feb 23, 2000
1,464
US
We have one forest/domain with three 2008r2 DC's. DC1 has all roles. DC1, DC2, DC3 are all global catalog holders. Each DC is running DNS service. All the dns servers replicate with each other. Clients are mostly XPPro with some Win7Pro. The clients are configured to look to one of the three DC's for their primary dns and to another DC for secondary DNS.

For some reason, if DC2 is shut down every client is cut off from everything. Nobody can log on.. any attempt to log any machine on to the domain gets a "no logon servers available" error. Either of the other DCs can be shut down and nothing happens. But when DC2 is shut down no client can get to anything internal or on the internet and nobody can log on. Any attempt to ping or tracert from any machine to anywhere just dies. It doesnt hit the gateway or anything but just dies.

There is nothing odd about DC2 that I can find except that it IS a hyperv machine rather than a physical machine. Any errors in the event logs have been researched and nothing similar to what we are experiencing found. Basically if DC2 goes down the entire forest/domain is dead.

Does anybody have any suggestions about what might be going on?

 
Sort by date Sort by votes
Any attempt to ping or tracert from any machine to anywhere just dies. It doesnt hit the gateway or anything but just dies.
Click to expand...

I'm not sure what you mean by "just dies". Does it fail to resolve the name to an IP address? Can you still ping by IP instead of name? Is DC2 the server that is listed as the primary DNS server on your clients (via DHCP/whatever)? Is DC2 performing any sort of routing for your network?

What happens when you run a DCDIAG on each of the DCs? Do you know for a fact that they are replicating with each other successfully? Do all three DCs show up in AD Users and Computers?

Regarding the virtual DC (DC2), has someone ever taken a snapshot/checkpoint of it in Hyper-V, then reverted that snapshot? This would virtually guarantee that your directory gets corrupted in ways that you may not even notice for quite some time.

________________________________________
CompTIA A+, Network+, Server+, Security+
MCTS:Windows 7
MCSE:Security 2003
MCITP:Server Administrator
MCITP:Enterprise Administrator
MCITP:Virtualization Administrator 2008 R2
Certified Quest vWorkspace Administrator
 
Upvote 0 Downvote
never been any hyperv snapshots as far as i know.

dcdiag does not report any problems on any of the dc's

all three show up in Users and Computers and we have verified that clients are being authenticated by all three dcs and they seem to all function properly

im not sure about pinging an ip.. i would say that i tried pinging ip AND names and neither one worked, but i can't swear to it at this point.

some clients have dc2 as their primary and some do not. The problem occurs with all workstations no matter what their primary dns is.

 
Upvote 0 Downvote
If you are unable to ping by IP or name, then I would think that the DC2 server is also performing some sort of routing functionality, in which case this would be the expected behavior.

One other thought that came from another thread...are your DNS severs pointing at themselves for the primary DNS server or are they pointing to another DNS server? You might want to run the Best Practice Analyzers for both Active Directory and DNS on your three DCs (as well as any other roles that they may hold).

In addition to running DCDIAG, try a NETDIAG as well. In fact, if you could run both commands from one of the other DCs while the DC2 server is down, you'll probably see the issue pretty quickly.

________________________________________
CompTIA A+, Network+, Server+, Security+
MCTS:Windows 7
MCSE:Security 2003
MCITP:Server Administrator
MCITP:Enterprise Administrator
MCITP:Virtualization Administrator 2008 R2
Certified Quest vWorkspace Administrator
 
Upvote 0 Downvote
i have made the changes to the dc dns settings to point them to another dns server etc...

i'll be doing some dcdiag and netdiag now to see if anything comes up.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
542
suncit
suncit
DrB0b
  • Locked
  • Question
Hybrid on prem AD with Azure AD
Replies
2
Views
217
DrB0b
DrB0b
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
768
gbaughma
gbaughma
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
464
DrB0b
DrB0b
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
370
DTGMI
DTGMI

Part and Inventory Search

Sponsor

Back
Top