RE: [ActiveDir] DC not failing over in single domain environment
Are both DCs GCs as well? I believe that they both need to be so if you want them to failover for Exchange. -Original Message- From: Robert N. Leali [mailto:[EMAIL PROTECTED] Sent: Friday, February 25, 2005 3:11 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] DC not failing over in single domain environment I have a single domain, multi-site environment, Windows server 2003 standard version. I have two DC's sitting on the same subnet that are replicating to each other and both are Global Catalog Servers. When one of the DC's go down, users loose access to resources (i.e. Exchange 2003 can't look up address book, IE can't get web pages through authenticated ISA 2000, etc.). Basically, the LDAP queries seem to be failing. My guess is that the DC's are not registered properly in the DNS as the clients can't find the failover DC when one fails. I found a Group policy that seems to solve the problem under Computer Configuration - Administrative Template - System - Net Logon - DC Locator DNS - Dynamic Registration of the DC Locator DNS records - not configured. My questions is am I on the right track here? if so, is there a KB article that shows proper configuration or does anyone have some recommended settings for the above scenario? If I'm not on the right track, where would you look next? DCDIAG and NetDiag are showing all tests as passed. The only one with additional information is DNS test . . . . . . . . . . . . . : Passed PASS - All the DNS entries for DC are registered on DNS server '172.17.4.22' and other DCs also have some of the names registered. PASS - All the DNS entries for DC are registered on DNS server '172.17.4.2' and other DCs also have some of the names registered. Any help, advice and thoughts are greatly appreciated. Robert The information contained in this e-mail transmittal, including any attached document(s) is confidential. The information is intended only for the use of the named recipient. If you are not the named recipient, you are hereby notified that any use, disclosure, copying, or distribution of the contents hereof is strictly prohibited. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] DC not failing over in single domain environment
Yes, they both are GC's. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carerros, Charles Sent: Friday, February 25, 2005 3:14 PM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] DC not failing over in single domain environment Are both DCs GCs as well? I believe that they both need to be so if you want them to failover for Exchange. -Original Message- From: Robert N. Leali [mailto:[EMAIL PROTECTED] Sent: Friday, February 25, 2005 3:11 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] DC not failing over in single domain environment I have a single domain, multi-site environment, Windows server 2003 standard version. I have two DC's sitting on the same subnet that are replicating to each other and both are Global Catalog Servers. When one of the DC's go down, users loose access to resources (i.e. Exchange 2003 can't look up address book, IE can't get web pages through authenticated ISA 2000, etc.). Basically, the LDAP queries seem to be failing. My guess is that the DC's are not registered properly in the DNS as the clients can't find the failover DC when one fails. I found a Group policy that seems to solve the problem under Computer Configuration - Administrative Template - System - Net Logon - DC Locator DNS - Dynamic Registration of the DC Locator DNS records - not configured. My questions is am I on the right track here? if so, is there a KB article that shows proper configuration or does anyone have some recommended settings for the above scenario? If I'm not on the right track, where would you look next? DCDIAG and NetDiag are showing all tests as passed. The only one with additional information is DNS test . . . . . . . . . . . . . : Passed PASS - All the DNS entries for DC are registered on DNS server '172.17.4.22' and other DCs also have some of the names registered. PASS - All the DNS entries for DC are registered on DNS server '172.17.4.2' and other DCs also have some of the names registered. Any help, advice and thoughts are greatly appreciated. Robert The information contained in this e-mail transmittal, including any attached document(s) is confidential. The information is intended only for the use of the named recipient. If you are not the named recipient, you are hereby notified that any use, disclosure, copying, or distribution of the contents hereof is strictly prohibited. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] DC not failing over in single domain environment
I don't know about ISA but Exchange (and Outlook) doesn't failover at the drop of a hat, I have seen it take 15-30 minutes to finally kick over. Some outlook clients actually have to be shut down and restarted to pick up a new DC. I would doublecheck to make sure both DCs really think they are in the same site. You could have something hardcoded on the DC or possibly the subnet configuration in AD is off and the servers think they are in different sites. Look at the actual DNS records for the site, are they there? Do they look the same? joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert N. Leali Sent: Friday, February 25, 2005 4:30 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DC not failing over in single domain environment Yes, they both are GC's. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carerros, Charles Sent: Friday, February 25, 2005 3:14 PM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] DC not failing over in single domain environment Are both DCs GCs as well? I believe that they both need to be so if you want them to failover for Exchange. -Original Message- From: Robert N. Leali [mailto:[EMAIL PROTECTED] Sent: Friday, February 25, 2005 3:11 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] DC not failing over in single domain environment I have a single domain, multi-site environment, Windows server 2003 standard version. I have two DC's sitting on the same subnet that are replicating to each other and both are Global Catalog Servers. When one of the DC's go down, users loose access to resources (i.e. Exchange 2003 can't look up address book, IE can't get web pages through authenticated ISA 2000, etc.). Basically, the LDAP queries seem to be failing. My guess is that the DC's are not registered properly in the DNS as the clients can't find the failover DC when one fails. I found a Group policy that seems to solve the problem under Computer Configuration - Administrative Template - System - Net Logon - DC Locator DNS - Dynamic Registration of the DC Locator DNS records - not configured. My questions is am I on the right track here? if so, is there a KB article that shows proper configuration or does anyone have some recommended settings for the above scenario? If I'm not on the right track, where would you look next? DCDIAG and NetDiag are showing all tests as passed. The only one with additional information is DNS test . . . . . . . . . . . . . : Passed PASS - All the DNS entries for DC are registered on DNS server '172.17.4.22' and other DCs also have some of the names registered. PASS - All the DNS entries for DC are registered on DNS server '172.17.4.2' and other DCs also have some of the names registered. Any help, advice and thoughts are greatly appreciated. Robert The information contained in this e-mail transmittal, including any attached document(s) is confidential. The information is intended only for the use of the named recipient. If you are not the named recipient, you are hereby notified that any use, disclosure, copying, or distribution of the contents hereof is strictly prohibited. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
