Re: backlup domain controller not authenticating...
- From: "Dave Nickason [SBS MVP]" <gwdibble@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 19 Apr 2005 19:26:34 -0400
Andy's point was to make the second DC a global catalog. I originally did
not do that with my second DC, then ran into a problem and had to make it a
DC. I can't remember the details, but I think it was during the upgrade to
SBS 2003 that I had to make the second DC a GC.
I had issues getting the second DC to do authentication and later fixed
them. The DNS thing was suggested to me by a guy from PSS and that worked,
but by that time I'm sure I'd made other changes as well.
If you take your SBS offline for a couple of minutes (just disable the NIC
for a minute), and log in from a workstation, what happens?
"Brad Pears" <donotreply@xxxxxxxxxxx> wrote in message
news:%236VEzCSRFHA.1176@xxxxxxxxxxxxxxxxxxxxxxx
> Both servers are listed in there, but only our Small Business Server is
> checked as "Global Catalog". IS this correct? SHould both be checked
> 'Global"??
>
> As for your other question, I did not have the second domain controller
> configured in DHCP - completely forgot about that so have configured that.
> I actually still have to test it to see if it works but ipconfig/all from
> a dhcp client does return the backup DC IP address - so I bet it will work
> now...
>
> Thanks,
>
> Brad
> "Dave Nickason [SBS MVP]" <gwdibble@xxxxxxxxxxxxxxxxxxxxxx> wrote in
> message news:u8uY1EQRFHA.3156@xxxxxxxxxxxxxxxxxxxxxxx
>> Brad - this is one of the most closely guarded secrets in the SBS world.
>> However, I think you have been around long enough for me to disclose this
>> previously unknown and seemingly undocumented method ; -)
>>
>> You have to go into Active Directory Sites and Services. Expand Sites ->
>> Default first site name -> Servers -> [Server]. R-click NTDS Settings
>> and click Properties. Global Catalog is a check box on the General page.
>>
>> Did you try adding the second server as a DNS server in DHCP? It's
>> altogether possible that Andy knows more about this than I do, but it was
>> not my impression that a server had to be a GC to do authentication. I
>> think it's common for large organizations to have multiple DCs but few
>> GCs.
>>
>>
>> "Brad Pears" <donotreply@xxxxxxxxxxx> wrote in message
>> news:%23MJkwvORFHA.2132@xxxxxxxxxxxxxxxxxxxxxxx
>>> Not sure what that is or where I would check that. Help!
>>>
>>> "Andy G" <no> wrote in message
>>> news:uMDqJwBQFHA.3628@xxxxxxxxxxxxxxxxxxxxxxx
>>>> Is the new "bdc" a global catlog?
>>>>
>>>>
>>>> "Brad Pears" <donotreply@xxxxxxxxxxx> wrote in message
>>>> news:uhCDyehOFHA.3668@xxxxxxxxxxxxxxxxxxxxxxx
>>>>>I am showing both servers in the "Domain Controllers" folder within
>>>>>Active Directory.
>>>>>
>>>>> Maybe I just need to set up the DHCP corrrectly as you mentioned... I
>>>>> will give that a try ...
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Brad
>>>>> "Dave Nickason [SBS MVP]" <gwdibble@xxxxxxxxxxxxxxxxxxxxxx> wrote in
>>>>> message news:eDXFFnwNFHA.3960@xxxxxxxxxxxxxxxxxxxxxxx
>>>>>> One thing that might be the problem is DNS - without the DNS server
>>>>>> on the SBS, your workstation couldn't find the other DC to
>>>>>> authenticate to. You may have to add DNS to the second DC (AD
>>>>>> integrated). Then you have to go into the DHCP settings and add the
>>>>>> new DC as the second DNS server. When you run ipconfig on a
>>>>>> workstation, it should then show the SBS first and the other DC
>>>>>> second. I'm not sure that this is the only possible cause of what
>>>>>> you're seeing, but IMO if you want redundant AD, you want redundant
>>>>>> DNS, so there's no reason not to give it a try.
>>>>>>
>>>>>> Also, I've had a situation where the SBS was not actually "down" but
>>>>>> was unresponsive. The workstation sees the server, tries to
>>>>>> authenticate, but the SBS doesn't respond quickly enough and the
>>>>>> request times out. In that case, if the SBS was completely
>>>>>> unreachable, the workstation would have used cached credentials, but
>>>>>> it appears that if the workstation can see the server at all, it
>>>>>> won't use cached credentials.
>>>>>>
>>>>>>
>>>>>> "Brad Pears" <donotreply@xxxxxxxxxxx> wrote in message
>>>>>> news:ORs3BxuNFHA.3760@xxxxxxxxxxxxxxxxxxxxxxx
>>>>>>> We recently implemented a Win2K3 standard server in our environment
>>>>>>> and configured it as a backup domain controller. The PDC is a Win2K
>>>>>>> Small Business Server.
>>>>>>>
>>>>>>> Our SBS server went down today and when trying to log onto the
>>>>>>> domain from my machine, I got the following error...
>>>>>>>
>>>>>>> "Unable to logon to the TNLHDOM domain.It is not currently
>>>>>>> available"
>>>>>>>
>>>>>>> Why would the backup domain controller have not taken over the task
>>>>>>> of logging me onto the domain? This was the whole purpose I set up
>>>>>>> the BDC in the first place - to provide a backup when the SBS
>>>>>>> machine goes down!!
>>>>>>>
>>>>>>> Thanks,
>>>>>>>
>>>>>>> Brad
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
.
- References:
- backlup domain controller not authenticating...
- From: Brad Pears
- Re: backlup domain controller not authenticating...
- From: Dave Nickason [SBS MVP]
- Re: backlup domain controller not authenticating...
- From: Brad Pears
- Re: backlup domain controller not authenticating...
- From: Andy G
- Re: backlup domain controller not authenticating...
- From: Brad Pears
- Re: backlup domain controller not authenticating...
- From: Dave Nickason [SBS MVP]
- Re: backlup domain controller not authenticating...
- From: Brad Pears
- backlup domain controller not authenticating...
- Prev by Date: Re: backlup domain controller not authenticating...
- Next by Date: Cannot Send Email To Subdomain
- Previous by thread: Re: backlup domain controller not authenticating...
- Next by thread: Dhcp server unstable
- Index(es):
Relevant Pages
|
