Re: Logins fail if one DC unavailable

• Previous message: Clinf: "how to prevent data/informations on production environment?"
• In reply to: DaveinPNG: "Re: Logins fail if one DC unavailable"
• Next in thread: Andrei Ungureanu: "Re: Logins fail if one DC unavailable"
• Reply: Andrei Ungureanu: "Re: Logins fail if one DC unavailable"
• Reply: Enkidu: "Re: Logins fail if one DC unavailable"
• Messages sorted by: [ date ] [ thread ]

Date: Thu, 09 Dec 2004 21:17:07 +1300

If all DCs are also GCs, this is NOT a problem.

http://support.microsoft.com/kb/223346

I'm a little surprised that no one has pointed this out.

Cheers,

Cliff

On Wed, 8 Dec 2004 21:15:05 -0800, DaveinPNG
<DaveinPNG@discussions.microsoft.com> wrote:

>This was the answer. Once I made DC2 (in the same domain as DC1) and DC3 (in
>a child domain) all GC servers, all three can now handle logins.
>
>Considering what I have, should I be concerned that DC1 and DC3 are a GC and
>the Infrastruture master? I really have no choice, do I?
>
>Thanks.
>
>Dave
>
>"Ken B" wrote:
>
>> One other thing to check... are DC's 2 & 3 Global Catalogs? That's what
>> really handles authentication, I believe.
>>
>> Ken
>>
>>
>> "Herb Martin" <news@LearnQuick.com> wrote in message
>> news:OXHKM0E3EHA.1144@TK2MSFTNGP09.phx.gbl...
>> > "DaveinPNG" <DaveinPNG@discussions.microsoft.com> wrote in message
>> > news:DF8FB2C2-BA9A-4663-9F71-4278EF888DA1@microsoft.com...
>> >> Two domains - Two DCs in one domain, one DC in a child domain
>> >>
>> >> If DC1 is unavailable, even though DC2 and DC3 are available, no one can
>> >> login.
>> >> REPADMIN /showreps looks fine.
>> >
>> > Ok, that eliminates replication but the most common
>> > reason is that one of the DCs is not registered properly
>> > in DNS OR your DNS is only correct on the other (missing)
>> > DC.
>> >
>> > Most replication and authentication problems are based on
>> > DNS problems.
>> >
>> >> The only clue I can find is this: I was writing a perl script to
>> > authenicate
>> >> a user. The bind fails no matter what I do.
>> >> I get a similiar message if I run repadmin /bind DSA:
>> >> DsBindWithCred to dsa failed with status 1722 (0x6ba):
>> >> The RPC server is unavailable.
>> >
>> > This might be important and represent some serious problem
>> > with the (other) DC, but let's do the obvious first.
>> >
>> >> I know this has got to be simple, but I'm stumped.
>> >> BTW: DC1 has all of the roles and was upgraded from NT4 (PDC) to W2K to
>> > W2K3.
>> >
>> > Pretty much irrelevant as long are you clients are Win2000+
>> > and you aren't discussing BDCs.
>> >
>> > Roles can affect clients but seldom in authentication (e.g.,
>> > browsing) unless the client is Win9x or NT, and thus
>> > (could be) dependent on the PDC emulator.
>> >
>> > First, run DCDiag on the problematic DC -- and save the
>> > output to a text file (/?) -- search the file for FAIL, ERROR,
>> > WARN and either fix those errors or report them (here).
>> >
>> > Check you DNS architecture:
>> >
>> > DNS
>> > 1) Dynamic for the zone supporting AD
>> > 2) All internal DNS clients NIC\IP properties must specify SOLELY
>> > that internal, dynamic DNS server (set.)
>> > 3) DCs and even DNS servers are DNS clients too -- see #2
>> >
>> > Restart NetLogon on any DC if you change any of the above that
>> > affects a DC.
>> >
>> > Ensure that DNS zones/domains are fully replicated to all DNS
>> > servers for that (internal) zone/domain.
>> >
>> >
>> > --
>> > Herb Martin
>> >
>> >
>> >
>>
>>
>>

-- 
These twin-CPU hyperthreading computers are really
great! We can wait ten to a hundred times faster
these days.

• Previous message: Clinf: "how to prevent data/informations on production environment?"
• In reply to: DaveinPNG: "Re: Logins fail if one DC unavailable"
• Next in thread: Andrei Ungureanu: "Re: Logins fail if one DC unavailable"
• Reply: Andrei Ungureanu: "Re: Logins fail if one DC unavailable"
• Reply: Enkidu: "Re: Logins fail if one DC unavailable"
• Messages sorted by: [ date ] [ thread ]