Re: Backup AD DC does not authenticate when the primary DC is down

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

DNS is a requirement for Active Directory. You must have DNS name
resolution available for Active Directory to function correctly.
Having multiple DNS servers specified, is a best practice and is highly
advised for both your servers and your client machines.

Al



"Jason Carter" <JasonCarter@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A77A2F85-AE2D-443D-889A-B742559FCDEA@xxxxxxxxxxxxxxxx
> Yes, all three use AD integrated zone dns. All three also have themselves
> listed as the primary DNS and one of the other DCs as the secondary.
>
> The clients that could not be authenticated were all test servers that
> only
> had the primary DC listed as the only DNS server. I have corrected that
> but
> will need to wait for a good time to test this out.
>
> So, this brings up another question. If the DNS servers that a client is
> pointing to are down, will the client not be able to log into the domain?
>
> "Alex" wrote:
>
>> Are all 3 DCs configured to use AD Integrated-Zone DNS?
>>
>> Do the 3 members have alternate DNS IP addresses setup?
>>
>>
>> "Jason Carter" <JasonCarter@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:B373B080-BD65-43C4-B55F-EA81271FDEFE@xxxxxxxxxxxxxxxx
>> > We had an AC unit go out this weekend and had to shut down our servers
>> > in
>> > one
>> > location. We have a one DC each in three locations connected via point
>> > to
>> > point T1 lines. When I shut down the DC in our primary location, I
>> > could
>> > not
>> > get logged into other servers to shut them down. A message came up
>> > saying
>> > that the domain could not be found. I was able to get the machines shut
>> > down
>> > using the local admin account, but I thought the loss of any one DC
>> > should
>> > not affect my ability to preform day to day domain functions, like
>> > logging
>> > in. All three servers are in the same AD "Site" and all three IP ranges
>> > in
>> > my
>> > network are associated with that AD Site. Is there some setting that I
>> > am
>> > missing?
>> >
>> > I did verify after logging in locally that the server could ping each
>> > of
>> > the
>> > other two domain controllers and could even use Remote Desktop to log
>> > into
>> > those machines.
>>
>>
>>


.

Relevant Pages

  • Re: Traveling Users Unable to Authenticate to AD
    ... authenticate to your AD while on the NDS network and you believe that DNS is ... One question that comes to mind is what DNS server is the client machine ... domain on the us.parent.com name servers. ... > MYCO.US.PARENT.COM Active Directory, get their mapped drives, access to ...
    (microsoft.public.windows.server.active_directory)
  • Re: Network logins take too long!
    ... Have you been at one of these client machines when one of the longer delays ... if you have been changing the DNS configuration, ... "Domain Controller servers are two Dell PowerEdge2950 servers one with ...
    (microsoft.public.windows.server.active_directory)
  • Re: Event Viewer Anomoly
    ... I would also make the so called "BDC" a DNS server and use Active directory ... DNS servers as preferred DNS on the NIC itself and secondary the other. ... The File Replication Service is having trouble enabling ...
    (microsoft.public.win2000.networking)