Re: Cannot logon to the Domain

From: "Paul Bergson" <pbergson@xxxxxxxxxxxxxxxxx>
Date: Thu, 22 Jun 2006 07:53:26 -0500

When the DC is brought down clients need to authenticate to another DC, the
way they find the DC's and its services is through DNS. Once the client has
been provided a DNS server it requests services for a Global Catalog on an
active DC. As you can see there are several redundency needs in order to be
able to keep things up and running.

1) There needs to be more than one dns server
2) There needs to be more than one GC
3) The clients need to point to more than one dns server

Jorge pointed this all out already but I wanted to go into a bit of detail
for you to understand what the needs are for.

If you need help in tracking down if you meet all of this criteria re-post
what specifically you are unsure of.

--
Paul Bergson MCT, MCSE, MCSA, Security+, CNE, CNA, CCA
http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup

This posting is provided "AS IS" with no warranties, and confers no rights.

"Henri" <spam@xxxxxxxx> wrote in message
news:eQDr%23aWlGHA.836@xxxxxxxxxxxxxxxxxxxxxxx

Hi,

Occasionally we need to service the FSMO PDC (Windows Updates). During the
downtime ( Usually a reboot) users cannot logon to the Domain although
there is another DC with a replica of
the GC.

I know that I can Transfer the Operation Master role to the other DC, but
I
am concern of the time it might take to do this and I do not know if I
have
to do it on all three Tabs ( RID, PDC and Infrastructure ). We have two
domain on the same tree, a primary domain with a child domain.

Is there's a way so that users and services with domain account will be
able
to stay authenticated while the FSMO is down for maintenance, sometimes is
it only the time of a reboot after applying Microsoft Update patches.

Thanks in advance for you help.

Henri.

Follow-Ups:
- Re: Cannot logon to the Domain
  - From: Henri

References:
- Cannot logon to the Domain
  - From: Henri

Prev by Date: Re: Problems accessing w/LDAP?
Next by Date: Re: Missing Server in Default-First-Site-Name
Previous by thread: Re: Cannot logon to the Domain
Next by thread: Re: Cannot logon to the Domain
Index(es):
- Date
- Thread

Relevant Pages

Re: DNS dfs issue
... You say that some clients are OK. ... The domain controllers for SiteA are named: ... No matter which dns server I use on clientB1 its %logonserver% is always ...
(microsoft.public.windows.server.dns)
Re: newbie lost in trying to setup NAT
... That is what you have DHCP for. ... You set the clients to obtain an IP ... address automatically and to obtain their DNS server automatically. ...
(microsoft.public.windows.server.networking)
Re: Creating my first user accounts
... I am trying to log onto the domain with the clients to have access to shared ... files and access the internet. ... DNS is almost always the cause of authentication errors -- ... Did you alter the DNS server settings, ...
(microsoft.public.windows.server.active_directory)
Re: Domain Controller Stops Processing All Login Requests Randomly
... > Then if the BIND servers are only used for the forwarders in a split DNS ... You must only use the "internal DNS server set" ... the clients have all four DNS entries listed in their NIC ... >> the clients problem but the DCs. ...
(microsoft.public.windows.server.dns)
Re: GC & DNS ISSUE
... client wont query the secondary if it doesn't get the info it need from an ... It is INCORRECT to configure a DNS Client with multiple DNS ... All DNS Server used by the clients must return all of the correct answers ...
(microsoft.public.windows.server.dns)