Re: Cannot logon to the Domain
- From: "Henri" <spam@xxxxxxxx>
- Date: Thu, 22 Jun 2006 11:40:38 -0400
Thanks,
We have two DCs say DC1 and DC2.
- DC1 is the FSMO the GC is replicated to DC2 so both have the GC.
- DC1 an DC2 have DNS integrated installed DC1 is the primary DNS and DC2 is
the secondary.
- Our DHCP server is configure to push DNSs IPs to all clients as follows
were .26 is DC1 and .27 is DC2:
Default Gateway . . . . . . . . . : 192.7.1.1
DNS Servers . . . . . . . . . . . : 192.7.1.27
192.7.1.26
Still when DC1 is down users cannot logon to the domain and service that
need periodical authentication to the domain cannot be authenticated. This
causing a serious outrage to our services.
Thanks for your help guys any additional hints will be appreciated.
Thanks in advance,
Henri.
"Paul Bergson" <pbergson@xxxxxxxxxxxxxxxxx> wrote in message
news:%23RGTbrflGHA.5044@xxxxxxxxxxxxxxxxxxxxxxx
When the DC is brought down clients need to authenticate to another DC,
the way they find the DC's and its services is through DNS. Once the
client has been provided a DNS server it requests services for a Global
Catalog on an active DC. As you can see there are several redundency
needs in order to be able to keep things up and running.
1) There needs to be more than one dns server
2) There needs to be more than one GC
3) The clients need to point to more than one dns server
Jorge pointed this all out already but I wanted to go into a bit of detail
for you to understand what the needs are for.
If you need help in tracking down if you meet all of this criteria re-post
what specifically you are unsure of.
--
Paul Bergson MCT, MCSE, MCSA, Security+, CNE, CNA, CCA
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.
"Henri" <spam@xxxxxxxx> wrote in message
news:eQDr%23aWlGHA.836@xxxxxxxxxxxxxxxxxxxxxxx
Hi,
Occasionally we need to service the FSMO PDC (Windows Updates). During
the downtime ( Usually a reboot) users cannot logon to the Domain
although there is another DC with a replica of
the GC.
I know that I can Transfer the Operation Master role to the other DC, but
I
am concern of the time it might take to do this and I do not know if I
have
to do it on all three Tabs ( RID, PDC and Infrastructure ). We have two
domain on the same tree, a primary domain with a child domain.
Is there's a way so that users and services with domain account will be
able
to stay authenticated while the FSMO is down for maintenance, sometimes
is
it only the time of a reboot after applying Microsoft Update patches.
Thanks in advance for you help.
Henri.
.
- Follow-Ups:
- Re: Cannot logon to the Domain
- From: Jorge Silva
- Re: Cannot logon to the Domain
- From: Paul Bergson
- Re: Cannot logon to the Domain
- References:
- Cannot logon to the Domain
- From: Henri
- Re: Cannot logon to the Domain
- From: Paul Bergson
- Cannot logon to the Domain
- Prev by Date: Re: Domain Controller backup
- Next by Date: Re: # of times a user can log in w/out disableing password
- Previous by thread: Re: Cannot logon to the Domain
- Next by thread: Re: Cannot logon to the Domain
- Index(es):
Relevant Pages
|
Loading
