Re: Secondary (backup) domain controller not working ?

Tech-Archive recommends: Fix windows errors by optimizing your registry


Hello Phillip,

Maybe i understand you not correct, but the FSMOs are not needed for the logon process, so it doesn't matter if the DC holding them is not available. For logon at least a DC and DNS server is needed, when universal groups are used also a Global catalog server. Otherwise they will logon with cached credentials onj th local machine.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


"iautran" <iautran@xxxxxxxxxxxxxxxxxx> wrote in message
news:mn.3cd77d97c254cab5.97978@xxxxxxxxxxxxxxxxxxxxx

But this is not what I have read about the "DC Locator" process ...
And so why does Microsoft tell us to configure two DNS DC servers in
the DNS configuration of each client ?

Becuase it is better than not doing it. The Client most likely will
log in with a cached account,..just like it would do if you started it
up without the LAN cable plugged in. The second DNS entry would give
the client the ability to still resolve names in a more general sense.
The Client would be "aware" that the other DC existed because it would
be seen in the DNS Zone,...but the remaining DC just cannot do the
jobs of the other DC because it just does not have the same FSMO
Roles.

Instead of testing by shutting down the first DC,...test by shutting
down the second DC,...you will notice that it will almost not even be
noticed (depending on the FSMO Roles it had).

Yes I have seen the articals that make it all sound so "rosey" but in
pactice it has never seemed to be so rosey when tried.

Now everything changes again when you get into Sites with multiple DCs
where you have a DC at each Site. The AD Sites are designed so that
all the Clients in a Site will use the DC within their own Site
regardless of the FSMO roles it has.

So I'm not going to claim to know every little detail of how and why
it behaves the way it does,...but I do know that smooth transparent DC
fail-over just does not happen.

The views expressed, are my own and not those of my employer, or
Microsoft, or anyone else associated with me, including my cats.
-----------------------------------------------------



.

Relevant Pages

  • SBS2k, no ISA, slow logon
    ... WS are XP Pro, and logon to domain, but S L O ... I think all the WS are having to go to the ISP for DNS lookup, ... They Client has obviously had issues with their present supplier, ... between myself and them is built up) to resolve this issue. ...
    (microsoft.public.backoffice.smallbiz2000)
  • Re: How does a client find domains?
    ... Basically the client side DcLocator process uses queries DNS for GC and DC info, then the local winlogon process completes the task. ... If using an ISP's DNS, the logon process fails because the ISP;s DNS has no info about the internal AD resources, domain controllers, etc. ... As for trusts, part of when a client communicates with AD, it will populate the domain list in the drop down box for you based on what trusts the domain is aware of. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Still strange not fully working DNS server
    ... At logon on the network with a client the error event ID 1054 appears. ... The new server is global catalog and has joined the domain as a member, ... If the clients are domain members they have to be registered in your DNS ...
    (microsoft.public.windows.server.dns)
  • Re: Secondary (backup) domain controller not working ?
    ... Do you use Universal groups and are the accounts member of them? ... Personally i only realize a small delay when the preferred DNS/DC is down and i logon again when the machine is still running. ... If i startup a client when the preferred DNS is down i don't have any delay realized. ...
    (microsoft.public.windows.server.active_directory)
  • Re: excessive logon time
    ... > If you do ipconfig /all on the client where does the DNS IP point at? ... When I then logoff and logon to the same ... behaviour dependig by script or something depended by GPO in logon time. ...
    (microsoft.public.windows.server.general)