Re: Cannot Add Second Node to Cluster: Multiple DNS records were found for "MyServer.MyNet.local"

You would have received my plea two months ago - if you had posted your
query here at that time! :) Don't worry about it now - as you've stated, as
long as things are working for you currently, I wish you continued luck and
success with your environment.

As soon as you start to see any issues, I'd definitely consider
un-clustering your DCs! Thanks for sharing your configurations here with
others.

--
Ryan Sokolowski
MVP - Windows Server - Clustering
MCSE, CCNA, CCDA, BCFP


This posting is provided "AS IS" with no warranties, and confers no rights.
"Charles Law" <blank@xxxxxxxxxxx> wrote in message
news:e5ggTYpQIHA.2376@xxxxxxxxxxxxxxxxxxxxxxx
Hi Ryan

I have identified and fixed the DNS problem: KB275554 relates. I followed
method 2, and when I got into it, it was obvious what the problem was. It
seems to be that this is almost guaranteed to happen, so a word to the
wise in the MS documentation might have been useful.

As for clustering DCs, I have now done it and it is working. It might not
be pretty, but so far everything is doing what it should. If I had read
your plea two months ago I would have happily capitulated, but I am where
I am, and for now, at least, I have to go forward.

Rest assured, at the first opportunity, I will reconsider.

Regards

Charles


"Ryan Sokolowski [MVP]" <ryan@xxxxxxxxxxxxxxxxx> wrote in message
news:e6K2mznQIHA.4740@xxxxxxxxxxxxxxxxxxxxxxx
'Viable' does not equal Best Practice. Please don't cluster DCs.

Also it sounds like you may not have your DNS configured properly -
AD-integrated? Make sure your zone is configured properly and is
replicating to both DCs correctly. Both DCs should have a record in the
same zone and be present when viewing the DNS zone from each DC.

--
Ryan Sokolowski
MVP - Windows Server - Clustering
MCSE, CCNA, CCDA, BCFP


This posting is provided "AS IS" with no warranties, and confers no
rights.
"Russ Kaufmann [MVP]" <russ@xxxxxxxxxxxxxxx> wrote in message
news:D1A0227F-AAD2-4173-9416-F7147CBD8467@xxxxxxxxxxxxxxxx
"Charles Law" <blank@xxxxxxxxxxx> wrote in message
news:eyNZkXcQIHA.5980@xxxxxxxxxxxxxxxxxxxxxxx
This is a very bad idea. You should never cluster domain controllers.

I'm not disagreeing, but more than one Microsoft document says that
this is ok. I saw a reference in another thread you are helping in, and
the Microsoft guide I have been following also makes reference to this
as a viable configuration.

Like I also said in that thread, Microsoft might say it is OK in that
doc, but there are other docs where they clearly say it is not supported
depending on the applications. Also, from experience, every single MVP
in clustering will tell you that it is a very bad idea.

Let me give you a perfect example: Microsoft clearly says that
Active-Active clustering is supported for Exchange Server 2003. However,
they also very clearly, in other documents, recommend against doing it.
So, what is possible and what is a good idea/best practice are two
different things in many cases. This is one of them.

What can go wrong? Well, think about how a service account gets
authenticated when the DC is the first computer up and it uses its own
account. Think about the security hole that is created when your local
administrator account that would normally be a regular domain account
now has to be a full domain admin account because there is no such thing
as a local accounts database on a DC. Also, think about the Register
this connection in DNS setting in the TCP/IP configuration and how that
is set on a DC. A DC does not honor the check box, so you will see
entries for the DC in DNS for both the public and private networks.
Think of the issues around name resolution with some names being out and
out wrong when it comes to resolution. There are other reasons, such as
issues with Exchange Server itself where it is not supported on domain
controllers.

Is that all enough?

In the meantime, Server1 failed to register its IP info on the DNS in
Server2 and thus registered with itself only.

I know not ideal, but isn't that the point of each server pointing to
each other for DNS resolution?

Yes, and no. Personally, I want all accounts properly registered in DNS.
Don't you? This is especially important when you need DNS resolution for
using kerberos enabled network names later on. Again, just because you
can do something doesn't mean it is a good solution.

Just for the moment, if I could get this DNS issue resolved, then I
would be happier. Do you know why I get the message, and what would put
it right?

Follow best practices. <G>

--
Russ Kaufmann
MVP - Windows Server - Clustering
ClusterHelp.com, a Microsoft Certified Gold Partner
Web http://www.clusterhelp.com
Blog http://msmvps.com/clusterhelp

The next ClusterHelp classes are:
Mar 10- 13 in Denver
May 12-15 in New York






.

Relevant Pages

  • Re: Number of GC servers
    ... Are you using the Restricted Groups GPO?? ... That might give you an indication as to why labserver works on one server ... DNS is handled by corporate servers. ... If I logon to cmpq02,cmpq04, as "labserver" (a generic account, that is ...
    (microsoft.public.windows.server.active_directory)
  • Re: Please help - Cant join PC to new domain
    ... I installed a DC (Windows Server 2003 R2) and set up Active Directory ... Tried creating the computer account first and then adding it to the ... Your DNS domain name, "MYDOMAIN" is a single label name. ...
    (microsoft.public.windows.server.dns)
  • Re: Fake domain
    ... Here what I would do, schedule cutover on Friday, make sure all users popped into their external ISP and download all their e-mail to their outlook and they exported mail into "PST" file on same location each workstation. ... change MX record to point to new exchange server. ... Prepare document showing your users how to import existing PST into newly created mail account via outlook or you find a way to script it or do it manually (-: ... 1.- Create the domain contoso.com and copy all the "actual" DNS ...
    (microsoft.public.exchange.setup)
  • Ongoing DNS Issue? or something worse?
    ... has an issue with connecting to the SBS server correctly. ... see Help and Support Center at ... account, this may be a transient issue that doesn't require any action at ... The dynamic deletion of the DNS record 'WesternValve.local. ...
    (microsoft.public.windows.server.sbs)
  • Re: Cannot Add Second Node to Cluster: Multiple DNS records were found for "MyServer.MyNet.local"
    ... Also it sounds like you may not have your DNS configured properly - ... MVP - Windows Server - Clustering ... Active-Active clustering is supported for Exchange Server 2003. ... think about how a service account gets ...
    (microsoft.public.windows.server.clustering)
Loading