RE: Alternate Domain Controller

David,

It sounds like your DCs are ok, but that DNS isn't functioning quite right.
If I understood you correctly you are using BIND as your primary DNS provider
and you set up records in BIND for the Windows servers?

Long story short, this configuration can work fine, but you've got to work
harder to set it up and maintain it. It's also important that it's a version
of BIND that's compatible with AD. I generally don't recomment using BIND in
a Windows environment, not b/c I don't think BIND is a great DNS platform but
b/c I'm for the simplest design that works, and adding BIND to a
Windows environment doesn't really keep to that theme in my mind.

Long story short, for a user to authenticate to a file server the file
server need to be able to check with a DC to see if the user has permission
to access the directory/file. It does this by doing an DNS query for a DC,
specifically it's looking for the SRV records in the domain DNS Zone, if you
only have one of your DCs listed there and it's not the one that's available
then, there you are...
--
James E. Price III
Fairway Consulting Group, Inc.
O: 954-727-5126
C: 305-970-4902
E: jprice@xxxxxxxxxx
W: www.fcgroup.us


"davidyeo@xxxxxxxxx" wrote:

> I am an admitted Windows Active Directory newbie. Our organization
> just built a Windows Server 2003 file server cluster. We have 2 domain
> controllers A & B. As far as I know, they don't necessarily act as
> "primary" and "secondary" DCs, but more like if one is down, the other
> will transparently fill its role. Please correct me if I'm wrong here.
>
> Anyway, since we created the 2nd DC and tested it out by bringing down
> the 1st DC, it seems users accessing the file server can only
> authenticate when the 2nd DC is up, i.e. users are never relayed to the
> 1st DC (up again) when the 2nd is down. When logging in with the 2nd
> DC down and 1st DC up, I get the following error message:
>
> "There are currently no logon servers available to service the logon
> request."
>
> Neither the DC A or B act as DNS servers, but both have update
> privileges on our DNS BIND servers. I'm assuming our Active Directory
> DNS entries need some tweaking to make the DC A the "active" DC again?
> Is there a way to make the DC failover more transparent?
>
>
.

Relevant Pages

  • Re: NT Domain to AD migration
    ... Windows 2000/XP always prefer Kerberos authentication, ... Server 2003 Active Directory service, ensure that you have designed a DNS ...
    (microsoft.public.windows.server.active_directory)
  • Re: Secondary DNS and PIX
    ... Of course I updated them with the DNS ... WINDOWS SERVER 2003 FOR SMALL BUSINESS SERVER, ... Windows SBS 2003 SP1 is available. ...
    (microsoft.public.windows.server.sbs)
  • Re: Find AD hostname from Linux command line
    ... The Windows XP workstation gets an IP ... "Register this connection's addresses in DNS" turned ON. ... If I am on a Linux server and do "ping lancelot.ad.mydomain.com", ...
    (microsoft.public.win2000.dns)
  • Re: Secondary DNS and PIX
    ... SBS SP1 was a very specific service pack comprising several ... Root hints for DNS means you leave the forwarders ... WINDOWS SERVER 2003 FOR SMALL BUSINESS SERVER, ...
    (microsoft.public.windows.server.sbs)
  • Re: Two Win2k3 questions ... Roaming Profiles & Access Privileges ...
    ... >DHCP, DNS, Print Server, and File Server responsibilities. ... lookup zone on Windows NT" ... http://support.microsoft.com?kbid=229873 "Delegate Control Wizard Cannot Be Used ...
    (microsoft.public.win2000.advanced_server)
Loading