Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Global Catalog Server/DNS Redundancy

Status
Not open for further replies.
vzrogers

vzrogers

MIS
Sep 12, 2005
11
US

I have 3 domain controllers, 2 Windows 2000 and 1 Windows 2003 servers.

Initially, one of the Windows 2000 servers (Server A) was the single global catalog server and primary DNS server. However, when/if this server went down nobody was able to authenticate to the domain.

To create a level of redundancy and ensure minimal downtime, I made my other Windows 2000 Server (Server B) a GC as well. This machine was already a backup DNS server.

Today, Server A went down for about 10 minutes and during that time nobody could access any network shares or resources.

I thought I had taken care of this by making Server B a GC server as well, but apparently I am missing something here.
 
Sort by date Sort by votes
From my understaing, it sounds like the DC went down held all the FSMO roles. In that case, you would have to seize the FSMO roles on the DC that is functional
 
Upvote 0 Downvote
Things seem to be working ok now. How can I ensure the roles have been transferred over to the other GC?
 
Upvote 0 Downvote
No you do not need to transfer the roles for the machines to login to AD, if both servers are GCs. If A is down your wks should be able to login to an AD network, perhaps slower but they should login. You transfer roles only if the role holder will be offline for extended periods or it dies.

Do you have DNS and DHCP setup correctly on A and B

Assuming you have DHCP, the 006 option on both A and B servers, need to have A and B listed to use B as a login server. Other wise wks do not know of a secondary DNS server.
If static, both servers need to be listed in the TCP/IP properties of the wks.

As far as the shares or resources on A, if A is down, you do not have any resources exclusive to A to share, GCs do not make a replica server for data or shares.

........................................
Chernobyl disaster..a must see pictorial
 
Upvote 0 Downvote
Well, my Network seems to disagree. I have 2, 2003 Servers BOTH of which are DCs, GCs and DNS-AD intergrated servers. We are static IPs. Server A holds all 5 FSMO roles.

If Server A goes down, my clients get a Domain not available message when trying to logon to the Domain


Here's another discussion on it...
 
Upvote 0 Downvote
Static or DHCP it should not matter, you should be able to login, with the FSMO down. Normally with the FSMO, login takes roughly 20 seconds into windows on most machines, due to profile loading, with the FSMO down, about twice as long. Are you in native mode? Do you have all the GCs show up in DNS under _msdcs

I have 6 networks with an FSMO(GC enabled), and DC(s)(GC enabled),all in native mode, and they have all been tested to login if the FSMO fails/shutdown. Does little on my networks, since most Apps are on the FSMOs, but they login. On large networks with Apps well distributed this would make a big difference; thought AD functions are crippled until the roles are transferred or seized in an emergency.

Mark Minasi makes a indirect comment about GCs on secondary DC's ability to accept logins. Post a question on the site, as there are multiple AD MVPs lurking about.


........................................
Chernobyl disaster..a must see pictorial
 
Upvote 0 Downvote
Current Domain Functional Level: Windows Server 2003

So, we are at the highest Domain level

All DNS entries (NS, SRV, A) are listed for both DCs under _msdcs on both DNS servers

Like I said, If our DC that has all the FSMO roles goes down, new users or users who have never logged on to a machine cannot log on to the Domain even though the other DC, which is a GC and DNS server is up and running
 
Upvote 0 Downvote
Like I said, If our DC that has all the FSMO roles goes down, new users or users who have never logged on to a machine cannot log on to the Domain even though the other DC"

This is not what you said before, and like I said AD is crippled, thus new users, and user which have not logged to the domain before are affected by the lack of PDC emulation, a minor problem compared to all your users not being able to login.

........................................
Chernobyl disaster..a must see pictorial
 
Upvote 0 Downvote
How can I check to make sure all FSMO roles are properly assigned?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
922
suncit
suncit
MaioMaio
  • Locked
  • Question
Server Remote Desktop License
Replies
0
Views
526
MaioMaio
MaioMaio
Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
701
Aquiles Vidal
Aquiles Vidal
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
547
antonio_dsanchez
antonio_dsanchez
jamescpp
  • Locked
  • Question
Windos OpenSSH server vulnerability
Replies
0
Views
661
jamescpp
jamescpp

Part and Inventory Search

Sponsor

Back
Top