A
Ace Fekay [MVP]
In Jorge de Almeida Pinto [MVP]
Yes it is!
Yes it is!
C
Craig Matchan
"Ace Fekay [MVP]"
Hmm..better keep a slab or two handy then hadn't I?
Lastly, one small thing. Since powering down DC3 some of our workstations
can't login to our domain, they say it can't find a domain controller. As a
quick test I brought up DC3 and they could then logon. I've since powered
off DC3 as it's going to be forced removed anyway but I was under the
impression that when a WinXP/2k client boots it would authenticate to the
1st answering domain controller. I didn't expect it to try and authenticate
to a specific domain controller. I went looking on one the the effected PCs
registry and came across this key
HKEY_USERS->Volitile Evironment->LOGONSERVER
which held the name of DC3, but I assume this is the name of the DC that it
last authenticated with and not what it is trying to authticate with. In the
end we removed the workstation from the domain and then added it again and
all seems well. Just a little confused as to this behaviour as when it comes
time to demote the DC I really need to demote that this is going to come
back and bite us. If there is a fix or if I have something not configured
quite right it would be good to address it now. Anway, if anyone has any
idea's I'm all ears.
Regards
Craig
Hmm..better keep a slab or two handy then hadn't I?
Lastly, one small thing. Since powering down DC3 some of our workstations
can't login to our domain, they say it can't find a domain controller. As a
quick test I brought up DC3 and they could then logon. I've since powered
off DC3 as it's going to be forced removed anyway but I was under the
impression that when a WinXP/2k client boots it would authenticate to the
1st answering domain controller. I didn't expect it to try and authenticate
to a specific domain controller. I went looking on one the the effected PCs
registry and came across this key
HKEY_USERS->Volitile Evironment->LOGONSERVER
which held the name of DC3, but I assume this is the name of the DC that it
last authenticated with and not what it is trying to authticate with. In the
end we removed the workstation from the domain and then added it again and
all seems well. Just a little confused as to this behaviour as when it comes
time to demote the DC I really need to demote that this is going to come
back and bite us. If there is a fix or if I have something not configured
quite right it would be good to address it now. Anway, if anyone has any
idea's I'm all ears.
Regards
Craig
J
Jorge de Almeida Pinto [MVP]
for clients and server to be able to find a DC, you need to point at DNS you
query for one. However, if your DNS server is not available you need to have
two or more but you also need to tell your clients which DNS servers to use
(at least two).
So check if each server is configured with at least two DNS servers and your
clients get an IP with also at least two DNS servers. Most of the times the
first DNS server to query is the one closed to the clients (preferred) and
second (if the first is not available) another close DNS server or a distant
one
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto #
MVP Windows Server - Directory Services
BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
query for one. However, if your DNS server is not available you need to have
two or more but you also need to tell your clients which DNS servers to use
(at least two).
So check if each server is configured with at least two DNS servers and your
clients get an IP with also at least two DNS servers. Most of the times the
first DNS server to query is the one closed to the clients (preferred) and
second (if the first is not available) another close DNS server or a distant
one
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto #
MVP Windows Server - Directory Services
BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
A
Ace Fekay [MVP]
In Jorge de Almeida Pinto [MVP]
Just to add, it can also depend on Sites configuration. I believe that was
cached and needs to go thru the process to find another DC, but then again,
as you said Jorge, maybe it's the DNS client settings, or even if DC3 is
still in DNS as a resource and SRV record.
I don't think Craig needed to disjoin and rejoin the machine. Is this
happening to all the PCs?
Ace
Just to add, it can also depend on Sites configuration. I believe that was
cached and needs to go thru the process to find another DC, but then again,
as you said Jorge, maybe it's the DNS client settings, or even if DC3 is
still in DNS as a resource and SRV record.
I don't think Craig needed to disjoin and rejoin the machine. Is this
happening to all the PCs?
Ace
J
Jorge de Almeida Pinto [MVP]
it does not matter if the sites/subnets configuration is OK. If he can query
DNS and DCs are registered he will get an answer. A client will always ask a
DC in its site if it know the site it is in. If it does not know the site it
is in or if DCs in the are not available it will query for any DC in the
domain
However, this does not mean performance is optimal. Performance is optimal
when sites/subnets, etc. is configured correctly
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto #
MVP Windows Server - Directory Services
BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
DNS and DCs are registered he will get an answer. A client will always ask a
DC in its site if it know the site it is in. If it does not know the site it
is in or if DCs in the are not available it will query for any DC in the
domain
However, this does not mean performance is optimal. Performance is optimal
when sites/subnets, etc. is configured correctly
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto #
MVP Windows Server - Directory Services
BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
A
Ace Fekay [MVP]
In Jorge de Almeida Pinto [MVP]
I was thinking if there were more than one DC in the site. If DC3 was the
only one in the site, then upon querying DNS, the SRVs would hand the client
this one again, if it's reference wasn't deleted out of DNS.
Ace
I was thinking if there were more than one DC in the site. If DC3 was the
only one in the site, then upon querying DNS, the SRVs would hand the client
this one again, if it's reference wasn't deleted out of DNS.
Ace
C
Craig Matchan
Hi,
thanks for the info. The workstations all DHCP and the DHCP also specifies
the DNS servers. In this case I omited to remove DC3 from the assigned DNS
servers. I've now reset this so that if assigns DC1 and DC2 as DNS servers.
The planned for demote of DC3 will take place tomorrow morning. Just
finished installing SP1 on DC1 and DC2. Fingers crossed it all goes well.
Thanks for all your help, I can't really begin to convey the thanks you
people are owed, though I will stop short of offering to have your babies
I mean I'm thankfull but not THAT thankfull.
Craig
"Ace Fekay [MVP]"
thanks for the info. The workstations all DHCP and the DHCP also specifies
the DNS servers. In this case I omited to remove DC3 from the assigned DNS
servers. I've now reset this so that if assigns DC1 and DC2 as DNS servers.
The planned for demote of DC3 will take place tomorrow morning. Just
finished installing SP1 on DC1 and DC2. Fingers crossed it all goes well.
Thanks for all your help, I can't really begin to convey the thanks you
people are owed, though I will stop short of offering to have your babies
I mean I'm thankfull but not THAT thankfull.
Craig
"Ace Fekay [MVP]"
A
Ace Fekay [MVP]
In
LOL. A bottle of Crown Royal Special Reserve will do fine.
Ace
Craig Matchan said:Hi,
thanks for the info. The workstations all DHCP and the DHCP also
specifies the DNS servers. In this case I omited to remove DC3 from
the assigned DNS servers. I've now reset this so that if assigns DC1
and DC2 as DNS servers.
The planned for demote of DC3 will take place tomorrow morning. Just
finished installing SP1 on DC1 and DC2. Fingers crossed it all goes
well.
Thanks for all your help, I can't really begin to convey the thanks
you people are owed, though I will stop short of offering to have
your babies
Craig
LOL. A bottle of Crown Royal Special Reserve will do fine.
Ace