Providing site redundancy for clients

[Jeremy]

Hi,

We have 6 sites all within the same Domain. We've setup the sites in
AD Site and Services, have associated the correct subnet to the site
and moved the servers to their correct sites. However, we only have
one server per site, accept for the head office. So how do we force
clients to use (authenticate against) a particular site should their
local site DC become unavailable? It seems to just pick one, but I
want to force it to a particular one.

Cheers,
Jeremy.

 

[Herb Martin]

Hi,

We have 6 sites all within the same Domain. We've setup the sites in
AD Site and Services, have associated the correct subnet to the site
and moved the servers to their correct sites. However, we only have
one server per site, accept for the head office. So how do we force
clients to use (authenticate against) a particular site should their
local site DC become unavailable?

In generally you do NOT do this.

Clients will prefer the local (to the site) DC,
and still may be able to authenticate with another
DC if they 'own' is down.

That is the way it is supposed to work (of course
firewalls and WAN latency can defeat this but
should not purposely be designed to do so in most
real world cases.)

It seems to just pick one, but I

That sounds like you have 'really' moved the
DCs to the correct sites, or setup the 'subnets'
correctly OR QUITE LIKELY your DNS is
not functioning correctly and so the information
is not provided correctly to clients (looking for
a DC in a particular site.)

want to force it to a particular one.

Don't do that -- fix any actual problems and let
the clients fail over to using any DC if they must.

Or provide additional DCs per site.

Also make sure you have at least one GC (on the
existing or additional DCs) PER SITE.

If you only have one domain, then all DCs can
safely be made GCs.



Things to check for DNS to support AD:

1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)

netdiag /fix

....or maybe:

dcdiag /fix

(Win2003 can do this from Support tools):
nltest /dsregdns /serverC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]

 

[jeremyts]

Actually Herb, you haven't understood my question.

There is nothing broken, and everything works perfectly.

The Sites are actually VLAN's in a College, where the VLAN's separate
Staff and Student networks with DCs in each. All DCs can communicate,
and the Staff PCs can communicate with all DCs, but the Student PCs can
only communicate with Student DCs. This is all working 100% correctly.

What I want to do is add redundancy to the Student networks. So when a
DC fails on one campus, the Student PCs will use the DC from a Student
network on another campus. This is what I want to be able to control.

I hope this makes it clearer.

Cheers,
Jeremy.

 

[Herb Martin]

Actually Herb, you haven't understood my question.

There is nothing broken, and everything works perfectly.

The Sites are actually VLAN's in a College, where the VLAN's separate
Staff and Student networks with DCs in each. All DCs can communicate,
and the Staff PCs can communicate with all DCs, but the Student PCs can
only communicate with Student DCs. This is all working 100% correctly.

What I want to do is add redundancy to the Student networks. So when a
DC fails on one campus, the Student PCs will use the DC from a Student
network on another campus. This is what I want to be able to control.

Again, you still cannot FORCE it (except by
using router filters or some such) but you can
ENCOURAGE it by the use of Site Link costs.

Put the 'student' nets in a cluster of low cost
sites connected to the 'staff' cluster with higher
costs.

Also you can consider removing the default site
link bridge (grouping) and grouping the site links
into two custom site link bridge (groups) but that
is likely overkill for you issue.