DC issue

Tutorials Win: Microsoft Windows Forum

I have a multi-server network with 2 DC's. The "master" DC (PDC,RID,OM) is
on one server and the other is just a 2003 DC (DC2). Because of
infrastructure changes, the 2 server will not be able to "talk" for about 5
days. I have clients who connect also will not be able to talk to the master
DC, but can see the other DC.

I have tested this in the past and I have issues with users not being able
to log in who can only see DC2. Sometimes their login is slow or Windows
will not allow them to log in. Is there something that i need to do to
prepare for this?

I have thought about getting a virtualized image of DC1 and loading it up @
the DC2 site and allowing users to log in that way. Is this an option? What
could happen once DC1 becomes visible again?

Thanks in advance.
Top

Re: DC issue by Meinolf

Meinolf
Mon Nov 05 12:29:40 PST 2007

Hello Tyler,

Make sure that both DC's are DNS server (Active directory integrated zones)
and Global catalog server. Also configure the clients to use both DNS servers
on there NIC. Then they will be able to logon, doesn't natter which of the
both DC's is shortly down. Do NOT configure the clients or server with an
external ip address on the NIC. If you have the need for internet access,
configure the DNS servers with forwarders, here fill in the ISP's DNS server.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm

> I have a multi-server network with 2 DC's. The "master" DC
> (PDC,RID,OM) is on one server and the other is just a 2003 DC (DC2).
> Because of infrastructure changes, the 2 server will not be able to
> "talk" for about 5 days. I have clients who connect also will not be
> able to talk to the master DC, but can see the other DC.
>
> I have tested this in the past and I have issues with users not being
> able to log in who can only see DC2. Sometimes their login is slow or
> Windows will not allow them to log in. Is there something that i need
> to do to prepare for this?
>
> I have thought about getting a virtualized image of DC1 and loading it
> up @ the DC2 site and allowing users to log in that way. Is this an
> option? What could happen once DC1 becomes visible again?
>
> Thanks in advance.
>


Top

Re: DC issue by Meinolf

Meinolf
Mon Nov 05 12:59:44 PST 2007

Hello Tyler,

see inline

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm

> I have a multi-server network with 2 DC's. The "master" DC
> (PDC,RID,OM) is on one server and the other is just a 2003 DC (DC2).
> Because of infrastructure changes, the 2 server will not be able to
> "talk" for about 5 days. I have clients who connect also will not be
> able to talk to the master DC, but can see the other DC.
>
> I have tested this in the past and I have issues with users not being
> able to log in who can only see DC2. Sometimes their login is slow or
> Windows will not allow them to log in. Is there something that i need
> to do to prepare for this?
>
This often belongs to DNS problems. And that the global catalog is not available.
Please post an ipconfig /all from the DC's and also one client. Are the machines
all on one site/location?

> I have thought about getting a virtualized image of DC1 and loading it
> up @ the DC2 site and allowing users to log in that way. Is this an
> option? What could happen once DC1 becomes visible again?

Do NOT work with an image from the first dc. You will get trouble with the
replication, when the "old"comes back.

> Thanks in advance.
>


Top

Re: DC issue by TylerBarnes

TylerBarnes
Wed Nov 07 05:24:00 PST 2007

That answers that question and thank you, but i am runing DHCP on the DC1.
Should I setup another DHCP server on DC2 and do conflict detection?

Thanks!

"Meinolf Weber" wrote:

> Hello Tyler,
>
> see inline
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm
>
> > I have a multi-server network with 2 DC's. The "master" DC
> > (PDC,RID,OM) is on one server and the other is just a 2003 DC (DC2).
> > Because of infrastructure changes, the 2 server will not be able to
> > "talk" for about 5 days. I have clients who connect also will not be
> > able to talk to the master DC, but can see the other DC.
> >
> > I have tested this in the past and I have issues with users not being
> > able to log in who can only see DC2. Sometimes their login is slow or
> > Windows will not allow them to log in. Is there something that i need
> > to do to prepare for this?
> >
> This often belongs to DNS problems. And that the global catalog is not available.
> Please post an ipconfig /all from the DC's and also one client. Are the machines
> all on one site/location?
>
> > I have thought about getting a virtualized image of DC1 and loading it
> > up @ the DC2 site and allowing users to log in that way. Is this an
> > option? What could happen once DC1 becomes visible again?
>
> Do NOT work with an image from the first dc. You will get trouble with the
> replication, when the "old"comes back.
>
> > Thanks in advance.
> >
>
>
>
Top

Re: DC issue by TylerBarnes

TylerBarnes
Wed Nov 07 06:09:00 PST 2007

That was my thought. Thanks again!

"Meinolf Weber" wrote:

> Hello Tyler,
>
> You can split your scope like 70/30 or 50/50 so you have also redundancy
> for this. Create the same scope on both servers and exclude on one server
> the first half of addresses and on the second the other half of addresses.
> So you will have no conflicts and if one server crashes and you need more
> addresses like the half that is free you can just delete the exclusion until
> you have the second server running again.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm
>
> > That answers that question and thank you, but i am runing DHCP on the
> > DC1. Should I setup another DHCP server on DC2 and do conflict
> > detection?
> >
> > Thanks!
> >
> > "Meinolf Weber" wrote:
> >
> >> Hello Tyler,
> >>
> >> see inline
> >>
> >> Best regards
> >>
> >> Meinolf Weber
> >> Disclaimer: This posting is provided "AS IS" with no warranties, and
> >> confers
> >> no rights.
> >> ** Please do NOT email, only reply to Newsgroups
> >> ** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm
> >>> I have a multi-server network with 2 DC's. The "master" DC
> >>> (PDC,RID,OM) is on one server and the other is just a 2003 DC (DC2).
> >>> Because of infrastructure changes, the 2 server will not be able to
> >>> "talk" for about 5 days. I have clients who connect also will not
> >>> be able to talk to the master DC, but can see the other DC.
> >>>
> >>> I have tested this in the past and I have issues with users not
> >>> being able to log in who can only see DC2. Sometimes their login is
> >>> slow or Windows will not allow them to log in. Is there something
> >>> that i need to do to prepare for this?
> >>>
> >> This often belongs to DNS problems. And that the global catalog is
> >> not available. Please post an ipconfig /all from the DC's and also
> >> one client. Are the machines all on one site/location?
> >>
> >>> I have thought about getting a virtualized image of DC1 and loading
> >>> it up @ the DC2 site and allowing users to log in that way. Is this
> >>> an option? What could happen once DC1 becomes visible again?
> >>>
> >> Do NOT work with an image from the first dc. You will get trouble
> >> with the replication, when the "old"comes back.
> >>
> >>> Thanks in advance.
> >>>
>
>
>
Top

RE: DC issue by TylerBarnes

TylerBarnes
Thu Nov 08 07:56:01 PST 2007

One more question, you can't have 2 DHCP servers in the same IP space,
correct? That has not changed in any newer version of Windows, right?

Instead of doing exclusions, we'll just set the scope on server 2 away from
the server 1's scope and then start it once the servers are disconnected.

"Tyler Barnes" wrote:

> I have a multi-server network with 2 DC's. The "master" DC (PDC,RID,OM) is
> on one server and the other is just a 2003 DC (DC2). Because of
> infrastructure changes, the 2 server will not be able to "talk" for about 5
> days. I have clients who connect also will not be able to talk to the master
> DC, but can see the other DC.
>
> I have tested this in the past and I have issues with users not being able
> to log in who can only see DC2. Sometimes their login is slow or Windows
> will not allow them to log in. Is there something that i need to do to
> prepare for this?
>
> I have thought about getting a virtualized image of DC1 and loading it up @
> the DC2 site and allowing users to log in that way. Is this an option? What
> could happen once DC1 becomes visible again?
>
> Thanks in advance.
>
Top

Re: DC issue by Florian

Florian
Thu Nov 08 09:54:04 PST 2007

Howdie!

Tyler Barnes schrieb:
> One more question, you can't have 2 DHCP servers in the same IP space,
> correct? That has not changed in any newer version of Windows, right?

Correct. You can have two DHCP servers with two different scopes in the
same network just like you stated. That works pretty good.

cheers,

Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Top

Re: DC issue by TylerBarnes

TylerBarnes
Thu Nov 08 12:19:00 PST 2007

So this is a superscope setup, correct?

"Florian Frommherz [MVP]" wrote:

> Howdie!
>
> Tyler Barnes schrieb:
> > One more question, you can't have 2 DHCP servers in the same IP space,
> > correct? That has not changed in any newer version of Windows, right?
>
> Correct. You can have two DHCP servers with two different scopes in the
> same network just like you stated. That works pretty good.
>
> cheers,
>
> Florian
> --
> Microsoft MVP - Windows Server - Group Policy.
> eMail: prename [at] frickelsoft [dot] net.
> blog: http://www.frickelsoft.net/blog.
>
Top

Re: DC issue by Hank

Hank
Fri Nov 09 02:24:11 PST 2007

Tyler Barnes wrote:
> I have a multi-server network with 2 DC's. The "master" DC (PDC,RID,OM) is
> on one server and the other is just a 2003 DC (DC2). Because of
> infrastructure changes, the 2 server will not be able to "talk" for about 5
> days. I have clients who connect also will not be able to talk to the master
> DC, but can see the other DC.
>
> I have tested this in the past and I have issues with users not being able
> to log in who can only see DC2. Sometimes their login is slow or Windows
> will not allow them to log in. Is there something that i need to do to
> prepare for this?
>
> I have thought about getting a virtualized image of DC1 and loading it up @
> the DC2 site and allowing users to log in that way. Is this an option? What
> could happen once DC1 becomes visible again?
>
> Thanks in advance.
>
Make sure that DC2 is a Global Catalog (GC). Also, implement DNS and
DHCP. Then split the DHCP range between the two DCs.

--

Regards,
Hank Arnold
Microsoft MVP
Windows Server - Directory Services
Top