| Author |
Message |
jay mack
Guest
|
 Posted:
Wed Jan 12, 2005 1:01 am Post subject:
hosts not using alternate DC's |
|
|
i am running a 2003 native domain with 1 dc at each site and 4 sites. i am
replicating from one main dc to the dc at each of the other sites. there is a
gc on every server. last week the main dc went off the network due to a
switch reboot. this was only down 5 minutes but the webservers at each site
could not authenticate with the shopcart server causing our website to go
down. the website runs under a domain account and sql server uses SSPI to
check authentication. why would the loss of the main dc cause this outage. is
it possible that the the dc's at each of the other sites would not accept
authentications at this time? the shopcart is at the site that had the dc
unavailable, wouldn't it have gone to a dc at another site if its dc was not
available. i have since gone in and configured replication to auto discover
the dc's yet the main dc that went down is the only dc to add automatic
replication partners. i have a direct connection between all sites, i would
think a connection would be auto generated. any help would be appreciated
especially in configuring a domain that will not fail with the loss of a
single dc. thanks |
|
| Back to top |
|
 |
Kevin Hardy
Guest
|
| Posted:
Wed Jan 12, 2005 1:43 am Post subject:
RE: hosts not using alternate DC's |
|
|
Do you have all the servers pointing to an alternate DNS server for your
domain as their secondary DNS? Or onlyt the one DNS server that went down.
....if that one goes down and they have secondary DNS servers pointing to the
other DC's than it should find everything automatically but only if you have
the secondary DNS server set.....
Kevin Hardy
"jay mack" wrote:
| Quote: | i am running a 2003 native domain with 1 dc at each site and 4 sites. i am
replicating from one main dc to the dc at each of the other sites. there is a
gc on every server. last week the main dc went off the network due to a
switch reboot. this was only down 5 minutes but the webservers at each site
could not authenticate with the shopcart server causing our website to go
down. the website runs under a domain account and sql server uses SSPI to
check authentication. why would the loss of the main dc cause this outage. is
it possible that the the dc's at each of the other sites would not accept
authentications at this time? the shopcart is at the site that had the dc
unavailable, wouldn't it have gone to a dc at another site if its dc was not
available. i have since gone in and configured replication to auto discover
the dc's yet the main dc that went down is the only dc to add automatic
replication partners. i have a direct connection between all sites, i would
think a connection would be auto generated. any help would be appreciated
especially in configuring a domain that will not fail with the loss of a
single dc. thanks |
|
|
| Back to top |
|
|
Phillip Renouf
Guest
|
| Posted:
Wed Jan 12, 2005 2:09 am Post subject:
RE: hosts not using alternate DC's |
|
|
I would also check with the application that it is not pointing at the Main
DC by name. That is a common mistake with applications using AD for
authentication as it is easier to make work for the developers.
As for the replication topology, if your remote sites connect directly to
the main site and do not have direction connections to each other then it
makes sense that your Main site DC is acting in the manner you describe since
that would be the optimal replication topology.
Phil
"Kevin Hardy" wrote:
| Quote: | Do you have all the servers pointing to an alternate DNS server for your
domain as their secondary DNS? Or onlyt the one DNS server that went down.
...if that one goes down and they have secondary DNS servers pointing to the
other DC's than it should find everything automatically but only if you have
the secondary DNS server set.....
Kevin Hardy
"jay mack" wrote:
i am running a 2003 native domain with 1 dc at each site and 4 sites. i am
replicating from one main dc to the dc at each of the other sites. there is a
gc on every server. last week the main dc went off the network due to a
switch reboot. this was only down 5 minutes but the webservers at each site
could not authenticate with the shopcart server causing our website to go
down. the website runs under a domain account and sql server uses SSPI to
check authentication. why would the loss of the main dc cause this outage. is
it possible that the the dc's at each of the other sites would not accept
authentications at this time? the shopcart is at the site that had the dc
unavailable, wouldn't it have gone to a dc at another site if its dc was not
available. i have since gone in and configured replication to auto discover
the dc's yet the main dc that went down is the only dc to add automatic
replication partners. i have a direct connection between all sites, i would
think a connection would be auto generated. any help would be appreciated
especially in configuring a domain that will not fail with the loss of a
single dc. thanks |
|
|
| Back to top |
|
|
jay mack
Guest
|
| Posted:
Wed Jan 12, 2005 3:17 am Post subject:
RE: hosts not using alternate DC's |
|
|
i have all servers pointing to multiple dns servers, the only hits to AD are
all done through SSPI to connect the webservers to the sql servers. there are
no instances of authentication with only one DC.
Jay
"Phillip Renouf" wrote:
| Quote: | I would also check with the application that it is not pointing at the Main
DC by name. That is a common mistake with applications using AD for
authentication as it is easier to make work for the developers.
As for the replication topology, if your remote sites connect directly to
the main site and do not have direction connections to each other then it
makes sense that your Main site DC is acting in the manner you describe since
that would be the optimal replication topology.
Phil
"Kevin Hardy" wrote:
Do you have all the servers pointing to an alternate DNS server for your
domain as their secondary DNS? Or onlyt the one DNS server that went down.
...if that one goes down and they have secondary DNS servers pointing to the
other DC's than it should find everything automatically but only if you have
the secondary DNS server set.....
Kevin Hardy
"jay mack" wrote:
i am running a 2003 native domain with 1 dc at each site and 4 sites. i am
replicating from one main dc to the dc at each of the other sites. there is a
gc on every server. last week the main dc went off the network due to a
switch reboot. this was only down 5 minutes but the webservers at each site
could not authenticate with the shopcart server causing our website to go
down. the website runs under a domain account and sql server uses SSPI to
check authentication. why would the loss of the main dc cause this outage. is
it possible that the the dc's at each of the other sites would not accept
authentications at this time? the shopcart is at the site that had the dc
unavailable, wouldn't it have gone to a dc at another site if its dc was not
available. i have since gone in and configured replication to auto discover
the dc's yet the main dc that went down is the only dc to add automatic
replication partners. i have a direct connection between all sites, i would
think a connection would be auto generated. any help would be appreciated
especially in configuring a domain that will not fail with the loss of a
single dc. thanks |
|
|
| Back to top |
|
|
John Reijnders
Guest
|
| Posted:
Wed Jan 12, 2005 9:45 pm Post subject:
RE: hosts not using alternate DC's |
|
|
Hi Jack,
You should check your DNS whether or not "failover" records (ex.
_kerberos.tcp.SiteName. and _sites.dc._msdcs.DnsDomainName) are present.
These enable a client to locate a domain controller that is running the
Windows Server 2003 implementation of the Kerberos KDC service for the domain
that is named DnsDomainName and that is also in the site named SiteName. All
Windows Server 2003–based domain controllers that are running the KDC service
register this SRV record.
Cheers!
John Reijnders
"jay mack" wrote:
| Quote: | i am running a 2003 native domain with 1 dc at each site and 4 sites. i am
replicating from one main dc to the dc at each of the other sites. there is a
gc on every server. last week the main dc went off the network due to a
switch reboot. this was only down 5 minutes but the webservers at each site
could not authenticate with the shopcart server causing our website to go
down. the website runs under a domain account and sql server uses SSPI to
check authentication. why would the loss of the main dc cause this outage. is
it possible that the the dc's at each of the other sites would not accept
authentications at this time? the shopcart is at the site that had the dc
unavailable, wouldn't it have gone to a dc at another site if its dc was not
available. i have since gone in and configured replication to auto discover
the dc's yet the main dc that went down is the only dc to add automatic
replication partners. i have a direct connection between all sites, i would
think a connection would be auto generated. any help would be appreciated
especially in configuring a domain that will not fail with the loss of a
single dc. thanks |
|
|
| Back to top |
|
|
jay mack
Guest
|
| Posted:
Thu Jan 13, 2005 7:39 am Post subject:
RE: hosts not using alternate DC's |
|
|
i verified the dns entries, that is good information. i am starting to think
that the server that monitors the webservers did some sort of caching as it
would have hit the dc that went down but somehow or another did not go to the
next dc. the application is Sitescope and and from what i have seen it does
not handle things well when any server it talks to goes away.
"John Reijnders" wrote:
| Quote: | Hi Jack,
You should check your DNS whether or not "failover" records (ex.
_kerberos.tcp.SiteName. and _sites.dc._msdcs.DnsDomainName) are present.
These enable a client to locate a domain controller that is running the
Windows Server 2003 implementation of the Kerberos KDC service for the domain
that is named DnsDomainName and that is also in the site named SiteName. All
Windows Server 2003–based domain controllers that are running the KDC service
register this SRV record.
Cheers!
John Reijnders
"jay mack" wrote:
i am running a 2003 native domain with 1 dc at each site and 4 sites. i am
replicating from one main dc to the dc at each of the other sites. there is a
gc on every server. last week the main dc went off the network due to a
switch reboot. this was only down 5 minutes but the webservers at each site
could not authenticate with the shopcart server causing our website to go
down. the website runs under a domain account and sql server uses SSPI to
check authentication. why would the loss of the main dc cause this outage. is
it possible that the the dc's at each of the other sites would not accept
authentications at this time? the shopcart is at the site that had the dc
unavailable, wouldn't it have gone to a dc at another site if its dc was not
available. i have since gone in and configured replication to auto discover
the dc's yet the main dc that went down is the only dc to add automatic
replication partners. i have a direct connection between all sites, i would
think a connection would be auto generated. any help would be appreciated
especially in configuring a domain that will not fail with the loss of a
single dc. thanks |
|
|
| Back to top |
|
|
John Reijnders
Guest
|
| Posted:
Thu Jan 13, 2005 1:43 pm Post subject:
RE: hosts not using alternate DC's |
|
|
Hi Jack,
I suggest to do the following:
- Start a network trace that monitors all the traffic from the app.server.
- Shut down the DC
- Keep tracing.
- Analyse the trace to see whether or not any queries are fired to DNS to
find an alternative DC. If not, you might be right and the app is caching DC
info. If queries are fired against DNS, but wrong answers are given ... the
real fun begins!
Let us know what the results are.
Cheers!
John Reijnders
"jay mack" wrote:
| Quote: | i verified the dns entries, that is good information. i am starting to think
that the server that monitors the webservers did some sort of caching as it
would have hit the dc that went down but somehow or another did not go to the
next dc. the application is Sitescope and and from what i have seen it does
not handle things well when any server it talks to goes away.
"John Reijnders" wrote:
Hi Jack,
You should check your DNS whether or not "failover" records (ex.
_kerberos.tcp.SiteName. and _sites.dc._msdcs.DnsDomainName) are present.
These enable a client to locate a domain controller that is running the
Windows Server 2003 implementation of the Kerberos KDC service for the domain
that is named DnsDomainName and that is also in the site named SiteName. All
Windows Server 2003–based domain controllers that are running the KDC service
register this SRV record.
Cheers!
John Reijnders
"jay mack" wrote:
i am running a 2003 native domain with 1 dc at each site and 4 sites. i am
replicating from one main dc to the dc at each of the other sites. there is a
gc on every server. last week the main dc went off the network due to a
switch reboot. this was only down 5 minutes but the webservers at each site
could not authenticate with the shopcart server causing our website to go
down. the website runs under a domain account and sql server uses SSPI to
check authentication. why would the loss of the main dc cause this outage. is
it possible that the the dc's at each of the other sites would not accept
authentications at this time? the shopcart is at the site that had the dc
unavailable, wouldn't it have gone to a dc at another site if its dc was not
available. i have since gone in and configured replication to auto discover
the dc's yet the main dc that went down is the only dc to add automatic
replication partners. i have a direct connection between all sites, i would
think a connection would be auto generated. any help would be appreciated
especially in configuring a domain that will not fail with the loss of a
single dc. thanks |
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in