Sign in with
Sign up | Sign in
Your question

Having multiple domain controllers does not help

Last response: in Windows 2000/NT
Share
November 16, 2004 5:28:03 PM

Archived from groups: microsoft.public.win2000.security (More info?)

When my domain was Windows NT4 I had a PDC and a BDC. If the PDC or the BDC
ever needed to go offline during the day for whatever reason the network
would still function fine. Ever since I updated to Windows 2000, whenever I
need to do some maintainance on one of the DCs, many resources on the
network can't be accesses. Why gives???

Example. I had to restart one of the DCs and none of my user could access
their Exchange 2003 server email.

Example 2. I had an issue with a DC the other day and some users trying to
access the internet via ISA 2000 server were prompted for their
DOMAIN/USERNAME/PASSWORD every time they opened an IE window while some were
not. The ones that were had the problematic DC listed as their logon
server.

In NT 4, when a DC had a problem or was off line, clients (even W2K Pro)
would be able to pickup verifications from the other DCs, but this does not
seem to be happening with Windows 2000 Servers. I put up a second DC hoping
to help keep everything up, but it just seems like it is hurting things.
Anonymous
November 17, 2004 12:14:57 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Hi Jordan,

Can you check these things:
* your second DC (domain controller) is also a GC (global catalog). If it is
not it should be if you need it to perform the authentication if first DC
goes down
* is your second DC also a DNS server? If not, it should be. If you only
have one DNS server and it goes down clients won't be able to find the other
DC (they use DNS to locate DCs, GCs, ...)
* your clients should have both DCs listed as DNS servers (under TCP/IP
settings). If they only have one they will not be able to use second DNS
server to locate your DC if first DNS server goes down...

Mike

"Jordan" <nojunk_allowed@nospam.com> wrote in message
news:ei9rlJBzEHA.3996@TK2MSFTNGP10.phx.gbl...
> When my domain was Windows NT4 I had a PDC and a BDC. If the PDC or the
> BDC ever needed to go offline during the day for whatever reason the
> network would still function fine. Ever since I updated to Windows 2000,
> whenever I need to do some maintainance on one of the DCs, many resources
> on the network can't be accesses. Why gives???
>
> Example. I had to restart one of the DCs and none of my user could access
> their Exchange 2003 server email.
>
> Example 2. I had an issue with a DC the other day and some users trying
> to access the internet via ISA 2000 server were prompted for their
> DOMAIN/USERNAME/PASSWORD every time they opened an IE window while some
> were not. The ones that were had the problematic DC listed as their logon
> server.
>
> In NT 4, when a DC had a problem or was off line, clients (even W2K Pro)
> would be able to pickup verifications from the other DCs, but this does
> not seem to be happening with Windows 2000 Servers. I put up a second DC
> hoping to help keep everything up, but it just seems like it is hurting
> things.
>
>
>
Anonymous
November 17, 2004 12:15:58 AM

Archived from groups: microsoft.public.win2000.security (More info?)

On Tue, 16 Nov 2004 14:28:03 -0500, "Jordan"
<nojunk_allowed@nospam.com> wrote:

>When my domain was Windows NT4 I had a PDC and a BDC. If the PDC or the BDC
>ever needed to go offline during the day for whatever reason the network
>would still function fine. Ever since I updated to Windows 2000, whenever I
>need to do some maintainance on one of the DCs, many resources on the
>network can't be accesses. Why gives???
>
>Example. I had to restart one of the DCs and none of my user could access
>their Exchange 2003 server email.
>
>Example 2. I had an issue with a DC the other day and some users trying to
>access the internet via ISA 2000 server were prompted for their
>DOMAIN/USERNAME/PASSWORD every time they opened an IE window while some were
>not. The ones that were had the problematic DC listed as their logon
>server.
>
>In NT 4, when a DC had a problem or was off line, clients (even W2K Pro)
>would be able to pickup verifications from the other DCs, but this does not
>seem to be happening with Windows 2000 Servers. I put up a second DC hoping
>to help keep everything up, but it just seems like it is hurting things.

Keep in mind it may not be your DC, but rather other services running
on it. DNS for example. Make sure you have alternates available.
Also, make sure the remaining DC is a Global Catalog server. That can
cause issues such as you describe.

Jeff
Related resources
Anonymous
November 17, 2004 12:55:06 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Windows 2000 is actually better than NT that way, in that all DCs are more
or less equal peers. It sounds like the problem is the DCs have not been
implemented according to best practices from Microsoft. In general, when
these things happen, check the Windows System and Application event logs for
more informative error messages.

www.microsoft.com/technet/security and www.microsoft.com/technet and
www.microsoft.com/windows have information on best practices for windows
implementation.


"Jordan" <nojunk_allowed@nospam.com> wrote in message
news:ei9rlJBzEHA.3996@TK2MSFTNGP10.phx.gbl...
> When my domain was Windows NT4 I had a PDC and a BDC. If the PDC or the
BDC
> ever needed to go offline during the day for whatever reason the network
> would still function fine. Ever since I updated to Windows 2000, whenever
I
> need to do some maintainance on one of the DCs, many resources on the
> network can't be accesses. Why gives???
>
> Example. I had to restart one of the DCs and none of my user could access
> their Exchange 2003 server email.
>
> Example 2. I had an issue with a DC the other day and some users trying
to
> access the internet via ISA 2000 server were prompted for their
> DOMAIN/USERNAME/PASSWORD every time they opened an IE window while some
were
> not. The ones that were had the problematic DC listed as their logon
> server.
>
> In NT 4, when a DC had a problem or was off line, clients (even W2K Pro)
> would be able to pickup verifications from the other DCs, but this does
not
> seem to be happening with Windows 2000 Servers. I put up a second DC
hoping
> to help keep everything up, but it just seems like it is hurting things.
>
>
>
Anonymous
November 17, 2004 2:45:27 AM

Archived from groups: microsoft.public.win2000.security (More info?)

In addition to other replies check the Event Viewer on both domain
controllers to make sure there are no persistent replication problems.
Running the support tools dcdiag, replmon, and gpotool can also verify
correct connectivity/replication between domain controllers when both are up
and running. Dns configuration in the domain is critical as explained in the
link below. --- Steve

http://support.microsoft.com/default.aspx?scid=kb%3Ben-...

"Jordan" <nojunk_allowed@nospam.com> wrote in message
news:ei9rlJBzEHA.3996@TK2MSFTNGP10.phx.gbl...
> When my domain was Windows NT4 I had a PDC and a BDC. If the PDC or the
> BDC ever needed to go offline during the day for whatever reason the
> network would still function fine. Ever since I updated to Windows 2000,
> whenever I need to do some maintainance on one of the DCs, many resources
> on the network can't be accesses. Why gives???
>
> Example. I had to restart one of the DCs and none of my user could access
> their Exchange 2003 server email.
>
> Example 2. I had an issue with a DC the other day and some users trying
> to access the internet via ISA 2000 server were prompted for their
> DOMAIN/USERNAME/PASSWORD every time they opened an IE window while some
> were not. The ones that were had the problematic DC listed as their logon
> server.
>
> In NT 4, when a DC had a problem or was off line, clients (even W2K Pro)
> would be able to pickup verifications from the other DCs, but this does
> not seem to be happening with Windows 2000 Servers. I put up a second DC
> hoping to help keep everything up, but it just seems like it is hurting
> things.
>
>
>
November 18, 2004 4:37:44 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Thanks. It appears that I never set the GC option when I made the second
server a DC. Both DCs are DNS servers and both are in the clients DHCP
settings so when I restart this server I should see if this takes care of
the problem.




"Miha Pihler" <mihap-news@atlantis.si> wrote in message
news:o twTxjBzEHA.1260@TK2MSFTNGP12.phx.gbl...
> Hi Jordan,
>
> Can you check these things:
> * your second DC (domain controller) is also a GC (global catalog). If it
> is not it should be if you need it to perform the authentication if first
> DC goes down
> * is your second DC also a DNS server? If not, it should be. If you only
> have one DNS server and it goes down clients won't be able to find the
> other DC (they use DNS to locate DCs, GCs, ...)
> * your clients should have both DCs listed as DNS servers (under TCP/IP
> settings). If they only have one they will not be able to use second DNS
> server to locate your DC if first DNS server goes down...
>
> Mike
>
> "Jordan" <nojunk_allowed@nospam.com> wrote in message
> news:ei9rlJBzEHA.3996@TK2MSFTNGP10.phx.gbl...
>> When my domain was Windows NT4 I had a PDC and a BDC. If the PDC or the
>> BDC ever needed to go offline during the day for whatever reason the
>> network would still function fine. Ever since I updated to Windows 2000,
>> whenever I need to do some maintainance on one of the DCs, many resources
>> on the network can't be accesses. Why gives???
>>
>> Example. I had to restart one of the DCs and none of my user could
>> access their Exchange 2003 server email.
>>
>> Example 2. I had an issue with a DC the other day and some users trying
>> to access the internet via ISA 2000 server were prompted for their
>> DOMAIN/USERNAME/PASSWORD every time they opened an IE window while some
>> were not. The ones that were had the problematic DC listed as their
>> logon server.
>>
>> In NT 4, when a DC had a problem or was off line, clients (even W2K Pro)
>> would be able to pickup verifications from the other DCs, but this does
>> not seem to be happening with Windows 2000 Servers. I put up a second DC
>> hoping to help keep everything up, but it just seems like it is hurting
>> things.
>>
>>
>>
>
>
!