Having multiple domain controllers does not help

Archived from groups: microsoft.public.win2000.security (More info?)

When my domain was Windows NT4 I had a PDC and a BDC. If the PDC or the BDC
ever needed to go offline during the day for whatever reason the network
would still function fine. Ever since I updated to Windows 2000, whenever I
need to do some maintainance on one of the DCs, many resources on the
network can't be accesses. Why gives???

Example. I had to restart one of the DCs and none of my user could access
their Exchange 2003 server email.

Example 2. I had an issue with a DC the other day and some users trying to
access the internet via ISA 2000 server were prompted for their
DOMAIN/USERNAME/PASSWORD every time they opened an IE window while some were
not. The ones that were had the problematic DC listed as their logon
server.

In NT 4, when a DC had a problem or was off line, clients (even W2K Pro)
would be able to pickup verifications from the other DCs, but this does not
seem to be happening with Windows 2000 Servers. I put up a second DC hoping
to help keep everything up, but it just seems like it is hurting things.
5 answers Last reply
More about having multiple domain controllers help
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    Hi Jordan,

    Can you check these things:
    * your second DC (domain controller) is also a GC (global catalog). If it is
    not it should be if you need it to perform the authentication if first DC
    goes down
    * is your second DC also a DNS server? If not, it should be. If you only
    have one DNS server and it goes down clients won't be able to find the other
    DC (they use DNS to locate DCs, GCs, ...)
    * your clients should have both DCs listed as DNS servers (under TCP/IP
    settings). If they only have one they will not be able to use second DNS
    server to locate your DC if first DNS server goes down...

    Mike

    "Jordan" <nojunk_allowed@nospam.com> wrote in message
    news:ei9rlJBzEHA.3996@TK2MSFTNGP10.phx.gbl...
    > When my domain was Windows NT4 I had a PDC and a BDC. If the PDC or the
    > BDC ever needed to go offline during the day for whatever reason the
    > network would still function fine. Ever since I updated to Windows 2000,
    > whenever I need to do some maintainance on one of the DCs, many resources
    > on the network can't be accesses. Why gives???
    >
    > Example. I had to restart one of the DCs and none of my user could access
    > their Exchange 2003 server email.
    >
    > Example 2. I had an issue with a DC the other day and some users trying
    > to access the internet via ISA 2000 server were prompted for their
    > DOMAIN/USERNAME/PASSWORD every time they opened an IE window while some
    > were not. The ones that were had the problematic DC listed as their logon
    > server.
    >
    > In NT 4, when a DC had a problem or was off line, clients (even W2K Pro)
    > would be able to pickup verifications from the other DCs, but this does
    > not seem to be happening with Windows 2000 Servers. I put up a second DC
    > hoping to help keep everything up, but it just seems like it is hurting
    > things.
    >
    >
    >
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    On Tue, 16 Nov 2004 14:28:03 -0500, "Jordan"
    <nojunk_allowed@nospam.com> wrote:

    >When my domain was Windows NT4 I had a PDC and a BDC. If the PDC or the BDC
    >ever needed to go offline during the day for whatever reason the network
    >would still function fine. Ever since I updated to Windows 2000, whenever I
    >need to do some maintainance on one of the DCs, many resources on the
    >network can't be accesses. Why gives???
    >
    >Example. I had to restart one of the DCs and none of my user could access
    >their Exchange 2003 server email.
    >
    >Example 2. I had an issue with a DC the other day and some users trying to
    >access the internet via ISA 2000 server were prompted for their
    >DOMAIN/USERNAME/PASSWORD every time they opened an IE window while some were
    >not. The ones that were had the problematic DC listed as their logon
    >server.
    >
    >In NT 4, when a DC had a problem or was off line, clients (even W2K Pro)
    >would be able to pickup verifications from the other DCs, but this does not
    >seem to be happening with Windows 2000 Servers. I put up a second DC hoping
    >to help keep everything up, but it just seems like it is hurting things.

    Keep in mind it may not be your DC, but rather other services running
    on it. DNS for example. Make sure you have alternates available.
    Also, make sure the remaining DC is a Global Catalog server. That can
    cause issues such as you describe.

    Jeff
  3. Archived from groups: microsoft.public.win2000.security (More info?)

    Windows 2000 is actually better than NT that way, in that all DCs are more
    or less equal peers. It sounds like the problem is the DCs have not been
    implemented according to best practices from Microsoft. In general, when
    these things happen, check the Windows System and Application event logs for
    more informative error messages.

    www.microsoft.com/technet/security and www.microsoft.com/technet and
    www.microsoft.com/windows have information on best practices for windows
    implementation.


    "Jordan" <nojunk_allowed@nospam.com> wrote in message
    news:ei9rlJBzEHA.3996@TK2MSFTNGP10.phx.gbl...
    > When my domain was Windows NT4 I had a PDC and a BDC. If the PDC or the
    BDC
    > ever needed to go offline during the day for whatever reason the network
    > would still function fine. Ever since I updated to Windows 2000, whenever
    I
    > need to do some maintainance on one of the DCs, many resources on the
    > network can't be accesses. Why gives???
    >
    > Example. I had to restart one of the DCs and none of my user could access
    > their Exchange 2003 server email.
    >
    > Example 2. I had an issue with a DC the other day and some users trying
    to
    > access the internet via ISA 2000 server were prompted for their
    > DOMAIN/USERNAME/PASSWORD every time they opened an IE window while some
    were
    > not. The ones that were had the problematic DC listed as their logon
    > server.
    >
    > In NT 4, when a DC had a problem or was off line, clients (even W2K Pro)
    > would be able to pickup verifications from the other DCs, but this does
    not
    > seem to be happening with Windows 2000 Servers. I put up a second DC
    hoping
    > to help keep everything up, but it just seems like it is hurting things.
    >
    >
    >
  4. Archived from groups: microsoft.public.win2000.security (More info?)

    In addition to other replies check the Event Viewer on both domain
    controllers to make sure there are no persistent replication problems.
    Running the support tools dcdiag, replmon, and gpotool can also verify
    correct connectivity/replication between domain controllers when both are up
    and running. Dns configuration in the domain is critical as explained in the
    link below. --- Steve

    http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B291382

    "Jordan" <nojunk_allowed@nospam.com> wrote in message
    news:ei9rlJBzEHA.3996@TK2MSFTNGP10.phx.gbl...
    > When my domain was Windows NT4 I had a PDC and a BDC. If the PDC or the
    > BDC ever needed to go offline during the day for whatever reason the
    > network would still function fine. Ever since I updated to Windows 2000,
    > whenever I need to do some maintainance on one of the DCs, many resources
    > on the network can't be accesses. Why gives???
    >
    > Example. I had to restart one of the DCs and none of my user could access
    > their Exchange 2003 server email.
    >
    > Example 2. I had an issue with a DC the other day and some users trying
    > to access the internet via ISA 2000 server were prompted for their
    > DOMAIN/USERNAME/PASSWORD every time they opened an IE window while some
    > were not. The ones that were had the problematic DC listed as their logon
    > server.
    >
    > In NT 4, when a DC had a problem or was off line, clients (even W2K Pro)
    > would be able to pickup verifications from the other DCs, but this does
    > not seem to be happening with Windows 2000 Servers. I put up a second DC
    > hoping to help keep everything up, but it just seems like it is hurting
    > things.
    >
    >
    >
  5. Archived from groups: microsoft.public.win2000.security (More info?)

    Thanks. It appears that I never set the GC option when I made the second
    server a DC. Both DCs are DNS servers and both are in the clients DHCP
    settings so when I restart this server I should see if this takes care of
    the problem.


    "Miha Pihler" <mihap-news@atlantis.si> wrote in message
    news:OtwTxjBzEHA.1260@TK2MSFTNGP12.phx.gbl...
    > Hi Jordan,
    >
    > Can you check these things:
    > * your second DC (domain controller) is also a GC (global catalog). If it
    > is not it should be if you need it to perform the authentication if first
    > DC goes down
    > * is your second DC also a DNS server? If not, it should be. If you only
    > have one DNS server and it goes down clients won't be able to find the
    > other DC (they use DNS to locate DCs, GCs, ...)
    > * your clients should have both DCs listed as DNS servers (under TCP/IP
    > settings). If they only have one they will not be able to use second DNS
    > server to locate your DC if first DNS server goes down...
    >
    > Mike
    >
    > "Jordan" <nojunk_allowed@nospam.com> wrote in message
    > news:ei9rlJBzEHA.3996@TK2MSFTNGP10.phx.gbl...
    >> When my domain was Windows NT4 I had a PDC and a BDC. If the PDC or the
    >> BDC ever needed to go offline during the day for whatever reason the
    >> network would still function fine. Ever since I updated to Windows 2000,
    >> whenever I need to do some maintainance on one of the DCs, many resources
    >> on the network can't be accesses. Why gives???
    >>
    >> Example. I had to restart one of the DCs and none of my user could
    >> access their Exchange 2003 server email.
    >>
    >> Example 2. I had an issue with a DC the other day and some users trying
    >> to access the internet via ISA 2000 server were prompted for their
    >> DOMAIN/USERNAME/PASSWORD every time they opened an IE window while some
    >> were not. The ones that were had the problematic DC listed as their
    >> logon server.
    >>
    >> In NT 4, when a DC had a problem or was off line, clients (even W2K Pro)
    >> would be able to pickup verifications from the other DCs, but this does
    >> not seem to be happening with Windows 2000 Servers. I put up a second DC
    >> hoping to help keep everything up, but it just seems like it is hurting
    >> things.
    >>
    >>
    >>
    >
    >
Ask a new question

Read More

Domain Servers Windows