Having multiple domain controllers does not help

Archived from groups: microsoft.public.win2000.security (More info?)

When my domain was Windows NT4 I had a PDC and a BDC. If the PDC or the BDC
ever needed to go offline during the day for whatever reason the network
would still function fine. Ever since I updated to Windows 2000, whenever I
need to do some maintainance on one of the DCs, many resources on the
network can't be accesses. Why gives???

Example. I had to restart one of the DCs and none of my user could access
their Exchange 2003 server email.

Example 2. I had an issue with a DC the other day and some users trying to
access the internet via ISA 2000 server were prompted for their
DOMAIN/USERNAME/PASSWORD every time they opened an IE window while some were
not. The ones that were had the problematic DC listed as their logon
server.

In NT 4, when a DC had a problem or was off line, clients (even W2K Pro)
would be able to pickup verifications from the other DCs, but this does not
seem to be happening with Windows 2000 Servers. I put up a second DC hoping
to help keep everything up, but it just seems like it is hurting things.

Archived from groups: microsoft.public.win2000.security (More info?)

Hi Jordan,

Can you check these things:
* your second DC (domain controller) is also a GC (global catalog). If it is
not it should be if you need it to perform the authentication if first DC
goes down
* is your second DC also a DNS server? If not, it should be. If you only
have one DNS server and it goes down clients won't be able to find the other
DC (they use DNS to locate DCs, GCs, ...)
* your clients should have both DCs listed as DNS servers (under TCP/IP
settings). If they only have one they will not be able to use second DNS
server to locate your DC if first DNS server goes down...

Mike

"Jordan" <nojunk_allowed@nospam.com> wrote in message
news:ei9rlJBzEHA.3996@TK2MSFTNGP10.phx.gbl...
> When my domain was Windows NT4 I had a PDC and a BDC. If the PDC or the
> BDC ever needed to go offline during the day for whatever reason the
> network would still function fine. Ever since I updated to Windows 2000,
> whenever I need to do some maintainance on one of the DCs, many resources
> on the network can't be accesses. Why gives???
>
> Example. I had to restart one of the DCs and none of my user could access
> their Exchange 2003 server email.
>
> Example 2. I had an issue with a DC the other day and some users trying
> to access the internet via ISA 2000 server were prompted for their
> DOMAIN/USERNAME/PASSWORD every time they opened an IE window while some
> were not. The ones that were had the problematic DC listed as their logon
> server.
>
> In NT 4, when a DC had a problem or was off line, clients (even W2K Pro)
> would be able to pickup verifications from the other DCs, but this does
> not seem to be happening with Windows 2000 Servers. I put up a second DC
> hoping to help keep everything up, but it just seems like it is hurting
> things.
>
>
>

Archived from groups: microsoft.public.win2000.security (More info?)

In addition to other replies check the Event Viewer on both domain
controllers to make sure there are no persistent replication problems.
Running the support tools dcdiag, replmon, and gpotool can also verify
correct connectivity/replication between domain controllers when both are up
and running. Dns configuration in the domain is critical as explained in the
link below. --- Steve

http://support.microsoft.com/defau [...] s%3B291382

"Jordan" <nojunk_allowed@nospam.com> wrote in message
news:ei9rlJBzEHA.3996@TK2MSFTNGP10.phx.gbl...
> When my domain was Windows NT4 I had a PDC and a BDC. If the PDC or the
> BDC ever needed to go offline during the day for whatever reason the
> network would still function fine. Ever since I updated to Windows 2000,
> whenever I need to do some maintainance on one of the DCs, many resources
> on the network can't be accesses. Why gives???
>
> Example. I had to restart one of the DCs and none of my user could access
> their Exchange 2003 server email.
>
> Example 2. I had an issue with a DC the other day and some users trying
> to access the internet via ISA 2000 server were prompted for their
> DOMAIN/USERNAME/PASSWORD every time they opened an IE window while some
> were not. The ones that were had the problematic DC listed as their logon
> server.
>
> In NT 4, when a DC had a problem or was off line, clients (even W2K Pro)
> would be able to pickup verifications from the other DCs, but this does
> not seem to be happening with Windows 2000 Servers. I put up a second DC
> hoping to help keep everything up, but it just seems like it is hurting
> things.
>
>
>

Archived from groups: microsoft.public.win2000.security (More info?)

Thanks. It appears that I never set the GC option when I made the second
server a DC. Both DCs are DNS servers and both are in the clients DHCP
settings so when I restart this server I should see if this takes care of
the problem.




"Miha Pihler" <mihap-news@atlantis.si> wrote in message
newstwTxjBzEHA.1260@TK2MSFTNGP12.phx.gbl...
> Hi Jordan,
>
> Can you check these things:
> * your second DC (domain controller) is also a GC (global catalog). If it
> is not it should be if you need it to perform the authentication if first
> DC goes down
> * is your second DC also a DNS server? If not, it should be. If you only
> have one DNS server and it goes down clients won't be able to find the
> other DC (they use DNS to locate DCs, GCs, ...)
> * your clients should have both DCs listed as DNS servers (under TCP/IP
> settings). If they only have one they will not be able to use second DNS
> server to locate your DC if first DNS server goes down...
>
> Mike
>
> "Jordan" <nojunk_allowed@nospam.com> wrote in message
> news:ei9rlJBzEHA.3996@TK2MSFTNGP10.phx.gbl...
>> When my domain was Windows NT4 I had a PDC and a BDC. If the PDC or the
>> BDC ever needed to go offline during the day for whatever reason the
>> network would still function fine. Ever since I updated to Windows 2000,
>> whenever I need to do some maintainance on one of the DCs, many resources
>> on the network can't be accesses. Why gives???
>>
>> Example. I had to restart one of the DCs and none of my user could
>> access their Exchange 2003 server email.
>>
>> Example 2. I had an issue with a DC the other day and some users trying
>> to access the internet via ISA 2000 server were prompted for their
>> DOMAIN/USERNAME/PASSWORD every time they opened an IE window while some
>> were not. The ones that were had the problematic DC listed as their
>> logon server.
>>
>> In NT 4, when a DC had a problem or was off line, clients (even W2K Pro)
>> would be able to pickup verifications from the other DCs, but this does
>> not seem to be happening with Windows 2000 Servers. I put up a second DC
>> hoping to help keep everything up, but it just seems like it is hurting
>> things.
>>
>>
>>
>
>