2003 child domain behavior

mikearamamikearama Posts: 749Member
Alright techies... let's see who's got a handle on this one.

I have set up a lab scenerio to match of hot DR setup. In it I've created a child domain connected and trusted to our root domain.

In the lab, if I physically disconnect the child domain from the root, the child DC's continue to provide all services to the child domain without issue. However, if I reboot the child DC's while disconnected from the parent domain, the DC's take somewhere in the area of 40 minutes to an hour before they begin offering AD services. I find that we cannot even log into the child domain during this phase.

From what I've read, this is the period of time when the DC's try continually to locate and connect to the forest root domain.

In a DR situation, I cannot afford to have a 40-60 minute window of non-service if I have to reboot the DC out there. Anyone know of a workaround... a way to speed up the process... perhaps an option somewhere to change the amount of time required before giving up on locating the parent domain?

Preciate any thoughts,
Mike
There are only 10 kinds of people... those who understand binary, and those that don't.

CCIE Studies: Written passed: Jan 21/12 Lab Prep: Hours reading: 385. Hours labbing: 110

Taking a time-out to add the CCVP. Capitalizing on a current IPT pilot project.

Comments

  • RobertKaucherRobertKaucher Posts: 4,298Member
    I did not see your question until now. Sorry no body has posted... Since this is a lab situation have you ensured all of your DCs have the most recent SPs and critical updates? What sort of structure is the child domain using? Where are the GCs?
  • dynamikdynamik Posts: 12,314Banned ■■■■■■■■□□
    Maybe a DNS problem?
  • jojopramosjojopramos Posts: 415Member
    Check if your sub domains DC's DNS still points to the root domain. If so, repoint it to the the sub domains DNS or to the DC itself if the DC is the one who is hosting the DNS sub domain or if you are running the active directory intergrated DNS in your sub domain. Another thing, check the health of your DC using dcdiag and netdiag to be more precise about detecting the error.
  • mikearamamikearama Posts: 749Member
    Thanks for the input, guys.

    Our child domain runs AD-integrated DNS. All four of our DC's, including the DR-DC, are GC's. And DNS first does recursion to the root. In the event of a T1 failure to the root, then the built-in default internet DNS servers are used.

    I don't know what that tells you, except that if the MPLS link connecting HO to DR were to be down, and the backup T1 from DR to the root is brought up, the root would then be able to see the DC's/GC's both at HO from one path, and the DC/GC at DR from another path. All DC's would then look to the root for DNS recursion and authorization.

    Thoughts?
    There are only 10 kinds of people... those who understand binary, and those that don't.

    CCIE Studies: Written passed: Jan 21/12 Lab Prep: Hours reading: 385. Hours labbing: 110

    Taking a time-out to add the CCVP. Capitalizing on a current IPT pilot project.
Sign In or Register to comment.