Coworker DC question

Daniel333

Hey everyone, I coworker emailed us at the help desk this today... any throughts?



Hello All,

I have an issue that I can’t figure out.

I have a client with 4 DC’s at one main site, and 3 DC’s at remote sites.
This issue focuses around the main site. There are 3 virtual DCs and one Physical DC at the site. The idea is, if the virtual servers are down the physical server will be up to service DHCP, DNS and other requests. Also during the power outage it will be the first DC up and server the same purpose. However that does not happen. The physical DC boots up and sits at “Preparing Network connections” forever (30 mins). After it comes up it does not service DHCP or DNS requests. In the logs there are numerous errors like “unable to find AD…”
I thought that the issue was with FSMO roles so I had the server in the following 3 scenarios:

1. Holds all FSMO roles
2. Holds no FSMO roles
3. Holds only PDC emulator role.

In all 3, the outcome was as described above.

After the other DCs come up, the environment is then back to normal, and the server is able to service DNS and DHCP requests, without a reboot. But this takes about 2 hours total, and the idea behind having a physical DC was to shorten the downtime to about 15-30 minutes.

Any ideas will be appreciated, cause I’m stuck!

undomiel

Sounds like a DNS issue. Is the physical DC pointing to itself for DNS? Does it have a static ip address set?

Hyper-Me

I would check what udomiel suggested.

Also, are the Sites and subnets configured properly?

exampasser

What version of windows server is he running? When I setup a windows 2008 DC I have had problems with DHCP not starting up.
I too would do what undomiel suggested. DNS problems tend to be the culprit for most issues with Active directory.
30 minute boot-up times are not unusual. I've often had to wait longer than that even for my DC to boot up.

On a side note I have tried out windows server 2008 core installation. It boots up fairly quickly and consumes half of the resources of a normal installation. I never even bothered me about never activating it lol. I would not recommend it for a forest-root domain controller, but it may be a good candidate for use as a virtual server.

Daniel333

Just checked, primary DNS points to itself. I read around and some people recommend pointing DC's to eachother. Is this normal?

Hyper-Me

DC's should always point to theirself, first.

exampasser

Hyper-Me wrote: »

DC's should always point to theirself, first.

I have had active directory errors when my DC's did not point to the forest-root DC first.

Hyper-Me

What errors? and Why would a DC need to go outside of its own domain to lookup DNS for its own domain?

exampasser

Hyper-Me wrote: »

What errors? and Why would a DC need to go outside of its own domain to lookup DNS for its own domain?

The domain controllers were part of the same domain. I can't remember the exact error (its been awhile) but I was unable to do things such as surf the Internet on those DC's until I had them point to my forest-root DC.

royal

Hyper-Me wrote: »

DC's should always point to theirself, first.

Not true.

Why?
1. Island DNS in Windows 2000
2. When you add more than 1 DC and you point to itself, it takes forever for the DC to start because it's waiting for itself to start DNS before the DC fully becomes operational. I NEVER point DCs to themselves.
3. During install, you'll have to point to another DC in order for an install to work correctly. If you're promoting a machine to DC or want a child DC to host its own zone, you do the same thing, but you need to create the delegations beforehand.

exampasser

royal wrote: »

Not true.

Why?
1. Island DNS in Windows 2000
2. When you add more than 1 DC and you point to itself, it takes forever for the DC to start because it's waiting for itself to start DNS before the DC fully becomes operational. I NEVER point DCs to themselves.
3. During install, you'll have to point to another DC in order for an install to work correctly. If you're promoting a machine to DC or want a child DC to host its own zone, you do the same thing, but you need to create the delegations beforehand.

MS claimed that this was fixed in Server 2003 and beyond

royal

exampasser wrote: »

MS claimed that this was fixed in Server 2003 and beyond

Hence why I said island DNS issue in Windows 2000 and not Windows 2000 and above.

royal

Now for the OP, this is common with DHCP on a DC. I've often had DHCP not start and need to be manually started. One reason DHCP should be on a member server. Since you're not on Windows 2000 and won't run into an island DNS issue, you can just point its DNS Server to itself. For the other servers, you can just point them to the physical DC so when they start up, they'll come up fast since they'll be pointing to a DC which already has DNS up and running.

exampasser

royal wrote: »

Hence why I said island DNS issue in Windows 2000 and not Windows 2000 and above.

I just wanted to point that out that this issue was was eventually fixed. I apologize if it sounded like I was trying to correct you, I should have worded that better.