1

My company has two domain controllers (call them DC1 and DC2) DC1 lives at our production building while DC2 lives at our admin office. The two properties are connected by a very unreliable VPN that drops offline when I sneeze the wrong way. When this happens the users at Admin suddenly cant connect to network resources because “there are no domain controllers available”… but DC2 is right friggen there…

When I ping the domain name, DNS points to DC1’s IP address no matter if DC1 is accessible or not. Ive gone into DNS on both servers looking for a setting to specify which DC to prefer, but I don’t see anything useful, and I’m not sure DNS is what I should be looking at anyway (although windows does like using WINS and DNS to locate DCs).

So it looks like everything is trying to authenticate to DC1 and DC2 might as well not exist at all. The particular kick in the backside is DC2 is the PRIMARY domain controller… so what the heck?!?

4 Spice ups
2

Have you configured separate sites in AD Sites and Services?

3 Spice ups
3

What are you using for DHCP? That may be where the DNS order is being setup.

2 Spice ups
4

Make sure the subnets are each in a different AD site, and make sure workstations at each site are using their local DNS server so the VPN going down doesn’t prevent resolution to local internal resources or internet.

1 Spice up
5

One question: When DC1 cannot be able to talk with DC2 could you be able to open up ADUC console on DC1? If not, what error do you get?

1 Spice up
6

When you do ‘nslookup localdomain.tld’ does it return both DCs or just one?

7

My guess is you don’t have separate sites setup and/or you have DNS pointing in both locations to DC1.

8

I have… but to be honest, I DIDN’T… everything in sites and services was the generic. Just a note; I inherited this system. previous sysadmin was… well… he had only one site to manage.

I’ve added the admin site, left the original “default_site_name” (though I did rename it), added the subnets for admin and the old subnet (which wasn’t set in the subnets container), set an IP link between the two sites, and moved DC2 to the admin\servers ou… now we wait?

9

I get server: unknown *** UnKnown can’t find [domainnamehere]: non-existent domain…

10

no error. all work as expected on the DCs themselves.

11

Both DCs are serving DNS, and when the link goes down, DNS continues to work. The problem is when people need to use a printer sitting right next to them and it asks for username and password because the dc they’re authenticating with is unreachable.

12

at Site1 DHCP is running on the DC (as well as DNS, and just about everything else). at Admin, we have a moderately high-end router to handle DHCP, and all those fun net-related TLAs and it does handle DNS too, but the DC already handles it so we just left it as is. when I change DHCP to direct DNS to the router instead, nothing changes. DNS isn’t an issue… well… kindof isn’t an issue.

13

THIS was the issue. thanks chmod777! after setting up the site and waiting a fair 20 minutes, things are pointing at the correct DC