0

I'm hoping someone can help me. I'm doing some testing and setup a backup domain controller. Didn't do anything special (just ran through the basic wizard) other than setup a couple of forwarders to forward internet traffic to opendns (which is the same as the primary domain controller). When i shutdown the primary domain controller i'm having problems accessing the domain. For example i have some mapped drives to other machines on the network. When i click one of the drives it comes up with an "enter network password" dialog and if i do enter my credentials it works but if of course i shouldn't have to do this. Also if i do a gpupdate i get the following error:

Computer policy could not be updated successfully. The following errors were encountered: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a tran sient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrat or.

Apparently the DNS is still working fine on the backup domain controller because i changed it to my only dns entry and i can still access the internet.

Both Domain Controllers are running Server 2012 Core. Both are running DNS. i've also checked the NTDS settings on both and they are set as "Global Catalog". All the macines have their primary dns as the primary domain controller and their second dns as the backup domain controller.

Improve this question
1
  • Old question but the answer to 95% of AD problems is "DNS". This is your immediate problem. Commented Jul 21, 2014 at 4:05

1 Answer 1

Reset to default
-1

I have had this problem some months ago when our primary domain controller crashed. I just started working there, so there was no other choice then a radical one. This is what happens. Like DNS, AD also has a primary controller. Since that one is down and you only have a backup domain controller, you need to seize control over the fsmo roles, otherwise the backup domain controller will not be able to write changes to active directory. http://www.petri.co.il/seizing_fsmo_roles.htm

then the next option you have is to install a new domain controller right away and transfer the fsmo roles to this new domain controller, so you secondary controller is secondary again (or backup in your case). To save yourself more headache, and if possible, change the ip address of this server to the one that just crashed. http://www.elmajdal.net/win2k8/Transferring_FSMO_Roles_in_Windows_Server_2008.aspx

Till then your client will suffer from unavailable domain controllers. however, its possible to trick the clients as well.

Improve this answer
1
  • 1. There is no "backup" domain controllers in AD. That's the NT days before 2000. 2. All AD DCs can write to AD. You might be thinking of the ADs running out of RIDs if the RID Master is lost, but that's not the same thing. 3. No "secondary" either, see the "backup" idea mentioned earlier. 4. Clients will contact the other DCs by finding them in DNS. There should be at least 2 DNS servers so this shouldn't be a problem. Commented Jul 21, 2014 at 4:04

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.