Failover Issue to Second DC Windows Server 2003
Hi all,
Here's the gist. Have an old DC (2003 R2), which was getting long in the tooth. So I created a new DC (2003 R2) through DCPROMO, AD integrated, DNS intergrated, and transfered all five fsmo rolls to it. Additionally I made it the DHCP server.
We have exchange 2003. When both the old and new DC's are up the netdiags and dcdiags are all passing. However if the old DC dies (mostly after a MS security update , users lose access to exchange, shared drives, etc, as well as the ability to logon.
Any suggestions would be appreciated.
Software/Hardware used:
Software/Hardware used:
ASKED:
March 21, 2010 1:03 AM
UPDATED:
March 27, 2010 1:58 AM
Answer Wiki:
In Exchange you need to configure the exchnage server to use the new DC for AD access
Check that the login scripts etc were replicated to the new DC.
Check that the new DC is in DNS and that it is in the correct site so the users can find it.
The settings on the user machines will need modifiying to put the new DC first in the list of DNS servers
To see all answers submitted to the Answer Wiki: View Answer History.
Hi Rich,
The DC is in DS Access, and also a GC. Additionally the second DC is in the RUS. Where else should I place it?
The DNS settings look OK. I will check logon scripts and DNS in user machines.
Thanks.
This appears to be a DNS problem. Take a look at the workstations and see if the new DNS server is listed by running ipconfig /all. If it is not, you have found the source of your problem. Go to your DHCP server and make the adjustment so that both DNS server addresses are passed along to the machines when the address is assigned or renewed.
Hey Rich,
Thanks for answering. On Exchange are you speaking of making sure the new DC is in DS Access and RUS, or that the actual AD connection is to the new DC. Right now the AD is pointed to the older DC and I have understood that so long as the second DC is in DS Access and is AD integrated it will switch automatically. Am I wrong?
Both DC’s have the logon scripts in the right location and appropriate DNS records (both are integrated DNS). Individual users are set to auto discover DNS in their network settings. Should it be hardcoded?
Additionally I checked replication and all is well with that. Again, everything seems normative until the older DC goes down.
One thing I discovered though. When you do a netdiag from the exchange with both machines up the trust relationship passes – it can see both DC, but notes that it cannot test a secure channel for the domain to the new DC.
Again, appreciate the help.
Steve,
Thanks for the help. Ipconfig on users computers displays the DNS of both DCs.
Hello all,
Performing a netdiag /v on the exchange server, I noticed this:
Attr: dnsHostName
Val: 25 (server name in upper case)
Attr: ldapServiceName
Val: 45 (server name in lowercase)
This is on the domain server that Exchange won’t fail over to. The name of the domain controller in the Computer properties is upper case as well.
Thoughts?