Jump to content
RESET Forums (homeservershow.com)
Sign in to follow this  
Ncage1974

Active Directory?

Recommended Posts

Ncage1974

I'm hoping someone in here has a good understanding of active directory. I have an AD server (server 2012) running my network. Its running under esxi. The disk for ad server are actually housed in my file server (iscsi target backed by storage spaces). Its worked relatively well but i've had a few issues where i have to reboot the file server (patching for example) or the iscsi target service in windows goes crazy which causes me to reboot the file server. Unfortunately when that happens everything on my network comes to a screeching halt until everything gets synced up again after the reboot (which can take an hour). I decided to setup another domain controller (again server 2012)  backed up my local storage on the esxi server rather than iscsi. This is all setup and working. Unfortunately when i shutdown my primary domain controller everything doesn't rollover to the secondary domain controller (even after rebooting the clients). DNS is working because i still have internet access but i loose most local lan access). As far as i know everything is setup correctly. My primary dns is the primary domain controller and secondary dns is the other domain controller. i'm hoping i don't have to read a 800+ page book on active directory to get this all figured out but you would think if you had multiple domain controller in a network and one goes down the others would take over. Any help would be appreciated. I'm thinking it has something to do with FSMO objects but my understanding of active directory is pretty elementary.

Share this post


Link to post
Share on other sites
Guest no-control

Too many things going on here you need to eliminate them to narrow down the issue. I hear a reboot issue and AD replication issue. 2 different problems. Some info on the topology of this setup would be helpful in determining where to start.

 

For the first issue you need to answer the appropriate questions:

  • Which environment is the issue? Is it in the Server(VM), ESXi, or iSCSI storage? 
  • Where does it occur? Is it an issue between ESXi and the SAN? Is it between the VM and the SAN?
  • Move the VM disk from the SAN to the local host, what happens?

 

For the second issue:

  • Do you have ADi DNS?
  • have you verified DC replication? (replmon)
  • Is this bare metal or a VM as well?

Share this post


Link to post
Share on other sites
JayBee

whoa... I don't even know where to begin without more information. Jump on your dc's and run a dcdiag and tell us what fails. When you've done that open up the DNS snap in, right click your dns server click on properties click on monitor and run the two tests "a simple query against this dns server" and "A recursive query to other dns servers". Are you using root hints for dns? Or are you forwarding to a specific dns? Or are you forwarding to a specific DNS + root hints if the specific dns isn't available?

It sounds like your network isn't aware the secondary dc exists. Does active directory replicate ok between the two servers?

Share this post


Link to post
Share on other sites
Ncage1974

 I'll try to answer these questions to the best of my ability. What has happened in every case is the BlockStorageService / Microsoft iSCSI target had 1 cpu core (out of 4) pegged on the server that is running the iSCSI target.The server running the iscsi target is also my file server and when this happens the network  speed will significantly slow down. If i try to read or write a file the speed is in KB/Sec. So though the problem seems to be related to the iscsi san service it affects all network operations. Guys its late so i will try to get the rest of the info for you tomorrow especially since i have to figure out what some of these tools are (replmon).

 

 

Too many things going on here you need to eliminate them to narrow down the issue. I hear a reboot issue and AD replication issue. 2 different problems. Some info on the topology of this setup would be helpful in determining where to start.

 

For the first issue you need to answer the appropriate questions:

  • Which environment is the issue? Is it in the Server(VM), ESXi, or iSCSI storage? 
  • Where does it occur? Is it an issue between ESXi and the SAN? Is it between the VM and the SAN?
  • Move the VM disk from the SAN to the local host, what happens?

 

 

For the DNS. Each AD server has its own dns server. Both AD servers are running under esxi its just the secondary one uses disk on the esxi server and the primary uses an iSCSI disk. The server running the iSCSI target service / file services is a bare metal machine and is not running virtualized. 

 

For the second issue:

  • Do you have ADi DNS?
  • have you verified DC replication? (replmon)
  • Is this bare metal or a VM as well?

Share this post


Link to post
Share on other sites
jem101

It shouldn't matter if you loose your first DC for a while even if it is holding all the FSMO roles as long as the other DC is also configured as a global catalog server. The second DC in a site doesn't always configure itself as one when being built (on the grounds that you already have one anyway).

 

Without a GC server, you won't be able to authenticate log-ins (among other stuff) so I'd check that out first.

 

Go to AD Sites and Services, left hand pane, expand Sites, Default-First-Name-Site (unless you have renamed the default site), expand Servers, expand (name of your second server), right-click on NTDS Settings, select Properties and see if the box is ticked for Global Catalog. If not tick it and wait 15 minutes or so for AD to sync up.

 

John

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  



×
×
  • Create New...