+ Reply to Thread
Results 1 to 5 of 5
  1. Senior Member mikearama's Avatar
    Join Date
    May 2007
    Location
    Oshawa, Ontario
    Posts
    757

    Certifications
    CCNP, CCSP, CISSP, MCSE
    #1

    Default 2003 child domain behavior

    Alright techies... let's see who's got a handle on this one.

    I have set up a lab scenerio to match of hot DR setup. In it I've created a child domain connected and trusted to our root domain.

    In the lab, if I physically disconnect the child domain from the root, the child DC's continue to provide all services to the child domain without issue. However, if I reboot the child DC's while disconnected from the parent domain, the DC's take somewhere in the area of 40 minutes to an hour before they begin offering AD services. I find that we cannot even log into the child domain during this phase.

    From what I've read, this is the period of time when the DC's try continually to locate and connect to the forest root domain.

    In a DR situation, I cannot afford to have a 40-60 minute window of non-service if I have to reboot the DC out there. Anyone know of a workaround... a way to speed up the process... perhaps an option somewhere to change the amount of time required before giving up on locating the parent domain?

    Preciate any thoughts,
    Mike
    Reply With Quote Quote  

  2. SS -->
  3. BOBBY_TABLES RobertKaucher's Avatar
    Join Date
    Dec 2007
    Location
    Lebanon, Ohio - USA
    Posts
    4,274

    Certifications
    MCSD Web Apps/SharePoint Applications, MCITP: DBA 2005/2008, EA, EDA7, Linux+, Sec+, MCSE, MCDST, MCTS
    #2
    I did not see your question until now. Sorry no body has posted... Since this is a lab situation have you ensured all of your DCs have the most recent SPs and critical updates? What sort of structure is the child domain using? Where are the GCs?
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #3
    Maybe a DNS problem?
    Reply With Quote Quote  

  5. Senior Member jojopramos's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    419

    Certifications
    CCNA, MCSE, MCSA Messaging, A+, Server+, SCP
    #4
    Check if your sub domains DC's DNS still points to the root domain. If so, repoint it to the the sub domains DNS or to the DC itself if the DC is the one who is hosting the DNS sub domain or if you are running the active directory intergrated DNS in your sub domain. Another thing, check the health of your DC using dcdiag and netdiag to be more precise about detecting the error.
    Reply With Quote Quote  

  6. Senior Member mikearama's Avatar
    Join Date
    May 2007
    Location
    Oshawa, Ontario
    Posts
    757

    Certifications
    CCNP, CCSP, CISSP, MCSE
    #5
    Thanks for the input, guys.

    Our child domain runs AD-integrated DNS. All four of our DC's, including the DR-DC, are GC's. And DNS first does recursion to the root. In the event of a T1 failure to the root, then the built-in default internet DNS servers are used.

    I don't know what that tells you, except that if the MPLS link connecting HO to DR were to be down, and the backup T1 from DR to the root is brought up, the root would then be able to see the DC's/GC's both at HO from one path, and the DC/GC at DR from another path. All DC's would then look to the root for DNS recursion and authorization.

    Thoughts?
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks