Home / server / Questions / 394718
Accepted
Force Flow
Asked: 2012-06-02 06:01:55 +0800 CST

domain name UNC path is inaccessible if one domain controller goes down

  • 772

I have two domain controllers set up something like this:

ServerA.mydomain.local: 10.10.10.2 (Windows Server 2008)
ServerB.mydomain.local: 10.10.10.3 (Windows server 2008 R2)

For login scripts and the like, I use the path: \\mydomain.local\netlogon

This seems to always default to ServerB. If I turn off or restart ServerB (a process which takes several minutes), attempting to visit \\mydomain.local does not flip to ServerA. If I ping mydomain.local, it always returns the IP address of ServerB, even when it has been turned off.

I thought this was supposed to be a round-robin system.

Why am I seeing this behavior, and how can I fix it?

windows-server-2008 domain unc

3 Answers

  1. Best Answer

    There's not really enough information here to answer your question, but hopefully some of this can give you a better understanding of how Active Directory functions and maybe you'll be pointed on the right path.

    For login scripts and the like, I use the path: \\mydomain.local\netlogon

    mydomain.local is a DNS zone that lives on the DNS servers for your Active Directory. By default, new domain controllers register A records for themselves in this zone and they also register A records for the zone name itself as their IP. The records should be in the mydomain.local zone and look like this:

    (Same as parent folder) Host(A) 10.10.10.2 <timestamp>
    (Same as parent folder) Host(A) 10.10.10.3 <timestamp>

    If you do nslookup mydomain.local the DNS server should return a list of all domain controllers. If not, you're missing an A record at the very least.

    If one of those is missing, you should re-create it manually and do some root-cause analysis to find why it's missing. When a client tries to look up \\mydomain.local in this case, it is doing it by the A record.

    You should also check the _msdcs zone and make sure that both servers are listed there where they should be. If you can log on while serverB is offline, then this zone is likely OK.

    You should use dcdiag.exe just to make sure that both domain controllers are in fact healthy and functioning properly.

    Also, if you're not running DNS on both DCs, you should and your clients should use both servers for DNS.

    Also, the DCs should use each other as the primary server for name resolution and themselves as secondaries to prevent replication issues. Just to clarify, this means:

    serverA
Primary DNS    10.10.10.3
Secondary DNS  127.0.0.1

serverB
Primary DNS    10.10.10.2
Secondary DNS  127.0.0.1

    If you don't do this, you run the risk of breaking replication in certain situations.

    • 3

  2. Based on the fact that DHCP is complaining when you try to add the server IP address I suggest you check the following:

    At a Prompt:

    C:\> nslookup
C:\> server servera
C:\> mydomain.local

    Run this for both Server A & B. If you don't get a response from either of them you may have two issues:

    1. DNS Service is not running or enabled
    2. Firewall may be blocking traffic to the server

    Let us know if the commands both come back properly.

    • 1

  3. If nslookup shows dns timeout 2 seconds, it generally means you are missing a pointer record for that server. Add pointer record in the reverse zone to correct the "unknown" issue in nslookup and queries. I know this question is old. I just thought I would let anyone who has this issue know how to correct it.

    • 0