Active Directory Failover

Question

Active Directory Failover

Kenelm Ulric Dogcio 105

We recently, migrated/upgraded customers Active Directory 2012 to 2022. It seems to be successful as users and computers were replicated in the 2022 Active Directory. We tried to test if it would failover, but it didn't. Scenario of the testing below:

Setup:

2x DC (Primary and Secondary) in 1 Site; WS2022.

We plugged off the Network Cable of the Primary
We ping the domain, returns RTO.
We tried to login to a workstation, not able to authenticate.
We plugged the Network Cable back in the Primary
We ping the domain, was able to Ping the Primary

What i was expecting is even if the primary is down, when we ping the domain, the secondary IP should be pingable. And also, users should be able to authenticate since there is a secondary DC.

I wish we could get help immediately. Thank you in advanced!

Accepted answer

7 additional answers

Your answer

Answer 1

Anonymous

Make sure the DHCP server is handing out both domain controller ip addresses listed for DNS. If that's not it then please run;

Dcdiag /v /c /d /e /s:%computername% >C:\dcdiag.log (run on PDC emulator)
repadmin /showrepl >C:\repl.txt (run on any domain controller)
ipconfig /all > C:\%computername%.txt (run on EVERY domain controller)
ipconfig /all > C:\problemworkstation.txt (run on problem pc)

Also check the domain controller System and Replication (DFS or FRS) event logs for errors since last boot. Post the Event Source and Event IDs of any found. (no evtx files)

then put unzipped text files up on OneDrive and share a link.

Kenelm Ulric Dogcio 105 Reputation points

2023-10-24T15:56:15.6466667+00:00

-- Duplicate
Kenelm Ulric Dogcio 105 Reputation points

2023-10-24T16:01:32.7733333+00:00

Hi Dave!

Thank you for your reply. Unfortunately, im not able to remote to their domain now. So i can't provide answers yet. I will get back to you the soonest once i have the answer to your question.

Thank you very much for your support!
Anonymous

2023-10-24T17:00:53.1833333+00:00

Sounds good, please don't forget to close up the thread here by marking answer if the reply is helpful--
Anonymous

2023-10-25T11:59:02.6166667+00:00

Please don't forget to close up the thread here by marking answer if the reply is helpful--

Answer 2

Kenelm Ulric Dogcio 105

Hi Dave!

Just got back from the client. Here's the link for the log files.

https://gsiorg0-my.sharepoint.com/:f:/g/personal/ulric_d_gsiorg_ph/EtpowCKXwYdGhvvcLPzKjDEBTg13eaK764BNb_J1xMbwig?e=L94Md9

The DC that were having problems is the Secondary.

Thanks for your help!

Answer 3

Anonymous

Both WSUS and SATADC1 are multi-homed which will always cause no end to grief for active directory DNS.
Each domain controller should have at a minimum its own static ip address plus the loopback (127.0.0.1) listed for DNS. So remove any of the other addresses. After corrections then do an ipconfig /flushdns, ipconfig /registerdns, and restart the netlogon service.
You didn't put up the file for the problem member but make sure it has the static addresses of both domain controllers listed for DNS and no others such as router or public DNS or the other unknown addresses the DCs have.
I didn't look too much at the rest because above are showstoppers. If problems persist then put up a new set of files to look at.

--please don't forget to close up the thread here by marking answer if the reply is helpful--

Kenelm Ulric Dogcio 105 Reputation points

2023-10-26T15:54:38.33+00:00
Sorry, i may misunderstood. So i don't have to do anything for your 1st point right? Meaning redundancy is ensured?

I can see that the Secondary server, the Adapter with .246 IP doesnt have the entry .246 on DNS,. So i just should add that?

On the other note, the 202 IP is actually their DNS. Its where all their resources is stored. Are you saying i should remove it?

That should be the IPConfigofSecondary.txt Here: https://gsiorg0-my.sharepoint.com/:t:/g/personal/ulric_d_gsiorg_ph/EZI56XZaT0BEuCo5owVh4l4Bl42_Bas8eYaOLKAbFlnKDw?e=MWcgv1
Kenelm Ulric Dogcio 105 Reputation points

2023-10-27T03:53:22.7033333+00:00

Hi Dave, can you confirm this? ^^

Answer 4

SChalakov 10,576 MVP Volunteer Moderator

Hi @Kenelm Ulric Dogcio

please make sure you you hide all the sensitive information from your log files. I just took a short look and you have put all your customer's log files publicly on the Internet. Those contain very important and sensitive IPs. I would encourage you to anonymize those or find another way of providing the data needed.

(If the reply was helpful please don't forget to upvote or accept as answer, thank you)
Regards,
Stoyan

Anonymous

2023-10-26T15:14:46.9066667+00:00

Those contain very important and sensitive IPs.

The addresses are all in private space and are not publicly routable on the global Internet. Many use 192.168.x.x address space on their private networks including myself.
Kenelm Ulric Dogcio 105 Reputation points

2023-10-26T15:40:04.88+00:00

Thank you for your concern, i understand but yeah as Dave says, its not a PublicIP. But i already removed sharing. But thank you.

Answer 5

Kenelm Ulric Dogcio 105

As for the Replication Events:

SOURCE	EventID
DFSR	5002, 1202, 5008, 6104

For the System Events:

Source	EventID
NETLOGON	5722
Service Control Manager	7030
DistributedCOM	10028

Anonymous

2023-10-26T15:39:12.03+00:00

I'd work out the issues I mentioned above as first step.
Kenelm Ulric Dogcio 105 Reputation points

2023-10-26T15:57:57.06+00:00

Understood. Im just currently looking for other options to try and fix all errors. Since i have to do this on 1 go. 2 days from now. I can't really remote to their environment as per their policy and i can't do any changes as they have operations 24/5. But thank you very much for your help. Hope i can catch you online during the time im able to these steps.

Share via

Active Directory Failover

7 additional answers

Your answer