I have multiple domain controllers on a single network. All DCs are running Windows Server 2012 Standard. When I shutdown the "primary" domain controller, and try to logon to another server (tesing failover), I get the following results:
Connecting to dc2, I get:
estimating connection quality
welcome
applying user settings
please wait for the local session manager
Then it logs me into the session. However, each of these messages take a long time to come up, and when I run nslookup on this machine, I get:
dns request timed out
default server: unknown
Address: <ip address of primary dc (which is turned off)>
Trying to log on to another server, I get:
after Welcome screen:
There are currently no logon servers available to service the logon request.
I have the DNS ip addresses for Preferred and Alternate DNS Servers for each machine set to the ip addresses of the "primary" dc and dc2.
I am including a genericized dcdiag capture for dc2 below. I ran this command from the "primary" dc:
C:\Windows\system32> dcdiag /test:dns /v /s:dc2.domain.local /DnsDynamicUpdate
Directory Server Diagnosis
Performing initial setup:
* Connecting to directory service on server dc2.domain.local.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=domain,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=domain,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=dc2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=dc3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
Server is an RODC
All the info for the server collected
* Identifying all NC cross-refs.
* Found 3 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\dc2
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... dc2 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\dc2
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
See DNS test in enterprise tests section for results
......................... dc2 passed test DNS
Running partition tests on : ForestDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : DomainDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Schema
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Configuration
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : domain
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running enterprise tests on : domain.local
Starting test: DNS
Test results for domain controllers:
DC: dc2.domain.local
Domain: domain.local
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
The OS
Microsoft Windows Server 2012 Standard (Service Pack level: 0.0)
is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter
[00000011] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client):
MAC address is dc2_mac_address
IP Address is static
IP address: dc2_ip_address
DNS servers:
dc_ip_address (DC) [Valid]
dc2_ip_address (dc2) [Valid]
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Dynamic update (Dyn)
Test record dcdiag-test-record added successfully in zone domain.local
Test record dcdiag-test-record deleted successfully in zone domain.local
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: dc_ip_address (DC)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS server: dc2_ip_address (dc2)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: domain.local
dc2 PASS PASS n/a n/a PASS n/a n/a
......................... domain.local passed test DNS
Test omitted by user request: LocatorCheck
Test omitted by user request: Intersite
C:\Windows\system32>