Share via

How to have an auto failover to second Domain Controller

Jim 306 Reputation points
2022-05-31T15:39:18.567+00:00

Configuration:
2 Windows 2012 servers.
Both configured as DC's and DNS servers.
Active Directory appears to be accurately replicated.
Server1=Primary DC
Server2=Backup (or secondary)DC.
VPN is Sonicwall using AD creds to athenticate.

What I expected:
If Server1 went down clients would still authenticate against Server2 when logging into the VPN. Or in the office for that matter, but all are laptops with Creds cached.

What happened:
Server1 was down due to a power issue only affecting it.
Server2 was up and running fine.
Users tried to connect to the VPN and were asked for credentials, authentication failed.

Suspect:
I did not have the second server listed in the Scope Options of the DHCP server running on Server1. There is no other DHCP server configured.

Would my suspicion be correct? Do I only need to add Server2 to the list of DNS servers in the DHCP scope options? It is a bit of a pain to test this as I support this company remotely.

Is the solution to just add Server2 to the list of DNS servers? If so, then there will be no DHCP server when they authenticate so what would that do?

Now, there is a somewhat secondary issue here. If they are using the VPN then they want some files on Server1. These files exist on Server2 but are not shared out. The are copied over, with the AD rights, using Robocopy every night. I had thought that if Server1 failed I could then create a share on Server2 to the files and they could access them that way. There is a small subset of users that need the file share on Server1 so it should not be a huge deal.

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
0 comments
Accepted answer
  1. Anonymous
    2022-06-01T18:44:02.48+00:00

    Sounds like that could work.
    https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn338973(v=ws.11)#hot-standby-example

    --please don't forget to upvote and Accept as answer if the reply is helpful--

7 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2022-05-31T17:38:35.41+00:00

    Something here could help.
    https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn338979(v=ws.11)

    --please don't forget to upvote and Accept as answer if the reply is helpful--

  2. Jim 306 Reputation points
    2022-05-31T19:42:33.443+00:00

    Sorry, all I got at that link was:

    404 - Page not found

  3. Jim 306 Reputation points
    2022-06-01T03:20:43.397+00:00

    Thank you. So, if I understand what I read:

    Server1 is my current DHCP server. Server2 does not have the DHCP role installed
    So...

    I install the DHCP roll on to server2.
    I then setup Server1 and Server2 to be failover servers for each other.

    Questions:
    Do I immediately make Server2 the failover server before starting the service, then set the DHCP server service to start automatically? It will then replicate the scope from Server1 but not give out IP address' until Server1 goes away?

    Am I understanding this correctly? They are both on prem in a small and the same subnet currently. Of course both have static IP's.

    0 comments
  4. Anonymous
    2022-06-01T18:01:44.93+00:00

    Some other options to consider. Hopefully the RRAS role is not on a domain controller.
    https://blogs.msmvps.com/robwill/2008/05/09/rras-dhcp-options/

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.