November 5, 2008 at 12:25 pm
Hoping someone's gone through this before...In my production environment I've got two AD controllers. When I reboot the 1st controller there's a brief period when all new Windows auth logins to my SQL boxes fail because the controller is unavailable. Logins work again either with the 1st controller comes back up or SQL Server tries hitting the 2nd controller.
Is there a way for me to gracefully reboot an AD controller and avoid the brief period of login failures? I'm thinking there's got to be some kind of mechanism where I can force all my servers to authenticate against the 2nd controller while I reboot the 1st, or vice versa.
November 5, 2008 at 12:44 pm
I don't know your answer, but somethign you might want to look at is the property for LogonServer. If you run the set command it will show you the preffered LogonServer which is probably AD1. So when an auth is attempted it probably hits that, fails and then hits the backup domain controller. I don't however know if SQL uses this environment variable or if its just windows.
November 6, 2008 at 6:18 am
kendal.vandyke (11/5/2008)
Hoping someone's gone through this before...In my production environment I've got two AD controllers. When I reboot the 1st controller there's a brief period when all new Windows auth logins to my SQL boxes fail because the controller is unavailable. Logins work again either with the 1st controller comes back up or SQL Server tries hitting the 2nd controller.Is there a way for me to gracefully reboot an AD controller and avoid the brief period of login failures? I'm thinking there's got to be some kind of mechanism where I can force all my servers to authenticate against the 2nd controller while I reboot the 1st, or vice versa.
what FSMO roles does the 1st DC hold? I'm guessing its the PDC emulator, with this server down things like password changes and failed authentication checks are unavailable.
Why are you rebooting the 1st DC?
Is it on a regular basis?
Does the 2nd DC get rebooted?
if you constantly need to reboot DC1 then maybe look at transferring (not siezing) the PDC role to DC2
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉
November 6, 2008 at 8:04 am
Perry Whittle (11/6/2008)
what FSMO roles does the 1st DC hold? I'm guessing its the PDC emulator, with this server down things like password changes and failed authentication checks are unavailable.Why are you rebooting the 1st DC?
Is it on a regular basis?
Does the 2nd DC get rebooted?
if you constantly need to reboot DC1 then maybe look at transferring (not siezing) the PDC role to DC2
We have multiple datacenters and each datacenter has 2 controllers for redundancy. However, none of the controllers in question are the PDC emulator; that sits back in our offices. What I really mean by 1st DC is the controller configured as the 1st DNS server for every machine in that datacenter.
Patches, Windows updates, etc. necessitate reboots. Yes it's regularly since MS releases patches at least once a month. We patch and reboot one controller, then once it's back up rinse and repeat on the 2nd controller.
November 7, 2008 at 9:32 am
kendal.vandyke (11/6/2008)
We have multiple datacenters and each datacenter has 2 controllers for redundancy.
all these DC's are on the same domain then are they?
kendal.vandyke (11/6/2008)
What I really mean by 1st DC is the controller configured as the 1st DNS server for every machine in that datacenter.
so out of each set of DC's are they both configured as DNS servers or just 1 in each datacentre
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉
November 7, 2008 at 9:41 am
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply