Clustering Configuration with Primary & Secondary Domain Controllers

Similar Messages

• Windows Server Primary & Secondary Domain Controller Question

  lulzchicken wrote:
  Right now the DHCP is assigning 192.168.200.1 (DNS server) and 8.8.8.8 (Google's DNS) as DNS servers for each client. I don't necessarilly want to change these assignment settings,Yes, you do. This is absolutely the worst thing you can ever do with DNS. More details why here -> Ramblings of a Sysadmin: How to do DNS correctly
  Primary and secondary DNS should ALWAYS be internal.
  Your DNS Servers should use FORWARDERS go go out to google. That's the only place that should see google DNS servers in your environment.

  Hi everyone, thank you for taking the time to listen.
  I have successfully implemented an Active Directory setup using a Primary DC and a Secondary DC with Windows Server 2012 R2.
  EL1 is my PDC and EL2 is my BDC.
  Active Directory is in sync among the two Domain Controllers. Here is my question:
  If I were to have a policy (Group Policy) that sets the wallpaper of each client machine to whatever is in the "\\EL1\Wallpaper\wp.jpg" - what would happen if I were to have that Domain Controller fail? That directory is no longer available due to the outage - even though the Backup Domain Controller will still be pushing out the policy (pointing to the down server).
  My idea was to have that directory replicated on the Backup Domain Controller, "\\EL2\Wallpaper\wp.jpg" however - the policy will still be looking for the file in the Primary Domain...
  This topic first appeared in the Spiceworks Community

• Problem with primary/secondary keys in table with included structures

  Dear ABAPers,
  we have a structure which is supposed to be included in the definition of several tables.
  The problem is the following:
  depending on the application table that includes this structure, 3 or 4 fields of that structure may
  or may not be necessary to enhance the table key. As far as I know included structures can only
  completely be marked as keys. Therefore I suggested to split up the structure into two parts,
  one part with the possible candidates that may become key fields, and the rest, and of course
  a structure that unites both of these substructures. So when it comes to reusing this structure
  the developer would have the choice to select the structure with all of the fields in case no field
  is needed as additional key, or the developer would have to implement both of the substructures
  separately with the option to mark the key-part of it as key in his table.
  But unfortunetaly this suggestion of mine was refused as being too complicated and I am supposed
  to define all the fields in one flat structure and to "enhance" the primary keys (that always will exist)
  by secondary keys.
  Does anybody know how that is supposed to work without defining double indexes?
  I cannot activate a table without having primary keys defined and any unique secondary index would
  allways include all of the primary keys.
  Thanks in advance for you help
  (I'm sorry that you cannot be granted reward points for just reading the extensive problem description)
  regards
  Andreas

  Dear Rob,
  since your answer was helpful and since it was the only one I will grant you full points on that.
  Thanks again for your input. In case other developers should look this thread up being confronted
  with the same kind of problem, here is how we solved it:
  We added an artificial primary key (a number of type NUMC 8) to the table which is supposed to
  include the structure. This key alone takes care of the uniqueness of eacht entry.
  All the others fields that we want to have available for a fast direct access, including the ones
  from the included structure, are put together in a secondary index.
  best regards
  Andreas

• I am running Xsan 2 with primary/backup meta controllers and both of my servers showing no link on the Fiber channel cards....have 2 G5 dual 2.3 GHz systems, 6 gig ram, 10.5OS. and PCI-X FC cards.  QLogic 5600 switches.  Looking for the non-obvious

  They have been up and running for over a about a year on XSAN 2 and all of a sudden started having problems with data transter and then won's connect anymore
  Thanks

  Quote
  amd 64=12a @12V
  ati 9800=7.5~10.5a @12V (assuming 90~125 watts) a max load,
  a 9600 ir nvida 5200 used far less power
  so your already at 18a with no fan,s no hd, no cd,no dvd ,no mobo chipset , no mem, no sound..etc
  If you exclude the motherboard, memory, etc like you did there, the amd 64 draws 7.2A @ 12V.
  90~125W for an ATI 9800?! [irony]Are you working for a PSU manufacturer or what?[/irony] That's just absurd.  
  Go read this post to get a feel for the actual power consumption: https://forum-en.msi.com/index.php?postid=297061&sid=#post297061

• Secondary domain controller not able to connect from work stations.

  We are using primary and secondary domain controllers. In which the secondary domain controller act as a replication server. actually the problem occurs while accessing the secondary domain controller from work stations I get the following error:
   "The trust relationship between this workstation and the primary domain failed".
  Any one please give as a solution.
  Thank you.

  Hi,
  Most simple resolution would be unjoin/disjoin the computer from the domain and rejoin the computer account back to the domain.
  There might be multiple reasons for this kind of behavior.
  Here are a few of them:
  Single SID has been assigned to multiple computers.
  If the Secure Channel is Broken between Domain controller and workstations
  If there are no SPN or DNS Host Name mentioned in the computer account attributes
  Outdated NIC Drivers.
  According your description, the second one may be the cause of your problem.
  When a Computer account is joined to the domain, Secure Channel password is stored with computer account in domain controller. By default this password will change every 30 days (This is an automatic process, no manual intervention is required).
  Upon starting the computer, Netlogon attempts to discover a DC for the domain in which its machine account exists. After locating the appropriate DC, the machine account password from the workstation is authenticated against the password on the DC.
  If there are problems with system time, DNS configuration or other settings, secure channel’s password between Workstation and DCs may not synchronize with each other.
  A common cause of broken secure channel [machine account password] is that the secure channel password held by the domain member does not match that held by the AD. Often, this is caused by performing a Windows System Restore (or reverting
  to previous backup or snapshot) on the member machine, causing an old (previous) machine account password to be presented to the AD.
  Follow below link which explains typical symptoms when Secure channel broken,
  Typical Symptoms when secure channel is broken
  http://blogs.technet.com/b/asiasupp/archive/2007/01/18/typical-symptoms-when-secure-channel-is-broken.aspx
  For detailed information, please refer to the link below,
  Troubleshooting AD: Trust Relationship between Workstation and Primary Domain failed
  http://social.technet.microsoft.com/wiki/contents/articles/9157.troubleshooting-ad-trust-relationship-between-workstation-and-primary-domain-failed.aspx
  Hope this helps.
  Steven Lee
  TechNet Community Support

• Connect two domain controllers to SAN storage

  Hi everyone
  I have primary and secondary domain controllers, I want to connect them to SAN storage as a cluster, I tried to configure Failover Clustering on them, but when adding them both to the Create A Cluster Wizard, I receive the following error (see the link)
  http://s14.postimg.org/lssjm2vu9/Screenshot_1.png
  so, is there any solution for this error, or may be there is another way to connect both DCs to the storage as cluster.
  any help will be appreciated,

  Hi,
  as I know this configuration is not supported.
  http://support.microsoft.com/kb/2795523/en-us
  Regards
  Guido

• Problems Removing Secondary Domain and agents

  I had a secondary Domain and a gwia and webaccess agent running on an vm box. The box had issues and crashed and I was unable to recover it. I am now left with a secondary domain and two gateways that I can cannot get rid of because the edir objects are gone. I get this error when I try to connect to the gateways....E-Directory counterpart of this object does not exist. The objects are not in edir. I am also unable to delete the domain because it has subordinates left under it. What are my choices for cleaning this out. I really would like to get this resolved before I try to upgrade to GW8.
  Thanks so much for your help!
  Rodney Neal

  This can be fairly difficult given your situation of not being able to recover the server so you might consider opening a service request with a partner or Novell Technical Support. I will try to give you the steps to follow though here..
  1. You need to first get the object back in the tree. To do this, you must graft them in by selecting a container in the tree and selecting Tools|GroupWise Utilities|GW/eDIr Associations|Graft GroupWise Objects. Follow the wizard through all the steps. This should get you the objects back though I do not understand why they would be gone in the first place with just a server crash. I assume that eDir was on other servers as well so wondering if you manually deleted the objects but either way, that is what you need to do.
  2. This is where it can be a bit tricky. You need to create a temp folder on the server and rebuild the secondary domain into that folder so that you have a database to work with. Just go to properties of that secondary domain and change the UNC path to point to the temp folder and then under GroupWise Utilities|System Maintenance choose Rebuild Database. In the end, there should be a wpdomain file in that temp folder.
  3. Copy in all the .dc files from your primary domain root folder into this temp folder.
  4. You now need to Release that secondary domain from the GroupWise system. To do this, make sure you are connected to the primary GW domain and then right click on the secondary in question and choose GroupWise Utilities|GroupWise System Maintenance and then there is an option to release secondary. This also brings up a wizard to walk you through the process.
  5. Now the secondary should show up in your live system as an external system. You just need to go under Tools|GroupWise System Operations|External System Synchronization and delete the new link it automatically created.
  6. Now you can just delete the objects. You may need to delete them separately from the tree afteward.
  Let me know if you have any more questions or need clarification.

• Primary/secondary question

  IS it possible to have a primary domain and po as GW 2012 on Linux with a secondary domain and po holding at GW 8 on Netware? - Not sure how fast I will be able to get out to the secondary location.
  If not, I'll have to migrate the secondary (or move all of it's users to the primary - delete it, and create a new one on a linux box)
  Thanks
  D

  On Thu, 29 May 2014 21:16:02 GMT, DNewman
  <[email protected]> wrote:
  >
  >IS it possible to have a primary domain and po as GW 2012 on Linux with
  >a secondary domain and po holding at GW 8 on Netware? - Not sure how
  >fast I will be able to get out to the secondary location.
  >If not, I'll have to migrate the secondary (or move all of it's users to
  >the primary - delete it, and create a new one on a linux box)
  >
  >Thanks
  >D
  GW 2014 is out...maybe consider that instead of GW 2012.
  But as to your original question, it will work, but if you upgrade
  WebAccess to 2012/2014, I don't believe it can access the older PO. So
  you may need to hold off on WebAccess until you can upgrade the
  secondary location.
  Ken

• CAPWAP Primary/Secondary/Tertiary Question

  After going to the High Availability Tab in the WLC GUI and setting the primary, secondary, and tertiary, how do you see that in the CLI in the AP?
  I tried using show capwap ip config, it doesn't show any entries at all?
  And also, is there a command to do that in the CLI in the AP?  to set the primary, secondary, and tertiary?
  Thank you.

  "ou need to run th config ap... from a WLC.  You have autonomous AP's so  you need to convert them to LWAPP and you also need a WLC to do this."
  It's been converted to LWAPP, but haven't joined a WLC yet.
  What I wanted to do was configure a primary, secondary before joining it to a WLC.
  Because what I would of done is first have it join a controller, then go into the GUI and change the HA (High Availablilty) and add the primary/secondary controllers. 
  Thought if I could skip the first step and try to configure it from the AP.

• Why some APs would register with Secondary WLC while they are configured to Primary WLC

  Dears,
  I faced strange behavior  i have two WLC one primary and the other one secondary.
  some AP join to secondary WLC for short period (2 min or less) and returned to primary, while they are configured to primary WLC.
  Two WLC image version: 7.4.121.0
  Wait your replies plz.
  Thanks,

  please find Logs from Secondary WLC. and i can't get Access point logs cause i Remote site.
  465    Tue Jun 3 13:20:36 2014    AP '90068-02', MAC: 34:a8:4e:bb:08:90 disassociated previously due to Link Failure. Uptime: 0 days, 18 h 46 m 25 s . Reason: Capwap WTP Event request.
  466    Tue Jun 3 13:20:36 2014    AP on the 802.11a radio with Base Radio MAC 34:a8:4e:bb:08:90 (90068-02) is unable to associate. The regulatory domain configured on it '-E' does not match the controller's regulatory domain: -C
  493    Tue Jun 3 13:16:59 2014    AP '90068-02', MAC: 34:a8:4e:bb:08:90 disassociated previously due to Link Failure. Uptime: 0 days, 18 h 42 m 55 s . Reason: Capwap WTP Event request.
  494    Tue Jun 3 13:16:59 2014    AP on the 802.11a radio with Base Radio MAC 34:a8:4e:bb:08:90 (90068-02) is unable to associate. The regulatory domain configured on it '-E' does not match the controller's regulatory domain: -C
  59    Tue Jun 3 13:20:42 2014    AP '90068-01', MAC: 34:a8:4e:bb:06:30 disassociated previously due to Link Failure. Uptime: 0 days, 18 h 47 m 17 s . Reason: Capwap WTP Event request.
  460    Tue Jun 3 13:20:42 2014    AP on the 802.11a radio with Base Radio MAC 34:a8:4e:bb:06:30 (90068-01) is unable to associate. The regulatory domain configured on it '-E' does not match the controller's regulatory domain: -C
  0    Tue Jun 3 14:51:09 2014    Coverage hole pre alarm for client[1] 94:01:c2:82:26:27 on 802.11b/g interface of AP 54:78:1a:88:2c:c0 (90002-01). Hist: 0 0 1 1 4 8 26 30 22 24 12 21 9 7 3 7 2 2 1 1 0 0 0 0 0 0 0 0 0 0 0
  1    Tue Jun 3 14:51:09 2014    Coverage hole pre alarm for client[1] 88:32:9b:5f:e7:91 on 802.11b/g interface of AP 54:78:1a:88:2c:c0 (90002-01). Hist: 1 4 7 15 4 9 4 4 3 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
  2    Tue Jun 3 14:51:09 2014    Coverage hole pre alarm for client[1] cc:3a:61:69:d9:4c on 802.11b/g interface of AP 54:78:1a:88:2c:c0 (90002-01). Hist: 0 0 0 0 0 2 13 16 19 13 5 6 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
  3    Tue Jun 3 14:51:09 2014    Coverage hole pre alarm for client[1] bc:44:86:09:f1:ec on 802.11b/g interface of AP 54:78:1a:88:2c:c0 (90002-01). Hist: 0 0 0 3 21 24 13 6 2 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 1 0 2 3 0 0
  Wait your feedback plz.
  Thanks,

• Using Windows 8.1 With Older Domain Controllers

  Is there any document that would specify types of incompatibility we might expect when using Windows 8.1 with older domain controllers, either Windows 2000 or Windows 2003?    
  I assume at minimum that these older domain controllers would not have group policies that are able to support the full security policy feature set of Windows 8.1?    For such cases, how do we configure security policy on those 8.1 domain member
  computers?   Would we use LocalGPO.wsf to import a local security policy, then join the computer to the domain to override just the settings that are supported by the domain controller and windows 8.1 in common?
  Will

  Hi,
  You could refer to below guide to complete your migration process:
  Step-By-Step: Active Directory Migration from Windows Server 2003 to Windows Server 2012 R2
  http://blogs.technet.com/b/canitpro/archive/2014/04/02/step-by-step-active-directory-migration-from-windows-server-2003-to-windows-server-2012.aspx
  Meanwhile, about the details how to migrate the doamin controller, I would like to suggest you consult Windows Server Forum for more professional help:
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverDS
  Karen Hu
  TechNet Community Support

• Register Secondary ACS with Primary ACS 5.4 patch 6 and getting error

  Scenario #1:
  prodacs1 and prodacs2 version 5.4 patch 6 with IP address of 10.1.1.1/24 and 10.1.1.2/24, respectively.  
  Both prodacs1 and prodacs2 are running on VMWare ESXi 5.1.  Both are sync'ed with Active Directory
  and authenticate users to manage Cisco routers and switches without any issues.  prodacs1 is the Primary
  and prodacs2 is the Secondary.  BOTH prodacs1 and prodacs2 USE THE SAME LICENSE.  Both prodacs1 and
  prodacs2 are resolved in DNS for both forward and reverse lookup.  In this production environment, everything is working as expected.
  Scenario #2:  NEW deployment in the lab
  labdacs1 and labacs2 version 5.4 patch 6 with IP address of 192.168.1.1/24 and 192.168.1.2/24, respectively.  
  Both labacs1 and labacs2 are running on VMWare ESXi 5.1.  Both are sync'ed with Active Directory.  BOTH
  labacs1 and labacs2 USE THE SAME LICENSE as scenario #1.  Both labacs1 and labacs2 are resolved in DNS for both
  forward and reverse lookup.
  However, when I tried to add labacs2 into labacs1 so that labacs2 is the secondary and labacs1 to be the
  primary.  From labacs2 interface: System Administration >Operations >Local Operations >Deployment Operations,
  I enter the hostname/IP address, username/password of labacs1, then I click on "Register with Primary", I get
  this message:
  This System Failure occurred:  server cannot be added to the deployment.
  Server has same License ID as server labacs1 that already exists in the deployment.
  Your changes have not been saved.Click OK to return to the list page.
  Why is not working?  Furthermore, why is it working in one environment but not the other with the same
  idetical ACS version & patch.  Work in production environment but not other.
  Anyone has run into this before?  how do you fix this?

  What type of license are you using in first deployment?
  There are 2 type of licenses 
  Base license - Install a unique base license for each of the ACS secondary servers in the deployment.
  Large Deployment add-on license - It allows a deployment to support more than 500 network devices. Only one Large Deployment license is required per deployment, as it is shared by all instances
  Please check what type of license are you running in your deployment.
  In order to fix issue in your 2nd deployment you need reset-application config on your secondary, install the new unique base license (based on show udi) and register it to primary node to get the configuration replicated.
  Regards,
  Jatin Katyal
  **Do rate helpful posts**

• DNS issues with replaced domain controllers

  I have slight issue I hope some one can help with.
  We recently replaced some domain controllers in our 2 core sites the process we followed is as below:-
  moved FSMO roles to different already working servers
  demoted the old domain controllers and decommissioned.
  built virtual machine replacements with the same names.
  depromo'd the servers
  ran all the tests and it reported everything was fine.
  moved the fsmo roles to the new servers.
  repeated this for the remaining servers.
  this was our 2003 domain to free up physical space but our new 2013 domain what will exist separately until all our applications our tested.
  however the problem we now have is that non domain controllers have issues registering against the new servers despite being able to do look-ups against them all (replication testing looks fine). one of our regional DC's seems to have taken over as the primary
  replica. as changes made else where disappeared but changes made there got replicated out perfectly.
  I have managed to resolve this particular issue by added the domain controllers back into several locations in DNS manually (maining forward lookup zones>my domain>_tcp )but we still experience the odd issue with servers not registering in DNS properly
  (although it's a lot better since the I did the above)
  so basically does any one have a idea on what could have caused this issue and how I can resolve?

  should the demotion not automatically remove it from sites and services automatically (it could well be this if not) the question then becomes how do we resolve the issues we have now.
  Hello,
  NO, as you can demote a DC and it still may run site-aware services like DFS and for this reason a DC is NOT automatically removed from AD sites and services during demotionprocess.
  Best regards
  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://blogs.msmvps.com/MWeber
  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
  Twitter:  

• Still having issues with AP primary/secondary controller option

  Customer has two primary controllers each in HA SSO, each using v7.6.130.0, FUS 1.9.0.0; the AP population is a mixture of mostly 3502, 3602 and 1142.   Both WLC's management interfaces are in the same vlan and the mobility communication is up.  AP fallback is enabled on both WLC.
  Over the weekend the upgrade to 7.6.130.0 was completed and the first AP tested with primary controller defined worked on the first attempt.  Every successive reboot of the AP always worked. This did not work previously when the WLC was on v7.6.100.0.
  L2 client roaming between APs joined to different controllers also worked great.
  While the roaming test was being carried out, a few APs not involved with the testing migrated over to the new controller.  This wouldn't be a problem but there are about 15 APs that must reside only one controller.  As luck would have it, 5 of the APs which migrated to the new controller are APs which must stay on the other controller.  Setting their primary controller had no affect.  Each time these 5 APs were reset they ignored the primary controller setting and joined the new controller.  These were 4 1142 and 1 3502.
  What am I missing?  I have checked and double checked the configuration, read and reread the documentation.  I am working as a contractor and this is starting to look very bad for me if this problem can not be solved.
  Thank you for your assistance.

  I would like to follow up and share the resolution to this problem.
  After upgrading to 7.6.130.0 and finally determining that one of the test APs was actually bad, we were able to move forward.  Since removing the bad AP from the test, we now have the ability to direct APs to a specific controller at will.
  In the testing, we found that using just the system name worked in all test cases. This was confusing since using the FQDN worked for some APs but not all.  This issue is why I started this discussion.  Nobody homed in on that detail, so I hope this will help someone in the future.
  Both the primary controllers are in the same management vlan, we only used the system name.
  Good luck to all!

• Cisco UCM 8.5.1 integrated with ARC server 5.1 for console services-configuration of ARC secondary subscriber

  We have a setup wherein we have integrated ARC server for exchange console services to the call manager.In our cluster CTI Manager services are running on two subscribers-one of them is a primary and the other is secondary.Similary , we have ARC server installed on a primary server and a secondary server.ARC Server  uses TAPI and CISCO TSP to integrae with the call manager.In the secondary ARC server, when we go to to ARC aConnect admionistration- console connect-Queue location we see the the same queue location numbers as configured in primary ARC server.When we try to change the queue location numbers, it fails to update ,throws up a pop up which says"Queue location cannot be pointed to a routing device.Kindly select a different number".Could you suggest where the conflict might have been occuring and how can we update the queue location numbers in ARC secondary server?Could you also please explain how the CISCO TSP and TAPI function together?

  Thanks a lot Brad,
  All is working, just a couple of question, i'm also using voice recognition, it works but it doens't has the
  play external messages option, is there any specific i have to set or say?
  The touchtone command in my classic conversation is not 7 but i have to execute a little procedure following the
  menu, somenthing like 0 --> 9 --> 1 ---> 7 ( external message option ) --> 1
  Is there any way to change or abbreviate this ?
  Thanks again
  Michele