[Samba] Failover DC did not work when Main DC failed

[Kris Lou]

My reverse zones have PTR records.  Though I don't have NS records for all
of my DC's.  I guess that needs to be manually created.

Also, you don't have any CNAMES or domain overrides pointing to a single
DC?  Perhaps Bind is pointing to another internal DNS server, and then to a
public DNS?

----

Here's a way to test failover from a Windows client:

You can switch logon servers with "nltest /server:<clientcomputer>
/sc_reset:<domain\dc>"
https://www.technipages.com/windows-how-to-switch-domain-controller

So try this -- (I just did this on one of my DC's):
* Switch a Windows Client to DC4
* Verify with "nltest /dsgetdc:<domain>" and "nltest /sc_query:<domain>"

C:\WINDOWS\system32>nltest /Server:<mycomputer> /sc_query:<shortdomainname>
> Flags: 30 HAS_IP  HAS_TIMESERV
> Trusted DC Name \\<DC4>.<mydomain.com>
> Trusted DC Connection Status Status = 0 0x0 NERR_Success
> The command completed successfully
> C:\WINDOWS\system32>nltest /dsgetdc:<shortdomainname>
>            DC: \\<DC4>
>       Address: \\ip.addr.ss.ss
>      Dom Guid: <guid>
>      Dom Name: <shortdomainname>
>   Forest Name: mydomain.com
>  Dc Site Name: <mysite>
> Our Site Name: <mysite>
>         Flags: GC DS LDAP KDC TIMESERV GTIMESERV WRITABLE DNS_FOREST
> CLOSE_SITE
> The command completed successfully


* Then stop samba on DC4
* "nltest /dclist:<domain>"  This should fail, as it's attempting to get
lookups from the trusted DC (DC4)

C:\WINDOWS\system32>nltest /dclist:<shortdomainname>
> Get list of DCs in domain ' <shortdomainname> ' from '\\<DC4>'.
> Cannot DsBind to <shortdomainname> (\\<DC4>).Status = 1722 0x6ba
> RPC_S_SERVER_UNAVAILABLE
> List of DCs in Domain <shortdomainname>
>     \\<DC3>(PDC)
> The command completed successfully
>

*  "nltest /sc_verify:<domain>" -- this should force a query and change the
trusted DC to an available DC.

(Don't forget to turn samba back on)

Kris Lou
klou at themusiclink.net


>