[Samba] Failover DC did not work when Main DC failed
Rowland penny
rpenny at samba.org
Fri Jan 31 18:47:13 UTC 2020
On 31/01/2020 18:15, Kris Lou via samba wrote:
> Here is another link (with a set of links in the article, sorry):
> https://blogs.msmvps.com/acefekay/2010/01/03/the-dc-locator-process-the-logon-process-controlling-which-dc-responds-in-an-ad-site-and-srv-records/
>
>
> I particularly like the Summary graphic about 20% down:
>
> 1. New client queries for all DCs in the domain
> - Retrieves SRVs from _tcp.<domain>
> 2. Attempts LDAP bind to all
> 3. First DC to respond
> - Examines client IP and subnet definitions
> - Refers client to a site
> 4. Client stores site in registry
> 5. Client queries for all DCs in the site
> - Retrieves SRVs from _tcp.<site>._sites.<domain>
> 6. Attempts LDAP bind to all
> 7. First DC to respond
> 1. Authenticates client
> 2. Client forms affinity
> 8. Subsequently
> - Client binds to affinity DC
> - DC offline? Client queries for DCs in registry-stored site
> - Client moved to another site? DC refers client to another site (see
> #4)
>
> Now, I haven't observed all of this in an offline DC situation, but
> "winbind --ping-dc" will show the equivalent to "nltest /dsgetdc:<domain>
> /gc" to show the DC currently being queried.
>
>
I don't think this is problem with how to find the BEST dc to use, I
think it is a problem finding ANY dc to use.
I have:
options timeout:1 attempts:1 rotate
in /etc/resolv.conf on Linux clients and I don't have a problem when DNS
disconnects on the first nameserver.
It seems that Windows has something similar in how it works, but being
Windows it is configured totally differently, see here:
https://docs.microsoft.com/en-us/previous-versions//cc977482(v=technet.10)?redirectedfrom=MSDN
and here:
http://www.teachnovice.com/6703/multihomed-windows-10-dns-resolution-timeouts
Rowland
More information about the samba
mailing list