Hi,
I have a scenario with 4 DCs. Three of them are DNS servers.
DCA (DNS/DC W2K3R2): 192.168.1.1 (all FSMO Roles here. Also GC).. Primary DNS 192.168.1.1 (itself), Secondary DNS 192.168.1.3
DCB (DNS/DC W2K8R2): 192.168.1.2 (GC). Primary DNS 192.168.1.1, Secondary DNS 192.168.1.2 (itself)
DCC (DNS/DC W2K3R2): 192.168.1.3 (GC). Primary DNS 192.168.1.1, Secondary DNS 192.168.1.3 (itself)
DCD (DC only W2K8R2): 192.168.1.4 (GC): Primay DNS 192.168.1.1, Secondary DNS 192.168.1.3
I have only tried this with DCB:
On DCB, if I keep itself as primary (192.168.1.2) and DCA (192.168.1.1) as secondary DNS and I restart DC2, it takes a long while to come up. After it comes up, if I check the logs, I see several errors :
Event id: 14550 (DFSSvc),
The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.
Event ID: 129 (Time-service)
NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The error was: The entry is not found. (0x800706E1)
Event ID: 5719:
This computer was not able to set up a secure session with a domain controller in domain exampledomain due to the following:
There are currently no logon servers available to service the logon request.
This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.
Event ID: 1129 (Group Policy):
The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully
processed. If you do not see a success message for several hours, then contact your administrator.
After some time, the errors seem to go away and I will see event id 37 (time service), event 1503 (group policy), etc. My questions are as follows:
1) Is the above behaviour the 'islanding' behaviour described here:
http://blogs.technet.com/b/askds/archive/2010/07/17/friday-mail-sack-saturday-edition.aspx#dnsbest
2) Based the article, for DCB and the other DCs, I should not have them pointing to themselves as primary DNS but as secondary or tertiary DNS. So DCB should point to DCA or DCC for primary DNS and itself as secondary. When I do this, none of
the errors above occur. Is this true of the DC that holds all the FSMO roles as well? Should it have DCC (for example) as primary DNS and itself as secondary DNS?
3) All FSMO roles are on DCA. DCA is also a GC. Is this ok given that all DCs are GCs? This is a one domain environment and the and forest are at Windows 2003 level.
Thanks very much,
HA