Showing results for 
Search instead for 
Did you mean: 

Login Server Redunndancy

Clarence Lee
Regular Advisor

Login Server Redunndancy

Recently I trying to setup a second dc and dns
on the same system.

seem it is working where the primary dc is alive.
dcdiag and netdiag all produce good result.
Only one statement found on netdiag.

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.

Does this matter ?

The problem is when I shutdown the primary dc,
seem that secondary dc could not take over.
Using one of the server within the domain and
perform the following:
sqlplus /nolog
connect /as sysdba
"ORA-01031: insufficient privileges"

Over at the event log, I found this
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5719
Date: 9/6/2006
Time: 5:13:52 PM
User: N/A
Computer: AMKNT809
No Windows NT or Windows 2000 Domain Controller is available for domain AMKPAY. The following error occurred:
There are currently no logon servers available to service the logon request.
0000: 5e 00 00 c0

But when restart the primary dc, everything goes fine.

Need some helps please.
Thanks in advance.

Jonathan Axford
Trusted Contributor

Re: Login Server Redunndancy

Hi Clarence,

Are your clients configured with the secondary DNS server address as well?

Whenever i have experienced that error in the past it is usually down to DNS playing up.

Are you using Active Driectory Zones?

If you go to the DNS console, can you see both DNS/DC's in the Forward Lookup Zone-DOMAIN-sites-DOMAIN-tcp folder?

This holds SRV records that are used to locate services such as LDAP and Kerberos which are needed for logon.

It seems to be that your clients just don;t know about the second DC.

Where there is a will there is a way...
Ivan Ferreira
Honored Contributor

Re: Login Server Redunndancy

With respect of the message:

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.

That does not matters. It only warns that ipsec is not used. IPSec normally is not required for local communications because it add overhead.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?