Thursday, February 21, 2013 9:33 PM
2 windows server 2012 Domain controllers
multiple synology rack storage stations
42 work stations connected to domain
The synology storage station can connect to an AD Server and authenticate via DNS, problem is that it only accepts ONE ip for the DNS server. This proves useless because i have 2 domain controllers and in the event of say DC1 was to fail and DC2 was to stay up and if the synology station was pointing to DC1, any network shares will become unresponsive on the workstation side because the synology station will be unable to authenticate the user to the domain.
Is there any way to create a VIRTUAL DNS server that is shared by both domain controllers so that if one fails the DNS will stay up because the other DC is still up ?
Thursday, February 21, 2013 9:34 PMPS: I called the manufacturer and they offered no solution :(
Thursday, February 21, 2013 10:42 PM
Bleh. That's ugly. What kind of device lets you only configure ONE DNS server?? Perhaps others will have a better idea, but the best thing that I can think of would be to have two separate servers and configure them in a NLB cluster. Install DNS them both, but don't create any zones. Use them as caching servers by only configuring the forwarder to point to your domain controllers. I don't know about 2012 (maybe it's okay now), but I would never consider monkeying around with NLB on a 2008 R2 or older domain controller which is why I suggested a separate pair of servers for stand-alone DNS.
This solves DNS, but if your Synology is expecting authentication from the same IP as DNS, you'd fall short in this scenario. Hopefully it's using DNS to find any Active Directory server.
Thursday, February 21, 2013 11:41 PM
Yes, i agree with you, the device is absolutely RETARDED to accept only ONE DNS server, blows my mind away if you ask me....
Any way, i forgot to mention that both DC are in a failover cluster. That being said i created a Windows server 2012 Hyper-V vm configured for high availability between both nodes, i then joined the vm to the domain and configured as a RODC w/ DNS server so this way the synology stations will point to that DNS for finding the AD server. This way the VM is independent of the machine its running on since its on a failover cluster so basically if one node goes down the vm will switch to the other node and the dns server will always stay up unless both nodes go down then at that point i will have a bigger problem on my hand.
If anyone has a better idea than what ive stated above, please share.
- Marked As Answer by Ahmad Alkaysey Monday, February 25, 2013 4:38 PM
Friday, February 22, 2013 2:18 PMThat helps to protect you against hardware failure, but what about operating system failure on the DC? What about when you need to patch or reboot that DC? Is is going to be acceptable to also have downtime for your Synology devices?
Friday, February 22, 2013 2:35 PMI have scheduled monthly restarts scheduled at 4AM when no one is in the office so this way everything restarts and theres no down time. If theres an OS failure in the DC, since its a Hyper-v vm i can simply revert to a recent snapshot/backup. (hourly)
Monday, February 25, 2013 4:57 PMBeing able to revert a domain controller to an old snapshot is something very new in 2012 and in previous versions of AD would cause you ALL KINDS of headache. Before you plan on using snapshots for your DCs as a fallback plan, I would make sure to thoroughly research and test that.
Monday, February 25, 2013 10:10 PM
haha yep, I remember this from windows 2008. I tested all possible scenarios including destructive shutdown (AKA turning off) and no issues at all.
Now working on a couple things relating to DFS replication of SYSVOL that are giving me problems...