locked
Users unable to login to ADC in Branch Office when PDC offline(unavailable) RRS feed

  • Question

  • We have a PDC in at my Office and ADC in branch location. both are connected through VPN and both sides the users work like local.

    But my problem is when the VPN goes down (PDC became offline)  the branch office users are unable to login to their local ADC server and unable to getting sharing and not getting credential check. please help me on this.

    Thank you in advance.

    Regards

    Anji Dudigam


    Monday, March 20, 2017 11:17 AM

All replies

  • what type of DC do you have in branch? may be it is RODC?
    Monday, March 20, 2017 11:29 AM
  • that is ADC (Second Domain Controller) replication is happening successfully. it's not RODC.

    for your information users can able to login into RODC. but my problem is users not able to login to the ADC when PDC down.

    Tuesday, March 21, 2017 3:57 AM
  • What dns server set on clients in branch? What dns settings are on ADC? Is GC enabled for ADC? run on ADC: dcdiag /q
    Tuesday, March 21, 2017 6:09 AM
  • Clients in Branch are using ADC Server (placed in Branch office).

    GC enabled on both PDC and ADC but when we run dcdiag /q  getting below errors

             Warning: CAB has not finished promoting to be a GC.
             Check the event log for domains that cannot be replicated.
             Warning: RADCAB is not advertising as a global catalog.
             Check that server finished GC promotion.
             Check the event log on server that enough source replicas for the GC
             are available.
             ......................... CAB failed test Advertising
             A warning event occurred.  EventID: 0x80000786
                Time Generated: 03/21/2017   09:26:57
                Event String:
                The attempt to establish a replication link to a read-only directory
     partition with the following parameters failed.
             A warning event occurred.  EventID: 0x80000786
                Time Generated: 03/21/2017   09:27:00
                Event String:
                The attempt to establish a replication link to a read-only directory
     partition with the following parameters failed.
             An error event occurred.  EventID: 0xC0000827
                Time Generated: 03/21/2017   09:27:07
                Event String:
                Active Directory Domain Services could not resolve the following DNS
     host name of the source domain controller to an IP address. This error prevents
     additions, deletions and changes in Active Directory Domain Services from repli
    cating between one or more domain controllers in the forest. Security groups, gr
    oup policy, users and computers and their passwords will be inconsistent between
     domain controllers until this error is resolved, potentially affecting logon au
    thentication and access to network resources.
             A warning event occurred.  EventID: 0x80000785
                Time Generated: 03/21/2017   09:27:07
                Event String:
                The attempt to establish a replication link for the following writab
    le directory partition failed.
             A warning event occurred.  EventID: 0x80000786
                Time Generated: 03/21/2017   09:27:07
                Event String:
                The attempt to establish a replication link to a read-only directory
     partition with the following parameters failed.
             An event occurred.  EventID: 0x40000617
                Time Generated: 03/21/2017   09:31:41
                Event String:
                The local domain controller has been selected to be a global catalog
    . However, the domain controller does not host a read-only replica of the follow
    ing directory partition.
             An event occurred.  EventID: 0x4000062A
                Time Generated: 03/21/2017   09:31:41
                Event String:
                Promotion of the local domain controller to a global catalog has bee
    n delayed because the directory partition occupancy requirements have not been m
    et. The occupancy requirement level and current domain controller level are as f
    ollows.
             An event occurred.  EventID: 0x40000456
                Time Generated: 03/21/2017   09:31:41



    Tuesday, March 21, 2017 10:32 AM
  • Hi,

    Do you have the ADC listed as the secondary or tertiary DNS server in DHCP or manually on the client's PC?

    Regarding the warnings of dcdiag /q report, you could refer to the following suggestion to check:

    Wether the server is GC or not is governed by options attribute of nTDSDSA object
    located at CN=NTDS Settings,cn=ServerName,cn=SiteName,cn=Configuration,dc=domain,dc=local
    This attribute sets server as GC or not. After you mark a server as GC it takes some time for GC to build. To see if your GC is ready you need to query isGlobalCatalogReady in RootDSE. The following script will return this flag

    Set objRootDSE= GetObject("LDAP://RootDSE")
    Wscript.Echo "Is GC ready: " & objRootDSE.Get("isGlobalCatalogReady")

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, March 24, 2017 6:15 AM
  • PDC and ADC are GC's.

    i demoted ADC and formatted, reinstalled and configured as ADC to domain. Again the same problem.

    where the problem is In PDC?.

    but replication is happening successfully without any interruption.  

    Saturday, March 25, 2017 4:53 AM
  • Hi,

    You may additionally refer below:

    Active Directory and Active Directory Domain Services Port Requirements

    https://technet.microsoft.com/en-us/library/dd772723(v=ws.10).aspx

    Active Directory Firewall Ports - Let's Try To Make This Simple
    http://msmvps.com/blogs/acefekay/archive/2011/11/01/active-directory-firewall-ports-let-s-try-to-make-this-simple.aspx 

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, March 28, 2017 7:07 AM
  • >>but replication is happening successfully without any interruption.

    why do you think so?:) show. pls, result from both DCs: repadmin /showrepl

    Tuesday, March 28, 2017 7:32 AM
  • Hi,

    Just want to confirm the current situations.

    Please feel free to let us know if you need further assistance.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, April 3, 2017 2:01 AM