locked
Branch Windows 2012 losing domain controller connection RRS feed

  • Question

  • Hi,

    I have a Windows Server 2012 server joined to a domain (Windows Server 2008) located over another location.  It's joined over via a IPSEC tunnel VPN.

    The problem is that if the connection is unstable, the Windows Server 2012 loses its authentication/connection with the domain controller.  That means remote desktop services (terminal server) won't work because it needs the domain controller to authenticate its users.

    Is there a way to make it more stable or have the Windows Server 2012 cache the credentials so that it doesn't rely on the domain controller?  Or a way to get the Windows Server 2012 to authentication again without having to restart the server?

    Thursday, July 7, 2016 1:01 AM

Answers

All replies

  • Hi,
    I would suggest to deploy a RODC in this branch office. By selectively caching credentials, RODCs address some of the challenges that enterprises can encounter in branch offices and perimeter networks (also known as DMZs) that may lack the physical security that is commonly found in datacenters and hub sites. Please see details from:
    What Is an RODC?  https://technet.microsoft.com/en-us/library/cc771030%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396
    Regards,
    Wendy

    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, July 7, 2016 6:25 AM
  • Hi,

    As per jiang for stability for your server on the site you need to configure RODC over there, Then you can join server as a domain for additional fault tolerance.

    Check below for more info:

    http://www.rebeladmin.com/2014/10/why-read-only-domain-controllers-rodc/ 

    https://serverfault.com/questions/777236/secondary-domain-controller-not-functioning-when-primary-domain-controller-is-no

    Above links define very clearly about RODC and in order to your problem solution hope it will give some solutions.

    Kindly let us know issues screen shots and more details for further to get exact solution .

    Thanks

    • Proposed as answer by Prithvi_Manohar Friday, July 15, 2016 3:37 PM
    • Marked as answer by Wendy Jiang Thursday, July 21, 2016 8:16 AM
    Thursday, July 7, 2016 6:34 AM
  • Thanks for the suggestion. 

    That was my initial thoughts but I've read its not advisable for Remote Desktop Services (Terminal Services).  Windows Server 2012 restricts the terminal role automatically if you try to install any domain controller services. 

    Unless there is a way around it or whether its best practice.

    Monday, July 11, 2016 1:15 AM
  • Hi,
    Please take a look at the following article and use for reference:
    Deploying RDS 2012 R2 On a Domain Controller – the Walk through Guide
    https://ryanmangansitblog.com/2015/02/22/deploying-rds-2012-r2-on-a-domain-controller-the-walk-through-guide/
    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
    However, officially, it is not suggested to install RDS on DC in a production environment.

    Regards,
    Wendy


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Wendy Jiang Friday, July 15, 2016 8:58 AM
    • Marked as answer by Wendy Jiang Thursday, July 21, 2016 8:16 AM
    Wednesday, July 13, 2016 8:40 AM