How to Force the logon server
Nik
Is there a way I can force which server the users login to. I see most of
my clients logon server ServerA where in fact I would prefer its ServerB.
Any ideas?
Environment Win2K3/XP
Meinolf Weber [MVP-DS]
Basically the logon server is automatically choosen based on the DCLocator
process. See here for more:
http://blogs.dirteam.com/blogs/jorge/search.aspx?q=locator&p=1
Also if you have more then one site, AD sites and services must reflect the
physical topology with the subnets and sites and there belonging DC in the
correct site.
You can work with server weights:
http://technet.microsoft.com/en-us/library/cc786945(WS.10).aspx
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Nik
The sites represents the physical topology. I was wondering about achieving
this in a local site. ServerA does not have as much resources as ServerB.
However, I see most of the clients seems to choose ServerA as their logon
server. So I was considering changing this.
In Addition, is there any harm in me disabling the browser service on all my
clients? I"m seeing a few of these errors EventID 8003
"Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
news:6cb2911db8d68...@msnews.microsoft.com...
Meinolf Weber [MVP-DS]
Is serverA also the preferred DNS server on the machines NIC, mostly this
is choosen also as logon server?
You can disable it but, will loose the option to see machines in the network
neighborhood as far as i know, see here for more details about the computer
browser service:
http://support.microsoft.com/kb/188001
Florian Frommherz [MVP]
Nik schrieb:
> Hey Meinolf,
> The sites represents the physical topology. I was wondering about
> achieving this in a local site. ServerA does not have as much resources
> as ServerB. However, I see most of the clients seems to choose ServerA
> as their logon server. So I was considering changing this.
> In Addition, is there any harm in me disabling the browser service on
> all my clients? I"m seeing a few of these errors EventID 8003
As Meinolf stated, there's built-in functionality that lets clients
choose freely among DCs provided by DNS. What you could do is change the
weight of the DNS SRV records of the DCs to have clients pick a certain
DC more likely than another.
Here's some reading:
http://technet.microsoft.com/en-us/library/cc786945(WS.10).aspx
http://technet.microsoft.com/en-us/library/cc778225(WS.10).aspx
Do yourself (and your fellows) a favor and document this thoroughly. If
it's just that you think that the low-power-DC may be overutilized, I'd
first check on the resources during a normal day.
Cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
ANY advice you get on the Newsgroups should be tested thoroughly in your
lab.
Nik
been unable to (while I can do the same for the other dc). I will take this
on next week and logon to the server and measure some counters and see
what's up. Also this server is not the primary DNS also it doesn't even hold
the FSMO roles.
"Florian Frommherz [MVP]" <flo...@frickelsoft.DELETETHIS.net> wrote in
message news:O118ESZi...@TK2MSFTNGP04.phx.gbl...
Meinolf Weber [MVP-DS]
FSMO roles are not used for logon authentication, if universal groups are
used a Global catalog server is needed for authentication.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Nik
there maybe another reasons why I'm getting that error - like 2 dhcp servers
on the same subnet.
"Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
news:6cb2911db8f08...@msnews.microsoft.com...
Meinolf Weber [MVP-DS]
You can have also multiple DHCP servers on a subnet as long as they don't
provide the same scope.
Nik
be the backup to the other, but I think they are both running at the same
time. Anyhow, i guess this is something else I will have to look at starting
tomorrow.
"Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
news:6cb2911db8f58...@msnews.microsoft.com...
Meinolf Weber [MVP-DS]
For 2 DHCP servers never configure the same scope without excluding at least
the half of the scope from each other. So one scope with 1-120 and exclude
121-254 and the other scope the other way around.
Hank Arnold
This brings up a question that I asked eons ago, but never got an answer
(or at least not one I can remember).
Suppose I have two DHCP servers with, say, a 50/50 split scope. A user
logs on and goes to server 1. Server 1 is out of IP addresses to issue,
but Server 2 has plenty. What happens? I'm concerned that this could
happen in my domain. Will it go to Server 2 or fail to get an IP
address? If the latter, can it be configured to find another DHCP server?
--
Regards,
Hank Arnold
Microsoft MVP
Windows Server - Directory Services
http://mypcassistant.blogspot.com/
Meinolf Weber [MVP-DS]
DHCP works that way that the machine searches that long for an ip address
until it gets one. After some time, don't know the exact one, the machine
uses APIPA if no DHCP server responses. So if in your case server 1 is out
of addresses server 2 will answer automatically to the broadcast from the
client.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> Meinolf,
>
> This brings up a question that I asked eons ago, but never got an
> answer (or at least not one I can remember).
>
> Suppose I have two DHCP servers with, say, a 50/50 split scope. A user
> logs on and goes to server 1. Server 1 is out of IP addresses to
> issue, but Server 2 has plenty. What happens? I'm concerned that this
> could happen in my domain. Will it go to Server 2 or fail to get an IP
> address? If the latter, can it be configured to find another DHCP
> server?
>
Hank Arnold
another project to this year's to-do list... ;-)
--
Regards,
Hank Arnold
Microsoft MVP
Windows Server - Directory Services
http://mypcassistant.blogspot.com/
Meinolf Weber [MVP-DS] wrote:
Andy Wendel
nicely described here: http://technet.microsoft.com/en-us/library/cc780760(WS.10).aspx
Greetings fom muenster
Andy
--
Andy Wendel
Senior Trainer & Consultant
Traicen GmbH
http://www.traicen.com
Meinolf Weber [MVP-DS]
Thanks for the link. Happy new year for all at TraiCen. :-)
Best regards and if my boss agree we will see us this year
>>>>>>>>>> p x
Andy Wendel
> Hello Andy,
>
> Thanks for the link. Happy new year for all at TraiCen. :-)
>
> Best regards and if my boss agree we will see us this year
I will really hope to see ya again - and share some knowledge...
And - we have new coffee mugs @every end of our courses...
Greetings from snowy germany
Cary Shultz
Like Florian and Meinolf suggested, you control this via the weights and
priorities in DNS. Specifically, in this case, weights.
So, if you wanted one Domain Controller to handle 80% of the authentication
requests and the other Domain Controller to handle 20% of the authentication
requests then you would need to take a look at the following link:
http://technet.microsoft.com/en-us/library/bb727062.aspx#E0HE0AA
Do what is prescribed in the above link on the one that you want to handle
20% of the requests - ******NOT****** - on the one that you want
to handle 80% of the requests.
Now, if I might ask: why do you want to do this?
I might respectfully suggest that you keep things at the defaults. Is one
of the Domain Controllers really bogged down? Have you employed Performance
Monitoring to determine this?
Sorry to jump in so late....
Cary
"Nik" <nall...@maxxam.lab> wrote in message
news:umbEtyYi...@TK2MSFTNGP04.phx.gbl...
Ace Fekay [MCT]
news:%23R0R2nB...@TK2MSFTNGP02.phx.gbl...
> Nik,
>
> Like Florian and Meinolf suggested, you control this via the weights and
> priorities in DNS. Specifically, in this case, weights.
>
> So, if you wanted one Domain Controller to handle 80% of the
> authentication requests and the other Domain Controller to handle 20% of
> the authentication requests then you would need to take a look at the
> following link:
>
> http://technet.microsoft.com/en-us/library/bb727062.aspx#E0HE0AA
>
> Do what is prescribed in the above link on the one that you want to handle
> 20% of the requests - ******NOT****** - on the one that you want
> to handle 80% of the requests.
>
> Now, if I might ask: why do you want to do this?
>
> I might respectfully suggest that you keep things at the defaults. Is one
> of the Domain Controllers really bogged down? Have you employed
> Performance Monitoring to determine this?
>
> Sorry to jump in so late....
>
> Cary
Hi Cary,
I hope you enjoyed the holidays! I am jumping late into this, too. I think
my blog may be somewhat helpful in additon to what's been already discussed.
The DC Locator Process, The Logon Process, Controlling Which DC Responds in
an AD Site, and SRV Records
http://msmvps.com/blogs/acefekay/archive/2010/01/03/the-dc-locator-process-the-logon-process-controlling-which-dc-responds-in-an-ad-site-and-srv-records.aspx
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.
Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA
2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.
Cary Shultz
Good afternoon! Yes, I did enjoy the holidays. Christmas and the New Year
are two wonderful things with little ones!
And, yeppers - your blog might just be useful in this case. Thanks for
posting it. I did not know that you had one (a blog, that is). Looks very
nice!
Cary
PS. Never made it to any Eagles games. Drats!
"Ace Fekay [MCT]" <ace...@mvps.RemoveThisPart.org> wrote in message
news:uHmzT$JjKHA...@TK2MSFTNGP04.phx.gbl...
Ace Fekay [MCT]
> Ace,
>
> Good afternoon! Yes, I did enjoy the holidays. Christmas and the New
> Year are two wonderful things with little ones!
>
> And, yeppers - your blog might just be useful in this case. Thanks for
> posting it. I did not know that you had one (a blog, that is). Looks
> very nice!
>
> Cary
>
> PS. Never made it to any Eagles games. Drats!
Cary,
I actually just put that one together early this afternoon when I saw this
thread. Off and on there are questions on how to control which DC responds,
and I figured it was time to put my notes together and publish it. Here are
more of my blogs. I hope they're helpful for others out there.
http://msmvps.com/blogs/acefekay/
I agree about Christmas and New Year's for kid, but don't forget us, too!
:-)
I'm watching the Eagles game now. They are struggling against Dallas, with
Dallas on top, 17-0. They just can't seem to get in sync. First half is just
winding up, so maybe they'll find their groove in the second half,
hopefully!!
Cheers!
Ace