I'm hoping someone can help me. I'm doing some testing and setup a backup domain controller. Didn't do anything special (just ran through the basic wizard) other than setup a couple of forwarders to forward internet traffic to opendns (which is the same as the primary domain controller). When i shutdown the primary domain controller i'm having problems accessing the domain. For example i have some mapped drives to other machines on the network. When i click one of the drives it comes up with an "enter network password" dialog and if i do enter my credentials it works but if of course i shouldn't have to do this. Also if i do a gpupdate i get the following error:
Computer policy could not be updated successfully. The following errors were encountered:
The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a tran
sient condition. A success message would be generated once the machine gets connected to the domain controller and Group
Policy has successfully processed. If you do not see a success message for several hours, then contact your administrat
or.
Apparently the DNS is still working fine on the backup domain controller because i changed it to my only dns entry and i can still access the internet.
Both Domain Controllers are running Server 2012 Core. Both are running DNS. i've also checked the NTDS settings on both and they are set as "Global Catalog". All the macines have their primary dns as the primary domain controller and their second dns as the backup domain controller.
Best Answer
I have had this problem some months ago when our primary domain controller crashed. I just started working there, so there was no other choice then a radical one. This is what happens. Like DNS, AD also has a primary controller. Since that one is down and you only have a backup domain controller, you need to seize control over the fsmo roles, otherwise the backup domain controller will not be able to write changes to active directory. http://www.petri.co.il/seizing_fsmo_roles.htm
then the next option you have is to install a new domain controller right away and transfer the fsmo roles to this new domain controller, so you secondary controller is secondary again (or backup in your case). To save yourself more headache, and if possible, change the ip address of this server to the one that just crashed. http://www.elmajdal.net/win2k8/Transferring_FSMO_Roles_in_Windows_Server_2008.aspx
Till then your client will suffer from unavailable domain controllers. however, its possible to trick the clients as well.