We have two window2 2003 R2 servers, one as "primary" one as "backup".
The latest one is old machine against the first one, so we would
prefer to use it just in case of need. The DNS is AD integrated on
both servers.
Now the question.
We have a DFS-RDC share on both servers so the profile path is
something like \\my.domain.com\user_folders\username

what happens is that sometimes the clients are very slow and I think
it is because the domain name is resolved with the IP of the slowest
"backup" server instead of the primary so the user's home are
connected to the slow server.

Is there a way to let the workstation to choose the primary server's
IP instead of the second?
I thought that the SRV records _tcp _udp _site _msdcs inside the DNS
structure could fix somehow this situation: I could set a different
priority to both servers and the client should use the highest server
in priority.
Unfortunately after any change I apply the DNS record changes back to
its default value of "0" "100" "port" "servername".

thanks for your

In news:63802a1c-5583-4782-9afa-085f624744b7@y5g2000hsf.googlegroups.com,
pink0.pallino@libero.it <pink0.pallino@libero.it> typed:
> We have two window2 2003 R2 servers, one as "primary" one as "backup".
> The latest one is old machine against the first one, so we would
> prefer to use it just in case of need. The DNS is AD integrated on
> both servers.
> Now the question.
> We have a DFS-RDC share on both servers so the profile path is
> something like \\my.domain.com\user_folders\username
>
> what happens is that sometimes the clients are very slow and I think
> it is because the domain name is resolved with the IP of the slowest
> "backup" server instead of the primary so the user's home are
> connected to the slow server.
>
> Is there a way to let the workstation to choose the primary server's
> IP instead of the second?
> I thought that the SRV records _tcp _udp _site _msdcs inside the DNS
> structure could fix somehow this situation: I could set a different
> priority to both servers and the client should use the highest server
> in priority.
> Unfortunately after any change I apply the DNS record changes back to
> its default value of "0" "100" "port" "servername".
>
> thanks for your

Because it is not being set correctly. The netlogon service will put it back
to what is set in the reg.

But I am somewhat confused. You first asked about changing which DNS server
it is using. Then you mentioned, rather implied, changing which DC you want
to respond to all of your clients.

If choosing a DNS server to use, honestly even if it is an older DC/DNS
server, it won;t matter because the client IP DNS config will determine
which DNS server it uses. It wil luse the first one. If there is no response
withing one second, it will then go to the second one thus removing the
first one out of the 'eligible resolvers list' for 15 minutes when it resets
the list. So even if it's an 'older' machine, it will still respond within
one second. And if the first one responds with a negative answer, then it
has an answer and will not look further because a negative answer is just
that, an answer. This is ALSO a really good reason to NOT use an ISP's,
router IP or any other DNS that has no reference to the AD zone, otherwise
expect AD errors.

To alter the SRV data, that must be done in the reg.

Maybe the client being slow is being caused by some other reason. We won't
be able to tell without additional information, such as an unedited ipconfig
/all of the two DCs and a sample workstation. This will give us a better
idea of certain config settings to give us a start in diagnosing it for you.

--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
MVP Microsoft MVP - Directory Services
Microsoft Certified Trainer

Infinite Diversities in Infinite Combinations

thank you for the reply and sorry if my question was not clear.
So, we have a class C dns so we are not ISP dependent and infact we do
not have any AD errors on this side
back to my question:
two servers:
A (192.168.1.200) is fast B (192.168.1.199) is slow
DFS-RDC share on both servers
DNS AD integrated on both servers

what suddnley happens is that my.domain.com is sometimes seen by
workstation as 192.168.1.200 and sometimes as 192.168.1.199
this means that the DFS share becomes \\192.168.1.200\share\myprofile
or \\192.168.1.199\share\myprofile

this means that clients resolvs my.domain.com as 192.168.1.199 use
the server B (slow) as file server
my question is if there is a way to have 192.168.1.200 as default
answer if a client request for this query
and use the .199 only if the server A is unavailable.
Looking inside the DNS configuration I saw that "priority" value to
check, but it seems not to work
now I am trying playing with the netlogon GPO settings but I don't
know if it the right way

thanks
(i used 192.168.1.x only as example, we have real addresses)


> If choosing a DNS server to use, honestly even if it is an older DC/DNS
> server, it won;t matter because the client IP DNS config will determine
> which DNS server it uses. It wil luse the first one. If there is no response
> withing one second, it will then go to the second one thus removing the
> first one out of the 'eligible resolvers list' for 15 minutes when it resets
> the list. So even if it's an 'older' machine, it will still respond within
> one second. And if the first one responds with a negative answer, then it
> has an answer and will not look further because a negative answer is just
> that, an answer. This is ALSO a really good reason to NOT use an ISP's,
> router IP or any other DNS that has no reference to the AD zone, otherwise
> expect AD errors.
>
> To alter the SRV data, that must be done in the reg.
>
> Maybe the client being slow is being caused by some other reason. We won't
> be able to tell without additional information, such as an unedited ipconfig
> /all of the two DCs and a sample workstation. This will give us a better
> idea of certain config settings to give us a start in diagnosing it for you.
>
> --
> Regards,
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
> MVP Microsoft MVP - Directory Services
> Microsoft Certified Trainer
>
> Infinite Diversities in Infinite Combinations- Hide quoted text -
>
> - Show quoted text -

In news:7a500506-b9e8-4db8-9f9d-2a12701e70b6@e25g2000prg.googlegroups.com,
pink0.pallino@libero.it <pink0.pallino@libero.it> typed:
> thank you for the reply and sorry if my question was not clear.
> So, we have a class C dns so we are not ISP dependent and infact we do
> not have any AD errors on this side
> back to my question:
> two servers:
> A (192.168.1.200) is fast B (192.168.1.199) is slow
> DFS-RDC share on both servers
> DNS AD integrated on both servers
>
> what suddnley happens is that my.domain.com is sometimes seen by
> workstation as 192.168.1.200 and sometimes as 192.168.1.199
> this means that the DFS share becomes \\192.168.1.200\share\myprofile
> or \\192.168.1.199\share\myprofile
>
> this means that clients resolvs my.domain.com as 192.168.1.199 use
> the server B (slow) as file server
> my question is if there is a way to have 192.168.1.200 as default
> answer if a client request for this query
> and use the .199 only if the server A is unavailable.
> Looking inside the DNS configuration I saw that "priority" value to
> check, but it seems not to work
> now I am trying playing with the netlogon GPO settings but I don't
> know if it the right way
>
> thanks
> (i used 192.168.1.x only as example, we have real addresses)

Your AD DNS domain IP will show up as both 192.168.1.200 and 192.168.1.199.
Why? That is the domain LdapIpAddress. That can be found under the
mydomain.com zone as:
(same as parent) A 192.168.1.200
(same as parent) A 192.168.1.199

Do not delete them. The netlogon service registers one for each DC in teh
domain. Besides, you are using DFS, which relies on fault tolerance by
having more than on esource. If one server is down, your DFS shares will
still be available.

If you want 192.168.1.200 to always answer, you have to make some reg
changes to the netlogon reg keys.

306602 - How to Optimize the Location of a DC or GC That Resides Outside of
a Client's Site [Includes info LdapIpAddress and GcIpAddress]: Use this to
set the good DC's LdapIpAddres priority higher than the bad one.
http://support.microsoft.com/?id=306602

Download details Windows Server 2003 Active Directory Branch Office Guide
v1.1:
http://www.microsoft.com/downloads/d...displaylang=en

Ace

On Jan 26, 6:32am, "Ace Fekay [MVP]" <PleaseAs...@SomeDomain.com>
wrote:
> Innews:7a500506-b9e8-4db8-9f9d-2a12701e70b6@e25g2000prg.googlegroups.com,
> pink0.pall...@libero.it <pink0.pall...@libero.it> typed:
>
>
>
>
>
> > thank you for the reply and sorry if my question was not clear.
> > So, we have a class C dns so we are not ISP dependent and infact we do
> > not have any AD errors on this side
> > back to my question:
> > two servers:
> > A (192.168.1.200) is fast B (192.168.1.199) is slow
> > DFS-RDC share on both servers
> > DNS AD integrated on both servers
>
> > what suddnley happens is that my.domain.com is sometimes seen by
> > workstation as 192.168.1.200 and sometimes as 192.168.1.199
> > this means that the DFS share becomes \\192.168.1.200\share\myprofile
> > or \\192.168.1.199\share\myprofile
>
> > this means that clients resolvs my.domain.com as 192.168.1.199 use
> > the server B (slow) as file server
> > my question is if there is a way to have 192.168.1.200 as default
> > answer if a client request for this query
> > and use the .199 only if the server A is unavailable.
> > Looking inside the DNS configuration I saw that "priority" value to
> > check, but it seems not to work
> > now I am trying playing with the netlogon GPO settings but I don't
> > know if it the right way
>
> > thanks
> > (i used 192.168.1.x only as example, we have real addresses)
>
> Your AD DNS domain IP will show up as both 192.168.1.200 and 192.168.1.199..
> Why? That is the domain LdapIpAddress. That can be found under the
> mydomain.com zone as:
> (same as parent) A 192.168.1.200
> (same as parent) A 192.168.1.199
>
> Do not delete them. The netlogon service registers one for each DC in teh
> domain. Besides, you are using DFS, which relies on fault tolerance by
> having more than on esource. If one server is down, your DFS shares will
> still be available.
>
> If you want 192.168.1.200 to always answer, you have to make some reg
> changes to the netlogon reg keys.
>
> 306602 - How to Optimize the Location of a DC or GC That Resides Outside of
> a Client's Site [Includes info LdapIpAddress and GcIpAddress]: Use this to
> set the good DC's LdapIpAddres priority higher than the bad one.http://support.microsoft.com/?id=306602
>
> Download details Windows Server 2003 Active Directory Branch Office Guide
> v1.1:http://www.microsoft.com/downloads/d...D=9353a4f6-a8a...
>
> Ace- Hide quoted text -
>
> - Show quoted text -

Ace, thank you for your reply.
I have been told how roughly DFS works: it seems that at logon the
workstation asks which are the DC that act as DFS namespace holder,
then with a simple ping the workstation uses the "nearest" DC
Ok, It is true I am using the DFS technology as backup server which
maybe is not properly correct, but I think it works fine, but if the
workstation pings the nearest server how can I choose the "primary"
and "secondary" ?

I think your hints are good for DCs located in different sites, while
my ones are in the same site, same subnet, same switch. I know this is
bad but we have to wokr with the resources we have :P

thanks

In news:7d4d74bf-5789-4c53-9d45-fc5fec9e92f9@s12g2000prg.googlegroups.com,
pink0.pallino@libero.it <pink0.pallino@libero.it> typed:

> Ace, thank you for your reply.
> I have been told how roughly DFS works: it seems that at logon the
> workstation asks which are the DC that act as DFS namespace holder,
> then with a simple ping the workstation uses the "nearest" DC
> Ok, It is true I am using the DFS technology as backup server which
> maybe is not properly correct, but I think it works fine, but if the
> workstation pings the nearest server how can I choose the "primary"
> and "secondary" ?
>
> I think your hints are good for DCs located in different sites, while
> my ones are in the same site, same subnet, same switch. I know this is
> bad but we have to wokr with the resources we have :P
>
> thanks

It selects the nearest DC based on Site configuration. If two DCs are in the
same site, you can't choose a primary other than following those links on
how to force priority in the netlogon registry entry.

Ace