Additional Domain Controller not Providing Fail Over

[Lonniebiz]

I recently upgraded my two zentyal domain controllers to 3.4 from 3.3.10.

I was unable to successfully upgrade by just clicking the "Upgrade to 3.4" button. I upgraded by backing up my configuration and then installing 3.4 onto both servers and then restoring their respective configurations.

Everything works fine when the Additional Domain Controller is turned completely off. But when it is on, some people cannot login to their workstation.

Both of these servers are providing DHCP and DNS. I have two dhcp pools, one on each server.

In 3.3.10, I could turn off either one of these servers and users could function normally as long as one of them is on. With either server on, they could successfully:
1) Log into their workstations
2) Access file shares located on windows servers
3) Received a DHCP issued IP address
4) Access Internet Web Pages

In 3.4.3, if I turn off the Primary Zentyal domain controller (while leaving the additional domain controller on):
1) Some users cannot Login to their workstations, but some can oddly enough.
2) Many users who can login to their workstations cannot access all of the file shares located on windows servers on the LAN

I've confirmed however, that Active Directory replications is occurring, for example
1) If I add a user on the Primary Domain Controller, it promptly appears in the Zentyal Web Interface of the Additional Domain controller
2) If I add a user using the Additional Domain Controller, it promptly appears in the Web Interface of the Primary Domain Controller
3) Same is true when I delete users from either of these servers.

So, the additional domain controller is working to some degree, but when it is turned on it has a negative effect on some user's ability to login to their workstations and those who can have issues accessing certain windows shares.

In 3.3.10, this additional domain controller worked flawlessly as a fail over. I could turn either of my domain controllers off and users would keep accessing every thing they needed to. Since upgrading to 3.4.3, I have to turn this additional domain controller completely off to not experience access problems.

The next thing I'm going to try, is just redoing the additional domain controller from scratch (freshly joining it to the domain).

I'll report back here what that accomplishes.

To me, these services in Zentyal should be priority number one; nothing is more fundamental than having a healthy domain controller and a fail over domain controller (so that the whole LAN doesn't come to a halt if the primary goes down).

[Lonniebiz]

Well it turns out that you cannot restore the configuration for an additional domain controller:

Code: [Select]

Restore is only possible if the server is the unique domain controller of the forest
Also, unfortunately, if you trying to create a new Zentyal server with the same name and ip address of a currently dead domain controller, you'll get error telling you that LDAP object already exists.

Making matters worse, there is no where in the Zentyal Web Interface to remove all remnants of a previously added domain controller.

If you go to here:
Zentyal Web Interface > OFFICE > Users and Computers > Manage

You'll see an entry in the tree structure for domain controllers, but uselessly, it doesn't list any of the ones you've previously added. If it did, that would be good place for the developers to provide a way of deleting a domain controller from LDAP. So you could then add it back again with the same name and IP address without receiving "already exists" error.

At this point, I've tried 5 fresh installations attempting to get this additional domain controller back online. This time I'm going to try giving the server a different name and ip address and see if I then have better success joining it.