How should I configure my Active Directory servers so that if one goes down, users are not kicked off SQL?

Posted by Matty Brown on Server Fault See other posts from Server Fault or by Matty Brown
Published on 2012-07-05T20:20:13Z Indexed on 2012/07/05 21:18 UTC
Read the original article Hit count: 338

Today, we shut down one of our Active Directory servers during office hours to check the loading on a UPS. Since all the server did was provide Active Directory in a separate building incase the main building caught fire, or whatever, we didn't think it would have any effect on our users.

Seconds after the server was shut down, we had a dozen phone calls from users experiencing this issue:- [Microsoft SQL Server Login] SQLState: '28000' [Microsoft][ODBC SQL Server Driver][SQL Server]Login failed. The login is from an untrusted domain and cannot be used with authentication.

Once we realized what had happened, we quickly rebooted the down Active Directory server. Problem solved.

But why did this happen. And what if one day a server has a breakdown and is offline for hours, or days? Shouldn't the other Active Directory servers in the domain service authentication requests without disruption to users?

We have 3 Windows Server 2003 Standard servers running Active Directory as Domain Controllers with Global Catalogs, all physically located on the same network at Gigabit speeds.

I believe the domain was originally Windows Server 2000, or maybe even NT 4.0. Could the issue be to down to old Group Policies inherited from these old server OS's, or some default setting in Active Directory that needs changing?

© Server Fault or respective owner

Related posts about active-directory

Related posts about sql