Loss of a Domain Controller
When a domain controller fails, the Kerberos service running at the clients will become aware of the loss when the locally cached Kerberos tickets time out and the Kerberos service attempts to renew them. When the client realizes that its logon server is not responding, it queries DNS for alternative domain controllers and uses one of them to reauthenticate. The user is none the wiser.
If the failed domain controller is the only domain controller in a site, the clients must reauthenticate across the WAN. This slows down the authentication, depending on the speed of the site link. During the period when a local domain controller is unavailable, LDAP queries such as searching for printers or using Outlook in an Exchange ...
Get Inside Windows® Server 2003 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
