________________________________________________________________________
Why some applications malfunction when one of the Domain Controllers is down?
- Or -
How to switch to disaster recovery site without booting my clients
Every Sysadmin installs at least two Domain Controllers on his domain for redundancy and
fault tolerance. But what actually happens when one of the DC's is down?
If you do a simple and disconnect one of your DCs from the network, you'll see that about
half of the workstations and member server who hasn't booted since the DC is down are
experiencing problems such as sluggishness, performance issues and some of the
applications simply stop working. The reason for that is the way Netlogon works.
Netlogon is the process which is responsible, among other tasks, to detect Active Directory
environment and the closest DC. The detection process is called DC Locator.
It is implemented in the NetAPI.DLL in a function named dsGetDCName and invoked by the
Netlogon service when the service starts. The DC Locator process sends a request to all
Domain Controllers in the domain and waits for them to respond. Once responded,
Netlogon caches the Domain Controller who was first to respond and saves its details
in the cache. From that moment, every call made by any application for the dsGetDCName
function returns this DC.
The DC Locator process does not re-check the availability of the cached DC periodically..
Therefore, if this DC is gone for any reason, workstations and member servers who have already
cached this DC remain with the faulty cache until the workstation is rebooted. As a result,
any application that needs to access the DC (and call the dsGetDCName for it) receives the
faulted DC and is expected to have problems when trying to connect to it.
In the last years, fault tolerance became an essential requirement in many organizations.
Many enterprises implement expensive disaster recovery sites, buy expensive clusters and
replicate data to at least one additional location.
When the disaster does happen and the main site is going down, this limitation will cause
you lots of trouble until you reboot your entire organization.
In order to overcome this issue, we built a free tool that checks availability of the DC found
in the Netlogon cache every given interval. The availability check is (currently) a simple Ping.
If the DC responds to the Ping, the tool waits until the next interval takes place.
If the DC does not respond, the tool refreshes the Netlogon cache, causing it to find an
available DC and cache if for all applications.
The tool, named 'RefreshDCCache' can be downloaded here.
The tool does not require installation in order to run.
Details:
RefreshDCCache 1.0
This program refreshes Netlogon's domain controller cache.
Refreshing the Netlogon's domain controller cache ensures that applications which uses
the 'dsGetDCName' API call will continue to work even if one of your domain controllers is unavailable.
Syntax:
RefreshDCCache [/installsvc | /uninstallsvc] [/Interval:x]
If arguments are omitted, RefreshDCCache will display the currently cached DC and ping it.
If DC is unavailable, the cache will be refreshed and the new DC will be displayed.
/InstallsSVC Installs this command as a service from the current directory. Only valid if RefreshDCCache service is ot installed.
/UninstallSVC Uninstalls the service. Only valid if RefreshDCCache service is installed.
/Interval:x Sets the interval (in seconds) in which the DC availability check occurs.
This command is brought to you by Smart-X. www.smart-x.com
Disclaimer:
This software, available from Smart-X is a Beta FREEWARE. It is not in the Public Domain.
Smart-X Software Solutions LTD. retains the copyright for this work. You can use it freely but
do not claim it for your own or charge others money for it.
Use this tool at your own risk. It is provided for your own personal use and enjoyment and
Smart-X does not provide any warranty for them, nor will they be held responsible for any result
allegedly caused by use or misuse of this tool.
.jpg)
