Hi,
I have been searching all over the net but am unable to find any indication of the best way to have my specific infrastructure configured.
Current configuration:
7 sites with one of those being Head Office.
1 local domain.
Head Office has 1 physical DC (2008 R2) which holds all FSMO roles and is a Global Catalogue server.
A secondary DC is a VM (also a GC & 2008 R2) hosted on a HVA Failover Cluster (2008 R2) with CSV's. Each of the 3 nodes is a member server of the domain.
Each branch office has a host member server with only the Hyper-V role installed. Each of those has a local DC VM (GC & 2008 R2)
All branches connected by a private MPLS network, 4 sites with 10mb, and 2 with 20mb - Head Office also has a 20mb connection. (so, fairly quick WAN links)
Local branch ADSL as a backup.
At the weekend we had to power off Head Office for the electric meters to be changed. Everything was safely powered off, but i had issues when powering on again.
Powered the physical DC (FSMO) first, then powered on the SAN and the 3 cluster nodes.
The cluster service wouldn't start - authentication failure.
Checked the logs on the DC and it was receiving event id 2092. Which states that the "FSMO-owning AD LDS instances are required to in-bound replicate a particular partition on service start-up in order to satisfy initial synchronization requirements."
DNS was also unable to start.
The closest DC is a VM held on the cluster and unable to start.
DNS config: Head Office physical DC1 has itself as first server (actual IP address, not loopback) then DC2 as secondary.
Head office DC2 (VM) has itself as first DNS (again IP address not loopback) then DC1 as secondary.
To get the physcial DC to perform inbound replication I had to add an entry to the hosts file to point to one of the branch DC's and set secondary DNS to the same server, then manually replicated with that server through AD Sites & Services.
Once that was complete and replication successful I was able to start the cluster service and power on the VM's.
From everything I have read MS recommend to have a physical DC in the same site as a Failover Cluster. Which I have got, all be it the FSMO owner, which cannot replicate with another DC upon start up, from the same site as it is located on an un-available cluster.
So my question is where should the FSMO roles be placed?
As far as I can see I have a couple of options.
I could create another physical DC in Head Office, starting both would enable replication with each other.
Or is it safe (recommended?) to place the FSMO roles on the DC VM in Head Office. Therefore the physical server would just be a DC - but wouldn't be able to replicate to the FSMO holder until the cluster was online. But if the cluster came online the Virtual
FSMO holder could replicate with the physical DC.
Or I could leave the host entry where it is, and wait for the physical FSMO holder to sync with the branch DC. Would this take a long time?
Any advice offered would be greatly appreciated
Thanks