General discussion

Locked

User/client Internet access when Server goes down/unavailable

By mike ·
At the risk of appearing stupid?.
How best to ensure User/client Internet access when Server goes down/unavailable ?

Scenario
Client User logs onto Domain Server
Server goes down
OR Server is down before user logon

In any case I want client user to have access to Internet (When connected to server clients have automatic settings via DHCP)

This would appear to be simple - make an Alternative Configuration in Network Settings with all the correct IP, Gateway, DNS (of the ISP). When the server goes down the user can still login using their server user name and password as if on the Server (1) but actually it will only log on to their local PC and then, unable to find the server (DHCP, not working) the network connections will switch to the Alternative Configuration Network settings (2) Ha!

(1) http://technet.microsoft.com/en-us/library/cc755473(WS.10).aspx
All previous users' logon information is cached locally so that, in the event that a domain controller is unavailable during subsequent logon attempts, they are able to log on . If a domain controller is unavailable and a user's logon information is cached, the user is prompted with a message that reads as follows:
Windows cannot connect to a server to confirm your logon settings. You have been logged on using previously stored account information. If you changed your account information since you last logged on to this computer, those changes will not be reflected in this session.
(I am using reserved IP addresses on the server) and then I set the Alt Configuration with the same IP address that would be provided by the server.

(2) http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_tcpip_pro_altconfig.mspx?mfr=true
If a DHCP server is not reached after approximately 60 seconds or leased configuration fails, the computer uses the setting on the Alternate Configuration tab to determine whether to use APIPA for automatic TCP/IP configuration or to configure TCP/IP with the alternate configuration. When APIPA is used, Windows TCP/IP uses an address in the APIPA IP address range (169.254.0.1 through 169.254.255.254) and the subnet mask is set to 255.255.0.0.

IS this Important Because I am using ip address range 192.168.1.100-200, and subnet mask of 255.255.255.0 - (on reflection I think this is irrelevant)


BUT after waiting the 60 seconds the old DNS settings (as from the server) remain, it did not pickup the settings from the Alternate Configuration (can't discover why) so. no internet connection because now the client PC does not have the ISP's DNS settings - UNLESS I do an ipconfig/release/renew. To pick up the Alternative Configuration Settings. BUT to do this you need to be an Administrator, which of course the user is not! HOWEVER Setting up each user as a user within Network Configuration Operators Group on the Domain should allow users to use the ipconfig/release/renew. Facility Then they can reset the network connection and get the internet back. (I have created a batch file that will ipconfig /release, ipconfig /flushdns, ipconfig /renew. they can click on their desktop) UNFORTUNATLEY I Cannot get this to work ! IT APPREARS that this setting on the server ONLY applies to users of the server and has Nothing to do with client users.
NOTE: OK. I confess, I can get it to work BUT ONLY adding the domain user into the Network Configuration Operators group on the local client! Which means I have to go to every machine!seems to defeat the idea of AD/GP ?
Even local PC logoff/logon/reboot did not cause the Alternative Config Settings to be used!
If I do all the above as an administrator-BINGO ! everything works.
BUT I cannot get this to work as a user -probably because I cannot get the Network Configuration Operators Group setting to take effect. Unless N.B. above
There do not appear to be any other settings (I cannot find any) in the User or Computer GP that prevent them using network setting. In fact I disabled the link on all the GP's for these Computers and Users and rebooted the Client still no joy. Perhaps a GP Tattooed the registry on the Client PC. I can never really find a definitive list of which GP?s DO tattoo the registry. (anyone?)
Seems a little bizarre ?

MY FIX to all this it to set each machine so that the regular user of that machine has the domain user name into the Network Configuration Operators group. Then install my refresh.bat file into the clients systems32 and an icon on the desk top to trigger the Network Setting refresh - then the user can get to internet of the server goes down.
IF the server is unavailable at logon (from cold) the user can logon using his/her normal domain logon and password, it takes a few minutes (seems long time) but eventually the system comes up. Of course No Internet as the machine still has the original DNS setting as remembered previously from the server)_ the User clicks my Refresh Icon - a 50 second delay then BINGO the internet works as the Alternate Configuration takes effect!

PHEW ! Jeepers, I think I'd better take a deep breath!
This all seems very convoluted can anyone suggest a better way? ? I must be going mad/stupid.

Other Info
I have set the server according to http://support.microsoft.com/kb/825036
Do not configure the DNS client settings on the domain controllers to point to your Internet Service Provider's (ISP's) DNS servers. If you configure the DNS client settings to point to your ISP's DNS servers, the Netlogon service on the domain controllers does not register the correct records for the Active Directory directory service. With these records, other domain controllers and computers can find Active Directory-related information. The domain controller must register its records with its own DNS server.
PAUSE-My comment - However the Client's PC Alternative Configuration setting MUST point to the ISP's DNS addresses - otherwise no connection !AND each Client must have a different IP(obvious. I use the same reserved IP that they would get from the server. Continued...
To forward external DNS requests, add the ISP's DNS servers as DNS forwarders in the DNS management console. If you do not configure forwarders, use the default root hints servers. In both cases, if you want the internal DNS server to forward to an Internet DNS server, you also must delete the root "." (also known as "dot") zone in the DNS management console in the Forward Lookup Zones folder.

This conversation is currently closed to new comments.

0 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Back to Networks Forum
0 total posts (Page 1 of 1)  

Related Discussions

Related Forums