Hi Karl, That’s interesting.
I just tried what you suggested and it seems that things are *almost*, but not quite set up to work in that way in the company I work for. So, the domain is “global.arup.com” and when I ping “global.arup.com”, the IP address I get back is the same as one of the AD servers I spoke about in the initial email. That would imply that some kind of load balancing is taking place around the AD servers. However, when I try to use “global.arup.com” as an AD server, I get the following connection status: Threw exception: 'Authentication problem authenticating admin user 'stgserver': [LDAP: error code 49 - 80090303: LdapErr: DSID-0C0904BD, comment: The digest-uri does not match any LDAP SPN's registered for this server., data 0, v1db1�]' If I use the name of the server pointed to by “global.arup.com” (in this instance, “globalad5”), then the connection status becomes “connection working”. Does the error message make any sense? Adrian From: Karl Wright [mailto:[email protected]] Sent: 12 October 2015 12:48 To: [email protected] Subject: Re: Active directory servers and failure cases Hi Adrian, In some installations I've seen evidence that AD itself can be configured to do "load balancing" of the kind you describe. In such installations, if you access the domain controller through DNS, e.g. "thedomain.com<http://thedomain.com>", you reach one of a number of different machines, automatically. The exact place I've seen this is in the context of a large network that was being crawled using JCIFS, which had multiple domain-based DFS roots. Resolving each such root required a back-and-forth with a domain controller, of which we eventually realized there were more than one. (And at least one of them was out of synch, which caused us no end of trouble.) MCF doesn't try to recreate that kind of load balancing, since it would appear to be a duplication of effort, but it's possible that our current AD authority doesn't play well in such an environment. If that's the case, we should fix it, rather than create our own idea of a load balancer. Thanks, Karl On Mon, Oct 12, 2015 at 7:39 AM, Adrian Conlon <[email protected]<mailto:[email protected]>> wrote: Hi List, We’ve got a problem with Active Directory failure resiliency, and I wonder if anyone has any good ideas. We’ve got a number of active directory servers available that are (as I understand it) mirrors of each other. Every now and then these servers go wrong (or certainly stops responding). At the moment, I’ve configured an Authority Group, with a single Authority Connection, that uses a single Domain Controller. What I’d like to be able to do is associated multiple domain controllers with a single authority connection, such that the connection spreads the load across all of the available domain controllers and tries the next available controller if one stops responding. Does that sound possible? Indeed, is it a good idea? Or have I missed something in the currently available ManifoldCF configuration that would allow this already? Thanks, Adrian ____________________________________________________________ Electronic mail messages entering and leaving Arup business systems are scanned for acceptability of content and viruses
