Active Directory Domain gotcha

time

Storage? I am Storage!
Joined
Jan 18, 2002
Messages
4,932
Location
Brisbane, Oz
When it came time to connect the workstations to this Windows 2008 R2 server, I ran dcpromo. Four to five hours later, I conceded that the installation had been destroyed and formatted the boot drive (a new installation wanted to backup the wreckage). I chatted with Chewy about this last night, and found reports of the syndrome from 2009, but no evidence that Microsoft has ever tried to fix it.

What appears to cause it most of the time is that Active Directory insists on disabling caching on the drive that houses its repository. Unfortunately, both Intel and AMD onboard disk controllers don't appreciate that and Windows becomes non-responsive. Even when it appears to finish up to 3 hours later, the ordeal resumes with a pointer on a black screen after the reboot.

It doesn't happen in every situation, but obviously any time is catastrophic. Solutions may involve something as trivial as changing the brand of boot drive. :eek:

I think it afflicts you when you're using an IDE rather than AHCI driver. This was a problem for me because I only had two options for the boot drive: IDE and RAID, and RAID wants at least two drives (and then there's the Windows installation hassles).

You can bypass the problem with AMD RAID, but I think that's because AMD ignores the Windows setting and forces write through (only in a RAID).

In the end, I've opted to let Active Directory store its crap on the data array, because as I said, I think it's write through already. It completely ruins my failover strategy, but I'm now past caring. I won't try this again unless it's a non-M$ environment.

P.S. You can mostly predict this by turning off caching yourself and seeing what happens.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,275
Location
I am omnipresent
That's... curious. And I'm not sure I've ever seen that behavior, though I do know that I've run into unusually unresponsive Windows Servers a couple times.
 

Chewy509

Wotty wot wot.
Joined
Nov 8, 2006
Messages
3,357
Location
Gold Coast Hinterland, Australia
Reading the links time gave me, when you run 'dcpromo' to create the DC, it'll attempt to turn off write caching on the drive that houses the active directory database. It's that turning off of the write cache that may not work on some systems, is causing the issue. Now this could be a chipset thing, or even a BIOS thing.

Myself personally, have only installed Win2K3/2K8 in either a VM (for testing) or on HP ML310/350 series servers in the last 4-5 years, and have never come across that issue. (It appears to only effect servers that use PATA/SATA controllers and not SCSI/SAS controllers, and in the case of the VM, the VM Software does honor the request).

This is just one of those items that one keeps in the back of the head somewhere, in case it pops up again.

PS. Glad you got it working
 

Bozo

Storage? I am Storage!
Joined
Feb 12, 2002
Messages
4,396
Location
Twilight Zone
Why not go into Device Manager and turn off write caching first, reboot, and then run dcpromo?
 

time

Storage? I am Storage!
Joined
Jan 18, 2002
Messages
4,932
Location
Brisbane, Oz
See my PS, you may well see similar behavior - I did. The difference is you haven't got an OS hellbent on continuing to try regardless.
 

time

Storage? I am Storage!
Joined
Jan 18, 2002
Messages
4,932
Location
Brisbane, Oz
Here's a handy tip I forgot to mention.

My successful install occurred in a motel room without internet access (except for a WiFi laptop). Windows was very unhappy about this and refused to continue dcpromo without a network connection.

Fortunately, there was an unused network connection in the wall (it may or may not have been connected to a switch, but I certainly didn't have access to anything). I plugged the server into that and dcpromo was happy.

FFS ...
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,275
Location
I am omnipresent
That does make a certain amount of sense, since dcpromo is if nothing else going to involve installing a DNS server for a domain it can manage. If the only options are the reserved APIPA and loopback ranges, it makes sense that it would barf.
 
Top