Skip to main content
Question

Active Directory Domain Contoller(s) or DNS servers configured on the UVMs in the cluster

  • November 12, 2019
  • 1 reply
  • 1731 views
A
Hello,My client has this alert "Active Directory Domain Contoller(s) or DNS servers configured on the UVMs in the cluster" due the fact that he moved his domain controller on the nutanix cluster. His environment is 100% Hyper-V, and he is totally aware that SMB3 share of the nutanix cluster, requires authentication from the domain. In order to avoid that my client created ISCSI volumes and presented them to his Hyper-V environment, on which he moved his domain controller, trying to avoid that type of failure if everything goes down after a power failure and when everything comes up, the domain controller to be able to boot prior of the authentication.Please let us know what's the best approach for this matter and what's your recommendation for this kind of setup, especially when all the domain controllers are virtualized.Regards,Adrian
    This topic has been closed for replies.

    1 reply

    Alona
    Nutanix Employee
    Forum|alt.badge.img+5
    • AlonaNutanix Employee
    • Nutanix Employee
    • November 13, 2019

    @Adrian-Liviu 

    Please correct me if I am wrong in my understanding of the problem, ISCSI volumes are presented from within the Nutanix cluster hence the AD is still configured as a user VM within the Nutanix cluster.

    Prism Web Console Guide: Alerts/Health Checks Table 57 describes the error and states that

    “There should be at least one domain controller and DNS server running outside Nutanix cluster, that can be used by failover cluster in case locally running DC/DNS servers are failed”

    with the impact field containing:

    Failover cluster will fail to start after the Nutanix cluster starts and stops (due to power failure for example), as it depends on availability of domain controllers and dns servers which will result in User VM downtime

    As Per Microsoft:

    To allow the nodes, disks and other resources on a clustered computer to auto-start, authentication requests from the clustered computer must be serviced by a DC in the cluster computer's domain.

    To ensure that such a DC exists during cluster OS startup, deploy at least 2 domain controllers in the clustered host computer's domain on physical hardware. The physical DCs should be kept online and be network accessible (in DNS + all required ports and protocols) to the clustered hosts. If the only DC’s that can service authentication request during cluster startup reside on a cluster computer that is being restarted, authentication requests will fail and manual recovery steps will be required to make the cluster operational. 

    There is also a Microsoft Support article Things to consider when you host Active Directory domain controllers in virtual hosting environments

    Please let me know if this is helpful.

    Terms & ConditionsAccessibility statement