Troubleshooting Automatic Site Coverage - Sites and Services

  • 580 Views
  • Last Post 08 March 2016
idarryl posted this 04 March 2016

Hello Folks,
How does one go about troubleshooting automatic site coverage?  I have a site that has no auto site coverage for one domain (but does for other domains in the forest).  My DC's for that domain seem to have decided that they don't need to cover that site.
It started when I moved the last DC out of that site and put a /32 subnet in sites and services (because I want to decommission it).
Member servers on the site know they are still a member of the site, but a nltest /dsgetdc shows them bouncing between several sites for a DC.  Furthermore, in DNS the <domain>_sites\<site> is missing (think that's where I need to look).
I've tried a DCDIAG /fix on the DC's in the domain, so they re-register their srv's, but no joy.  The site does have a site link, I know that can be an issue, but I ruled that out.
Thoughts?
~
Darryl

Order By: Standard | Newest | Votes
Techman06 posted this 04 March 2016

It's been awhile since I have touched this.  Take a look at this to see if it may help:
https://blogs.technet.microsoft.com/askds/2011/04/29/sites-sites-everywhere/
Gary G. Gray
g3@xxxxxxxxxxxxxxxx

-------- Original Message --------
Subject: [ActiveDir] Troubleshooting Automatic Site Coverage - Sites and
Services


show

ZJORZ posted this 04 March 2016

Hi,




Site coverage is by default enabled unless you have some gpo settings in place that prevent that.




At high level...

Every DC for each domain retrieves a list of sites that already have DCs for the same domain, and it also retrieves a list of sites that do not yet have a DC for the same domain. Based upon both lists a DC determines to register SRV records using the following

logic in the order specified:

• lowest site link cost between the site with the DC and the site that does not have DCs for the same domain

• if multiple sites have the same lowest site link cost to the site that does not have DCs for the same domain, the DC only registers the SRV records if it is in a site that has the larger number of DCs compared to the other site with DCs for the same

domain that has the same lowest site link cost

• if the sites with the lowest site link costs to the site that does not have DCs for the same domain also have the same number of DCs for the same domain, then the alphabetic order of the site name determines which DCs in a specific site will register

the SRV records




To troubleshoot site coverage stuff use netlogon debugging



Met vriendelijke groet / Kind regards,


Jorge de Almeida Pinto



E-Mail:

JorgeDeAlmeidaPinto@xxxxxxxxxxxxxxxx



Tel.: +31-(0)6-26.26.62.80



(+++Sent from my mobile device +++)


(Apologies for any typos)

show

idarryl posted this 05 March 2016

Thanks Gary,
I've read that article previously and followed its advice; which led me to check that the site had site link, which it does.  Other than I missing site link, I can't find another explanation as to why a site without a DC wouldn't be covered by automatic site coverage. 
~
Darryl

show

idarryl posted this 05 March 2016

Thanks Jorge,
I hadn't realised it could be done via GPO, I thought only in the registry; so thanks for the heads up and I've ruled that out.
The high level logic you explained was pretty much my understanding as well, and my and a colleague have manually calculated the result based on the algorithm, and know which site should should be covering it. 
The Netlogon debug is a good call thanks call.  I found this good article (you might know the guy :-) ), which led my to the netlogon debug article.  I'll enable on the DC that should be covering the site and report back.
~
Darryl

show

idarryl posted this 07 March 2016

Jorge, thanks for helping me solve the issue.
the netlogon debug showed that an RODC in US-MA-CAMBRIDGE, on a lower cost site link, was 'partially' covering the site US-MA-SUNGUARD :
03/05 12:34:01 [SITE] [6788] GC: US-MA-SUNGUARD: Site is auto covered by site 'US-MA-CAMBRIDGE'.03/05 12:34:01 [SITE] [6788] DC: US-MA-SUNGUARD: Site is auto covered by site 'US-MA-CAMBRIDGE'.03/05 12:34:01 [SITE] [6788] NDNC: US-MA-SUNGUARD: Site is auto covered by our site.
I find two things odd about the issue; I thought sites with RODC's weren't considered for automatic site coverage and the 'nltest /dsgetsitecov' on the server in US-MA-CAMBRIDGE didn't state that is was covering US-MA-SUNGUARD.
On a side-note, does anyone know how to query for a list of sites that aren't covered by automatic site coverage?
ThanksDarryl
~
Darryl

show

ZJORZ posted this 07 March 2016

Hi, RODCs by default  DO NOT perform site coverage.  What do you mean with “partially”? Met vriendelijke groeten / Kind regards, Jorge de Almeida Pinto*: JorgeDeAlmeidaPinto@xxxxxxxxxxxxxxxx(: +31 (0)6 26.26.62.80 Description: Description: Description: Description: Think Green 

show

idarryl posted this 08 March 2016

That's what I thought, US-MA-CAMBRIDGE has one RODC that's a GC, as you can see in the Netlogon log the first two lines state that US-MA-CAMBRIDGE is autocovering the US-MA-SUNGUARD site for GC and DC, but not NDNC (that's what I meant by 'partially' covering it):
03/05 12:34:01 [SITE] [6788] GC: US-MA-SUNGUARD: Site is auto covered by site 'US-MA-CAMBRIDGE'.03/05 12:34:01 [SITE] [6788] DC: US-MA-SUNGUARD: Site is auto covered by site 'US-MA-CAMBRIDGE'.03/05 12:34:01 [SITE] [6788] NDNC: US-MA-SUNGUARD: Site is auto covered by our site.
I also checked the RODC HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters\AutoSitCoverage, and that's set to 0
~
Darryl

show

Close