Overview

While trying to configure 2 domain controllers' operability, Kerio Control cannot pick up the secondary server connection in failover mode. Kerio Control cannot establish the connection to the second DC, reporting the domain server is offline. The error displayed is "Cannot contact domain controller right now".

However, the second server can be pinged by other computers in DC.

This article describes how to configure AD failover for Kerio Control in Windows Server 2016 environment.

Prerequisites

Windows Server administration experience is highly recommended

Solution

In Kerio Control Interface settings, make sure the DNS server of LAN interface is pointing to your DC servers.

In Windows Server Network Connection settings -> Properties, make sure the IP address, DNS server, and Gateway are set correctly.

DC01 settings

DC02 settings

While joining Kerio Control to DCs, specify the correct settings for both Primary and Secondary servers.

Testing and important considerations

To test redundancy power off the DC01, Kerio Control will still remain in the domain. The secondary server (DC02) will pick up the Failover connection while clicking Test Connection button.

If Kerio Control cannot reach the DC servers automatically and you see "Kerio Control is unable to locate the domain controller. Please specify the IP address" error, you need to configure DNS settings properly.

In DNS, enable custom DNS forwarding and specify your IP addresses of DC servers.

Additionally, Edit Hosts table mentioning your DC servers.

Important: make sure to clear the DNS cache so Kerio Control can repopulate the settings.