2nd controller does not work

I have 2 computers Nethserver 7.9.2009

Host: ad1.ns.local (
DNS: ,
Host: ad2.ns.local (

Nethserver nsdc controller
My domain controller is:
ase DN dc=ns,dc=local
Bind DN ldapservice@NS.LOCAL
LDAP server URI ldaps://ns.local
Active Directory IP
User DN dc=ns,dc=local
Group DN dc=ns,dc=local

The computers on the network have the following dns and
Users are replicating between the hosts ad1.ns.local and ad2.ns.local
Internet works on the computers only if ad1.ns.local is enabled
When I turn off ad1.ns.local the Internet stops working although the computer ad2.ns.local works
does not take over as backup controller.

What is wrong in my configuration?
What should I correct?

Best regards



You are aware that NethServer does NOT support a multi-controller AD?

And then it’s running on .local, something no one should use anymore. Even Microsoft doesn’t suggest using .local, .lan or any “fantasy” domain anymore…

It would also help, if you give some info on what is your router / network looking like?
Where is the Internet connection.
What box is doing DHCP / DNS for the LAN…

My 2 cents

You do realize that NethServer does NOT support AD with multiple controllers?

I didn’t know that. Then what is the point of adding a 2nd host to the domain?

And on top of that it runs on .local, something no one should be using anymore. Even Microsoft no longer suggests using .local, .lan or other “fancy” domains…

And why is that? I don’t need to expose anything to the internet so why should I use a global domain?

It would also be helpful if you provided some information on what your router/network looks like?
Where is the connection to the internet.
What box is doing the DHCP / DNS for the LAN…

My router assigns addresses via DHCP by sending DNS addresses to computers on the network. The DNS addresses come from the Nethserver servers

And additionally I do not know where it is better to run the DHCP server (on the router or on the Nethserver domain controller ?

RTFM means “Read the FINE Manual” - and it does help if you inform yourself before doing anything.

Some people want a seperate file server, with the same users / groups…
Some others a seperate mail server…

  1. Best practices.
  2. It gives you the option for a LetsEncrypt, which you might need for some Java / PHP based Apps for AD authentification. These Apps will not accept a self generated ssl cert - and some like Erp are really ONLY for internal use.

Some routers don’t even give you the option of turning off DNS / DHCP…
If possible, use the NethServer’s DNS and DHCP for your clients.

If you need a failover, there IS a Hotspare option…

My 2 cents

Thank you for your reply

I am not familiar with this solution ie Hotspare. Where can I learn about it? The main thing I care about is that if my VM fails, I want a backup controller to take over the domain role - so I have time to fix the situation.
If I move network addresses (dhcp) from my router to Netserwer, I will not have network addressing in addition to lack of authentication.

This can be a bigger deal than one realizes at first. Just yesterday I was finally able to authenticate my Nextcloud hosted on TrueNas Core against my NS SAMBA/AD machine with the process being 10 times easier with a valid SSL cert on the SAMBA/AD container.



Hi Adam

Sorry for the late reply, I was at a clients the whole afternoon…

In Software Center, you’ll find this:

Bildschirmfoto 2021-10-30 um 03.43.56

It runs - like most open source stuff - as beta more stable than a lot of Redmonds stuff!
The real name is Hotsync, docs are here:


Hotsync can cover both issues! :slight_smile:
Best of all: it runs on “real” servers, but just as well on a VM!

Hope this helps!

My 2 cents

1 Like