workstation migration port question
- From: "no" <keith_helen@xxxxxxxxxxx>
- Date: Thu, 07 Jul 2005 01:22:32 GMT
Hi,
I'm in the process of migrating approximately 10,000 workstations as the pc
tech lead for the project. The pc's are located across the country,
including mexico and canada. The new active directory structure is and
empty forest with 2 child domains that are basically different companys
owned by one, with 2 "main" networks. We have migrated across both networks
using 12 migration workstations loaded with ADMT 2.0, (4 windows 2000
workstations, 4 windows XP workstation, and 4 remote desktop connections to
servers with the ADMT tool installed). Now for the issue. One our
client's, with our company pc's and employee's located in the client's
facilities (multiple locations), our computers are on "their network". We
had much trouble with these pc's in the win nt domain, until a wins server
was setup to service their network. when we try to migrate these pc's, we
cannot connect to them. I believe that the network engineer's for our
client's company have to open ports to let connect for migrations. In some
cases i can ping the pc by name, in some cases not, but i can ping them by
ip address. I can't connect to these machines with the microsoft management
console, and we've fought to the point that we can now pc anywhere into pc's
at a few of the locations to service them. Since this project affects both
companies at such a scale, I think I may have some cooperation going on with
their engineers.
I vistited one of these sites last week to test some stuff, a worse case
scenario, the location has 2 subnets, say
162.xxx
157.xxx
I brought a pc with me that was already joined to the required active
directory and could log in with accounts from both child domains. I was
also able to join a pc at the location to the proper child domain, a user
could log in, and had all access required. I could not use the FQDN name
when I joined the pc to the domain, but used just he first part (ie. fqdn+
ourcompany.ad.company.com the other child domain is
yourcompany.ad.company.com, and migration workstations are located on this
domain)
The only change requested by the network engineers was the addition of dns
server in the search order (on the workstation)
The machines are all using the client's dhcp server to obtain ip addresses.
all options were set to automatic in tcp/ip configuration with the following
exceptions
under "Append these DNS suffixes" we have
theircompany.com
sistercompany.com
ourcompany.com
And under WINS addresses, in order of use:
162.50.19.1 (a nat'd address for our wins server)
Our instructions from the network engineers was to add DNS server addresses
172.160.100.1
172.160.101.1
162.50.19.2 (another nat'd address)
since the first two addresses we added already appeared under the DNS server
list when we do an ip config, i would think that the addition of a third
address may be pointless, unless we list it first? that's one theory i
have. the main theory was about having open ports on their network My
ability to test is somewhat limited, due to my access to the proper tools (i
feel like i've been thrown in front of a bus) but checking things out, i
could only find that my pc sends out a bunch of traffic out on port 445 to a
server on our network. I need to know how the server is talking to the
target workstation in the field, because the error message indicates
inability to connect (i can ping the pc from my workstation by name) but
all of the main communication seems to go from the server to the
workstation, and unfortunately, i cannot monitor it.
so to make a long story short, what ports should i request be opened for
network migration, or am i completely off base?
.
- Prev by Date: Re: AD design and flat AD network
- Next by Date: Re: Audit trail of AD Account
- Previous by thread: RPC error running DCPromo
- Next by thread: Updating Active Directory attributes account
- Index(es):
Relevant Pages
|
