Add a new DC to a new branch
- From: Manoj <Manoj@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 15 May 2006 08:17:01 -0700
I have to add a new DC and move a few workstations to a new branch office. I
am testing this in a lab by splitting our current internet connection to get
a new public IP address that I am using for new branch environment.
I started with creating a site-to-site VPN via Cisco routers on each end.
Both the routers are able to ping each other and can ping
workstations/server, so the connectivity and VPN tunnel is working fine.
I installed Windows server 2003 on a new server, updated to SP1 and promoted
it to a DC while it was in the same network as the main office. Now I have 2
DCs, one with IP 192.168.1.100 (current production) and other 192.168.1.115
(new for branch) and both seem to have replicated the AD and DNS just fine.
I then created a new site, site link and subnet for new branch, which
replicated on the other server too.
On my new server, I went to Active Directory sites and services, and then I
moved this new server to new branch site. I changed the TCP/IP settings and
changed its IP from 192.168.1.115 to 192.168.2.100 (for the branch office
network).
Now when I take this new server and connect it to branch site (using the new
public IP address I got for my branch environment), I am not able to browse
any computer or server on main site from this DC at branch.
I see the event log has KCC errors
1566 - All domain controllers in the following site that can replicate the
directory partition over this transport are currently unavailable.
1311 - There is insufficient site connectivity information in Active
Directory Sites and Services for the KCC to create a spanning tree
replication topology. Or, one or more domain controllers with this directory
partition are unable to replicate the directory partition information. This
is probably due to inaccessible domain controllers.
User Action
Use Active Directory Sites and Services to perform one of the following
actions:
- Publish sufficient site connectivity information so that the KCC can
determine a route by which this directory partition can reach this site. This
is the preferred option.
- Add a Connection object to a domain controller that contains the directory
partition in this site from a domain controller that contains the same
directory partition in another site.
1865 - The Knowledge Consistency Checker (KCC) was unable to form a complete
spanning tree network topology. As a result, the following list of sites
cannot be reached from the local site.
When I use the nslookup tool at branch server, I get the following error
*** Can't Find server name for address 192.168.1.100 Timed out
I read about this and it indicated that there is a reverse lookup problem.
From the main office DC, I can browse the branch office DC, but not otherway around.
Is the procedure I used above, the correct way to add a DC for new branch. I
was wondering, if the DCPROMO should be done once the server is shipped and
connected at branch, rather that when it is at main office network, like I
did. I tried to do that too, but from branch, I am not able to contact the
main office DC. I may be doing something totally wrong here.
Right now, my new server is in a broken down condition and I am ready to
start over from scratch. Please point me to some simple step by step
procedure to achieve this.
Thanks
Manoj
.
- Follow-Ups:
- Re: Add a new DC to a new branch
- From: Jorge Silva
- Re: Add a new DC to a new branch
- Prev by Date: Re: Broad question... NT4 to AD skills...?
- Next by Date: Re: Intermittent authentication lockout in server 2003
- Previous by thread: Re: Create first DC using Windows 2003 R2
- Next by thread: Re: Add a new DC to a new branch
- Index(es):
Relevant Pages
|
Loading
