Re: Add a new DC to a new branch
- From: "Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx>
- Date: Wed, 17 May 2006 02:52:47 +0100
Hi
Inline
I have to add a new DC and move a few workstations to a new branch office.
I
am testing this in a lab by splitting our current internet connection to
get
a new public IP address that I am using for new branch environment.
I started with creating a site-to-site VPN via Cisco routers on each end.
Both the routers are able to ping each other and can ping
workstations/server, so the connectivity and VPN tunnel is working fine.
I installed Windows server 2003 on a new server, updated to SP1 and
promoted
it to a DC while it was in the same network as the main office. Now I have
2
DCs, one with IP 192.168.1.100 (current production) and other
192.168.1.115
(new for branch) and both seem to have replicated the AD and DNS just
fine.
The new server is an aditional DC for existent domain?
How many domains are and which domain was this DC placed?
Does the DC have Dns installed?
Does this DC have any Forward/Reverse Zone installed? Are this zones AD
integrated?
How is the DC dns properties configured (under NIC properties)?
I then created a new site, site link and subnet for new branch, which
replicated on the other server too.
Were this site link connects?
There are more ipsitelinks?
Are the IPSitelinks transitive (default)?
On my new server, I went to Active Directory sites and services, and then
I
moved this new server to new branch site. I changed the TCP/IP settings
and
changed its IP from 192.168.1.115 to 192.168.2.100 (for the branch office
network).
Did you created an Reverselookup zone for the 192.168.2.0?
Did you run netdiag /fix?
Did you already rebooted the server after ipchange?
Now when I take this new server and connect it to branch site (using the
new
public IP address I got for my branch environment), I am not able to
browse
any computer or server on main site from this DC at branch.
Assuming that you're talking about network places or browsing by
\\computername , you'll need Wins in both subnets replicating with each
other.
I see the event log has KCC errors
1566 - All domain controllers in the following site that can replicate the
directory partition over this transport are currently unavailable.
1311 - There is insufficient site connectivity information in Active
Directory Sites and Services for the KCC to create a spanning tree
replication topology. Or, one or more domain controllers with this
directory
partition are unable to replicate the directory partition information.
This
is probably due to inaccessible domain controllers.
User Action
Use Active Directory Sites and Services to perform one of the following
actions:
- Publish sufficient site connectivity information so that the KCC can
determine a route by which this directory partition can reach this site.
This
is the preferred option.
- Add a Connection object to a domain controller that contains the
directory
partition in this site from a domain controller that contains the same
directory partition in another site.
1865 - The Knowledge Consistency Checker (KCC) was unable to form a
complete
spanning tree network topology. As a result, the following list of sites
cannot be reached from the local site.
This error are related with bad Dns config / or / Bad/insufficient
configuration in Active directory sites and services.
When I use the nslookup tool at branch server, I get the following error
*** Can't Find server name for address 192.168.1.100 Timed out
I read about this and it indicated that there is a reverse lookup problem.
- Create Reverse lookup zones on both subnets.
- Make sure that every domain controller has its DNS properties under NIC
configuration pointing to itself. (If DC IP Address is 10.0.0.1 then Dns
should be 10.0.0.1).
- Make sure that every DNS server can resolve all domains in the forest.
(Use Forwarding, Stub Zones or Secondary Zones).
- Make sure that all clients Only uses the local(s) Dns Server.
How Domain Controllers Are Located in Windows
http://support.microsoft.com/kb/247811/
DNS Conditional Forwarding in Windows Server 2003
http://www.windowsnetworking.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_2003.html
DNS Stub Zones in Windows Server 2003
http://www.windowsnetworking.com/articles_tutorials/DNS_Stub_Zones.html
From the main office DC, I can browse the branch office DC, but not other
way around.
You can also check if any port is being blocked
Service overview and network port requirements for the Windows Server system
http://support.microsoft.com/default.aspx?scid=kb;en-us;832017
--
I hop that helps
Good Luck
Jorge Silva
MCSA
Systems Administrator
.
- Follow-Ups:
- Re: Add a new DC to a new branch
- From: Manoj
- Re: Add a new DC to a new branch
- References:
- Add a new DC to a new branch
- From: Manoj
- Add a new DC to a new branch
- Prev by Date: Re: problems with NET LOCALGROUP
- Next by Date: Re: Computer added to Domain fails to appear in Active Directory
- Previous by thread: Add a new DC to a new branch
- Next by thread: Re: Add a new DC to a new branch
- Index(es):
Relevant Pages
|
Loading
