Re: Add a new DC to a new branch
- From: Manoj <Manoj@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 18 May 2006 13:11:03 -0700
As I said I do not get any option to select OS on booting nor F8 works...I
disconnected the network cable and restarted and
wow it did finally come up. My DNS service on this could not be started and
the zones were not loaded. When I restarted this
after connecting the network cable... again same error about "At least one
service not started.... " and then it hangs at
"Preparing Network connections"
I am ready to build this from scratch and want to make sure the steps I
follow are correct. Here is my current config
Main Site 1 has 1 DC - 198.168.1.100, running Windows 2003 SP1, network
192.168.1.0
domain functional level is Windows 2000 mixed
forest functional level is Windows 2000.
DC is also the DNS server
A Cisco router serves as DHCP server
Site 2 will have new DC running 2003 server - 192.168.2.100, netowrk
192.168.2.0 and Cisco router
Please confirm or add to any of the following steps.
1) At main site 1, connect a new server, install Windows 2003, update to SP1.
2) Join this server to domain and DCPROMO to make it a DC, also installing
DNS server.
3) Verify the replication of Active Directory and DNS Zones. Any more tests
to verify if there are any problems or not.
4) Before disconnecting the new DC from this network
Prepare a domain controller for nonauthoritative SYSVOL restart as per
http://technet2.microsoft.com/WindowsServer/en/Library/58e20fae-0a9a-4563-bed8-5a8e570432d71033.mspx?mfr=true
5) Enable strict replication consistency as per
http://technet2.microsoft.com/WindowsServer/en/Library/9c7c4da8-ddaa-4b13-967a-74578773d1a91033.mspx?mfr=true
6) Verify successful replication to a domain controller as per
http://technet2.microsoft.com/WindowsServer/en/Library/9c7c4da8-ddaa-4b13-967a-74578773d1a91033.mspx?mfr=true
7) Change the IP address of this new server to 192.168.2.100 for new site 2.
and select Preferred DNS server as
the PDC 192.168.1.100 from site 1
8) Shut down the new server
9) In AD Sites and Sevices, create a new site and site link and move the new
server to Site 2.
10 Connect the new server to Site 2 and restart it.
11) It is here I face some questions. The DNS zones on both DCs have old
Host (A) records of this new server, e.g.
192.168.1.120. Am I suppose to change this manually to 192.168.2.100. What
about all other NS, CNAME and SRV records. How
does the IP address of this new server get updated in these records. Do I
change it manually ?
12) Should this new server at site 2 point to itself for DNS server or leave
it to PDC - 192.168.1.100 from site 1 ?
13) Last time I did all these steps, I was able to ping the server from each
other. However there were replication errors and
the portqry TCP ports were filtered. I pretty much thought it should be my
Cisco router Access Control List that is blocking
it, but my Cisco support guy did not think so. He said all ports are open
and all traffic is being allowed through the VPN
tunnel. Any ideas as to how should I prove this Cisco guy that the RPC calls
are being blocked by router?
Last time, I did not do the step 4 and 5. Are they critical.
Thanks a lot for your help.
Manoj
"Jorge Silva" wrote:
First:.
Did you solved the problem about booting the server in Directory Services
Restore Mode?
Is the server ok now?
What happen on that server?
Second:
All tests to portqry.exe should return code 0x00000000
and TCP port XXX (service): LISTENING
if not then you must have some firewall bloking these ports.
--
I hop that helps
Good Luck
Jorge Silva
MCSA
Systems Administrator
"Manoj" <Manoj@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:BE42FEC0-9F64-433F-8645-B8D707DC2F76@xxxxxxxxxxxxxxxx
From my new member server at site 2, I ran PortQryUI. The preferred DNS on
this machine is pointing to PDC at site 1 - 192.168.1.100
Here are the results. It seem the ports are being filtered and there is no
repsonse. What does this suggest. How do I fix this. Thanks
=============================================
Starting portqry.exe -n 192.168.1.100 -e 135 -p TCP ...
Querying target system called:
192.168.1.100
Attempting to resolve IP address to a name...
Failed to resolve IP address to name
querying...
TCP port 135 (epmap service): FILTERED
portqry.exe -n 192.168.1.100 -e 135 -p TCP exits with return code
0x00000002.
=============================================
Starting portqry.exe -n 192.168.1.100 -e 389 -p BOTH ...
Querying target system called:
192.168.1.100
Attempting to resolve IP address to a name...
Failed to resolve IP address to name
querying...
TCP port 389 (ldap service): FILTERED
UDP port 389 (unknown service): LISTENING or FILTERED
Using ephemeral source port
Sending LDAP query to UDP port 389...
LDAP query to port 389 failed
Server did not respond to LDAP query
portqry.exe -n 192.168.1.100 -e 389 -p BOTH exits with return code
0x00000001.
=============================================
Starting portqry.exe -n 192.168.1.100 -e 636 -p TCP ...
Querying target system called:
192.168.1.100
Attempting to resolve IP address to a name...
Failed to resolve IP address to name
querying...
TCP port 636 (ldaps service): FILTERED
portqry.exe -n 192.168.1.100 -e 636 -p TCP exits with return code
0x00000002.
=============================================
Starting portqry.exe -n 192.168.1.100 -e 3268 -p TCP ...
Querying target system called:
192.168.1.100
Attempting to resolve IP address to a name...
Failed to resolve IP address to name
querying...
TCP port 3268 (unknown service): FILTERED
portqry.exe -n 192.168.1.100 -e 3268 -p TCP exits with return code
0x00000002.
=============================================
Starting portqry.exe -n 192.168.1.100 -e 3269 -p TCP ...
Querying target system called:
192.168.1.100
Attempting to resolve IP address to a name...
Failed to resolve IP address to name
querying...
TCP port 3269 (unknown service): FILTERED
portqry.exe -n 192.168.1.100 -e 3269 -p TCP exits with return code
0x00000002.
=============================================
Starting portqry.exe -n 192.168.1.100 -e 53 -p BOTH ...
Querying target system called:
192.168.1.100
Attempting to resolve IP address to a name...
Failed to resolve IP address to name
querying...
TCP port 53 (domain service): FILTERED
UDP port 53 (domain service): LISTENING or FILTERED
Sending DNS query to UDP port 53...
DNS query timed out
portqry.exe -n 192.168.1.100 -e 53 -p BOTH exits with return code
0x00000002.
=============================================
Starting portqry.exe -n 192.168.1.100 -e 88 -p BOTH ...
Querying target system called:
192.168.1.100
Attempting to resolve IP address to a name...
Failed to resolve IP address to name
querying...
TCP port 88 (kerberos service): FILTERED
UDP port 88 (kerberos service): LISTENING or FILTERED
portqry.exe -n 192.168.1.100 -e 88 -p BOTH exits with return code
0x00000002.
=============================================
Starting portqry.exe -n 192.168.1.100 -e 445 -p TCP ...
Querying target system called:
192.168.1.100
Attempting to resolve IP address to a name...
Failed to resolve IP address to name
querying...
TCP port 445 (microsoft-ds service): FILTERED
portqry.exe -n 192.168.1.100 -e 445 -p TCP exits with return code
0x00000002.
=============================================
Starting portqry.exe -n 192.168.1.100 -e 137 -p UDP ...
Querying target system called:
192.168.1.100
Attempting to resolve IP address to a name...
Failed to resolve IP address to name
querying...
UDP port 137 (netbios-ns service): LISTENING or FILTERED
Using ephemeral source port
Attempting NETBIOS adapter status query to UDP port 137...
NETBIOS name for 192.168.1.100 not found (timeout)
Adapter status query failed.
UDP port: FILTERED
portqry.exe -n 192.168.1.100 -e 137 -p UDP exits with return code
0x00000001.
=============================================
Starting portqry.exe -n 192.168.1.100 -e 138 -p UDP ...
Querying target system called:
192.168.1.100
Attempting to resolve IP address to a name...
Failed to resolve IP address to name
querying...
UDP port 138 (netbios-dgm service): LISTENING or FILTERED
portqry.exe -n 192.168.1.100 -e 138 -p UDP exits with return code
0x00000002.
=============================================
Starting portqry.exe -n 192.168.1.100 -e 139 -p TCP ...
Querying target system called:
192.168.1.100
Attempting to resolve IP address to a name...
Failed to resolve IP address to name
querying...
TCP port 139 (netbios-ssn service): FILTERED
portqry.exe -n 192.168.1.100 -e 139 -p TCP exits with return code
0x00000002.
=============================================
Starting portqry.exe -n 192.168.1.100 -e 42 -p TCP ...
Querying target system called:
192.168.1.100
Attempting to resolve IP address to a name...
Failed to resolve IP address to name
querying...
TCP port 42 (nameserver service): FILTERED
portqry.exe -n 192.168.1.100 -e 42 -p TCP exits with return code
0x00000002.
"Jorge Silva" wrote:
to check for opened ports download
PortQryUI - User Interface for the PortQry Command Line Port Scanner
http://www.microsoft.com/downloads/details.aspx?FamilyID=8355e537-1ea6-4569-aabb-f248f4bd91d0&DisplayLang=en
--
I hop that helps
Good Luck
Jorge Silva
MCSA
Systems Administrator
- Follow-Ups:
- Re: Add a new DC to a new branch
- From: Jorge Silva
- Re: Add a new DC to a new branch
- References:
- Add a new DC to a new branch
- From: Manoj
- Re: Add a new DC to a new branch
- From: Jorge Silva
- Re: Add a new DC to a new branch
- From: Manoj
- Re: Add a new DC to a new branch
- From: Jorge Silva
- Re: Add a new DC to a new branch
- From: Manoj
- Re: Add a new DC to a new branch
- From: Jorge Silva
- Re: Add a new DC to a new branch
- From: Jorge Silva
- Re: Add a new DC to a new branch
- From: Manoj
- Re: Add a new DC to a new branch
- From: Jorge Silva
- Add a new DC to a new branch
- Prev by Date: Re: 2K AD and WINNS
- Next by Date: Re: Reboot Clients using Group Policy
- Previous by thread: Re: Add a new DC to a new branch
- Next by thread: Re: Add a new DC to a new branch
- Index(es):
Relevant Pages
|
Loading
