Re: Satellite Branch Office Woes
- From: "Ace Fekay [MVP]" <PleaseAskMe@xxxxxxxxxxxxxx>
- Date: Tue, 16 Jan 2007 23:38:40 -0500
In news:1F627FFA-3853-4815-A637-61DE9F5D1637@xxxxxxxxxxxxx,
Slandrum <Slandrum@xxxxxxxxxxxxxxxxxxxxxxxxx> stated, which I commented on
below:
Thanks for the replies all.
A bit more info:
The client machine has a hard-coded IP address that includes the DNS
entry for the central site. All AD DNS entries are correct and
available, and both the client subnet and the central subnet have
reverse lookup zones configured in the (AD-Integrated) DNS. All DNS
is internal, in all subnets, with forwarders configured on the
central DNS servers. Likewise, all SRV records are correct and
available, including GC and DC entries, etc.
I am uncertain what you mean by a 'single label" domain name, unless
you mean the use of only a single character for the name. If so, this
is not the case in my environment. The domain name is xxxxxxxx.com;
with eight characters, all text.
Putting a DC in the remote client subnet is a non-starter, as the
whole point of a "satellite branch office" is to provide Directory
and all other services from the central site, "eliminating the need
for costly server hardware in the remote site". According to
Microsoft, this is a perfectly viable solution, and one that I would
imagine is in use in literally thousands of businesses.
The section on the PPPoE is of immense help though, as it gives me
something to have the WAN guy check out. I'll do a bit more research
on this issue and will then let him know what I've found when we hook
up in Omaha this week. (Different install ;-) )
In the interim, I encourage additional replies from you folks, and
would be especially interested in hearing from anyone currently using
a "satellite branch office" setup in their production environments.
Regards,
Just as Danny mentions, we have numerous clients with remote sites. Some
sites have 10 users or less, but we have opted to place DCs in their
locations to eliminate some of the errors that you are currently
experiencing. Not to say that Microsoft is wrong to say go ahead and
design/implement such a scenario, because they are completey correct that it
will work, but then again, I would rather have an air conditioner in my car
and not just a heater. Sure, the minimum requirements will work, but keep in
mind that link speeds are important here too, and are stipulated when
designing GPOs to traverse a WAN, and basically for anything of worth
working in an AD domain scenario with remote offices, to be at least 500K.
Now let's say the line is exactly 512k, then we have to also take into
account there will be other traffic on the line as well, which will
effectively reduce the overall available bandwidth below the 500k
requirement. You can go ahead and look at some of the GPO settings that
dictate whether certain things work or will be provided by the link speeds
and you'll notice that they are all 500k by default. Anything less you will
be taking a chance.
So I go with Danny's T1 suggestion, unless of course you can put in a DC out
there, and create your Sites (I think you mentioned you have Sites
configured? If not, just remember that a Site requires a subnet object
asociated with it, and keep in mind that you do NOT create a site where a
physical subnet does NOT have a domain controller present. Sites are mainly
used to control logon and replication traffic between DCs. Sites can also be
used for other things, such as prionter location tracking, optimizing a DC
that a specific workstation will use, DFS, etc.
I also have customers using cable lines, as well as FIOS (the new Verizon
Fiber lines - FAST!!) with no problems, but I should say that we have this
one customer with cable where their link keeps dropping. We know it's the
cable company just by looking at the logs (you can see where it drops out
and the length of time it's down), but they keep denying it. Heck with them.
We're waiting for FIOS to be available in their location in thenext month or
two to switch them over.
As for the ADSL stuff, yes, it is problematic.
A single label name is "domain" instead of the minimal requirement of
'domain.com' or 'domain.something'.
The SPNEGO errors (EventID 40961) are usually caused by (99% of hte time) of
not having a reverse zone or a PTR entry for a DC to allow it to register
it's own SPN (service principal name), which it uses the reverse entry to do
so. If your reverse zones are correct and there are entries for all the DCs,
(provided that none of your DCs are multihomed - which can be a HUGE
problem), then I would look at WAN traffic being blocked or resolution
issues.
Here's some reading for you about branch offices:
Deploying and Designing Active Directory [DNS Design, Migration, Cert Auth,
Branch Offices, Exchange, ADC, Import-Export, etc]:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/deploy/default.mspx
Download details Windows Server 2003 Active Directory Branch Office Guide
v1.1:
http://www.microsoft.com/downloads/details.aspx?FamilyID=9353a4f6-a8a8-40bb-9fa7-3a95c9540112&displaylang=en
(2000 and 2003 are very similar except for better optimization in 2003).
Ace
.
- Follow-Ups:
- Re: Satellite Branch Office Woes
- From: Ace Fekay [MVP]
- Re: Satellite Branch Office Woes
- References:
- Satellite Branch Office Woes
- From: Slandrum
- Re: Satellite Branch Office Woes
- From: Ace Fekay [MVP]
- Re: Satellite Branch Office Woes
- From: Slandrum
- Satellite Branch Office Woes
- Prev by Date: Re: ADAM Proxy Bind re-direction - In reverse
- Next by Date: Re: Satellite Branch Office Woes
- Previous by thread: Re: Satellite Branch Office Woes
- Next by thread: Re: Satellite Branch Office Woes
- Index(es):
Relevant Pages
|
