Re: Cannot join to domain over VPN
- From: "Herb Martin" <news@xxxxxxxxxxxxxx>
- Date: Sat, 23 Jun 2007 14:51:33 -0500
"maverick" <maverick@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:30173848-C803-46A3-B057-6AD18137F2FE@xxxxxxxxxxxxxxxx
DNS, Ping everything is fine...all boiled down to this...article
support.microsoft.com/kb/314825
First time in ages that I have heard of anyone having a problem with
a low MTU on intermediate routers.
What was the MTU?
(Decrease the -l VALUE until you reach the threshold.)
Who owns the router? Tracert and Pathping might help with this.
Track down that beast and see if you can get the owner of it to fix it.
Or get your ISP to route around this.
Now I can join to the domain...but the replication fails all the
time...its
not able to replicate the full domain.Many objects are missing..
The full replication cycle is always left unfinished.
You would have to change ALL of the machines that communicate
dirrectly over this path. At a minimum your VPN routers.
--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)
"Herb Martin" wrote:
"maverick" <maverick@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:FEF10069-EE57-4876-AAEF-60E38D806AB4@xxxxxxxxxxxxxxxx
Hi All,
I have 2 Sites which are connected by VPN.I tried to install a DC at
site2,
and this machie which needs to point its DNS to the DC in Site1 is
correct
and pings and resolves fine.When I try to join this machine to the
domain,
it doesnt do it and comes up with 'Semaphore timeout'.
If the VPN is unfiltered, and the DNS is correct, the only think left is
reliability and speed & delay (latency). If you get these right then it
is just like being on the same LAN.
You seem to have a message suggesting timing problems (but sometimes
those come from failures too.)
I had a word with the network guy who confimred that all ports are wide
open, so shouldnt be a port/firewall
problem(clean portquery)..Changing MTU size and stuff also proved
futile.What do i do to get this to work?
Can somebody shed some light please?
Do you have ONLY the DOMAIN's DNS servers set it in the "new DC to
be" IP configuration? You must NOT mix the ISP or any other DNS server
into that list, even as alternate.
Show us your unedited "IPConfig /all" from both DC1 and DC2.
Try pathping to see what sort of timing issue you might have.
Try NSLookup and make sure you are resolving DNS from the (current) DC.
--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)
.
- References:
- Re: Cannot join to domain over VPN
- From: Herb Martin
- Re: Cannot join to domain over VPN
- Prev by Date: ADFS logout problem continued
- Next by Date: Re: Security audit file shows users continually loggin on and off
- Previous by thread: Re: Cannot join to domain over VPN
- Next by thread: Re: Cannot join to domain over VPN
- Index(es):
Relevant Pages
|
