Re: AD in Remote site not responding when VPN tunnel is down

Tech-Archive recommends: Speed Up your PC by fixing your registry

---

• From: spacemancw <spacemancw@xxxxxxxxx>
• Date: Thu, 01 Nov 2007 08:29:46 -0700

---

On Nov 1, 9:26 am, "Austin Osuide" <aus...@xxxxxxxxxxx> wrote:

Hi,
Site to Site VPN links to connect DCs are not meant to be temporary
connections.
All DCs in a Domain or Forest depend on each other to some degree. Some of
your FSMO role holders are probably in your main site and you'll have all
kinds of problems if you shut down the VPN link.

Regards,

Austin"spacemancw" <spacema...@xxxxxxxxx> wrote in message

news:1193922905.418707.282210@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

I have a main site with AD, a few Global Catalogs, Cisco ASA to the
internet.
A remote site, with also a Cisco ASA to internet.

I built a site to site VPN tunnel between the two ASAs.
Then promoted two servers at the remote site to ADs, rAD01 and rAD02.
With the tunnel in place they were able to find the domain and dcpromo
worked successfully.
DNS was installed on these two servers, and populated automatically
Both were made Global Catalogs.

A file server and some citrix servers were build and successfully
joined to the domain.

All servers have the TCP/IP DNS settings pointing to rAD01 as primary
and mAD01 (main site) as secondary
except for rAD02, which uses itself and then mAD01.

When I break the tunnel I would expect the remote site to work using
just the two local DCs

However, everything freezes up. On all servers I try to go to Start >
any program, and the screen just freezes on whatever selection I make.
5 - 10 minutes later, the screen responds and whatever window I was
trying to open, opens.

I try to logon to the servers as the domain admin and it takes up to
10 minutes.

While I'm waiting for all these things to respond, I bring back the
tunnel and everything springs into action, everything works.

I don't know what it takes to make the remote servers look to the
rAD01 first, rAD02 second and the main environment last. But it seems
they are looking at the main site first.

In Sites and Services replication is shown as follows
rAD01
From rAD02
From mAD01 (main site)

rAD02
From rAD01

So I need the AD environment on the remote site to work independently
of production, with the tunnel down.

any idea?- Hide quoted text -

- Show quoted text -

But with WindowNT PDC gone, Active Directory now shares DC
responsiblity across multiple DCs so that if one is unavailable, AD
still functions.

.

---

• Follow-Ups:
  • Re: AD in Remote site not responding when VPN tunnel is down
    • From: Austin Osuide

• References:
  • AD in Remote site not responding when VPN tunnel is down
    • From: spacemancw
  • Re: AD in Remote site not responding when VPN tunnel is down
    • From: Austin Osuide

• Prev by Date: Re: Issue Duplicating an existing DC
• Next by Date: Re: problems opening AD Users & Computers
• Previous by thread: Re: AD in Remote site not responding when VPN tunnel is down
• Next by thread: Re: AD in Remote site not responding when VPN tunnel is down
• Index(es):
  • Date
  • Thread

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.active_directory  > 2007-11