Re: AD in Remote site not responding when VPN tunnel is down
- From: "Austin Osuide" <austin@xxxxxxxxxxx>
- Date: Thu, 1 Nov 2007 15:37:20 -0000
Hi Spaceman,
See: http://support.microsoft.com/kb/197132
Regards,
Austin
"spacemancw" <spacemancw@xxxxxxxxx> wrote in message news:1193930986.196239.253240@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Nov 1, 9:26 am, "Austin Osuide" <aus...@xxxxxxxxxxx> wrote:Hi,
Site to Site VPN links to connect DCs are not meant to be temporary
connections.
All DCs in a Domain or Forest depend on each other to some degree. Some of
your FSMO role holders are probably in your main site and you'll have all
kinds of problems if you shut down the VPN link.
Regards,
Austin"spacemancw" <spacema...@xxxxxxxxx> wrote in message
news:1193922905.418707.282210@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>I have a main site with AD, a few Global Catalogs, Cisco ASA to the
> internet.
> A remote site, with also a Cisco ASA to internet.
> I built a site to site VPN tunnel between the two ASAs.
> Then promoted two servers at the remote site to ADs, rAD01 and rAD02.
> With the tunnel in place they were able to find the domain and dcpromo
> worked successfully.
> DNS was installed on these two servers, and populated automatically
> Both were made Global Catalogs.
> A file server and some citrix servers were build and successfully
> joined to the domain.
> All servers have the TCP/IP DNS settings pointing to rAD01 as primary
> and mAD01 (main site) as secondary
> except for rAD02, which uses itself and then mAD01.
> When I break the tunnel I would expect the remote site to work using
> just the two local DCs
> However, everything freezes up. On all servers I try to go to Start >
> any program, and the screen just freezes on whatever selection I make.
> 5 - 10 minutes later, the screen responds and whatever window I was
> trying to open, opens.
> I try to logon to the servers as the domain admin and it takes up to
> 10 minutes.
> While I'm waiting for all these things to respond, I bring back the
> tunnel and everything springs into action, everything works.
> I don't know what it takes to make the remote servers look to the
> rAD01 first, rAD02 second and the main environment last. But it seems
> they are looking at the main site first.
> In Sites and Services replication is shown as follows
> rAD01
> From rAD02
> From mAD01 (main site)
> rAD02
> From rAD01
> So I need the AD environment on the remote site to work independently
> of production, with the tunnel down.
> any idea?- Hide quoted text -
- Show quoted text -
But with WindowNT PDC gone, Active Directory now shares DC
responsiblity across multiple DCs so that if one is unavailable, AD
still functions.
.
- References:
- AD in Remote site not responding when VPN tunnel is down
- From: spacemancw
- Re: AD in Remote site not responding when VPN tunnel is down
- From: Austin Osuide
- Re: AD in Remote site not responding when VPN tunnel is down
- From: spacemancw
- AD in Remote site not responding when VPN tunnel is down
- Prev by Date: Raise functional level: what might break?
- Next by Date: RE: Password Policy question
- Previous by thread: Re: AD in Remote site not responding when VPN tunnel is down
- Next by thread: Re: AD in Remote site not responding when VPN tunnel is down
- Index(es):
Relevant Pages
|
