Re: DCPromo RPC Error



Hi Dharmpuri

If you want that Your Dc work with multiple interfaces, you'll have to
configure it with the appropriate routes (normally persistent) or/and
configuring the Hosts file. The key is that the clients can reach to the
appropriate DC interface and all other existing DCs should get to each DC
interface so that replication doesn't fail (ADSS should be configured with
the appropriate subnets as well). This can be time consuming and unnecessary
work, you see, security should be handled by FW and IDS, etc... Not by DCs,
what you're trying to do IMO is to complicate simple things, please re-think
your design again and you'll see that everything has its job in the network
world, and security should be handled by dedicated devices/software that
were built for that purpose.


--

===================================
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MCSE, MVP Directory Services
===================================

"Dharmpuri" <Dharmpuri@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:9D756AC7-A42D-4024-B081-20AE331C5BDD@xxxxxxxxxxxxxxxx
Hello Austin
I want to keep the internal network separate from the external for
security.
Regards
Dharmpuri

"Austin Osuide" wrote:

Hi Drampuri,
Apologies for the delayed response
This problem is complicated by the fact you have multi-homed DC's.
What's the technical reason for this?

Regards,

Austin

"Dharmpuri" <Dharmpuri@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A6842A34-A4FF-4DB1-A6B8-618129F51BF7@xxxxxxxxxxxxxxxx
Hi Emmanual,
Yes, sorry I forgot to put that in my post.
Sydney internal is 192.168.0.x and external is 192.168.1.x
Melbourne internal is also 192.168.0.x and external is 192.168.2.x
I have Melbourne and Sydney sites in AD Sites and Services and the
Melbourne
server appeared in the Servers folder under the Melbourne site after
running
dcpromo. Subnets are also defined.
I still don't know what's up?!
Thanks
Dharmpuri

"Emmanuel Antony" wrote:

Hi,

Do you have separate subnet for melbourne?
If your melbourne server's Ip address falls in the same subnet of
sydney's.Then no issues.
If not then either create a separate subnet and associate with the
respective site or create a new site for melbourne and associate the
newly
created subnet.
Also follow the steps mentioned in the KB article 272294 to avoid
failure
of
replication.
--
Emmanuel Antony


"Dharmpuri" wrote:

Hello, I have two Win2K3R2x86 servers. One is in Sydney and one in
Melbourne.
The Sydney server is the DC and I would like to make the Melbourne
server an
additional DC for the existing domain. The Melbourne server is
connected to
Sydney via VPN routers (Draytek) on ADSL internet connections. Both
machines
are multihomed - one interface for internal and one external.

When I run dcpromo the AD installation wizard goes so far and then
fails
with this message -

The operation failed because:
Active Directory could not create the NTDS Settings object for this
domain
controller CN=NTDS Settings, CN=Sydney, CN=Servers, CN=Melbourne,
CN=Sites,
CN=Configuration, DC=xxx, DC=yyy, DC=zz on the remote domain
controller
sydney.xxx.yyy.zz. Ensure the provided network credentials have
sufficient
permissions.
"The RPC server is unavailable."

I used the Administrator credentials and I have no problems using
remote
desktop or browsing shares on the Sydney server through the VPN.
The Melbourne server joined the domain okay as a result of running
dcpromo
and the server was added to AD Sites (as a server) and Services, and
AD
Users
and Computers (as a Computer).
Needless to say RPC Server is running on both machines.
DNS on the Melbourne machine points to Sydney okay and visa versa.
I turned the firewall off in Routing and Remote Access for the
external
interfaces.
I tried reducing the MTU on the network interfaces that connect to
the
routers but the same problem still occurred.
I am at my wits end and would appreciate any advice.
Thanks
Dharmpuri



.



Relevant Pages

  • Re: DCPromo RPC Error
    ... > Melbourne internal is also 192.168.0.x and external is 192.168.2.x ... > I have Melbourne and Sydney sites in AD Sites and Services and the ... >> Do you have separate subnet for melbourne? ... >>> The Sydney server is the DC and I would like to make the Melbourne ...
    (microsoft.public.windows.server.active_directory)
  • Re: DCPromo RPC Error
    ... I have Melbourne and Sydney sites in AD Sites and Services and the Melbourne ... server appeared in the Servers folder under the Melbourne site after running ... Do you have separate subnet for melbourne? ...
    (microsoft.public.windows.server.active_directory)
  • Re: DCPromo RPC Error
    ... Melbourne internal is also 192.168.0.x and external is 192.168.2.x ... I have Melbourne and Sydney sites in AD Sites and Services and the ... The Sydney server is the DC and I would like to make the Melbourne ... Sydney via VPN routers on ADSL internet connections. ...
    (microsoft.public.windows.server.active_directory)
  • RE: DCPromo RPC Error
    ... I have Melbourne and Sydney sites in AD Sites and Services and the Melbourne ... server appeared in the Servers folder under the Melbourne site after running ... Sydney via VPN routers on ADSL internet connections. ...
    (microsoft.public.windows.server.active_directory)
  • Re: DCPromo RPC Error
    ... Melbourne internal is also 192.168.0.x and external is 192.168.2.x ... The Sydney server is the DC and I would like to make the Melbourne ... Sydney via VPN routers on ADSL internet connections. ... Ensure the provided network credentials have ...
    (microsoft.public.windows.server.active_directory)