Re: DCPromo RPC Error
- From: "Austin Osuide" <austin@xxxxxxxxxxx>
- Date: Mon, 5 Nov 2007 12:15:00 -0000
Also,
If you are interested, an article on why multi-homing can be a bad idea on a DC:
http://www.microsoft.com/technet/technetmag/issues/2007/09/CableGuy/
Regards,
Austin
"Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx> wrote in message news:epodu65HIHA.5208@xxxxxxxxxxxxxxxxxxxxxxx
Hi Dharmpuri
If you want that Your Dc work with multiple interfaces, you'll have to configure it with the appropriate routes (normally persistent) or/and configuring the Hosts file. The key is that the clients can reach to the appropriate DC interface and all other existing DCs should get to each DC interface so that replication doesn't fail (ADSS should be configured with the appropriate subnets as well). This can be time consuming and unnecessary work, you see, security should be handled by FW and IDS, etc... Not by DCs, what you're trying to do IMO is to complicate simple things, please re-think your design again and you'll see that everything has its job in the network world, and security should be handled by dedicated devices/software that were built for that purpose.
--
===================================
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE, MVP Directory Services
===================================
"Dharmpuri" <Dharmpuri@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:9D756AC7-A42D-4024-B081-20AE331C5BDD@xxxxxxxxxxxxxxxxHello Austin
I want to keep the internal network separate from the external for security.
Regards
Dharmpuri
"Austin Osuide" wrote:
Hi Drampuri,
Apologies for the delayed response
This problem is complicated by the fact you have multi-homed DC's.
What's the technical reason for this?
Regards,
Austin
"Dharmpuri" <Dharmpuri@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A6842A34-A4FF-4DB1-A6B8-618129F51BF7@xxxxxxxxxxxxxxxx
> Hi Emmanual,
> Yes, sorry I forgot to put that in my post.
> Sydney internal is 192.168.0.x and external is 192.168.1.x
> Melbourne internal is also 192.168.0.x and external is 192.168.2.x
> I have Melbourne and Sydney sites in AD Sites and Services and the
> Melbourne
> server appeared in the Servers folder under the Melbourne site after
> running
> dcpromo. Subnets are also defined.
> I still don't know what's up?!
> Thanks
> Dharmpuri
>
> "Emmanuel Antony" wrote:
>
>> Hi,
>>
>> Do you have separate subnet for melbourne?
>> If your melbourne server's Ip address falls in the same subnet of
>> sydney's.Then no issues.
>> If not then either create a separate subnet and associate with the
>> respective site or create a new site for melbourne and associate the
>> newly
>> created subnet.
>> Also follow the steps mentioned in the KB article 272294 to avoid >> failure
>> of
>> replication.
>> -- >> Emmanuel Antony
>>
>>
>> "Dharmpuri" wrote:
>>
>> > Hello, I have two Win2K3R2x86 servers. One is in Sydney and one in
>> > Melbourne.
>> > The Sydney server is the DC and I would like to make the Melbourne
>> > server an
>> > additional DC for the existing domain. The Melbourne server is
>> > connected to
>> > Sydney via VPN routers (Draytek) on ADSL internet connections. Both
>> > machines
>> > are multihomed - one interface for internal and one external.
>> >
>> > When I run dcpromo the AD installation wizard goes so far and then
>> > fails
>> > with this message -
>> >
>> > The operation failed because:
>> > Active Directory could not create the NTDS Settings object for this
>> > domain
>> > controller CN=NTDS Settings, CN=Sydney, CN=Servers, CN=Melbourne,
>> > CN=Sites,
>> > CN=Configuration, DC=xxx, DC=yyy, DC=zz on the remote domain >> > controller
>> > sydney.xxx.yyy.zz. Ensure the provided network credentials have
>> > sufficient
>> > permissions.
>> > "The RPC server is unavailable."
>> >
>> > I used the Administrator credentials and I have no problems using
>> > remote
>> > desktop or browsing shares on the Sydney server through the VPN.
>> > The Melbourne server joined the domain okay as a result of running
>> > dcpromo
>> > and the server was added to AD Sites (as a server) and Services, >> > and AD
>> > Users
>> > and Computers (as a Computer).
>> > Needless to say RPC Server is running on both machines.
>> > DNS on the Melbourne machine points to Sydney okay and visa versa.
>> > I turned the firewall off in Routing and Remote Access for the >> > external
>> > interfaces.
>> > I tried reducing the MTU on the network interfaces that connect to >> > the
>> > routers but the same problem still occurred.
>> > I am at my wits end and would appreciate any advice.
>> > Thanks
>> > Dharmpuri
.
- References:
- RE: DCPromo RPC Error
- From: Dharmpuri
- Re: DCPromo RPC Error
- From: Austin Osuide
- Re: DCPromo RPC Error
- From: Dharmpuri
- Re: DCPromo RPC Error
- From: Jorge Silva
- RE: DCPromo RPC Error
- Prev by Date: Setting PDC to sync time to local NTP Server - HELP
- Next by Date: Re: Setting PDC to sync time to local NTP Server - HELP
- Previous by thread: Re: DCPromo RPC Error
- Next by thread: Re: problems opening AD Users & Computers
- Index(es):
Relevant Pages
|
