Re: Replication Headache - Urgent please Assist!
- From: "Ace Fekay [Microsoft Certified Trainer]" <firstnamelastname@xxxxxxxxxxx>
- Date: Wed, 24 Dec 2008 14:30:59 -0500
For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
"Taz1972" <Taz1972@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:4936883D-FE52-42E2-9DAA-BBF7F7104C97@xxxxxxxxxxxxxxxx
Hi,<Snipped>
I recently added a subdomain in another site which will be on it’s own
subnet with initially a few people on it and currently just one server acting
as a DC.
I have configured everything in the following manner:
1.Manually created a delegation for the child domain on our root server DNS
server which resides on 172.x.x.x
2.Installed DNS on the child domain server
3.Created a child zone on the child domain server
4.Enabled dynamic updates
5.Promoted the child domain server using dcpromo
6.On the TCP/IP properties of the child domain server, changed the TCP/IP
address of the DNS server to point to its own TCP/IP address.
7.Integrating DNS with the Active Directory on the child DNS server.
8.Added the parent (root) DNS server as a forwarder on the child DNS server.
9.I also created secondary zones on each DNS server to point to each other.
10.Configured a site connection from Wallingford to Leidschendam using IP
and linked the appropriate subdomain subnet 192.168.x.x to this site.
But when replication is attempted it gives me the error RPC Server in not
available.
I can ping the child DC by IP but not hostname, but I can do both when I
attempt to ping the other way round to the root DNS server on the root domain
.local. It looks to be a DNS resolution issue but it’s kind of strange as
zone transfers do seem to be working.
Attached is a dcdiag report which may be of some help.
I must agree with Danny. If a child domain is not necessary, it is overhead. Usually a child domain would be required for a number of reasons, such as:
1. Administration is decentralized, therefore you would delegated FULL control of the whole domain at another location (such as a another country, or city), to their own administrators.
2. The remote location has their own password requirements.
3. Legal requirements.
4. WAN speed is less than 512KB (many GPO settings do not go across a link with speeds less than 500KB, and if under 128KB, would require an SMTP connector that requires different domains because of domain blob traffic not able to replicate across an SMTP connector).
Were any of the above a criteria for the intended design? If not, and you only have a handful of folks, you really didn't need a child DC or even a replica DC of the same domain. I would suggest to stay with one domain and eliminate the child for the reasons Danny stated. Also, usually if less than 10 users at a remote location, AD best practices state it is not required to place a replica DC because of the replication overhead compared to logon/authentication traffic users will create. Of course this can come down to personal reasons and you may want to place a replica. But as for the child, my experience indicates it is truly overkill, not required, and administrative overhead with access permissions to resources, DNS, etc.
Because you created an IP link, I am assuming the WAN link is beyond 500KB. As for your steps, I can see possibly why there are replication problems due to the order they were performed.
First you would have created the child DC while pointed to the head office DNS prior to anything else. Make sure replication is working. Then you would go through other steps, but must keep in mind replication scope of the zone. And creating a secondary would cause a dupe issue with the zone.
Using your numbered steps, I would have recommended the following sequence. My additions/comments are in parenthesis. Additions are with dashes (-):
5.Promoted the child domain server using dcpromo. (Make absolutely sure the zone data is dynamically registering into the parent's DNS as a subfolder
10.Configured a site connection from Wallingford to Leidschendam using IP and linked the appropriate subdomain subnet 192.168.x.x to this site.
2.Installed DNS on the child domain (DNS) server
8.Added the parent DNS server as a forwarder on the child DNS server.
3.Created a child zone on the child domain (DNS) server
7.Integrating DNS with the Active Directory on the child DNS server.
4.Enabled (Secured) dynamic updates
- On the child DC, run ipconfig /registerdns, then restart the netlogon service. Make sure the child domain SRV records get registered in the child domain's DC/DNS server.
6.On the TCP/IP properties of the child domain server, changed the TCP/IP address of the DNS server to point to its own TCP/IP address.
1.Manually created a delegation for the child domain on our root server DNS server which resides on 172.x.x.x. (Once delegated, the child zone subfolder on the parent domain's DC/DNS will gray out).
#9 was eliminated due to it being superflurous and will cause dupe zone problems. This may also be occuring since you've already done that, depending on how it was created. If all was working properly, AD would have removed it from DNS due to this reason. If not, I would suggest using ADSI Edit to insure there are no duplicate zones. I have a full procedure for this which I can post, if required.
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCT
Microsoft Certified Trainer
For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
.
- References:
- Replication Headache - Urgent please Assist!
- From: Taz1972
- Replication Headache - Urgent please Assist!
- Prev by Date: Re: Recovering From a USN Rollback
- Next by Date: Re: Recovering From a USN Rollback
- Previous by thread: Re: Replication Headache - Urgent please Assist!
- Index(es):
Relevant Pages
|
Loading
