+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 44
Windows Server 2000/2003 Thread, Moving a DC to a new network in Technical; Originally Posted by DLAS Ah, in fact I have 1 more question: How do client computers decide which DC to ...
  1. #16

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    Quote Originally Posted by DLAS View Post
    Ah, in fact I have 1 more question:

    How do client computers decide which DC to authenticate to? Is it calculated in the least number of hops or something similar?

    I've just performed a clean install on an old server, joined it to the domain and promoted it to a DC (which all went smoothly). I just want to be sure it's all working as intended now.
    When you setup DHCP server (on both servers), you must enable Conflict Detection and set this to 1.

    In this example, Site A server is 192.168.1.1 and Site B server is 192.168.1.2.

    In the list of DNS servers in DHCP server for Site A, specify 192.168.1.1, 192.168.1.2 then any external DNS.

    For Site B specify 192.168.1.2, 192.168.1.1 then any external DNS.

  2. #17

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    It should also be mentioned, when you configure a static IP on both servers, it should always point to itself first. As above, copy the same method used in DHCP server.

    This means the servers can still 'talk' but in the event the link goes down, everything will continue working as normal. Typically users can still logon, but depending on where the shares are hosted, they may or may not be able to access these, but I hope you get the general idea

  3. Thanks to Michael from:

    DLAS (4th May 2012)

  4. #18

    Join Date
    Aug 2011
    Posts
    34
    Thank Post
    7
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Only just seen your further posts - thanks Michael.

    That's exactly how we've set it up and it works perfectly!

  5. #19

    Join Date
    Aug 2011
    Posts
    34
    Thank Post
    7
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Looks like I spoke too soon.

    If I take the VPN link between the buildings down then the new DC at Site B won't authenticate users. It seems to work fine for DNS though - if I used NSlookup with Site B set as the DNS server on a client then I can resolve both internal and external hostnames to an IP.

    If I try and RDP into the new DC at Site B when the VPN link is down then I get a

    "The system cannot log you on due to the following error: the specified domain does either not exist or could not be contacted"

    So at the minute users can only authenticate when the VPN link is up - should that be expected? When the link is up there's huge traffic going down the VPN from Site A that's slowing the connection at Site A. How much would you expect to be pushed down the VPN link with a physical DC at each site? It's almost like the DC at site A is still doing all the work.

    Any ideas?

    Thanks
    Last edited by DLAS; 8th May 2012 at 12:09 PM.

  6. #20

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    Server B's own static IP should be set to itself first, (in the DNS list) then to Server A's and then any external DNS as I mentioned here

  7. #21

    Join Date
    Aug 2011
    Posts
    34
    Thank Post
    7
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Hi Michael - that's exactly as we have it setup.

    Dcdiag has just thrown up some errors we can look into though with the netlogon share.

  8. #22

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    Re-enable the VPN link, then on Server B, open up Active Directory Sites and Services and make sure Global Catalog is ticked.

    Then open DNS in turn on both Server A and Server B and make sure Zone Transfers are enabled on both Forward and Reverse Lookup Zones.

    Make sure the servers are replicating, then attempt to take the link offline again.

  9. Thanks to Michael from:

    DLAS (9th May 2012)

  10. #23

    Join Date
    Aug 2011
    Posts
    34
    Thank Post
    7
    Thanked 1 Time in 1 Post
    Rep Power
    0
    I missed the global catalog setting, that's fixed it.

    Cheers again Michael.

  11. #24

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    You're welcome, glad it's all sorted! Happy days!

  12. #25

    Join Date
    Aug 2011
    Posts
    34
    Thank Post
    7
    Thanked 1 Time in 1 Post
    Rep Power
    0
    So, you're probably sick of me at this point but...

    What would cause the DC at Site A to put a huge amount of traffic down the VPN to site B?

    We've noticed that the performance at Site A is diminished due to the VPN stealing the bandwidth of the connection at that site. I'm certain it's the domain controller at Site A that's the problem because as soon as I block it from the network, then the VPN traffic is reduced to nearly nothing and the connection is back to performing perfectly. Then as soon as I re-allow the DC at Site A back to the network, it over taxes the VPN and cripples performance at that site.

    I've grabbed a Wireshark capture that I ran on the DC at site A but interpreting it is a different story. It seems there's alot of traffic being pushed out to a specific machine at Site B. This machine is just a normal client PC with nothing unusual about it...

    This one has me puzzled. Have you ever seen anything like that before?

    Thanks

  13. #26

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    Depends what you class as 'huge', but possibly roaming profiles, print jobs, internet traffic.

    I suppose you should investigate what the user on this PC is doing in Site B.

  14. #27

    Join Date
    May 2011
    Location
    Jus North of London, close but not too close
    Posts
    730
    Thank Post
    170
    Thanked 55 Times in 53 Posts
    Rep Power
    34
    On a related note, if you have 2 DC's, both Global Catalogs, DNS servers etc. does it cause problems if you have both DNS servers set as Primary and AD Integrated. And if you do should you have DC1/DNS LAN Primary DNS IP set to itself and secondary dns server IP set to the other DC/DNS and vice versa on the other DC/DNS.

    Both DC's are on the same site/LAN.

  15. #28

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    @Davit2005 - That's perfectly normal what you've described.

  16. #29

    Join Date
    Aug 2011
    Posts
    34
    Thank Post
    7
    Thanked 1 Time in 1 Post
    Rep Power
    0
    There shouldn't be any print jobs going through the VPN - each site has it's own print server.

    Site B has an OU in group policy that prevents the use of roaming profiles for now.

    Ideally the only sort of communication we want down the link (as you've said earlier) is between the Domain Controllers.

    As for the machine that was the destination for alot of traffic, there isn't anything odd about it or how it's being used at all. The majority of the traffic going down the link was from the Site A DC and was SMB protocol.
    Last edited by DLAS; 10th May 2012 at 02:13 PM.

  17. #30

    Join Date
    May 2012
    Location
    gaborone,botswana
    Posts
    3
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    if its a dc then it means after assigning it the ip address of the new building you have to join the existing computers to its domain.otherwise it wont work.

SHARE:
+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast

Similar Threads

  1. [SIMS] Moving Discover & SOLUS3 to a new server
    By Rawns in forum MIS Systems
    Replies: 2
    Last Post: 15th January 2012, 08:16 PM
  2. Moving exchange mailboxes to a new server on 2 domains
    By darrenmcginnis in forum Internet Related/Filtering/Firewall
    Replies: 0
    Last Post: 17th April 2011, 09:31 PM
  3. Moving SIMS\FMS to a new server
    By matt40k in forum MIS Systems
    Replies: 2
    Last Post: 22nd August 2008, 07:58 PM
  4. Replies: 2
    Last Post: 2nd April 2008, 01:44 PM
  5. Moving Mcafee EPO to a new server
    By manick in forum Network and Classroom Management
    Replies: 2
    Last Post: 5th April 2007, 11:26 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •