+ Post New Thread
Page 3 of 3 FirstFirst 123
Results 31 to 44 of 44
Windows Server 2000/2003 Thread, Moving a DC to a new network in Technical; Hi All, At the moment we have one 2003 DC/DNS (holding the FSMO master roles) and a second DC/DNS running ...
  1. #31

    Join Date
    May 2011
    Location
    Jus North of London, close but not too close
    Posts
    772
    Thank Post
    175
    Thanked 57 Times in 55 Posts
    Rep Power
    35
    Hi All,
    At the moment we have one 2003 DC/DNS (holding the FSMO master roles) and a second DC/DNS running 2008 R2. From what I remember when I had them both set as Primary DNS servers (AD integrated) when browsing the 2003 DNS console it seemed to be missing some functionality. Is this possibly due to 2008 not communicating to 2003 properly, maybe some extra security blocking the comunication?

    Over summer I will be introducing another 2008 R2 as a DC/DNS and moving the roles accross and hopefully demoting the 2003 DC/DNS.

    I'll transfer this to a new post if need be ;-D
    Last edited by Davit2005; 10th May 2012 at 02:30 PM.

  2. #32

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    Traffic between DCs is very light on resources, so it won't be that. Does internet traffic go down the VPN link or does each site have it's own internet connection?

    Quote Originally Posted by otsiletirelo View Post
    if its a dc then it means after assigning it the ip address of the new building you have to join the existing computers to its domain.otherwise it wont work.
    Everything is all on the same domain, so this won't be the problem. DHCP server has also been configured correctly at both ends too. This keeps traffic needed to go over the link to a minimum, so it must be something else.

    What about users copying files from one site to the other?

  3. #33

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    Quote Originally Posted by Davit2005 View Post
    Hi All,
    At the moment we have one 2003 DC/DNS (holding the FSMO master roles) and a second DC/DNS running 2008 R2. From what I remember when I had them both set as Primary DNS servers (AD integrated) when browsing the 2003 DNS console it seemed to be missing some functionality. Is this possibly due to 2008 not communicating to 2003 properly, maybe some extra security blocking the comunication?

    Over summer I will be introducing another 2008 R2 as a DC/DNS and moving the roles accross and hopefully demoting the 2003 DC/DNS.

    I'll transfer this to a new post if need be ;-D
    Yep I would start a new thread. It sounds to me your servers are not replicating properly, that's all.

  4. Thanks to Michael from:

    Davit2005 (10th May 2012)

  5. #34

    Join Date
    Aug 2011
    Posts
    34
    Thank Post
    7
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Quote Originally Posted by Michael View Post
    Traffic between DCs is very light on resources, so it won't be that. Does internet traffic go down the VPN link or does each site have it's own internet connection?

    Everything is all on the same domain, so this won't be the problem. DHCP server has also been configured correctly at both ends too. This keeps traffic needed to go over the link to a minimum, so it must be something else.

    What about users copying files from one site to the other?
    Each site has it's own Internet connection, so I wouldn't expect it to be internet traffic. I'm absolutely convinced it's related to the DC at Site A in some way due to the fact that when I 'block' it from the network (Using a feature on the router) then the traffic over the VPN is basically non existent. The minute I 'allow' it back on to the network the traffic down the VPN tunnel increases dramatically and the connection at Site A becomes more or less unusable.

    It's all 1 way as well, so looking at the VPN from Site A's router shows all the data is being transmitted from Site A, whereas it's barely receiving anything from Site B.

    I just can't see what would be causing it... absolutely stumped.

    As I said, Wireshark shows the majority of the traffic to be SMB protocol, but there are other protocols that the DC is sending, like SPOOLSS and DCERPC.

  6. #35

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    When you allow Server A to connect, does its CPU use on Task Manager go up too?

  7. #36

    Join Date
    Aug 2011
    Posts
    34
    Thank Post
    7
    Thanked 1 Time in 1 Post
    Rep Power
    0
    There's no particularly noticeable increase in resource consumption at all on Server A - the CPU is sitting constantly around 5-10% as the server isn't used for too much these days. When the VPN was established there was no constant increase.

    By the way - thanks for your continued help with this!
    Last edited by DLAS; 10th May 2012 at 04:03 PM.

  8. #37

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    It's no problem, but I am just as curious as you are what's creating all this mysterious traffic!

  9. #38


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    8,900
    Thank Post
    226
    Thanked 2,676 Times in 1,973 Posts
    Rep Power
    787
    Quote Originally Posted by Michael View Post
    It should also be mentioned, when you configure a static IP on both servers, it should always point to itself first.
    I thought that recommendation had changed with newer Microsoft server OSs?

    Under 2003 it used to be, set the primary to itself and then set the secondary and tertiary to be two other DC's, usually the same for all others.

    In our last couple ADRAP's the best practice has changed to set the primary and secondary DNS to be the same servers for everyone, and then set the tertiary DNS server to be the local DC's IP or 127.0.0.1 (we use 127.0.0.1, but that will cause dcdiag.exe to report failures when it does DNS tests, even though DNS functionally will work fine in this config) - so essentially the reverse of the 2003 best practices.

    By no means is that a hard and fast rule, but if you have a large number of DC's in your environment (like we do) it does ensure DC SRV records are always updated on the same server which minimizes replication conflicts. Keeping localhost or the local IP as the third entry ensures DNS stays functional in the event network connectivity to the primary and secondary DC's is lost. (Source)

  10. #39

    Join Date
    Aug 2011
    Posts
    34
    Thank Post
    7
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Now we're well after hours I've been in a position where rather than removing the server from the network, I've been able to remove all the clients from Site B.

    Without any clients at Site B the VPN is also very low on badnwidth usage, and the connection at Site A works perfectly.

    So it's definitely some communication from Server A to Site B client PC's because the problem goes away when either -

    *Server A is removed from the network* or *all clients are removed from the network*

    I suppose this test at least rules out any communication issues between Server A and other networking equipment - routers, switches etc...

    Now just to figure out exactly what it's sending to the client machines via VPN... I'm going to do a pretty lengthy mid-day packet capture from the server tomorrow to get a better idea of what is being communicated. Hopefully that will help.

  11. #40

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    The problem I see (if you set it that way) is if a DNS server becomes offline, you're quickly going to get errors and potentially users unable to logon.

    Setting a DC to itself first, then any secondary DC means that servers can potentially work separately for days (for example) until you restored the link.

    I've had it happen where a link between two 2008 DCs have gone down and it created no problems. The servers continued to serve requests so I know how I set things up works

  12. #41

    Join Date
    Aug 2011
    Posts
    34
    Thank Post
    7
    Thanked 1 Time in 1 Post
    Rep Power
    0
    It's no problem, but I am just as curious as you are what's creating all this mysterious traffic!


    It was WSUS!

  13. #42

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    Quote Originally Posted by DLAS View Post


    It was WSUS!
    Great find, I never thought of that at all. It should be simple enough to fix so certain clients talk to the right WSUS server.

    The easiest way would be to use Server A as the parent, so it feeds updates to Server B once (overnight) and this should help with bandwidth.

  14. #43

    Join Date
    Aug 2011
    Posts
    34
    Thank Post
    7
    Thanked 1 Time in 1 Post
    Rep Power
    0
    That's pretty much what we've done. Cheers!

    Everything is ticking along nicely now on the domain.

  15. #44

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    Good job

SHARE:
+ Post New Thread
Page 3 of 3 FirstFirst 123

Similar Threads

  1. [SIMS] Moving Discover & SOLUS3 to a new server
    By Rawns in forum MIS Systems
    Replies: 2
    Last Post: 15th January 2012, 08:16 PM
  2. Moving exchange mailboxes to a new server on 2 domains
    By darrenmcginnis in forum Internet Related/Filtering/Firewall
    Replies: 0
    Last Post: 17th April 2011, 09:31 PM
  3. Moving SIMS\FMS to a new server
    By matt40k in forum MIS Systems
    Replies: 2
    Last Post: 22nd August 2008, 07:58 PM
  4. Replies: 2
    Last Post: 2nd April 2008, 01:44 PM
  5. Moving Mcafee EPO to a new server
    By manick in forum Network and Classroom Management
    Replies: 2
    Last Post: 5th April 2007, 11:26 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •