Advertisement

08.08.2007 at 06:32AM PDT, ID: 22749175
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
8.0

Active Directory Child Domain over VPN site link issue

Asked by he_who_dares in Virtual Private Networking (VPN), Active Directory

Tags: , , , ,

Hi,

One of our sites in Europe has just moved location and lost their leased line and are now working over a SDSL 20MB line using a Checkpoint VPN device.

Their domain is a child domain (AD 2000 mixed mode) and we are experiencing all kinds of latency problems now.

The ping response between their DC and the parent DC in london averages out at 30ms, infact all ping responses are good.

There are a few issues ive found already:

1) When i try and manage the child domain from ADUC on my machine in London it takes forever to connect to the domain and usually fails and tells me that the RPC timed out, so i have to VNC/RDP onto the domain controller in the VPN site inorder to admin the users there.

2) We have a ISA proxy server in London which all sites connect through to gain access to the Internet and whenever users in this VPN site try and connect now it takes quite a long time (few mins) and will then eventually popup with an authentication box (as though win authentication is screwed) and if they put their credentials in it seems to work. Ping response from the users machine to the proxy is 30ms.

3) Outlook on their machines is very slow (connects to an exchange server in london), to try and alleviate this i am now running cached mode & downloading headers only, which seems to have helped a bit, but can sometimes hang.


Im pretty sure this is all down to the fact they are now running over the public internet and obviously there are some dropped packets here and there.

I have done a dcdiag anf netdiag on the DC in the VPN site which is below:

- - - - - - -  - - - - - - - - - - - - - -  -- - - - - - - - - - - - - - - - - -

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\Administrator.NL-EU-PRIMUS>dcdiag

DC Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial non skippeable tests

   Testing server: Default-First-Site-Name\PRNLALW2DPR1
      Starting test: Connectivity
         ......................... PRNLALW2DPR1 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\PRNLALW2DPR1
      Starting test: Replications
         [PREULOW2DPR1] DsBind() failed with error 1727,
         The remote procedure call failed and did not execute..
         ......................... PRNLALW2DPR1 passed test Replications
      Starting test: NCSecDesc
         ......................... PRNLALW2DPR1 passed test NCSecDesc
      Starting test: NetLogons
         ......................... PRNLALW2DPR1 passed test NetLogons
      Starting test: Advertising
         ......................... PRNLALW2DPR1 passed test Advertising
      Starting test: KnowsOfRoleHolders
         Warning: PREULOW2DPR1 is the Schema Owner, but is not responding to DS
RPC Bind.
         Warning: PREULOW2DPR1 is the Domain Owner, but is not responding to DS
RPC Bind.
         ......................... PRNLALW2DPR1 failed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... PRNLALW2DPR1 passed test RidManager
      Starting test: MachineAccount
         ......................... PRNLALW2DPR1 passed test MachineAccount
      Starting test: Services
         ......................... PRNLALW2DPR1 passed test Services
      Starting test: ObjectsReplicated
         ......................... PRNLALW2DPR1 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... PRNLALW2DPR1 passed test frssysvol
      Starting test: kccevent
         An Warning Event occured.  EventID: 0x800004D0
            Time Generated: 08/08/2007   15:05:26
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC00004A4
            Time Generated: 08/08/2007   15:05:26
            (Event String could not be retrieved)
         ......................... PRNLALW2DPR1 failed test kccevent
      Starting test: systemlog
         ......................... PRNLALW2DPR1 passed test systemlog

   Running enterprise tests on : eu.primus
      Starting test: Intersite
         ......................... eu.primus passed test Intersite
      Starting test: FsmoCheck
         [PRSCGLW2DPR1] LDAP bind failed with error 1053,
         The service did not respond to the start or control request in a timely
 fashion..
         ......................... eu.primus passed test FsmoCheck

C:\Documents and Settings\Administrator.NL-EU-PRIMUS>

 - - - - - - - - -  - - -- - -  -- - - - - - - - -  - - - - - - - - - - - - - - - - - - -  -



Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\Administrator.NL-EU-PRIMUS>netdiag

.........................................

    Computer Name: PRNLALW2DPR1
    DNS Host Name: prnlalw2dpr1.nl.eu.primus
    System info : Windows 2000 Server (Build 2195)
    Processor : x86 Family 6 Model 11 Stepping 1, GenuineIntel
    List of installed hotfixes :
        KB329115
        KB823182
        KB823559
        KB824105
        KB824141
        KB824146
        KB825119
        KB826232
        KB828028
        KB828035
        KB828741
        KB828749
        KB830352
        KB835732
        KB837001
        KB839643
        KB839645
        KB840315
        KB841872
        KB841873
        KB842526
        Q147222
        Q828026


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : nl.eu.primus

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : prnlalw2dpr1
        IP Address . . . . . . . . : 172.18.5.10
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 172.18.5.1
        Primary WINS Server. . . . : 172.18.5.10
        Secondary WINS Server. . . : 172.18.5.11
        Dns Servers. . . . . . . . : 172.18.5.10
                                     172.18.5.11


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed

        WINS service test. . . . . : Passed


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{E58E8500-6619-48B3-B625-011C51E614B9}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '172.18.5.10'
 and other DCs also have some of the names registered.
    PASS - All the DNS entries for DC are registered on DNS server '172.18.5.11'
 and other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{E58E8500-6619-48B3-B625-011C51E614B9}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{E58E8500-6619-48B3-B625-011C51E614B9}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed
    [WARNING] Failed to query SPN registration on DC 'prnlalw2dpr2.nl.eu.primus'
.
    [WARNING] Failed to query SPN registration on DC 'prnlalw2dpr1.nl.eu.primus'
.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
    IPSec policy service is active, but no policy is assigned.


The command completed successfully

C:\Documents and Settings\Administrator.NL-EU-PRIMUS>


 - - - - - -  - - - - - - - - - - - - - - - -  - - - - - - - - - - -


Can anyone advise what we can do to try and improve the situation?

Thanks.Start Free Trial
[+][-]08.09.2007 at 08:00AM PDT, ID: 19662703

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: Virtual Private Networking (VPN), Active Directory
Tags: vpn, domain, active, directory, over
Sign Up Now!
Solution Provided By: sredmond
Participating Experts: 2
Solution Grade: A
 
 
[+][-]08.09.2007 at 02:26PM PDT, ID: 19666185

Assisted solutions are selected by the member who asked the question as a comment that contributed to their question's solution.

Start your 7-day free trial to view this Assisted Solution or ask the Experts your question.

 
[+][-]09.01.2007 at 07:16AM PDT, ID: 19813871

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
 
Loading Advertisement...
20081112-EE-VQP-42 / EE_QW_2_20070628