We help IT Professionals succeed at work.

W2K - MSMQ & ADS over a WAN

mangia asked
We are trying to implement an MSMQ solution for a client with the least disruption to the exsisting networks.  The two MSMQ servers will be connected via a WAN link (most likely, frame or fractional T-1) with NATing being done on one side of the connection.  We have found that Active Directory does not like the WAN link with NAT and seems to fail when trying to contact the other server.  My question is, Does ADS work over a WAN link with NAT involved?  

We are testing using one domain for the two boxes as well as two seperate domains.

We are still doing R&D for this project, but this fact has stopped us cold.  If we can get the two servers to be able to access the ADS stuff on each other, I think the MSMQ stuff will be easy.


Watch Question

This probably depends on the settings in NAT.
ADS requires that all servers can be reached through a name-IP resolution inside the DNS it's using, usually the Microsoft DDNS. With NAT, servers 'behind the NAT' are usually not visible through an address which is in the normal outside-world DNS. (Often all machines share one address...)
So you'd have to change the NAT and address scheme so that:
* The ADS server behind-the-firewall gets a special type of IP address
* This IP address gets NAT'ted in such a way that you can _predict_ the outside address, which should point solely to this machine. Use NAT rules for this; not certain whether Microsoft NAT can do but many 3rd party firewalls-with-NAT can.
* Include this outside address in the DDNS of the other LAN, probably manually.

That should do the job. No bug of MS, just a feature which you have to get to grips with...

Hope thiz helpz,

<Erik> - The Netherlandz



Thanks for the advice.  We stumbled upon this very fact in our lab.  Once the servers could resolve the other properly via DNS, we got our ADS connectivity.


Explore More ContentExplore courses, solutions, and other research materials related to this topic.