Solved

Windows Server 2003 DNS setup connecting 2 root servers via VPN

Posted on 2004-04-08
7
178 Views
Last Modified: 2010-03-18
Here is my unique situation.  I joined my 2003 server to an existing 2003 AD domain making it a DC in that AD domain.  The connection I used to join the domain is a VPN connection from my root server to the other root server.  Replication took place and everything looks fine from what I can tell.  I have the DNS, users, domain comtrollers, all that info.

When I try and add an additional server to the AD domain, MY root server is not responding and the domain says it is not available at this time.  Why isn't my root server acting like a root server for the AD domain if it replicated with the other root server and has the same setup?  Please help.  Thank You
0
Comment
Question by:George Coles
  • 3
7 Comments
 
LVL 9

Expert Comment

by:jamesreddy
ID: 10785671
What speed is your VPN connection?  If it is slower, and your network is setup to detect slow network links, you will need to disable that function for feature to work properly.
0
 
LVL 9

Expert Comment

by:jamesreddy
ID: 10785688
Oh...wait a minute...you mean why is the NEW root server not acting like a root server?  You may need to setup a  seperate site and also configure the second DC as a Global Catalog server.
0
 

Author Comment

by:George Coles
ID: 10786122
Thanks for your reply.  My root server is in a new site and I made it a GC.  When I try to login it is still telling me "The system cannot log you on now because the domain MYDOMAIN is not available".  Are you saying that I should add a second root server and make that a GC?  Thanks
0
 
LVL 9

Accepted Solution

by:
jamesreddy earned 500 total points
ID: 10787561
Let me try to clarify a couple things.  Maybe you can asnwer a few questions.

1.  Do BOTH sides of your network (both sides of the VPN) have a GC and a DNS server that is also an Active Directory controller?

2.  The error message you are getting, does that occur on both sides of the VPN or just the new one?

3.  Have you tried logging on as the Domain Administrator?

If you can log on as the domain administrator, but not as any other user, this is a classic symptom of not seeing a Global Catalog server as the GC is needed to authenticate everyone except Domain Administrators.

Try to take a little time and lay out your network for us.  I think at the moment, the details are sketchy.  Let's try this...does it resemble the following:


Original Network

     ADC (GC)-----------VPN----------------New ADC with GC and DNS
      / \                                                                /  \
    /     \                                                            /      \
Network A                                                      Network B



Do you have a GC in both network A and network B?  A DNS server?  And ADC (Active Directory Controller)?


Let's start there...

James


0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes you might need to configure routing based not only on destination IP address, but also on a combination of destination IP address (or hostname) and destination port number. I will describe a method how to accomplish this with free tools. …
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question