SBS Server 2003 & Server 2003 communications
Hi,
We have a SBS Server 2003 on one customer site (Site A) which is the DC and is the fileserver for site A.
At another site (Site B) they have Server 2003 on the same domain and connected to the SBS Server via a Broadband VPN which is quite reliable. This server is only being used as a fileserver and for providing Norton AV updates.
On the rare occassion that the VPN has been down the users at Site B have still been able to get logged onto their accounts (All using XP) using cached profiles but when they have tried to get access to their files on the server its prompting them for a username and password. The server will grant them access if I enter in the Administrator username and password but no other.
I know the problem lies with the users having to authenticate with the DC across the VPN before the server will allow them access to the data files. Is there any way we can get users access to the files on the 2003 server without them having to be authenticate with the DC first?? Security is not really an issue in this case as its only a small business.
I have recreated their scenario in our office and attepted to see how promoting the 2003 server to a DC on the same domain would work out. I got a little confused as to whether I needed to install DNS on the 2003 server before or after installing AD or even at all as I was using the SBS 2003 DNS server.
I got the two sites setup in the AD Sites tool and everthing seemed nice enough, but when I went to the event viewer on the SBS server I was getting errors & warnings on directory service event ID's 1311, 1312 and 1865. They seem to state the server has problems contacting the 2003 server, strange, even though I was able to ping and access the server no problem. What is more confusing is the the AD seems to be replicating the users between the 2 servers!!
I hope somebody has some ideas, I would rather avoid promoting the 2003 server to a DC if possible, so if there is a workaround to my initial problem I would rather work with that, but failing that can someone tell me if I should be worried by the errors in the event log or can it be safely ignored (I get no error messages on the Server 2003)
Thanks in advance,
Gareth
We have a SBS Server 2003 on one customer site (Site A) which is the DC and is the fileserver for site A.
At another site (Site B) they have Server 2003 on the same domain and connected to the SBS Server via a Broadband VPN which is quite reliable. This server is only being used as a fileserver and for providing Norton AV updates.
On the rare occassion that the VPN has been down the users at Site B have still been able to get logged onto their accounts (All using XP) using cached profiles but when they have tried to get access to their files on the server its prompting them for a username and password. The server will grant them access if I enter in the Administrator username and password but no other.
I know the problem lies with the users having to authenticate with the DC across the VPN before the server will allow them access to the data files. Is there any way we can get users access to the files on the 2003 server without them having to be authenticate with the DC first?? Security is not really an issue in this case as its only a small business.
I have recreated their scenario in our office and attepted to see how promoting the 2003 server to a DC on the same domain would work out. I got a little confused as to whether I needed to install DNS on the 2003 server before or after installing AD or even at all as I was using the SBS 2003 DNS server.
I got the two sites setup in the AD Sites tool and everthing seemed nice enough, but when I went to the event viewer on the SBS server I was getting errors & warnings on directory service event ID's 1311, 1312 and 1865. They seem to state the server has problems contacting the 2003 server, strange, even though I was able to ping and access the server no problem. What is more confusing is the the AD seems to be replicating the users between the 2 servers!!
I hope somebody has some ideas, I would rather avoid promoting the 2003 server to a DC if possible, so if there is a workaround to my initial problem I would rather work with that, but failing that can someone tell me if I should be worried by the errors in the event log or can it be safely ignored (I get no error messages on the Server 2003)
Thanks in advance,
Gareth
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I'm now leaning towards the idea of the 2 domain controllers on the same domain as you recommended instead of a nasty hack that could come back and bite me!!
I was eventually able to resolve my issues getting the two servers to replicate with out the errors appearing in the event log that I was previously getting by reading nearly every post on Experts exchange about AD replication!!
Turned out when I was running DCDIAG on my SBSServer I was getting an error about ISMSERV service was not running, I mistook the first letter of the service for an 'L' instead of an 'I' which through me off a bit!!
Once I got that service enabled (SBS 2003 must disable it by default?) I had to run
IPCONFIG /FLUSHDNS
IPCONFIG /REGISTERDNS
NLTEST /DSREGDNS
This fixed the errors I was getting with the KCCEVENT tests. I also decided to install the DNS server on the 2nd DC as well, before doing DCPROMO.
I'm now going to revert back to the image of both test servers before I attempted to create the 2nd DC and see if I can do less stressfully this time!
Gareth
I was eventually able to resolve my issues getting the two servers to replicate with out the errors appearing in the event log that I was previously getting by reading nearly every post on Experts exchange about AD replication!!
Turned out when I was running DCDIAG on my SBSServer I was getting an error about ISMSERV service was not running, I mistook the first letter of the service for an 'L' instead of an 'I' which through me off a bit!!
Once I got that service enabled (SBS 2003 must disable it by default?) I had to run
IPCONFIG /FLUSHDNS
IPCONFIG /REGISTERDNS
NLTEST /DSREGDNS
This fixed the errors I was getting with the KCCEVENT tests. I also decided to install the DNS server on the 2nd DC as well, before doing DCPROMO.
I'm now going to revert back to the image of both test servers before I attempted to create the 2nd DC and see if I can do less stressfully this time!
Gareth
I've had a search round but can't find it again now I want it. Anyone else ever seen this?