• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 146
  • Last Modified:

Adding second Domain Controller to Windows 2000 domain for replication, redundancy - PART 2

This is in reference to the original question here (please read this first!):
http://www.experts-exchange.com/Networking/Microsoft_Network/Q_21338371.html

OK, seems to be a bit of a problem that has come up:

Since we do not have the new branch open yet, we have simulated a default gateway for the new 192.168.2.X network using our firewall to redirect traffic. I have put the new DC on the .2.X network with the simulated gateway address and such on it. With all that, it seems I am able to communicate with the old DC, but cannot browse to any other computer on our 192.168.1.X network (also, from my workstation on the 192.168.1.X network I am able to successfully browse to the new DC on the 192.168.2.X network and see it's shares, but the new DC cannot browse to my machine and see my shares). Furthermore, it seems that replication between DC's is one-way at this point - the new DC has successfully replicated info from the old DC, but the old DC seems to not be picking up any changes to AD (for example, Sites and Services) from the new DC. So the new DC seems to be able to pick up the changes from the old DC, but not the other way around.

A big example of this, as mentioned above, is in AD Sites and Services. On the new DC, I had created the new site, the new subnet, and moved the new DC server object to the new site. There is a site link between the sites, and everything seems to be setup correctly there. However, I just noticed today that the old DC reflects none of those changes in AD Sites and Services. Hence, it seems to not be pull-replicating correctly with the new DC.

Am I missing something here? Let me know if I can provide any other information.

Thanks!
0
electech98
Asked:
electech98
  • 4
  • 4
  • 3
  • +1
1 Solution
 
Steve McCarthy, MCSE, MCSA, MCP x8, Network+, i-Net+, A+, CIWA, CCNA, FDLE FCIC, HIPAA Security OfficerIT Consultant, Network Engineer, Windows Network Administrator, VMware AdministratorCommented:
Use the KISS method.  If the other site is not up yet, don't configure it in sites and services and don't give yourself a headache with simulated Gateways.  Backup and put the DC on the existing subnet, and leave both of them in the existing site of the first DC.  IMHO, you are overcomplicating yourself.

With both DC's on the Same subnet, pointing to the same Gateway and both pointing to DC #1 for DNS.  Life should be good all around.  Replication should work.  If you use WINs, point them appropriately.

Now, when you are ready to move it to that remote site.  Just do it!  Put the new IP address on it there and then have DNS point to itself and WINS should do that too.  All the Clients at that site should be pointing to that new DC as their DNS and WINS.  Go into Sites and Services then and put the new DC in the second site and associate the appropriate Subnet with it.

I assume you will have hardware VPN tunnels to allow the DC's to talk.

This works extremely well and is the way I rolled out the whole city.  Once you have the DC in the remote location, everything will update itself.
0
 
electech98Author Commented:
I should have thought to include this information when I first posted:

Even when the new DC was on the 192.168.1.X network, and the new DC server object was in the same site as the old DC, AD Sites and Services did not seem to replicate from the new DC to the old DC. I created the new site and new subnet in ADS&S on the new DC while the new DC was still on the 192.168.1.X network, but the old DC did not have that information when I opened up ADS&S on it.
0
 
Fatal_ExceptionCommented:
Did you give it time to replicate to the other DC when it was in the original subnet?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
electech98Author Commented:
yes...more than two day's time should be more than enough time for them to replicate.
0
 
Fatal_ExceptionCommented:
Although much of this article will not apply to you in your scenario, it may provide something useful since you are running through a firewall..

http://www.microsoft.com/serviceproviders/columns/config_ipsec_P63623.asp
0
 
electech98Author Commented:
Thanks for the suggestion, though we are not actually running anything *through* the firewall...we just have 192.168.2.2 set up as another interface on the firewall in order to act as a gateway for the network for the time being. It is sort of "redirecting" traffic rather than actually having traffic pass through it.
0
 
Fatal_ExceptionCommented:
What kind of device are you using for your routing?  (Cisco, etc?)  So, as I understand it right now, routing is only a one way street?  Are you running any routing protocols on this device such as RIP?  or are your routes static?  Can you even ping from the new DC to your .1 subnet?
0
 
Steve McCarthy, MCSE, MCSA, MCP x8, Network+, i-Net+, A+, CIWA, CCNA, FDLE FCIC, HIPAA Security OfficerIT Consultant, Network Engineer, Windows Network Administrator, VMware AdministratorCommented:
OK, here is my suggestion..........  Take a step backwards and lets simplifiy your setup.  Both DC's in the same site and under the same subnet.  Go into DNS and remove any entries for the DC that point it anywhere but on the same subnet.  Point DNS on the new DC to the old DC.  Now, both on the same subnet, DNS is the same, DNS has no rogue entires, now look at replication and force if need be.  If it is working now, then wait until you go to the other building to change anything as I suggested above.

If it is not working, then fix it here.  Overcomplicating your setup will only overcomplicate your troubleshooting.  If your replication does not work, run DCDiag and NetDiag and find and fix the problem in this simplified environment.
0
 
Fatal_ExceptionCommented:
Completely agree with Sam here!  Need to take any subnetting and routing issues out of the equation!
0
 
crissandCommented:
Verify the fsmo roles. The replication must work thru simulated network (I don't call it is "simulated", it's a real configuration).
0
 
electech98Author Commented:
OK, configured the new DC to be on the same subnet as the old DC, and deleted any DNS entries that pointed the new DC to the 192.168.2.X subnet, and it seems that everything is replicating fine now. Has to be something in how the virtual gateway on the firewall is configured. I guess I'll have to wait until we actually put the branch in to see if things replicate fine with two different subnets.

Well, thanks for your help guys.
0
 
Steve McCarthy, MCSE, MCSA, MCP x8, Network+, i-Net+, A+, CIWA, CCNA, FDLE FCIC, HIPAA Security OfficerIT Consultant, Network Engineer, Windows Network Administrator, VMware AdministratorCommented:
Glad to be of assistance
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

  • 4
  • 4
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now