electech98
asked on
Adding second Domain Controller to Windows 2000 domain for replication, redundancy - PART 2
This is in reference to the original question here (please read this first!):
https://www.experts-exchange.com/questions/21338371/Adding-second-Domain-Controller-to-Windows-2000-domain-for-replication-redundancy.html
OK, seems to be a bit of a problem that has come up:
Since we do not have the new branch open yet, we have simulated a default gateway for the new 192.168.2.X network using our firewall to redirect traffic. I have put the new DC on the .2.X network with the simulated gateway address and such on it. With all that, it seems I am able to communicate with the old DC, but cannot browse to any other computer on our 192.168.1.X network (also, from my workstation on the 192.168.1.X network I am able to successfully browse to the new DC on the 192.168.2.X network and see it's shares, but the new DC cannot browse to my machine and see my shares). Furthermore, it seems that replication between DC's is one-way at this point - the new DC has successfully replicated info from the old DC, but the old DC seems to not be picking up any changes to AD (for example, Sites and Services) from the new DC. So the new DC seems to be able to pick up the changes from the old DC, but not the other way around.
A big example of this, as mentioned above, is in AD Sites and Services. On the new DC, I had created the new site, the new subnet, and moved the new DC server object to the new site. There is a site link between the sites, and everything seems to be setup correctly there. However, I just noticed today that the old DC reflects none of those changes in AD Sites and Services. Hence, it seems to not be pull-replicating correctly with the new DC.
Am I missing something here? Let me know if I can provide any other information.
Thanks!
https://www.experts-exchange.com/questions/21338371/Adding-second-Domain-Controller-to-Windows-2000-domain-for-replication-redundancy.html
OK, seems to be a bit of a problem that has come up:
Since we do not have the new branch open yet, we have simulated a default gateway for the new 192.168.2.X network using our firewall to redirect traffic. I have put the new DC on the .2.X network with the simulated gateway address and such on it. With all that, it seems I am able to communicate with the old DC, but cannot browse to any other computer on our 192.168.1.X network (also, from my workstation on the 192.168.1.X network I am able to successfully browse to the new DC on the 192.168.2.X network and see it's shares, but the new DC cannot browse to my machine and see my shares). Furthermore, it seems that replication between DC's is one-way at this point - the new DC has successfully replicated info from the old DC, but the old DC seems to not be picking up any changes to AD (for example, Sites and Services) from the new DC. So the new DC seems to be able to pick up the changes from the old DC, but not the other way around.
A big example of this, as mentioned above, is in AD Sites and Services. On the new DC, I had created the new site, the new subnet, and moved the new DC server object to the new site. There is a site link between the sites, and everything seems to be setup correctly there. However, I just noticed today that the old DC reflects none of those changes in AD Sites and Services. Hence, it seems to not be pull-replicating correctly with the new DC.
Am I missing something here? Let me know if I can provide any other information.
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Did you give it time to replicate to the other DC when it was in the original subnet?
ASKER
yes...more than two day's time should be more than enough time for them to replicate.
Although much of this article will not apply to you in your scenario, it may provide something useful since you are running through a firewall..
http://www.microsoft.com/serviceproviders/columns/config_ipsec_P63623.asp
http://www.microsoft.com/serviceproviders/columns/config_ipsec_P63623.asp
ASKER
Thanks for the suggestion, though we are not actually running anything *through* the firewall...we just have 192.168.2.2 set up as another interface on the firewall in order to act as a gateway for the network for the time being. It is sort of "redirecting" traffic rather than actually having traffic pass through it.
What kind of device are you using for your routing? (Cisco, etc?) So, as I understand it right now, routing is only a one way street? Are you running any routing protocols on this device such as RIP? or are your routes static? Can you even ping from the new DC to your .1 subnet?
OK, here is my suggestion.......... Take a step backwards and lets simplifiy your setup. Both DC's in the same site and under the same subnet. Go into DNS and remove any entries for the DC that point it anywhere but on the same subnet. Point DNS on the new DC to the old DC. Now, both on the same subnet, DNS is the same, DNS has no rogue entires, now look at replication and force if need be. If it is working now, then wait until you go to the other building to change anything as I suggested above.
If it is not working, then fix it here. Overcomplicating your setup will only overcomplicate your troubleshooting. If your replication does not work, run DCDiag and NetDiag and find and fix the problem in this simplified environment.
If it is not working, then fix it here. Overcomplicating your setup will only overcomplicate your troubleshooting. If your replication does not work, run DCDiag and NetDiag and find and fix the problem in this simplified environment.
Completely agree with Sam here! Need to take any subnetting and routing issues out of the equation!
Verify the fsmo roles. The replication must work thru simulated network (I don't call it is "simulated", it's a real configuration).
ASKER
OK, configured the new DC to be on the same subnet as the old DC, and deleted any DNS entries that pointed the new DC to the 192.168.2.X subnet, and it seems that everything is replicating fine now. Has to be something in how the virtual gateway on the firewall is configured. I guess I'll have to wait until we actually put the branch in to see if things replicate fine with two different subnets.
Well, thanks for your help guys.
Well, thanks for your help guys.
ASKER
Even when the new DC was on the 192.168.1.X network, and the new DC server object was in the same site as the old DC, AD Sites and Services did not seem to replicate from the new DC to the old DC. I created the new site and new subnet in ADS&S on the new DC while the new DC was still on the 192.168.1.X network, but the old DC did not have that information when I opened up ADS&S on it.