• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 775
  • Last Modified:

DNS Setup, 2 DC's in different subnets (500 Points)

We have two domain controllers, one in the 192.168.110.x subnet and the other in the 192.168.120.x subnet.

I need each the clients local to each DC to use it for DNS but the remote DC for fault tolerance. Also these DC's need to replicate active directory and may also has DFS running at some point.

Any advice on the correct method to make this setup possible would be greatly appreciated.

Regards

Guy_Adams
0
Guy_Adams
Asked:
Guy_Adams
  • 4
  • 2
  • 2
  • +1
2 Solutions
 
Jay_Jay70Commented:
Hi Guy_Adams,

at the moment can the DC's ping each other?? how has routing been setup?

Cheers!
0
 
Netman66Commented:
Are these DC in the same domain?

Run DHCP locally, then pass out the primary DNS as the local DC and the secondary DNS as the remote DC.  As long as you have a point-to-point connection between sites this should work.

You also need to setup Sites in AD Sites and Services.  The Default-first-site-name is the main site and can be renamed accordingly.  Create and associate the subnet for this site.  Create the remote site and the associated subnet for it.  Move the server for the remote site into the new remote site container in AD S&S.

This will make sure that clients only talk with their own DC.  It also helps replication.

0
 
Chris DentPowerShell DeveloperCommented:

Hi Guy,

You'll need two seperate DHCP Scopes to deal with the first part. You would simply configure the DHCP Scopes to give out the most appropriate DNS Server for the site (with the other sites as Secondary). Otherwise it will have to be statically configured on each client.

You can control which DC your clients log into by creating seperate Sites for your DCs in Active Directory Sites and Services. If you create a Subnet there as well you can assign a Subnet to a Site, that means any client in that Subnet will use the DC for that Site. E.g.:

AD Sites and Services
     |-- Sites
     |       |-- Site 1
     |       |        |-- Servers
     |       |                 |-- <DC for Site 1> (Subnet: 192.168.110.x /24)
     |       |-- Site 2
     |       |        |--Servers
     |       |                 |-- <DC for Site 2> (Subnet: 192.168.120.x /24)

DFS is controlled slightly seperately from that, but the same applies. Clients should pick a DFS replica in the site closest to them.

HTH

Chris
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
Chris DentPowerShell DeveloperCommented:

Ack, sorry... repeat of what Netman said... forgot the refresh thing.

Chris
0
 
Guy_AdamsAuthor Commented:
Well thank you all for your swift responses.

The servers can ping each other and Active Directory sites and services is setup and working accordingly.

DNS of each servers network adaptor points to itself as primary and I will now point to the remote DC for secondary.

One thing that is annoying; I'm getting the following errors on the global catalog,

Event Type:      Warning
Event Source:      NTDS KCC
Event Category:      Knowledge Consistency Checker
Event ID:      1865
Date:            19/04/2006
Time:            15:21:50
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      MYSERVER
Description:
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.
 
Sites:
CN=BRANCH2,CN=Sites,CN=Configuration,DC=mydomain,DC=local


Event Type:      Error
Event Source:      NTDS KCC
Event Category:      Knowledge Consistency Checker
Event ID:      1311
Date:            19/04/2006
Time:            15:21:50
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      MYSERVER
Description:
The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
 
Directory partition:
CN=Configuration,DC=mydomain,DC=local
 
There is insufficient site connectivity information in Active Directory Sites and Services for the KCC to create a spanning tree replication topology. Or, one or more domain controllers with this directory partition are unable to replicate the directory partition information. This is probably due to inaccessible domain controllers.
 
User Action
Use Active Directory Sites and Services to perform one of the following actions:
- Publish sufficient site connectivity information so that the KCC can determine a route by which this directory partition can reach this site. This is the preferred option.
- Add a Connection object to a domain controller that contains the directory partition in this site from a domain controller that contains the same directory partition in another site.
 
If neither of the Active Directory Sites and Services tasks correct this condition, see previous events logged by the KCC that identify the inaccessible domain controllers.


Event Type:      Error
Event Source:      NTDS KCC
Event Category:      Knowledge Consistency Checker
Event ID:      1312
Date:            19/04/2006
Time:            15:21:50
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      MYSERVER
Description:
A call to the Intersite Messaging service that specifies the following transport failed.
 
Transport:
CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=mydomain,DC=local
 
As a result, the Knowledge Consistency Checker (KCC) cannot configure a correct intersite replication topology.
 
User Action
Verify that the Intersite Messaging service is running.
 
Additional Data
Error value:
1722 The RPC server is unavailable.


Ive changed the transport method of replication from IP to RPC but still the errors occur.

Whats even more confusing, if I disable a user account it replicates perfectly?

You have all helped with the DNS worry, and so I will split the points between netman66 - 350 and chris-dent - 150.

If you would like me to ask a new question on the above then please tell me.

Regards

Guy_Adams
0
 
Guy_AdamsAuthor Commented:
Sorry forgot to mention, on the new DC there are no replication errors and all changes are replicated perfectly.

Also yes all the DC's are on the same domain.

Regards

Guy_Adams
0
 
Netman66Commented:
Do these servers have 2 NICs?  If so, where is each NIC connected?

If one is internal to the LAN and one is external, then you need to make sure the following are true:

1)  The internal NIC is at the top of the binding order.
2)  Client for MS networks, File and Print sharing and NetBIOS over TCP/IP is disabled (unchecked) on the external NIC.
3)  The option to register in DNS is unchecked on the external NIC.
4)  All entries in DNS for the external NIC should be removed from DNS.

0
 
Guy_AdamsAuthor Commented:
Both servers use only one NIC.

Thanks

Guy
0
 
Guy_AdamsAuthor Commented:
Just to let you all know,

I have asked the replication event id errors as a new question, found here:

http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21820514.html

Thank you all again for your time, feel free to help with the above question.

Regards

Guy_Adams
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 4
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now