mbigogno
asked on
Single Domain Site Replication Topology
I was hoping somebody could double check my setup here.
Single Domain, Windows 2003 Servers
2 sites, 2 domain controllers at both sites.
Site 1:
Server 1 - FSMO roles Except not Global Catalogue, Preferred IP Bridgehead
Server 2 - Global Catalogue
Site 2:
Server A - Global Catalogue, Preferred IP Bridgehead
Server B -
Site 1. Server 1 has NTDS settings of "auto gen" , site 1, Server 2, and Manually config'd, Site 2, Server B
Site1. Server 2 has NTDS settings of "auto gen", site 1, Server 1, and Manually config'd, Site 2, Server A
Site 2 Server A has "auto gen", Site 2, Server B, and Manually config'd Site 1, Server 1.
Site 2 Server B has "auto gen", Site 2 Server A, and Site 1 Server 1
Any suggestions or "best practices" would be greatly appreciated. Thanks in advance.
Matt B
Single Domain, Windows 2003 Servers
2 sites, 2 domain controllers at both sites.
Site 1:
Server 1 - FSMO roles Except not Global Catalogue, Preferred IP Bridgehead
Server 2 - Global Catalogue
Site 2:
Server A - Global Catalogue, Preferred IP Bridgehead
Server B -
Site 1. Server 1 has NTDS settings of "auto gen" , site 1, Server 2, and Manually config'd, Site 2, Server B
Site1. Server 2 has NTDS settings of "auto gen", site 1, Server 1, and Manually config'd, Site 2, Server A
Site 2 Server A has "auto gen", Site 2, Server B, and Manually config'd Site 1, Server 1.
Site 2 Server B has "auto gen", Site 2 Server A, and Site 1 Server 1
Any suggestions or "best practices" would be greatly appreciated. Thanks in advance.
Matt B
trenes,
My bad you have 2 catalogs . ;-)
My bad you have 2 catalogs . ;-)
ASKER
Sorry, I did leave that out. I have DNS and DHCP at both sites. I just recently added the 2nd DC at Site 2, this is the ONLY DC that is not running DNS or DHCP.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I had just written my reason for leaving the bridgehead server in place to help with WAN traffic management and such. But I then deleted it when I suspected bit-rot and decided to re-read an article about bridgeheads. (http://support.microsoft.com/kb/271997) According to this article, if you don't specify one, KCC will nominate one. If you specify more than one KCC will nominate one from the list that you specify. If you specify one (or more) and it (or they) become unavailable then replications will not be able to occur. With this in mind I have to agree with Jay Jay70 and add a little more pressure to not specify the bridgehead unless you have an overriding reason.
One thing that seems to cause more grief for some folks is DNS settings. Make sure that ALL your systems are configured (either statically or with DHCP) so that the IP settings are looking only at your internal AD DNS servers for DNS resolutions. This even includes your DCs with and with out DNS. If you need to resolve external DNS queries (almost certainly you will so that the boss can get to raging bull or yahoo stocks or whatever it is he doesn't in the ivory tower, and more importantly you can get to EE), remove the Root DNS Zone, make sure Roots Hints is configured, and open both UDP port 53 and TCP port 53 on your firewall. (see http://support.microsoft.com/kb/300202)
I'd also like to say that althought you seem to be indicating a slight doubt in yourself by publicly asking for comments, quite frankly I'm impressed that you seem to have it put together pretty well, and certainly better than most that I've seen done in smaller implementations. Kudos to you!
Alan
One thing that seems to cause more grief for some folks is DNS settings. Make sure that ALL your systems are configured (either statically or with DHCP) so that the IP settings are looking only at your internal AD DNS servers for DNS resolutions. This even includes your DCs with and with out DNS. If you need to resolve external DNS queries (almost certainly you will so that the boss can get to raging bull or yahoo stocks or whatever it is he doesn't in the ivory tower, and more importantly you can get to EE), remove the Root DNS Zone, make sure Roots Hints is configured, and open both UDP port 53 and TCP port 53 on your firewall. (see http://support.microsoft.com/kb/300202)
I'd also like to say that althought you seem to be indicating a slight doubt in yourself by publicly asking for comments, quite frankly I'm impressed that you seem to have it put together pretty well, and certainly better than most that I've seen done in smaller implementations. Kudos to you!
Alan
ASKER
Thanks for the compliment Saw, and thank you Jay. So much to learn, so little time. Just like to double check things.
MB
MB
I can understand that feeling, although diving head first into it is the best way to learn and it looks so far like you have done well
Make sure you run DNS on both sites that keeps traffic down.
Also make both machines Global Catalog.
those things come 2 mind first.
Cheers!