Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Active Directory 2003 use over VPN tunnels to branch offices.

Posted on 2007-10-12
8
Medium Priority
?
461 Views
Last Modified: 2010-03-17
Ok, I have a fully integrated active directory running on 3 Windows 2003 servers over VPN tunnels.  I have the primary master at the data center in the corporate office.  The other 2 servers connect to the corp. office through Cisco 1811 dual wan routers (VPN).  Each server at all 3 locations are DNS servers for that local network.  The gateway for corp. is 192.168.0.1 and the other two branch sites are 192.168.1.0, and 192.168.2.1&. Everything works fine and should always work given that the tunnels stay up.  But I did some testing and seen that when the VPN tunnels are down the branch servers cannot connect to active directory or does the local DNS seem to work.  
My main question is this&  Is there a way to maybe transfer zones or something, so that when the networks cant communicate with the corp. server and the servers are rebooted the DNS and active directory still works for that local network?  The branch servers also run very slow when it cannot talk with the primary master.
0
Comment
Question by:ctbtech
  • 5
  • 2
8 Comments
 
LVL 5

Accepted Solution

by:
thecomputerdocs earned 1440 total points
ID: 20070304
Your primary server is probably the only global catalog. You may want to enable each DC as a global catalog server as well.
Here's the info on how to do it.
http://www.jsifaq.com/SF/Tips/Tip.aspx?id=3294

Hope that helps...
0
 
LVL 2

Author Comment

by:ctbtech
ID: 20070464
thecomputerdocs,

I thought I had this setting turned on, but apparrently not.  I have not completely test it yet but, it seems to have worked.  This is excellent.

One more quick question though....
Under sites and services does each domain controller need to replicate to all of the other domain controllers or just to the primary master?
0
 
LVL 4

Assisted Solution

by:itquestions
itquestions earned 60 total points
ID: 20072805
For redundancy, it is M$ best practices to replicate to each one.
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
LVL 2

Author Comment

by:ctbtech
ID: 20072849
Ever since I added each DC as a global cataloge, I am getting these error messages every 5 minutes.
Any idea's??

Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=cos,DC=net. The file must be present at the location <\\cos.net\sysvol\cos.net\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (Access is denied. ). Group Policy processing aborted.
 
 
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
0
 
LVL 4

Expert Comment

by:itquestions
ID: 20072861
Are these errors appearing on the all the DC's, the remote office DC's, or onl y the Schema Master?
0
 
LVL 2

Author Comment

by:ctbtech
ID: 20072880
Since the change, only the Schema Master.  This error is on one of the remote DC's but it was 3 days ago, but I was doing testing then so that is ruled out.  So it just seems to be the master server having the current errors.
0
 
LVL 2

Author Comment

by:ctbtech
ID: 20072965
I have rebooted all DC servers, and the error message has not reoccured.
0
 
LVL 2

Author Comment

by:ctbtech
ID: 20073069
The errors came back after reboots, but I found a solution that has seemed to have worked (read below from another posting).  Thanks for all of your help.

"marc_nivens:
Open ADU&C, right click on the domain controllers OU, properties.  Go to the policy tab, highlight the domain controller security policy and click permission.  Grant the Enterprise Domain Controllers and Authenticated Users groups "apply group policy" permissions.  Then run gpupdate and see if the error returns."
0

Featured Post

Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question