westhelpdesk
asked on
AD Sites and Services
Will try and explain best as posssable...
Have 3 Sites A, B, C
Site A has 2 DC,,2003 Server wil call these DC1 and DC 2
Site C has one DC..2008 Server...will call this DC 3
when added 2008 Server DC 3 to domain as a DC in existing Forest....it showed up under AD Sites and Services under the default first...i renamed this to our corportate site.....in the NTDS settings under all DC`s (3) there was the other two DC`s showing up...tryed replication and it worked for all......as it should...all good up to this point....
so i added a second site called corporate C...i then moved the newly added DC 2008 DC 3 from Site C into Corporate C... of AD Sites and Services which i just created.
i then setup two different subnests...one for SITE A with goes with the 2 DC`s 2003 (DC 1 adn DC 2) and SITE C which goes with the DC 2008 (DC 3).......Both subnets are reflecting their respected DC`s...
so Corporate site A has 2 DC`s 2003 Server called DC 1 and DC 2...
Site C has DC 2008 Server called DC 3...
all DC`s are DNS, GC....2 DC`s in Site A are WINS, but the DC in site C is not....
qustions...
once i moved the new server 2008 dc to the new site with corporate c....under NTDS settings....i know longer see both servers...when servers was setup in one site before their was two servers under each servers NTDS settings...
Now under Site A under DC1..i only see Site C...DC 2008 Server (DC 3)
At site A under DC 2 i see both DC1 (site A) and Site C DC 3......
At site C under server 2008 i only see DC1 that is in Site A
Was wondering why this is and i am not able to see both DC`s under NTDS Settings under each Server as i should??????
Should i enable WINS on DC in Site C which might be making this happen?????
why is this happening and if i should make changes...why and why not???????
hope i explained well....any help is appreciated!!!!!
Have 3 Sites A, B, C
Site A has 2 DC,,2003 Server wil call these DC1 and DC 2
Site C has one DC..2008 Server...will call this DC 3
when added 2008 Server DC 3 to domain as a DC in existing Forest....it showed up under AD Sites and Services under the default first...i renamed this to our corportate site.....in the NTDS settings under all DC`s (3) there was the other two DC`s showing up...tryed replication and it worked for all......as it should...all good up to this point....
so i added a second site called corporate C...i then moved the newly added DC 2008 DC 3 from Site C into Corporate C... of AD Sites and Services which i just created.
i then setup two different subnests...one for SITE A with goes with the 2 DC`s 2003 (DC 1 adn DC 2) and SITE C which goes with the DC 2008 (DC 3).......Both subnets are reflecting their respected DC`s...
so Corporate site A has 2 DC`s 2003 Server called DC 1 and DC 2...
Site C has DC 2008 Server called DC 3...
all DC`s are DNS, GC....2 DC`s in Site A are WINS, but the DC in site C is not....
qustions...
once i moved the new server 2008 dc to the new site with corporate c....under NTDS settings....i know longer see both servers...when servers was setup in one site before their was two servers under each servers NTDS settings...
Now under Site A under DC1..i only see Site C...DC 2008 Server (DC 3)
At site A under DC 2 i see both DC1 (site A) and Site C DC 3......
At site C under server 2008 i only see DC1 that is in Site A
Was wondering why this is and i am not able to see both DC`s under NTDS Settings under each Server as i should??????
Should i enable WINS on DC in Site C which might be making this happen?????
why is this happening and if i should make changes...why and why not???????
hope i explained well....any help is appreciated!!!!!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Also by default, ALL sites will replicate according to the settings of the DEFAULTFIRSTIPSITELINK object (Inter Site Transports > IP).
So you new site will be using the schedule/interval here. You can add a new site link so you have one for A > B and for B > C, or you can leave them all using the rules of the default link.
So you new site will be using the schedule/interval here. You can add a new site link so you have one for A > B and for B > C, or you can leave them all using the rules of the default link.
ASKER
the issue is when i first created everything and moved it into these sites...all Servers where showing up....even if i delete all setting and put them back to original order and then do it over again....it will show both DC`s under all servers from different sites.....
its only after it sits for a hour that the above issues starts....any suggestions...there is a site link for both sites as it is the default first one......
its only after it sits for a hour that the above issues starts....any suggestions...there is a site link for both sites as it is the default first one......
OK if I understand you correctly, you're wondering why there is only one connection object for the new server in one site on it's own, rather than two when it was in the same site as the other two.
This is fine. It is by design.
Only one DC in each site will be used to replicate to another site. This server is called the bridghead. There is no point all servers replicating between sites - you only need one. This is done to optimise replication traffic. The bridgehead server is nominated by the KCC/ISTG and a connection object will be created to allow it to replicate with another bridgehead on another site.
So provided that you are not experiencing any replication issues, then you do not need to make any changes.
Tony
This is fine. It is by design.
Only one DC in each site will be used to replicate to another site. This server is called the bridghead. There is no point all servers replicating between sites - you only need one. This is done to optimise replication traffic. The bridgehead server is nominated by the KCC/ISTG and a connection object will be created to allow it to replicate with another bridgehead on another site.
So provided that you are not experiencing any replication issues, then you do not need to make any changes.
Tony
ASKER
yes basically, but what happened in a general way...i be brief
on
DC 1
NTDS settings
DC 2
DC 3
DC 2
NTDS settings
DC 1
DC 3
DC 3
NTDS settings
DC 1
DC 2
well when i moved DC3 into own site and subnet...the settings look like this......
DC1
NTDS settings
DC 2
DC2
NTDS settings
DC 1
DC 3
DC3
NTDS settings
DC 1
are you telling me this is normal.....from my understanding i thought i was supposed to see all DC`s under NTDS settings for the domain.....
thanks for everyones help...
on
DC 1
NTDS settings
DC 2
DC 3
DC 2
NTDS settings
DC 1
DC 3
DC 3
NTDS settings
DC 1
DC 2
well when i moved DC3 into own site and subnet...the settings look like this......
DC1
NTDS settings
DC 2
DC2
NTDS settings
DC 1
DC 3
DC3
NTDS settings
DC 1
are you telling me this is normal.....from my understanding i thought i was supposed to see all DC`s under NTDS settings for the domain.....
thanks for everyones help...
Well there is no true "normal" where everyone is going to look the same because the KCC builds this, but have you verified that replication is working ok...that is what really matters for you.
You have to expand each SITE. Each SITE will be replicating to one server in every other SITE. KCC nominates this replication path. What you are seeing is perfectly normal.
Justin
Justin
ASKER
Got error running DCDIAG
Testing server: Site C/ DC3
Starting test: Connectivity
Message 0x621 not found.
Got error while checking LDAP and RPC connectivity. Please check your
firewall settings.
......................... DC3 failed test Connectivity
Testing server: Site C/ DC3
Starting test: Connectivity
Message 0x621 not found.
Got error while checking LDAP and RPC connectivity. Please check your
firewall settings.
......................... DC3 failed test Connectivity
I am assuming you are running this from DC1 or DC2?
ASKER
no actually i am running it from dc 3
DC2 is acting as the Bridge head server for the first site among DC1 and DC2 to communicate with the other site to maximise the bandwidth among sites,
To minimize bandwidth usage during intersite communication, the Knowledge Consistency Checker (KCC) dynamically chooses a server from each site to handle the communication. These servers are the bridgehead servers. Rather than letting the KCC choose the servers, you might prefer to nominate domain controllers
To nominate a server as a bridgehead server, start the Active Directory Sites and Services MMC snap-in. (Select Programs, Administrative Tools, Active Directory Sites and Services from the Start menu.)
Expand the Sites branch.
Expand the site containing the server, and select the Servers container.
Right-click the server, and select Properties.
Select the protocol you want the server to act as a preferred bridgehead server for (i.e., SMTP or IP), as the Screen shows, and click Add.
Click OK.
However with respect to your second issue, please make sure there is no DNS errors. It should also be able to resolve nslookup. Also check for the firewall is not running. The replication between dc1 and dc2 is running fine and then try to replicate from DC3.
Please paste netdiag and the dcdiag contents if you still have the issue
To minimize bandwidth usage during intersite communication, the Knowledge Consistency Checker (KCC) dynamically chooses a server from each site to handle the communication. These servers are the bridgehead servers. Rather than letting the KCC choose the servers, you might prefer to nominate domain controllers
To nominate a server as a bridgehead server, start the Active Directory Sites and Services MMC snap-in. (Select Programs, Administrative Tools, Active Directory Sites and Services from the Start menu.)
Expand the Sites branch.
Expand the site containing the server, and select the Servers container.
Right-click the server, and select Properties.
Select the protocol you want the server to act as a preferred bridgehead server for (i.e., SMTP or IP), as the Screen shows, and click Add.
Click OK.
However with respect to your second issue, please make sure there is no DNS errors. It should also be able to resolve nslookup. Also check for the firewall is not running. The replication between dc1 and dc2 is running fine and then try to replicate from DC3.
Please paste netdiag and the dcdiag contents if you still have the issue
AD replication problems most6 of the time are casued by DNS. Solving those DNS problems, most likely will sovel AD replication problems.
a way to solve this is to designate ONE DC being the temporary DNS MASTER. Then point the troubled DCs to that MASTER DNS by configuring it as the primary DNS on the troubled DCs. After doing that execute IPCONFIG /REGISTERDNS & NET STOP NETLOGON & NET START NETLOGON
then use the following to trigger AD replication
REPADMIN.EXE /SYNCALL <FQDNDC> /A /e /d /q /P for forcing outbound AD repl
REPADMIN.EXE /SYNCALL <FQDNDC> /A /e /d /q for forcing inbound AD repl
a way to solve this is to designate ONE DC being the temporary DNS MASTER. Then point the troubled DCs to that MASTER DNS by configuring it as the primary DNS on the troubled DCs. After doing that execute IPCONFIG /REGISTERDNS & NET STOP NETLOGON & NET START NETLOGON
then use the following to trigger AD replication
REPADMIN.EXE /SYNCALL <FQDNDC> /A /e /d /q /P for forcing outbound AD repl
REPADMIN.EXE /SYNCALL <FQDNDC> /A /e /d /q for forcing inbound AD repl
Are you actually experiencing replication problems?
Is this connectivity test the only failed test when running DCDIAG in your DCs? Also running NETDIAG will uncover any DNS related errors. On DC 3, run
netdiag /test:dns /q
Any errors returned?
As mentioned before, the change in the number of connection objects when moving the DC to another site is completely normal so you can forget about that.
However the failed connectivity test suggests a problem, but if this is the only failure then I would first check any firewalls that may be blocking the ports mentioned in the error message on the DC in question:
LDAP : 389 (TCP and UDP)
RPC : 135 (TCP and UDP)
More information about the port requirements for domain controllers to replicate across firewalls (3 different methods details here): http://technet.microsoft.com/en-us/library/bb727063.aspx
Tony
Is this connectivity test the only failed test when running DCDIAG in your DCs? Also running NETDIAG will uncover any DNS related errors. On DC 3, run
netdiag /test:dns /q
Any errors returned?
As mentioned before, the change in the number of connection objects when moving the DC to another site is completely normal so you can forget about that.
However the failed connectivity test suggests a problem, but if this is the only failure then I would first check any firewalls that may be blocking the ports mentioned in the error message on the DC in question:
LDAP : 389 (TCP and UDP)
RPC : 135 (TCP and UDP)
More information about the port requirements for domain controllers to replicate across firewalls (3 different methods details here): http://technet.microsoft.com/en-us/library/bb727063.aspx
Tony
ASKER
after checking replmon and dcdiag....i dont belive i am experiencing any replication problems now but when i run netdiag /test:dns /q
I GET..
The Procdure entry point I_NetNameCanonicalize could not be
located in the dynamic link library NETAPI32.dll
I GET..
The Procdure entry point I_NetNameCanonicalize could not be
located in the dynamic link library NETAPI32.dll
That is more an error with NETDIAG actually running, it is not reporting back a problem with your domain/network configuration. Sounds like an issue with the version of netapi.dll on the machine you are running netdiag from, or an incorrect version of NETDIAG you have installed on the machine.
However this is now straying somewhat from the original question.
In answer to your question, once you have multiple sites, certain DCs in each site will be nominated as bridgeheads. Only these bridgehead servers are used to replicate between sites. This explains why the number of connection objects has changed for some of your servers after moving a DC into another site, and is entirely normal behaviour.
Unless you are experiencing replication problems, which is seems you are not, then you have no problems with your replication topology.
Tony
However this is now straying somewhat from the original question.
In answer to your question, once you have multiple sites, certain DCs in each site will be nominated as bridgeheads. Only these bridgehead servers are used to replicate between sites. This explains why the number of connection objects has changed for some of your servers after moving a DC into another site, and is entirely normal behaviour.
Unless you are experiencing replication problems, which is seems you are not, then you have no problems with your replication topology.
Tony
ASKER
thanks for everyones help!!!
Justin