Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Domain Controller Issue

Posted on 2011-03-11
8
Medium Priority
?
422 Views
Last Modified: 2012-05-11
I have an issue with 2 servers  (which are also a domain controllers).  They are on differenet subnets connected by a hardware based VPN. We have eliminated Networking as an issue. Using packet sniffers (wireshark) on both sides all traffic appears to pass normally in both directions. Packets arrive and are acknowledged. Addtiionally, these 2 server can talk ANY other machines on either subnet without issue.

However, pinging from the Windows command line shows one traffic flowing in one direction only, ie it does NOT show the same results as wireshark. Domain replication only works in one direction, DNS updates one direction, etc.

Have tried removing and re-installed the NICs. Firewalls off on both sides. There are no name resolution issues on either side.

This one is driving me insane. If you need me to post anythig I am MORE than happy too.

HELP!
0
Comment
Question by:mmcgeehan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 35112608
Any events in the event logs or errors in dcdiag

if you run repadmin /showreps how long since they have replicated.

Thanks
Mike
0
 

Author Comment

by:mmcgeehan
ID: 35112742
Replication ceased as soon as they were moved to seperate subnets. Placing them back in the same subnet allows replication, in both directions. Bear in mind, even on seperate subnets, replication does work, but ONLY in 1 direction. The event viewer logs and dcdiag logs reflect this as well, i.e. no issues while on the same subnet. I can post the current dcdiag logs (redacted of course) from both sides if you like.
0
 
LVL 10

Expert Comment

by:tmoore1962
ID: 35113067
Sounds like a routing issue.  Verify your ACL in the routers linking the subnets.
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 
LVL 42

Expert Comment

by:kevinhsieh
ID: 35113636
How is your firewall turned off? You can't stop the service. Stopping the service enables the firewall. You need to turn it off in the GUI.
0
 

Author Comment

by:mmcgeehan
ID: 35116415
The Windows firewalls are turned off via the gui on both servers. Its not a routing issue as using Wireshark shows all trafific arrives and is respoded to normally. Additionally, the servers have no issues communicating with any other machines, or the Internet, only with each other.

 I'm going to try another NIC, to eliminate the onboard NIC as the issue. Also, the fact that wireshark is able to detect the traffic, but the OS is not, makes me suspect their is something wrong with Winsock, or the TCP/IP stack, as Wireshark installs its own protocol and shows all traffic arriving and being acknowledged normally.

It is VERY strange. Its not a critical situation at this time as I have 3 DCs and am able to replicate by proxy usiing the 3rd DC.

Wont install the other NIC until Monday at the earliest. I will post any changes, or if it resolves the issues. These are both Dell T310  servers with the onboard NIC (2 interfaces), and I have noted, by searching the Internet, they seem to have frequent issues.
0
 

Author Comment

by:mmcgeehan
ID: 35208915
Sorry about the delay. The issue still persists. We have put it on hold until the summer when significant downtime can be scheduled. Until then I can work around it, since the secondary problem (replication) is automatically worked out via the 3rd domain controller, which communcates with the other 2 with no issues. So, any changes made on any DC, still get replicated to all 3.

This can be closed.

Thanks All!
0
 

Accepted Solution

by:
mmcgeehan earned 0 total points
ID: 35690889
Well, currently the issue is not pending as we are no longer servicing that customer. However, I ran into an almost identical issue and the soluting was removing an anti virus protocal (AVG) from the NIC. Issue is resolved as far as I am concerned.
0
 

Author Closing Comment

by:mmcgeehan
ID: 35718407
Accepting this as the answer to my own question. Setting it as C due to not having access to the original server with the issue to confirm the fix would work.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question