bootyfreakk
asked on
windows 2008 r2 Domain Controllers not able to see each other in different Subnets
Hello All,
I have a Domain Controller in NY called Server A (192.168.90.5) in the subnet of 192.168.90.0/24. This AD is the Primary of the Domain. I'm running low on IP address in the 90 subnet. within the NY office. I cannot use super subnetting because the person who engineered this site along with 3 other sites made them like this.
All driven by MPLS:
NY-192.168.90.0/24 (Domain Controller A - 192.168.90.5)
PA-192.168.91.0/24 (Domain Controller B - 192.168.91.5)
CT-192.168.92.0/24 (Domain Controller C - 192.168.92.5)
NJ-192.168.93.0/24 (Domain Controller D - 192.168.93.5)
Super subneting would be the answer for me but requires a lot of work to change all IP device settings and workstations to a new subnet and there’s an overlap in IP address (Since supersubnetting would give me 90 and 91 subnets) that I do not want to risk. so i figured...maybe create a new Subnet and attached it to the NY site.
Let call this one 192.168.98.0/23. My though would be that it would give me 510 address nodes. 192.168.98.0 - 192.168.98.254 and 192.168.99.1 - 192.168.99.254 and i can access along with the 90 subnet.
so this is what i've done so far.
- added another Subnet for the "NY site" in Site and Services - 192.168.98.0/23 and link it to NY.
and waited to sync...
Then i setup a workstation with a subnet address IP:192.168.98.10,submask: 255.255.254.0 no gateway dns: 192.168.90.5 to see if i can be domained or ping the NY AD at 192.168.90.5...no luck. It didn’t work and nslookup couldn’t find a DNS
So i created a new AD for subnet 192.168.98.0/23 and called it ADsystems.
so this is what i've done..
- Domained an AD (ADsystems) ip address 192.168.90.6, Submask 255.255.255.0, Gateway: 192.168.90.1, DNS:192.168.90.5
- added a Site in Site and Services called "Systems"
- Subnet for the "system" is 192.168.98.0/23 and link it to "System" site.
- changed the Local DNS to itself 192.168.90.6
- Moved the ADsystem object in "NY" within Site and service to the "System" site.
- Attached the subnet 192.168.98.0/23 to the “System” site and created a link between NY and “Systems”
- Once I saw replication occurring, I then changed the IP address of the new AD (ADsystems) to address 192.168.98.5, Submask 255.255.254.0, No Gateway, DNS:192.168.98.5.
No gateway because the gateway in in the 90 subnet
Once I changed the IP address to the new subnet, the new AD cannot see or ping anything in the 90,91,92 or 93 subnets and replication is failing. I change it back to how I had it before and it works but now not for the 98 subnet.
Am I missing something? Do I need to setup a VPN between 90 and 98 to see each other even it they are on the same network?
What are my options….anyone?
Thanks
I have a Domain Controller in NY called Server A (192.168.90.5) in the subnet of 192.168.90.0/24. This AD is the Primary of the Domain. I'm running low on IP address in the 90 subnet. within the NY office. I cannot use super subnetting because the person who engineered this site along with 3 other sites made them like this.
All driven by MPLS:
NY-192.168.90.0/24 (Domain Controller A - 192.168.90.5)
PA-192.168.91.0/24 (Domain Controller B - 192.168.91.5)
CT-192.168.92.0/24 (Domain Controller C - 192.168.92.5)
NJ-192.168.93.0/24 (Domain Controller D - 192.168.93.5)
Super subneting would be the answer for me but requires a lot of work to change all IP device settings and workstations to a new subnet and there’s an overlap in IP address (Since supersubnetting would give me 90 and 91 subnets) that I do not want to risk. so i figured...maybe create a new Subnet and attached it to the NY site.
Let call this one 192.168.98.0/23. My though would be that it would give me 510 address nodes. 192.168.98.0 - 192.168.98.254 and 192.168.99.1 - 192.168.99.254 and i can access along with the 90 subnet.
so this is what i've done so far.
- added another Subnet for the "NY site" in Site and Services - 192.168.98.0/23 and link it to NY.
and waited to sync...
Then i setup a workstation with a subnet address IP:192.168.98.10,submask: 255.255.254.0 no gateway dns: 192.168.90.5 to see if i can be domained or ping the NY AD at 192.168.90.5...no luck. It didn’t work and nslookup couldn’t find a DNS
So i created a new AD for subnet 192.168.98.0/23 and called it ADsystems.
so this is what i've done..
- Domained an AD (ADsystems) ip address 192.168.90.6, Submask 255.255.255.0, Gateway: 192.168.90.1, DNS:192.168.90.5
- added a Site in Site and Services called "Systems"
- Subnet for the "system" is 192.168.98.0/23 and link it to "System" site.
- changed the Local DNS to itself 192.168.90.6
- Moved the ADsystem object in "NY" within Site and service to the "System" site.
- Attached the subnet 192.168.98.0/23 to the “System” site and created a link between NY and “Systems”
- Once I saw replication occurring, I then changed the IP address of the new AD (ADsystems) to address 192.168.98.5, Submask 255.255.254.0, No Gateway, DNS:192.168.98.5.
No gateway because the gateway in in the 90 subnet
Once I changed the IP address to the new subnet, the new AD cannot see or ping anything in the 90,91,92 or 93 subnets and replication is failing. I change it back to how I had it before and it works but now not for the 98 subnet.
Am I missing something? Do I need to setup a VPN between 90 and 98 to see each other even it they are on the same network?
What are my options….anyone?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Why would my gateway be a factor. When both 90 and 98 subnets are at the same NY location. It doesnt need to access a router for anything.
the NY Ad 192.168.90.5 is sitting right next to the ADSystems server 192.168.98.5. why should a router be involed. do i need setup atranslation of some sort, Vlan on my switch or add an entry to my router for this to work? (i would perferr not to go that route) would adding an extra ethernet card to the NY AD work?
Im doing this to expand the ip range. since im running low on 90. I though DNS handled replication.
The other sites i have 91,92 and 93 have been setup this way and it works great.( MPLS and all) why do it locally and it doesnt work. I double checked my setup and i feel im missing something.
the NY Ad 192.168.90.5 is sitting right next to the ADSystems server 192.168.98.5. why should a router be involed. do i need setup atranslation of some sort, Vlan on my switch or add an entry to my router for this to work? (i would perferr not to go that route) would adding an extra ethernet card to the NY AD work?
Im doing this to expand the ip range. since im running low on 90. I though DNS handled replication.
The other sites i have 91,92 and 93 have been setup this way and it works great.( MPLS and all) why do it locally and it doesnt work. I double checked my setup and i feel im missing something.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
UNDER NO CIRCUMSTANCES add a second NIC into a DC
Its a night mare and will cause you nothing but problems.
Its a night mare and will cause you nothing but problems.
ASKER
How about some sort of internal rounting system...something i can build, a software or adding a vlan to a port on my switch to do a route from there. is this possible?
Internal routing is fine do you have your own router outside the MPLS router or a layer3 switch? Both would work fine for simple routing between subnets
192.168.98.0/23 is going to give a usable range of 192.168.98.1 - 192.168.99.254
the machines wont know how to reach 192.168.90.0 network