Solved

windows 2008 r2 Domain Controllers not able to see each other in different Subnets

Posted on 2012-03-15
9
586 Views
Last Modified: 2012-08-14
Hello All,
 
I have a Domain Controller in NY called Server A (192.168.90.5) in the subnet of 192.168.90.0/24. This AD is the Primary of the Domain. I'm running low on IP address in the 90 subnet. within the NY office.  I cannot use super subnetting because the person who engineered this site along with 3 other sites made them like this.

All driven by MPLS:
NY-192.168.90.0/24  (Domain Controller A - 192.168.90.5)
PA-192.168.91.0/24  (Domain Controller B - 192.168.91.5)
CT-192.168.92.0/24  (Domain Controller C - 192.168.92.5)
NJ-192.168.93.0/24   (Domain Controller D - 192.168.93.5)

Super subneting would be the answer for me but requires a lot of work to change all IP device settings and workstations to a new subnet and there’s an overlap in IP address (Since supersubnetting would give me 90 and 91 subnets) that I do not want to risk.  so i figured...maybe  create a new Subnet and attached it to the NY site.

Let call this one 192.168.98.0/23.  My though would be that it would give me 510 address nodes. 192.168.98.0 - 192.168.98.254 and 192.168.99.1 - 192.168.99.254 and i can access along with the 90 subnet.
so this is what i've done so far.

- added another Subnet for the "NY site" in Site and Services - 192.168.98.0/23 and link it to NY.
and waited to sync...

Then i setup a workstation with a subnet address  IP:192.168.98.10,submask: 255.255.254.0 no gateway dns: 192.168.90.5 to see if i can be domained or ping the NY AD at 192.168.90.5...no luck. It didn’t work and nslookup couldn’t find a DNS

So i created a new AD for subnet 192.168.98.0/23 and called it ADsystems.
so this is what i've done..

- Domained an AD (ADsystems) ip address 192.168.90.6, Submask 255.255.255.0, Gateway: 192.168.90.1, DNS:192.168.90.5
- added a Site in Site and Services called "Systems"
- Subnet for the "system" is 192.168.98.0/23 and link it to "System" site.
- changed the Local DNS to itself 192.168.90.6
- Moved the ADsystem object in "NY" within  Site and service to the "System" site.
- Attached the subnet 192.168.98.0/23 to the “System” site and created a link between NY and “Systems”
- Once I saw replication occurring, I then changed the IP address of the new AD (ADsystems) to address 192.168.98.5, Submask 255.255.254.0, No Gateway, DNS:192.168.98.5.
No gateway because the gateway in in the 90 subnet

Once I changed the IP address to the new subnet, the new AD cannot see or ping anything in the 90,91,92 or 93 subnets and replication is failing. I change it back to how I had it before and it works but now not for the 98 subnet.

Am I missing something?  Do I need to setup a VPN between 90 and 98 to see each other even it they are on the same network?
What are my options….anyone?

Thanks
0
Comment
Question by:bootyfreakk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
9 Comments
 
LVL 7

Expert Comment

by:raeldri
ID: 37726287
your issue is with the subnetmask or lack of default gateway.

192.168.98.0/23 is going to give a usable range of 192.168.98.1 - 192.168.99.254

the machines wont know how to reach 192.168.90.0 network
0
 
LVL 37

Accepted Solution

by:
Neil Russell earned 80 total points
ID: 37726290
If this is all part of a managed MPLS circuit then that is almost certainly where the issue lies. Changing AD will not give you any additional IP routing, that needs to be configured on your MPLS routers
0
 
LVL 3

Author Comment

by:bootyfreakk
ID: 37726489
Why would my gateway be a factor. When both 90 and 98 subnets are at the same NY location. It doesnt need to access a router for anything.

the NY Ad 192.168.90.5 is sitting right next to the ADSystems server 192.168.98.5. why should a router be involed. do i need setup atranslation of some sort,  Vlan on my switch or add an entry to my router for this to work?  (i would perferr not to go that route) would adding an extra ethernet card to the NY AD work?
Im doing this to expand the ip range. since im running low on 90.  I though DNS handled replication.

The other sites i have 91,92 and 93 have been setup this way and it works great.( MPLS and all) why do it locally and it doesnt work. I double checked my setup and i feel im missing something.
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 7

Assisted Solution

by:raeldri
raeldri earned 20 total points
ID: 37726610
the subnet mask limits what is seen as "local" anything outside above range is considered remote and would need routed to reach the other subnets
0
 
LVL 37

Assisted Solution

by:Neil Russell
Neil Russell earned 80 total points
ID: 37726926
This is as I said orriginally down to routing. If its a fully managed MPLS then you need to get your MPLS service provider to provide an additional route and range to you for the extra subnet so that EVERYWHERE knows where to route to.
As explained above, just because two subnets are in the same location, does not mean they can talk to each other. Default gateways and subnets....
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 37726945
UNDER NO CIRCUMSTANCES add a second NIC into a DC

Its a night mare and will cause you nothing but problems.
0
 
LVL 3

Author Comment

by:bootyfreakk
ID: 37727651
How about some sort of internal rounting system...something i can build, a software or adding a vlan to a port on my switch to do a route from there. is this possible?
0
 
LVL 7

Expert Comment

by:raeldri
ID: 37728642
Internal routing is fine do you have your own router outside the MPLS router or a layer3 switch?  Both would work fine for simple routing between subnets
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Determining the an SCCM package name from the Package ID
When asking a question in a forum or creating documentation, screenshots are vital tools that can convey a lot more information and save you and your reader a lot of time
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question