kieran_stoney
asked on
Issue with Sites in AD
I have a Domain over 2 sites and 2 Domain controllers using site to site vpn. All works well when both domain controllers are in the same site; however if i split them into the appropriate sites replication of the sysvol and netlogon shares appears to stop working. However the Active Directory Replication continues to work correctly. What could be causing this?
Any help is greatly appreciated
Any help is greatly appreciated
How do you know it stops working? Any error messages in the event log?
You can also run "DCDIAG" when you have the sites setup properly and see if reports anything useful.
You can also run "DCDIAG" when you have the sites setup properly and see if reports anything useful.
Make sure both sites belong to one or more cross-site replication partnerships.
Are both domain controllers global catalogs? Keep in mind that best practice is to have at least one GC in each physical site.
Do you have subnets defined in AD sites and services? If not, you will need to create subnet objects and assign them the appropriate sites.
Ports/firewalls are unlikely to be the cause if you are able to replicate across the VPN until you logically move the DC to the other site. We're most likely looking at some kind of logical configuration issue within AD sites and services.
Are both domain controllers global catalogs? Keep in mind that best practice is to have at least one GC in each physical site.
Do you have subnets defined in AD sites and services? If not, you will need to create subnet objects and assign them the appropriate sites.
Ports/firewalls are unlikely to be the cause if you are able to replicate across the VPN until you logically move the DC to the other site. We're most likely looking at some kind of logical configuration issue within AD sites and services.
Check for NTFRS event ID 13568 in both DC's if you find this you need to follow below steps
Take backup of sysvol before this and check \\Remote_server and vice versa if they are accessible
Simple steps
1)Login to healthy server
2)Check FRS logs if its health and connectivity with Problem server using \\Problem_server
3)Stop NTFRS service on Healthy
4)Navgate to HKLM\...\Backup/Restore at startup\burflag
5) Set this to D4 -> Restart NTFRS-> Wait for 13516 to come
6) Login to Problem server
7) Follow step 4 and set the Burflag to D2 ->-> Restart NTFRS-> Wait for 13516 to come
Take backup of sysvol before this and check \\Remote_server and vice versa if they are accessible
Simple steps
1)Login to healthy server
2)Check FRS logs if its health and connectivity with Problem server using \\Problem_server
3)Stop NTFRS service on Healthy
4)Navgate to HKLM\...\Backup/Restore at startup\burflag
5) Set this to D4 -> Restart NTFRS-> Wait for 13516 to come
6) Login to Problem server
7) Follow step 4 and set the Burflag to D2 ->-> Restart NTFRS-> Wait for 13516 to come
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
sorted
http://social.technet.microsoft.com/wiki/contents/articles/584.active-directory-replication-over-firewalls-en-us.aspx
Verify the Server Service is running on the DC with the issue.
If you could run dcdiag /v, remove any sensitive data and post that we might get a better idea of what's going on.