PC's on Site A cannot join DC on site B
I have 2 sites, lets call them A and B
At site B they have Windows 2008 R2 server as the DC
Site B is on 192.168.0 LAN
Site A is connected via VPN Tunnel ADSL.
Cisco router at each site.
Site A is on 192.168.1 LAN
PC's at site A cannot join the Domain. Although can ping DC at site B bu IP and hostname.
Can use OWA.
PC can be taken phsyically to site B from A and joined to domain without iuuse. Then returned to site A. Log in then takes 30mins and network is slow.
Have checked all main things like DC is only using itself as DNS etc.
Any ideas guys?
Also does anyone know where i can see a list of exactly what actions are taken when a PC joins a Domain. Not how to do it of course, but what requestes and protocols are fired up in sequence in order so i can find where the steps fail etc.
At site B they have Windows 2008 R2 server as the DC
Site B is on 192.168.0 LAN
Site A is connected via VPN Tunnel ADSL.
Cisco router at each site.
Site A is on 192.168.1 LAN
PC's at site A cannot join the Domain. Although can ping DC at site B bu IP and hostname.
Can use OWA.
PC can be taken phsyically to site B from A and joined to domain without iuuse. Then returned to site A. Log in then takes 30mins and network is slow.
Have checked all main things like DC is only using itself as DNS etc.
Any ideas guys?
Also does anyone know where i can see a list of exactly what actions are taken when a PC joins a Domain. Not how to do it of course, but what requestes and protocols are fired up in sequence in order so i can find where the steps fail etc.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Seems like your sites are not set properly.
On a slow logging on pc open command prompt and type this
echo %logonserver%
This will give you the DC it is logging to.
The check the IP of this PC, IP of DC B and the IP of DCA
On a slow logging on pc open command prompt and type this
echo %logonserver%
This will give you the DC it is logging to.
The check the IP of this PC, IP of DC B and the IP of DCA
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Tom,
are these ports to be opeend on the DC firewall or routers?
are these ports to be opeend on the DC firewall or routers?
The simple answer is the configuration of the VPN tunnel at both ends.
I'm not clear on your configuration. You mention routers, but routers don't normally block ports. I'm guessing your network (simplified) is the following:
- Tom
I'm not clear on your configuration. You mention routers, but routers don't normally block ports. I'm guessing your network (simplified) is the following:
LAN A - Firewall - Internet - Firewall - LAN B - DC
Given that scenario, the VPN tunnel between the two firewalls and the LANs behind them is the where you allow traffic targeting the ports to pass through. And, all that configuration is takes place on the firewalls (unless you have VPN devices in parallel with the firewalls, rare but I've seen it done).- Tom
ASKER
Thanks for your imput Tom.
This is my feeling too. However, the equipment at each end is controlled by a 3rd party. They say, of course, that their configs are fine.
I am still working on the issue, but thought i would update you. Still under investigation.
This is my feeling too. However, the equipment at each end is controlled by a 3rd party. They say, of course, that their configs are fine.
I am still working on the issue, but thought i would update you. Still under investigation.
Did you check your sites in Sites and services for the correct IP subnets?
Could you provide a more complete diagram than my guess above?
Please include the 3rd Party equipment. It would be good to know what type of equipment that is and where it is in the line of communication.
- Tom
Please include the 3rd Party equipment. It would be good to know what type of equipment that is and where it is in the line of communication.
- Tom
ASKER
Quick update.
Traffic is not firewalled between the 2 sites.
If i try to join the domain with an incorrect username or password then i get a logon authentication failure, so it must be talking, but if i use the correct username/password then it just hangs for a while and fails.
Do you think i should maybe configure RRAS on the DC?
Am still struggling a bit.
Traffic is not firewalled between the 2 sites.
If i try to join the domain with an incorrect username or password then i get a logon authentication failure, so it must be talking, but if i use the correct username/password then it just hangs for a while and fails.
Do you think i should maybe configure RRAS on the DC?
Am still struggling a bit.
ASKER