Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

PC's on Site A cannot join DC on site B

Posted on 2013-06-17
10
Medium Priority
?
256 Views
Last Modified: 2014-01-31
I have 2 sites, lets call them A and B

At site B they have Windows 2008 R2 server as the DC

Site B is on 192.168.0 LAN

Site A is connected via VPN Tunnel ADSL.

Cisco router at each site.

Site A is on 192.168.1 LAN

PC's at site A cannot join the Domain. Although can ping DC at site B bu IP and hostname.
Can use OWA.
PC can be taken phsyically to site B from A and joined to domain without iuuse. Then returned to site A. Log in then takes 30mins and network is slow.

Have checked all main things like DC is only using itself as DNS etc.

Any ideas guys?

Also does anyone know where i can see a list of exactly what actions are taken when a PC joins a Domain. Not how to do it of course, but what requestes and protocols are fired up in sequence in order so i can find where the steps fail etc.
0
Comment
Question by:jerseysam
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 30

Accepted Solution

by:
Randy Downs earned 500 total points
ID: 39253626
Sounds like a DNS issue. You didn't say you could ping site by FQDN.

Maybe this will help - http://www.techrepublic.com/blog/10things/10-tips-for-troubleshooting-dns-problems/1964
0
 
LVL 15

Author Comment

by:jerseysam
ID: 39253693
yes can ping by FQDN
0
 
LVL 24

Expert Comment

by:Nagendra Pratap Singh
ID: 39253710
Seems like your sites are not set properly.

On a slow logging on pc open command prompt and type this

echo %logonserver%

This will give you the DC it is logging to.

The check the IP of this PC, IP of DC B and the IP of DCA
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 12

Assisted Solution

by:TomRScott
TomRScott earned 500 total points
ID: 39254332
Given that DNS and basic routing is functioning, make sure that all Microsoft services are allowed to pass through the VPN tunnel.

A Couple References:
- Tom
0
 
LVL 15

Author Comment

by:jerseysam
ID: 39256032
Thanks Tom,

are these ports to be opeend on the DC firewall or routers?
0
 
LVL 12

Expert Comment

by:TomRScott
ID: 39257288
The simple answer is the configuration of the VPN tunnel at both ends.

I'm not clear on your configuration. You mention routers, but routers don't normally block ports. I'm guessing your network (simplified) is the following:

LAN A - Firewall - Internet - Firewall - LAN B - DC
Given that scenario, the VPN tunnel between the two firewalls and the LANs behind them is the where you allow traffic targeting the ports to pass through. And, all that configuration is takes place on the firewalls (unless you have VPN devices in parallel with the firewalls, rare but I've seen it done).

 - Tom
0
 
LVL 15

Author Comment

by:jerseysam
ID: 39301431
Thanks for your imput Tom.

This is my feeling too. However, the equipment at each end is controlled by a 3rd party. They say, of course, that their configs are fine.

I am still working on the issue, but thought i would update you. Still under investigation.
0
 
LVL 24

Expert Comment

by:Nagendra Pratap Singh
ID: 39301565
Did you check your sites in Sites and services for the correct IP subnets?
0
 
LVL 12

Expert Comment

by:TomRScott
ID: 39302662
Could you provide a more complete diagram than my guess above?

Please include the 3rd Party equipment.  It would be good to know what type of equipment that is and where it is in the line of communication.

 - Tom
0
 
LVL 15

Author Comment

by:jerseysam
ID: 39347995
Quick update.

Traffic is not firewalled between the 2 sites.

If i try to join the domain with an incorrect username or password then i get a logon authentication failure, so it must be talking, but if i use the correct username/password then it just hangs for a while and fails.

Do you think i should maybe configure RRAS on the DC?

Am still struggling a bit.
0

Featured Post

Simplify Your Workload with One Tool

How do you combat today’s intelligent hacker while managing multiple domains and platforms? By simplifying your workload with one tool. With Lunarpages hosting through Plesk Onyx, you can:

Automate SSL generation and installation with two clicks
Experience total server control

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question