Active Directory Replication UGH! 1

[JMCColorado]

Okay. I have seen this question at least 200 times on google, MSKB, and in here. But the answers I see are either not descriptive enough or do not work. Can somebody PLEASE help me before I go insane...

I just got a new job administering a network that was already built. No one can tell me much about it. However, its a production environment and I don't have the option of setting up from scratch again. Here is what I have. I have a t1 link that comes in to a router performing NAT. Then I have a domain with two Win2K DC's running active directory. The problem is that The active directory information (most specifically AD Users and Groups) is not replicating between DC's. Interesting note: If I force replication from "server2" to "server1" it shows no errors. But nothing happens. If I force from "server1" to "server2" I get the error that no RPC server is available. Also every once in a while If I ping from "server1" to "server2" using a FQDN like "ping server2.example.example" I get an unknown host error. This is not consistant though. I have a feeling that the problem lies in DNS but I am no DNS expert and I might need some help. Can anyone make a suggestion?

 

[doomhamur]

hello,

this sounds like a DNS problem to me. AD requires DNS for propagation of directory information. it is best to have WINS and DNS running.

Setting up AD on a server automaticall install DNS. install wins if it is not already. setting up DNS properly can be complicated. i would get Windows 2000 TCP/IP administration from O'reilly. it is a good book and i have used it.

nobody can walk you through DNS setup via a forum, there is too much information needed. if you would like me to help with this problem i can be reached at support@brigadeindustries.net

Thanks
Doomhamur

 

[Odissey]

Hi JMCColorado!
In my mind you should make the following:
1. Start DCPROMO on "server2" and remove DC from it.
2. Add record for "server2" to DNS server.
3. To make sure that the "server2" pinged from the "server1".
4 Start DCPROMO on "server2" and make it DC.

 

[yizhar]

HI.

It seems to me that the NAT on the router is doing the problems.
Can both servers simply ping each other?
By ip address and by FQDN?
Are both servers in the same active directory site?
Can SMTP emails be passed between both servers?
If you have a static nat entry at the router for your server, you should note that it means that the server is known in different ip addresses on different sides of the router, and this can also be a problem. For example if server2 own ip address is 1.1.1.1 but it has a static nat for 2.2.2.2 on the opposite side of the router, then it will register in DNS only the address 1.1.1.1 so servers from the other side will have problems getting to it.

I suggest that you set the servers on different active diretcory sites, and configure them to use SMTP instead of IP for replication. Obviously you'll have to set up SMTP properly for this.
This is because RPC seems to have problems in your case.

If applicable, you should plan to remove the NAT option from the router.

Bye
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar

 

[JMCColorado]

Actually, I got it fixed yesterday. At least I think I did. In the DNS servers the external (ISP) DNS servers were listed before our internal DNS server. I changed the order so that it checks ours first and POW they started replicating. Anyway, I really do appreciate all the help I have recieved, you guys are awesome!

Thanks a lot,

Josh.

 

[GlenJohnson]

With AD problems, always check DNS first. Glen A. Johnson
Microsoft Certified Professional
glen@nellsgiftbox.com


"Science is built up with facts, as a house is with stones. But a collection
of facts is not more a science than a heap of stones is a home".
Henri Poincare (1854 - 1912) French mathematician