Backup site

[DASLG]

Hello,
I am having an issue where we have a Point-to-Point t1 between the main site and a 'backup site'. The backup site is configured as a different subnet. I have added a rule in the firewall(at the main site) which points any requests going to the Backup site to the router that connects the 2 points. We currently do not have a firewall, yet, at the backup site but wanted to join the network and configure a server to be a domain controller. Now the server can browse the network but it cannot join it. It gives me "RPC service failure". Do I have to configure the domain to accept that subnet first? The main site has 2 windows 2K3 servers that handle all the FSMO roles, DNS, and DHCP. The server at the backup site is currently running W2K SP4. Should I upgrade the server to W2K3 first? And then try to join again? Or is there an easier way than reinstalling the OS?

 

[dholbrook]

Why not bring this server to the main site, run the dcpromo to bring it to DC status in the Domain, then take the new DC server (now a DC in the Domain) back to the other site, change its IP address, etc. and put it in service?

You seem to have some difficulty with the DNS network configuration at this point. Trying to resolve that in addition to building the Domain connection at the same time could be a very difficult problem to resolve. By building the DC in the home Domain network, that issue is bypassed and you will be able to work on the network issues by them selves. With a working DC at the remote site, you can then join all the other systems to the Domain without difficulty. Then you can attack the DNS issues so the new DC can replicate from the DOMAIN in the other subnet.

You also need to configure the DNS at the subnet to correctly route traffic to the other subnet servers and users be pointing them to the router between the subnets. This way they can reach the DNS server in the original network to be able to resolve the local addresses and to access the Internet gateway address.

You are going to have to be sure the DNS in the original network also knows to forward traffic to the new DC server across the router to the other subnet, and not to the router which provides the Internet access. Important, make sure the subnet DNS systems looks at itself first, then points toward the DNS in the original network for all name resolution. Also, make sure the gateway address for all systems in the subnet point to the subnetwork router address, not to the gateway in the original network which goes out to the internet.

HTH

David

 

[mar74]

Did you add the 'backup' site subnet to Subnets in AD Sites & Services? Then, create a new Site for the backup subnet.

Hope that helps!

 

[DASLG]

Dholbrook-That was my initial thought. And it is DNS. I could ping by IP address but not by name. We have routing setup for this domain on the switches. We have added an entry to the Forward and reverse lookup zones for this site. Do you know of any MS articles pertaining to this type of setup. I'm looking but I don't seem to be getting anywhere with it.

mar74- Yes I have added a site and a subnet. No dice.

We want to get this up and running the way MS states it should. So unless it is documented by MS to bring up a server and then port it over I'll be stuck in this damp dark hole until I figure it out.

Thanks for the suggestions.

 

[dholbrook]

You may need to set up a dns relay into the subnet. Make sure the subnet DNS server looks only to itself first for DNS servers, and then to the fixed address of the primary DNS in the original net (NOT THE ISP DNS!). Then check to be sure that the DNS subnet server is set with the subnet router address as its gateway. You want the DNS lookup to go local first, then be forwarded to the main network DNS server.

HTH
David

 

[DASLG]

Ok. I've tried creating a secondary dns server and set it to look at itself first and then the primary DNS at the main site but nothing synchronized. I have a different question that might pertain to this situation. We (well, not me) have recently added cisco switches to the network and have pointed all servers to the switch for routing. Now for some reason exchange would not send or receive emails and no one could access our citrix servers from the outside. We had to point them back to the firewall and create static routes. Might the cisco switch be preventing certain protocols through? I know very little when it comes to configuring switches.

 

[dholbrook]

It sounds to me like you are doing address translation at the firewall. In that case, the firewall needs to have the internal and external IP addresses for the exchange server, and they must both be static addresses in order for the firewall to do the address translation correctly.

To address the citrix server from the outside also sounds like address translation issue at the firewall. Any server that needs to be seen from the Internet must have a valid Internet IP address assigned to it, but typically these are not the addresses on the system themselves, as they use internal network addresses (192.168.x.x or 10.0.x.x, etc.)and the address translation is done at the firewall to redirect the traffic to the correct internal system.

If you are using the switches to do subnetting, then the issues gets more complex.

It sounds like the switches are all behind the firewall (if not, you have serious security issues too!), but are not correctly set up.

Is each switch correctly pointing to the firewall as the network gateway? (AGAIN, DRAW THE SYSTEM MAP!) If the switches are not cascaded then all will have the same gateway address, the firewall.

If the switches are cascaded, then draw a map of the network and make sure each switch gateway address is corrcetly set to the next switch up in the network, with the last pointing to the firewall.

If set properly, then using a switch IP as the gateway address for any servers behind the switch should work, but if not, then traffic will not get out to the internet as it will just get routed round and around between the switches.

Sound like you have a gateway configuration issue to be resolved, as well as a need to check the firewall rules. DRAW THE SYSTEM MAP, it will point out the problems as you fill in the IP addresses in/out from each switch!

HTH

David

HTH
David