We are attempting to change infrastructure across our network. We have 82 sites on our network currently and these are to move onto 2 to 100 Mb fibre from legacy copper.
The new service provider is migrating sites onto its network and through VPN tunnel connecting them to our centralised AD, virus and mail services to maintain and improve access times. The firewalls we are using are Netscreens and IPSEC is in operation. Each site is a child of the parent AD domain located on our network. We went to our pilot site yesterday and all was well apart from issues around DNS and getting updates to DNS to our DC at the site. LDAP seemed slow and netbios appear non existant making AD replication almost impossible. This will have a long term effect on the site should we not be able to resume AD replication fully. We requesting authorisation of the sites DHCP scope and this did not update. However running terminal services across to the TLD server showed that authorisation had been given. The domain admin account takes 20-30 minutes to log in. Its as if the site is on a slow link when in fact the link is 2Mb/s. Users are working fine - email and other essential services work. Them issue is server management and why the win2K server is having difficulties. RPC is not working either. Ping responses are really good between our servers and the site DC
The problem certainly lies in the VPN. On the old network everything worked fine - we renumbered clients and plugged into the new network and problems occur. Is this an encryption issue? Is there a little known problem about IPSEC and AD we must take account of?? We are attempting to gather info for our service provider whose responsibility this is to resolve. They are suggesting AD issues which moves responsibility away from them - we suggested turning encryption off for a small test to see whether that makes a difference.
Has anyone come across these types of problem before??
Thank you in advance for any help you may have
Hargy
The site sits
The new service provider is migrating sites onto its network and through VPN tunnel connecting them to our centralised AD, virus and mail services to maintain and improve access times. The firewalls we are using are Netscreens and IPSEC is in operation. Each site is a child of the parent AD domain located on our network. We went to our pilot site yesterday and all was well apart from issues around DNS and getting updates to DNS to our DC at the site. LDAP seemed slow and netbios appear non existant making AD replication almost impossible. This will have a long term effect on the site should we not be able to resume AD replication fully. We requesting authorisation of the sites DHCP scope and this did not update. However running terminal services across to the TLD server showed that authorisation had been given. The domain admin account takes 20-30 minutes to log in. Its as if the site is on a slow link when in fact the link is 2Mb/s. Users are working fine - email and other essential services work. Them issue is server management and why the win2K server is having difficulties. RPC is not working either. Ping responses are really good between our servers and the site DC
The problem certainly lies in the VPN. On the old network everything worked fine - we renumbered clients and plugged into the new network and problems occur. Is this an encryption issue? Is there a little known problem about IPSEC and AD we must take account of?? We are attempting to gather info for our service provider whose responsibility this is to resolve. They are suggesting AD issues which moves responsibility away from them - we suggested turning encryption off for a small test to see whether that makes a difference.
Has anyone come across these types of problem before??
Thank you in advance for any help you may have
Hargy
The site sits