Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Sites and Services issue

Status
Not open for further replies.
AndyE45

AndyE45

MIS
Jul 24, 2003
183
CA
Win2k3 domain - native mode.

We have 2 sites in our domain, one has all the subnets except one. The other site has one subnet and 1 DC. The problem we're having is that a lot of the machines in the subnets in the big site are trying to get to the DC in the site with only one subnet. The main site has 3 DCs that are always up. There is no network routing to the small site from most of the subnets in the big site so we're seeing a lot of machine account related issues when they try to renew their secret password. Why are they trying to get to the other site??????

Anybody seen this before?
 
Sort by date Sort by votes
Can you give us a bit more info on your IP scheme please, ie which sites have what subnets and the IP ranges of the machines. Oh and the subnets masks being used..

Paul
MCTS: Exchange 2007, Configuration
MCSA:2003
MCSE:2003
MCITP:Enterprise Administrator

RFC 2795 - The Infinite Monkey Protocol Suite (IMPS)

Difficult takes a day, impossible takes a week
 
Upvote 0 Downvote
The small site has 1 subnet - 172.29.X.X with a 24 bit mask (on purpose).

The main site has a number of different subnets including a bunch of 172.29.X.X subnets also with a 24 bit mask. There are others but the machines in these subnets are the ones we're having trouble with.
 
Upvote 0 Downvote
Each site should have a different subnet.

-------------------------------

If it doesn't leak oil it must be empty!!
 
Upvote 0 Downvote
Norton,

Thanks for your reply.

If I understand what you're suggesting we can't do that.

As I understand it a site can contain one or more subnets and one or more DCs and a DC can't belong to more than one site. If this is correct we simply can't have a DC in every subnet, we have 167 of them.
 
Upvote 0 Downvote
That's fine, but your subnets need to be tied to specific sites. If a user on that subnet tries to login, it attempts to connect to a DC in that AD site. If there is no DC in that site, or no DC is available, all bets are off as to where it's going to authenticate to.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
Upvote 0 Downvote
Sniper,

Thanks for your reply but, that's not the issue.

Recapping my original post:

All subnets in question are assigned to one of the two sites.

There are DCs assigned and up all the time in both sites.
 
Upvote 0 Downvote
You don't need a DC in every subnet but you do need at least 1 preferably 2 DCs in each site.

As mentioned earlier a subnet must only exist in 1 site other wise you get the problem you are experiencing with PC's trying to authenticate against a DC in another site.



-------------------------------

If it doesn't leak oil it must be empty!!
 
Upvote 0 Downvote
Norton,

Thanks again for the input.

- All subnets exist in only one site. We know not to associate a subnet with more than one site, I wouldn't even know how to force something like that in the S & S interface.

- The small site with one subnet has a DC that, so far (touch wood), has always been up.

- The main site with all the other subnets has 3 DCs which are never down except for occassional maintenance during off hours.

Again, our problem is that a lot of machines in the main site are trying to go to the small site and there is no network routing in place (on purpose) from most of the subnets in the main site.

We're purposely using class B subnets (172.29.x.x) in the both sites with a 24 bit mask. I'm beginning to wonder if that might be the source of the problem. I wonder if S & S isn't interpretting this configuration correctly. I have double-checked and all subnets in both sites are correctly configured in S & S with 24 bit masks.
 
Upvote 0 Downvote
Sorry misread your 2nd post, took it to mean that that you had the same 172.29.x.x/24 subnet in both sites.

Do you have routing in place between all the subnets in the main site?

-------------------------------

If it doesn't leak oil it must be empty!!
 
Upvote 0 Downvote
Actually, you read it right. Both sites have subnets in the 172.29.x.x/24 range with only 1 in the small site.

No, there isn't routing between all the subnets in the main site. We have a hub and spoke network topology. All the 17.29.x.x subnets cannot talk to each other. All the DCs are in the "hub" subnet which is 192.168.x.x, there is no problem with connectivity of any machines in the "spoke" 172.29.x.x subnets to the DCs.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

techbrain1
  • Locked
  • Question
Trust relationship issue 1
Replies
3
Views
478
araheusaff
araheusaff
pomazip
  • Locked
  • Question
Windows Server 2019 mac address issue
Replies
2
Views
581
pomazip
pomazip
bechna
  • Locked
  • Question
Windows Server and VPN Setup
Replies
1
Views
165
DrB0b
DrB0b
telecotek1
  • Locked
  • Question
strange DNS issue
Replies
1
Views
249
telecotek1
telecotek1
kbryii
  • Locked
  • Question
AD and DHCP issue
Replies
1
Views
151
gbaughma
gbaughma

Part and Inventory Search

Sponsor

Back
Top