Prev: active directory problems"naming information cannot be located because the logon attempt failed "
Next: Domain membership test: Failed
From: Phil Loper on 7 May 2008 11:47 Ace Fekay [MVP] wrote: > In news:OxGiO4ipIHA.3408(a)TK2MSFTNGP03.phx.gbl, > Phil Loper <phil(a)nospam-gracelivingcenters.com> typed: >> Hi Meinolf, >> >> Yes, we did have an old DC crash, which we replaced with dc1 and we >> also replaced our backup dc with dc2. Both were done a while back, >> but I do think the problems started about that time. Both dc1 and >> dc2 are gc's. >> DC2 is not a DNS server. We do have another DNS server, so I went >> ahead and changed both of them to use DC1 as the preferred and the >> other dns server as the secondary, as you suggested. Since they were >> both set to use the third server as preferred, could that have caused >> some of the problems? Should I also set all the client pc's the same >> way? >> I will work on getting the rras moved to another box. >> >> Thanks > > What is the other (third) DNS server? Is it a DC as well? How many DCs total > exist? > > If it is not a DC, how is it getting a copy of the AD zone? Is it a > Secondary zone? > > There are 2 DCs and 2 DNS servers. DC1 is a DC and a DNS server, DC2 is DC only, and the third server I was referring to is DNS only and is set up as secondary. Should it be set up differently? My problems still exist after making the previous changes and rebooting. Thanks!
From: Ace Fekay [MVP] on 7 May 2008 19:19 In news:OpW4fmFsIHA.672(a)TK2MSFTNGP02.phx.gbl, Phil Loper <phil(a)nospam-gracelivingcenters.com> typed: > There are 2 DCs and 2 DNS servers. DC1 is a DC and a DNS server, DC2 > is DC only, and the third server I was referring to is DNS only and > is set up as secondary. Should it be set up differently? My > problems still exist after making the previous changes and rebooting. > Thanks! If you have two DCs, I would suggest to make the other a DNS server and eliminate the Secondary on the member server. Numerous benefits. I would make the partner as the first entry, and itself as the second entry. Same with the client machines. Make sure updates are allowed on the zone. I would also suggest to remove that PPP connection off the DC. That can cause numerous issues, and as Meinold stated, it is highly recommended to NOT multihome a DC. This may be the root of all your problems. Multihoming a DC cause numerous problems, ESPECIALLY if it is a PPP connection. What is that connection for? ADSL? VPN from RRAS? If for a PPPoE connection for ADSL, I would suggest eliminating it completely and using a $40 USD LInksys router, if budget is a concern. If budget is no concern, I suggest to get a Pix. If for VPN, I suggest to put RRAS on the member server. If you want to keep the PPP connection on the server (RRAS or not), I have a multi-step method to properly configure it that includes a few registry changes. But I don't think you want to go through all of that and would want to make your life a little easier by single-homing the machine. Ace
From: Phil Loper on 13 May 2008 14:24 I am not sure what I am doing wrong, but when I tried to set up a new ras server and had everyone switch the ip in their vpn connection, it is not working properly. They can connect, but then they can not access anything on the network. I tried having them both up at the same time, but as soon as someone connected to the new one, I can not ping anyone connected to the old one. So I had to switch them back to the old one. Maybe your workaround would be my best option. Ace Fekay [MVP] wrote: > In news:OpW4fmFsIHA.672(a)TK2MSFTNGP02.phx.gbl, > Phil Loper <phil(a)nospam-gracelivingcenters.com> typed: >> There are 2 DCs and 2 DNS servers. DC1 is a DC and a DNS server, DC2 >> is DC only, and the third server I was referring to is DNS only and >> is set up as secondary. Should it be set up differently? My >> problems still exist after making the previous changes and rebooting. >> Thanks! > > If you have two DCs, I would suggest to make the other a DNS server and > eliminate the Secondary on the member server. Numerous benefits. I would > make the partner as the first entry, and itself as the second entry. Same > with the client machines. Make sure updates are allowed on the zone. > > I would also suggest to remove that PPP connection off the DC. That can > cause numerous issues, and as Meinold stated, it is highly recommended to > NOT multihome a DC. This may be the root of all your problems. Multihoming a > DC cause numerous problems, ESPECIALLY if it is a PPP connection. What is > that connection for? ADSL? VPN from RRAS? If for a PPPoE connection for > ADSL, I would suggest eliminating it completely and using a $40 USD LInksys > router, if budget is a concern. If budget is no concern, I suggest to get a > Pix. If for VPN, I suggest to put RRAS on the member server. > > If you want to keep the PPP connection on the server (RRAS or not), I have a > multi-step method to properly configure it that includes a few registry > changes. But I don't think you want to go through all of that and would want > to make your life a little easier by single-homing the machine. > > Ace > > > > > >
From: Ace Fekay [MVP] on 14 May 2008 07:28 In news:eXQdHaStIHA.3792(a)TK2MSFTNGP02.phx.gbl, Phil Loper <phil(a)nospam-gracelivingcenters.com> typed: > I am not sure what I am doing wrong, but when I tried to set up a new > ras server and had everyone switch the ip in their vpn connection, it > is not working properly. They can connect, but then they can not > access anything on the network. I tried having them both up at the > same time, but as soon as someone connected to the new one, I can not > ping anyone connected to the old one. So I had to switch them back > to the old one. Maybe your workaround would be my best option. Setup a new server? Did you install PPPoE on it too or is it internal? I internal, possibly you didn't allow the ports on the DC? Compare your two RRAS properties from both machines. My workaround to force a DC to work may not necessarily work for what you are doing.It is designed to force a multihomed server to work by altering registery and other settings that are not default. If budge is the issue, a better suggestion is to purchase an inexpensive Linksys router and let it be the connection to the internet, and remove the PPPoE software or disable that connection on the DC. Move the VPN to a member server. Allow the VPN ports by port remapping the ports through the Linksys to the internal VPN server (GRE 1723 and Prot Id 47). Ace
From: Phil Loper on 14 May 2008 13:52
Ace Fekay [MVP] wrote: > In news:eXQdHaStIHA.3792(a)TK2MSFTNGP02.phx.gbl, > Phil Loper <phil(a)nospam-gracelivingcenters.com> typed: >> I am not sure what I am doing wrong, but when I tried to set up a new >> ras server and had everyone switch the ip in their vpn connection, it >> is not working properly. They can connect, but then they can not >> access anything on the network. I tried having them both up at the >> same time, but as soon as someone connected to the new one, I can not >> ping anyone connected to the old one. So I had to switch them back >> to the old one. Maybe your workaround would be my best option. > > Setup a new server? Did you install PPPoE on it too or is it internal? I > internal, possibly you didn't allow the ports on the DC? > > Compare your two RRAS properties from both machines. > > My workaround to force a DC to work may not necessarily work for what you > are doing.It is designed to force a multihomed server to work by altering > registery and other settings that are not default. > > If budge is the issue, a better suggestion is to purchase an inexpensive > Linksys router and let it be the connection to the internet, and remove the > PPPoE software or disable that connection on the DC. Move the VPN to a > member server. Allow the VPN ports by port remapping the ports through the > Linksys to the internal VPN server (GRE 1723 and Prot Id 47). > > Ace > > It is just for vpn, and I just installed rras on a member server, setup just like the existing one. Do you know where I might find a step by step guide for setting up a RRAS/VPN server on Windows 2000 Server so that I can make sure I'm not missing something? It has been a long time since I set the first one up. Thanks! |