I’m working on this problem for the last 2 months, and so far I couldn’t found a good solution for it.
Our infrastructure is composed of two sites: Our Office and a Datacenter service we hired. These two sites talk to each other through an IPSEC VPN. On our site we use subnet and IP addresses we defined, but in the Datacenter the IPs and subnets are provided by the vendor.
Here is where the problem lies: Our server can see everything just fine on the DC side, but the server on the DC cannot see the server on office side. The way they work is that you need to make one NAT translation for each server, and use this IP provided on the NAT to access. Using the IP to access is working fine, but the problem is when we try to access using the hostname.
For most services, where you need to manually configure the server you are accessing, things are working fine, but the problem lies when the Domain Controllers try to replicate data: They always try to access using the hostname, and even if I change the IP manually on the DNS, it will not work, since the Active Directory itself will correct the addresses on its health check.
So far we tried change the DNS and add the addresses on the hosts file. Anyone have any other idea we can try out. Below is the schematic of the problem:
Office Domain Controllers:
10.212.4.1 VNY1PDCT01
10.212.4.2 VNY1PDCT02
Datacenter Domain Controllers:
10.32.226.2 VDT2PDCT01
10.32.226.3 VDT2PDCT02
The NAT translations:
10.212.4.1 -> 10.1.250.140
10.212.4.2 -> 10.1.250.141
10.212.4.1 can ping 10.32.226.2
10.212.4.1 can resolve the name VDT2PDCT01
10.32.226.2 cannot ping 10.212.4.1
10.32.226.2 can ping 10.1.250.140
10.32.226.2 cannot resolve the name VNY1PDCT01
On the Active Directory, all modification made on Datacenter can be read at the Office, but if the modification is made in the Office, the Datacenter will not read the information.
Anyone ever had a problem as this?
Running a dcdiag give me the following error:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = VDT2PDCT01
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: DT2\VDT2PDCT01
Starting test: Connectivity......................... VDT2PDCT01 passed test Connectivity
Doing primary tests
Testing server: DT2\VDT2PDCT01
Starting test: Advertising......................... VDT2PDCT01 passed test Advertising
Starting test: FrsEvent......................... VDT2PDCT01 passed test FrsEvent
Starting test: DFSREvent......................... VDT2PDCT01 passed test DFSREvent
Starting test: SysVolCheck......................... VDT2PDCT01 passed test SysVolCheck
Starting test: KccEvent......................... VDT2PDCT01 passed test KccEvent
Starting test: KnowsOfRoleHolders......................... VDT2PDCT01 passed test KnowsOfRoleHolders
Starting test: MachineAccount......................... VDT2PDCT01 passed test MachineAccount
Starting test: NCSecDesc......................... VDT2PDCT01 passed test NCSecDesc
Starting test: NetLogons......................... VDT2PDCT01 passed test NetLogons
Starting test: ObjectsReplicated......................... VDT2PDCT01 passed test ObjectsReplicated
Starting test: Replications
[Replications Check,VDT2PDCT01] A recent replication attempt failed:
From VNY1PDCT01 to VDT2PDCT01
Naming Context: DC=ForestDnsZones,DC=VINCI-US,DC=NET
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2011-11-10 08:58:07.
The last success occurred at 2011-10-18 19:54:27.
542 failures have occurred since the last success.
[Replications Check,VDT2PDCT01] A recent replication attempt failed:
From VNY1PDCT01 to VDT2PDCT01
Naming Context: DC=DomainDnsZones,DC=VINCI-US,DC=NET
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2011-11-10 08:58:07.
The last success occurred at 2011-10-18 19:54:27.
542 failures have occurred since the last success.
[Replications Check,VDT2PDCT01] A recent replication attempt failed:
From VNY1PDCT01 to VDT2PDCT01
Naming Context: CN=Schema,CN=Configuration,DC=VINCI-US,DC=NET
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2011-11-10 08:58:50.
The last success occurred at 2011-10-18 19:54:26.
542 failures have occurred since the last success.
We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.
Hi Folks,
I’m working on this problem for the last 2 months, and so far I couldn’t found a good solution for it.
Our infrastructure is composed of two sites: Our Office and a Datacenter service we hired. These two sites talk to each other through an IPSEC VPN. On our site we use subnet and IP addresses we defined, but in the Datacenter the IPs and subnets are provided by the vendor.
Here is where the problem lies: Our server can see everything just fine on the DC side, but the server on the DC cannot see the server on office side. The way they work is that you need to make one NAT translation for each server, and use this IP provided on the NAT to access. Using the IP to access is working fine, but the problem is when we try to access using the hostname.
For most services, where you need to manually configure the server you are accessing, things are working fine, but the problem lies when the Domain Controllers try to replicate data: They always try to access using the hostname, and even if I change the IP manually on the DNS, it will not work, since the Active Directory itself will correct the addresses on its health check.
So far we tried change the DNS and add the addresses on the hosts file. Anyone have any other idea we can try out. Below is the schematic of the problem:
Office Domain Controllers:
10.212.4.1 VNY1PDCT01
10.212.4.2 VNY1PDCT02
Datacenter Domain Controllers:
10.32.226.2 VDT2PDCT01
10.32.226.3 VDT2PDCT02
The NAT translations:
10.212.4.1 -> 10.1.250.140
10.212.4.2 -> 10.1.250.141
10.212.4.1 can ping 10.32.226.2
10.212.4.1 can resolve the name VDT2PDCT01
10.32.226.2 cannot ping 10.212.4.1
10.32.226.2 can ping 10.1.250.140
10.32.226.2 cannot resolve the name VNY1PDCT01
On the Active Directory, all modification made on Datacenter can be read at the Office, but if the modification is made in the Office, the Datacenter will not read the information.
Anyone ever had a problem as this?
Running a dcdiag give me the following error:
Directory Server Diagnosis Performing initial setup: Trying to find home server... Home Server = VDT2PDCT01 * Identified AD Forest. Done gathering initial info. Doing initial required tests Testing server: DT2\VDT2PDCT01 Starting test: Connectivity......................... VDT2PDCT01 passed test Connectivity Doing primary tests Testing server: DT2\VDT2PDCT01 Starting test: Advertising......................... VDT2PDCT01 passed test Advertising Starting test: FrsEvent......................... VDT2PDCT01 passed test FrsEvent Starting test: DFSREvent......................... VDT2PDCT01 passed test DFSREvent Starting test: SysVolCheck......................... VDT2PDCT01 passed test SysVolCheck Starting test: KccEvent......................... VDT2PDCT01 passed test KccEvent Starting test: KnowsOfRoleHolders......................... VDT2PDCT01 passed test KnowsOfRoleHolders Starting test: MachineAccount......................... VDT2PDCT01 passed test MachineAccount Starting test: NCSecDesc......................... VDT2PDCT01 passed test NCSecDesc Starting test: NetLogons......................... VDT2PDCT01 passed test NetLogons Starting test: ObjectsReplicated......................... VDT2PDCT01 passed test ObjectsReplicated Starting test: Replications [Replications Check,VDT2PDCT01] A recent replication attempt failed: From VNY1PDCT01 to VDT2PDCT01 Naming Context: DC=ForestDnsZones,DC=VINCI-US,DC=NET The replication generated an error (1256): The remote system is not available. For information about network troubleshooting, see Windows Help. The failure occurred at 2011-11-10 08:58:07. The last success occurred at 2011-10-18 19:54:27. 542 failures have occurred since the last success. [Replications Check,VDT2PDCT01] A recent replication attempt failed: From VNY1PDCT01 to VDT2PDCT01 Naming Context: DC=DomainDnsZones,DC=VINCI-US,DC=NET The replication generated an error (1256): The remote system is not available. For information about network troubleshooting, see Windows Help. The failure occurred at 2011-11-10 08:58:07. The last success occurred at 2011-10-18 19:54:27. 542 failures have occurred since the last success. [Replications Check,VDT2PDCT01] A recent replication attempt failed: From VNY1PDCT01 to VDT2PDCT01 Naming Context: CN=Schema,CN=Configuration,DC=VINCI-US,DC=NET The replication generated an error (1722): The RPC server is unavailable. The failure occurred at 2011-11-10 08:58:50. The last success occurred at 2011-10-18 19:54:26. 542 failures have occurred since the last success.Share this post
Link to post
Share on other sites