|
server
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Sites and Services problem with 2003 Serveryou an overview of the network layout. empty forest root: SRV1 + SRV2 (both DC & GC) rootdomain Domain1: dc1 + dc2 + dc3 (all DC & GC) Both rootdomain and domain1 reside in lets say Florida and in the same building. Domain2: dc4 + dc5 (both DC & GC) this domain is in California Domain3: dc6 + dc7 (both DC & GC) this domain is in Washington DC Rootdomain is the first domain to go up which is acting as the empty root and hold the Schema. The other domains underneath it are additional domain trees in an existing forest. I have the forward and reverse lookup zones in DNS replicating forest wide. If you need more information let me know. So basically right now in Sites and Services I setup subnets so when the domain controllers were brought from all the sites they would go into Default-First-Site-Name folder. Now that all the sites and domain controllers are online and everything is synced up I wanted to create different "sites" in sites and services so the domain controllers from Florida, California, and Washington, would all be organized and if a new DC was brought up it would from any site it would go into the proper site folder. Seems simple enough right? I made sure the subnets were setup correctly and pointing to the proper site folder. All the <automatically generated> connections were in place. I right clicked each DC in sites and services and moved them to the proper folder. I went to each domain controller in each site and ran repadmin /syncall. It came back with no errors. Everything seemed to be working correctly. The other night I started noticing some latency on replication so I logged into one of the sites right clicked one of the <automatically generated> connections and tried to replicate it out of curiosity and it bombed out. i tried to create a manual connection from domain1 to domain 3 and it came back with errors saying it failed when it tried to replicate. I looked in DNS and the soa on one site was completely off from another site. I manually added a test A record to see how long it would replicate to the other zones and it never happened. Quickly thinking I recreated the Default site container and moved all the DC's back to the original folder. Waited for things to sync up, tested the manual connections, everything worked and went back to normal. Am I missing something here? I really want to organize the layout od DC's and have this working correctly. The company is growing and were opening up satellite office all over the place lately and I really would like to have this a little more organized and functioning more efficiently than it is now. Sorry for the long post. Any thoughts? RICHARD MCSE Network Administrator What you describe is rather bizarre. It doesn't sound plausible.
However... Move the server objects back into their correct sites. Ensure that the subnets and sites are correct. Then create new site link objects for each site, e.g. FL-CA, FL-WA and populate accordingly. Remove the sites from any other site link so that they are only members of their own link. Delete all connection objects. Go make a cup of coffee and then drink it. Fire up REPLMON and check that everything is replicating. Force replication and check again. Then check the event logs. -- Paul Williams Microsoft MVP - Windows Server - Directory Services http://www.msresource.net | http://forums.msresource.net Brilliant! I can imagine how this post must have sounded. it just didnt
make much sense as to why it wouldnt work the way it was setup!! the only thing i never tried was deleting the automatic connection and wait (with my coffee which by the way i did drink it) then force replication. maybe it just needed the new records inplace. who knows. overall it worked. thank you for you thoughts. RICH actually i may have spoke to soon. it seems to be doing it again. i get
this responce when i right click one of the auto generated connections and choose replicate now. "one or more of these active directory connections are between domain controllers in different sites. active directory will attempt to replicate across these connections". the other thing i noticed is when i deleted the old DEFAULTIPSITELINK from ADSS it shows it deleted from the root and domain1 but from the other domains it is still showing. i did what you said. i created the other site link objects, 3 of them actually and added the other sites in them. In news:1141944999.009368.134190@p10g2000cwp.googlegroups.com, Surfin' RC <RichChri***@yahoo.com> stated, which I commented on below:> actually i may have spoke to soon. it seems to be doing it again. i That's normal and replication will wait until the next scheduled time it is > get this responce when i right click one of the auto generated > connections and choose replicate now. "one or more of these active > directory connections are between domain controllers in different > sites. active directory will attempt to replicate across these > connections". allowed to replicate. Default is 3 hours. > the other thing i noticed is when i deleted the old If I were you at this point, I would move ALL DCs into one Site, and change > DEFAULTIPSITELINK from ADSS it shows it deleted from the root and > domain1 but from the other domains it is still showing. i did what > you said. i created the other site link objects, 3 of them actually > and added the other sites in them. the subnet objects so they are all (every subnet in your org) part of that site. Then test replication between DCs. This will eiliminate the wait time because of the schedule on the links, and to see if they are actually communicating without Sites being a factor. This is of course ALL assuming that your machines are only pointing to the internal DNS servers in your org and NOT to any ISP (because the ISP doesn't have info about your internal domain), that your domain name is not a single label name, all DCs are registered into DNS for their A records, their LdapIpAddress records, _msdcs.gc records (for the GCs), and that resolution is working, that the DHCP Client service is running on all DCs (an important service for resolution and registration whether a static IP or auto IP), there are no firewall rules blocking any traffic between locations, and the MTUs on your VPNs between locations have not been altered below 1500 (which WILL cause havoc with LDAP communications). If you can post an unedited ipconfig /all of two example DCs, that will help with a good start to diagnose this. Another question, when did this all start happening? Can you coorelate anything to this when it started occuring? -- Ace This posting is provided "AS-IS" with no warranties or guarantees and confers no rights. Having difficulty reading or finding responses to your post? Instead of the website you're using, I suggest to use OEx (Outlook Express or any other newsreader), and configure a news account, pointing to news.microsoft.com. This is a direct link to the Microsoft Public Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you to easily find, track threads, cross-post, sort by date, poster's name, watched threads or subject. It's easy: How to Configure OEx for Internet News http://support.microsoft.com/?id=171164 Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP Microsoft MVP - Directory Services Microsoft Certified Trainer Infinite Diversities in Infinite Combinations Assimilation Imminent. Resistance is Futile "Very funny Scotty. Now, beam down my clothes." The only thing in life is change. Anything more is a blackhole consuming unnecessary energy. - [Me] Ace
Before I made the new site folders and configured subnets everyting was working fine when all DC's were in one folder. Replication between all sites was happening. I could make manual replication connections and replicate immediately. Even DNS was replicating extremly fast. If I made a change in domain1 zone, the SOA incremented, within 5-10 seconds the records and SOA showed in the other zones. Now testing I recreated the default site folder and moved all the DC's back into it, within 30 minutes everything went back to normal. I decided to move them back to the newly created sites and let it go overnight until this morning. When I came in the site link that I deleted in the root domain finally was gone is the sites below. I still get the same error however when I right click the connections and try to manually replicate it now. It comes back with the: "one or more of these active directory connections are between domain controllers in different sites. active directory will attempt to replicate across these connections". to answer all your questions: every DC is pointing to one of the LAN dns servers in its site. All DC's are registered with A records, LdapIpAddress records, _msdcs.gc records. NSLOOKUP can resolve IP and NAME internally and externally. Dhcp client is running on all dc's. I have to check with the router guys, their in charge of the firewalls and routers. Funny this is this. I can manual replicate now a connection if its in the same site, as soon as I trey to do that in another site it bombs out. Here are the IPCONFIG logs the first one is from the domain controller in the forest root in my building and the second one if one of the main DC's in WashingDC Windows IP Configuration Host Name . . . . . . . . . . . . : rootsrv1 Primary Dns Suffix . . . . . . . : klroot.corp Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : klroot.corp kl.corp kldc.corp KLNC.CORP Ethernet adapter Bridge: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : HP Network Team #1 Physical Address. . . . . . . . . : 00-0F-20-F6-C8-4D DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 172.16.2.200 Subnet Mask . . . . . . . . . . . : 255.255.0.0 Default Gateway . . . . . . . . . : 172.16.1.5 DNS Servers . . . . . . . . . . . : 172.16.2.200 Windows IP Configuration Host Name . . . . . . . . . . . . : DCSRV01 Primary Dns Suffix . . . . . . . : kldc.corp Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : kldc.corp kl.corp klnc.corp klroot.corp Ethernet adapter LAN1: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : HP NC7782 Gigabit Server Adapter Physical Address. . . . . . . . . : 00-0F-20-F9-BF-62 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 172.17.2.205 Subnet Mask . . . . . . . . . . . : 255.255.0.0 Default Gateway . . . . . . . . . : 172.17.1.4 DNS Servers . . . . . . . . . . . : 172.17.2.205 Primary WINS Server . . . . . . . : 172.17.2.205 Secondary WINS Server . . . . . . : 172.17.2.210 all of this started happening last week when i created the sites folders and moved the DCs to their new homes and configured the Subnets. right now dns and replication seem to be working but its not nearly as fast as it was before (replication). the SOA in the forest zones are about 12 counts higher then the site zones below. and like i said i can manualy replicate a automatic connection in sites and services if its in the same site but as soon as i try to manually replicate one from domain1 to domain2 i get that error. In news:1142002658.244000.78560@v46g2000cwv.googlegroups.com, Surfin' RC <RichChri***@yahoo.com> stated, which I commented on below:Show quoteHide quote > Ace The message:> Before I made the new site folders and configured subnets everyting > was working fine when all DC's were in one folder. Replication between > all sites was happening. I could make manual replication connections > and replicate immediately. Even DNS was replicating extremly fast. If > I made a change in domain1 zone, the SOA incremented, within 5-10 > seconds the records and SOA showed in the other zones. Now testing I > recreated the default site folder and moved all the DC's back into > it, within 30 minutes everything went back to normal. I decided to > move them back to the newly created sites and let it go overnight > until this morning. When I came in the site link that I deleted in > the root domain finally was gone is the sites below. I still get the > same error however when I right click the connections and try to > manually replicate it now. It comes back with the: > "one or more of these active directory connections are between domain > controllers in different sites. active directory will attempt to > replicate across these connections". > to answer all your questions: every DC is pointing to one of the LAN > dns servers in its site. All DC's are registered with A records, > LdapIpAddress records, _msdcs.gc records. NSLOOKUP can resolve IP and > NAME internally and externally. Dhcp client is running on all dc's. > I have to check with the router guys, their in charge of the firewalls > and routers. Funny this is this. I can manual replicate now a > connection if its in the same site, as soon as I trey to do that in > another site it bombs out. > Here are the IPCONFIG logs > > the first one is from the domain controller in the forest root in my > building and the second one if one of the main DC's in WashingDC > > Windows IP Configuration > > Host Name . . . . . . . . . . . . : rootsrv1 > Primary Dns Suffix . . . . . . . : klroot.corp > Node Type . . . . . . . . . . . . : Unknown > IP Routing Enabled. . . . . . . . : No > WINS Proxy Enabled. . . . . . . . : No > DNS Suffix Search List. . . . . . : klroot.corp > kl.corp > kldc.corp > KLNC.CORP > > Ethernet adapter Bridge: > > Connection-specific DNS Suffix . : > Description . . . . . . . . . . . : HP Network Team #1 > Physical Address. . . . . . . . . : 00-0F-20-F6-C8-4D > DHCP Enabled. . . . . . . . . . . : No > IP Address. . . . . . . . . . . . : 172.16.2.200 > Subnet Mask . . . . . . . . . . . : 255.255.0.0 > Default Gateway . . . . . . . . . : 172.16.1.5 > DNS Servers . . . . . . . . . . . : 172.16.2.200 > > Windows IP Configuration > > > > Host Name . . . . . . . . . . . . : DCSRV01 > > Primary Dns Suffix . . . . . . . : kldc.corp > > Node Type . . . . . . . . . . . . : Hybrid > > IP Routing Enabled. . . . . . . . : No > > WINS Proxy Enabled. . . . . . . . : No > > DNS Suffix Search List. . . . . . : kldc.corp > > kl.corp > > klnc.corp > > klroot.corp > > > > Ethernet adapter LAN1: > > > > Connection-specific DNS Suffix . : > > Description . . . . . . . . . . . : HP NC7782 Gigabit Server Adapter > > Physical Address. . . . . . . . . : 00-0F-20-F9-BF-62 > > DHCP Enabled. . . . . . . . . . . : No > > IP Address. . . . . . . . . . . . : 172.17.2.205 > > Subnet Mask . . . . . . . . . . . : 255.255.0.0 > > Default Gateway . . . . . . . . . : 172.17.1.4 > > DNS Servers . . . . . . . . . . . : 172.17.2.205 > > Primary WINS Server . . . . . . . : 172.17.2.205 > > Secondary WINS Server . . . . . . : 172.17.2.210 > > all of this started happening last week when i created the sites > folders and moved the DCs to their new homes and configured the > Subnets. right now dns and replication seem to be working but its not > nearly as fast as it was before (replication). the SOA in the forest > zones are about 12 counts higher then the site zones below. and like i > said i can manualy replicate a automatic connection in sites and > services if its in the same site but as soon as i try to manually > replicate one from domain1 to domain2 i get that error. "one or more of these active directory connections are between domain controllers in different sites. active directory will attempt to replicate across these connections". Is normal as I mentioned, because the DCs replication between different sites is governed by the schedule on the link. It's 3 hours by default and hence waht it's telling you that it pretty much needs to wait until it's allowed to replicate. THanks for posting the ipconfigs. They look pretty clean, however, why all the different suffixes? Does your forest have multiple trees in the forest? That's what it appears to be. No matter, as long as all the domain trees in the forest can resolve each other, that;'s all that counts. Keep in mind what Sitse do for you: 1. Controls replication traffic Scheduleable Compresses data between bridgheads 2. Controls logon traffic for client logon and authentication Clients will use DC/GCs in a site that matches their own subnets Ace Ace is there any way to make it shorter than 3 hours? i guess the important
question is would it make a difference? i just want to make sure everything is running the best it can be. actually the reason i have the domain suffixes is because of the multiple trees. someone at microsoft told me this would actually make things run more efficiently. ??? In news:1142132910.705310.19850@j33g2000cwa.googlegroups.com, Surfin' RC <RichChri***@yahoo.com> stated, which I commented on below:> is there any way to make it shorter than 3 hours? i guess the Go into the link's properties. You can chop it down from the default 3 hours > important question is would it make a difference? i just want to make > sure everything is running the best it can be. > > actually the reason i have the domain suffixes is because of the > multiple trees. someone at microsoft told me this would actually make > things run more efficiently. ??? (180 min) to 15 min, minimum. No lower than that. As for the suffixes, yes, it will aid the query process. Ace Great. ill let it run like this for a while and keep an eye on it just
to see how it runs. if need be ill lower the time of replication on the links down. thank you for all your help. Rich In news:1142194946.561862.80090@j52g2000cwj.googlegroups.com, Surfin' RC <RichChri***@yahoo.com> stated, which I commented on below:> Great. ill let it run like this for a while and keep an eye on it just My pleasure. I hope it helps.> to see how it runs. if need be ill lower the time of replication on > the links down. thank you for all your help. > > Rich Ace |
|||||||||||||||||||||||
Other interesting topics