Chuck, I'm running NAV 7.6 Corp on both DC's which are acting as Parent Servers for all clients to get their updates from. Realtime scanning is enabled but not on the DB's and log files...I've checked that.
Back in october of 2002 I was receiving these event logs in DS: The Directory Service consistency checker has determined that either (a) there is not enough physical connectivity published via the Active Directory Sites and Services Manager to create a spanning tree connecting all the sites containing the Partition CN=Configuration,DC=penncolor,DC=com, or (b) replication cannot be performed with one or more critical servers in order for changes to propagate across all sites (most often due to the servers being unreachable). For (a), please use the Active Directory Sites and Services Manager to do one of the following: 1. Publish sufficient site connectivity information such that the system can infer a route by which this Partition can reach this site. This option is preferred. 2. Add an ntdsConnection object to a Domain Controller that contains the Partition CN=Configuration,DC=penncolor,DC=com in this site from a Domain Controller that contains the same Partition in another site. For (b), please see previous events logged by the NTDS KCC source that identify the servers that could not be contacted. and All servers in site CN=Doylestown,CN=Sites,CN=Configuration,DC=penncolor,DC=com that can replicate partition CN=Configuration,DC=penncolor,DC=com over transport CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=penncolor,DC=com are currently unavailable. SInce then I haven't seen another one. side note...I'm having a problem with this list getting my messages quick enough...before writing this message I sent 4 others that still haven't arrived... -----Original Message----- From: Chuck Robinson [mailto:[EMAIL PROTECTED] Sent: Saturday, March 01, 2003 3:01 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD Design Guidance A few more items to check.. Is Antivirus running on the DC's? If so, are you excluding your DB and Log files from Realtime scanning? Run Perfmon to identify potential bottlenecks. Check for Database corruption. Chuck -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick Sent: Friday, February 28, 2003 2:24 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] AD Design Guidance A couple of questions to fill out the picture: How many clients at each site? What kinds of clients (ME/98, NT4, W2K, XP, etc) Do you have any idea of how much _available_ bandwidth there is on the link? Where is the PDC emulator? I'm guessing it is in office A where the first DC lives. -gil -----Original Message----- From: Friese, Casey [mailto:[EMAIL PROTECTED] Sent: Friday, February 28, 2003 12:00 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] AD Design Guidance I have uncovered what I believe is a problem with our Active Directory design. I'm looking for assurance that it is indeed a problem judging from the symptoms that I am seeing and I'm also looking for recommendations on how to correct it. I've walked into the company just weeks after a consultant started implementing the AD design. Now, 8 months later and 10 servers later I believe that the design is flawed. Here are my symptoms: Any administration activity done on the servers such as setting permissions/re-writing permissions, opening property sheets within Exchange System Manager, Viewing properties sheets of OU objects/group policies, etc. All of these tasks take a long period of time to complete or display. >From the client end we see hanging connections - one moment a share is >available, the next permission is denied or the connection can't be >made. Opening files from the network sluggish and at times dhcp >settings are lost. We have 2 offices: Our HQ is in office A Our Datacenter is in office B Office A has 1 Windows 2000 Server and was the first server built in the Forest. This server is doing File/Print, DHCP, WINS, DNS for it's location among doing it's specialized tasks for the domain. Office B has 9 Windows 2000 Servers - among those 9 is a DC, 1 is an E2K server and 1 is an ISA server. The DC provides file/print, DHCP, WINS, DNS for it's location. The E2K server is the mail server for both locations and the ISA server is the Firewall for both locations. Office A is connected to Office B via 256kbps Split T1 used for both voice and data. Office B is connected to the internet via full T1 which is responsible for handling all internet requests. Both sites, office A and B, belong to the same parent domain - company.com with each client's dns set as clientname.company.com First questions: Are there any flaws with the above design? The most noticeable thing to me is that Office A and B communicate of a 256kbps shared line. I'm not an expert with AD, in fact, It's new to me but from what I understand anything done in Office B has to go to the Head Server in Office A. These is where I believe my problems lie. What I would like to do is break these two sites apart and have officeA.company.com and officeB.company.com - I think this is the correct approach but I'm not sure. My main concern is our Exchange 2000 Server and out ISA server because they're both linked heavily into the AD so totally redoing the design is a bit tough. Alternatively, I have started entertaining the idea of moving the server in Office A to the Office B location making Office B the root domain and any new sites child domains. I apologize for the length and if I've confused anyone - I'm confused myself. I just want to know if I'm blaming the symptoms on the right thing and how I should proceed. Thanks, Casey List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
