agreed - one of the most confusing things with multi-tree single forests (which is one of the reasons I preferr multi-forests single domains instead...)
check DNS - ensure that DC1 of corporate.company1.com can resolve the corporate.company2.com DNZ zone and vice versa. Also check that your DCs have registered themselves and the corresponding Service records correctly in the respective DNS zones. Don't forget, that you'll have to check the _msdcs.corporate.company1.com zone for the domain and GC entries from the corporate.company2.com DC (which I hope for you is a GC). actually, from your description, the DC of corporate.company2.com doesn't seem to be a GC - but it should be (at least when you're running the domains in native mode). Otherwise the DC from site2 will always contact the DC in site1 during authentication requests as it needs a GC by default (first DC of forest is always a GC). And once they are a GC, they also want to contact the other domains's DC to get the partial replica of the respective domain naming context - so not just the config container... Again, this would not be required, if you had a multi-forest single-domain environment... /Guido -----Original Message----- From: Joe [mailto:[EMAIL PROTECTED] Sent: Sonntag, 4. Januar 2004 16:12 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] KCC complain for sites with 2 different domains Nope the error message indicates that the configuration container is the one having the issue. Even though the machines aren't in the same domain, they still need to replicate with each other for schema and configuration partitions. I would doublecheck that replication is working on all domain controllers via repadmin /showreps. If not, you need to troubleshoot it. Here is your error message again All servers in site CN=Parkway,CN=Sites,CN=Configuration,DC=corporate,DC=company1,DC=com that can replicate partition CN=Configuration,DC=corporate,DC=company1,DC=com over transport CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=corporate,DC=company1,DC=com are currently unavailable. Note that it specifies the partition specifically. The configuration container has the root forest name as its dc portion but it still needs to go to company2 dc's. This is one of the pieces of confusion that comes in with multi-tree single forest implementations as it doesn't seem logical based on naming. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aaron Seet Sent: Sunday, January 04, 2004 12:49 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] KCC complain for sites with 2 different domains The second DC belongs to company2 (in the other tree). The event logs posted are from the DC of company1. company2 DC doesn't have these complaints. They are connected via persistent router-router VPN - demand-dial interface in RRAS. My question is, the cause is the fact there is no DC for company1 in Site2, right? ----- Original Message ----- From: "Mulnick, Al" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, January 02, 2004 10:27 PM Subject: RE: [ActiveDir] KCC complain for sites with 2 different domains I'm confused by the question. There is a second DC. The entry says that site2 cannot replicate to site1. Is that ok for your environment (I wouldn't think so)? If they're part of the same forest, they need to share the configuration partition. If they can't, then the KCC is going to complain and other issues may or may not arise in your environment. Better to fix it. Is your VPN always on? Does this answer the question? List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
