Jennifer, I haven't paid close attention to the thread or the issues that you've been having - other than you had a problem getting it promoted.
I suspect that the cause is likely related. First, Network Browse uses a completely different set of communication methods and the fact that you can or cannot see anything via browsing is really immaterial at this point. I'd suggest pings to the DCs on the other end of the connection and directed telnet over 389, 3268, 88, etc. to get a feel for the real communication abilities. Look this over as well. For 1311 Errors, this is a perfect starting point to resolve or narrow down the problems. http://support.microsoft.com/default.aspx?scid=kb;en-us;307593 Can you give us some detail (again... I know) on the remote and local connection methods - are there firewalls, ACLs on routers - anything that might be interfering with the wide variety of ports / protocols that AD Replication / AD Communication uses? Rick -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jennifer Fountain Sent: Sunday, August 07, 2005 8:30 AM To: [email protected] Subject: RE: [ActiveDir] Problem at remote site I finally got the dcpromo to work but now I am having replication issues. Here is what I see in my logs: Event Type: Warning Event Source: Winlogon Event Category: None Event ID: 1010 Date: 8/6/2005 Time: 9:57:28 PM User: N/A Computer: DC Description: Automatic enrollment against the certification authority Subordinate Enterprise CA - SRV for a certificate of type DomainController has failed. (0x8001011f) This operation returned because the timeout period expired. . Another certification authority will be tried. Event Type: Error Event Source: NTDS KCC Event Category: Knowledge Consistency Checker Event ID: 1311 Date: 8/6/2005 Time: 10:11:08 PM User: N/A Computer: DC Description: The Directory Service consistency checker has determined that either (a) there is not enough physical connectivity published via the Active Directory Sites and Services Manager to create a spanning tree connecting all the sites containing the Partition CN=Configuration,DC=rb,DC=net, or (b) replication cannot be performed with one or more critical servers in order for changes to propagate across all sites (most often due to the servers being unreachable). For (a), please use the Active Directory Sites and Services Manager to do one of the following: 1. Publish sufficient site connectivity information such that the system can infer a route by which this Partition can reach this site. This option is preferred. 2. Add an ntdsConnection object to a Domain Controller that contains the Partition CN=Configuration,DC=rb,DC=net in this site from a Domain Controller that contains the same Partition in another site. For (b), please see previous events logged by the NTDS KCC source that identify the servers that could not be contacted. Event Type: Warning Event Source: NTDS KCC Event Category: Knowledge Consistency Checker Event ID: 1566 Date: 8/6/2005 Time: 10:11:08 PM User: N/A Computer: DC Description: All servers in site CN=domain,CN=Sites,CN=Configuration,DC=domain,DC=net that can replicate partition CN=Configuration,DC=domain,DC=net over transport CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=domain,DC=net are currently unavailable. I checked and this computer cannot browse to any of domain controllers (network is not available). I can browse the domain controllers from clients so it looks like this server is an issue. And the clients can browse this server. Any thoughts? Thank you for your time! Jennifer -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Friday, August 05, 2005 6:57 PM To: [email protected] Subject: RE: [ActiveDir] Problem at remote site Hi Jennifer, I also had this happen to me at a remote site back in 2001 when I was implementing AD for Slamdunk Networks.. We found that the latency time was high... even though we had an IPSEC tunnel going through a full T1 at one site to a 10 MB pipe at Coporate. Try doing this on a weekend or late at night when the network is less utilized and see if that helps. What I ended up doing is building a DC at our HQ and shipping it to them. I am really glad that Microsoft came out with the new DCPromo / ADV switch for 2003. Jose :-) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jennifer Fountain Sent: Friday, August 05, 2005 3:33 PM To: [email protected] Subject: RE: [ActiveDir] Problem at remote site Doh - we are still running 2000. upgrading soon but not there yet. I don't understand why it keeps giving me a service hasn't started due to timeout error while it's creating the service account. I have done this before at our remote site in sweden so I am baffled. :( Thank you for your time! Jennifer -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Friday, August 05, 2005 5:56 PM To: Medeiros, Jose; [email protected] Subject: RE: [ActiveDir] Problem at remote site Oh.. one more thing, the DCPROMO /adv switch only works on a 2003 server. Jose :-) -----Original Message----- From: Medeiros, Jose Sent: Friday, August 05, 2005 2:10 PM To: '[email protected]' Subject: RE: [ActiveDir] Problem at remote site Hi.. Replace the Cisco 1760 with a Sonic Wall. ( Just Kidding ). How about doing a system state backup of your local DC,transfer the file to the remote server, then promote your DC using the switch that tells it to use the system state file? Just a thought. Jose :-0 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jennifer Fountain Sent: Friday, August 05, 2005 11:17 AM To: [email protected] Subject: [ActiveDir] Problem at remote site Hi all: I am connected a new remote site using a vpn concentrator and cisco 1760 router. Works fine, I can get to servers, etc. While I get the DCs configured, I am trying to get my users to authenicate using a DC at corp site (trying to do all of this remotely - setup the Dc, etc). I am faced with two issues - none of my clients to log into the domain from the remote and the DC that I am configuring there keeps timing out before it is done installing AD. I have a bucable modem (1m down 768 up) Does anyone have any pointers on what I need to do to make this happen? Thanks for any advise :( Kind Regards, Jennifer Fountain Systems Administrator/Security R&B Distribution 3400 E Walnut Street Colmar, PA 18915 ************************************************************************ ********* The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ************************************************************************ ********* The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ **************************************************************************** ***** The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
