You may want to consider disabling BASL Bridge All SIte Links option if you are having issues with branch sites trying to create connection objects to other branch sites. This will only allow servers to only create CO's to servers in other sites to which they are directly connected. Making all DC's GC's is also a good suggestion for your environment. I would not recommend disabling KCC though unless you plan on manually creating and deleting CO's for everytime you dcpromo up or down servers.
Kurt Falde ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Drew Burchett Sent: Tuesday, November 14, 2006 9:54 AM To: [email protected] Subject: RE: [ActiveDir] Help with topology I won't dispute with you that it's possible, but when I created my second site link and attempted to add the CO to it, it would not add. No error message, just no effect either. Of course now that I go back and try it again, it works perfectly. I thought it was rather odd that that wouldn't be possible. Oh, and for the person who suggested disabling the KCC, I'd be glad to, but that's the first time I've found an article telling how. Thanks for all the help, Drew Burchett United Systems & Software Ph: (270)527-3293 Fax: (270)527-3132 ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, November 14, 2006 8:02 AM To: [email protected] Subject: RE: [ActiveDir] Help with topology I too would suggest you set all DCs to be GCs. In an env with a distributed Exchange design, this is highly recommended (by me, anyway). Secondly, a site may participate in more than one site link. If this were not true, then hub and spoke designs would not be possible :/ e.g. "London-Paris" and "London-Frankfurt" site links both contain site 'London' as a participant. neil ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Drew Burchett Sent: 14 November 2006 13:27 To: [email protected] Subject: RE: [ActiveDir] Help with topology I'll have to look up how to set the costs on the links. That may very well solve my problem. The part that is making Exchange so slow is the System Attendant service. Every 2 minutes it will log Event 1042: "Metabase Update failed to read the Configuration namespace property from the domain controller. Error code is 80040a01." This goes on for a couple of hours until it finally succeeds in reading whatever it needs and the service starts. Then, and only then, can I start the rest of the Exchange services. I attempted to place all the branch offices in different sites and use site links to determine which of these would replicate with which, but I quickly found out that a site can only belong to one site link, and that pretty well shoots trying to make everything link back to the CO. I did manage to find an article on Microsoft's web site about hub and spoke topology, but it focused strictly on determining how many domain controllers you need at each location and formulas for determining how much information will be transferred compared to existing line speed. Not one word about how you're supposed to implement hub and spoke, or how you're supposed to keep the KCC from completely screwing it up once you do. Thank you for the information, Drew Burchett United Systems & Software Ph: (270)527-3293 Fax: (270)527-3132 ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bahta, Nathaniel V CTR USAF NASIC/SCNA Sent: Tuesday, November 14, 2006 7:01 AM To: [email protected] Subject: RE: [ActiveDir] Help with topology Why dont you make the domain controller at the branch office with the Exchange Server a Global Catalog? Also why not set the cost on the links if you have not already? You can also set the logging level higher in exchange so you can see whats taking so long to come online. ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Drew Burchett Sent: Monday, November 13, 2006 8:55 PM To: [email protected] Subject: [ActiveDir] Help with topology I have a client that I'm having trouble setting up Active Directory topology for. The layout: 1 Central office with two domain controllers, 1 Global Catalog, T1 connection 5 Branch offices with 1 domain controller and DSL or Cable connections. 1 Branch office with 1 domain controller that is also an Exchange Server, on a T1. All the offices are connected to the central office through a VPN maintained by a Cisco PIX at each location. They are not directly connected to each other. When I originally set this up, I pointed all the machines to the main DNS server at the central office. However, if the VPN or the T1 went down, they were not able to access the internet and since they use a third-party application host, this is critical for business. To alleviate this problem, I installed DNS on each of the branch office computers. This worked fine until Exchange 2003 was introduced into the picture. Since all of the sites now register and replicate their DNS information, the slowest sites always end up at the top of the list of name servers. In addition, the KCC is always attempting to create links between the Exchange server and all the other sites besides the central office. Thus, whenever I have to restart the Exchange server, it takes several hours for it to properly start up. I assume that this is because it is attempting to retrieve DNS information and AD information from the slowest links rather than the CO, with which it can readily communicate. What I would like to do is set up a topology so that all the branch offices are replicating ONLY with the CO and the Exchange server will ALWAYS get its information from the CO and nowhere else. However, first, I don't know how to accomplish this, and second, I don't know if this will actually solve the problem or not. Any thoughts or suggestions on how to make this better? Drew Burchett United Systems & Software Ph: (270)527-3293 Fax: (270)527-3132 -- CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. -- This message has been scanned for viruses and dangerous content by MailScanner<http://www.mailscanner.info/>, and is believed to be clean. -- CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. -- This message has been scanned for viruses and dangerous content by MailScanner<http://www.mailscanner.info/>, and is believed to be clean. PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a hard copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do not necessarily represent those of NIplc; (3) is intended for informational purposes only and is not a recommendation, solicitation or offer to buy or sell securities or related financial instruments. NIplc does not provide investment services to private customers. Authorised and regulated by the Financial Services Authority. Registered in England no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, London, EC1A 4NP. A member of the Nomura group of companies. -- CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. -- This message has been scanned for viruses and dangerous content by MailScanner<http://www.mailscanner.info/>, and is believed to be clean.
