RE: [NTSysADM] Polling wrong DC-FIXED- Kind of

[Dave Lum]

I'm gonna ask Schrodinger's opinion. Also, is the cat really skinned?

> But not without killing the cat.
>
> From: listsad...@lists.myitforum.com
> [mailto:listsad...@lists.myitforum.com] On Behalf Of J- P
> Sent: Thursday, July 24, 2014 3:55 PM
> To: NT
> Subject: RE: [NTSysADM] Polling wrong DC-FIXED- Kind of
>
> Maybe I didn't explain in properly,
>
> all sites are VPN'd to HQ ONLY, there are/were  no  remote site to remote
> site tunnels,
>
> however since netmon traces showed that the server in questions was ONLY
> calling the DC from the second remote site (despite having the DNS server
> pointing to HQ) I then proceeded to create a NEW tunnel to ALLOW remote
> site 1 speak to remote site 5
>
> What is really weird, is that once I joined the server back to the domain,
> I disconnected the NEW tunnel (remote site 1 to remote site 5) and when I
> ran promoted the server to a DC, it was able to contact HQ to replicate AD
> ..
>
> Still stumped as to WHY  , but like they say, there's more than one way to
> skin a cat
>
> ________________________________
> From: melvin.bac...@byers.com<mailto:melvin.bac...@byers.com>
> To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
> Subject: RE: [NTSysADM] Polling wrong DC-FIXED- Kind of
> Date: Thu, 24 Jul 2014 19:02:46 +0000
> If there was no VPN between the sites, how would traffic have routed to
> HQ?  All the IP ranges were private so they would have been stripped by
> default unless you have some means of routing them without the VPN.
>
> --
> There are 10 kinds of people in the world...
>          those who understand binary and those who don't.
>
> From:
> listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>
> [mailto:listsad...@lists.myitforum.com] On Behalf Of J- P
> Sent: Thursday, July 24, 2014 1:51 PM
> To: NT
> Subject: RE: [NTSysADM] Polling wrong DC-FIXED- Kind of
>
> Ok,
>
> So after checking and double checking everything (DNS, ADSS etc...) and
> finding nothing misconfigured,  the
> only resolution was to create VPN between the remote sites, and voila
> added to the domain within a few seconds.
>
> I really would still like to know why it would only attempt to contact the
> DC in site5 as opposed to the DNS server's that I specified (HQ Servers)
> on the nic card.
>
>
> ________________________________
> From: mich...@smithcons.com<mailto:mich...@smithcons.com>
> To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
> Subject: RE: [NTSysADM] Polling wrong DC
> Date: Thu, 24 Jul 2014 16:38:41 +0000
> Set all DNS servers to point to HQ.
>
> And yes, you may still have some remnants in DNS of the old server.
>
> From:
> listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>
> [mailto:listsad...@lists.myitforum.com] On Behalf Of J- P
> Sent: Thursday, July 24, 2014 12:34 PM
> To: NT
> Subject: RE: [NTSysADM] Polling wrong DC
>
> That was the DC- we had an issue with the router so there was no VPN
> tunnel for a few months.
>
>
> Jean-Paul Natola
>
> ________________________________
> From: ji...@jt-solution.com<mailto:ji...@jt-solution.com>
> To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
> Subject: RE: [NTSysADM] Polling wrong DC
> Date: Thu, 24 Jul 2014 16:25:37 +0000
> Are there a DC in the remote sites?
> Is AD sites and services configured correctly?
>
> From:
> listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>
> [mailto:listsad...@lists.myitforum.com] On Behalf Of J- P
> Sent: Thursday, July 24, 2014 9:18 AM
> To: NT
> Subject: [NTSysADM] Polling wrong DC
>
> Hi all,
>
> Quick background - we have 5 remote locations all tunneled to HQ in "star"
> topology if you will;
>
> HQ- 192.168.0.0
> site1- 10.0.0.0
> site2- 10.0.1.0
> site3- 10.0.2.0
> site4- 10.0.3.0
> site5- 10.0.4.0
>
> I'm trying join a server from site 2 (10.0.0.0) to our domain site 1
> (192.168.0.0) , the issue that I'm having  is that the server is trying to
> authenticate against the DC in site 5.
>
> Since there is no tunnel between the remote sites it fails, what I'm
> failing to understand is WHY it isn't trying to authenticate against the
> DC's at HQ-
>
> The server in the remote site has the HQ DNS servers as primary and
> secondary
> Ping back and forth via both IP and Name work and the TTL is only  under
> 300ms
> I have flushed DNS
> Registered DNS
> rebooted
> Even when i ping the domain name it come back with the correct DC, yet
> when i try to join it back to the domain i get the "no domain controllers
> could be contacted"
>
>
>
> and Netmon traces cleary show it's looking for the wrong DC
>
>
>
>