RE: [NTSysADM] Polling wrong DC-FIXED- Kind of

[Melvin Backus]

Ahh, new VPN to "wrong" site...  Now it makes sense.  Well, not why it failed, 
but at least why it joined.

--
There are 10 kinds of people in the world...
         those who understand binary and those who don't.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of J- P
Sent: Thursday, July 24, 2014 3:55 PM
To: NT
Subject: RE: [NTSysADM] Polling wrong DC-FIXED- Kind of

Maybe I didn't explain in properly,

all sites are VPN'd to HQ ONLY, there are/were  no  remote site to remote site 
tunnels,

however since netmon traces showed that the server in questions was ONLY 
calling the DC from the second remote site (despite having the DNS server 
pointing to HQ) I then proceeded to create a NEW tunnel to ALLOW remote site 1 
speak to remote site 5

What is really weird, is that once I joined the server back to the domain, I 
disconnected the NEW tunnel (remote site 1 to remote site 5) and when I ran 
promoted the server to a DC, it was able to contact HQ to replicate AD ..

Still stumped as to WHY  , but like they say, there's more than one way to skin 
a cat

________________________________
From: melvin.bac...@byers.com<mailto:melvin.bac...@byers.com>
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] Polling wrong DC-FIXED- Kind of
Date: Thu, 24 Jul 2014 19:02:46 +0000
If there was no VPN between the sites, how would traffic have routed to HQ?  
All the IP ranges were private so they would have been stripped by default 
unless you have some means of routing them without the VPN.

--
There are 10 kinds of people in the world...
         those who understand binary and those who don't.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of J- P
Sent: Thursday, July 24, 2014 1:51 PM
To: NT
Subject: RE: [NTSysADM] Polling wrong DC-FIXED- Kind of

Ok,

So after checking and double checking everything (DNS, ADSS etc...) and finding 
nothing misconfigured,  the
only resolution was to create VPN between the remote sites, and voila added to 
the domain within a few seconds.

I really would still like to know why it would only attempt to contact the DC 
in site5 as opposed to the DNS server's that I specified (HQ Servers) on the 
nic card.


________________________________
From: mich...@smithcons.com<mailto:mich...@smithcons.com>
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] Polling wrong DC
Date: Thu, 24 Jul 2014 16:38:41 +0000
Set all DNS servers to point to HQ.

And yes, you may still have some remnants in DNS of the old server.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of J- P
Sent: Thursday, July 24, 2014 12:34 PM
To: NT
Subject: RE: [NTSysADM] Polling wrong DC

That was the DC- we had an issue with the router so there was no VPN tunnel for 
a few months.


Jean-Paul Natola

________________________________
From: ji...@jt-solution.com<mailto:ji...@jt-solution.com>
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] Polling wrong DC
Date: Thu, 24 Jul 2014 16:25:37 +0000
Are there a DC in the remote sites?
Is AD sites and services configured correctly?

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of J- P
Sent: Thursday, July 24, 2014 9:18 AM
To: NT
Subject: [NTSysADM] Polling wrong DC

Hi all,

Quick background - we have 5 remote locations all tunneled to HQ in "star" 
topology if you will;

HQ- 192.168.0.0
site1- 10.0.0.0
site2- 10.0.1.0
site3- 10.0.2.0
site4- 10.0.3.0
site5- 10.0.4.0

I'm trying join a server from site 2 (10.0.0.0) to our domain site 1 
(192.168.0.0) , the issue that I'm having  is that the server is trying to 
authenticate against the DC in site 5.

Since there is no tunnel between the remote sites it fails, what I'm failing to 
understand is WHY it isn't trying to authenticate against the DC's at HQ-

The server in the remote site has the HQ DNS servers as primary and secondary
Ping back and forth via both IP and Name work and the TTL is only  under 300ms
I have flushed DNS
Registered DNS
rebooted
Even when i ping the domain name it come back with the correct DC, yet when i 
try to join it back to the domain i get the "no domain controllers could be 
contacted"



and Netmon traces cleary show it's looking for the wrong DC