Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » issue with DC replication
issue with DC replication [message #156450] Wed, 17 June 2009 09:15 Go to next message
millin  is currently offline millin
Messages: 29
Registered: July 2009
Junior Member
Dear All,

I am having a problem with our live FTP servers.
We are running our FTP servers on cluster.
Whenever one of the FTP server goes down we have to take that server out
from the cluster and point to that to the other FTP server(passive).
The problem which I am facing is whenever we take one of the FTP server from
the cluster.For a couple of minutes the server doesn't seem to be updating on
the DNS server,so our LIVE FTP says it's DOWN!!!.From our point of view that
is not acceptable.
we have got 2DC's running for the Domain(LIVE).I ran replmon and it doesn't
showing any replication issues between the two DC's.
So I am bit stucked at the moment?

any help would be apprciated.

Thanks
mill
Re: issue with DC replication [message #156453 is a reply to message #156450] Wed, 17 June 2009 09:29 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello millin Spam),

To get you correct, you run a FTP cluster with 2 servers belonging to a domain.

In DNS the two cluster nodes are both listed and also the virtual server,
so more or less 3 servernames?

So this doesn't belong in my case to DC replication.

How is the cluster ip configuration, please post an unedited ipconfig /all
and also one form the DNS server?

I assume all machines are in the internal domain located?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Dear All,
>
> I am having a problem with our live FTP servers.
> We are running our FTP servers on cluster.
> Whenever one of the FTP server goes down we have to take that server
> out
> from the cluster and point to that to the other FTP server(passive).
> The problem which I am facing is whenever we take one of the FTP
> server from
> the cluster.For a couple of minutes the server doesn't seem to be
> updating on
> the DNS server,so our LIVE FTP says it's DOWN!!!.From our point of
> view that
> is not acceptable.
> we have got 2DC's running for the Domain(LIVE).I ran replmon and it
> doesn't
> showing any replication issues between the two DC's.
> So I am bit stucked at the moment?
> any help would be apprciated.
>
> Thanks
> mill
Re: issue with DC replication [message #156454 is a reply to message #156453] Wed, 17 June 2009 10:17 Go to previous messageGo to next message
millin  is currently offline millin
Messages: 29
Registered: July 2009
Junior Member
First of all thanks for the response Meinolf.
which BOX IPconfig/all you needed?
No the servers are all external.




"Meinolf Weber [MVP-DS]" wrote:

> Hello millin Spam),
>
> To get you correct, you run a FTP cluster with 2 servers belonging to a domain.
>
> In DNS the two cluster nodes are both listed and also the virtual server,
> so more or less 3 servernames?
>
> So this doesn't belong in my case to DC replication.
>
> How is the cluster ip configuration, please post an unedited ipconfig /all
> and also one form the DNS server?
>
> I assume all machines are in the internal domain located?
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > Dear All,
> >
> > I am having a problem with our live FTP servers.
> > We are running our FTP servers on cluster.
> > Whenever one of the FTP server goes down we have to take that server
> > out
> > from the cluster and point to that to the other FTP server(passive).
> > The problem which I am facing is whenever we take one of the FTP
> > server from
> > the cluster.For a couple of minutes the server doesn't seem to be
> > updating on
> > the DNS server,so our LIVE FTP says it's DOWN!!!.From our point of
> > view that
> > is not acceptable.
> > we have got 2DC's running for the Domain(LIVE).I ran replmon and it
> > doesn't
> > showing any replication issues between the two DC's.
> > So I am bit stucked at the moment?
> > any help would be apprciated.
> >
> > Thanks
> > mill
>
>
>
Re: issue with DC replication [message #156456 is a reply to message #156453] Wed, 17 June 2009 10:27 Go to previous messageGo to next message
millin  is currently offline millin
Messages: 29
Registered: July 2009
Junior Member
XXweb02--One of the Live Server.


C:\Documents and Settings\ssujith>ipconfig/all

Windows IP Configuration

Host Name . . . . . . . . . . . . : XXweb02
Primary Dns Suffix . . . . . . . : XXX.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : XXX.local

Ethernet adapter Management LAN:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP NC7771 Gigabit Server Adapter
Physical Address. . . . . . . . . : 00-XX-XX-XX-XX-XX
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.70.1.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Load Balanced NIC - 217.X.X.9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP NC7782 Gigabit Server Adapter
Physical Address. . . . . . . . . : 00-12-79-CF-76-C3
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 217.X.X.12------Cluster IP Address
Subnet Mask . . . . . . . . . . . : 255.255.255.224
IP Address. . . . . . . . . . . . : 217.X.X.9
Subnet Mask . . . . . . . . . . . : 255.255.255.224
Default Gateway . . . . . . . . . : 217.X.X.1
DNS Servers . . . . . . . . . . . : 217.X.X.4
217.X.X.3

C:\Documents and Settings\ssujith>nslookup
Default Server: uknlaapp02.nla-eclips.local
Address: 217.X.X.4

ANOTHER THING which wonders me is why when you run the nslookup it's not
showing the other DC which is 217.X.X.3 as well.

If you need any further info please let me know.

Thanks
Mill

"Meinolf Weber [MVP-DS]" wrote:

> Hello millin Spam),
>
> To get you correct, you run a FTP cluster with 2 servers belonging to a domain.
>
> In DNS the two cluster nodes are both listed and also the virtual server,
> so more or less 3 servernames?
>
> So this doesn't belong in my case to DC replication.
>
> How is the cluster ip configuration, please post an unedited ipconfig /all
> and also one form the DNS server?
>
> I assume all machines are in the internal domain located?
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > Dear All,
> >
> > I am having a problem with our live FTP servers.
> > We are running our FTP servers on cluster.
> > Whenever one of the FTP server goes down we have to take that server
> > out
> > from the cluster and point to that to the other FTP server(passive).
> > The problem which I am facing is whenever we take one of the FTP
> > server from
> > the cluster.For a couple of minutes the server doesn't seem to be
> > updating on
> > the DNS server,so our LIVE FTP says it's DOWN!!!.From our point of
> > view that
> > is not acceptable.
> > we have got 2DC's running for the Domain(LIVE).I ran replmon and it
> > doesn't
> > showing any replication issues between the two DC's.
> > So I am bit stucked at the moment?
> > any help would be apprciated.
> >
> > Thanks
> > mill
>
>
>
Re: issue with DC replication [message #156460 is a reply to message #156450] Wed, 17 June 2009 12:12 Go to previous messageGo to next message
Jorge Silva  is currently offline Jorge Silva
Messages: 398
Registered: July 2009
Senior Member
Hi
I'm a little lost here...

- You have one FTP cluster in Active/Passive configuration? Then you also
have 2 DCs that are supporting that cluster (probably for the accounts)?

- You say that you nee to take the FTP out (evict node?) of the cluster
config, why you need to do that? Failover doesn't work?

- Then you say that the server doesn't update the DNS config? What server?
Assuming the Cluster Virtual Network Name (associated with virtual IP
Address), that record should already exist in DNS when the cluster is up and
running?

Perhaps I missunderstood you!!!
--
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services
"millin" <ssuj@discussions.microsoft.com(No Spam)> wrote in message
news:12694AE9-1DFC-4F91-9BEF-BD856AF9A287@microsoft.com...
> Dear All,
>
> I am having a problem with our live FTP servers.
> We are running our FTP servers on cluster.
> Whenever one of the FTP server goes down we have to take that server out
> from the cluster and point to that to the other FTP server(passive).
> The problem which I am facing is whenever we take one of the FTP server
> from
> the cluster.For a couple of minutes the server doesn't seem to be updating
> on
> the DNS server,so our LIVE FTP says it's DOWN!!!.From our point of view
> that
> is not acceptable.
> we have got 2DC's running for the Domain(LIVE).I ran replmon and it
> doesn't
> showing any replication issues between the two DC's.
> So I am bit stucked at the moment?
>
> any help would be apprciated.
>
> Thanks
> mill
Re: issue with DC replication [message #156470 is a reply to message #156456] Wed, 17 June 2009 14:44 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello millin Spam),

As Jorge also asked, please describe more details and answer the additional
questions, so we can understand the setup/configuration form your network
and h0ow the connections are built.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> XXweb02--One of the Live Server.
>
> C:\Documents and Settings\ssujith>ipconfig/all
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : XXweb02
> Primary Dns Suffix . . . . . . . : XXX.local
> Node Type . . . . . . . . . . . . : Unknown
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : XXX.local
> Ethernet adapter Management LAN:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : HP NC7771 Gigabit Server
> Adapter
> Physical Address. . . . . . . . . : 00-XX-XX-XX-XX-XX
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 10.70.1.5
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . :
> NetBIOS over Tcpip. . . . . . . . : Disabled
> Ethernet adapter Load Balanced NIC - 217.X.X.9:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : HP NC7782 Gigabit Server
> Adapter
> Physical Address. . . . . . . . . : 00-12-79-CF-76-C3
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 217.X.X.12------Cluster IP
> Address
> Subnet Mask . . . . . . . . . . . : 255.255.255.224
> IP Address. . . . . . . . . . . . : 217.X.X.9
> Subnet Mask . . . . . . . . . . . : 255.255.255.224
> Default Gateway . . . . . . . . . : 217.X.X.1
> DNS Servers . . . . . . . . . . . : 217.X.X.4
> 217.X.X.3
> C:\Documents and Settings\ssujith>nslookup
> Default Server: uknlaapp02.nla-eclips.local
> Address: 217.X.X.4
> ANOTHER THING which wonders me is why when you run the nslookup it's
> not showing the other DC which is 217.X.X.3 as well.
>
> If you need any further info please let me know.
>
> Thanks
> Mill
> "Meinolf Weber [MVP-DS]" wrote:
>
>> Hello millin Spam),
>>
>> To get you correct, you run a FTP cluster with 2 servers belonging to
>> a domain.
>>
>> In DNS the two cluster nodes are both listed and also the virtual
>> server, so more or less 3 servernames?
>>
>> So this doesn't belong in my case to DC replication.
>>
>> How is the cluster ip configuration, please post an unedited ipconfig
>> /all and also one form the DNS server?
>>
>> I assume all machines are in the internal domain located?
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers
>> no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> Dear All,
>>>
>>> I am having a problem with our live FTP servers.
>>> We are running our FTP servers on cluster.
>>> Whenever one of the FTP server goes down we have to take that server
>>> out
>>> from the cluster and point to that to the other FTP
>>> server(passive).
>>> The problem which I am facing is whenever we take one of the FTP
>>> server from
>>> the cluster.For a couple of minutes the server doesn't seem to be
>>> updating on
>>> the DNS server,so our LIVE FTP says it's DOWN!!!.From our point of
>>> view that
>>> is not acceptable.
>>> we have got 2DC's running for the Domain(LIVE).I ran replmon and it
>>> doesn't
>>> showing any replication issues between the two DC's.
>>> So I am bit stucked at the moment?
>>> any help would be apprciated.
>>> Thanks
>>> mill
Re: issue with DC replication [message #156472 is a reply to message #156460] Wed, 17 June 2009 16:29 Go to previous messageGo to next message
millin  is currently offline millin
Messages: 29
Registered: July 2009
Junior Member
Hi Jorge,

I may be misguided you both. I don't know.
O.K our network structure is like this.

we have got 2 FTP/WEB Servers which are public having ip address in the
range 217.45.XXX.8 and 217.45.XXX.9 and both are clustered using Microsoft
NLB,whose Virtual IP address is 217.45.xxx.12.

Whenever we take one of the D.C for maintenance or goes down, FTP servers is
going down. But I ran ipconfig/all on both the WEB01/02,I can see the
preferred DNS and alternated DNS as our AD-I DNS servers.
But another thing which I noticed was for the restricted IP address (at the
interface tab) for both the DNS servers, only have one DNS server IP Address.
I am just wondering if I give both the DNS server's IP address at each of the
interfaces (tab) might solve my problem!!! I don't know.

does it make sense now !!!

thanks
mill

"Jorge Silva" wrote:

> Hi
> I'm a little lost here...
>
> - You have one FTP cluster in Active/Passive configuration? Then you also
> have 2 DCs that are supporting that cluster (probably for the accounts)?

That's correct, these 2 DC's are for the External accounts.
You can see the Host A records of both DC/DNS are there in each DNS.
But I couldn't find any records of Cluster IP there!!!.It's strange.
>
> - You say that you nee to take the FTP out (evict node?) of the cluster
> config, why you need to do that? Failover doesn't work?

We are having a different system at our Co. Because we are running a
slightly complicated procees consuming applications we always have to do it
manually. Once we took one of WEB Box out you have to point that as the other
Box as Active server for all external client request by changing the name and
location of server on xx.cfg file.
You know what I am talking about, don't you?

If you need further info please don't hesitate to contact me.
It's kind of urgent, if we resolve ASAP, it's good for me and for the Co.

Thanking you,

mill

>
> - Then you say that the server doesn't update the DNS config? What server?
> Assuming the Cluster Virtual Network Name (associated with virtual IP
> Address), that record should already exist in DNS when the cluster is up and
> running?
>
> Perhaps I missunderstood you!!!
> --
> I hope that the information above helps you.
> Have a Nice day.
>
> Jorge Silva
> MVP Directory Services
> "millin" <ssuj@discussions.microsoft.com(No Spam)> wrote in message
> news:12694AE9-1DFC-4F91-9BEF-BD856AF9A287@microsoft.com...
> > Dear All,
> >
> > I am having a problem with our live FTP servers.
> > We are running our FTP servers on cluster.
> > Whenever one of the FTP server goes down we have to take that server out
> > from the cluster and point to that to the other FTP server(passive).
> > The problem which I am facing is whenever we take one of the FTP server
> > from
> > the cluster.For a couple of minutes the server doesn't seem to be updating
> > on
> > the DNS server,so our LIVE FTP says it's DOWN!!!.From our point of view
> > that
> > is not acceptable.
> > we have got 2DC's running for the Domain(LIVE).I ran replmon and it
> > doesn't
> > showing any replication issues between the two DC's.
> > So I am bit stucked at the moment?
> >
> > any help would be apprciated.
> >
> > Thanks
> > mill
>
Re: issue with DC replication [message #156473 is a reply to message #156460] Wed, 17 June 2009 16:44 Go to previous messageGo to next message
millin  is currently offline millin
Messages: 29
Registered: July 2009
Junior Member
Hi Jorge,

I may be misguided you both. I don't know.
O.K our network structure is like this.

we have got 2 FTP/WEB Servers which are public having ip address in the
range 217.45.XXX.8 and 217.45.XXX.9 and both are clustered using Microsoft
NLB,whose Virtual IP address is 217.45.xxx.12.

Whenever we take one of the D.C for maintenance or goes down, FTP servers is
going down. But I ran ipconfig/all on both the WEB01/02,I can see the
preferred DNS and alternated DNS as our AD-I DNS servers.
But another thing which I noticed was for the restricted IP address (at the
interface tab) for both the DNS servers, only have one DNS server IP Address.
I am just wondering if I give both the DNS server's IP address at the
interfaces (tab) might solve my problem!!! I don't know.

does it make sense !!!

thanks
mill

"Jorge Silva" wrote:

> Hi
> I'm a little lost here...
>
> - You have one FTP cluster in Active/Passive configuration? Then you also
> have 2 DCs that are supporting that cluster (probably for the accounts)?

That's correct, these 2 DC's are for the External accounts.
You can see the Host A records of both DC/DNS are there in each DNS.
But I couldn't find any records of Cluster IP there!!!.
>
> - You say that you nee to take the FTP out (evict node?) of the cluster
> config, why you need to do that? Failover doesn't work?

We are having a different system at our Co. Because we are running a
slightly complicated procees consuming applications we always have to do it
manually. Once we took one of WEB Box out you have to point that as the
Active server for all external client request by changing the name and
location of server on xx.cfg file.
You know what I am talking about, don't you?

If you need further info please don't hesitate to contact me.
It's kind of urgent, if we resolve ASAP, it's good for me and for the Co.

Thanking you,

mill


"Jorge Silva" wrote:

> Hi
> I'm a little lost here...
>
> - You have one FTP cluster in Active/Passive configuration? Then you also
> have 2 DCs that are supporting that cluster (probably for the accounts)?
>
> - You say that you nee to take the FTP out (evict node?) of the cluster
> config, why you need to do that? Failover doesn't work?
>
> - Then you say that the server doesn't update the DNS config? What server?
> Assuming the Cluster Virtual Network Name (associated with virtual IP
> Address), that record should already exist in DNS when the cluster is up and
> running?
>
> Perhaps I missunderstood you!!!
> --
> I hope that the information above helps you.
> Have a Nice day.
>
> Jorge Silva
> MVP Directory Services
> "millin" <ssuj@discussions.microsoft.com(No Spam)> wrote in message
> news:12694AE9-1DFC-4F91-9BEF-BD856AF9A287@microsoft.com...
> > Dear All,
> >
> > I am having a problem with our live FTP servers.
> > We are running our FTP servers on cluster.
> > Whenever one of the FTP server goes down we have to take that server out
> > from the cluster and point to that to the other FTP server(passive).
> > The problem which I am facing is whenever we take one of the FTP server
> > from
> > the cluster.For a couple of minutes the server doesn't seem to be updating
> > on
> > the DNS server,so our LIVE FTP says it's DOWN!!!.From our point of view
> > that
> > is not acceptable.
> > we have got 2DC's running for the Domain(LIVE).I ran replmon and it
> > doesn't
> > showing any replication issues between the two DC's.
> > So I am bit stucked at the moment?
> >
> > any help would be apprciated.
> >
> > Thanks
> > mill
>
Re: issue with DC replication [message #156474 is a reply to message #156472] Wed, 17 June 2009 16:53 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello millin Spam),

Hopefully your DCs are not in the public network and open for the world for
attackers. If your cluster machines have only one DNS server configured on
the NIC and that DNS server is down you should of course expect problems,
because the cluster can not resolve domain names. So make sure they always
have at least one DNS server available which is configured on the NIC.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hi Jorge,
>
> I may be misguided you both. I don't know.
> O.K our network structure is like this.
> we have got 2 FTP/WEB Servers which are public having ip address in
> the range 217.45.XXX.8 and 217.45.XXX.9 and both are clustered using
> Microsoft NLB,whose Virtual IP address is 217.45.xxx.12.
>
> Whenever we take one of the D.C for maintenance or goes down, FTP
> servers is
> going down. But I ran ipconfig/all on both the WEB01/02,I can see the
> preferred DNS and alternated DNS as our AD-I DNS servers.
> But another thing which I noticed was for the restricted IP address
> (at the
> interface tab) for both the DNS servers, only have one DNS server IP
> Address.
> I am just wondering if I give both the DNS server's IP address at each
> of the
> interfaces (tab) might solve my problem!!! I don't know.
> does it make sense now !!!
>
> thanks
> mill
> "Jorge Silva" wrote:
>
>> Hi
>> I'm a little lost here...
>> - You have one FTP cluster in Active/Passive configuration? Then you
>> also have 2 DCs that are supporting that cluster (probably for the
>> accounts)?
>>
> That's correct, these 2 DC's are for the External accounts.
> You can see the Host A records of both DC/DNS are there in each DNS.
> But I couldn't find any records of Cluster IP there!!!.It's strange.
>> - You say that you nee to take the FTP out (evict node?) of the
>> cluster config, why you need to do that? Failover doesn't work?
>>
> We are having a different system at our Co. Because we are running a
> slightly complicated procees consuming applications we always have to
> do it
> manually. Once we took one of WEB Box out you have to point that as
> the other
> Box as Active server for all external client request by changing the
> name and
> location of server on xx.cfg file.
> You know what I am talking about, don't you?
> If you need further info please don't hesitate to contact me. It's
> kind of urgent, if we resolve ASAP, it's good for me and for the Co.
>
> Thanking you,
>
> mill
>
>> - Then you say that the server doesn't update the DNS config? What
>> server? Assuming the Cluster Virtual Network Name (associated with
>> virtual IP Address), that record should already exist in DNS when the
>> cluster is up and running?
>>
>> Perhaps I missunderstood you!!!
>> --
>> I hope that the information above helps you.
>> Have a Nice day.
>> Jorge Silva
>> MVP Directory Services
>> "millin" <ssuj@discussions.microsoft.com(No Spam)> wrote in message
>> news:12694AE9-1DFC-4F91-9BEF-BD856AF9A287@microsoft.com...
>>> Dear All,
>>>
>>> I am having a problem with our live FTP servers.
>>> We are running our FTP servers on cluster.
>>> Whenever one of the FTP server goes down we have to take that server
>>> out
>>> from the cluster and point to that to the other FTP
>>> server(passive).
>>> The problem which I am facing is whenever we take one of the FTP
>>> server
>>> from
>>> the cluster.For a couple of minutes the server doesn't seem to be
>>> updating
>>> on
>>> the DNS server,so our LIVE FTP says it's DOWN!!!.From our point of
>>> view
>>> that
>>> is not acceptable.
>>> we have got 2DC's running for the Domain(LIVE).I ran replmon and it
>>> doesn't
>>> showing any replication issues between the two DC's.
>>> So I am bit stucked at the moment?
>>> any help would be apprciated.
>>>
>>> Thanks
>>> mill
Re: issue with DC replication [message #156475 is a reply to message #156474] Wed, 17 June 2009 17:28 Go to previous messageGo to next message
millin  is currently offline millin
Messages: 29
Registered: July 2009
Junior Member
Hi Meinolf,

As I pointed out earlier we have 2 dc's pointing to the each web boxes.
If I ran ipconfig/all,I can see the preferred and Alternate DNS on both Web
boxes.

I know that otherwise it's a definite problem.

This is not an issue.
But my issue is that why when one Dc's is taking down for a maintenance,the
Web Server going down until you put that D.C/DNS back on again.Is anything to
do with the restricted IP on each DNS,as i mentioned to you on our earlier
chat does adding the other DNS/DC ip address on each DNS would solve the
problem!!!

if I do a nslookup,it only shows one DNS server instead of showing two on
both Web boxes.
Any suggestions would be well appreciated.
thanks
mill


"Meinolf Weber [MVP-DS]" wrote:

> Hello millin Spam),
>
> Hopefully your DCs are not in the public network and open for the world for
> attackers. If your cluster machines have only one DNS server configured on
> the NIC and that DNS server is down you should of course expect problems,
> because the cluster can not resolve domain names. So make sure they always
> have at least one DNS server available which is configured on the NIC.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > Hi Jorge,
> >
> > I may be misguided you both. I don't know.
> > O.K our network structure is like this.
> > we have got 2 FTP/WEB Servers which are public having ip address in
> > the range 217.45.XXX.8 and 217.45.XXX.9 and both are clustered using
> > Microsoft NLB,whose Virtual IP address is 217.45.xxx.12.
> >
> > Whenever we take one of the D.C for maintenance or goes down, FTP
> > servers is
> > going down. But I ran ipconfig/all on both the WEB01/02,I can see the
> > preferred DNS and alternated DNS as our AD-I DNS servers.
> > But another thing which I noticed was for the restricted IP address
> > (at the
> > interface tab) for both the DNS servers, only have one DNS server IP
> > Address.
> > I am just wondering if I give both the DNS server's IP address at each
> > of the
> > interfaces (tab) might solve my problem!!! I don't know.
> > does it make sense now !!!
> >
> > thanks
> > mill
> > "Jorge Silva" wrote:
> >
> >> Hi
> >> I'm a little lost here...
> >> - You have one FTP cluster in Active/Passive configuration? Then you
> >> also have 2 DCs that are supporting that cluster (probably for the
> >> accounts)?
> >>
> > That's correct, these 2 DC's are for the External accounts.
> > You can see the Host A records of both DC/DNS are there in each DNS.
> > But I couldn't find any records of Cluster IP there!!!.It's strange.
> >> - You say that you nee to take the FTP out (evict node?) of the
> >> cluster config, why you need to do that? Failover doesn't work?
> >>
> > We are having a different system at our Co. Because we are running a
> > slightly complicated procees consuming applications we always have to
> > do it
> > manually. Once we took one of WEB Box out you have to point that as
> > the other
> > Box as Active server for all external client request by changing the
> > name and
> > location of server on xx.cfg file.
> > You know what I am talking about, don't you?
> > If you need further info please don't hesitate to contact me. It's
> > kind of urgent, if we resolve ASAP, it's good for me and for the Co.
> >
> > Thanking you,
> >
> > mill
> >
> >> - Then you say that the server doesn't update the DNS config? What
> >> server? Assuming the Cluster Virtual Network Name (associated with
> >> virtual IP Address), that record should already exist in DNS when the
> >> cluster is up and running?
> >>
> >> Perhaps I missunderstood you!!!
> >> --
> >> I hope that the information above helps you.
> >> Have a Nice day.
> >> Jorge Silva
> >> MVP Directory Services
> >> "millin" <ssuj@discussions.microsoft.com(No Spam)> wrote in message
> >> news:12694AE9-1DFC-4F91-9BEF-BD856AF9A287@microsoft.com...
> >>> Dear All,
> >>>
> >>> I am having a problem with our live FTP servers.
> >>> We are running our FTP servers on cluster.
> >>> Whenever one of the FTP server goes down we have to take that server
> >>> out
> >>> from the cluster and point to that to the other FTP
> >>> server(passive).
> >>> The problem which I am facing is whenever we take one of the FTP
> >>> server
> >>> from
> >>> the cluster.For a couple of minutes the server doesn't seem to be
> >>> updating
> >>> on
> >>> the DNS server,so our LIVE FTP says it's DOWN!!!.From our point of
> >>> view
> >>> that
> >>> is not acceptable.
> >>> we have got 2DC's running for the Domain(LIVE).I ran replmon and it
> >>> doesn't
> >>> showing any replication issues between the two DC's.
> >>> So I am bit stucked at the moment?
> >>> any help would be apprciated.
> >>>
> >>> Thanks
> >>> mill
>
>
>
Re: issue with DC replication [message #156485 is a reply to message #156475] Thu, 18 June 2009 01:55 Go to previous messageGo to next message
Andrei Ungureanu  is currently offline Andrei Ungureanu
Messages: 82
Registered: July 2009
Member
The only issue I can see with this can be an authentication issue. And that
may happen if the other DC is not a Global Catalog.

Or ... how exactly is going down? Name resolution issue? Authentication? Any
other error?

Regards,
Andrei Ungureanu
www.itboard.ro

"millin" <ssuj@discussions.microsoft.com(No Spam)> wrote in message
news:D70F5A5D-7DCB-48F8-A362-C6604899DD1B@microsoft.com...
> Hi Meinolf,
>
> As I pointed out earlier we have 2 dc's pointing to the each web boxes.
> If I ran ipconfig/all,I can see the preferred and Alternate DNS on both
> Web
> boxes.
>
> I know that otherwise it's a definite problem.
>
> This is not an issue.
> But my issue is that why when one Dc's is taking down for a
> maintenance,the
> Web Server going down until you put that D.C/DNS back on again.Is anything
> to
> do with the restricted IP on each DNS,as i mentioned to you on our earlier
> chat does adding the other DNS/DC ip address on each DNS would solve the
> problem!!!
>
> if I do a nslookup,it only shows one DNS server instead of showing two on
> both Web boxes.
> Any suggestions would be well appreciated.
> thanks
> mill
>
>
> "Meinolf Weber [MVP-DS]" wrote:
>
>> Hello millin Spam),
>>
>> Hopefully your DCs are not in the public network and open for the world
>> for
>> attackers. If your cluster machines have only one DNS server configured
>> on
>> the NIC and that DNS server is down you should of course expect problems,
>> because the cluster can not resolve domain names. So make sure they
>> always
>> have at least one DNS server available which is configured on the NIC.
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers
>> no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>
>>
>> > Hi Jorge,
>> >
>> > I may be misguided you both. I don't know.
>> > O.K our network structure is like this.
>> > we have got 2 FTP/WEB Servers which are public having ip address in
>> > the range 217.45.XXX.8 and 217.45.XXX.9 and both are clustered using
>> > Microsoft NLB,whose Virtual IP address is 217.45.xxx.12.
>> >
>> > Whenever we take one of the D.C for maintenance or goes down, FTP
>> > servers is
>> > going down. But I ran ipconfig/all on both the WEB01/02,I can see the
>> > preferred DNS and alternated DNS as our AD-I DNS servers.
>> > But another thing which I noticed was for the restricted IP address
>> > (at the
>> > interface tab) for both the DNS servers, only have one DNS server IP
>> > Address.
>> > I am just wondering if I give both the DNS server's IP address at each
>> > of the
>> > interfaces (tab) might solve my problem!!! I don't know.
>> > does it make sense now !!!
>> >
>> > thanks
>> > mill
>> > "Jorge Silva" wrote:
>> >
>> >> Hi
>> >> I'm a little lost here...
>> >> - You have one FTP cluster in Active/Passive configuration? Then you
>> >> also have 2 DCs that are supporting that cluster (probably for the
>> >> accounts)?
>> >>
>> > That's correct, these 2 DC's are for the External accounts.
>> > You can see the Host A records of both DC/DNS are there in each DNS.
>> > But I couldn't find any records of Cluster IP there!!!.It's strange.
>> >> - You say that you nee to take the FTP out (evict node?) of the
>> >> cluster config, why you need to do that? Failover doesn't work?
>> >>
>> > We are having a different system at our Co. Because we are running a
>> > slightly complicated procees consuming applications we always have to
>> > do it
>> > manually. Once we took one of WEB Box out you have to point that as
>> > the other
>> > Box as Active server for all external client request by changing the
>> > name and
>> > location of server on xx.cfg file.
>> > You know what I am talking about, don't you?
>> > If you need further info please don't hesitate to contact me. It's
>> > kind of urgent, if we resolve ASAP, it's good for me and for the Co.
>> >
>> > Thanking you,
>> >
>> > mill
>> >
>> >> - Then you say that the server doesn't update the DNS config? What
>> >> server? Assuming the Cluster Virtual Network Name (associated with
>> >> virtual IP Address), that record should already exist in DNS when the
>> >> cluster is up and running?
>> >>
>> >> Perhaps I missunderstood you!!!
>> >> --
>> >> I hope that the information above helps you.
>> >> Have a Nice day.
>> >> Jorge Silva
>> >> MVP Directory Services
>> >> "millin" <ssuj@discussions.microsoft.com(No Spam)> wrote in message
>> >> news:12694AE9-1DFC-4F91-9BEF-BD856AF9A287@microsoft.com...
>> >>> Dear All,
>> >>>
>> >>> I am having a problem with our live FTP servers.
>> >>> We are running our FTP servers on cluster.
>> >>> Whenever one of the FTP server goes down we have to take that server
>> >>> out
>> >>> from the cluster and point to that to the other FTP
>> >>> server(passive).
>> >>> The problem which I am facing is whenever we take one of the FTP
>> >>> server
>> >>> from
>> >>> the cluster.For a couple of minutes the server doesn't seem to be
>> >>> updating
>> >>> on
>> >>> the DNS server,so our LIVE FTP says it's DOWN!!!.From our point of
>> >>> view
>> >>> that
>> >>> is not acceptable.
>> >>> we have got 2DC's running for the Domain(LIVE).I ran replmon and it
>> >>> doesn't
>> >>> showing any replication issues between the two DC's.
>> >>> So I am bit stucked at the moment?
>> >>> any help would be apprciated.
>> >>>
>> >>> Thanks
>> >>> mill
>>
>>
>>
Re: issue with DC replication [message #156490 is a reply to message #156485] Thu, 18 June 2009 04:51 Go to previous messageGo to next message
millin  is currently offline millin
Messages: 29
Registered: July 2009
Junior Member
Hi Andrei,

Both the DC are acting as GC.
As an example if we want to download a windows patch and possibly you need a
restart,while the D.C (especially for the DC1) shutdown the GobalScape
service goes down(that's our FTP).As the system comes back may be in a couple
of minutes time,FTP comes alive.It's kind of spooky I don't know why the
FTP/WEB Box is not switching over to the other D.C(DC2).
because if you do a ipconfig/all-you can see both m/c as preferred and
alternate DNS.


thanks
mill

"Andrei Ungureanu" wrote:

> The only issue I can see with this can be an authentication issue. And that
> may happen if the other DC is not a Global Catalog.
>
> Or ... how exactly is going down? Name resolution issue? Authentication? Any
> other error?
>
> Regards,
> Andrei Ungureanu
> www.itboard.ro
>
> "millin" <ssuj@discussions.microsoft.com(No Spam)> wrote in message
> news:D70F5A5D-7DCB-48F8-A362-C6604899DD1B@microsoft.com...
> > Hi Meinolf,
> >
> > As I pointed out earlier we have 2 dc's pointing to the each web boxes.
> > If I ran ipconfig/all,I can see the preferred and Alternate DNS on both
> > Web
> > boxes.
> >
> > I know that otherwise it's a definite problem.
> >
> > This is not an issue.
> > But my issue is that why when one Dc's is taking down for a
> > maintenance,the
> > Web Server going down until you put that D.C/DNS back on again.Is anything
> > to
> > do with the restricted IP on each DNS,as i mentioned to you on our earlier
> > chat does adding the other DNS/DC ip address on each DNS would solve the
> > problem!!!
> >
> > if I do a nslookup,it only shows one DNS server instead of showing two on
> > both Web boxes.
> > Any suggestions would be well appreciated.
> > thanks
> > mill
> >
> >
> > "Meinolf Weber [MVP-DS]" wrote:
> >
> >> Hello millin Spam),
> >>
> >> Hopefully your DCs are not in the public network and open for the world
> >> for
> >> attackers. If your cluster machines have only one DNS server configured
> >> on
> >> the NIC and that DNS server is down you should of course expect problems,
> >> because the cluster can not resolve domain names. So make sure they
> >> always
> >> have at least one DNS server available which is configured on the NIC.
> >>
> >> Best regards
> >>
> >> Meinolf Weber
> >> Disclaimer: This posting is provided "AS IS" with no warranties, and
> >> confers
> >> no rights.
> >> ** Please do NOT email, only reply to Newsgroups
> >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> >>
> >>
> >> > Hi Jorge,
> >> >
> >> > I may be misguided you both. I don't know.
> >> > O.K our network structure is like this.
> >> > we have got 2 FTP/WEB Servers which are public having ip address in
> >> > the range 217.45.XXX.8 and 217.45.XXX.9 and both are clustered using
> >> > Microsoft NLB,whose Virtual IP address is 217.45.xxx.12.
> >> >
> >> > Whenever we take one of the D.C for maintenance or goes down, FTP
> >> > servers is
> >> > going down. But I ran ipconfig/all on both the WEB01/02,I can see the
> >> > preferred DNS and alternated DNS as our AD-I DNS servers.
> >> > But another thing which I noticed was for the restricted IP address
> >> > (at the
> >> > interface tab) for both the DNS servers, only have one DNS server IP
> >> > Address.
> >> > I am just wondering if I give both the DNS server's IP address at each
> >> > of the
> >> > interfaces (tab) might solve my problem!!! I don't know.
> >> > does it make sense now !!!
> >> >
> >> > thanks
> >> > mill
> >> > "Jorge Silva" wrote:
> >> >
> >> >> Hi
> >> >> I'm a little lost here...
> >> >> - You have one FTP cluster in Active/Passive configuration? Then you
> >> >> also have 2 DCs that are supporting that cluster (probably for the
> >> >> accounts)?
> >> >>
> >> > That's correct, these 2 DC's are for the External accounts.
> >> > You can see the Host A records of both DC/DNS are there in each DNS.
> >> > But I couldn't find any records of Cluster IP there!!!.It's strange.
> >> >> - You say that you nee to take the FTP out (evict node?) of the
> >> >> cluster config, why you need to do that? Failover doesn't work?
> >> >>
> >> > We are having a different system at our Co. Because we are running a
> >> > slightly complicated procees consuming applications we always have to
> >> > do it
> >> > manually. Once we took one of WEB Box out you have to point that as
> >> > the other
> >> > Box as Active server for all external client request by changing the
> >> > name and
> >> > location of server on xx.cfg file.
> >> > You know what I am talking about, don't you?
> >> > If you need further info please don't hesitate to contact me. It's
> >> > kind of urgent, if we resolve ASAP, it's good for me and for the Co.
> >> >
> >> > Thanking you,
> >> >
> >> > mill
> >> >
> >> >> - Then you say that the server doesn't update the DNS config? What
> >> >> server? Assuming the Cluster Virtual Network Name (associated with
> >> >> virtual IP Address), that record should already exist in DNS when the
> >> >> cluster is up and running?
> >> >>
> >> >> Perhaps I missunderstood you!!!
> >> >> --
> >> >> I hope that the information above helps you.
> >> >> Have a Nice day.
> >> >> Jorge Silva
> >> >> MVP Directory Services
> >> >> "millin" <ssuj@discussions.microsoft.com(No Spam)> wrote in message
> >> >> news:12694AE9-1DFC-4F91-9BEF-BD856AF9A287@microsoft.com...
> >> >>> Dear All,
> >> >>>
> >> >>> I am having a problem with our live FTP servers.
> >> >>> We are running our FTP servers on cluster.
> >> >>> Whenever one of the FTP server goes down we have to take that server
> >> >>> out
> >> >>> from the cluster and point to that to the other FTP
> >> >>> server(passive).
> >> >>> The problem which I am facing is whenever we take one of the FTP
> >> >>> server
> >> >>> from
> >> >>> the cluster.For a couple of minutes the server doesn't seem to be
> >> >>> updating
> >> >>> on
> >> >>> the DNS server,so our LIVE FTP says it's DOWN!!!.From our point of
> >> >>> view
> >> >>> that
> >> >>> is not acceptable.
> >> >>> we have got 2DC's running for the Domain(LIVE).I ran replmon and it
> >> >>> doesn't
> >> >>> showing any replication issues between the two DC's.
> >> >>> So I am bit stucked at the moment?
> >> >>> any help would be apprciated.
> >> >>>
> >> >>> Thanks
> >> >>> mill
> >>
> >>
> >>
>
>
Re: issue with DC replication [message #156522 is a reply to message #156473] Thu, 18 June 2009 12:51 Go to previous messageGo to next message
Jorge Silva  is currently offline Jorge Silva
Messages: 398
Registered: July 2009
Senior Member
Ah, Ok,
-1st, are the DCs with more than one NIC each?
- Yes, you can configure the DNS to respond only to the address in the IP
that you want to. If your interface tab is setup to respond on the correct
IP address you should have no issues at all.

Try the follwing. After taking the DC down, go to both nodes of the NLB, and
run from cmd:
arp -d
nbtstat -R
ipconfig /flushdns

and try again, what are the results?
Problems?
- Ok, install Wireshark or NetMon to check what is going on at network level
request.
- Another thing to consider is FROM WHERE are you testing the FTP? For
example, if you're testing from a client, can you check if the client is
being redirected to the correct address or DNS server? Is the router or the
network balancing mechanism (assuming alteon or other dedicated device) with
problems when redirecting traffic?

--
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services
"millin" <ssuj@discussions.microsoft.com(No Spam)> wrote in message
news:9A9B67DE-6CF1-47D4-9703-B8379C5F71DF@microsoft.com...
> Hi Jorge,
>
> I may be misguided you both. I don't know.
> O.K our network structure is like this.
>
> we have got 2 FTP/WEB Servers which are public having ip address in the
> range 217.45.XXX.8 and 217.45.XXX.9 and both are clustered using Microsoft
> NLB,whose Virtual IP address is 217.45.xxx.12.
>
> Whenever we take one of the D.C for maintenance or goes down, FTP servers
> is
> going down. But I ran ipconfig/all on both the WEB01/02,I can see the
> preferred DNS and alternated DNS as our AD-I DNS servers.
> But another thing which I noticed was for the restricted IP address (at
> the
> interface tab) for both the DNS servers, only have one DNS server IP
> Address.
> I am just wondering if I give both the DNS server's IP address at the
> interfaces (tab) might solve my problem!!! I don't know.
>
> does it make sense !!!
>
> thanks
> mill
>
> "Jorge Silva" wrote:
>
>> Hi
>> I'm a little lost here...
>>
>> - You have one FTP cluster in Active/Passive configuration? Then you also
>> have 2 DCs that are supporting that cluster (probably for the accounts)?
>
> That's correct, these 2 DC's are for the External accounts.
> You can see the Host A records of both DC/DNS are there in each DNS.
> But I couldn't find any records of Cluster IP there!!!.
>>
>> - You say that you nee to take the FTP out (evict node?) of the cluster
>> config, why you need to do that? Failover doesn't work?
>
> We are having a different system at our Co. Because we are running a
> slightly complicated procees consuming applications we always have to do
> it
> manually. Once we took one of WEB Box out you have to point that as the
> Active server for all external client request by changing the name and
> location of server on xx.cfg file.
> You know what I am talking about, don't you?
>
> If you need further info please don't hesitate to contact me.
> It's kind of urgent, if we resolve ASAP, it's good for me and for the Co.
>
> Thanking you,
>
> mill
>
>
> "Jorge Silva" wrote:
>
>> Hi
>> I'm a little lost here...
>>
>> - You have one FTP cluster in Active/Passive configuration? Then you also
>> have 2 DCs that are supporting that cluster (probably for the accounts)?
>>
>> - You say that you nee to take the FTP out (evict node?) of the cluster
>> config, why you need to do that? Failover doesn't work?
>>
>> - Then you say that the server doesn't update the DNS config? What
>> server?
>> Assuming the Cluster Virtual Network Name (associated with virtual IP
>> Address), that record should already exist in DNS when the cluster is up
>> and
>> running?
>>
>> Perhaps I missunderstood you!!!
>> --
>> I hope that the information above helps you.
>> Have a Nice day.
>>
>> Jorge Silva
>> MVP Directory Services
>> "millin" <ssuj@discussions.microsoft.com(No Spam)> wrote in message
>> news:12694AE9-1DFC-4F91-9BEF-BD856AF9A287@microsoft.com...
>> > Dear All,
>> >
>> > I am having a problem with our live FTP servers.
>> > We are running our FTP servers on cluster.
>> > Whenever one of the FTP server goes down we have to take that server
>> > out
>> > from the cluster and point to that to the other FTP server(passive).
>> > The problem which I am facing is whenever we take one of the FTP server
>> > from
>> > the cluster.For a couple of minutes the server doesn't seem to be
>> > updating
>> > on
>> > the DNS server,so our LIVE FTP says it's DOWN!!!.From our point of view
>> > that
>> > is not acceptable.
>> > we have got 2DC's running for the Domain(LIVE).I ran replmon and it
>> > doesn't
>> > showing any replication issues between the two DC's.
>> > So I am bit stucked at the moment?
>> >
>> > any help would be apprciated.
>> >
>> > Thanks
>> > mill
>>
Re: issue with DC replication [message #156534 is a reply to message #156522] Thu, 18 June 2009 18:29 Go to previous messageGo to next message
millin  is currently offline millin
Messages: 29
Registered: July 2009
Junior Member
Hi Jorge,

arp -d
nbtstat -R
by running this cmd on both the m/c what am I going to establish?

We are runnign IP Monitor8.0 when ever the FTP Service goes down it gives us
an alert?I am still learning how to use the S/W?As I said to you on my
earlier mails clients doesn't notice the issue as the DC1 re-boot in couple
of minutes time.But my main worry is what happen if DC1 actually fails how do
I establish clients can still can connect to the other DC/DNS?


Yes the D.C has 2 NIC's.
But we are only using one NIC for the name resolution on each.
what's the interface tab actually means do you really have to set it up 2
NIC's for adding two IP Addresses at the interface tab or can you put 2
different AD-I DNS server ip address which will provide the DNS services.

Unfortunately I am not allowd to take the D.C's down which providing FTP/Web
services for doing my testing,that's a real hinderance from my point of view?

When I had a chat with my colleague what I understood was FTP services goes
down when we take the DC1 down not for the DC2.

Is this anything to do with the FSMO roles,cause DC1 is acting as PDC,RID
and Infrastructure.I think that might be causing the problem!!!

PS: If I can make the both the FTP/WEB Servers to look at least same D.C
when the other goes down will give me a quick fix for time being.At the
moment when I run nslookup I can see that one Web server pointing to One DNS
and the other one always pointing to the other one.

any suggestions would be appreciated.

"Jorge Silva" wrote:

> Ah, Ok,
> -1st, are the DCs with more than one NIC each?
> - Yes, you can configure the DNS to respond only to the address in the IP
> that you want to. If your interface tab is setup to respond on the correct
> IP address you should have no issues at all.
>
> Try the follwing. After taking the DC down, go to both nodes of the NLB, and
> run from cmd:
> arp -d
> nbtstat -R
> ipconfig /flushdns
>
> and try again, what are the results?
> Problems?
> - Ok, install Wireshark or NetMon to check what is going on at network level
> request.
> - Another thing to consider is FROM WHERE are you testing the FTP? For
> example, if you're testing from a client, can you check if the client is
> being redirected to the correct address or DNS server? Is the router or the
> network balancing mechanism (assuming alteon or other dedicated device) with
> problems when redirecting traffic?
>
> --
> I hope that the information above helps you.
> Have a Nice day.
>
> Jorge Silva
> MVP Directory Services
> "millin" <ssuj@discussions.microsoft.com(No Spam)> wrote in message
> news:9A9B67DE-6CF1-47D4-9703-B8379C5F71DF@microsoft.com...
> > Hi Jorge,
> >
> > I may be misguided you both. I don't know.
> > O.K our network structure is like this.
> >
> > we have got 2 FTP/WEB Servers which are public having ip address in the
> > range 217.45.XXX.8 and 217.45.XXX.9 and both are clustered using Microsoft
> > NLB,whose Virtual IP address is 217.45.xxx.12.
> >
> > Whenever we take one of the D.C for maintenance or goes down, FTP servers
> > is
> > going down. But I ran ipconfig/all on both the WEB01/02,I can see the
> > preferred DNS and alternated DNS as our AD-I DNS servers.
> > But another thing which I noticed was for the restricted IP address (at
> > the
> > interface tab) for both the DNS servers, only have one DNS server IP
> > Address.
> > I am just wondering if I give both the DNS server's IP address at the
> > interfaces (tab) might solve my problem!!! I don't know.
> >
> > does it make sense !!!
> >
> > thanks
> > mill
> >
> > "Jorge Silva" wrote:
> >
> >> Hi
> >> I'm a little lost here...
> >>
> >> - You have one FTP cluster in Active/Passive configuration? Then you also
> >> have 2 DCs that are supporting that cluster (probably for the accounts)?
> >
> > That's correct, these 2 DC's are for the External accounts.
> > You can see the Host A records of both DC/DNS are there in each DNS.
> > But I couldn't find any records of Cluster IP there!!!.
> >>
> >> - You say that you nee to take the FTP out (evict node?) of the cluster
> >> config, why you need to do that? Failover doesn't work?
> >
> > We are having a different system at our Co. Because we are running a
> > slightly complicated procees consuming applications we always have to do
> > it
> > manually. Once we took one of WEB Box out you have to point that as the
> > Active server for all external client request by changing the name and
> > location of server on xx.cfg file.
> > You know what I am talking about, don't you?
> >
> > If you need further info please don't hesitate to contact me.
> > It's kind of urgent, if we resolve ASAP, it's good for me and for the Co.
> >
> > Thanking you,
> >
> > mill
> >
> >
> > "Jorge Silva" wrote:
> >
> >> Hi
> >> I'm a little lost here...
> >>
> >> - You have one FTP cluster in Active/Passive configuration? Then you also
> >> have 2 DCs that are supporting that cluster (probably for the accounts)?
> >>
> >> - You say that you nee to take the FTP out (evict node?) of the cluster
> >> config, why you need to do that? Failover doesn't work?
> >>
> >> - Then you say that the server doesn't update the DNS config? What
> >> server?
> >> Assuming the Cluster Virtual Network Name (associated with virtual IP
> >> Address), that record should already exist in DNS when the cluster is up
> >> and
> >> running?
> >>
> >> Perhaps I missunderstood you!!!
> >> --
> >> I hope that the information above helps you.
> >> Have a Nice day.
> >>
> >> Jorge Silva
> >> MVP Directory Services
> >> "millin" <ssuj@discussions.microsoft.com(No Spam)> wrote in message
> >> news:12694AE9-1DFC-4F91-9BEF-BD856AF9A287@microsoft.com...
> >> > Dear All,
> >> >
> >> > I am having a problem with our live FTP servers.
> >> > We are running our FTP servers on cluster.
> >> > Whenever one of the FTP server goes down we have to take that server
> >> > out
> >> > from the cluster and point to that to the other FTP server(passive).
> >> > The problem which I am facing is whenever we take one of the FTP server
> >> > from
> >> > the cluster.For a couple of minutes the server doesn't seem to be
> >> > updating
> >> > on
> >> > the DNS server,so our LIVE FTP says it's DOWN!!!.From our point of view
> >> > that
> >> > is not acceptable.
> >> > we have got 2DC's running for the Domain(LIVE).I ran replmon and it
> >> > doesn't
> >> > showing any replication issues between the two DC's.
> >> > So I am bit stucked at the moment?
> >> >
> >> > any help would be apprciated.
> >> >
> >> > Thanks
> >> > mill
> >>
>
Re: issue with DC replication [message #156552 is a reply to message #156534] Thu, 18 June 2009 20:32 Go to previous messageGo to next message
Jorge Silva  is currently offline Jorge Silva
Messages: 398
Registered: July 2009
Senior Member
Inline

> arp -d
> nbtstat -R
> by running this cmd on both the m/c what am I going to establish?

To clear the cache + ipconfig /flushdns.
Same as doing a repair in Windows 2008 or vista.

> We are runnign IP Monitor8.0 when ever the FTP Service goes down it gives
> us
> an alert?I am still learning how to use the S/W?As I said to you on my
> earlier mails clients doesn't notice the issue as the DC1 re-boot in
> couple
> of minutes time.But my main worry is what happen if DC1 actually fails how
> do
> I establish clients can still can connect to the other DC/DNS?

Ok, but with a couple of seconds with the DC down, you can run the sniffer
to check what is going at network level.

> Yes the D.C has 2 NIC's.
> But we are only using one NIC for the name resolution on each.

Are the NICs in different address? Are the addresses in the same network ID
as the FTP servers? What do you mean with name resolution for each?

> what's the interface tab actually means do you really have to set it up 2
> NIC's for adding two IP Addresses at the interface tab or can you put 2
> different AD-I DNS server ip address which will provide the DNS services.

You don't need to have multiple NICs to have multiple address, you can
configure all in the same NIC, but this type of configuration only makes
sense in a DEV/TEST environment, in PROD you generally have specific VLans
configured to the switch port where the Nic is connected (unless you have
the NIC in Trunk VLAN).

Is not recommended to have multiple NICs assigned to the DC because by
default DNS round robin is active and if DNS clients are in a different
VLANs, they may end up getting the with the wrong DNS ip address for that DC
(Wrong means an IP that may not be reachable by the clients due FW
configurations or routing configs). Additionally you may have problems with
replication between both DCs for the same reason.

> Unfortunately I am not allowd to take the D.C's down which providing
> FTP/Web
> services for doing my testing,that's a real hinderance from my point of
> view?

Well, I think that when you lose resolution between the FTP and the DNS/DC
may be related with the fact that when querying DC2 the wrong IP is returned
or something is in cache preventing it from working correctly.

> When I had a chat with my colleague what I understood was FTP services
> goes
> down when we take the DC1 down not for the DC2.

There're other options, you say that only happens when DC1 is rebooting,
because you can't take DC1 down to test, you can try to point the preferred
DNS to DC2, and check if the same behavior occurs. Another thing to check is
if you have any entry in the hosts file with the wrong IP of DC2. After
making the changes on NIC preferred DNS run the cmds that I provided before
and try to ping the FQDN of DC2, if nothing run the sniffer or check if the
IP returned is the correct for DC2. Also check time between DCs and client.

Well, if it fails when DC1 is down, that means that for some reason DC2 is
not responding to the server requests when DC1 is down (also check if both
DCs are in sync: repadmin /replsum * /bysrc /bydest /sort:delta).


> Is this anything to do with the FSMO roles,cause DC1 is acting as PDC,RID
> and Infrastructure.I think that might be causing the problem!!!

For FTP service? I don't think so.

> PS: If I can make the both the FTP/WEB Servers to look at least same D.C
> when the other goes down will give me a quick fix for time being.At the
> moment when I run nslookup I can see that one Web server pointing to One
> DNS
> and the other one always pointing to the other one.

Use both DNS in NIC config otherwise when one fails the client has no way to
determine where the other is at.

--
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services
"millin" <ssuj@discussions.microsoft.com(No Spam)> wrote in message
news:D33128A2-9277-4391-B559-603D7DC712FD@microsoft.com...
> Hi Jorge,
>
> arp -d
> nbtstat -R
> by running this cmd on both the m/c what am I going to establish?
>
> We are runnign IP Monitor8.0 when ever the FTP Service goes down it gives
> us
> an alert?I am still learning how to use the S/W?As I said to you on my
> earlier mails clients doesn't notice the issue as the DC1 re-boot in
> couple
> of minutes time.But my main worry is what happen if DC1 actually fails how
> do
> I establish clients can still can connect to the other DC/DNS?
>
>
> Yes the D.C has 2 NIC's.
> But we are only using one NIC for the name resolution on each.
> what's the interface tab actually means do you really have to set it up 2
> NIC's for adding two IP Addresses at the interface tab or can you put 2
> different AD-I DNS server ip address which will provide the DNS services.
>
> Unfortunately I am not allowd to take the D.C's down which providing
> FTP/Web
> services for doing my testing,that's a real hinderance from my point of
> view?
>
> When I had a chat with my colleague what I understood was FTP services
> goes
> down when we take the DC1 down not for the DC2.
>
> Is this anything to do with the FSMO roles,cause DC1 is acting as PDC,RID
> and Infrastructure.I think that might be causing the problem!!!
>
> PS: If I can make the both the FTP/WEB Servers to look at least same D.C
> when the other goes down will give me a quick fix for time being.At the
> moment when I run nslookup I can see that one Web server pointing to One
> DNS
> and the other one always pointing to the other one.
>
> any suggestions would be appreciated.
>
> "Jorge Silva" wrote:
>
>> Ah, Ok,
>> -1st, are the DCs with more than one NIC each?
>> - Yes, you can configure the DNS to respond only to the address in the IP
>> that you want to. If your interface tab is setup to respond on the
>> correct
>> IP address you should have no issues at all.
>>
>> Try the follwing. After taking the DC down, go to both nodes of the NLB,
>> and
>> run from cmd:
>> arp -d
>> nbtstat -R
>> ipconfig /flushdns
>>
>> and try again, what are the results?
>> Problems?
>> - Ok, install Wireshark or NetMon to check what is going on at network
>> level
>> request.
>> - Another thing to consider is FROM WHERE are you testing the FTP? For
>> example, if you're testing from a client, can you check if the client is
>> being redirected to the correct address or DNS server? Is the router or
>> the
>> network balancing mechanism (assuming alteon or other dedicated device)
>> with
>> problems when redirecting traffic?
>>
>> --
>> I hope that the information above helps you.
>> Have a Nice day.
>>
>> Jorge Silva
>> MVP Directory Services
>> "millin" <ssuj@discussions.microsoft.com(No Spam)> wrote in message
>> news:9A9B67DE-6CF1-47D4-9703-B8379C5F71DF@microsoft.com...
>> > Hi Jorge,
>> >
>> > I may be misguided you both. I don't know.
>> > O.K our network structure is like this.
>> >
>> > we have got 2 FTP/WEB Servers which are public having ip address in the
>> > range 217.45.XXX.8 and 217.45.XXX.9 and both are clustered using
>> > Microsoft
>> > NLB,whose Virtual IP address is 217.45.xxx.12.
>> >
>> > Whenever we take one of the D.C for maintenance or goes down, FTP
>> > servers
>> > is
>> > going down. But I ran ipconfig/all on both the WEB01/02,I can see the
>> > preferred DNS and alternated DNS as our AD-I DNS servers.
>> > But another thing which I noticed was for the restricted IP address (at
>> > the
>> > interface tab) for both the DNS servers, only have one DNS server IP
>> > Address.
>> > I am just wondering if I give both the DNS server's IP address at the
>> > interfaces (tab) might solve my problem!!! I don't know.
>> >
>> > does it make sense !!!
>> >
>> > thanks
>> > mill
>> >
>> > "Jorge Silva" wrote:
>> >
>> >> Hi
>> >> I'm a little lost here...
>> >>
>> >> - You have one FTP cluster in Active/Passive configuration? Then you
>> >> also
>> >> have 2 DCs that are supporting that cluster (probably for the
>> >> accounts)?
>> >
>> > That's correct, these 2 DC's are for the External accounts.
>> > You can see the Host A records of both DC/DNS are there in each DNS.
>> > But I couldn't find any records of Cluster IP there!!!.
>> >>
>> >> - You say that you nee to take the FTP out (evict node?) of the
>> >> cluster
>> >> config, why you need to do that? Failover doesn't work?
>> >
>> > We are having a different system at our Co. Because we are running a
>> > slightly complicated procees consuming applications we always have to
>> > do
>> > it
>> > manually. Once we took one of WEB Box out you have to point that as the
>> > Active server for all external client request by changing the name and
>> > location of server on xx.cfg file.
>> > You know what I am talking about, don't you?
>> >
>> > If you need further info please don't hesitate to contact me.
>> > It's kind of urgent, if we resolve ASAP, it's good for me and for the
>> > Co.
>> >
>> > Thanking you,
>> >
>> > mill
>> >
>> >
>> > "Jorge Silva" wrote:
>> >
>> >> Hi
>> >> I'm a little lost here...
>> >>
>> >> - You have one FTP cluster in Active/Passive configuration? Then you
>> >> also
>> >> have 2 DCs that are supporting that cluster (probably for the
>> >> accounts)?
>> >>
>> >> - You say that you nee to take the FTP out (evict node?) of the
>> >> cluster
>> >> config, why you need to do that? Failover doesn't work?
>> >>
>> >> - Then you say that the server doesn't update the DNS config? What
>> >> server?
>> >> Assuming the Cluster Virtual Network Name (associated with virtual IP
>> >> Address), that record should already exist in DNS when the cluster is
>> >> up
>> >> and
>> >> running?
>> >>
>> >> Perhaps I missunderstood you!!!
>> >> --
>> >> I hope that the information above helps you.
>> >> Have a Nice day.
>> >>
>> >> Jorge Silva
>> >> MVP Directory Services
>> >> "millin" <ssuj@discussions.microsoft.com(No Spam)> wrote in message
>> >> news:12694AE9-1DFC-4F91-9BEF-BD856AF9A287@microsoft.com...
>> >> > Dear All,
>> >> >
>> >> > I am having a problem with our live FTP servers.
>> >> > We are running our FTP servers on cluster.
>> >> > Whenever one of the FTP server goes down we have to take that server
>> >> > out
>> >> > from the cluster and point to that to the other FTP
>> >> > server(passive).
>> >> > The problem which I am facing is whenever we take one of the FTP
>> >> > server
>> >> > from
>> >> > the cluster.For a couple of minutes the server doesn't seem to be
>> >> > updating
>> >> > on
>> >> > the DNS server,so our LIVE FTP says it's DOWN!!!.From our point of
>> >> > view
>> >> > that
>> >> > is not acceptable.
>> >> > we have got 2DC's running for the Domain(LIVE).I ran replmon and it
>> >> > doesn't
>> >> > showing any replication issues between the two DC's.
>> >> > So I am bit stucked at the moment?
>> >> >
>> >> > any help would be apprciated.
>> >> >
>> >> > Thanks
>> >> > mill
>> >>
>>
Re: issue with DC replication [message #156612 is a reply to message #156552] Mon, 22 June 2009 09:30 Go to previous messageGo to next message
millin  is currently offline millin
Messages: 29
Registered: July 2009
Junior Member
Hi Jorge,

There is no way I can run these cmd's in the live boxes.
Company policy doesn't allow me to do that.

I got the permission to set up a test network for finding the issue.
I got no idea what I needed and how i am supposed to do it?



thanks
mill

"Jorge Silva" wrote:

> Inline
>
> > arp -d
> > nbtstat -R
> > by running this cmd on both the m/c what am I going to establish?
>
> To clear the cache + ipconfig /flushdns.
> Same as doing a repair in Windows 2008 or vista.
>
> > We are runnign IP Monitor8.0 when ever the FTP Service goes down it gives
> > us
> > an alert?I am still learning how to use the S/W?As I said to you on my
> > earlier mails clients doesn't notice the issue as the DC1 re-boot in
> > couple
> > of minutes time.But my main worry is what happen if DC1 actually fails how
> > do
> > I establish clients can still can connect to the other DC/DNS?
>
> Ok, but with a couple of seconds with the DC down, you can run the sniffer
> to check what is going at network level.
>
> > Yes the D.C has 2 NIC's.
> > But we are only using one NIC for the name resolution on each.
>
> Are the NICs in different address? Are the addresses in the same network ID
> as the FTP servers? What do you mean with name resolution for each?

No the FTP/Web Boxes are in different subnet as compared to DC/DNS servers.


>
> > what's the interface tab actually means do you really have to set it up 2
> > NIC's for adding two IP Addresses at the interface tab or can you put 2
> > different AD-I DNS server ip address which will provide the DNS services.
>
> You don't need to have multiple NICs to have multiple address, you can
> configure all in the same NIC, but this type of configuration only makes
> sense in a DEV/TEST environment, in PROD you generally have specific VLans
> configured to the switch port where the Nic is connected (unless you have
> the NIC in Trunk VLAN).

Can you more specific about it about setting up VLANs to the switch port.

About the interface tab,I am still bit confused.What I understood is if we
have a DNS server with 1 NIC for name resolution is it possible to put the
other DNS server IP address as well on the interface tab.
Asking the same question over and over and making me a bit silly is that ,
we are having 2 DNS servers at the same subnet and I am thinking about adding
other DNS server's ip address on the interface tab of the first DNS
server.does it make any sense!!!


>
> Is not recommended to have multiple NICs assigned to the DC because by
> default DNS round robin is active and if DNS clients are in a different
> VLANs, they may end up getting the with the wrong DNS ip address for that DC
> (Wrong means an IP that may not be reachable by the clients due FW
> configurations or routing configs). Additionally you may have problems with
> replication between both DCs for the same reason.
>
> > Unfortunately I am not allowd to take the D.C's down which providing
> > FTP/Web
> > services for doing my testing,that's a real hinderance from my point of
> > view?
>
> Well, I think that when you lose resolution between the FTP and the DNS/DC
> may be related with the fact that when querying DC2 the wrong IP is returned
> or something is in cache preventing it from working correctly.
>
> > When I had a chat with my colleague what I understood was FTP services
> > goes
> > down when we take the DC1 down not for the DC2.
>
> There're other options, you say that only happens when DC1 is rebooting,
> because you can't take DC1 down to test, you can try to point the preferred
> DNS to DC2, and check if the same behavior occurs. Another thing to check is
> if you have any entry in the hosts file with the wrong IP of DC2. After
> making the changes on NIC preferred DNS run the cmds that I provided before
> and try to ping the FQDN of DC2, if nothing run the sniffer or check if the
> IP returned is the correct for DC2. Also check time between DCs and client.
>
> Well, if it fails when DC1 is down, that means that for some reason DC2 is
> not responding to the server requests when DC1 is down (also check if both
> DCs are in sync: repadmin /replsum * /bysrc /bydest /sort:delta).
>
>
> > Is this anything to do with the FSMO roles,cause DC1 is acting as PDC,RID
> > and Infrastructure.I think that might be causing the problem!!!
>
> For FTP service? I don't think so.
>
> > PS: If I can make the both the FTP/WEB Servers to look at least same D.C
> > when the other goes down will give me a quick fix for time being.At the
> > moment when I run nslookup I can see that one Web server pointing to One
> > DNS
> > and the other one always pointing to the other one.
>
> Use both DNS in NIC config otherwise when one fails the client has no way to
> determine where the other is at.
>
> --
> I hope that the information above helps you.
> Have a Nice day.
>
> Jorge Silva
> MVP Directory Services
> "millin" <ssuj@discussions.microsoft.com(No Spam)> wrote in message
> news:D33128A2-9277-4391-B559-603D7DC712FD@microsoft.com...
> > Hi Jorge,
> >
> > arp -d
> > nbtstat -R
> > by running this cmd on both the m/c what am I going to establish?
> >
> > We are runnign IP Monitor8.0 when ever the FTP Service goes down it gives
> > us
> > an alert?I am still learning how to use the S/W?As I said to you on my
> > earlier mails clients doesn't notice the issue as the DC1 re-boot in
> > couple
> > of minutes time.But my main worry is what happen if DC1 actually fails how
> > do
> > I establish clients can still can connect to the other DC/DNS?
> >
> >
> > Yes the D.C has 2 NIC's.
> > But we are only using one NIC for the name resolution on each.
> > what's the interface tab actually means do you really have to set it up 2
> > NIC's for adding two IP Addresses at the interface tab or can you put 2
> > different AD-I DNS server ip address which will provide the DNS services.
> >
> > Unfortunately I am not allowd to take the D.C's down which providing
> > FTP/Web
> > services for doing my testing,that's a real hinderance from my point of
> > view?
> >
> > When I had a chat with my colleague what I understood was FTP services
> > goes
> > down when we take the DC1 down not for the DC2.
> >
> > Is this anything to do with the FSMO roles,cause DC1 is acting as PDC,RID
> > and Infrastructure.I think that might be causing the problem!!!
> >
> > PS: If I can make the both the FTP/WEB Servers to look at least same D.C
> > when the other goes down will give me a quick fix for time being.At the
> > moment when I run nslookup I can see that one Web server pointing to One
> > DNS
> > and the other one always pointing to the other one.
> >
> > any suggestions would be appreciated.
> >
> > "Jorge Silva" wrote:
> >
> >> Ah, Ok,
> >> -1st, are the DCs with more than one NIC each?
> >> - Yes, you can configure the DNS to respond only to the address in the IP
> >> that you want to. If your interface tab is setup to respond on the
> >> correct
> >> IP address you should have no issues at all.
> >>
> >> Try the follwing. After taking the DC down, go to both nodes of the NLB,
> >> and
> >> run from cmd:
> >> arp -d
> >> nbtstat -R
> >> ipconfig /flushdns
> >>
> >> and try again, what are the results?
> >> Problems?
> >> - Ok, install Wireshark or NetMon to check what is going on at network
> >> level
> >> request.
> >> - Another thing to consider is FROM WHERE are you testing the FTP? For
> >> example, if you're testing from a client, can you check if the client is
> >> being redirected to the correct address or DNS server? Is the router or
> >> the
> >> network balancing mechanism (assuming alteon or other dedicated device)
> >> with
> >> problems when redirecting traffic?
> >>
> >> --
> >> I hope that the information above helps you.
> >> Have a Nice day.
> >>
> >> Jorge Silva
> >> MVP Directory Services
> >> "millin" <ssuj@discussions.microsoft.com(No Spam)> wrote in message
> >> news:9A9B67DE-6CF1-47D4-9703-B8379C5F71DF@microsoft.com...
> >> > Hi Jorge,
> >> >
> >> > I may be misguided you both. I don't know.
> >> > O.K our network structure is like this.
> >> >
> >> > we have got 2 FTP/WEB Servers which are public having ip address in the
> >> > range 217.45.XXX.8 and 217.45.XXX.9 and both are clustered using
> >> > Microsoft
> >> > NLB,whose Virtual IP address is 217.45.xxx.12.
> >> >
> >> > Whenever we take one of the D.C for maintenance or goes down, FTP
> >> > servers
> >> > is
> >> > going down. But I ran ipconfig/all on both the WEB01/02,I can see the
> >> > preferred DNS and alternated DNS as our AD-I DNS servers.
> >> > But another thing which I noticed was for the restricted IP address (at
> >> > the
> >> > interface tab) for both the DNS servers, only have one DNS server IP
> >> > Address.
> >> > I am just wondering if I give both the DNS server's IP address at the
> >> > interfaces (tab) might solve my problem!!! I don't know.
> >> >
> >> > does it make sense !!!
> >> >
> >> > thanks
> >> > mill
> >> >
> >> > "Jorge Silva" wrote:
> >> >
> >> >> Hi
> >> >> I'm a little lost here...
> >> >>
> >> >> - You have one FTP cluster in Active/Passive configuration? Then you
> >> >> also
> >> >> have 2 DCs that are supporting that cluster (probably for the
> >> >> accounts)?
> >> >
> >> > That's correct, these 2 DC's are for the External accounts.
> >> > You can see the Host A records of both DC/DNS are there in each DNS.
> >> > But I couldn't find any records of Cluster IP there!!!.
> >> >>
> >> >> - You say that you nee to take the FTP out (evict node?) of the
> >> >> cluster
> >> >> config, why you need to do that? Failover doesn't work?
> >> >
> >> > We are having a different system at our Co. Because we are running a
> >> > slightly complicated procees consuming applications we always have to
> >> > do
> >> > it
> >> > manually. Once we took one of WEB Box out you have to point that as the
> >> > Active server for all external client request by changing the name and
> >> > location of server on xx.cfg file.
> >> > You know what I am talking about, don't you?
> >> >
> >> > If you need further info please don't hesitate to contact me.
> >> > It's kind of urgent, if we resolve ASAP, it's good for me and for the
> >> > Co.
> >> >
> >> > Thanking you,
> >> >
> >> > mill
> >> >
> >> >
> >> > "Jorge Silva" wrote:
> >> >
> >> >> Hi
> >> >> I'm a little lost here...
> >> >>
> >> >> - You have one FTP cluster in Active/Passive configuration? Then you
> >> >> also
> >> >> have 2 DCs that are supporting that cluster (probably for the
> >> >> accounts)?
> >> >>
> >> >> - You say that you nee to take the FTP out (evict node?) of the
> >> >> cluster
> >> >> config, why you need to do that? Failover doesn't work?
> >> >>
> >> >> - Then you say that the server doesn't update the DNS config? What
> >> >> server?
> >> >> Assuming the Cluster Virtual Network Name (associated with virtual IP
> >> >> Address), that record should already exist in DNS when the cluster is
> >> >> up
> >> >> and
> >> >> running?
> >> >>
> >> >> Perhaps I missunderstood you!!!
> >> >> --
> >> >> I hope that the information above helps you.
> >> >> Have a Nice day.
> >> >>
> >> >> Jorge Silva
> >> >> MVP Directory Services
> >> >> "millin" <ssuj@discussions.microsoft.com(No Spam)> wrote in message
> >> >> news:12694AE9-1DFC-4F91-9BEF-BD856AF9A287@microsoft.com...
> >> >> > Dear All,
> >> >> >
> >> >> > I am having a problem with our live FTP servers.
> >> >> > We are running our FTP servers on cluster.
> >> >> > Whenever one of the FTP server goes down we have to take that server
> >> >> > out
> >> >> > from the cluster and point to that to the other FTP
> >> >> > server(passive).
> >> >> > The problem which I am facing is whenever we take one of the FTP
> >> >> > server
> >> >> > from
> >> >> > the cluster.For a couple of minutes the server doesn't seem to be
> >> >> > updating
> >> >> > on
> >> >> > the DNS server,so our LIVE FTP says it's DOWN!!!.From our point of
> >> >> > view
> >> >> > that
> >> >> > is not acceptable.
> >> >> > we have got 2DC's running for the Domain(LIVE).I ran replmon and it
> >> >> > doesn't
> >> >> > showing any replication issues between the two DC's.
> >> >> > So I am bit stucked at the moment?
> >> >> >
> >> >> > any help would be apprciated.
> >> >> >
> >> >> > Thanks
> >> >> > mill
> >> >>
> >>
>
Re: issue with DC replication [message #156613 is a reply to message #156612] Mon, 22 June 2009 10:30 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"millin" <ssuj@discussions.microsoft.com(No Spam)> wrote in message
news:AD7593F3-8D12-4FE9-92AA-97EB5E979B8B@microsoft.com...
> Hi Jorge,
>
> There is no way I can run these cmd's in the live boxes.
> Company policy doesn't allow me to do that.
>
> I got the permission to set up a test network for finding the issue.
> I got no idea what I needed and how i am supposed to do it?
>


Hi Mill,

As Jorge stated and explained why, multiple NICs on a DC is not recommended
nor advised. All engineers will agree with both of us on this. Multiple NICs
on a DC can cause numerous issues, starting with replication, to clients not
able to logon, authentication failing, etc, due to the DNS registrations of
the multiple interfaces. And simply unchecking the 'register this
connection' in NIC properties, doesn't do the trick. It would require
registry and other changes to control registration, essentially altering the
DC's functionality to make it work for a multihomed DC.

The folloiwng is a little write-up I've created on this subject, which
encompasses multiple scenarios with multihomed DCs, as well as how to alter
your DC to properly function with multiple NICs and/or IPs. I hope it helps.
============================================================ ==========================================
Multihomed DCs, DNS, RRAS servers.
By Ace Fekay, MCSE, MCT, former Directory Services MVP
First published: January, 2003, revised accordingly
==============================================

Multihomed DCs WILL cause numerous issues. It's highly recommended to single
home all DCs and use a non-DC for the multihoming purposes. If it is the
internet gateway, it is recommended to purchase an inexpensive, or cable/DLS
router, or even better, a Cisco or similar firewall to perform the task,
which if it is compromised by an internet attacker remotely, can further
compromise the rest of the internal network.

Also if attempting to use ICS on a DC, this further complicates matters with
DC functionality, and cannot be fixed with the following steps outlined in
this article.

To explain why will require a little background on AD and DNS:

First, just to get this out of the way, if you have your ISP's DNS addresses
in your IP configuration (DCs and clients), they need to be REMOVED. If the
ISP's DNS is in there, this will cause additional problems. I usually see
errors (GPOs not working, can't find the domain, RPC issues, etc), when the
ISP's DNS servers are listed on a client, DCs and/or member servers, or with
multihomed DCs. If you have an ISP's (or some other outside DNS server or
even using your router as a DNS server) DNS addresses in your IP
configuration (all DCs, member servers and clients), they need to be REMOVED
and ONLY use the internal DNS server(s). This can be very problematic.

Basically, AD requires DNS. DNS stores AD's resource and service locations
in the form of SRV records, hence how everything that is part of the domain
will find resources in the domain. If the ISP's DNS is configured in the any
of the internal AD member machines' IP properties, (including all client
machines and DCs), the machines will be asking the ISP's DNS 'where is the
domain controller for my domain?", whenever it needs to perform a function,
(such as a logon request, replication request, querying and applying GPOs,
etc). Unfortunately, the ISP's DNS does not have that info and they reply
with an "I dunno know", and things just fail. Unfortunately, the ISP's (or
your router as a DNS server) DNS doesn't have information or records about
your internal private AD domain, and they shouldn't have that sort of
information.

Also, AD registers certain records in DNS in the form of SRV records that
signify AD's resource and service locations. When there are multiple NICs,
each NIC registers. IF a client, or another DC queries DNS for this DC, it
may get the wrong record. One factor controlling this is Round Robin. If a
DC or client on another subnet that the DC is not configured on queries for
it, Round Robin will kick in offering one or the other. If the wrong one
gets offered, it may not have a route to it. On the other hand, Subnetmask
Priortization will ensure a querying client will get an IP that corresponds
to the subnet it's on, which will work. To insure everything works, stick
with one NIC.

Since this DC is multi-homed, it requires additional configuration to
prevent the public interface addresses from being registered in DNS. This
creates a problem for internal clients locating AD to authenticate and find
other services and resources such as the Global Catalog, file sharing and
the SYSVOL DFS share and can cause GPO errors with Userenv 1000 events to be
logged, authenticating to shares and printers, logging on takes forever,
among numerous other issues.

But if you like, there are some registry changes to eliminate the
registration of the external NIC or simply use the internal networking
routing to allow access. Here's the whole list of manual steps to follow.

Another problem is the DC now becomes part of two Sites. This is another
issue that can be problematic.

But believe me, it's much easier to just get a separate NAT device or
multihome a non-DC then having to alter the DC. If the both NICs are
internal, I would suggest to pick a subnet, team the NICs and allow your
internal routers handle the traffic between subnets - Good luck!

1. Insure that all the NICS only point to your internal DNS server(s) only
and none others, such as your ISP’s DNS servers’ IP addresses.

2. In Network & Dialup properties, Advanced Menu item, Advanced Settings,
move the internal NIC (the network that AD is on) to the top of the binding
order (top of the list).

3. Disable the ability for the outer NIC to register. The procedure, as
mentioned, involves identifying the outer NIC’s GUID number. This link will
show you how:
246804 - How to Enable-Disable Windows 2000 Dynamic DNS Registrations (per
NIC too):
http://support.microsoft.com/?id=246804

4. Disable NetBIOS on the outside NIC. That is performed by choosing to
disable NetBIOS in IP Properties, Advanced, and you will find that under the
“WINS” tab. You may want to look at step #3 in the article to show you how
to disable NetBIOS on the RRAS interfaces if this is a RRAS server.
296379 - How to Disable NetBIOS on an Incoming Remote Access Interface
[Registry Entry]:
http://support.microsoft.com/?id=296379

Note: A standard Windows service, called the “Browser service”, provides the
list of machines, workgroup and domain names that you see in “My Network
Places” (or the legacy term “Network Neighborhood”). The Browser service
relies on the NetBIOS service. One major requirement of NetBIOS service is a
machine can only have one name to one IP address. It’s sort of a
fingerprint. You can’t have two brothers named Darrell. A multihomed machine
will cause duplicate name errors on itself because Windows sees itself with
the same name in the Browse List (My Network Places), but with different
IPs. You can only have one, hence the error generated.

5. Disable the “File and Print Service” and disable the “MS Client Service”
on the outer NIC. That is done in NIC properties by unchecking the
respective service under the general properties page. If you need these
services on the outside NIC (which is unlikely), which allow other machines
to connect to your machine for accessing resource on your machine (shared
folders, printers, etc.), then you will probably need to keep them enabled.

6. Uncheck “Register this connection” under IP properties, Advanced
settings, “DNS” tab.

7. Delete the outer NIC IP address, disable Netlogon registration, and
manually create the required records

a. In DNS under the zone name, (your DNS domain name), delete the outer
NIC’s IP references for the “LdapIpAddress”. If this is a GC, you will need
to delete the GC IP record as well (the “GcIpAddress”). To do that, in the
DNS console, under the zone name, you will see the _msdcs folder.

Under that, you will see the _gc folder. To the right, you will see the IP
address referencing the GC address. That is called the GcIpAddress. Delete
the IP addresses referencing the outer NIC.
i. To stop these two records from registering that information,
use the steps provided in the links below:
Private Network Interfaces on a Domain Controller Are Registered in DNS
http://support.microsoft.com/?id=295328

ii. The one section of the article that disables these records is
done with this registry entry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogo n\Parameters
(Create this Multi-String Value under it):
Registry value: DnsAvoidRegisterRecords
Data type: REG_MULTI_SZ
Values: LdapIpAddress
GcIpAddress

iii. Here is more information on these and other Netlogon Service records:
Restrict the DNS SRV resource records updated by the Netlogon service
[including GC]:
http://www.microsoft.com/technet/treeview/default.asp?url=/t echnet/prodtechnol/windowsserver2003/proddocs/standard/sag_d ns_pro_no_rr_in_ad.asp

b. Then you will need to manually create these two records in DNS with
the IP addresses that you need for the DC. To create the LdapIpAddress,
create a new host under the domain, but leave the “hostname” field blank,
and provide the internal IP of the DC, which results in a record that looks
like:
(same as parent) A 192.168.5.200 (192.168.5.200 is used for illustrative
purposes)

i. You need to also manually create the GcIpAddress as well, if
this is a GC. That would be under the _msdcs._gc SRV record under the zone.
It is created in the same fashion as the LdapIpAddress mentioned above.

8. In the DNS console, right click the server name, choose properties, then
under the “Interfaces” tab, force it only to listen to the internal NIC’s IP
address, and not the IP address of the outer NIC.

9. Since this is also a DNS server, the IPs from all NICs will register,
even if you tell it not to in the NIC properties. See this to show you how
to stop that behavior (this procedure is for Windows 2000, but will also
work for Windows 2003):
275554 - The Host's A Record Is Registered in DNS After You Choose Not to
Register the Connection's Address:
http://support.microsoft.com/?id=275554

10. If you haven't done so, configure a forwarder. You can use 4.2.2.2 if
not sure which DNS to forward to until you've got the DNS address of your
ISP.
How to set a forwarder? Good question. Depending on your operating
system,choose one of the following articles:

300202 - HOW TO: Configure DNS for Internet Access in Windows 2000
http://support.microsoft.com/?id=300202

323380 - HOW TO: Configure DNS for Internet Access in Windows Server 2003
(How to configure a forwarder):
http://support.microsoft.com/d/id?=323380

Active Directory communication fails on multihomed domain controllers
http://support.microsoft.com/kb/272294


<==*** Some additional reading ***==>
More links to read up and understand what is going on:

292822 - Name Resolution and Connectivity Issues on Windows 2000 Domain
Controller with Routing and Remote Access and DNS Insta {DNS and RRAS and
unwanted IPs registering]:
http://support.microsoft.com/?id=292822

Active Directory communication fails on multihomed domain controllers
http://support.microsoft.com/kb/272294

246804 - How to enable or disable DNS updates in Windows 2000 and in Windows
Server 2003
http://support.microsoft.com/?id=246804

295328 - Private Network Interfaces on a Domain Controller Are Registered in
DNS [also shows DnsAvoidRegisterRecords LdapIpAddress to avoid reg
sameasparent private IP]:
http://support.microsoft.com/?id=295328

306602 - How to Optimize the Location of a DC or GC That Resides Outside of
a Client's Site [Includes info LdapIpAddress and GcIpAddress information and
the SRV mnemonic values]:
http://support.microsoft.com/?id=306602

825036 - Best practices for DNS client settings in Windows 2000 Server and
in Windows Server 2003 (including how-to configure a forwarder):
http://support.microsoft.com/default.aspx?scid=kb;en-us;825036

291382 - Frequently asked questions about Windows 2000 DNS and Windows
Server 2003 DNS
http://support.microsoft.com/?id=291382

296379 - How to Disable NetBIOS on an Incoming Remote Access Interface
[Registry Entry]:
http://support.microsoft.com/?id=296379

Rid Pool Errors and other multihomed DC errors, and how to configure a
multihomed DC, Ace Fekay, 24 Feb 2006
http://www.ureader.com/message/3244572.aspx

257623 257623 Domain Controller's Domain Name System Suffix Does Not Match
Domain Name
http://support.microsoft.com/?id=257623
==========================================


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup/forum to benefit from collaboration among
responding engineers, as well as to help others benefit from your
resolution.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
Microsoft Certified Trainer
aceman@mvps.RemoveThisPart.org
http://twitter.com/acefekay

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Re: issue with DC replication [message #156729 is a reply to message #156613] Wed, 24 June 2009 09:17 Go to previous messageGo to next message
millin  is currently offline millin
Messages: 29
Registered: July 2009
Junior Member
Hi Ace,

Thanks for the suggestion.
As per your suggestion I have set up one NIC for name resolution and still I
am not able to achieve what
I am really looking for.

is there any mechanism there to switch over straight away from the preferred
DNS server to
other DNS before taking down ,the one which is providing name resolution
service.

Testing Network Scenario:

1)2 On-Line Web Servers.(Web 01 and web 02)-Clustered using NLB.
2)2 DNS Servers.(DC-01&Dc-02).---Both are AD-I.

PS: what happens if the DNS Server running on a different subnet other than
web boxes.

Regards
Mill




"Ace Fekay [Microsoft Certified Trainer]" wrote:

> "millin" <ssuj@discussions.microsoft.com(No Spam)> wrote in message
> news:AD7593F3-8D12-4FE9-92AA-97EB5E979B8B@microsoft.com...
> > Hi Jorge,
> >
> > There is no way I can run these cmd's in the live boxes.
> > Company policy doesn't allow me to do that.
> >
> > I got the permission to set up a test network for finding the issue.
> > I got no idea what I needed and how i am supposed to do it?
> >
>
>
> Hi Mill,
>
> As Jorge stated and explained why, multiple NICs on a DC is not recommended
> nor advised. All engineers will agree with both of us on this. Multiple NICs
> on a DC can cause numerous issues, starting with replication, to clients not
> able to logon, authentication failing, etc, due to the DNS registrations of
> the multiple interfaces. And simply unchecking the 'register this
> connection' in NIC properties, doesn't do the trick. It would require
> registry and other changes to control registration, essentially altering the
> DC's functionality to make it work for a multihomed DC.
>
> The folloiwng is a little write-up I've created on this subject, which
> encompasses multiple scenarios with multihomed DCs, as well as how to alter
> your DC to properly function with multiple NICs and/or IPs. I hope it helps.
> ============================================================ ==========================================
> Multihomed DCs, DNS, RRAS servers.
> By Ace Fekay, MCSE, MCT, former Directory Services MVP
> First published: January, 2003, revised accordingly
> ==============================================
>
> Multihomed DCs WILL cause numerous issues. It's highly recommended to single
> home all DCs and use a non-DC for the multihoming purposes. If it is the
> internet gateway, it is recommended to purchase an inexpensive, or cable/DLS
> router, or even better, a Cisco or similar firewall to perform the task,
> which if it is compromised by an internet attacker remotely, can further
> compromise the rest of the internal network.
>
> Also if attempting to use ICS on a DC, this further complicates matters with
> DC functionality, and cannot be fixed with the following steps outlined in
> this article.
>
> To explain why will require a little background on AD and DNS:
>
> First, just to get this out of the way, if you have your ISP's DNS addresses
> in your IP configuration (DCs and clients), they need to be REMOVED. If the
> ISP's DNS is in there, this will cause additional problems. I usually see
> errors (GPOs not working, can't find the domain, RPC issues, etc), when the
> ISP's DNS servers are listed on a client, DCs and/or member servers, or with
> multihomed DCs. If you have an ISP's (or some other outside DNS server or
> even using your router as a DNS server) DNS addresses in your IP
> configuration (all DCs, member servers and clients), they need to be REMOVED
> and ONLY use the internal DNS server(s). This can be very problematic.
>
> Basically, AD requires DNS. DNS stores AD's resource and service locations
> in the form of SRV records, hence how everything that is part of the domain
> will find resources in the domain. If the ISP's DNS is configured in the any
> of the internal AD member machines' IP properties, (including all client
> machines and DCs), the machines will be asking the ISP's DNS 'where is the
> domain controller for my domain?", whenever it needs to perform a function,
> (such as a logon request, replication request, querying and applying GPOs,
> etc). Unfortunately, the ISP's DNS does not have that info and they reply
> with an "I dunno know", and things just fail. Unfortunately, the ISP's (or
> your router as a DNS server) DNS doesn't have information or records about
> your internal private AD domain, and they shouldn't have that sort of
> information.
>
> Also, AD registers certain records in DNS in the form of SRV records that
> signify AD's resource and service locations. When there are multiple NICs,
> each NIC registers. IF a client, or another DC queries DNS for this DC, it
> may get the wrong record. One factor controlling this is Round Robin. If a
> DC or client on another subnet that the DC is not configured on queries for
> it, Round Robin will kick in offering one or the other. If the wrong one
> gets offered, it may not have a route to it. On the other hand, Subnetmask
> Priortization will ensure a querying client will get an IP that corresponds
> to the subnet it's on, which will work. To insure everything works, stick
> with one NIC.
>
> Since this DC is multi-homed, it requires additional configuration to
> prevent the public interface addresses from being registered in DNS. This
> creates a problem for internal clients locating AD to authenticate and find
> other services and resources such as the Global Catalog, file sharing and
> the SYSVOL DFS share and can cause GPO errors with Userenv 1000 events to be
> logged, authenticating to shares and printers, logging on takes forever,
> among numerous other issues.
>
> But if you like, there are some registry changes to eliminate the
> registration of the external NIC or simply use the internal networking
> routing to allow access. Here's the whole list of manual steps to follow.
>
> Another problem is the DC now becomes part of two Sites. This is another
> issue that can be problematic.
>
> But believe me, it's much easier to just get a separate NAT device or
> multihome a non-DC then having to alter the DC. If the both NICs are
> internal, I would suggest to pick a subnet, team the NICs and allow your
> internal routers handle the traffic between subnets - Good luck!
>
> 1. Insure that all the NICS only point to your internal DNS server(s) only
> and none others, such as your ISP’s DNS servers’ IP addresses.
>
> 2. In Network & Dialup properties, Advanced Menu item, Advanced Settings,
> move the internal NIC (the network that AD is on) to the top of the binding
> order (top of the list).
>
> 3. Disable the ability for the outer NIC to register. The procedure, as
> mentioned, involves identifying the outer NIC’s GUID number. This link will
> show you how:
> 246804 - How to Enable-Disable Windows 2000 Dynamic DNS Registrations (per
> NIC too):
> http://support.microsoft.com/?id=246804
>
> 4. Disable NetBIOS on the outside NIC. That is performed by choosing to
> disable NetBIOS in IP Properties, Advanced, and you will find that under the
> “WINS” tab. You may want to look at step #3 in the article to show you how
> to disable NetBIOS on the RRAS interfaces if this is a RRAS server.
> 296379 - How to Disable NetBIOS on an Incoming Remote Access Interface
> [Registry Entry]:
> http://support.microsoft.com/?id=296379
>
> Note: A standard Windows service, called the “Browser service”, provides the
> list of machines, workgroup and domain names that you see in “My Network
> Places” (or the legacy term “Network Neighborhood”). The Browser service
> relies on the NetBIOS service. One major requirement of NetBIOS service is a
> machine can only have one name to one IP address. It’s sort of a
> fingerprint. You can’t have two brothers named Darrell. A multihomed machine
> will cause duplicate name errors on itself because Windows sees itself with
> the same name in the Browse List (My Network Places), but with different
> IPs. You can only have one, hence the error generated.
>
> 5. Disable the “File and Print Service” and disable the “MS Client Service”
> on the outer NIC. That is done in NIC properties by unchecking the
> respective service under the general properties page. If you need these
> services on the outside NIC (which is unlikely), which allow other machines
> to connect to your machine for accessing resource on your machine (shared
> folders, printers, etc.), then you will probably need to keep them enabled.
>
> 6. Uncheck “Register this connection” under IP properties, Advanced
> settings, “DNS” tab.
>
> 7. Delete the outer NIC IP address, disable Netlogon registration, and
> manually create the required records
>
> a. In DNS under the zone name, (your DNS domain name), delete the outer
> NIC’s IP references for the “LdapIpAddress”. If this is a GC, you will need
> to delete the GC IP record as well (the “GcIpAddress”). To do that, in the
> DNS console, under the zone name, you will see the _msdcs folder.
>
> Under that, you will see the _gc folder. To the right, you will see the IP
> address referencing the GC address. That is called the GcIpAddress. Delete
> the IP addresses referencing the outer NIC.
> i. To stop these two records from registering that information,
> use the steps provided in the links below:
> Private Network Interfaces on a Domain Controller Are Registered in DNS
> http://support.microsoft.com/?id=295328
>
> ii. The one section of the article that disables these records is
> done with this registry entry:
>
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogo n\Parameters
> (Create this Multi-String Value under it):
> Registry value: DnsAvoidRegisterRecords
> Data type: REG_MULTI_SZ
> Values: LdapIpAddress
> GcIpAddress
>
> iii. Here is more information on these and other Netlogon Service records:
> Restrict the DNS SRV resource records updated by the Netlogon service
> [including GC]:
> http://www.microsoft.com/technet/treeview/default.asp?url=/t echnet/prodtechnol/windowsserver2003/proddocs/standard/sag_d ns_pro_no_rr_in_ad.asp
>
> b. Then you will need to manually create these two records in DNS with
> the IP addresses that you need for the DC. To create the LdapIpAddress,
> create a new host under the domain, but leave the “hostname” field blank,
> and provide the internal IP of the DC, which results in a record that looks
> like:
> (same as parent) A 192.168.5.200 (192.168.5.200 is used for illustrative
> purposes)
>
> i. You need to also manually create the GcIpAddress as well, if
> this is a GC. That would be under the _msdcs._gc SRV record under the zone.
> It is created in the same fashion as the LdapIpAddress mentioned above.
>
> 8. In the DNS console, right click the server name, choose properties, then
> under the “Interfaces” tab, force it only to listen to the internal NIC’s IP
> address, and not the IP address of the outer NIC.
>
> 9. Since this is also a DNS server, the IPs from all NICs will register,
> even if you tell it not to in the NIC properties. See this to show you how
> to stop that behavior (this procedure is for Windows 2000, but will also
> work for Windows 2003):
> 275554 - The Host's A Record Is Registered in DNS After You Choose Not to
> Register the Connection's Address:
> http://support.microsoft.com/?id=275554
>
> 10. If you haven't done so, configure a forwarder. You can use 4.2.2.2 if
> not sure which DNS to forward to until you've got the DNS address of your
> ISP.
> How to set a forwarder? Good question. Depending on your operating
> system,choose one of the following articles:
>
> 300202 - HOW TO: Configure DNS for Internet Access in Windows 2000
> http://support.microsoft.com/?id=300202
>
> 323380 - HOW TO: Configure DNS for Internet Access in Windows Server 2003
> (How to configure a forwarder):
> http://support.microsoft.com/d/id?=323380
>
> Active Directory communication fails on multihomed domain controllers
> http://support.microsoft.com/kb/272294
>
>
> <==*** Some additional reading ***==>
> More links to read up and understand what is going on:
>
> 292822 - Name Resolution and Connectivity Issues on Windows 2000 Domain
> Controller with Routing and Remote Access and DNS Insta {DNS and RRAS and
> unwanted IPs registering]:
> http://support.microsoft.com/?id=292822
>
> Active Directory communication fails on multihomed domain controllers
> http://support.microsoft.com/kb/272294
>
> 246804 - How to enable or disable DNS updates in Windows 2000 and in Windows
> Server 2003
> http://support.microsoft.com/?id=246804
>
> 295328 - Private Network Interfaces on a Domain Controller Are Registered in
> DNS [also shows DnsAvoidRegisterRecords LdapIpAddress to avoid reg
> sameasparent private IP]:
> http://support.microsoft.com/?id=295328
>
> 306602 - How to Optimize the Location of a DC or GC That Resides Outside of
> a Client's Site [Includes info LdapIpAddress and GcIpAddress information and
> the SRV mnemonic values]:
> http://support.microsoft.com/?id=306602
>
> 825036 - Best practices for DNS client settings in Windows 2000 Server and
> in Windows Server 2003 (including how-to configure a forwarder):
> http://support.microsoft.com/default.aspx?scid=kb;en-us;825036
>
> 291382 - Frequently asked questions about Windows 2000 DNS and Windows
> Server 2003 DNS
> http://support.microsoft.com/?id=291382
>
> 296379 - How to Disable NetBIOS on an Incoming Remote Access Interface
> [Registry Entry]:
> http://support.microsoft.com/?id=296379
>
> Rid Pool Errors and other multihomed DC errors, and how to configure a
> multihomed DC, Ace Fekay, 24 Feb 2006
> http://www.ureader.com/message/3244572.aspx
>
> 257623 257623 Domain Controller's Domain Name System Suffix Does Not Match
> Domain Name
> http://support.microsoft.com/?id=257623
> ==========================================
>
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Please reply back to the newsgroup/forum to benefit from collaboration among
> responding engineers, as well as to help others benefit from your
> resolution.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
> Microsoft Certified Trainer
> aceman@mvps.RemoveThisPart.org
> http://twitter.com/acefekay
>
> For urgent issues, you may want to contact Microsoft PSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
>
Re: issue with DC replication [message #156730 is a reply to message #156729] Wed, 24 June 2009 09:39 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"millin" <ssuj@discussions.microsoft.com(No Spam)> wrote in message
news:F7E9E91A-09C9-4545-B073-E43400A7FB7F@microsoft.com...
> Hi Ace,
>
> Thanks for the suggestion.
> As per your suggestion I have set up one NIC for name resolution and still
> I
> am not able to achieve what
> I am really looking for.
>
> is there any mechanism there to switch over straight away from the
> preferred
> DNS server to
> other DNS before taking down ,the one which is providing name resolution
> service.
>
> Testing Network Scenario:
>
> 1)2 On-Line Web Servers.(Web 01 and web 02)-Clustered using NLB.
> 2)2 DNS Servers.(DC-01&Dc-02).---Both are AD-I.
>
> PS: what happens if the DNS Server running on a different subnet other
> than
> web boxes.
>
> Regards
> Mill


Hi Mill,

Which exact suggestion did you follow? Did you disable the additional NIC,
so there is only one now? Is the web server using the DC/DNS servers as
their only DNS addresses, or is there a mixture of internal and external
DNS?

When entering multiple DNS addresses in a NIC properties, they must all
reference internal DNS only that either host the internal zone, or a have a
reference to it. Multiple addresses are not load balancing, meaning it will
check the first, and if no answer (only if no answer), will it go to the
next one, then removing the first one out of the "eligible resolvers list"
for 15 minutes before it resets the list automatically. That is why any DNS
addresses in there must all have the same exact info on the DNS servers, or
have a way to get to the DNS server with the same answer (either using
secondaries, stubs, or conditional forwarding). Now if the first one gives
an "NXDOMAIN" response, that means it doesn't know the answer, and being a
non-answer, it is an answer, and will look no further. That is why all DNS
entered must have references to internal resources or to zone data that
needs to be available to all machines internally.

So I am a little confused why, that is if the only DNS servers listed are
your DCs, why you would want to try to reset the list? Theoretically, as I
stated, they BOTH should be able to resolve for you. If the first one
doesn't respond, it will automatically go to the next one.

Also, if DNS is on another subnet, it wouldn't matter because your internal
infrastructure knows how to route to get to the other subnets, unless
there's a problem in that area?

Ace
Re: issue with DC replication [message #156732 is a reply to message #156552] Wed, 24 June 2009 09:59 Go to previous messageGo to next message
millin  is currently offline millin
Messages: 29
Registered: July 2009
Junior Member
Hi Jorge,

I have got 2 web servers running on 217.54.45.0 subnet.(Front End)
2 DNS AD-I running on 217.54.46.0 subnet.(Back End).Some routing mechnism is
there which has been provided by 3rd party.
how can I failover immediatley to DNS2 for providing name rsolution services
for both web boxes,before I need to take down DNS1 from the network for
maintenance.

Thanks in advance.
Mills.

"Jorge Silva" wrote:

> Inline
>
> > arp -d
> > nbtstat -R
> > by running this cmd on both the m/c what am I going to establish?
>
> To clear the cache + ipconfig /flushdns.
> Same as doing a repair in Windows 2008 or vista.
>
> > We are runnign IP Monitor8.0 when ever the FTP Service goes down it gives
> > us
> > an alert?I am still learning how to use the S/W?As I said to you on my
> > earlier mails clients doesn't notice the issue as the DC1 re-boot in
> > couple
> > of minutes time.But my main worry is what happen if DC1 actually fails how
> > do
> > I establish clients can still can connect to the other DC/DNS?
>
> Ok, but with a couple of seconds with the DC down, you can run the sniffer
> to check what is going at network level.
>
> > Yes the D.C has 2 NIC's.
> > But we are only using one NIC for the name resolution on each.
>
> Are the NICs in different address? Are the addresses in the same network ID
> as the FTP servers? What do you mean with name resolution for each?
>
> > what's the interface tab actually means do you really have to set it up 2
> > NIC's for adding two IP Addresses at the interface tab or can you put 2
> > different AD-I DNS server ip address which will provide the DNS services.
>
> You don't need to have multiple NICs to have multiple address, you can
> configure all in the same NIC, but this type of configuration only makes
> sense in a DEV/TEST environment, in PROD you generally have specific VLans
> configured to the switch port where the Nic is connected (unless you have
> the NIC in Trunk VLAN).
>
> Is not recommended to have multiple NICs assigned to the DC because by
> default DNS round robin is active and if DNS clients are in a different
> VLANs, they may end up getting the with the wrong DNS ip address for that DC
> (Wrong means an IP that may not be reachable by the clients due FW
> configurations or routing configs). Additionally you may have problems with
> replication between both DCs for the same reason.
>
> > Unfortunately I am not allowd to take the D.C's down which providing
> > FTP/Web
> > services for doing my testing,that's a real hinderance from my point of
> > view?
>
> Well, I think that when you lose resolution between the FTP and the DNS/DC
> may be related with the fact that when querying DC2 the wrong IP is returned
> or something is in cache preventing it from working correctly.
>
> > When I had a chat with my colleague what I understood was FTP services
> > goes
> > down when we take the DC1 down not for the DC2.
>
> There're other options, you say that only happens when DC1 is rebooting,
> because you can't take DC1 down to test, you can try to point the preferred
> DNS to DC2, and check if the same behavior occurs. Another thing to check is
> if you have any entry in the hosts file with the wrong IP of DC2. After
> making the changes on NIC preferred DNS run the cmds that I provided before
> and try to ping the FQDN of DC2, if nothing run the sniffer or check if the
> IP returned is the correct for DC2. Also check time between DCs and client.
>
> Well, if it fails when DC1 is down, that means that for some reason DC2 is
> not responding to the server requests when DC1 is down (also check if both
> DCs are in sync: repadmin /replsum * /bysrc /bydest /sort:delta).
>
>
> > Is this anything to do with the FSMO roles,cause DC1 is acting as PDC,RID
> > and Infrastructure.I think that might be causing the problem!!!
>
> For FTP service? I don't think so.
>
> > PS: If I can make the both the FTP/WEB Servers to look at least same D.C
> > when the other goes down will give me a quick fix for time being.At the
> > moment when I run nslookup I can see that one Web server pointing to One
> > DNS
> > and the other one always pointing to the other one.
>
> Use both DNS in NIC config otherwise when one fails the client has no way to
> determine where the other is at.
>
> --
> I hope that the information above helps you.
> Have a Nice day.
>
> Jorge Silva
> MVP Directory Services
> "millin" <ssuj@discussions.microsoft.com(No Spam)> wrote in message
> news:D33128A2-9277-4391-B559-603D7DC712FD@microsoft.com...
> > Hi Jorge,
> >
> > arp -d
> > nbtstat -R
> > by running this cmd on both the m/c what am I going to establish?
> >
> > We are runnign IP Monitor8.0 when ever the FTP Service goes down it gives
> > us
> > an alert?I am still learning how to use the S/W?As I said to you on my
> > earlier mails clients doesn't notice the issue as the DC1 re-boot in
> > couple
> > of minutes time.But my main worry is what happen if DC1 actually fails how
> > do
> > I establish clients can still can connect to the other DC/DNS?
> >
> >
> > Yes the D.C has 2 NIC's.
> > But we are only using one NIC for the name resolution on each.
> > what's the interface tab actually means do you really have to set it up 2
> > NIC's for adding two IP Addresses at the interface tab or can you put 2
> > different AD-I DNS server ip address which will provide the DNS services.
> >
> > Unfortunately I am not allowd to take the D.C's down which providing
> > FTP/Web
> > services for doing my testing,that's a real hinderance from my point of
> > view?
> >
> > When I had a chat with my colleague what I understood was FTP services
> > goes
> > down when we take the DC1 down not for the DC2.
> >
> > Is this anything to do with the FSMO roles,cause DC1 is acting as PDC,RID
> > and Infrastructure.I think that might be causing the problem!!!
> >
> > PS: If I can make the both the FTP/WEB Servers to look at least same D.C
> > when the other goes down will give me a quick fix for time being.At the
> > moment when I run nslookup I can see that one Web server pointing to One
> > DNS
> > and the other one always pointing to the other one.
> >
> > any suggestions would be appreciated.
> >
> > "Jorge Silva" wrote:
> >
> >> Ah, Ok,
> >> -1st, are the DCs with more than one NIC each?
> >> - Yes, you can configure the DNS to respond only to the address in the IP
> >> that you want to. If your interface tab is setup to respond on the
> >> correct
> >> IP address you should have no issues at all.
> >>
> >> Try the follwing. After taking the DC down, go to both nodes of the NLB,
> >> and
> >> run from cmd:
> >> arp -d
> >> nbtstat -R
> >> ipconfig /flushdns
> >>
> >> and try again, what are the results?
> >> Problems?
> >> - Ok, install Wireshark or NetMon to check what is going on at network
> >> level
> >> request.
> >> - Another thing to consider is FROM WHERE are you testing the FTP? For
> >> example, if you're testing from a client, can you check if the client is
> >> being redirected to the correct address or DNS server? Is the router or
> >> the
> >> network balancing mechanism (assuming alteon or other dedicated device)
> >> with
> >> problems when redirecting traffic?
> >>
> >> --
> >> I hope that the information above helps you.
> >> Have a Nice day.
> >>
> >> Jorge Silva
> >> MVP Directory Services
> >> "millin" <ssuj@discussions.microsoft.com(No Spam)> wrote in message
> >> news:9A9B67DE-6CF1-47D4-9703-B8379C5F71DF@microsoft.com...
> >> > Hi Jorge,
> >> >
> >> > I may be misguided you both. I don't know.
> >> > O.K our network structure is like this.
> >> >
> >> > we have got 2 FTP/WEB Servers which are public having ip address in the
> >> > range 217.45.XXX.8 and 217.45.XXX.9 and both are clustered using
> >> > Microsoft
> >> > NLB,whose Virtual IP address is 217.45.xxx.12.
> >> >
> >> > Whenever we take one of the D.C for maintenance or goes down, FTP
> >> > servers
> >> > is
> >> > going down. But I ran ipconfig/all on both the WEB01/02,I can see the
> >> > preferred DNS and alternated DNS as our AD-I DNS servers.
> >> > But another thing which I noticed was for the restricted IP address (at
> >> > the
> >> > interface tab) for both the DNS servers, only have one DNS server IP
> >> > Address.
> >> > I am just wondering if I give both the DNS server's IP address at the
> >> > interfaces (tab) might solve my problem!!! I don't know.
> >> >
> >> > does it make sense !!!
> >> >
> >> > thanks
> >> > mill
> >> >
> >> > "Jorge Silva" wrote:
> >> >
> >> >> Hi
> >> >> I'm a little lost here...
> >> >>
> >> >> - You have one FTP cluster in Active/Passive configuration? Then you
> >> >> also
> >> >> have 2 DCs that are supporting that cluster (probably for the
> >> >> accounts)?
> >> >
> >> > That's correct, these 2 DC's are for the External accounts.
> >> > You can see the Host A records of both DC/DNS are there in each DNS.
> >> > But I couldn't find any records of Cluster IP there!!!.
> >> >>
> >> >> - You say that you nee to take the FTP out (evict node?) of the
> >> >> cluster
> >> >> config, why you need to do that? Failover doesn't work?
> >> >
> >> > We are having a different system at our Co. Because we are running a
> >> > slightly complicated procees consuming applications we always have to
> >> > do
> >> > it
> >> > manually. Once we took one of WEB Box out you have to point that as the
> >> > Active server for all external client request by changing the name and
> >> > location of server on xx.cfg file.
> >> > You know what I am talking about, don't you?
> >> >
> >> > If you need further info please don't hesitate to contact me.
> >> > It's kind of urgent, if we resolve ASAP, it's good for me and for the
> >> > Co.
> >> >
> >> > Thanking you,
> >> >
> >> > mill
> >> >
> >> >
> >> > "Jorge Silva" wrote:
> >> >
> >> >> Hi
> >> >> I'm a little lost here...
> >> >>
> >> >> - You have one FTP cluster in Active/Passive configuration? Then you
> >> >> also
> >> >> have 2 DCs that are supporting that cluster (probably for the
> >> >> accounts)?
> >> >>
> >> >> - You say that you nee to take the FTP out (evict node?) of the
> >> >> cluster
> >> >> config, why you need to do that? Failover doesn't work?
> >> >>
> >> >> - Then you say that the server doesn't update the DNS config? What
> >> >> server?
> >> >> Assuming the Cluster Virtual Network Name (associated with virtual IP
> >> >> Address), that record should already exist in DNS when the cluster is
> >> >> up
> >> >> and
> >> >> running?
> >> >>
> >> >> Perhaps I missunderstood you!!!
> >> >> --
> >> >> I hope that the information above helps you.
> >> >> Have a Nice day.
> >> >>
> >> >> Jorge Silva
> >> >> MVP Directory Services
> >> >> "millin" <ssuj@discussions.microsoft.com(No Spam)> wrote in message
> >> >> news:12694AE9-1DFC-4F91-9BEF-BD856AF9A287@microsoft.com...
> >> >> > Dear All,
> >> >> >
> >> >> > I am having a problem with our live FTP servers.
> >> >> > We are running our FTP servers on cluster.
> >> >> > Whenever one of the FTP server goes down we have to take that server
> >> >> > out
> >> >> > from the cluster and point to that to the other FTP
> >> >> > server(passive).
> >> >> > The problem which I am facing is whenever we take one of the FTP
> >> >> > server
> >> >> > from
> >> >> > the cluster.For a couple of minutes the server doesn't seem to be
> >> >> > updating
> >> >> > on
> >> >> > the DNS server,so our LIVE FTP says it's DOWN!!!.From our point of
> >> >> > view
> >> >> > that
> >> >> > is not acceptable.
> >> >> > we have got 2DC's running for the Domain(LIVE).I ran replmon and it
> >> >> > doesn't
> >> >> > showing any replication issues between the two DC's.
> >> >> > So I am bit stucked at the moment?
> >> >> >
> >> >> > any help would be apprciated.
> >> >> >
> >> >> > Thanks
> >> >> > mill
> >> >>
> >>
>
Re: issue with DC replication [message #156737 is a reply to message #156730] Wed, 24 June 2009 11:00 Go to previous messageGo to next message
Jorge Silva  is currently offline Jorge Silva
Messages: 398
Registered: July 2009
Senior Member
Hi Miling,m
Let's stay here to try to help you on this without other different threads
that may lead to confusion.

First let me say that Ace did some important questions that you should
answer. Understanding your environment is critical to give you a better
help.

Regarding to DNS "Failover immediatley ", you can achieve that using a
cluster to DNS (only to DNS, no DCs). You probably you don't need that.

Remember that the client also has local cache, and only asks DNS for
"questions" when the cache is not valid or expired or to new queries. If the
1st DNS server fails to respond, the client shoult try the secondary DNS
server and so on... The rest of the history was already explained by Ace
--
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services
"Ace Fekay [Microsoft Certified Trainer]" <aceman@mvps.RemoveThisPart.org>
wrote in message news:eFUy7EN9JHA.4948@TK2MSFTNGP04.phx.gbl...
> "millin" <ssuj@discussions.microsoft.com(No Spam)> wrote in message
> news:F7E9E91A-09C9-4545-B073-E43400A7FB7F@microsoft.com...
>> Hi Ace,
>>
>> Thanks for the suggestion.
>> As per your suggestion I have set up one NIC for name resolution and
>> still I
>> am not able to achieve what
>> I am really looking for.
>>
>> is there any mechanism there to switch over straight away from the
>> preferred
>> DNS server to
>> other DNS before taking down ,the one which is providing name resolution
>> service.
>>
>> Testing Network Scenario:
>>
>> 1)2 On-Line Web Servers.(Web 01 and web 02)-Clustered using NLB.
>> 2)2 DNS Servers.(DC-01&Dc-02).---Both are AD-I.
>>
>> PS: what happens if the DNS Server running on a different subnet other
>> than
>> web boxes.
>>
>> Regards
>> Mill
>
>
> Hi Mill,
>
> Which exact suggestion did you follow? Did you disable the additional NIC,
> so there is only one now? Is the web server using the DC/DNS servers as
> their only DNS addresses, or is there a mixture of internal and external
> DNS?
>
> When entering multiple DNS addresses in a NIC properties, they must all
> reference internal DNS only that either host the internal zone, or a have
> a reference to it. Multiple addresses are not load balancing, meaning it
> will check the first, and if no answer (only if no answer), will it go to
> the next one, then removing the first one out of the "eligible resolvers
> list" for 15 minutes before it resets the list automatically. That is why
> any DNS addresses in there must all have the same exact info on the DNS
> servers, or have a way to get to the DNS server with the same answer
> (either using secondaries, stubs, or conditional forwarding). Now if the
> first one gives an "NXDOMAIN" response, that means it doesn't know the
> answer, and being a non-answer, it is an answer, and will look no further.
> That is why all DNS entered must have references to internal resources or
> to zone data that needs to be available to all machines internally.
>
> So I am a little confused why, that is if the only DNS servers listed are
> your DCs, why you would want to try to reset the list? Theoretically, as I
> stated, they BOTH should be able to resolve for you. If the first one
> doesn't respond, it will automatically go to the next one.
>
> Also, if DNS is on another subnet, it wouldn't matter because your
> internal infrastructure knows how to route to get to the other subnets,
> unless there's a problem in that area?
>
> Ace
Re: issue with DC replication [message #156740 is a reply to message #156737] Wed, 24 June 2009 11:39 Go to previous messageGo to next message
millin  is currently offline millin
Messages: 29
Registered: July 2009
Junior Member
Hi ,

We've got 4 nics for each DNS/DC.
2 for HP time teaming.(I am not familiar with teaming NIC?)
1 for the actual name resolution.
1 for the support service for their management.

We have got 2 DNS Serevrs at the back end and 2 web servers running at the
front end.We are providing wed services for our clients.
When the clients request from our web servers it is coming through our
external firewall.We also have an Internal PIX firewall between the front end
and back end.
I hope you got some pic of our network.

My question is that is there anyway I can redirect any request coming from
two web boxes(Front-End) to point to the ONE DNS Server(ACTIVE) whenever the
other one down for maintenance.Presently some of the clients are always
connecting to the one DC/Dns server and some on the other DC/Dns.

So my manager doesn't want to play with the live ones.Because we are
providing 24/7 services.
That is the reason I can't run any purge or flushdns commands on the live
ones.

I created a test environment with 2 AD-I DC's and one Test-WB server.
If you need any more info please let me know.

i don't think firewalls are a problem?

Thanks
Siva.

"Jorge Silva" wrote:

> Hi Miling,m
> Let's stay here to try to help you on this without other different threads
> that may lead to confusion.
>
> First let me say that Ace did some important questions that you should
> answer. Understanding your environment is critical to give you a better
> help.
>
> Regarding to DNS "Failover immediatley ", you can achieve that using a
> cluster to DNS (only to DNS, no DCs). You probably you don't need that.
>
> Remember that the client also has local cache, and only asks DNS for
> "questions" when the cache is not valid or expired or to new queries. If the
> 1st DNS server fails to respond, the client shoult try the secondary DNS
> server and so on... The rest of the history was already explained by Ace
> --
> I hope that the information above helps you.
> Have a Nice day.
>
> Jorge Silva
> MVP Directory Services
> "Ace Fekay [Microsoft Certified Trainer]" <aceman@mvps.RemoveThisPart.org>
> wrote in message news:eFUy7EN9JHA.4948@TK2MSFTNGP04.phx.gbl...
> > "millin" <ssuj@discussions.microsoft.com(No Spam)> wrote in message
> > news:F7E9E91A-09C9-4545-B073-E43400A7FB7F@microsoft.com...
> >> Hi Ace,
> >>
> >> Thanks for the suggestion.
> >> As per your suggestion I have set up one NIC for name resolution and
> >> still I
> >> am not able to achieve what
> >> I am really looking for.
> >>
> >> is there any mechanism there to switch over straight away from the
> >> preferred
> >> DNS server to
> >> other DNS before taking down ,the one which is providing name resolution
> >> service.
> >>
> >> Testing Network Scenario:
> >>
> >> 1)2 On-Line Web Servers.(Web 01 and web 02)-Clustered using NLB.
> >> 2)2 DNS Servers.(DC-01&Dc-02).---Both are AD-I.
> >>
> >> PS: what happens if the DNS Server running on a different subnet other
> >> than
> >> web boxes.
> >>
> >> Regards
> >> Mill
> >
> >
> > Hi Mill,
> >
> > Which exact suggestion did you follow? Did you disable the additional NIC,
> > so there is only one now? Is the web server using the DC/DNS servers as
> > their only DNS addresses, or is there a mixture of internal and external
> > DNS?
> >
> > When entering multiple DNS addresses in a NIC properties, they must all
> > reference internal DNS only that either host the internal zone, or a have
> > a reference to it. Multiple addresses are not load balancing, meaning it
> > will check the first, and if no answer (only if no answer), will it go to
> > the next one, then removing the first one out of the "eligible resolvers
> > list" for 15 minutes before it resets the list automatically. That is why
> > any DNS addresses in there must all have the same exact info on the DNS
> > servers, or have a way to get to the DNS server with the same answer
> > (either using secondaries, stubs, or conditional forwarding). Now if the
> > first one gives an "NXDOMAIN" response, that means it doesn't know the
> > answer, and being a non-answer, it is an answer, and will look no further.
> > That is why all DNS entered must have references to internal resources or
> > to zone data that needs to be available to all machines internally.
> >
> > So I am a little confused why, that is if the only DNS servers listed are
> > your DCs, why you would want to try to reset the list? Theoretically, as I
> > stated, they BOTH should be able to resolve for you. If the first one
> > doesn't respond, it will automatically go to the next one.
> >
> > Also, if DNS is on another subnet, it wouldn't matter because your
> > internal infrastructure knows how to route to get to the other subnets,
> > unless there's a problem in that area?
> >
> > Ace
>
Re: issue with DC replication [message #156754 is a reply to message #156740] Wed, 24 June 2009 16:35 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"millin" <ssuj@discussions.microsoft.com(No Spam)> wrote in message
news:4EAB3E97-69A4-47B0-8DB8-983273A89CF7@microsoft.com...
> Hi ,
>
> We've got 4 nics for each DNS/DC.
> 2 for HP time teaming.(I am not familiar with teaming NIC?)
> 1 for the actual name resolution.
> 1 for the support service for their management.
>
> We have got 2 DNS Serevrs at the back end and 2 web servers running at
> the
> front end.We are providing wed services for our clients.
> When the clients request from our web servers it is coming through our
> external firewall.We also have an Internal PIX firewall between the front
> end
> and back end.
> I hope you got some pic of our network.
>
> My question is that is there anyway I can redirect any request coming from
> two web boxes(Front-End) to point to the ONE DNS Server(ACTIVE) whenever
> the
> other one down for maintenance.Presently some of the clients are always
> connecting to the one DC/Dns server and some on the other DC/Dns.
>
> So my manager doesn't want to play with the live ones.Because we are
> providing 24/7 services.
> That is the reason I can't run any purge or flushdns commands on the live
> ones.
>
> I created a test environment with 2 AD-I DC's and one Test-WB server.
> If you need any more info please let me know.
>
> i don't think firewalls are a problem?
>
> Thanks
> Siva.
>


Hello Siva,

First, I am not a fan of multihoming, or clustering a DC because of the DNS
registrations it creates. If there's are additional NICs and IPs, the
netlogon service WILL register them into DNS. You would need to perform
extensive registry modifications to stop this. Plus, DNS itself will
register into the DNS zone as well, hence the requirement for registry
changes to alter this default behavior. It also requires you to create
registry entries to 'publish' the IP that you do want in DNS for the DC's
host record, LdapIpAddress and GcIpAddress records. If you don't make the
modifications, what will happen when a client or another DC requests the IP
of a DC to authenticate while using a printer, connecting to a shared folder
or replicate to another DC, it may get resolved to an IP that the querying
client or DC cannot communicate to, such as the management IP, etc. If that
happens, then the authentication or replication attempt fails, hence why
replication problems will ensue.

As for immediate failover, I don't think that is possible in the router, but
then again, you would need to contact the router vendor if such a feature
exists. If this is the case, I would suggest to setup two DNS servers that
are non-domain controllers hosting a secondary zone of the AD zone, in a
cluster, and simply port remap to the cluster. But once again, since DNS is
installed, it WILL register the additional cluster, management, etc IPs into
DNS and would require registry changes to stop that, as well as creating
registry entries to only publish the IP address you want in DNS, such as the
cluster IP.

Ace
Re: issue with DC replication [message #157002 is a reply to message #156754] Mon, 29 June 2009 06:14 Go to previous messageGo to next message
millin  is currently offline millin
Messages: 29
Registered: July 2009
Junior Member
Thanks Ace for the response.
We don't have clustering on DCs,we only have clustering on Web boxes.If I
midirected you.I am apologising for that.
But we do have NIC teaming.


It also requires you to create
> registry entries to 'publish' the IP that you do want in DNS for the DC's
> host record, LdapIpAddress and GcIpAddress records what does it mean?

I checked on both DC/DNS Servers and I found out that our management
NIC(10.x.x.x)is not listed for the AD-Zone.So I don't think when the clinets
cannot connect to one DNS ip address(217.x.x.x) it looks for the management
IP address even if you selected Register this connection's addresses in DNS
for the management interface.
Management interface is absolute necessity for our Network Service providers
who is looking after our datacentres.

If this is the case, I would suggest to setup two DNS servers that
> are non-domain controllers hosting a secondary zone of the AD zone, in a
> cluster, and simply port remap to the cluster,can you explain a bit more detail how to do it?
I know how to create secondary zones of the AD Zone.no problems.
But how do I manage to do the clustering and port remappping?

Thank you very much for all your suggestions so far.

mill

"Ace Fekay [Microsoft Certified Trainer]" wrote:

> "millin" <ssuj@discussions.microsoft.com(No Spam)> wrote in message
> news:4EAB3E97-69A4-47B0-8DB8-983273A89CF7@microsoft.com...
> > Hi ,
> >
> > We've got 4 nics for each DNS/DC.
> > 2 for HP time teaming.(I am not familiar with teaming NIC?)
> > 1 for the actual name resolution.
> > 1 for the support service for their management.
> >
> > We have got 2 DNS Serevrs at the back end and 2 web servers running at
> > the
> > front end.We are providing wed services for our clients.
> > When the clients request from our web servers it is coming through our
> > external firewall.We also have an Internal PIX firewall between the front
> > end
> > and back end.
> > I hope you got some pic of our network.
> >
> > My question is that is there anyway I can redirect any request coming from
> > two web boxes(Front-End) to point to the ONE DNS Server(ACTIVE) whenever
> > the
> > other one down for maintenance.Presently some of the clients are always
> > connecting to the one DC/Dns server and some on the other DC/Dns.
> >
> > So my manager doesn't want to play with the live ones.Because we are
> > providing 24/7 services.
> > That is the reason I can't run any purge or flushdns commands on the live
> > ones.
> >
> > I created a test environment with 2 AD-I DC's and one Test-WB server.
> > If you need any more info please let me know.
> >
> > i don't think firewalls are a problem?
> >
> > Thanks
> > Siva.
> >
>
>
> Hello Siva,
>
> First, I am not a fan of multihoming, or clustering a DC because of the DNS
> registrations it creates. If there's are additional NICs and IPs, the
> netlogon service WILL register them into DNS. You would need to perform
> extensive registry modifications to stop this. Plus, DNS itself will
> register into the DNS zone as well, hence the requirement for registry
> changes to alter this default behavior. It also requires you to create
> registry entries to 'publish' the IP that you do want in DNS for the DC's
> host record, LdapIpAddress and GcIpAddress records. If you don't make the
> modifications, what will happen when a client or another DC requests the IP
> of a DC to authenticate while using a printer, connecting to a shared folder
> or replicate to another DC, it may get resolved to an IP that the querying
> client or DC cannot communicate to, such as the management IP, etc. If that
> happens, then the authentication or replication attempt fails, hence why
> replication problems will ensue.
>
> As for immediate failover, I don't think that is possible in the router, but
> then again, you would need to contact the router vendor if such a feature
> exists. If this is the case, I would suggest to setup two DNS servers that
> are non-domain controllers hosting a secondary zone of the AD zone, in a
> cluster, and simply port remap to the cluster. But once again, since DNS is
> installed, it WILL register the additional cluster, management, etc IPs into
> DNS and would require registry changes to stop that, as well as creating
> registry entries to only publish the IP address you want in DNS, such as the
> cluster IP.
>
> Ace
>
>
Re: issue with DC replication [message #157004 is a reply to message #156754] Mon, 29 June 2009 06:37 Go to previous messageGo to next message
Jorge Silva  is currently offline Jorge Silva
Messages: 398
Registered: July 2009
Senior Member
Hi
I Have been out for a couple a days, Any news on this one?


> If there's are additional NICs and IPs, the netlogon service WILL register
> them into DNS. You would need to perform extensive registry modifications
> to stop this. Plus, DNS itself will register into the DNS zone as well,
> hence the requirement for registry changes to alter this default behavior.
> It also requires you to create registry entries to 'publish' the IP that
> you do want in DNS for the DC's host record, LdapIpAddress and GcIpAddress
> records. If you don't make the modifications, what will happen when a
> client or another DC requests the IP of a DC to authenticate while using a
> printer, connecting to a shared folder or replicate to another DC, it may
> get resolved to an IP that the querying client or DC cannot communicate
> to, such as the management IP, etc. If that happens, then the
> authentication or replication attempt fails, hence why replication
> problems will ensue.
>
> As for immediate failover, I don't think that is possible in the router,
> but then again, you would need to contact the router vendor if such a
> feature exists. If this is the case, I would suggest to setup two DNS
> servers that are non-domain controllers hosting a secondary zone of the AD
> zone, in a cluster, and simply port remap to the cluster. But once again,
> since DNS is installed, it WILL register the additional cluster,
> management, etc IPs into DNS and would require registry changes to stop
> that, as well as creating registry entries to only publish the IP address
> you want in DNS, such as the cluster IP.


--
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services
"Ace Fekay [Microsoft Certified Trainer]" <aceman@mvps.RemoveThisPart.org>
wrote in message news:OVfSGtQ9JHA.1252@TK2MSFTNGP04.phx.gbl...
> "millin" <ssuj@discussions.microsoft.com(No Spam)> wrote in message
> news:4EAB3E97-69A4-47B0-8DB8-983273A89CF7@microsoft.com...
>> Hi ,
>>
>> We've got 4 nics for each DNS/DC.
>> 2 for HP time teaming.(I am not familiar with teaming NIC?)
>> 1 for the actual name resolution.
>> 1 for the support service for their management.
>>
>> We have got 2 DNS Serevrs at the back end and 2 web servers running at
>> the
>> front end.We are providing wed services for our clients.
>> When the clients request from our web servers it is coming through our
>> external firewall.We also have an Internal PIX firewall between the front
>> end
>> and back end.
>> I hope you got some pic of our network.
>>
>> My question is that is there anyway I can redirect any request coming
>> from
>> two web boxes(Front-End) to point to the ONE DNS Server(ACTIVE) whenever
>> the
>> other one down for maintenance.Presently some of the clients are always
>> connecting to the one DC/Dns server and some on the other DC/Dns.
>>
>> So my manager doesn't want to play with the live ones.Because we are
>> providing 24/7 services.
>> That is the reason I can't run any purge or flushdns commands on the
>> live
>> ones.
>>
>> I created a test environment with 2 AD-I DC's and one Test-WB server.
>> If you need any more info please let me know.
>>
>> i don't think firewalls are a problem?
>>
>> Thanks
>> Siva.
>>
>
>
> Hello Siva,
>
> First, I am not a fan of multihoming, or clustering a DC because of the
> DNS registrations it creates. If there's are additional NICs and IPs, the
> netlogon service WILL register them into DNS. You would need to perform
> extensive registry modifications to stop this. Plus, DNS itself will
> register into the DNS zone as well, hence the requirement for registry
> changes to alter this default behavior. It also requires you to create
> registry entries to 'publish' the IP that you do want in DNS for the DC's
> host record, LdapIpAddress and GcIpAddress records. If you don't make the
> modifications, what will happen when a client or another DC requests the
> IP of a DC to authenticate while using a printer, connecting to a shared
> folder or replicate to another DC, it may get resolved to an IP that the
> querying client or DC cannot communicate to, such as the management IP,
> etc. If that happens, then the authentication or replication attempt
> fails, hence why replication problems will ensue.
>
> As for immediate failover, I don't think that is possible in the router,
> but then again, you would need to contact the router vendor if such a
> feature exists. If this is the case, I would suggest to setup two DNS
> servers that are non-domain controllers hosting a secondary zone of the AD
> zone, in a cluster, and simply port remap to the cluster. But once again,
> since DNS is installed, it WILL register the additional cluster,
> management, etc IPs into DNS and would require registry changes to stop
> that, as well as creating registry entries to only publish the IP address
> you want in DNS, such as the cluster IP.
>
> Ace
Re: issue with DC replication [message #157011 is a reply to message #157002] Mon, 29 June 2009 08:38 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"millin" <ssuj@discussions.microsoft.com(No Spam)> wrote in message
news:E737CBCC-6BFC-4E83-8DAF-8D42994B5F10@microsoft.com...
> Thanks Ace for the response.
> We don't have clustering on DCs,we only have clustering on Web boxes.If I
> midirected you.I am apologising for that.
> But we do have NIC teaming.
>
>
> It also requires you to create
>> registry entries to 'publish' the IP that you do want in DNS for the DC's
>> host record, LdapIpAddress and GcIpAddress records what does it mean?
>
> I checked on both DC/DNS Servers and I found out that our management
> NIC(10.x.x.x)is not listed for the AD-Zone.So I don't think when the
> clinets
> cannot connect to one DNS ip address(217.x.x.x) it looks for the
> management
> IP address even if you selected Register this connection's addresses in
> DNS
> for the management interface.
> Management interface is absolute necessity for our Network Service
> providers
> who is looking after our datacentres.
>
> If this is the case, I would suggest to setup two DNS servers that
>> are non-domain controllers hosting a secondary zone of the AD zone, in a
>> cluster, and simply port remap to the cluster,can you explain a bit more
>> detail how to do it?
> I know how to create secondary zones of the AD Zone.no problems.
> But how do I manage to do the clustering and port remappping?
>
> Thank you very much for all your suggestions so far.
>
> mill


Are the web servers and FTP servers the same servers?

I thought you said the DCs were clustered. Ok, glad they're not.

You indicated that the web servers are using a 217.x.x.x IP. What IPs are on
the DCs? Are they public IPs such as the web server IP or private? Or is one
private, and one public with a NAT between them? reason why I ask is if one
of the DCs are on the public side, and one on the private side separated by
NAT, domain communication fails across NAT.

I wish I could see a Visio of this to get a better higher level view of it
to make a better recommendation.

Ace
Re: issue with DC replication [message #157019 is a reply to message #157011] Mon, 29 June 2009 11:00 Go to previous messageGo to next message
millin  is currently offline millin
Messages: 29
Registered: July 2009
Junior Member
Hi Guys,


What IPs are on
> the DCs? Are they public IPs such as the web server IP or private? Or is one
> private, and one public with a NAT between them? reason why I ask is if one
> of the DCs are on the public side, and one on the private side separated by
> NAT, domain communication fails across NAT.


Our DCs are on 217.x.41.x with /24 subnets.
and Web boxes are on 217.x.42.x with /27 subnet.
Both IP addresses are public.


Client request comes to our external DNS which gives the IP address of our
cluster Web box which eventually comes to one of the web boxes through a
firewall for providing services.
We also had a internal DNS server which is also using public addresses,which
keeps all the host-A records for each clients to connect to which web servers
eg:-csexe-01 pointing to the both Web servers.May be I think thses servers
acting as authoritative server for the web servers.I don't know.

I am still learning about the networkI only started working for this new
organisation recently.

If you need further info please let me know.

With Regards
mill

"Ace Fekay [Microsoft Certified Trainer]" wrote:

> "millin" <ssuj@discussions.microsoft.com(No Spam)> wrote in message
> news:E737CBCC-6BFC-4E83-8DAF-8D42994B5F10@microsoft.com...
> > Thanks Ace for the response.
> > We don't have clustering on DCs,we only have clustering on Web boxes.If I
> > midirected you.I am apologising for that.
> > But we do have NIC teaming.
> >
> >
> > It also requires you to create
> >> registry entries to 'publish' the IP that you do want in DNS for the DC's
> >> host record, LdapIpAddress and GcIpAddress records what does it mean?
> >
> > I checked on both DC/DNS Servers and I found out that our management
> > NIC(10.x.x.x)is not listed for the AD-Zone.So I don't think when the
> > clinets
> > cannot connect to one DNS ip address(217.x.x.x) it looks for the
> > management
> > IP address even if you selected Register this connection's addresses in
> > DNS
> > for the management interface.
> > Management interface is absolute necessity for our Network Service
> > providers
> > who is looking after our datacentres.
> >
> > If this is the case, I would suggest to setup two DNS servers that
> >> are non-domain controllers hosting a secondary zone of the AD zone, in a
> >> cluster, and simply port remap to the cluster,can you explain a bit more
> >> detail how to do it?
> > I know how to create secondary zones of the AD Zone.no problems.
> > But how do I manage to do the clustering and port remappping?
> >
> > Thank you very much for all your suggestions so far.
> >
> > mill
>
>
> Are the web servers and FTP servers the same servers?
>
> I thought you said the DCs were clustered. Ok, glad they're not.
>
> You indicated that the web servers are using a 217.x.x.x IP. What IPs are on
> the DCs? Are they public IPs such as the web server IP or private? Or is one
> private, and one public with a NAT between them? reason why I ask is if one
> of the DCs are on the public side, and one on the private side separated by
> NAT, domain communication fails across NAT.
>
> I wish I could see a Visio of this to get a better higher level view of it
> to make a better recommendation.
>
> Ace
>
>
Re: issue with DC replication [message #157020 is a reply to message #157011] Mon, 29 June 2009 11:26 Go to previous messageGo to next message
millin  is currently offline millin
Messages: 29
Registered: July 2009
Junior Member
Hi,

if you want I will send you a .doc file which has got our network diagram
which i drew on Visio.
please let me know.
If you want it how can I upload it into here?

thanks
mill



"Ace Fekay [Microsoft Certified Trainer]" wrote:

> "millin" <ssuj@discussions.microsoft.com(No Spam)> wrote in message
> news:E737CBCC-6BFC-4E83-8DAF-8D42994B5F10@microsoft.com...
> > Thanks Ace for the response.
> > We don't have clustering on DCs,we only have clustering on Web boxes.If I
> > midirected you.I am apologising for that.
> > But we do have NIC teaming.
> >
> >
> > It also requires you to create
> >> registry entries to 'publish' the IP that you do want in DNS for the DC's
> >> host record, LdapIpAddress and GcIpAddress records what does it mean?
> >
> > I checked on both DC/DNS Servers and I found out that our management
> > NIC(10.x.x.x)is not listed for the AD-Zone.So I don't think when the
> > clinets
> > cannot connect to one DNS ip address(217.x.x.x) it looks for the
> > management
> > IP address even if you selected Register this connection's addresses in
> > DNS
> > for the management interface.
> > Management interface is absolute necessity for our Network Service
> > providers
> > who is looking after our datacentres.
> >
> > If this is the case, I would suggest to setup two DNS servers that
> >> are non-domain controllers hosting a secondary zone of the AD zone, in a
> >> cluster, and simply port remap to the cluster,can you explain a bit more
> >> detail how to do it?
> > I know how to create secondary zones of the AD Zone.no problems.
> > But how do I manage to do the clustering and port remappping?
> >
> > Thank you very much for all your suggestions so far.
> >
> > mill
>
>
> Are the web servers and FTP servers the same servers?
>
> I thought you said the DCs were clustered. Ok, glad they're not.
>
> You indicated that the web servers are using a 217.x.x.x IP. What IPs are on
> the DCs? Are they public IPs such as the web server IP or private? Or is one
> private, and one public with a NAT between them? reason why I ask is if one
> of the DCs are on the public side, and one on the private side separated by
> NAT, domain communication fails across NAT.
>
> I wish I could see a Visio of this to get a better higher level view of it
> to make a better recommendation.
>
> Ace
>
>
Re: issue with DC replication [message #157021 is a reply to message #157004] Mon, 29 June 2009 11:29 Go to previous messageGo to next message
millin  is currently offline millin
Messages: 29
Registered: July 2009
Junior Member
Hi Jorge,

Not at all.
I am still scratching my head on this!!!
If you want I can send you a .doc which shows some info about our network
which i done on visio.

Good to see you back here.

thanks
mill

"Jorge Silva" wrote:

> Hi
> I Have been out for a couple a days, Any news on this one?
>
>
> > If there's are additional NICs and IPs, the netlogon service WILL register
> > them into DNS. You would need to perform extensive registry modifications
> > to stop this. Plus, DNS itself will register into the DNS zone as well,
> > hence the requirement for registry changes to alter this default behavior.
> > It also requires you to create registry entries to 'publish' the IP that
> > you do want in DNS for the DC's host record, LdapIpAddress and GcIpAddress
> > records. If you don't make the modifications, what will happen when a
> > client or another DC requests the IP of a DC to authenticate while using a
> > printer, connecting to a shared folder or replicate to another DC, it may
> > get resolved to an IP that the querying client or DC cannot communicate
> > to, such as the management IP, etc. If that happens, then the
> > authentication or replication attempt fails, hence why replication
> > problems will ensue.
> >
> > As for immediate failover, I don't think that is possible in the router,
> > but then again, you would need to contact the router vendor if such a
> > feature exists. If this is the case, I would suggest to setup two DNS
> > servers that are non-domain controllers hosting a secondary zone of the AD
> > zone, in a cluster, and simply port remap to the cluster. But once again,
> > since DNS is installed, it WILL register the additional cluster,
> > management, etc IPs into DNS and would require registry changes to stop
> > that, as well as creating registry entries to only publish the IP address
> > you want in DNS, such as the cluster IP.
>
>
> --
> I hope that the information above helps you.
> Have a Nice day.
>
> Jorge Silva
> MVP Directory Services
> "Ace Fekay [Microsoft Certified Trainer]" <aceman@mvps.RemoveThisPart.org>
> wrote in message news:OVfSGtQ9JHA.1252@TK2MSFTNGP04.phx.gbl...
> > "millin" <ssuj@discussions.microsoft.com(No Spam)> wrote in message
> > news:4EAB3E97-69A4-47B0-8DB8-983273A89CF7@microsoft.com...
> >> Hi ,
> >>
> >> We've got 4 nics for each DNS/DC.
> >> 2 for HP time teaming.(I am not familiar with teaming NIC?)
> >> 1 for the actual name resolution.
> >> 1 for the support service for their management.
> >>
> >> We have got 2 DNS Serevrs at the back end and 2 web servers running at
> >> the
> >> front end.We are providing wed services for our clients.
> >> When the clients request from our web servers it is coming through our
> >> external firewall.We also have an Internal PIX firewall between the front
> >> end
> >> and back end.
> >> I hope you got some pic of our network.
> >>
> >> My question is that is there anyway I can redirect any request coming
> >> from
> >> two web boxes(Front-End) to point to the ONE DNS Server(ACTIVE) whenever
> >> the
> >> other one down for maintenance.Presently some of the clients are always
> >> connecting to the one DC/Dns server and some on the other DC/Dns.
> >>
> >> So my manager doesn't want to play with the live ones.Because we are
> >> providing 24/7 services.
> >> That is the reason I can't run any purge or flushdns commands on the
> >> live
> >> ones.
> >>
> >> I created a test environment with 2 AD-I DC's and one Test-WB server.
> >> If you need any more info please let me know.
> >>
> >> i don't think firewalls are a problem?
> >>
> >> Thanks
> >> Siva.
> >>
> >
> >
> > Hello Siva,
> >
> > First, I am not a fan of multihoming, or clustering a DC because of the
> > DNS registrations it creates. If there's are additional NICs and IPs, the
> > netlogon service WILL register them into DNS. You would need to perform
> > extensive registry modifications to stop this. Plus, DNS itself will
> > register into the DNS zone as well, hence the requirement for registry
> > changes to alter this default behavior. It also requires you to create
> > registry entries to 'publish' the IP that you do want in DNS for the DC's
> > host record, LdapIpAddress and GcIpAddress records. If you don't make the
> > modifications, what will happen when a client or another DC requests the
> > IP of a DC to authenticate while using a printer, connecting to a shared
> > folder or replicate to another DC, it may get resolved to an IP that the
> > querying client or DC cannot communicate to, such as the management IP,
> > etc. If that happens, then the authentication or replication attempt
> > fails, hence why replication problems will ensue.
> >
> > As for immediate failover, I don't think that is possible in the router,
> > but then again, you would need to contact the router vendor if such a
> > feature exists. If this is the case, I would suggest to setup two DNS
> > servers that are non-domain controllers hosting a secondary zone of the AD
> > zone, in a cluster, and simply port remap to the cluster. But once again,
> > since DNS is installed, it WILL register the additional cluster,
> > management, etc IPs into DNS and would require registry changes to stop
> > that, as well as creating registry entries to only publish the IP address
> > you want in DNS, such as the cluster IP.
> >
> > Ace
>
Re: issue with DC replication [message #157023 is a reply to message #157019] Mon, 29 June 2009 12:27 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
In news:7EBD85D4-18FA-423F-A99C-CA4960B3F023@microsoft.com,
millin <ssuj@discussions.microsoft.com(No Spam)>, posted the following, which I replied to down below...: Hello millin
> Hi Guys,
>
>
> What IPs are on
>> the DCs? Are they public IPs such as the web server IP or private?
>> Or is one private, and one public with a NAT between them? reason
>> why I ask is if one of the DCs are on the public side, and one on
>> the private side separated by NAT, domain communication fails across
>> NAT.
>
>
> Our DCs are on 217.x.41.x with /24 subnets.
> and Web boxes are on 217.x.42.x with /27 subnet.
> Both IP addresses are public.
>

Is there a firewall between 217.x.41.x and 217.x.42.x?

Both DCs are on the one subnet, 217.x.41.x or are they on different /24 subnets, such as possibly 217.1.41.x and 217.2.41.x? If so, is there a firewall between them?

Ace
Re: issue with DC replication [message #157024 is a reply to message #157020] Mon, 29 June 2009 12:25 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
In news:F57546D5-2CBD-4698-A6E3-36DF60738DD8@microsoft.com,
millin <ssuj@discussions.microsoft.com(No Spam)>, posted the following, which I replied to down below...: Hello millin
> Hi,
>
> if you want I will send you a .doc file which has got our network
> diagram which i drew on Visio.
> please let me know.
> If you want it how can I upload it into here?
>
> thanks
> mill


Yes, please. Send it to aceman@mvps.RemoveThisPart.org. Just remove the 'removethispart' first.

Thanks,
Ace
Re: issue with DC replication [message #157027 is a reply to message #157024] Mon, 29 June 2009 12:47 Go to previous messageGo to next message
millin  is currently offline millin
Messages: 29
Registered: July 2009
Junior Member
Hi Ace,

I have send the attachment on aceman@mvps.org
please let me know if you received ot or not.

thanks.
mill

"Ace Fekay [Microsoft Certified Trainer]" wrote:

> In news:F57546D5-2CBD-4698-A6E3-36DF60738DD8@microsoft.com,
> millin <ssuj@discussions.microsoft.com(No Spam)>, posted the following, which I replied to down below...: Hello millin
> > Hi,
> >
> > if you want I will send you a .doc file which has got our network
> > diagram which i drew on Visio.
> > please let me know.
> > If you want it how can I upload it into here?
> >
> > thanks
> > mill
>
>
> Yes, please. Send it to aceman@mvps.RemoveThisPart.org. Just remove the 'removethispart' first.
>
> Thanks,
> Ace
>
>
>
Re: issue with DC replication [message #157035 is a reply to message #157027] Mon, 29 June 2009 17:16 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"millin" <ssuj@discussions.microsoft.com(No Spam)> wrote in message news:C01324C2-F137-42DA-8BFD-E773AE6F64B2@microsoft.com...
> Hi Ace,
>
> I have send the attachment on aceman@mvps.org
> please let me know if you received ot or not.
>
> thanks.
> mill

Hi Mill,

Thank you for sending the Visio.

Unfortunately, I can't really follow it the way you portrayed your network. I can't tell which subnet each machine and firewall is on. Therefore, I redid it in the notation that is understandable among engineers in order for you to update it for me to gain a better understanding of how and which switch each machine and firewall is connected to. If I am missing a network 'subnet' indicator, which can also be viewed as the physical switch (depicted by a fat line going across with the subnet ID in the middle of it), please add each subnet.

Thanks!

Ae
Re: issue with DC replication [message #157148 is a reply to message #157035] Wed, 01 July 2009 07:41 Go to previous messageGo to next message
millin  is currently offline millin
Messages: 29
Registered: July 2009
Junior Member
Hi Ace,

I send another diagram of our network.
have a look!!!
thanks for your effort.

regards
millin

"Ace Fekay [Microsoft Certified Trainer]" wrote:

>
> "millin" <ssuj@discussions.microsoft.com(No Spam)> wrote in message news:C01324C2-F137-42DA-8BFD-E773AE6F64B2@microsoft.com...
> > Hi Ace,
> >
> > I have send the attachment on aceman@mvps.org
> > please let me know if you received ot or not.
> >
> > thanks.
> > mill
>
> Hi Mill,
>
> Thank you for sending the Visio.
>
> Unfortunately, I can't really follow it the way you portrayed your network. I can't tell which subnet each machine and firewall is on. Therefore, I redid it in the notation that is understandable among engineers in order for you to update it for me to gain a better understanding of how and which switch each machine and firewall is connected to. If I am missing a network 'subnet' indicator, which can also be viewed as the physical switch (depicted by a fat line going across with the subnet ID in the middle of it), please add each subnet.
>
> Thanks!
>
> Ae
>
Re: issue with DC replication [message #157149 is a reply to message #157148] Wed, 01 July 2009 08:10 Go to previous message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
In news:F503A637-76E6-4B1D-A37C-1E47D50597AA@microsoft.com,
millin <ssuj@discussions.microsoft.com(No Spam)>, posted the following, which I replied to down below...: Hello millin
> Hi Ace,
>
> I send another diagram of our network.
> have a look!!!
> thanks for your effort.
>
> regards
> millin

You are welcome!

Ace
Previous Topic:Active Directory Migration Tool
Next Topic:Root CA in Production -[WP]
Goto Forum:
  


Current Time: Fri Oct 20 02:57:37 EDT 2017

Total time taken to generate the page: 0.06629 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software