Announcement

Collapse
No announcement yet.

Joining a DC from a different subnet

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Joining a DC from a different subnet

    There is probably a very good reason why this isn't working, but i can't seem to track it down.

    We have a DC on subnet 10.10.4.0/22 which is working fine. We are trying to connect a second 2k3 server on a remote site as a secondary DC from subnet 10.10.8.0/22. All the relevant subnets/sites have been added to the primary DC but when we run dcpromo on the second server it is failing.

    As far as the remote server is concerned it has its DNS suffix to match that of the primary DC and pings work in all variations:
    Code:
     ping dc
    results in
    Code:
    pinging dc.domain.com
    so we know that DNS resolution is functioning correctly.

    There is a firewall between the two remote sites. What ports/protocols do i need to ensure are open for the whole process to work?

    I know that i can connect a secondary DC from the same subnet as the primary with no problems.

  • #2
    Re: Joining a DC from a different subnet

    > There is a firewall between the two remote sites. What ports/protocols do i need to ensure are open for the whole process to work?

    Ah. The short answer is: all protocols, free network traffic between the DC's. You really don't want to go and configure all protocols, it will take you days. Open a point-to-point open IP connection between the DC's on the firewall, that is the best compromis. Second-best: an IPSEC connection...

    I had to do this once in a large segmented network. My rule was: all DC's should be able to communicate freely with each other. If that is not possible, you get no DC. Also, think about client connectivity and redundancy

    Comment


    • #3
      Re: Joining a DC from a different subnet

      From a client connectivity point of view, the users on the second site would only be requiring access to files stored on the second site, and day to day management of those users will be delegated to someone at that site.

      Comment

      Working...
      X