Announcement

Collapse
No announcement yet.

Multihomed domain.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Multihomed domain.

    Hi everyone,

    I know that a multihomed domain is not recommanded but we have no choice, it's there and I can't change it.

    So here's the situation :

    We have a win2003 domain with VPN server, so first NIC is physical and second is virtual VPN for secured data. I've followed the guide at http://forums.techarena.in/active-directory/954155.htm (Meinolf Webe's post).

    The problem is, when I try to join the domain it tells me that :

    Note: This information is intended for a network administrator. If you are
    not your network's administrator, notify the administrator that you received
    this information, which has been recorded in the file
    C:\WINDOWS\debug\dcdiag.txt.

    DNS was successfully queried for the service location (SRV) resource record
    used to locate a domain controller for domain domainname:

    The query was for the SRV record for _ldap._tcp.dc._msdcs.domainname

    The following domain controllers were identified by the query:

    testserver.domainname

    Common causes of this error include:

    - Host (A) records that map the name of the domain controller to its IP
    addresses are missing or contain incorrect addresses.

    - Domain controllers registered in DNS are not connected to the network or
    are not running.
    I tried almost everything.. Any one could give me a hint or something on this?

    Thanks

  • #2
    Re: Multihomed domain.

    And why haven't you no choice?

    Anyhow, can you tell a bit more how your setup looks like?
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Multihomed domain.

      Originally posted by Dumber View Post
      And why haven't you no choice?

      Anyhow, can you tell a bit more how your setup looks like?
      Well I don't have a choice because we need all the trafic to be encrypted via VPN.

      Architecture topology is like : client <-> unmanaged switch <-> server

      All client are using static ips on the physical interface, and their DNS is also static, pointing to the server VPN's interface address.

      So ip classes are : 192.168.1.x for the VPN, and 192.168.2.x for the physical interfaces.

      Firewall are both turned off on server and client.

      No port are blocked.

      I ran a dcdiag /v, and the only errors are that 3 services are stopped :
      RPCLOCATOR
      TrkWkS
      TrkSvr

      I am not sure if those service need to be running...

      **edit **
      Oh I forgot to add that when i'm on a client computer, I can browse shares mapping the drive with domainname\administrator account. So it can communicate with the server & authenticate in a way..
      **edit **



      Thanks
      Last edited by DavidIT; 28th May 2009, 20:21.

      Comment


      • #4
        Re: Multihomed domain.

        You could require IPSEC for all/certain machines, even down to specific ports if you wish.
        cheers
        Andy

        Please read this before you post:


        Quis custodiet ipsos custodes?

        Comment


        • #5
          Re: Multihomed domain.

          Originally posted by AndyJG247 View Post
          You could require IPSEC for all/certain machines, even down to specific ports if you wish.
          Is there any other way I could make my workstations able to join the domain? I mean the only problem right now is that they can't join the domain..

          Comment


          • #6
            Re: Multihomed domain.

            Originally posted by DavidIT View Post
            I ran a dcdiag /v, and the only errors are that 3 services are stopped :
            RPCLOCATOR
            TrkWkS
            TrkSvr

            I am not sure if those service need to be running...
            Yes they need to be running, have you tried to start them?
            Caesar's cipher - 3

            ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

            SFX JNRS FC U6 MNGR

            Comment


            • #7
              Re: Multihomed domain.

              Originally posted by L4ndy View Post
              Yes they need to be running, have you tried to start them?
              Yup I just tried, and same error..

              Comment


              • #8
                Re: Multihomed domain.

                Any thoughts?

                Thanks

                Comment


                • #9
                  Re: Multihomed domain.

                  Yes. Configure the clients to use the server's LAN ip address for their DNS.

                  Comment

                  Working...
                  X