DCPromo RPC Error

Hello, I have two Win2K3R2x86 servers. One is in Sydney and one in Melbourne.
The Sydney server is the DC and I would like to make the Melbourne server an
additional DC for the existing domain. The Melbourne server is connected to
Sydney via VPN routers (Draytek) on ADSL internet connections. Both machines
are multihomed - one interface for internal and one external.

When I run dcpromo the AD installation wizard goes so far and then fails
with this message -

The operation failed because:
Active Directory could not create the NTDS Settings object for this domain
controller CN=NTDS Settings, CN=Sydney, CN=Servers, CN=Melbourne, CN=Sites,
CN=Configuration, DC=xxx, DC=yyy, DC=zz on the remote domain controller
sydney.xxx.yyy.zz. Ensure the provided network credentials have sufficient
permissions.
"The RPC server is unavailable."

I used the Administrator credentials and I have no problems using remote
desktop or browsing shares on the Sydney server through the VPN.
The Melbourne server joined the domain okay as a result of running dcpromo
and the server was added to AD Sites (as a server) and Services, and AD Users
and Computers (as a Computer).
Needless to say RPC Server is running on both machines.
DNS on the Melbourne machine points to Sydney okay and visa versa.
I turned the firewall off in Routing and Remote Access for the external
interfaces.
I tried reducing the MTU on the network interfaces that connect to the
routers but the same problem still occurred.
I am at my wits end and would appreciate any advice.
Thanks
Dharmpuri

Hi Dharmpuri,
You probably have this issue because you have not prepped your DC to be
multihomed and it's registering Services for both interfaces.
See: http://support.microsoft.com/kb/272294
It says W2K but the same principles apply.

Regards,

Austin

"Dharmpuri" <Dharmpuri@discussions.microsoft.com> wrote in message
news:084373E9-C9D7-4120-92DA-6B86193552F4@microsoft.com...
> Hello, I have two Win2K3R2x86 servers. One is in Sydney and one in
> Melbourne.
> The Sydney server is the DC and I would like to make the Melbourne server
> an
> additional DC for the existing domain. The Melbourne server is connected
> to
> Sydney via VPN routers (Draytek) on ADSL internet connections. Both
> machines
> are multihomed - one interface for internal and one external.
>
> When I run dcpromo the AD installation wizard goes so far and then fails
> with this message -
>
> The operation failed because:
> Active Directory could not create the NTDS Settings object for this domain
> controller CN=NTDS Settings, CN=Sydney, CN=Servers, CN=Melbourne,
> CN=Sites,
> CN=Configuration, DC=xxx, DC=yyy, DC=zz on the remote domain controller
> sydney.xxx.yyy.zz. Ensure the provided network credentials have sufficient
> permissions.
> "The RPC server is unavailable."
>
> I used the Administrator credentials and I have no problems using remote
> desktop or browsing shares on the Sydney server through the VPN.
> The Melbourne server joined the domain okay as a result of running dcpromo
> and the server was added to AD Sites (as a server) and Services, and AD
> Users
> and Computers (as a Computer).
> Needless to say RPC Server is running on both machines.
> DNS on the Melbourne machine points to Sydney okay and visa versa.
> I turned the firewall off in Routing and Remote Access for the external
> interfaces.
> I tried reducing the MTU on the network interfaces that connect to the
> routers but the same problem still occurred.
> I am at my wits end and would appreciate any advice.
> Thanks
> Dharmpuri

Hi,

Do you have separate subnet for melbourne?
If your melbourne server's Ip address falls in the same subnet of
sydney's.Then no issues.
If not then either create a separate subnet and associate with the
respective site or create a new site for melbourne and associate the newly
created subnet.
Also follow the steps mentioned in the KB article 272294 to avoid failure of
replication.
--
Emmanuel Antony


"Dharmpuri" wrote:

> Hello, I have two Win2K3R2x86 servers. One is in Sydney and one in Melbourne.
> The Sydney server is the DC and I would like to make the Melbourne server an
> additional DC for the existing domain. The Melbourne server is connected to
> Sydney via VPN routers (Draytek) on ADSL internet connections. Both machines
> are multihomed - one interface for internal and one external.
>
> When I run dcpromo the AD installation wizard goes so far and then fails
> with this message -
>
> The operation failed because:
> Active Directory could not create the NTDS Settings object for this domain
> controller CN=NTDS Settings, CN=Sydney, CN=Servers, CN=Melbourne, CN=Sites,
> CN=Configuration, DC=xxx, DC=yyy, DC=zz on the remote domain controller
> sydney.xxx.yyy.zz. Ensure the provided network credentials have sufficient
> permissions.
> "The RPC server is unavailable."
>
> I used the Administrator credentials and I have no problems using remote
> desktop or browsing shares on the Sydney server through the VPN.
> The Melbourne server joined the domain okay as a result of running dcpromo
> and the server was added to AD Sites (as a server) and Services, and AD Users
> and Computers (as a Computer).
> Needless to say RPC Server is running on both machines.
> DNS on the Melbourne machine points to Sydney okay and visa versa.
> I turned the firewall off in Routing and Remote Access for the external
> interfaces.
> I tried reducing the MTU on the network interfaces that connect to the
> routers but the same problem still occurred.
> I am at my wits end and would appreciate any advice.
> Thanks
> Dharmpuri

Hi Austin,
Thanks for your response. I followed the instructions in the KB article for
both servers and put the Sydney DC as the DNS for the Melbourne server. But
now when I run dcpromo if doesn't get so far - after entering the network
credentails it says it can't find the domain contoller!?! The error is:

The following error occurred when DNS was queried for the service location
(SRV) resource record used to locate a domain controller for domain
yidl.org.au:

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.yidl.org.au

Common causes of this error include the following:

- The DNS SRV records required to locate a domain controller for the domain
are not registered in DNS. These records are registered with a DNS server
automatically when a domain controller is added to a domain. They are updated
by the domain controller at set intervals. This computer is configured to use
DNS servers with following IP addresses:

192.168.1.4
192.168.0.10

- One or more of the following zones do not include delegation to its child
zone:

yidl.org.au
org.au
au
.. (the root zone)

For information about correcting this problem, click Help.

I didn't mention before - Sydney internal is on 192.168.0.x and external
192.168.1.x
Melbourne internal 192.168.0.x and external 192.168.2.x
I don't understand why it has this error as I can ping -a the ip address of
Sydney, browse shares, nslookup works, etc.
Scratch head. Any ideas?
Thanks for you help.
Dharmpuri


"Austin Osuide" wrote:

> Hi Dharmpuri,
> You probably have this issue because you have not prepped your DC to be
> multihomed and it's registering Services for both interfaces.
> See: http://support.microsoft.com/kb/272294
> It says W2K but the same principles apply.
>
> Regards,
>
> Austin
>
> "Dharmpuri" <Dharmpuri@discussions.microsoft.com> wrote in message
> news:084373E9-C9D7-4120-92DA-6B86193552F4@microsoft.com...
> > Hello, I have two Win2K3R2x86 servers. One is in Sydney and one in
> > Melbourne.
> > The Sydney server is the DC and I would like to make the Melbourne server
> > an
> > additional DC for the existing domain. The Melbourne server is connected
> > to
> > Sydney via VPN routers (Draytek) on ADSL internet connections. Both
> > machines
> > are multihomed - one interface for internal and one external.
> >
> > When I run dcpromo the AD installation wizard goes so far and then fails
> > with this message -
> >
> > The operation failed because:
> > Active Directory could not create the NTDS Settings object for this domain
> > controller CN=NTDS Settings, CN=Sydney, CN=Servers, CN=Melbourne,
> > CN=Sites,
> > CN=Configuration, DC=xxx, DC=yyy, DC=zz on the remote domain controller
> > sydney.xxx.yyy.zz. Ensure the provided network credentials have sufficient
> > permissions.
> > "The RPC server is unavailable."
> >
> > I used the Administrator credentials and I have no problems using remote
> > desktop or browsing shares on the Sydney server through the VPN.
> > The Melbourne server joined the domain okay as a result of running dcpromo
> > and the server was added to AD Sites (as a server) and Services, and AD
> > Users
> > and Computers (as a Computer).
> > Needless to say RPC Server is running on both machines.
> > DNS on the Melbourne machine points to Sydney okay and visa versa.
> > I turned the firewall off in Routing and Remote Access for the external
> > interfaces.
> > I tried reducing the MTU on the network interfaces that connect to the
> > routers but the same problem still occurred.
> > I am at my wits end and would appreciate any advice.
> > Thanks
> > Dharmpuri
>

Hi Emmanual,
Yes, sorry I forgot to put that in my post.
Sydney internal is 192.168.0.x and external is 192.168.1.x
Melbourne internal is also 192.168.0.x and external is 192.168.2.x
I have Melbourne and Sydney sites in AD Sites and Services and the Melbourne
server appeared in the Servers folder under the Melbourne site after running
dcpromo. Subnets are also defined.
I still don't know what's up?!
Thanks
Dharmpuri

"Emmanuel Antony" wrote:

> Hi,
>
> Do you have separate subnet for melbourne?
> If your melbourne server's Ip address falls in the same subnet of
> sydney's.Then no issues.
> If not then either create a separate subnet and associate with the
> respective site or create a new site for melbourne and associate the newly
> created subnet.
> Also follow the steps mentioned in the KB article 272294 to avoid failure of
> replication.
> --
> Emmanuel Antony
>
>
> "Dharmpuri" wrote:
>
> > Hello, I have two Win2K3R2x86 servers. One is in Sydney and one in Melbourne.
> > The Sydney server is the DC and I would like to make the Melbourne server an
> > additional DC for the existing domain. The Melbourne server is connected to
> > Sydney via VPN routers (Draytek) on ADSL internet connections. Both machines
> > are multihomed - one interface for internal and one external.
> >
> > When I run dcpromo the AD installation wizard goes so far and then fails
> > with this message -
> >
> > The operation failed because:
> > Active Directory could not create the NTDS Settings object for this domain
> > controller CN=NTDS Settings, CN=Sydney, CN=Servers, CN=Melbourne, CN=Sites,
> > CN=Configuration, DC=xxx, DC=yyy, DC=zz on the remote domain controller
> > sydney.xxx.yyy.zz. Ensure the provided network credentials have sufficient
> > permissions.
> > "The RPC server is unavailable."
> >
> > I used the Administrator credentials and I have no problems using remote
> > desktop or browsing shares on the Sydney server through the VPN.
> > The Melbourne server joined the domain okay as a result of running dcpromo
> > and the server was added to AD Sites (as a server) and Services, and AD Users
> > and Computers (as a Computer).
> > Needless to say RPC Server is running on both machines.
> > DNS on the Melbourne machine points to Sydney okay and visa versa.
> > I turned the firewall off in Routing and Remote Access for the external
> > interfaces.
> > I tried reducing the MTU on the network interfaces that connect to the
> > routers but the same problem still occurred.
> > I am at my wits end and would appreciate any advice.
> > Thanks
> > Dharmpuri

Hello again Austin,
Just an update on the last post. If I enable listening on all interfaces on
the Sydney DNS, the external Host record for Sydney is recreated and the
Melbourne server then recognises the DC in Sydney and I'm back to where I
started - "The RPC server is unavailable."
scratch head more, hair loss.
Regards,
Dharmpuri

"Austin Osuide" wrote:

> Hi Dharmpuri,
> You probably have this issue because you have not prepped your DC to be
> multihomed and it's registering Services for both interfaces.
> See: http://support.microsoft.com/kb/272294
> It says W2K but the same principles apply.
>
> Regards,
>
> Austin
>
> "Dharmpuri" <Dharmpuri@discussions.microsoft.com> wrote in message
> news:084373E9-C9D7-4120-92DA-6B86193552F4@microsoft.com...
> > Hello, I have two Win2K3R2x86 servers. One is in Sydney and one in
> > Melbourne.
> > The Sydney server is the DC and I would like to make the Melbourne server
> > an
> > additional DC for the existing domain. The Melbourne server is connected
> > to
> > Sydney via VPN routers (Draytek) on ADSL internet connections. Both
> > machines
> > are multihomed - one interface for internal and one external.
> >
> > When I run dcpromo the AD installation wizard goes so far and then fails
> > with this message -
> >
> > The operation failed because:
> > Active Directory could not create the NTDS Settings object for this domain
> > controller CN=NTDS Settings, CN=Sydney, CN=Servers, CN=Melbourne,
> > CN=Sites,
> > CN=Configuration, DC=xxx, DC=yyy, DC=zz on the remote domain controller
> > sydney.xxx.yyy.zz. Ensure the provided network credentials have sufficient
> > permissions.
> > "The RPC server is unavailable."
> >
> > I used the Administrator credentials and I have no problems using remote
> > desktop or browsing shares on the Sydney server through the VPN.
> > The Melbourne server joined the domain okay as a result of running dcpromo
> > and the server was added to AD Sites (as a server) and Services, and AD
> > Users
> > and Computers (as a Computer).
> > Needless to say RPC Server is running on both machines.
> > DNS on the Melbourne machine points to Sydney okay and visa versa.
> > I turned the firewall off in Routing and Remote Access for the external
> > interfaces.
> > I tried reducing the MTU on the network interfaces that connect to the
> > routers but the same problem still occurred.
> > I am at my wits end and would appreciate any advice.
> > Thanks
> > Dharmpuri
>

Hi Drampuri,
Apologies for the delayed response
This problem is complicated by the fact you have multi-homed DC's.
What's the technical reason for this?

Regards,

Austin

"Dharmpuri" <Dharmpuri@discussions.microsoft.com> wrote in message
news:A6842A34-A4FF-4DB1-A6B8-618129F51BF7@microsoft.com...
> Hi Emmanual,
> Yes, sorry I forgot to put that in my post.
> Sydney internal is 192.168.0.x and external is 192.168.1.x
> Melbourne internal is also 192.168.0.x and external is 192.168.2.x
> I have Melbourne and Sydney sites in AD Sites and Services and the
> Melbourne
> server appeared in the Servers folder under the Melbourne site after
> running
> dcpromo. Subnets are also defined.
> I still don't know what's up?!
> Thanks
> Dharmpuri
>
> "Emmanuel Antony" wrote:
>
>> Hi,
>>
>> Do you have separate subnet for melbourne?
>> If your melbourne server's Ip address falls in the same subnet of
>> sydney's.Then no issues.
>> If not then either create a separate subnet and associate with the
>> respective site or create a new site for melbourne and associate the
>> newly
>> created subnet.
>> Also follow the steps mentioned in the KB article 272294 to avoid failure
>> of
>> replication.
>> --
>> Emmanuel Antony
>>
>>
>> "Dharmpuri" wrote:
>>
>> > Hello, I have two Win2K3R2x86 servers. One is in Sydney and one in
>> > Melbourne.
>> > The Sydney server is the DC and I would like to make the Melbourne
>> > server an
>> > additional DC for the existing domain. The Melbourne server is
>> > connected to
>> > Sydney via VPN routers (Draytek) on ADSL internet connections. Both
>> > machines
>> > are multihomed - one interface for internal and one external.
>> >
>> > When I run dcpromo the AD installation wizard goes so far and then
>> > fails
>> > with this message -
>> >
>> > The operation failed because:
>> > Active Directory could not create the NTDS Settings object for this
>> > domain
>> > controller CN=NTDS Settings, CN=Sydney, CN=Servers, CN=Melbourne,
>> > CN=Sites,
>> > CN=Configuration, DC=xxx, DC=yyy, DC=zz on the remote domain controller
>> > sydney.xxx.yyy.zz. Ensure the provided network credentials have
>> > sufficient
>> > permissions.
>> > "The RPC server is unavailable."
>> >
>> > I used the Administrator credentials and I have no problems using
>> > remote
>> > desktop or browsing shares on the Sydney server through the VPN.
>> > The Melbourne server joined the domain okay as a result of running
>> > dcpromo
>> > and the server was added to AD Sites (as a server) and Services, and AD
>> > Users
>> > and Computers (as a Computer).
>> > Needless to say RPC Server is running on both machines.
>> > DNS on the Melbourne machine points to Sydney okay and visa versa.
>> > I turned the firewall off in Routing and Remote Access for the external
>> > interfaces.
>> > I tried reducing the MTU on the network interfaces that connect to the
>> > routers but the same problem still occurred.
>> > I am at my wits end and would appreciate any advice.
>> > Thanks
>> > Dharmpuri

Hello Austin
I want to keep the internal network separate from the external for security.
Regards
Dharmpuri

"Austin Osuide" wrote:

> Hi Drampuri,
> Apologies for the delayed response
> This problem is complicated by the fact you have multi-homed DC's.
> What's the technical reason for this?
>
> Regards,
>
> Austin
>
> "Dharmpuri" <Dharmpuri@discussions.microsoft.com> wrote in message
> news:A6842A34-A4FF-4DB1-A6B8-618129F51BF7@microsoft.com...
> > Hi Emmanual,
> > Yes, sorry I forgot to put that in my post.
> > Sydney internal is 192.168.0.x and external is 192.168.1.x
> > Melbourne internal is also 192.168.0.x and external is 192.168.2.x
> > I have Melbourne and Sydney sites in AD Sites and Services and the
> > Melbourne
> > server appeared in the Servers folder under the Melbourne site after
> > running
> > dcpromo. Subnets are also defined.
> > I still don't know what's up?!
> > Thanks
> > Dharmpuri
> >
> > "Emmanuel Antony" wrote:
> >
> >> Hi,
> >>
> >> Do you have separate subnet for melbourne?
> >> If your melbourne server's Ip address falls in the same subnet of
> >> sydney's.Then no issues.
> >> If not then either create a separate subnet and associate with the
> >> respective site or create a new site for melbourne and associate the
> >> newly
> >> created subnet.
> >> Also follow the steps mentioned in the KB article 272294 to avoid failure
> >> of
> >> replication.
> >> --
> >> Emmanuel Antony
> >>
> >>
> >> "Dharmpuri" wrote:
> >>
> >> > Hello, I have two Win2K3R2x86 servers. One is in Sydney and one in
> >> > Melbourne.
> >> > The Sydney server is the DC and I would like to make the Melbourne
> >> > server an
> >> > additional DC for the existing domain. The Melbourne server is
> >> > connected to
> >> > Sydney via VPN routers (Draytek) on ADSL internet connections. Both
> >> > machines
> >> > are multihomed - one interface for internal and one external.
> >> >
> >> > When I run dcpromo the AD installation wizard goes so far and then
> >> > fails
> >> > with this message -
> >> >
> >> > The operation failed because:
> >> > Active Directory could not create the NTDS Settings object for this
> >> > domain
> >> > controller CN=NTDS Settings, CN=Sydney, CN=Servers, CN=Melbourne,
> >> > CN=Sites,
> >> > CN=Configuration, DC=xxx, DC=yyy, DC=zz on the remote domain controller
> >> > sydney.xxx.yyy.zz. Ensure the provided network credentials have
> >> > sufficient
> >> > permissions.
> >> > "The RPC server is unavailable."
> >> >
> >> > I used the Administrator credentials and I have no problems using
> >> > remote
> >> > desktop or browsing shares on the Sydney server through the VPN.
> >> > The Melbourne server joined the domain okay as a result of running
> >> > dcpromo
> >> > and the server was added to AD Sites (as a server) and Services, and AD
> >> > Users
> >> > and Computers (as a Computer).
> >> > Needless to say RPC Server is running on both machines.
> >> > DNS on the Melbourne machine points to Sydney okay and visa versa.
> >> > I turned the firewall off in Routing and Remote Access for the external
> >> > interfaces.
> >> > I tried reducing the MTU on the network interfaces that connect to the
> >> > routers but the same problem still occurred.
> >> > I am at my wits end and would appreciate any advice.
> >> > Thanks
> >> > Dharmpuri
>

Hi Drampuri,
A DC is not a router..
You should not use it to segment your networks.

Regards,

Austin

"Dharmpuri" <Dharmpuri@discussions.microsoft.com> wrote in message
news:9D756AC7-A42D-4024-B081-20AE331C5BDD@microsoft.com...
> Hello Austin
> I want to keep the internal network separate from the external for
> security.
> Regards
> Dharmpuri
>
> "Austin Osuide" wrote:
>
>> Hi Drampuri,
>> Apologies for the delayed response
>> This problem is complicated by the fact you have multi-homed DC's.
>> What's the technical reason for this?
>>
>> Regards,
>>
>> Austin
>>
>> "Dharmpuri" <Dharmpuri@discussions.microsoft.com> wrote in message
>> news:A6842A34-A4FF-4DB1-A6B8-618129F51BF7@microsoft.com...
>> > Hi Emmanual,
>> > Yes, sorry I forgot to put that in my post.
>> > Sydney internal is 192.168.0.x and external is 192.168.1.x
>> > Melbourne internal is also 192.168.0.x and external is 192.168.2.x
>> > I have Melbourne and Sydney sites in AD Sites and Services and the
>> > Melbourne
>> > server appeared in the Servers folder under the Melbourne site after
>> > running
>> > dcpromo. Subnets are also defined.
>> > I still don't know what's up?!
>> > Thanks
>> > Dharmpuri
>> >
>> > "Emmanuel Antony" wrote:
>> >
>> >> Hi,
>> >>
>> >> Do you have separate subnet for melbourne?
>> >> If your melbourne server's Ip address falls in the same subnet of
>> >> sydney's.Then no issues.
>> >> If not then either create a separate subnet and associate with the
>> >> respective site or create a new site for melbourne and associate the
>> >> newly
>> >> created subnet.
>> >> Also follow the steps mentioned in the KB article 272294 to avoid
>> >> failure
>> >> of
>> >> replication.
>> >> --
>> >> Emmanuel Antony
>> >>
>> >>
>> >> "Dharmpuri" wrote:
>> >>
>> >> > Hello, I have two Win2K3R2x86 servers. One is in Sydney and one in
>> >> > Melbourne.
>> >> > The Sydney server is the DC and I would like to make the Melbourne
>> >> > server an
>> >> > additional DC for the existing domain. The Melbourne server is
>> >> > connected to
>> >> > Sydney via VPN routers (Draytek) on ADSL internet connections. Both
>> >> > machines
>> >> > are multihomed - one interface for internal and one external.
>> >> >
>> >> > When I run dcpromo the AD installation wizard goes so far and then
>> >> > fails
>> >> > with this message -
>> >> >
>> >> > The operation failed because:
>> >> > Active Directory could not create the NTDS Settings object for this
>> >> > domain
>> >> > controller CN=NTDS Settings, CN=Sydney, CN=Servers, CN=Melbourne,
>> >> > CN=Sites,
>> >> > CN=Configuration, DC=xxx, DC=yyy, DC=zz on the remote domain
>> >> > controller
>> >> > sydney.xxx.yyy.zz. Ensure the provided network credentials have
>> >> > sufficient
>> >> > permissions.
>> >> > "The RPC server is unavailable."
>> >> >
>> >> > I used the Administrator credentials and I have no problems using
>> >> > remote
>> >> > desktop or browsing shares on the Sydney server through the VPN.
>> >> > The Melbourne server joined the domain okay as a result of running
>> >> > dcpromo
>> >> > and the server was added to AD Sites (as a server) and Services, and
>> >> > AD
>> >> > Users
>> >> > and Computers (as a Computer).
>> >> > Needless to say RPC Server is running on both machines.
>> >> > DNS on the Melbourne machine points to Sydney okay and visa versa.
>> >> > I turned the firewall off in Routing and Remote Access for the
>> >> > external
>> >> > interfaces.
>> >> > I tried reducing the MTU on the network interfaces that connect to
>> >> > the
>> >> > routers but the same problem still occurred.
>> >> > I am at my wits end and would appreciate any advice.
>> >> > Thanks
>> >> > Dharmpuri
>>

Hi Dharmpuri

If you want that Your Dc work with multiple interfaces, you'll have to
configure it with the appropriate routes (normally persistent) or/and
configuring the Hosts file. The key is that the clients can reach to the
appropriate DC interface and all other existing DCs should get to each DC
interface so that replication doesn't fail (ADSS should be configured with
the appropriate subnets as well). This can be time consuming and unnecessary
work, you see, security should be handled by FW and IDS, etc... Not by DCs,
what you're trying to do IMO is to complicate simple things, please re-think
your design again and you'll see that everything has its job in the network
world, and security should be handled by dedicated devices/software that
were built for that purpose.


--

===================================
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MCSE, MVP Directory Services
===================================

"Dharmpuri" <Dharmpuri@discussions.microsoft.com> wrote in message
news:9D756AC7-A42D-4024-B081-20AE331C5BDD@microsoft.com...
> Hello Austin
> I want to keep the internal network separate from the external for
> security.
> Regards
> Dharmpuri
>
> "Austin Osuide" wrote:
>
>> Hi Drampuri,
>> Apologies for the delayed response
>> This problem is complicated by the fact you have multi-homed DC's.
>> What's the technical reason for this?
>>
>> Regards,
>>
>> Austin
>>
>> "Dharmpuri" <Dharmpuri@discussions.microsoft.com> wrote in message
>> news:A6842A34-A4FF-4DB1-A6B8-618129F51BF7@microsoft.com...
>> > Hi Emmanual,
>> > Yes, sorry I forgot to put that in my post.
>> > Sydney internal is 192.168.0.x and external is 192.168.1.x
>> > Melbourne internal is also 192.168.0.x and external is 192.168.2.x
>> > I have Melbourne and Sydney sites in AD Sites and Services and the
>> > Melbourne
>> > server appeared in the Servers folder under the Melbourne site after
>> > running
>> > dcpromo. Subnets are also defined.
>> > I still don't know what's up?!
>> > Thanks
>> > Dharmpuri
>> >
>> > "Emmanuel Antony" wrote:
>> >
>> >> Hi,
>> >>
>> >> Do you have separate subnet for melbourne?
>> >> If your melbourne server's Ip address falls in the same subnet of
>> >> sydney's.Then no issues.
>> >> If not then either create a separate subnet and associate with the
>> >> respective site or create a new site for melbourne and associate the
>> >> newly
>> >> created subnet.
>> >> Also follow the steps mentioned in the KB article 272294 to avoid
>> >> failure
>> >> of
>> >> replication.
>> >> --
>> >> Emmanuel Antony
>> >>
>> >>
>> >> "Dharmpuri" wrote:
>> >>
>> >> > Hello, I have two Win2K3R2x86 servers. One is in Sydney and one in
>> >> > Melbourne.
>> >> > The Sydney server is the DC and I would like to make the Melbourne
>> >> > server an
>> >> > additional DC for the existing domain. The Melbourne server is
>> >> > connected to
>> >> > Sydney via VPN routers (Draytek) on ADSL internet connections. Both
>> >> > machines
>> >> > are multihomed - one interface for internal and one external.
>> >> >
>> >> > When I run dcpromo the AD installation wizard goes so far and then
>> >> > fails
>> >> > with this message -
>> >> >
>> >> > The operation failed because:
>> >> > Active Directory could not create the NTDS Settings object for this
>> >> > domain
>> >> > controller CN=NTDS Settings, CN=Sydney, CN=Servers, CN=Melbourne,
>> >> > CN=Sites,
>> >> > CN=Configuration, DC=xxx, DC=yyy, DC=zz on the remote domain
>> >> > controller
>> >> > sydney.xxx.yyy.zz. Ensure the provided network credentials have
>> >> > sufficient
>> >> > permissions.
>> >> > "The RPC server is unavailable."
>> >> >
>> >> > I used the Administrator credentials and I have no problems using
>> >> > remote
>> >> > desktop or browsing shares on the Sydney server through the VPN.
>> >> > The Melbourne server joined the domain okay as a result of running
>> >> > dcpromo
>> >> > and the server was added to AD Sites (as a server) and Services, and
>> >> > AD
>> >> > Users
>> >> > and Computers (as a Computer).
>> >> > Needless to say RPC Server is running on both machines.
>> >> > DNS on the Melbourne machine points to Sydney okay and visa versa.
>> >> > I turned the firewall off in Routing and Remote Access for the
>> >> > external
>> >> > interfaces.
>> >> > I tried reducing the MTU on the network interfaces that connect to
>> >> > the
>> >> > routers but the same problem still occurred.
>> >> > I am at my wits end and would appreciate any advice.
>> >> > Thanks
>> >> > Dharmpuri
>>

Also,
If you are interested, an article on why multi-homing can be a bad idea on a
DC:
http://www.microsoft.com/technet/tec...7/09/CableGuy/

Regards,

Austin

"Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message
news:epodu65HIHA.5208@TK2MSFTNGP04.phx.gbl...
> Hi Dharmpuri
>
> If you want that Your Dc work with multiple interfaces, you'll have to
> configure it with the appropriate routes (normally persistent) or/and
> configuring the Hosts file. The key is that the clients can reach to the
> appropriate DC interface and all other existing DCs should get to each DC
> interface so that replication doesn't fail (ADSS should be configured with
> the appropriate subnets as well). This can be time consuming and
> unnecessary work, you see, security should be handled by FW and IDS,
> etc... Not by DCs, what you're trying to do IMO is to complicate simple
> things, please re-think your design again and you'll see that everything
> has its job in the network world, and security should be handled by
> dedicated devices/software that were built for that purpose.
>
>
> --
>
> ===================================
> I hope that the information above helps you.
> Have a Nice day.
>
> Jorge Silva
> MCSE, MVP Directory Services
> ===================================
>
> "Dharmpuri" <Dharmpuri@discussions.microsoft.com> wrote in message
> news:9D756AC7-A42D-4024-B081-20AE331C5BDD@microsoft.com...
>> Hello Austin
>> I want to keep the internal network separate from the external for
>> security.
>> Regards
>> Dharmpuri
>>
>> "Austin Osuide" wrote:
>>
>>> Hi Drampuri,
>>> Apologies for the delayed response
>>> This problem is complicated by the fact you have multi-homed DC's.
>>> What's the technical reason for this?
>>>
>>> Regards,
>>>
>>> Austin
>>>
>>> "Dharmpuri" <Dharmpuri@discussions.microsoft.com> wrote in message
>>> news:A6842A34-A4FF-4DB1-A6B8-618129F51BF7@microsoft.com...
>>> > Hi Emmanual,
>>> > Yes, sorry I forgot to put that in my post.
>>> > Sydney internal is 192.168.0.x and external is 192.168.1.x
>>> > Melbourne internal is also 192.168.0.x and external is 192.168.2.x
>>> > I have Melbourne and Sydney sites in AD Sites and Services and the
>>> > Melbourne
>>> > server appeared in the Servers folder under the Melbourne site after
>>> > running
>>> > dcpromo. Subnets are also defined.
>>> > I still don't know what's up?!
>>> > Thanks
>>> > Dharmpuri
>>> >
>>> > "Emmanuel Antony" wrote:
>>> >
>>> >> Hi,
>>> >>
>>> >> Do you have separate subnet for melbourne?
>>> >> If your melbourne server's Ip address falls in the same subnet of
>>> >> sydney's.Then no issues.
>>> >> If not then either create a separate subnet and associate with the
>>> >> respective site or create a new site for melbourne and associate the
>>> >> newly
>>> >> created subnet.
>>> >> Also follow the steps mentioned in the KB article 272294 to avoid
>>> >> failure
>>> >> of
>>> >> replication.
>>> >> --
>>> >> Emmanuel Antony
>>> >>
>>> >>
>>> >> "Dharmpuri" wrote:
>>> >>
>>> >> > Hello, I have two Win2K3R2x86 servers. One is in Sydney and one in
>>> >> > Melbourne.
>>> >> > The Sydney server is the DC and I would like to make the Melbourne
>>> >> > server an
>>> >> > additional DC for the existing domain. The Melbourne server is
>>> >> > connected to
>>> >> > Sydney via VPN routers (Draytek) on ADSL internet connections. Both
>>> >> > machines
>>> >> > are multihomed - one interface for internal and one external.
>>> >> >
>>> >> > When I run dcpromo the AD installation wizard goes so far and then
>>> >> > fails
>>> >> > with this message -
>>> >> >
>>> >> > The operation failed because:
>>> >> > Active Directory could not create the NTDS Settings object for this
>>> >> > domain
>>> >> > controller CN=NTDS Settings, CN=Sydney, CN=Servers, CN=Melbourne,
>>> >> > CN=Sites,
>>> >> > CN=Configuration, DC=xxx, DC=yyy, DC=zz on the remote domain
>>> >> > controller
>>> >> > sydney.xxx.yyy.zz. Ensure the provided network credentials have
>>> >> > sufficient
>>> >> > permissions.
>>> >> > "The RPC server is unavailable."
>>> >> >
>>> >> > I used the Administrator credentials and I have no problems using
>>> >> > remote
>>> >> > desktop or browsing shares on the Sydney server through the VPN.
>>> >> > The Melbourne server joined the domain okay as a result of running
>>> >> > dcpromo
>>> >> > and the server was added to AD Sites (as a server) and Services,
>>> >> > and AD
>>> >> > Users
>>> >> > and Computers (as a Computer).
>>> >> > Needless to say RPC Server is running on both machines.
>>> >> > DNS on the Melbourne machine points to Sydney okay and visa versa.
>>> >> > I turned the firewall off in Routing and Remote Access for the
>>> >> > external
>>> >> > interfaces.
>>> >> > I tried reducing the MTU on the network interfaces that connect to
>>> >> > the
>>> >> > routers but the same problem still occurred.
>>> >> > I am at my wits end and would appreciate any advice.
>>> >> > Thanks
>>> >> > Dharmpuri
>>>
>
>