CPUG: The Check Point User Group - View Single Post

mannyo · #1 (**permalink**) 2005-11-13

Migrated NT4 domain to AD lastnight using an in place upgrade of the PDC. All is working ok on our main site once we sorted out a DNS issue this morning that was causing PC's to take 5 mins to login.

We have a server at a remote venue that already had 2003 server on it, so lunchtime popped over to run dcpromo to make it a domain controller to help users login more quickly and resolve an issue caused by the fact that the pc's couldnt logon properly because for some reason they couldnt contact the new 2003 dns server. Problem is partway through the dcpromo process it bombed saying it was having problems with ntds. Decided to remove server from domain and try again, this time cant even get that far.

In the end we took the server and drove the 10 miles back to the office and did everything there, dcpromo, install dns and let the whole thing sychronise with the domain. Disconnected and drove all the way back again, reset IP's, DNS, and changed DHCP to point to new dns. Voila clients can now login again and access there resources nice and quickly.

Now for the big problem, its all working except that the new DC cannot contact the main DC's at the office to replicate. The event log seems to be generating RPC related errors. Another thing that may have a bearing is the problem related to dns. If on the remote site I put in the 2 new dns servers, and an old one running on 2k on a desktop XP machine then go to a command prompt and type nslookup, the pc cant connect to the 1st 2 but finds the old one ok.

The remote site is connected via a cisco router, and routed through our checkpoint ng (version R55) firewall.

Network info.

Local main office network is 10.64.0.0 running with a subnet of 255.255.248.0

The remote site has 2 separate networks that operate independently through a vlan'd switch. Hence the router needed at the other end, the actual connection to the main office goes switch > router > les10 circuit > firewall. The firewall is used in this case to stop the .22 network getting onto our main lan as its used by a public cybercafe and routes straight to the internet.

remote network(1) is 10.64.21.0 with a subnet of 255.255.255.0 (office)
remote network(2) is 10.64.22.0 with a subnet of 255.255.255.0 (cybercafe)

I have a rule one the firewall, that allows all ports on the remote server to communicate with the DC's at the other location, but replication still fails. Looking at the firewall log I can see both successfull and blocked connections between the servers. I'll post a couple of screen dumps in the next post.