none
why cannot access another DC and cannot ping either? RRS feed

  • Question

  • I  do a Routing and rempote access test in windows serve 2003 by Vmware. I have two DCs:dc2k31.contoson.com and dc2k32.contoson.com and a client pc(XP) :member1.I configure Routing and Remotes services in Dc2k32 as VPN server.


    DC2K31: DC/DNS roles installed,settings as below:

    ip;192.168.2.1
    submask;255.255.255.0


    DC2k32:DC/VPN Roels installed,settings as below:
    Local Area Connection:
    ip:192.168.2.3
    submask;255.255.255.0

    Local Area connections2:(used for VPN external interface)
    Ip.192.168.1.3
    submask;255.255.255.0

    Client(member1):XP

    IP:192.168.1.5
    submask;255.255.255.0


    I connnect to VPN server in Client(xp)  by domain account:contoson\ERIC Lan. i Can ping/access 192.168.2.3( dc2k32), but i cannot access/ping Dc2k31(192.168.2.1). not sure why?


    • Edited by Lanhaiyun Friday, November 25, 2011 3:41 PM
    Friday, November 25, 2011 3:39 PM

Answers

  • Hi,

    It is correct that the subnet mask is 255.255.255.255.

    I suggest you change the DC2K31's gateway to 192.168.2.3. If still cannot ping it, please change the VPN range to 192.168.2.10 to 192.168.2.100.

    Hope this helps.

    Best Regards,

    Yan Li


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Monday, November 28, 2011 9:42 AM
    Moderator

All replies

  • please see screenshot;

    Friday, November 25, 2011 3:57 PM
  • Verify, if the local windows firewall service is turned off on the DC2K31 or not.The below article say, if RRAS service is installed on the DC can create connectivity/dns issues. Even though, its a test environment, try disabling RRAS service.

    http://support.microsoft.com/kb/292822/en-us

     

    Regards  


    Awinish Vishwakarma

    MY BLOG:  http://awinish.wordpress.com/


    This posting is provided AS-IS with no warranties/guarantees and confers no rights.
    Friday, November 25, 2011 4:09 PM
    Moderator
  • Hi,

    MULTIHOMED Domain controller is not recommended, it always results in multiple problems. When a VPN client connects to the VPN server, the server creates a PPP adapter to communicate with the remote computer. The server may then register the IP address of this PPP adapter in the DNS or the WINS database. When the internal computers try to connect to the IP address of the PPP adapter, them cannot reach the PPP adapter, then the connections fail.

    Post "dcdiag /q" and  "ipconfig /all" of each DC and XP.

    Refer below threads-

    Regards,


    Abhijit Waikar - MCSA 2003|MCSA 2003:Messaging|MCTS|MCITP:SA
    Friday, November 25, 2011 6:10 PM
  • Hi Abhijit/Awinish

    Thanks for your kind reply, i have run Dcidiag /q on each DC, and Ipconfig /all on each dc and XP client. it confused me that DC1 cannot replicate DC2.


    **********DcDiag /q on Dc2k31.contoson.com.which have DC/DNS roles*************

    Microsoft Windows [Version 5.2.3790]
    (C) Copyright 1985-2003 Microsoft Corp.

    C:\Documents and Settings\Eric Lan>dcdiag /q
             [Replications Check,DC2K32] A recent replication attempt failed:
                From DC2K31 to DC2K32
                Naming Context: CN=Schema,CN=Configuration,DC=Contoson,DC=com
                The replication generated an error (1908):
                Could not find the domain controller for this domain.
                The failure occurred at 2011-11-26 12:21:34.
                The last success occurred at 2011-11-26 11:59:43.
                1 failures have occurred since the last success.
                Kerberos Error.
                A KDC was not found to authenticate the call.
                Check that sufficient domain controllers are available.
             An Error Event occured.  EventID: 0xC25A001D
                Time Generated: 11/26/2011   12:04:29
                (Event String could not be retrieved)
             An Error Event occured.  EventID: 0x80001778
                Time Generated: 11/26/2011   12:20:41
                Event String: The previous system shutdown at 12:15:37 PM on
             An Error Event occured.  EventID: 0xC25A001D
                Time Generated: 11/26/2011   12:23:09
                (Event String could not be retrieved)
             ......................... DC2K32 failed test systemlog

     


    **********************ipconfig /all on dc2k31****************************

    C:\Documents and Settings\Administrator>ipconfig /all

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : DC2k31
       Primary Dns Suffix  . . . . . . . : Contoson.com
       Node Type . . . . . . . . . . . . : Unknown
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : Contoson.com

    Ethernet adapter Local Area Connection:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
       Physical Address. . . . . . . . . : 00-0C-29-61-44-63
       DHCP Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : 192.168.2.1
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.2.0
       DNS Servers . . . . . . . . . . . : 192.168.2.1

    C:\Documents and Settings\Administrator>

     

    *******************************DCdiag /q on dc2k32,which DC/VPN Role********************

    C:\Documents and Settings\Eric Lan>dcdiag /q
             [Replications Check,DC2K32] A recent replication attempt failed:
                From DC2K31 to DC2K32
                Naming Context: CN=Schema,CN=Configuration,DC=Contoson,DC=com
                The replication generated an error (1908):
                Could not find the domain controller for this domain.
                The failure occurred at 2011-11-26 12:21:34.
                The last success occurred at 2011-11-26 11:59:43.
                1 failures have occurred since the last success.
                Kerberos Error.
                A KDC was not found to authenticate the call.
                Check that sufficient domain controllers are available.
             An Error Event occured.  EventID: 0xC25A001D
                Time Generated: 11/26/2011   12:04:29
                (Event String could not be retrieved)
             An Error Event occured.  EventID: 0x80001778
                Time Generated: 11/26/2011   12:20:41
                Event String: The previous system shutdown at 12:15:37 PM on
             An Error Event occured.  EventID: 0xC25A001D
                Time Generated: 11/26/2011   12:23:09
                (Event String could not be retrieved)
             ......................... DC2K32 failed test systemlog

    *************************ipconfig /all on Dc2k32********************


    C:\Documents and Settings\Eric Lan>ipconfig /all

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : DC2K32
       Primary Dns Suffix  . . . . . . . : Contoson.com
       Node Type . . . . . . . . . . . . : Unknown
       IP Routing Enabled. . . . . . . . : Yes
       WINS Proxy Enabled. . . . . . . . : Yes
       DNS Suffix Search List. . . . . . : Contoson.com

    PPP adapter RAS Server (Dial In) Interface:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
       Physical Address. . . . . . . . . : 00-53-45-00-00-00
       DHCP Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : 192.168.3.10
       Subnet Mask . . . . . . . . . . . : 255.255.255.255
       Default Gateway . . . . . . . . . :

    Ethernet adapter Local Area Connection 2:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection #
    2
       Physical Address. . . . . . . . . : 00-0C-29-4F-5E-C6
       DHCP Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : 192.168.1.3
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . :
       NetBIOS over Tcpip. . . . . . . . : Disabled

    Ethernet adapter Local Area Connection:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
       Physical Address. . . . . . . . . : 00-0C-29-4F-5E-BC
       DHCP Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : 192.168.2.3
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . :
       DNS Servers . . . . . . . . . . . : 192.168.2.1

    C:\Documents and Settings\Eric Lan>

     


    ***************************iPconfig /all on XP(client pC)**********************
    Microsoft Windows XP [版本 5.1.2600]
    (C) 版权所有 1985-2001 Microsoft Corp.

    C:\Documents and Settings\Administrator>ipconfig /all

    Windows IP Configuration

            Host Name . . . . . . . . . . . . : Member1
            Primary Dns Suffix  . . . . . . . : Contoson.com
            Node Type . . . . . . . . . . . . : Unknown
            IP Routing Enabled. . . . . . . . : No
            WINS Proxy Enabled. . . . . . . . : No
            DNS Suffix Search List. . . . . . : contoson.com

    Ethernet adapter Local Area Connection:

            Connection-specific DNS Suffix  . :
            Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter

            Physical Address. . . . . . . . . : 00-0C-29-4A-56-06
            Dhcp Enabled. . . . . . . . . . . : No
            IP Address. . . . . . . . . . . . : 192.168.1.5
            Subnet Mask . . . . . . . . . . . : 255.255.255.0
            Default Gateway . . . . . . . . . :
            DNS Servers . . . . . . . . . . . : 192.168.2.1
                                                192.168.2.2

    PPP adapter RAS Server (Dial In) Interface:

            Connection-specific DNS Suffix  . :
            Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
            Physical Address. . . . . . . . . : 00-53-45-00-00-00
            Dhcp Enabled. . . . . . . . . . . : No
            IP Address. . . . . . . . . . . . : 192.168.3.12
            Subnet Mask . . . . . . . . . . . : 255.255.255.255
            Default Gateway . . . . . . . . . : 192.168.3.12
            DNS Servers . . . . . . . . . . . : 192.168.2.1

    C:\Documents and Settings\Administrator>

     

     


    • Edited by Lanhaiyun Saturday, November 26, 2011 1:55 AM
    Saturday, November 26, 2011 1:54 AM
  • It seems that DNS misconfig issue subent misconfig in RAS.Please check the below.

    1.On DC2k31 in DNS setting add the alternated DNS setting(192.168.2.3)

    2.n DC2k32 on Local Area Connection1 point the DNS setting to itself as preferred dns setting i.e enter the IP address of the server 192.168.2.3 assuming DNS role is installed on the server and 192.168.2.1 as alternate DNS setting.

    3.Check the NIC binding the LAN1 should in first order.
    http://theregime.wordpress.com/2008/03/04/how-to-setview-the-nic-bind-order-in-windows/

    4.Also in RAS configuration the subnet should be 255.255.255.0 and not 255.255.255.255 as class C IP adress is assigned .The same is also configured on client PC.Check the same and change.

    3.Disable the window firewall

    4.Ran ipconfig /flushdns and ipconfig /registerdns

    5.Restart the netlogon and DNS service

    6.Ran repadmin /syncall /AdeP on all DC to force the replication.

    7.Once done ran dcdiag /q to check for any errors.

    Hope this helps

    Regards,
    Sandesh Dubey.
    -------------------------------
    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator
    My Blog: http://sandeshdubey.wordpress.com
    This posting is provided AS IS with no warranties, and confers no rights.

    Saturday, November 26, 2011 5:09 AM
  • it's strange that RAS IP configuration, i set just IP range:192.168.3.10 to 192.168.3.100. but when I dial up to VPN server, the subnet mask is 255.255.255.255.

    Saturday, November 26, 2011 11:47 AM
  • Hello,

    I  do a Routing and rempote access test in windows serve 2003 by Vmware. I have two DCs:dc2k31.contoson.com and dc2k32.contoson.com and a client pc(XP) :member1.I configure Routing and Remotes services in Dc2k32 as VPN server.

    multihoming a DC is not recommended as it causes DNS problems => AD problems.

    More here: http://msmvps.com/blogs/acefekay/archive/2009/08/17/multihomed-dcs-with-dns-rras-and-or-pppoe-adapters.aspx

    It is recommended to use 1 IP address and 1 NIC card (Disable all other ones). It is also recommended to disable RRAS on DCs.

    I connnect to VPN server in Client(xp)  by domain account:contoson\ERIC Lan. i Can ping/access 192.168.2.3( dc2k32), but i cannot access/ping Dc2k31(192.168.2.1). not sure why?

    Disable the firewall and all security softwares installed on DC2K31.

     

    As you also have problems with AD replication, please proceed like that:

    • Make sure that each DC you have is a DNS server
    • Make sure that each DC you have points to the other one as primary DNS server, its private IP address as secondary one and 127.0.0.1 as third one
    • Make sure that DC2K31 does not have registration in the DNS system enabled on its external card

    Once done, run ipconfig /registerdns and restart netlogon on both DCs.

    Please also, delete all DCs DNS entries that you don't use from your DNS zones. Another thing is to check needed ports for AD replication are not bloked: http://technet.microsoft.com/en-us/library/bb727063.aspx

    For RRAS questions, please ask them here: http://social.technet.microsoft.com/Forums/en-US/winserverNIS/threads

    Another thing is to verify the used subnets as because I see that you have to use 255.255.255.0 instead of 255.255.255.255.

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

    • Edited by Mr XMVP Saturday, November 26, 2011 11:57 AM
    Saturday, November 26, 2011 11:56 AM
  • 1.On DC2k31 in DNS setting add the alternated DNS setting(192.168.2.3)

    2.n DC2k32 on Local Area Connection1 point the DNS setting to itself as preferred dns setting i.e enter the IP address of the server 192.168.2.3 assuming DNS role is installed on the server and 192.168.2.1 as alternate DNS setting.

    I didn't install a DNS on 192.168.2.3 (DC2K32.contoson.com). and When confirgure VPN IP(PPP) in same network(192.168.2.0) in DC2K32.contoson.com,  i can ping Dc2k31 and didn't find any error when run dcdiag /q.. what happened?
    Saturday, November 26, 2011 11:59 AM
  • it's strange that RAS IP configuration, i set just IP range:192.168.3.10 to 192.168.3.100. but when I dial up to VPN server, the subnet mask is 255.255.255.255. is there rules for setting RAS's IP address range, must be same as internal network?

    Saturday, November 26, 2011 1:40 PM
  • Hi,

    It is correct that the subnet mask is 255.255.255.255.

    I suggest you change the DC2K31's gateway to 192.168.2.3. If still cannot ping it, please change the VPN range to 192.168.2.10 to 192.168.2.100.

    Hope this helps.

    Best Regards,

    Yan Li


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Monday, November 28, 2011 9:42 AM
    Moderator