electech98
[H]ard|Gawd
- Joined
- Jul 12, 2002
- Messages
- 1,800
OK, there's something I just can't figure out:
I am trying to add a second Windows 2000 domain controller to our current domain. I don't want to add another domain or a sub-domain...just a second DC for our current domain for redundancy and load balancing. Eventually, when we open our branch (I work at a credit union) the new DC will be relocated there to serve the DNS, WINS, and print server requests of the workstations at the branch. At the main office here, we use 192.168.1.X private IP's with a 24-bit subnet. At the new branch, we will be using 192.168.2.X IP's with a 24-bit subnet. The main office and the branch will be connected two ways: a T1 between routers, and via VPN through business-class DSL that the main office currently has and the branch will have when we set it up.
Our original DC, which will stay here at the main office, is serving DNS and WINS. I want the new DC to serve DNS and WINS as well. I want each domain controller to be able to server DNS and WINS for both the 192.168.1.X and 192.168.2.X networks in case one of the DC's goes down. Everything (AD, DNS, WINS) needs to be replicated because of this.
So, I have the new DC on the network (currently on the 192.168.1.X network), and I have setup AD on it. Everything has transferred fine as far as AD Users and Computers, etc. I setup DNS on the new DC, and the Forward Lookup Zone seems to have transferred fine. I then created a Standard Secondary Reverse Lookup Zone on the new DC to be a copy of the Reverse Lookup Zone on the original DC. Then I tried to mess with the Forwarders settings, such that I named the original DC as a Forwarder to the new DC, and vice versa. In each DNS zone, I listed both DC's as Name Servers for the zones. Also, on the original DC I created another Reverse Lookup Zone for 192.168.2.X, and created a Standard Secondary copy of that zone on the new DC. However, I listed the new DC as the primary name server on that 192.168.2.X RLZ, whereas on the 192.168.1.X RLZ the original DC is the primary name server, as it is on the AD-integrated Forward Lookup Zone.
Then I tried setting up WINS on the new DC. I authorized it in AD, then set the originial DC as a replication partner. On the original DC, I set the new DC as a replication partner in WINS.
I also went into AD Sites and Services and set the new DC to have a Global Catalog, even though the original DC hosts it as well.
Yet, with all this, I think I might be messing with too much stuff, or not setting things properly to begin with. I have gotten DNS errors regarding forwarding, such that it tells me that I should not restrict recursive entries, even though each DNS server does not have recursive entries restricted. I have gotten other DNS errors as well, but I do not remember which ones in haste to write this out for the forums.
Am I doing something wrong here? I want this to work now while I have the new DC on the same network as the original DC, so that I can be better assured of success when I move it to the 192.168.2.X network when we configure the branch. How would you guys set this scenario up such that all AD services are replicated on each DC, so that if one DC were to go down, all users in both networks (.1.X and .2.X) would be able to still authenticate and request DNS and WINS successfully?
Sorry for the long post, but thanks in advance for your help!
EDIT: added some DNS settings info.
I am trying to add a second Windows 2000 domain controller to our current domain. I don't want to add another domain or a sub-domain...just a second DC for our current domain for redundancy and load balancing. Eventually, when we open our branch (I work at a credit union) the new DC will be relocated there to serve the DNS, WINS, and print server requests of the workstations at the branch. At the main office here, we use 192.168.1.X private IP's with a 24-bit subnet. At the new branch, we will be using 192.168.2.X IP's with a 24-bit subnet. The main office and the branch will be connected two ways: a T1 between routers, and via VPN through business-class DSL that the main office currently has and the branch will have when we set it up.
Our original DC, which will stay here at the main office, is serving DNS and WINS. I want the new DC to serve DNS and WINS as well. I want each domain controller to be able to server DNS and WINS for both the 192.168.1.X and 192.168.2.X networks in case one of the DC's goes down. Everything (AD, DNS, WINS) needs to be replicated because of this.
So, I have the new DC on the network (currently on the 192.168.1.X network), and I have setup AD on it. Everything has transferred fine as far as AD Users and Computers, etc. I setup DNS on the new DC, and the Forward Lookup Zone seems to have transferred fine. I then created a Standard Secondary Reverse Lookup Zone on the new DC to be a copy of the Reverse Lookup Zone on the original DC. Then I tried to mess with the Forwarders settings, such that I named the original DC as a Forwarder to the new DC, and vice versa. In each DNS zone, I listed both DC's as Name Servers for the zones. Also, on the original DC I created another Reverse Lookup Zone for 192.168.2.X, and created a Standard Secondary copy of that zone on the new DC. However, I listed the new DC as the primary name server on that 192.168.2.X RLZ, whereas on the 192.168.1.X RLZ the original DC is the primary name server, as it is on the AD-integrated Forward Lookup Zone.
Then I tried setting up WINS on the new DC. I authorized it in AD, then set the originial DC as a replication partner. On the original DC, I set the new DC as a replication partner in WINS.
I also went into AD Sites and Services and set the new DC to have a Global Catalog, even though the original DC hosts it as well.
Yet, with all this, I think I might be messing with too much stuff, or not setting things properly to begin with. I have gotten DNS errors regarding forwarding, such that it tells me that I should not restrict recursive entries, even though each DNS server does not have recursive entries restricted. I have gotten other DNS errors as well, but I do not remember which ones in haste to write this out for the forums.
Am I doing something wrong here? I want this to work now while I have the new DC on the same network as the original DC, so that I can be better assured of success when I move it to the 192.168.2.X network when we configure the branch. How would you guys set this scenario up such that all AD services are replicated on each DC, so that if one DC were to go down, all users in both networks (.1.X and .2.X) would be able to still authenticate and request DNS and WINS successfully?
Sorry for the long post, but thanks in advance for your help!
EDIT: added some DNS settings info.