From: Phil Loper on
Ace Fekay [MVP] wrote:
> In news:OxGiO4ipIHA.3408(a)TK2MSFTNGP03.phx.gbl,
> Phil Loper <phil(a)nospam-gracelivingcenters.com> typed:
>> Hi Meinolf,
>>
>> Yes, we did have an old DC crash, which we replaced with dc1 and we
>> also replaced our backup dc with dc2. Both were done a while back,
>> but I do think the problems started about that time. Both dc1 and
>> dc2 are gc's.
>> DC2 is not a DNS server. We do have another DNS server, so I went
>> ahead and changed both of them to use DC1 as the preferred and the
>> other dns server as the secondary, as you suggested. Since they were
>> both set to use the third server as preferred, could that have caused
>> some of the problems? Should I also set all the client pc's the same
>> way?
>> I will work on getting the rras moved to another box.
>>
>> Thanks
>
> What is the other (third) DNS server? Is it a DC as well? How many DCs total
> exist?
>
> If it is not a DC, how is it getting a copy of the AD zone? Is it a
> Secondary zone?
>
>
There are 2 DCs and 2 DNS servers. DC1 is a DC and a DNS server, DC2 is
DC only, and the third server I was referring to is DNS only and is set
up as secondary. Should it be set up differently? My problems still
exist after making the previous changes and rebooting. Thanks!
From: Ace Fekay [MVP] on
In news:OpW4fmFsIHA.672(a)TK2MSFTNGP02.phx.gbl,
Phil Loper <phil(a)nospam-gracelivingcenters.com> typed:
> There are 2 DCs and 2 DNS servers. DC1 is a DC and a DNS server, DC2
> is DC only, and the third server I was referring to is DNS only and
> is set up as secondary. Should it be set up differently? My
> problems still exist after making the previous changes and rebooting.
> Thanks!

If you have two DCs, I would suggest to make the other a DNS server and
eliminate the Secondary on the member server. Numerous benefits. I would
make the partner as the first entry, and itself as the second entry. Same
with the client machines. Make sure updates are allowed on the zone.

I would also suggest to remove that PPP connection off the DC. That can
cause numerous issues, and as Meinold stated, it is highly recommended to
NOT multihome a DC. This may be the root of all your problems. Multihoming a
DC cause numerous problems, ESPECIALLY if it is a PPP connection. What is
that connection for? ADSL? VPN from RRAS? If for a PPPoE connection for
ADSL, I would suggest eliminating it completely and using a $40 USD LInksys
router, if budget is a concern. If budget is no concern, I suggest to get a
Pix. If for VPN, I suggest to put RRAS on the member server.

If you want to keep the PPP connection on the server (RRAS or not), I have a
multi-step method to properly configure it that includes a few registry
changes. But I don't think you want to go through all of that and would want
to make your life a little easier by single-homing the machine.

Ace






From: Phil Loper on
I am not sure what I am doing wrong, but when I tried to set up a new
ras server and had everyone switch the ip in their vpn connection, it is
not working properly. They can connect, but then they can not access
anything on the network. I tried having them both up at the same time,
but as soon as someone connected to the new one, I can not ping anyone
connected to the old one. So I had to switch them back to the old one.
Maybe your workaround would be my best option.

Ace Fekay [MVP] wrote:
> In news:OpW4fmFsIHA.672(a)TK2MSFTNGP02.phx.gbl,
> Phil Loper <phil(a)nospam-gracelivingcenters.com> typed:
>> There are 2 DCs and 2 DNS servers. DC1 is a DC and a DNS server, DC2
>> is DC only, and the third server I was referring to is DNS only and
>> is set up as secondary. Should it be set up differently? My
>> problems still exist after making the previous changes and rebooting.
>> Thanks!
>
> If you have two DCs, I would suggest to make the other a DNS server and
> eliminate the Secondary on the member server. Numerous benefits. I would
> make the partner as the first entry, and itself as the second entry. Same
> with the client machines. Make sure updates are allowed on the zone.
>
> I would also suggest to remove that PPP connection off the DC. That can
> cause numerous issues, and as Meinold stated, it is highly recommended to
> NOT multihome a DC. This may be the root of all your problems. Multihoming a
> DC cause numerous problems, ESPECIALLY if it is a PPP connection. What is
> that connection for? ADSL? VPN from RRAS? If for a PPPoE connection for
> ADSL, I would suggest eliminating it completely and using a $40 USD LInksys
> router, if budget is a concern. If budget is no concern, I suggest to get a
> Pix. If for VPN, I suggest to put RRAS on the member server.
>
> If you want to keep the PPP connection on the server (RRAS or not), I have a
> multi-step method to properly configure it that includes a few registry
> changes. But I don't think you want to go through all of that and would want
> to make your life a little easier by single-homing the machine.
>
> Ace
>
>
>
>
>
>
From: Ace Fekay [MVP] on
In news:eXQdHaStIHA.3792(a)TK2MSFTNGP02.phx.gbl,
Phil Loper <phil(a)nospam-gracelivingcenters.com> typed:
> I am not sure what I am doing wrong, but when I tried to set up a new
> ras server and had everyone switch the ip in their vpn connection, it
> is not working properly. They can connect, but then they can not
> access anything on the network. I tried having them both up at the
> same time, but as soon as someone connected to the new one, I can not
> ping anyone connected to the old one. So I had to switch them back
> to the old one. Maybe your workaround would be my best option.

Setup a new server? Did you install PPPoE on it too or is it internal? I
internal, possibly you didn't allow the ports on the DC?

Compare your two RRAS properties from both machines.

My workaround to force a DC to work may not necessarily work for what you
are doing.It is designed to force a multihomed server to work by altering
registery and other settings that are not default.

If budge is the issue, a better suggestion is to purchase an inexpensive
Linksys router and let it be the connection to the internet, and remove the
PPPoE software or disable that connection on the DC. Move the VPN to a
member server. Allow the VPN ports by port remapping the ports through the
Linksys to the internal VPN server (GRE 1723 and Prot Id 47).

Ace


From: Phil Loper on
Ace Fekay [MVP] wrote:
> In news:eXQdHaStIHA.3792(a)TK2MSFTNGP02.phx.gbl,
> Phil Loper <phil(a)nospam-gracelivingcenters.com> typed:
>> I am not sure what I am doing wrong, but when I tried to set up a new
>> ras server and had everyone switch the ip in their vpn connection, it
>> is not working properly. They can connect, but then they can not
>> access anything on the network. I tried having them both up at the
>> same time, but as soon as someone connected to the new one, I can not
>> ping anyone connected to the old one. So I had to switch them back
>> to the old one. Maybe your workaround would be my best option.
>
> Setup a new server? Did you install PPPoE on it too or is it internal? I
> internal, possibly you didn't allow the ports on the DC?
>
> Compare your two RRAS properties from both machines.
>
> My workaround to force a DC to work may not necessarily work for what you
> are doing.It is designed to force a multihomed server to work by altering
> registery and other settings that are not default.
>
> If budge is the issue, a better suggestion is to purchase an inexpensive
> Linksys router and let it be the connection to the internet, and remove the
> PPPoE software or disable that connection on the DC. Move the VPN to a
> member server. Allow the VPN ports by port remapping the ports through the
> Linksys to the internal VPN server (GRE 1723 and Prot Id 47).
>
> Ace
>
>
It is just for vpn, and I just installed rras on a member server, setup
just like the existing one. Do you know where I might find a step by
step guide for setting up a RRAS/VPN server on Windows 2000 Server so
that I can make sure I'm not missing something? It has been a long time
since I set the first one up. Thanks!