Strange Network problems

[Guest]

Envorinment is three Windows 2003 DC's at two sites.

-- One Windows DC cannot remote desktop to the other DC (or any other computers) at remote site. The DC at the remote site can remote desktop to the problem Windows DC. The DC at the same site as the problem DC can remote desktop to the remote site

-- Users at the remote site cannot connect to printers shared on the problem DC. They can connect to printers on the other DCs. Users local to the problem DC can connect to its shared printers

-- AD replication works with no logged problems but Replmon run on problem DC cannot connect to remote site DC. Replmon run on the DC in the same site as the problem DC can connect to remote DC without difficulties

Looks like a call to Microsoft. Any thoughts?

 

[Steven L Umbach]

It sounds like possibly a name resolution or network connectivity issue possible
involving firewall/routing problems. Remote desktop would indicate that and has
nothing to do with it being a domain controller or AD replication. If you have not
already try using the IP address in Remote Desktop to connect from that dc to other
computers instead of their computer names. Try pinging other computers by their name
and then IP addresses from the problem dc. I would also run first netdiag and then
dcdiag on the problem dc looking for any failed tests or errors and look in the logs
in Event Viewer. Be sure to check any firewalls/ipsec policies between the sites to
make sure both domain controllers have proper access. Netdiag and dcdiag are located
on the install cd under support/tools folder where you will have to run setup or the
..msi package there. --- Steve

Envorinment is three Windows 2003 DC's at two sites.

-- One Windows DC cannot remote desktop to the other DC (or any other computers) at

remote site. The DC at the remote site can remote desktop to the problem Windows DC.
The DC at the same site as the problem DC can remote desktop to the remote site.

-- Users at the remote site cannot connect to printers shared on the problem DC.

They can connect to printers on the other DCs. Users local to the problem DC can
connect to its shared printers.

-- AD replication works with no logged problems but Replmon run on problem DC

cannot connect to remote site DC. Replmon run on the DC in the same site as the
problem DC can connect to remote DC without difficulties.

 

[Guest]

Agree on network problem but really can't narrow it down. DCDiag and NetDIag come back clean (other than periodic FRS problems). Pings are clean as well. NLTest and DNSLint show no issues.

Because of an unrelated Dfs problem, modified Dfs and got a could not connect to remote server Rpc error. Did several support/reseource kit tools Rpc tests: all clean. NetMon captures many, many packets from the MSRPC protocol like: problem DC -> Local DC "Hint 0x14" and Local DC -> Problem DC "Cancels 0x00

I looked into RPC issues a little more. On the other DCs, RPC Locator service was running but had a start-up type of manual. On the problem DC, I started the service, but it made no difference.

Perhaps the most telling indicator of a problem is running the Rpcdump utility. *ALL* entries show "Not Pinged."

Additional stuff

The good local DC also and the remote DC run Exchange 2003. No problem with intrasite comms or AD replication bewtween them

Connection between the two sites is a Cisco GRE/IPSec VPN; firewalls permit entire subnets. System changes between when all functioned and today was addition of Backup Exec remote agent, now removed. Also, a Xerox Fiery print system which had been giving problems and was not removed properly (pert of the DFs work mentioned above.) However, removal occured after this problem was identified. Finally, a RAID drive failure; since rebuilt with no issues.

 

[Steven L Umbach]

Hmm. Can't think of anything else right now. RPC through a firewall can be
problematic due to the way rpc assigns random above 1024 port to server for the
service but you said that the vpn tunnel allows full access and other tests look
good. Good luck. --- Steve

Agree on network problem but really can't narrow it down. DCDiag and NetDIag come

back clean (other than periodic FRS problems). Pings are clean as well. NLTest and
DNSLint show no issues.

Because of an unrelated Dfs problem, modified Dfs and got a could not connect to

remote server Rpc error. Did several support/reseource kit tools Rpc tests: all
clean. NetMon captures many, many packets from the MSRPC protocol like: problem DC ->
Local DC "Hint 0x14" and Local DC -> Problem DC "Cancels 0x00"

I looked into RPC issues a little more. On the other DCs, RPC Locator service was

running but had a start-up type of manual. On the problem DC, I started the service,
but it made no difference.

Perhaps the most telling indicator of a problem is running the Rpcdump utility.

*ALL* entries show "Not Pinged."

Additional stuff:

The good local DC also and the remote DC run Exchange 2003. No problem with

intrasite comms or AD replication bewtween them.

Connection between the two sites is a Cisco GRE/IPSec VPN; firewalls permit entire

subnets. System changes between when all functioned and today was addition of Backup
Exec remote agent, now removed. Also, a Xerox Fiery print system which had been
giving problems and was not removed properly (pert of the DFs work mentioned above.)
However, removal occured after this problem was identified. Finally, a RAID drive
failure; since rebuilt with no issues.