Join 2 remote offices

I am working with a company that is trying to join their 2 offices that are
in diferent locations.
I have managed to create the VPN tunnel and am able to put many services and
data across this, However I am unable to get the 2 servers to join as they
are on different IP subnets.
The main office is using 192.168.100.0 and the remote office is using
192.168.1.0
Is there a simple way to get these 2 servers (windows 2003) to connect
together.
I was told that I need to modify them to accept the 2 subnets internally but
I can not see how this should be done.

Any one know the answer...

Regards
Bernard

"Bernard Si-Tech" <(E-Mail Removed)> wrote in message
news:A1346791-1FB2-4987-A42D-(E-Mail Removed)...
>I am working with a company that is trying to join their 2 offices that are
> in diferent locations.
> I have managed to create the VPN tunnel and am able to put many services
> and
> data across this, However I am unable to get the 2 servers to join as they
> are on different IP subnets.

They *have* to be on different subnet.
It will not work otherwise.

> The main office is using 192.168.100.0 and the remote office is using
> 192.168.1.0
> Is there a simple way to get these 2 servers (windows 2003) to connect
> together.

Define "connect together".

> I was told that I need to modify them to accept the 2 subnets internally
> but
> I can not see how this should be done.

That is already happening or you wouldn't be "putting many services and
data across" the link.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

Are you perhaps talking about DNS?

Communication across a WAN link is smoother if the DNS server in each
site acts as a secondary for the DNS zone of the other site. Each DNS server
can then resolve names of machines in either site locally, rather than
forwarding the query across the WAN link.

"Bernard Si-Tech" <(E-Mail Removed)> wrote in message
news:A1346791-1FB2-4987-A42D-(E-Mail Removed)...
>I am working with a company that is trying to join their 2 offices that are
> in diferent locations.
> I have managed to create the VPN tunnel and am able to put many services
> and
> data across this, However I am unable to get the 2 servers to join as they
> are on different IP subnets.
> The main office is using 192.168.100.0 and the remote office is using
> 192.168.1.0
> Is there a simple way to get these 2 servers (windows 2003) to connect
> together.
> I was told that I need to modify them to accept the 2 subnets internally
> but
> I can not see how this should be done.
>
> Any one know the answer...
>
> Regards
> Bernard

I am trying to get their 2 offices to connect as 1 network, when I try to get
a server at the remote office to join the domain I recieve a message "a
domain controller for the domain
"mydomain" could not be contacted. Ensure that the domain name is typed
correctly"

I was informed that it is possible to create this type of network (although
I have never done so) across different subnets (required for VPN).
I have all ports open on the VPN tunnel and set them to not block any traffic.
is there something I need to do in windows to allow them to communicate over
the two subnets.

I would expect I need to set somweher to allow them to comunicate.
They asked for the main office to have a top server as "office.local" with a
lower level at both offices such as "main.office.local" and
"remote.office.local"
with local services hosted on the local servers and the top level to be for
connection betwen offices and as a domain backup system.

Currently for the test I have completed the install of the main.office.local
& office.local
When I try to add to the network the remote.office.local server the error
shows and I can not connect.
There is only the three servers on this network as it is a test system prior
to rollout.

If you need further information please let me know.

Regards
Bernard

"Bill Grant" wrote:

> Are you perhaps talking about DNS?
>
> Communication across a WAN link is smoother if the DNS server in each
> site acts as a secondary for the DNS zone of the other site. Each DNS server
> can then resolve names of machines in either site locally, rather than
> forwarding the query across the WAN link.
>
> "Bernard Si-Tech" <(E-Mail Removed)> wrote in message
> news:A1346791-1FB2-4987-A42D-(E-Mail Removed)...
> >I am working with a company that is trying to join their 2 offices that are
> > in diferent locations.
> > I have managed to create the VPN tunnel and am able to put many services
> > and
> > data across this, However I am unable to get the 2 servers to join as they
> > are on different IP subnets.
> > The main office is using 192.168.100.0 and the remote office is using
> > 192.168.1.0
> > Is there a simple way to get these 2 servers (windows 2003) to connect
> > together.
> > I was told that I need to modify them to accept the 2 subnets internally
> > but
> > I can not see how this should be done.
> >
> > Any one know the answer...
> >
> > Regards
> > Bernard
>
>

"Bernard Si-Tech" <(E-Mail Removed)> wrote in message
news:87EC057B-040E-40A4-A485-(E-Mail Removed)...
>I am trying to get their 2 offices to connect as 1 network, when I try to
>get
> a server at the remote office to join the domain I recieve a message "a
> domain controller for the domain
> "mydomain" could not be contacted. Ensure that the domain name is typed
> correctly"

You can't do stuff like that without considering what is already there. If
both Sites already have a Domain then you cannot join anything anywhere
without trashing what is already there.

> I was informed that it is possible to create this type of network
> (although
> I have never done so) across different subnets (required for VPN).
> I have all ports open on the VPN tunnel and set them to not block any
> traffic.
> is there something I need to do in windows to allow them to communicate
> over
> the two subnets.

A Domain is not a "network"
A Network is not a "domain".
A Domain is an administration "environment" or "boundary"
A Subnet and a Network are effectively the same thing and are completely
irrelevant to "domains".
So what you need to consider is whatever is the best Domain Model is for the
situation
1. Single Forest/Single Domain with AD Sites
2. Single Forest/Master Domain-Child Domain with AD Sites
3. Single Forest/Multiple Domains with AD Sites (same as #2?, unsure)
4. Multple Forest with Flat trust
5. Other variations I can't think of right now

The Forest determines the DNS Structure. All DC/DNS within a Forest are
already aware of all Zones and Forest Replication keeps them in Sync.

Two different Forests will not be aware of each others Zones. Therefore you
must configure Zone Transfers between them. The Zone transfers will work
similar to Replication to keep evrything in sync.

> I would expect I need to set somweher to allow them to comunicate.
> They asked for the main office to have a top server as "office.local" with
> a
> lower level at both offices such as "main.office.local" and
> "remote.office.local"
> with local services hosted on the local servers and the top level to be
> for
> connection betwen offices and as a domain backup system.

Those are way too many "dots".
Get rid of the 5 digit TOC. That came from the mentality of SBS and is not
such a great idea. Here is a sample of what things would look like with a
Single Forest/ Master-Child model:

Master Domain = mycompany.loc
Child Domain #1 = somesite.mycompany.loc
Child Domain #2 = anothersite.mycompany.loc
Child Domain #3 = differentsite.mycompany.loc

Computers would be named like this:
hostname.mycompany.loc
hostname.somesite.mycompany.loc
hostname.anothersite.mycompany.loc
hostname.differentsite.mycompany.loc

Someone who knows this stuff better should take it futher. I am hitting my
personal limits.
This is not something that you can just "wing it" and hope it works.
Decisions can become permanent and extremely difficult to fix if done
incorrectly.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

Hi Philip
Sorry if my message is not so clear.
see comments below


"Phillip Windell" wrote:

> "Bernard Si-Tech" <(E-Mail Removed)> wrote in message
> news:87EC057B-040E-40A4-A485-(E-Mail Removed)...
> >I am trying to get their 2 offices to connect as 1 network, when I try to
> >get
> > a server at the remote office to join the domain I recieve a message "a
> > domain controller for the domain
> > "mydomain" could not be contacted. Ensure that the domain name is typed
> > correctly"
>
> You can't do stuff like that without considering what is already there. If
> both Sites already have a Domain then you cannot join anything anywhere
> without trashing what is already there.
>
> > I was informed that it is possible to create this type of network
> > (although
> > I have never done so) across different subnets (required for VPN).
> > I have all ports open on the VPN tunnel and set them to not block any
> > traffic.
> > is there something I need to do in windows to allow them to communicate
> > over
> > the two subnets.
>
> A Domain is not a "network"
> A Network is not a "domain".
> A Domain is an administration "environment" or "boundary"
> A Subnet and a Network are effectively the same thing and are completely
> irrelevant to "domains".
> So what you need to consider is whatever is the best Domain Model is for the
> situation
> 1. Single Forest/Single Domain with AD Sites
> 2. Single Forest/Master Domain-Child Domain with AD Sites
> 3. Single Forest/Multiple Domains with AD Sites (same as #2?, unsure)
> 4. Multple Forest with Flat trust
> 5. Other variations I can't think of right now
>
> The Forest determines the DNS Structure. All DC/DNS within a Forest are
> already aware of all Zones and Forest Replication keeps them in Sync.
>
> Two different Forests will not be aware of each others Zones. Therefore you
> must configure Zone Transfers between them. The Zone transfers will work
> similar to Replication to keep evrything in sync.
>
> > I would expect I need to set somweher to allow them to comunicate.
> > They asked for the main office to have a top server as "office.local" with
> > a
> > lower level at both offices such as "main.office.local" and
> > "remote.office.local"
> > with local services hosted on the local servers and the top level to be
> > for
> > connection betwen offices and as a domain backup system.
>
> Those are way too many "dots".
> Get rid of the 5 digit TOC. That came from the mentality of SBS and is not
> such a great idea. Here is a sample of what things would look like with a
> Single Forest/ Master-Child model:
>
> Master Domain = mycompany.loc
> Child Domain #1 = somesite.mycompany.loc
> Child Domain #2 = anothersite.mycompany.loc
> Child Domain #3 = differentsite.mycompany.loc

Yes, This is what we want to do..

Master domain office.local
Child domain main.office.local
Child domain remote.office.local

They want to trash the entire system and build a new system as it is such a
mess.
New Equipment and the remote site is new so no need to worry about any data
there.
The main office has way too much equipment (12 servers) for 35 people.
the network is so slow due to old equipment. all data is safe on NAS systems.

I can build the network, just don't know how to make the second child domain
be part of the main system through the VPN.
I haver built many networks but this is the first that spans 2 seperate
offices and using diferent subnetworks.
My questio is how tom make the connection between the offices through the
tunnel between the servers.
Do I need to create the DNS first. and what do I need to set in there for
the subnetworks.
or do I do another way first.

>
> Computers would be named like this:
> hostname.mycompany.loc
> hostname.somesite.mycompany.loc
> hostname.anothersite.mycompany.loc
> hostname.differentsite.mycompany.loc
>
> Someone who knows this stuff better should take it futher. I am hitting my
> personal limits.
> This is not something that you can just "wing it" and hope it works.
> Decisions can become permanent and extremely difficult to fix if done
> incorrectly.
>
> --
> Phillip Windell
> www.wandtv.com
>
> The views expressed, are my own and not those of my employer, or Microsoft,
> or anyone else associated with me, including my cats.
> -----------------------------------------------------
>
>
>

"Bernard Si-Tech" <(E-Mail Removed)> wrote in message
news:2B86AE10-C340-4739-B712-(E-Mail Removed)...
> My questio is how tom make the connection between the offices through the
> tunnel between the servers.
> Do I need to create the DNS first. and what do I need to set in there for
> the subnetworks.
> or do I do another way first.

I am going to assume the Tunnel is fine and the Routing Scheme related to it
is fine.

When you first start you will only have one or two DCs at the primary
location.

On the Server at the secondary location you need to enter the DC from the
main location into its DNS Settings in the TCP/IP Config. Do the same for
WINS if there is one. There should be *No* other DNS IP# entered into it.

Join it to the Domain. Use FQDNs,..do not use Netbios Names.

Run DCPromo and specify that it is to be a Domain in an existing Forest. Do
your own research here,...there is more than one model to choose from,...do
not do it wrong the first time. Do not simply take my word for it,...I do
not know all the details of your situation. Research it,...do it right the
first time.

When finished with the new DC change the DNS in the TCP/IP Specs to point to
itself.

Research Active Directory Sites. The AD Sites is a *requirement* for Forest
Replication to work properly over a slow WAN Link. Each location separated
by a WAN Link must be in its own AD Site and must be a different subnet from
other sites.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/downlo...7/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/p...s/default.mspx

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/e...epartners.mspx
-----------------------------------------------------

Hi Philip
Thanks for the help.
I have most under controll, we have decided opn a DC plan and it will be
implemented after we complete these tests, currently I am just testing and
these settings will be deleted completely (via a format & re-install).
I have the DNS settings in as you suggested and find I am able to view the
complete network and it shows the servers at both ends of the VPN tunnel from
the remote Server, however it only shows the local server at the local site.
seems I am missing something here.
I have entered the DNS zone of each site in the opposite site server Ip
address table.
I can remote access & Remote control over the VPN link.
I am still getting an error message when I try to make the remote server
join the domain, I am trying this from the change computer name section where
I set it is part of a domain and I type in the domain to be joined.
I get the error message that the domain is not available, any Ideas what I
could be missing.

Regards
Bernard


"Phillip Windell" wrote:

> "Bernard Si-Tech" <(E-Mail Removed)> wrote in message
> news:2B86AE10-C340-4739-B712-(E-Mail Removed)...
> > My questio is how tom make the connection between the offices through the
> > tunnel between the servers.
> > Do I need to create the DNS first. and what do I need to set in there for
> > the subnetworks.
> > or do I do another way first.
>
> I am going to assume the Tunnel is fine and the Routing Scheme related to it
> is fine.
>
> When you first start you will only have one or two DCs at the primary
> location.
>
> On the Server at the secondary location you need to enter the DC from the
> main location into its DNS Settings in the TCP/IP Config. Do the same for
> WINS if there is one. There should be *No* other DNS IP# entered into it.
>
> Join it to the Domain. Use FQDNs,..do not use Netbios Names.
>
> Run DCPromo and specify that it is to be a Domain in an existing Forest. Do
> your own research here,...there is more than one model to choose from,...do
> not do it wrong the first time. Do not simply take my word for it,...I do
> not know all the details of your situation. Research it,...do it right the
> first time.
>
> When finished with the new DC change the DNS in the TCP/IP Specs to point to
> itself.
>
> Research Active Directory Sites. The AD Sites is a *requirement* for Forest
> Replication to work properly over a slow WAN Link. Each location separated
> by a WAN Link must be in its own AD Site and must be a different subnet from
> other sites.
>
> --
> Phillip Windell
> www.wandtv.com
>
> The views expressed, are my own and not those of my employer, or Microsoft,
> or anyone else associated with me, including my cats.
> -----------------------------------------------------
> Understanding the ISA 2004 Access Rule Processing
> http://www.isaserver.org/articles/IS...cessRules.html
>
> Troubleshooting Client Authentication on Access Rules in ISA Server 2004
> http://download.microsoft.com/downlo...7/ts_rules.doc
>
> Microsoft Internet Security & Acceleration Server: Partners
> http://www.microsoft.com/isaserver/p...s/default.mspx
>
> Microsoft ISA Server Partners: Partner Hardware Solutions
> http://www.microsoft.com/forefront/e...epartners.mspx
> -----------------------------------------------------
>
>
>

"Bernard Si-Tech" <(E-Mail Removed)> wrote in message
news:3EA84765-DEF5-43EE-8F56-(E-Mail Removed)...
> I have the DNS settings in as you suggested and find I am able to view the
> complete network and it shows the servers at both ends of the VPN tunnel
> from
> the remote Server, however it only shows the local server at the local
> site.
> seems I am missing something here.

Don't worry about what you "see" (or not see) in Network Places. It is
pointless and irrelevant. Netbios Network Browsing has nothing to do with
Domain Functionality.

> I have entered the DNS zone of each site in the opposite site server Ip
> address table.

Don't create any Zones. The functioning AD/DNS needs to be the "DNS Server"
listed in the TCP/IP Specs of the remote machine before it is "joined".
After it is joined it gets promoted to a Domain Controller.

> I can remote access & Remote control over the VPN link.
> I am still getting an error message when I try to make the remote server
> join the domain, I am trying this from the change computer name section
> where
> I set it is part of a domain and I type in the domain to be joined.
> I get the error message that the domain is not available, any Ideas what I
> could be missing.

Then maybe the WAN link is just too slow. The upload speed of the Link is
what matters.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------