novice: problem adding second domain

I am an Active Directory novice struggling with some setup problems. Both
servers are running Win2K3 Std. All clients are running XP Pro SP1.

I have a domain up and running in one of our offices. It was our first
domain, so I did "new forest" when I set it up. Everything is working fine.
I am attempting to set up a second Win2K3 server in our other office. The
office is in a different location; the connection between the two offices is
via a Watchguard VPN connection. The two offices are on differnent subnets
(existing office 192.168.30.0, new office on 192.168.10.0). I can
communicate via IP between the two offices (e.g. I can ping 192.168.30.10
from 192.168.10.0), but I cannot communicate via computer names.

The existing server is a domain controller and is running DNS. Now I'm
trying to set up the server in the new office as a new domain controller
(not a child but part of the same forest). When I first tried to add the
domain controller role to the new server, it complained because it could not
find an existing domain (I guess because it was on a different subnet?). So
I went ahead and changed the new server's TCP/IP DNS setting to point to the
existing server on the other subnet. It seemed like quite a hack and
nothing I would want to keep permanent, but it got me past that step.

I made it to the point in the wizard where it tells me that I need to make
the new server a DNS server also. It goes down that path quite happily,
replicating lots of objects from our existing domain controller, but then it
dies seemingly close to the end (in the same spot everytime), by throwing
the following error:

***********************
The operation failed because:

Active Directory could not replicate the directory partition
CN=Schema,CN=Configuration,DC=csc,DC=fl,DC=redvisi on,DC=com from the remote
domain controller flcscsrv01.csc.fl.redvision.com.

"The RPC server is unavailable."
***********************

I've done a bunch of reading and searching on Google. I've played around a
bit with the 'dcdiag' tool also. But it seems like I'm beyond the problem
of getting the new server to talk to the existing one.

Any help or suggestions to further diagnose would be greatly appreciated.

Thanks
-joe

In news:(E-Mail Removed),
Joe Ross <(E-Mail Removed)> posted a question
Then Kevin replied below:
: I am an Active Directory novice struggling with some setup problems.
: Both servers are running Win2K3 Std. All clients are running XP Pro
: SP1.
:
: I have a domain up and running in one of our offices. It was our
: first domain, so I did "new forest" when I set it up. Everything is
: working fine. I am attempting to set up a second Win2K3 server in our
: other office. The office is in a different location; the connection
: between the two offices is via a Watchguard VPN connection. The two
: offices are on differnent subnets (existing office 192.168.30.0, new
: office on 192.168.10.0). I can communicate via IP between the two
: offices (e.g. I can ping 192.168.30.10 from 192.168.10.0), but I
: cannot communicate via computer names.
:
: The existing server is a domain controller and is running DNS. Now
: I'm trying to set up the server in the new office as a new domain
: controller (not a child but part of the same forest). When I first
: tried to add the domain controller role to the new server, it
: complained because it could not find an existing domain (I guess
: because it was on a different subnet?). So I went ahead and changed
: the new server's TCP/IP DNS setting to point to the existing server
: on the other subnet. It seemed like quite a hack and nothing I would
: want to keep permanent, but it got me past that step.
:
: I made it to the point in the wizard where it tells me that I need to
: make the new server a DNS server also. It goes down that path quite
: happily, replicating lots of objects from our existing domain
: controller, but then it dies seemingly close to the end (in the same
: spot everytime), by throwing the following error:
:
: ***********************
: The operation failed because:
:
: Active Directory could not replicate the directory partition
: CN=Schema,CN=Configuration,DC=csc,DC=fl,DC=redvisi on,DC=com from the
: remote domain controller flcscsrv01.csc.fl.redvision.com.
:
: "The RPC server is unavailable."
: ***********************
:
: I've done a bunch of reading and searching on Google. I've played
: around a bit with the 'dcdiag' tool also. But it seems like I'm
: beyond the problem of getting the new server to talk to the existing
: one.
:
: Any help or suggestions to further diagnose would be greatly
: appreciated.
:
: Thanks
: -joe

Is the new server using the current DC for DNS only in its NIC?
It must.

--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
--
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your issue.
To respond directly to me remove the nospam. from my email.
==========================================
http://www.lonestaramerica.com/
==========================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
Keep a back up of your OE settings and folders with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
==========================================

> Is the new server using the current DC for DNS only in its NIC?
> It must.

I'm not certain I understand what you're saying.

If you are asking if the NIC on the new server (it only has one), has it's
TCP/IP DNS Server set to the IP of the existing DC...the answer is yes. I
had to do that to get past the initial issues I was experiencing.

If you are asking something else, please clarify as I am not following.

Thanks!
-joe


"Kevin D. Goodknecht [MVP]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> In news:(E-Mail Removed),
> Joe Ross <(E-Mail Removed)> posted a question
> Then Kevin replied below:
> : I am an Active Directory novice struggling with some setup problems.
> : Both servers are running Win2K3 Std. All clients are running XP Pro
> : SP1.
> :
> : I have a domain up and running in one of our offices. It was our
> : first domain, so I did "new forest" when I set it up. Everything is
> : working fine. I am attempting to set up a second Win2K3 server in our
> : other office. The office is in a different location; the connection
> : between the two offices is via a Watchguard VPN connection. The two
> : offices are on differnent subnets (existing office 192.168.30.0, new
> : office on 192.168.10.0). I can communicate via IP between the two
> : offices (e.g. I can ping 192.168.30.10 from 192.168.10.0), but I
> : cannot communicate via computer names.
> :
> : The existing server is a domain controller and is running DNS. Now
> : I'm trying to set up the server in the new office as a new domain
> : controller (not a child but part of the same forest). When I first
> : tried to add the domain controller role to the new server, it
> : complained because it could not find an existing domain (I guess
> : because it was on a different subnet?). So I went ahead and changed
> : the new server's TCP/IP DNS setting to point to the existing server
> : on the other subnet. It seemed like quite a hack and nothing I would
> : want to keep permanent, but it got me past that step.
> :
> : I made it to the point in the wizard where it tells me that I need to
> : make the new server a DNS server also. It goes down that path quite
> : happily, replicating lots of objects from our existing domain
> : controller, but then it dies seemingly close to the end (in the same
> : spot everytime), by throwing the following error:
> :
> : ***********************
> : The operation failed because:
> :
> : Active Directory could not replicate the directory partition
> : CN=Schema,CN=Configuration,DC=csc,DC=fl,DC=redvisi on,DC=com from the
> : remote domain controller flcscsrv01.csc.fl.redvision.com.
> :
> : "The RPC server is unavailable."
> : ***********************
> :
> : I've done a bunch of reading and searching on Google. I've played
> : around a bit with the 'dcdiag' tool also. But it seems like I'm
> : beyond the problem of getting the new server to talk to the existing
> : one.
> :
> : Any help or suggestions to further diagnose would be greatly
> : appreciated.
> :
> : Thanks
> : -joe
>
> Is the new server using the current DC for DNS only in its NIC?
> It must.
>
> --
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ============================
> --
> When responding to posts, please "Reply to Group" via your
> newsreader so that others may learn and benefit from your issue.
> To respond directly to me remove the nospam. from my email.
> ==========================================
> http://www.lonestaramerica.com/
> ==========================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ==========================================
> Keep a back up of your OE settings and folders with
> OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ==========================================
>
>

In news:%(E-Mail Removed),
Joe Ross <(E-Mail Removed)> posted a question
Then Kevin replied below:
:: Is the new server using the current DC for DNS only in its NIC?
:: It must.
:
: I'm not certain I understand what you're saying.
:
: If you are asking if the NIC on the new server (it only has one), has
: it's TCP/IP DNS Server set to the IP of the existing DC...the answer
: is yes. I had to do that to get past the initial issues I was
: experiencing.
:

You got it that is it. You may need to flush the DNS cache with ipconfig
/flushdns.

IF that doesn't resolve the issue run nslookup (Netdig would be better you
can get it here: http://www.mvptools.com/) on the new server to see if it
can get DNS resolution from the current DC and if it is pingable and if
ports 53 UDP and TCP are open between them.

This is going to be a new domain in an existing forest or new domain
controller in an existing domain?

Also looking at the error look in the Directory service Event log for 1656
events at start up on your DC you may be missing these reg entries.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RPC\ClientPr otocols]
"ncacn_np"="rpcrt4.dll"
"ncacn_ip_tcp"="rpcrt4.dll"
"ncadg_ip_udp"="rpcrt4.dll"
"ncacn_nb_tcp"="rpcrt4.dll"
"ncacn_http"="rpcrt4.dll"

When I was getting RPC is unavailable I had these missing, I made the
entries and I no longer get the RPC is unavailable.


--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
--
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your issue.
To respond directly to me remove the nospam. from my email.
==========================================
http://www.lonestaramerica.com/
==========================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
Keep a back up of your OE settings and folders with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
==========================================

See inline...

"Kevin D. Goodknecht [MVP]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> In news:%(E-Mail Removed),
> Joe Ross <(E-Mail Removed)> posted a question
> Then Kevin replied below:
> :: Is the new server using the current DC for DNS only in its NIC?
> :: It must.
> :
> : I'm not certain I understand what you're saying.
> :
> : If you are asking if the NIC on the new server (it only has one), has
> : it's TCP/IP DNS Server set to the IP of the existing DC...the answer
> : is yes. I had to do that to get past the initial issues I was
> : experiencing.
> :
> You got it that is it. You may need to flush the DNS cache with ipconfig
> /flushdns.

I tried this and it did not help.

> IF that doesn't resolve the issue run nslookup (Netdig would be better you
> can get it here: http://www.mvptools.com/) on the new server to see if it
> can get DNS resolution from the current DC and if it is pingable and if
> ports 53 UDP and TCP are open between them.

I downloaded NetDig. What should I be checking? It comes up with the IP of
the current domain controller as the "Server" which seems to be correct. I
typed in yahoo.com and the status comes back as NOERROR with a query time of
63ms and what appears to be a valid response. If I try to lookup any
machines in the current DC's domain (including the DC itself), I get a
failure:

*************************
opcode: QUERY, status: SERVFAIL, id: 23
flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

QUESTION SECTION:
flcscsrv01. IN A

Query time: 63 ms
Server : 192.168.30.10:53 udp (192.168.30.10)
When : 2/5/2004 12:58:48 PM
Size rcvd : 28
*************************

The current DC is pingable by IP but not by name from the new DC.

> This is going to be a new domain in an existing forest or new domain
> controller in an existing domain?

I would like this to be a new domain in an existing forest.

> Also looking at the error look in the Directory service Event log for 1656
> events at start up on your DC you may be missing these reg entries.
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RPC\ClientPr otocols]
> "ncacn_np"="rpcrt4.dll"
> "ncacn_ip_tcp"="rpcrt4.dll"
> "ncadg_ip_udp"="rpcrt4.dll"
> "ncacn_nb_tcp"="rpcrt4.dll"
> "ncacn_http"="rpcrt4.dll"
>
> When I was getting RPC is unavailable I had these missing, I made the
> entries and I no longer get the RPC is unavailable.

I have no 1656 entries in the existing or (soon to be) new DC.

Thanks again!
-joe

Kevin-

Currently, the new server is not part of any domain. Should I try to join
it to the existing domain before attempting to make it into a DC?

Just a thought
-joe


"Joe Ross" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> See inline...
>
> "Kevin D. Goodknecht [MVP]" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > In news:%(E-Mail Removed),
> > Joe Ross <(E-Mail Removed)> posted a question
> > Then Kevin replied below:
> > :: Is the new server using the current DC for DNS only in its NIC?
> > :: It must.
> > :
> > : I'm not certain I understand what you're saying.
> > :
> > : If you are asking if the NIC on the new server (it only has one), has
> > : it's TCP/IP DNS Server set to the IP of the existing DC...the answer
> > : is yes. I had to do that to get past the initial issues I was
> > : experiencing.
> > :
> > You got it that is it. You may need to flush the DNS cache with ipconfig
> > /flushdns.
>
> I tried this and it did not help.
>
> > IF that doesn't resolve the issue run nslookup (Netdig would be better
you
> > can get it here: http://www.mvptools.com/) on the new server to see if
it
> > can get DNS resolution from the current DC and if it is pingable and if
> > ports 53 UDP and TCP are open between them.
>
> I downloaded NetDig. What should I be checking? It comes up with the IP
of
> the current domain controller as the "Server" which seems to be correct.
I
> typed in yahoo.com and the status comes back as NOERROR with a query time
of
> 63ms and what appears to be a valid response. If I try to lookup any
> machines in the current DC's domain (including the DC itself), I get a
> failure:
>
> *************************
> opcode: QUERY, status: SERVFAIL, id: 23
> flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
> QUESTION SECTION:
> flcscsrv01. IN A
>
> Query time: 63 ms
> Server : 192.168.30.10:53 udp (192.168.30.10)
> When : 2/5/2004 12:58:48 PM
> Size rcvd : 28
> *************************
>
> The current DC is pingable by IP but not by name from the new DC.
>
> > This is going to be a new domain in an existing forest or new domain
> > controller in an existing domain?
>
> I would like this to be a new domain in an existing forest.
>
> > Also looking at the error look in the Directory service Event log for
1656
> > events at start up on your DC you may be missing these reg entries.
> > [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RPC\ClientPr otocols]
> > "ncacn_np"="rpcrt4.dll"
> > "ncacn_ip_tcp"="rpcrt4.dll"
> > "ncadg_ip_udp"="rpcrt4.dll"
> > "ncacn_nb_tcp"="rpcrt4.dll"
> > "ncacn_http"="rpcrt4.dll"
> >
> > When I was getting RPC is unavailable I had these missing, I made the
> > entries and I no longer get the RPC is unavailable.
>
> I have no 1656 entries in the existing or (soon to be) new DC.
>
> Thanks again!
> -joe
>
>

In news:(E-Mail Removed),
Joe Ross <(E-Mail Removed)> posted a question

Then Kevin replied inline:
: See inline...
:
: "Kevin D. Goodknecht [MVP]" <(E-Mail Removed)> wrote in message
: news:(E-Mail Removed)...
:: In news:%(E-Mail Removed),
:: Joe Ross <(E-Mail Removed)> posted a question
:: Then Kevin replied below:
:::: Is the new server using the current DC for DNS only in its NIC?
:::: It must.
:::
::: I'm not certain I understand what you're saying.
:::
::: If you are asking if the NIC on the new server (it only has one),
::: has it's TCP/IP DNS Server set to the IP of the existing DC...the
::: answer is yes. I had to do that to get past the initial issues I
::: was experiencing.
:::
:: You got it that is it. You may need to flush the DNS cache with
:: ipconfig /flushdns.
:
: I tried this and it did not help.
:
:: IF that doesn't resolve the issue run nslookup (Netdig would be
:: better you can get it here: http://www.mvptools.com/) on the new
:: server to see if it can get DNS resolution from the current DC and
:: if it is pingable and if ports 53 UDP and TCP are open between them.
:
: I downloaded NetDig. What should I be checking? It comes up with
: the IP of the current domain controller as the "Server" which seems
: to be correct. I typed in yahoo.com and the status comes back as
: NOERROR with a query time of 63ms and what appears to be a valid
: response. If I try to lookup any machines in the current DC's domain
: (including the DC itself), I get a failure:
:
: *************************
: opcode: QUERY, status: SERVFAIL, id: 23
: flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
:
: QUESTION SECTION:
: flcscsrv01. IN A
:
: Query time: 63 ms
: Server : 192.168.30.10:53 udp (192.168.30.10)
: When : 2/5/2004 12:58:48 PM
: Size rcvd : 28
: *************************
:
: The current DC is pingable by IP but not by name from the new DC.


Is the current DC's IP address 192.168.10.30 or is this the address of the
new machine?
You might try temporarily adding the current DC as a forwarder and check the
box "Do not use recursion" on the new DC. The new DC may be getting slow
resolution across the link and it may be trying to find it using root
hints.(Which it should not, if it could)
Wait a minute, this is Win2k3?
Add the Current DC as a conditional Forwarder with its domain name! (On the
Forwarders tab)

:
:: Also looking at the error look in the Directory service Event log
:: for 1656 events at start up on your DC you may be missing these reg
:: entries. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RPC\ClientPr otocols]
:: "ncacn_np"="rpcrt4.dll"
:: "ncacn_ip_tcp"="rpcrt4.dll"
:: "ncadg_ip_udp"="rpcrt4.dll"
:: "ncacn_nb_tcp"="rpcrt4.dll"
:: "ncacn_http"="rpcrt4.dll"
::
:: When I was getting RPC is unavailable I had these missing, I made the
:: entries and I no longer get the RPC is unavailable.
:
: I have no 1656 entries in the existing or (soon to be) new DC.

You should check the current DC for the above registry entries and the
Event.
If the current DC does not have these you won't be able to contact the RPC
service on it.


--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
--
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your issue.
To respond directly to me remove the nospam. from my email.
==========================================
http://www.lonestaramerica.com/
==========================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
Keep a back up of your OE settings and folders with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
==========================================

"Kevin D. Goodknecht [MVP]" <(E-Mail Removed)> wrote in message
news:uy80%(E-Mail Removed)...
> In news:(E-Mail Removed),
> Joe Ross <(E-Mail Removed)> posted a question
>
> :: Also looking at the error look in the Directory service Event log
> :: for 1656 events at start up on your DC you may be missing these reg
> :: entries. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RPC\ClientPr otocols]
> :: "ncacn_np"="rpcrt4.dll"
> :: "ncacn_ip_tcp"="rpcrt4.dll"
> :: "ncadg_ip_udp"="rpcrt4.dll"
> :: "ncacn_nb_tcp"="rpcrt4.dll"
> :: "ncacn_http"="rpcrt4.dll"
> ::
> :: When I was getting RPC is unavailable I had these missing, I made the
> :: entries and I no longer get the RPC is unavailable.
> :
> : I have no 1656 entries in the existing or (soon to be) new DC.
>
> You should check the current DC for the above registry entries and the
> Event.
> If the current DC does not have these you won't be able to contact the RPC
> service on it.

Well, you apparently hit the nail on the head. The current DC was missing
one of those entries (ncacn_nb_tcp). I added it and all was good on the new
DC when doing its DNS work. I noticed the new DC is missing the same
entry...I'm guessing I should add it?

Two new questions:
1. I noticed the DNS Servers on the new DC are (in order) 127.0.0.1 and
192.168.30.10 (existing DC). This makes sense to me...is it correct?
2. I can successfully ping machines across domains by IP, but the names will
still not resolve from either side to the other. Do I need to make a DNS
entry to get this going?

Thanks for all of your help Kevin!!!
-joe

In news:%(E-Mail Removed),
Joe Ross <(E-Mail Removed)> posted a question
Then Kevin replied below:
: "Kevin D. Goodknecht [MVP]" <(E-Mail Removed)> wrote in message
: news:uy80%(E-Mail Removed)...
:: In news:(E-Mail Removed),
:: Joe Ross <(E-Mail Removed)> posted a question
::
:::: Also looking at the error look in the Directory service Event log
:::: for 1656 events at start up on your DC you may be missing these reg
:::: entries.
:::: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RPC\ClientPr otocols]
:::: "ncacn_np"="rpcrt4.dll" "ncacn_ip_tcp"="rpcrt4.dll"
:::: "ncadg_ip_udp"="rpcrt4.dll"
:::: "ncacn_nb_tcp"="rpcrt4.dll"
:::: "ncacn_http"="rpcrt4.dll"
::::
:::: When I was getting RPC is unavailable I had these missing, I made
:::: the entries and I no longer get the RPC is unavailable.
:::
::: I have no 1656 entries in the existing or (soon to be) new DC.
::
:: You should check the current DC for the above registry entries and
:: the Event.
:: If the current DC does not have these you won't be able to contact
:: the RPC service on it.
:
: Well, you apparently hit the nail on the head. The current DC was
: missing one of those entries (ncacn_nb_tcp). I added it and all was
: good on the new DC when doing its DNS work. I noticed the new DC is
: missing the same entry...I'm guessing I should add it?

Yes, indeed.

:
: Two new questions:
: 1. I noticed the DNS Servers on the new DC are (in order) 127.0.0.1
: and 192.168.30.10 (existing DC). This makes sense to me...is it
: correct?
This new DC is not in the same domain is it?
If it is not I would remove the other DC from its list of DNS servers on the
NIC unless the other has a zone for the new DC's domain. If it does don't
worry about it .
But you do need to add the other domain name to the list of Conditional
Forwarders and the IP of its DC.
Change the 127.0.0.1 to the private address of this DC.

: 2. I can successfully ping machines across domains by IP, but the
: names will still not resolve from either side to the other. Do I
: need to make a DNS entry to get this going?

Conditional Forwarders should do the trick.



--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
--
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your issue.
To respond directly to me remove the nospam. from my email.
==========================================
http://www.lonestaramerica.com/
==========================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
Keep a back up of your OE settings and folders with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
==========================================

Kevin-

Without making any changes, I noticed that I can ping by name across
domains; however, it needs to be fully qualified. Meaning if I want to ping
PC01 in domain abc.def.com, I can successfully ping PC01.abc.def.com, but I
cannot ping PC01. I don't know where to go with this one (will this
involved WINS?).

I've also noticed an inconsistency in the DNS settings on the new DC and
existing DC.

In the new DC, the only forwarder is the existing DC. The new DC's NIC has
its own IP and our gateway to the internet for that subnet as DNS servers.

For the existing DC, the forwarders are the gateway to the internet for that
subnet, a public DNS server for our ISP, and the new DC. The existing DC's
NIC has its own IP, its subnet's gateway to the internet, and the same ISP
public DNS server.

Which one is configured correctly???

Also, when using nslookup, how do you determine where the resolution
actually occurred (sort of like a trace)? I'm curious to see if requests
for external domains to our new DC are incorrectly being resolved through
our existing DC.

Thanks...getting close now!
-joe

"Kevin D. Goodknecht [MVP]" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> : Two new questions:
> : 1. I noticed the DNS Servers on the new DC are (in order) 127.0.0.1
> : and 192.168.30.10 (existing DC). This makes sense to me...is it
> : correct?
> This new DC is not in the same domain is it?
> If it is not I would remove the other DC from its list of DNS servers on
the
> NIC unless the other has a zone for the new DC's domain. If it does don't
> worry about it .
> But you do need to add the other domain name to the list of Conditional
> Forwarders and the IP of its DC.
> Change the 127.0.0.1 to the private address of this DC.
>
> : 2. I can successfully ping machines across domains by IP, but the
> : names will still not resolve from either side to the other. Do I
> : need to make a DNS entry to get this going?
>
> Conditional Forwarders should do the trick.
>
>