remote server can't join domain

I have a small lan. I have two AD servers with integrated DNS (windows 2003
sp1). I have a new remote site (dedicated server at data center). I have a
site to site vpn between my lan site-A and my remote site site-B. site-B is
a single server with a virtual server running on it behind a Netscreen
firewall/VPN. The virtual server (windows 2003 standard sp1) has Site-A DNS
servers set as its DNS. Virtual server at site-B is resolving both internal
and external URLs and servers, correctly.

When I attempt to have Virtual Server in Site-B join the domain from Site-A,
Immediately, I recieve a message "a domain controller for the domain
"mydomain" could not be contacted. Ensure that the domain name is typed
correctly. if the name is correct, click details for troubleshooting
informaiton."

Details show that the SRV record for _ldap._tcp.dc._msdcs.mydomain

correctly corresponds to dcserver1.mydomain and dcserver2.mydomain

ns lookup for dcserver1.mydomain and dcserver2.mydomain give the correct ip
address for the domain controllers.


I am currently trying to trouble shoot both with the data centers firewall /
vpn support group and checkpoint's support which is our firewall / vpn.
Although checkpoint has been working to resolve the issue for more than a
week, there has been no proposal for resolution. The Datacenter support
states that issue is on the Site-A side not Site-B

Note, using server name or ip-address, I can use remote desktop from Site-B
to manage servers or desktops on Site-A, from Site-A I can use remote desktop
to manage servers on Site-B. But I can not ping Site-A from Site-B or Site-B
from Site-A.

The Site to Site VPN is up and traffic is moving though the VPN tunnel, but
obviously not all traffic or I would be able to join the domain and Ping
would not time out.

What tools would you recommend to troubleshoot and resolve this issue.
Checkpoint appears to be lost as to the problem.
--
Fredrick A. Zilz
Director IT
InterHealth N.I.

Do you have WINS server? It works better to use the WINS server for WAN.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"Fred Zilz" <(E-Mail Removed)> wrote in message news:8F0156D0-5322-47D5-8A2C-(E-Mail Removed)...
I have a small lan. I have two AD servers with integrated DNS (windows 2003
sp1). I have a new remote site (dedicated server at data center). I have a
site to site vpn between my lan site-A and my remote site site-B. site-B is
a single server with a virtual server running on it behind a Netscreen
firewall/VPN. The virtual server (windows 2003 standard sp1) has Site-A DNS
servers set as its DNS. Virtual server at site-B is resolving both internal
and external URLs and servers, correctly.

When I attempt to have Virtual Server in Site-B join the domain from Site-A,
Immediately, I recieve a message "a domain controller for the domain
"mydomain" could not be contacted. Ensure that the domain name is typed
correctly. if the name is correct, click details for troubleshooting
informaiton."

Details show that the SRV record for _ldap._tcp.dc._msdcs.mydomain

correctly corresponds to dcserver1.mydomain and dcserver2.mydomain

ns lookup for dcserver1.mydomain and dcserver2.mydomain give the correct ip
address for the domain controllers.


I am currently trying to trouble shoot both with the data centers firewall /
vpn support group and checkpoint's support which is our firewall / vpn.
Although checkpoint has been working to resolve the issue for more than a
week, there has been no proposal for resolution. The Datacenter support
states that issue is on the Site-A side not Site-B

Note, using server name or ip-address, I can use remote desktop from Site-B
to manage servers or desktops on Site-A, from Site-A I can use remote desktop
to manage servers on Site-B. But I can not ping Site-A from Site-B or Site-B
from Site-A.

The Site to Site VPN is up and traffic is moving though the VPN tunnel, but
obviously not all traffic or I would be able to join the domain and Ping
would not time out.

What tools would you recommend to troubleshoot and resolve this issue.
Checkpoint appears to be lost as to the problem.
--
Fredrick A. Zilz
Director IT
InterHealth N.I.

No, I have not used wins, I will enable wins and see if this helps. Thanks.
I'll post back with results.
--
Fredrick A. Zilz
Director IT
InterHealth N.I.


"Robert L [MVP - Networking]" wrote:

> Do you have WINS server? It works better to use the WINS server for WAN.
>
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
> How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
> "Fred Zilz" <(E-Mail Removed)> wrote in message news:8F0156D0-5322-47D5-8A2C-(E-Mail Removed)...
> I have a small lan. I have two AD servers with integrated DNS (windows 2003
> sp1). I have a new remote site (dedicated server at data center). I have a
> site to site vpn between my lan site-A and my remote site site-B. site-B is
> a single server with a virtual server running on it behind a Netscreen
> firewall/VPN. The virtual server (windows 2003 standard sp1) has Site-A DNS
> servers set as its DNS. Virtual server at site-B is resolving both internal
> and external URLs and servers, correctly.
>
> When I attempt to have Virtual Server in Site-B join the domain from Site-A,
> Immediately, I recieve a message "a domain controller for the domain
> "mydomain" could not be contacted. Ensure that the domain name is typed
> correctly. if the name is correct, click details for troubleshooting
> informaiton."
>
> Details show that the SRV record for _ldap._tcp.dc._msdcs.mydomain
>
> correctly corresponds to dcserver1.mydomain and dcserver2.mydomain
>
> ns lookup for dcserver1.mydomain and dcserver2.mydomain give the correct ip
> address for the domain controllers.
>
>
> I am currently trying to trouble shoot both with the data centers firewall /
> vpn support group and checkpoint's support which is our firewall / vpn.
> Although checkpoint has been working to resolve the issue for more than a
> week, there has been no proposal for resolution. The Datacenter support
> states that issue is on the Site-A side not Site-B
>
> Note, using server name or ip-address, I can use remote desktop from Site-B
> to manage servers or desktops on Site-A, from Site-A I can use remote desktop
> to manage servers on Site-B. But I can not ping Site-A from Site-B or Site-B
> from Site-A.
>
> The Site to Site VPN is up and traffic is moving though the VPN tunnel, but
> obviously not all traffic or I would be able to join the domain and Ping
> would not time out.
>
> What tools would you recommend to troubleshoot and resolve this issue.
> Checkpoint appears to be lost as to the problem.
> --
> Fredrick A. Zilz
> Director IT
> InterHealth N.I

Definately moving in the right direction. With wins enabled and the AD
server record in the wins directory checked using nbtstat from the remote
server. When I attempt to join the domain, I get the request for
authentication - Before Wins this would not happen. So this is a step
forward, but... Now after entering the credentials (domain admin from Site-A)
the dialog box (computer name change dialog) just sits there, then goes to
not responding. No errors show up in event viewer application or system.

Any ideas?

Fredrick A. Zilz
Director IT
InterHealth N.I.


"Robert L [MVP - Networking]" wrote:

> Do you have WINS server? It works better to use the WINS server for WAN.
>
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
> How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
> "Fred Zilz" <(E-Mail Removed)> wrote in message news:8F0156D0-5322-47D5-8A2C-(E-Mail Removed)...
> I have a small lan. I have two AD servers with integrated DNS (windows 2003
> sp1). I have a new remote site (dedicated server at data center). I have a
> site to site vpn between my lan site-A and my remote site site-B. site-B is
> a single server with a virtual server running on it behind a Netscreen
> firewall/VPN. The virtual server (windows 2003 standard sp1) has Site-A DNS
> servers set as its DNS. Virtual server at site-B is resolving both internal
> and external URLs and servers, correctly.
>
> When I attempt to have Virtual Server in Site-B join the domain from Site-A,
> Immediately, I recieve a message "a domain controller for the domain
> "mydomain" could not be contacted. Ensure that the domain name is typed
> correctly. if the name is correct, click details for troubleshooting
> informaiton."
>
> Details show that the SRV record for _ldap._tcp.dc._msdcs.mydomain
>
> correctly corresponds to dcserver1.mydomain and dcserver2.mydomain
>
> ns lookup for dcserver1.mydomain and dcserver2.mydomain give the correct ip
> address for the domain controllers.
>
>
> I am currently trying to trouble shoot both with the data centers firewall /
> vpn support group and checkpoint's support which is our firewall / vpn.
> Although checkpoint has been working to resolve the issue for more than a
> week, there has been no proposal for resolution. The Datacenter support
> states that issue is on the Site-A side not Site-B
>
> Note, using server name or ip-address, I can use remote desktop from Site-B
> to manage servers or desktops on Site-A, from Site-A I can use remote desktop
> to manage servers on Site-B. But I can not ping Site-A from Site-B or Site-B
> from Site-A.
>
> The Site to Site VPN is up and traffic is moving though the VPN tunnel, but
> obviously not all traffic or I would be able to join the domain and Ping
> would not time out.
>
> What tools would you recommend to troubleshoot and resolve this issue.
> Checkpoint appears to be lost as to the problem.
> --
> Fredrick A. Zilz
> Director IT
> InterHealth N.I

Note, whent the Computer Name Changes dialog finally times out (goes from not
responding) and error pops that says the "remote procedure call failed".
--
Fredrick A. Zilz
Director IT
InterHealth N.I.


"Fred Zilz" wrote:

> Definately moving in the right direction. With wins enabled and the AD
> server record in the wins directory checked using nbtstat from the remote
> server. When I attempt to join the domain, I get the request for
> authentication - Before Wins this would not happen. So this is a step
> forward, but... Now after entering the credentials (domain admin from Site-A)
> the dialog box (computer name change dialog) just sits there, then goes to
> not responding. No errors show up in event viewer application or system.
>
> Any ideas?
>
> Fredrick A. Zilz
> Director IT
> InterHealth N.I.
>
>
> "Robert L [MVP - Networking]" wrote:
>
> > Do you have WINS server? It works better to use the WINS server for WAN.
> >
> > Bob Lin, MS-MVP, MCSE & CNE
> > Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
> > How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
> > "Fred Zilz" <(E-Mail Removed)> wrote in message news:8F0156D0-5322-47D5-8A2C-(E-Mail Removed)...
> > I have a small lan. I have two AD servers with integrated DNS (windows 2003
> > sp1). I have a new remote site (dedicated server at data center). I have a
> > site to site vpn between my lan site-A and my remote site site-B. site-B is
> > a single server with a virtual server running on it behind a Netscreen
> > firewall/VPN. The virtual server (windows 2003 standard sp1) has Site-A DNS
> > servers set as its DNS. Virtual server at site-B is resolving both internal
> > and external URLs and servers, correctly.
> >
> > When I attempt to have Virtual Server in Site-B join the domain from Site-A,
> > Immediately, I recieve a message "a domain controller for the domain
> > "mydomain" could not be contacted. Ensure that the domain name is typed
> > correctly. if the name is correct, click details for troubleshooting
> > informaiton."
> >
> > Details show that the SRV record for _ldap._tcp.dc._msdcs.mydomain
> >
> > correctly corresponds to dcserver1.mydomain and dcserver2.mydomain
> >
> > ns lookup for dcserver1.mydomain and dcserver2.mydomain give the correct ip
> > address for the domain controllers.
> >
> >
> > I am currently trying to trouble shoot both with the data centers firewall /
> > vpn support group and checkpoint's support which is our firewall / vpn.
> > Although checkpoint has been working to resolve the issue for more than a
> > week, there has been no proposal for resolution. The Datacenter support
> > states that issue is on the Site-A side not Site-B
> >
> > Note, using server name or ip-address, I can use remote desktop from Site-B
> > to manage servers or desktops on Site-A, from Site-A I can use remote desktop
> > to manage servers on Site-B. But I can not ping Site-A from Site-B or Site-B
> > from Site-A.
> >
> > The Site to Site VPN is up and traffic is moving though the VPN tunnel, but
> > obviously not all traffic or I would be able to join the domain and Ping
> > would not time out.
> >
> > What tools would you recommend to troubleshoot and resolve this issue.
> > Checkpoint appears to be lost as to the problem.
> > --
> > Fredrick A. Zilz
> > Director IT
> > InterHealth N.I

Any errors in both remote and DC Event Viewer?

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"Fred Zilz" <(E-Mail Removed)> wrote in message news:20709908-B0FC-40DE-89E8-(E-Mail Removed)...
Note, whent the Computer Name Changes dialog finally times out (goes from not
responding) and error pops that says the "remote procedure call failed".
--
Fredrick A. Zilz
Director IT
InterHealth N.I.


"Fred Zilz" wrote:

> Definately moving in the right direction. With wins enabled and the AD
> server record in the wins directory checked using nbtstat from the remote
> server. When I attempt to join the domain, I get the request for
> authentication - Before Wins this would not happen. So this is a step
> forward, but... Now after entering the credentials (domain admin from Site-A)
> the dialog box (computer name change dialog) just sits there, then goes to
> not responding. No errors show up in event viewer application or system.
>
> Any ideas?
>
> Fredrick A. Zilz
> Director IT
> InterHealth N.I.
>
>
> "Robert L [MVP - Networking]" wrote:
>
> > Do you have WINS server? It works better to use the WINS server for WAN.
> >
> > Bob Lin, MS-MVP, MCSE & CNE
> > Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
> > How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
> > "Fred Zilz" <(E-Mail Removed)> wrote in message news:8F0156D0-5322-47D5-8A2C-(E-Mail Removed)...
> > I have a small lan. I have two AD servers with integrated DNS (windows 2003
> > sp1). I have a new remote site (dedicated server at data center). I have a
> > site to site vpn between my lan site-A and my remote site site-B. site-B is
> > a single server with a virtual server running on it behind a Netscreen
> > firewall/VPN. The virtual server (windows 2003 standard sp1) has Site-A DNS
> > servers set as its DNS. Virtual server at site-B is resolving both internal
> > and external URLs and servers, correctly.
> >
> > When I attempt to have Virtual Server in Site-B join the domain from Site-A,
> > Immediately, I recieve a message "a domain controller for the domain
> > "mydomain" could not be contacted. Ensure that the domain name is typed
> > correctly. if the name is correct, click details for troubleshooting
> > informaiton."
> >
> > Details show that the SRV record for _ldap._tcp.dc._msdcs.mydomain
> >
> > correctly corresponds to dcserver1.mydomain and dcserver2.mydomain
> >
> > ns lookup for dcserver1.mydomain and dcserver2.mydomain give the correct ip
> > address for the domain controllers.
> >
> >
> > I am currently trying to trouble shoot both with the data centers firewall /
> > vpn support group and checkpoint's support which is our firewall / vpn.
> > Although checkpoint has been working to resolve the issue for more than a
> > week, there has been no proposal for resolution. The Datacenter support
> > states that issue is on the Site-A side not Site-B
> >
> > Note, using server name or ip-address, I can use remote desktop from Site-B
> > to manage servers or desktops on Site-A, from Site-A I can use remote desktop
> > to manage servers on Site-B. But I can not ping Site-A from Site-B or Site-B
> > from Site-A.
> >
> > The Site to Site VPN is up and traffic is moving though the VPN tunnel, but
> > obviously not all traffic or I would be able to join the domain and Ping
> > would not time out.
> >
> > What tools would you recommend to troubleshoot and resolve this issue.
> > Checkpoint appears to be lost as to the problem.
> > --
> > Fredrick A. Zilz
> > Director IT
> > InterHealth N.I