Adding a second DC over a VPN connection

[Chris]

Hi everybody


Here is my problem:

I have a remote Win2k domain 1 DC there. I have an other office were I
would like to install
a new DC. The link between HQ and the office si a VPN over internet. The VPN
is site to site
using two PIX firewalls.

I can join the domain with the second PDC. After joining the logon is very
slow.
If I try to run the dcpromo command I am getting this error:

"Error - The Directory Service failed to create the server object for
CN=NTDS
Settings,CN=cocosDC5,CN=Servers,CN=HQ,CN=Sites,CN=Configuration,DC=cocos,DC=
com on server cocos_DC1.cocos.com. Please ensure the network credentials
provided have sufficient access to add a replica. (1908)
08/12 16:36:37 [INFO] NtdsInstall for cocos.com returned 1908"

What would be the reason for this error I am geting ?
Thank you in advance
Chris



Please see the below dcpromo.log:



8/12 16:29:35 [INFO] Promotion request for replica domain controller
08/12 16:29:35 [INFO] DnsDomainName cocos.com
08/12 16:29:35 [INFO] ReplicaPartner (NULL)
08/12 16:29:35 [INFO] SiteName (NULL)
08/12 16:29:35 [INFO] DsDatabasePath C:\WINNT\NTDS, DsLogPath
C:\WINNT\NTDS
08/12 16:29:35 [INFO] SystemVolumeRootPath C:\WINNT\SYSVOL
08/12 16:29:35 [INFO] Account cocos.com\service-exg
08/12 16:29:35 [INFO] Options 196
08/12 16:29:35 [INFO] Validate supplied paths
08/12 16:29:35 [INFO] Validating path C:\WINNT\NTDS.
08/12 16:29:35 [INFO] Path is a directory
08/12 16:29:35 [INFO] Path is on a fixed disk drive.
08/12 16:29:35 [INFO] Validating path C:\WINNT\NTDS.
08/12 16:29:35 [INFO] Path is a directory
08/12 16:29:35 [INFO] Path is on a fixed disk drive.
08/12 16:29:35 [INFO] Validating path C:\WINNT\SYSVOL.
08/12 16:29:35 [INFO] Path is on a fixed disk drive.
08/12 16:29:35 [INFO] Path is on an NTFS volume
08/12 16:29:35 [INFO] Start the worker task
08/12 16:29:35 [INFO] Request for promotion returning 0
08/12 16:29:35 [INFO] Searching for a domain controller for the domain
cocos.com that contains the account cocosDC5$

08/12 16:29:37 [INFO] Located domain controller cocos_DC1.cocos.com for
domain cocos.com

08/12 16:29:37 [INFO] Using site HQ for server \\cocos_DC1.cocos.com

08/12 16:29:37 [INFO] Forcing time sync
08/12 16:29:37 [INFO] Forcing a time synch with \\cocos_DC1.cocos.com

08/12 16:30:51 [INFO] Setting machine account to be DC
08/12 16:30:51 [INFO] Configuring the server account

08/12 16:30:51 [INFO] Searching for the machine account for cocosDC5$ on
\\cocos_DC1.cocos.com...
08/12 16:30:51 [INFO] Configuring the server account

08/12 16:32:05 [INFO] NtdsSetReplicaMachineAccount returned 0
08/12 16:32:05 [INFO] Previous location of account cocosDC5$ to
CN=cocosDC5,CN=Computers,DC=cocos,DC=com
08/12 16:32:05 [INFO] Stopping service NETLOGON

08/12 16:32:05 [INFO] Stopping service NETLOGON

08/12 16:33:05 [INFO] Configuring service NETLOGON to 1 returned 0
08/12 16:33:05 [INFO] Deleting current sysvol path C:\WINNT\SYSVOL
08/12 16:33:07 [INFO] Copying initial Directory Service database file
C:\WINNT\system32\ntds.dit to C:\WINNT\NTDS\ntds.dit

08/12 16:33:07 [INFO] Installing the Directory Service

08/12 16:33:07 [INFO] Calling NtdsInstall for cocos.com
08/12 16:33:07 [INFO] Starting the Directory Service installation
08/12 16:33:07 [INFO] Validating user supplied options
08/12 16:33:07 [INFO] Determining local site to enter
08/12 16:33:07 [INFO] Examining existing Enterprise Directory Service
08/12 16:34:21 [INFO] Configuring the local server to host the Directory
Service
08/12 16:34:26 [INFO] Creating the ntdsa object for this server on
cocos_DC1.cocos.com.
08/12 16:36:37 [INFO] Error - The Directory Service failed to create the
server object for CN=NTDS
Settings,CN=cocosDC5,CN=Servers,CN=HQ,CN=Sites,CN=Configuration,DC=cocos,DC=
com on server cocos_DC1.cocos.com. Please ensure the network credentials
provided have sufficient access to add a replica. (1908)
08/12 16:36:37 [INFO] NtdsInstall for cocos.com returned 1908
08/12 16:36:37 [INFO] DsRolepInstallDs returned 1908
08/12 16:36:37 [ERROR] Failed to install to Directory Service (1908)
08/12 16:36:43 [INFO] Starting service NETLOGON

08/12 16:36:43 [INFO] Configuring service NETLOGON to 2 returned 0
08/12 16:36:43 [INFO] Searching for the machine account for cocosDC5$ on
\\cocos_DC1.cocos.com...
08/12 16:36:43 [INFO] Configuring the server account

08/12 16:37:49 [INFO] NtdsSetReplicaMachineAccount returned 0
08/12 16:37:49 [INFO] Attempted to move account cocosDC5$ to
CN=cocosDC5,CN=Computers,DC=cocos,DC=com
08/12 16:37:50 [INFO] The attempted domain controller operation has
completed

08/12 16:37:50 [INFO] DsRolepSetOperationDone returned 0

 

[Shawn Rabourn \(MS\)]

Try adding MaxPacketSize=1 on the soon-to-be-replica DC

244474 How to Force Kerberos to Use TCP Instead of UDP
http://support.microsoft.com/?id=244474

--Shawn
This posting is provided "AS IS" with no warranties and confers no rights.

Hi everybody


Here is my problem:

I have a remote Win2k domain 1 DC there. I have an other office were I
would like to install
a new DC. The link between HQ and the office si a VPN over internet. The VPN
is site to site
using two PIX firewalls.

I can join the domain with the second PDC. After joining the logon is very
slow.
If I try to run the dcpromo command I am getting this error:

"Error - The Directory Service failed to create the server object for
CN=NTDS
Settings,CN=cocosDC5,CN=Servers,CN=HQ,CN=Sites,CN=Configuration,DC=cocos,DC=
com on server cocos_DC1.cocos.com. Please ensure the network credentials
provided have sufficient access to add a replica. (1908)
08/12 16:36:37 [INFO] NtdsInstall for cocos.com returned 1908"

What would be the reason for this error I am geting ?
Thank you in advance
Chris



Please see the below dcpromo.log:



8/12 16:29:35 [INFO] Promotion request for replica domain controller
08/12 16:29:35 [INFO] DnsDomainName cocos.com
08/12 16:29:35 [INFO] ReplicaPartner (NULL)
08/12 16:29:35 [INFO] SiteName (NULL)
08/12 16:29:35 [INFO] DsDatabasePath C:\WINNT\NTDS, DsLogPath
C:\WINNT\NTDS
08/12 16:29:35 [INFO] SystemVolumeRootPath C:\WINNT\SYSVOL
08/12 16:29:35 [INFO] Account cocos.com\service-exg
08/12 16:29:35 [INFO] Options 196
08/12 16:29:35 [INFO] Validate supplied paths
08/12 16:29:35 [INFO] Validating path C:\WINNT\NTDS.
08/12 16:29:35 [INFO] Path is a directory
08/12 16:29:35 [INFO] Path is on a fixed disk drive.
08/12 16:29:35 [INFO] Validating path C:\WINNT\NTDS.
08/12 16:29:35 [INFO] Path is a directory
08/12 16:29:35 [INFO] Path is on a fixed disk drive.
08/12 16:29:35 [INFO] Validating path C:\WINNT\SYSVOL.
08/12 16:29:35 [INFO] Path is on a fixed disk drive.
08/12 16:29:35 [INFO] Path is on an NTFS volume
08/12 16:29:35 [INFO] Start the worker task
08/12 16:29:35 [INFO] Request for promotion returning 0
08/12 16:29:35 [INFO] Searching for a domain controller for the domain
cocos.com that contains the account cocosDC5$

08/12 16:29:37 [INFO] Located domain controller cocos_DC1.cocos.com for
domain cocos.com

08/12 16:29:37 [INFO] Using site HQ for server \\cocos_DC1.cocos.com

08/12 16:29:37 [INFO] Forcing time sync
08/12 16:29:37 [INFO] Forcing a time synch with \\cocos_DC1.cocos.com

08/12 16:30:51 [INFO] Setting machine account to be DC
08/12 16:30:51 [INFO] Configuring the server account

08/12 16:30:51 [INFO] Searching for the machine account for cocosDC5$ on
\\cocos_DC1.cocos.com...
08/12 16:30:51 [INFO] Configuring the server account

08/12 16:32:05 [INFO] NtdsSetReplicaMachineAccount returned 0
08/12 16:32:05 [INFO] Previous location of account cocosDC5$ to
CN=cocosDC5,CN=Computers,DC=cocos,DC=com
08/12 16:32:05 [INFO] Stopping service NETLOGON

08/12 16:32:05 [INFO] Stopping service NETLOGON

08/12 16:33:05 [INFO] Configuring service NETLOGON to 1 returned 0
08/12 16:33:05 [INFO] Deleting current sysvol path C:\WINNT\SYSVOL
08/12 16:33:07 [INFO] Copying initial Directory Service database file
C:\WINNT\system32\ntds.dit to C:\WINNT\NTDS\ntds.dit

08/12 16:33:07 [INFO] Installing the Directory Service

08/12 16:33:07 [INFO] Calling NtdsInstall for cocos.com
08/12 16:33:07 [INFO] Starting the Directory Service installation
08/12 16:33:07 [INFO] Validating user supplied options
08/12 16:33:07 [INFO] Determining local site to enter
08/12 16:33:07 [INFO] Examining existing Enterprise Directory Service
08/12 16:34:21 [INFO] Configuring the local server to host the Directory
Service
08/12 16:34:26 [INFO] Creating the ntdsa object for this server on
cocos_DC1.cocos.com.
08/12 16:36:37 [INFO] Error - The Directory Service failed to create the
server object for CN=NTDS
Settings,CN=cocosDC5,CN=Servers,CN=HQ,CN=Sites,CN=Configuration,DC=cocos,DC=
com on server cocos_DC1.cocos.com. Please ensure the network credentials
provided have sufficient access to add a replica. (1908)
08/12 16:36:37 [INFO] NtdsInstall for cocos.com returned 1908
08/12 16:36:37 [INFO] DsRolepInstallDs returned 1908
08/12 16:36:37 [ERROR] Failed to install to Directory Service (1908)
08/12 16:36:43 [INFO] Starting service NETLOGON

08/12 16:36:43 [INFO] Configuring service NETLOGON to 2 returned 0
08/12 16:36:43 [INFO] Searching for the machine account for cocosDC5$ on
\\cocos_DC1.cocos.com...
08/12 16:36:43 [INFO] Configuring the server account

08/12 16:37:49 [INFO] NtdsSetReplicaMachineAccount returned 0
08/12 16:37:49 [INFO] Attempted to move account cocosDC5$ to
CN=cocosDC5,CN=Computers,DC=cocos,DC=com
08/12 16:37:50 [INFO] The attempted domain controller operation has
completed

08/12 16:37:50 [INFO] DsRolepSetOperationDone returned 0

 

[Chris]

Hi Shawn

That was the problem. Thank you very much. Now the login is faster and the
replication works.
Great !

Thak you again
Chris

Try adding MaxPacketSize=1 on the soon-to-be-replica DC

244474 How to Force Kerberos to Use TCP Instead of UDP
http://support.microsoft.com/?id=244474

--Shawn
This posting is provided "AS IS" with no warranties and confers no rights.

Hi everybody


Here is my problem:

I have a remote Win2k domain 1 DC there. I have an other office were I
would like to install
a new DC. The link between HQ and the office si a VPN over internet. The VPN
is site to site
using two PIX firewalls.

I can join the domain with the second PDC. After joining the logon is very
slow.
If I try to run the dcpromo command I am getting this error:

"Error - The Directory Service failed to create the server object for
CN=NTDS

Settings,CN=cocosDC5,CN=Servers,CN=HQ,CN=Sites,CN=Configuration,DC=cocos,DC=

com on server cocos_DC1.cocos.com. Please ensure the network credentials
provided have sufficient access to add a replica. (1908)
08/12 16:36:37 [INFO] NtdsInstall for cocos.com returned 1908"

What would be the reason for this error I am geting ?
Thank you in advance
Chris



Please see the below dcpromo.log:



8/12 16:29:35 [INFO] Promotion request for replica domain controller
08/12 16:29:35 [INFO] DnsDomainName cocos.com
08/12 16:29:35 [INFO] ReplicaPartner (NULL)
08/12 16:29:35 [INFO] SiteName (NULL)
08/12 16:29:35 [INFO] DsDatabasePath C:\WINNT\NTDS, DsLogPath
C:\WINNT\NTDS
08/12 16:29:35 [INFO] SystemVolumeRootPath C:\WINNT\SYSVOL
08/12 16:29:35 [INFO] Account cocos.com\service-exg
08/12 16:29:35 [INFO] Options 196
08/12 16:29:35 [INFO] Validate supplied paths
08/12 16:29:35 [INFO] Validating path C:\WINNT\NTDS.
08/12 16:29:35 [INFO] Path is a directory
08/12 16:29:35 [INFO] Path is on a fixed disk drive.
08/12 16:29:35 [INFO] Validating path C:\WINNT\NTDS.
08/12 16:29:35 [INFO] Path is a directory
08/12 16:29:35 [INFO] Path is on a fixed disk drive.
08/12 16:29:35 [INFO] Validating path C:\WINNT\SYSVOL.
08/12 16:29:35 [INFO] Path is on a fixed disk drive.
08/12 16:29:35 [INFO] Path is on an NTFS volume
08/12 16:29:35 [INFO] Start the worker task
08/12 16:29:35 [INFO] Request for promotion returning 0
08/12 16:29:35 [INFO] Searching for a domain controller for the domain
cocos.com that contains the account cocosDC5$

08/12 16:29:37 [INFO] Located domain controller cocos_DC1.cocos.com for
domain cocos.com

08/12 16:29:37 [INFO] Using site HQ for server \\cocos_DC1.cocos.com

08/12 16:29:37 [INFO] Forcing time sync
08/12 16:29:37 [INFO] Forcing a time synch with \\cocos_DC1.cocos.com

08/12 16:30:51 [INFO] Setting machine account to be DC
08/12 16:30:51 [INFO] Configuring the server account

08/12 16:30:51 [INFO] Searching for the machine account for cocosDC5$ on
\\cocos_DC1.cocos.com...
08/12 16:30:51 [INFO] Configuring the server account

08/12 16:32:05 [INFO] NtdsSetReplicaMachineAccount returned 0
08/12 16:32:05 [INFO] Previous location of account cocosDC5$ to
CN=cocosDC5,CN=Computers,DC=cocos,DC=com
08/12 16:32:05 [INFO] Stopping service NETLOGON

08/12 16:32:05 [INFO] Stopping service NETLOGON

08/12 16:33:05 [INFO] Configuring service NETLOGON to 1 returned 0
08/12 16:33:05 [INFO] Deleting current sysvol path C:\WINNT\SYSVOL
08/12 16:33:07 [INFO] Copying initial Directory Service database file
C:\WINNT\system32\ntds.dit to C:\WINNT\NTDS\ntds.dit

08/12 16:33:07 [INFO] Installing the Directory Service

08/12 16:33:07 [INFO] Calling NtdsInstall for cocos.com
08/12 16:33:07 [INFO] Starting the Directory Service installation
08/12 16:33:07 [INFO] Validating user supplied options
08/12 16:33:07 [INFO] Determining local site to enter
08/12 16:33:07 [INFO] Examining existing Enterprise Directory Service
08/12 16:34:21 [INFO] Configuring the local server to host the Directory
Service
08/12 16:34:26 [INFO] Creating the ntdsa object for this server on
cocos_DC1.cocos.com.
08/12 16:36:37 [INFO] Error - The Directory Service failed to create the
server object for CN=NTDS

Settings,CN=cocosDC5,CN=Servers,CN=HQ,CN=Sites,CN=Configuration,DC=cocos,DC=

com on server cocos_DC1.cocos.com. Please ensure the network credentials
provided have sufficient access to add a replica. (1908)
08/12 16:36:37 [INFO] NtdsInstall for cocos.com returned 1908
08/12 16:36:37 [INFO] DsRolepInstallDs returned 1908
08/12 16:36:37 [ERROR] Failed to install to Directory Service (1908)
08/12 16:36:43 [INFO] Starting service NETLOGON

08/12 16:36:43 [INFO] Configuring service NETLOGON to 2 returned 0
08/12 16:36:43 [INFO] Searching for the machine account for cocosDC5$ on
\\cocos_DC1.cocos.com...
08/12 16:36:43 [INFO] Configuring the server account

08/12 16:37:49 [INFO] NtdsSetReplicaMachineAccount returned 0
08/12 16:37:49 [INFO] Attempted to move account cocosDC5$ to
CN=cocosDC5,CN=Computers,DC=cocos,DC=com
08/12 16:37:50 [INFO] The attempted domain controller operation has
completed

08/12 16:37:50 [INFO] DsRolepSetOperationDone returned 0