dcdiag errors

[Ace Fekay [MVP]]

In

Should dc2 be setup as active directory like dc1 or should it be set
up as a secondary?

Yes, I believe that is your better bet. Promoted it to a DC. You should have
at least two DCs anyway for fault tolerance. With AD, there are numerous
advantageous using a DC for DNS server, one of which is AD integrated zones.
Member servers don't have the ability for this feature because it means the
zone data is stored in the actual AD database.

Ace

 

[Ace Fekay [MVP]]

In

Finally got the other rras server working. We tried using the pix for
vpn, but there were problems with the cisco client not working with
the exchange owa. It has been a long time since we tried that, so
cisco may have fixed the client by now, so I will look into it. Thanks!

What kind of problems with OWA? I haven't heard of any, at least until now.
Do you mean when people are outside VPN'd in and then try to use OWA? If so,
how are they connecting? With the external name or the internal private name
of the OWA site?

Ace

 

[Phil Loper]

In

What kind of problems with OWA? I haven't heard of any, at least until now.
Do you mean when people are outside VPN'd in and then try to use OWA? If so,
how are they connecting? With the external name or the internal private name
of the OWA site?

Ace

Sorry, I meant to say Outlook. They would not be using OWA over the
VPN. They just never could connect to the Exchange server when using
the Cisco client. I think there were also problems connecting to SQL
databases.

 

[Phil Loper]

In

Yes, I believe that is your better bet. Promoted it to a DC. You should have
at least two DCs anyway for fault tolerance. With AD, there are numerous
advantageous using a DC for DNS server, one of which is AD integrated zones.
Member servers don't have the ability for this feature because it means the
zone data is stored in the actual AD database.

Ace

So the DNS on both domain controllers should be set to Active Directory
Integrated, right? Thant is how I have them now and just wanted to make
absolutely sure before I turn off DNS on the member server, which is set
up as secondary DNS server. Thanks again for all your help.

 

[Ace Fekay [MVP]]

In

Sorry, I meant to say Outlook. They would not be using OWA over the
VPN. They just never could connect to the Exchange server when using
the Cisco client. I think there were also problems connecting to SQL
databases.

IOutlook and SQL connectivity issues? Believe it or not, it sounds simply
enought like a name resolution problem such as a WINS issue or lack of WINS,
or split tunneling not configured. Do me a favor, when the Cisco Client is
connected, post an ipconfig /all of the client.

Ace

 

[Ace Fekay [MVP]]

In

So the DNS on both domain controllers should be set to Active
Directory Integrated, right? Thant is how I have them now and just
wanted to make absolutely sure before I turn off DNS on the member
server, which is set up as secondary DNS server. Thanks again for
all your help.

You are welcome. Any errors lateley?

 

[Phil Loper]

In

You are welcome. Any errors lateley?

Everything seems to working properly, all users are switched over to the
new RRAS server and I turned it off on the dc.

One other thing you may be able to help me with, or direct me to the
correct newsgroup, is there a way to have the vpn users use our ISA
server? I tried setting it up, but it will not allow them any internet
access. I have to uncheck the box "Use default gateway on remote
network" in the vpn connections TCP/IP settings to make the Internet
work when they are connected to the vpn.

 

[Phil Loper]

In

You are welcome. Any errors lateley?

I am still getting this on both of the dc's when I run dcdiag:

Starting test: frssysvol
Error: No record of File Replication System, SYSVOL started.
The Active Directory may be prevented from starting.
......................... DC2 passed test frssysvol

Is this something to worry about?

 

[Ace Fekay [MVP]]

In

I am still getting this on both of the dc's when I run dcdiag:

Starting test: frssysvol
Error: No record of File Replication System, SYSVOL started.
The Active Directory may be prevented from starting.
......................... DC2 passed test frssysvol

Is this something to worry about?

Yep. Is the service running? Now this thread is so long, it would take me a
little to go back into each post. What was the eventID #?

microsoft.public.isa.vpn should help you with VPN and ISA>

Ace

 

[Herb Martin]

In

Yep. Is the service running? Now this thread is so long, it would take me
a little to go back into each post. What was the eventID #?

microsoft.public.isa.vpn should help you with VPN and ISA>

Yes, as Ace says. Continue following Ace's advice but eventually
you might want to just DCPromo "Cycle" this DC.

To Non-DC, then back to DC. Sometimes that is just easier than
fighting this stuff.

BUT DON'T be hasted if it is something as simple as some Admin
having disabled the FRS service thinking it wasn't needed.

Repair install would be on my short to intermediate term list too.
(I always do a ChkDsk /R -- repair before doing those in case
there are bad disk sections causing bad DLL/Services that the
repair install can fix.)