Network Times out - DNS confused? HELP??!!

[gmk]

Hi everyone,

the network is like this:

3 servers (Windows 2000 Advanced Server) using AD, DNS and 50 workstations
all on domain DOMAIN in subnet 192.168.10.0

1 server Windows 2000 AS in workgroup WORKGROUP running Domino server in
subnet 192.168.11.0

Cisco router in the middle configured to keep the Domino server in a DMZ
(all correctly configured by Cisco) with 2 NICs.

Problem is the machines are having very long delays browsing the Domino
server and since we have gone through all the Cisco and Domino tests we are
going back to the network basics! Almost certain we are looking at a DNS
misconfig!

Also can anyone point me to any monitoring software that can give me an
indication of what is causing the delay?

Any ideas??

B.

 

[Ace Fekay [MVP]]

In

Hi everyone,

the network is like this:

3 servers (Windows 2000 Advanced Server) using AD, DNS and 50
workstations all on domain DOMAIN in subnet 192.168.10.0

1 server Windows 2000 AS in workgroup WORKGROUP running Domino server
in subnet 192.168.11.0

Cisco router in the middle configured to keep the Domino server in a
DMZ (all correctly configured by Cisco) with 2 NICs.

Problem is the machines are having very long delays browsing the
Domino server and since we have gone through all the Cisco and Domino
tests we are going back to the network basics! Almost certain we are
looking at a DNS misconfig!

Also can anyone point me to any monitoring software that can give me
an indication of what is causing the delay?

Any ideas??

B.

Not sure what Domino relies on, DNS or NetBIOS? So it depends.

If DNS, your internal machines that need access to the DOmino server in the
DMZ would need to use either the same DNS server (no ISPs or any other
server, such as what AD relies on) or an internal DNS server that has the
same exact zones on it that the Domino server uses.

If it's a NetBIOS function, then you would need WINS to go across the
subnets.

If there is a NAT, then you would need to VPN in from the DMZ to the private
network, since NAT cannot support RPC communication or NTLM authentication
thru it. (For AD, it does not support Kerberos, LDAP or RPC). Therefore a
VPN would be required in that scenario.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[GMK]

thanks Ace

just requiring some clarification on a couple of the points...

If it's a NetBIOS function, then you would need WINS to go across the
subnets.

-->can you point me to some documentaiton re this?



If there is a NAT, then you would need to VPN in from the DMZ to the private
network, since NAT cannot support RPC communication or NTLM authentication
thru it. (For AD, it does not support Kerberos, LDAP or RPC). Therefore a
VPN would be required in that scenario.

-> Any ideas on the VPN type/setup?? Software based?


--
* _ * _ * _ * _ * _

GMK

"...if you are not part of the solution, you are part of the problem..."