Jump to content


Finamore

Established Members
  • Posts

    7
  • Joined

  • Last visited

Everything posted by Finamore

  1. Hi All, We have a two-way trust between two domains, and everything works as expected. One thing I'm trying to do is to use the command AD-GetGroupMember to see who are the members on groups on the other domain. The command runs fine but it only list the users from remote domain that are on the group: the users from the local domain, who are in the group, are not listed. Doing some research I found the following information: This cmdlet does not work when a group has members located in a different forest, and the forest does not have Active Directory Web Service running. So I went to check the ADWS status. It looks fine, when I test locally it works as expected: SERVICE_NAME: adws TYPE : 10 WIN32_OWN_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 But when I try to access the ADWS on the other domain, I get the following error: [sC] EnumQueryServicesStatus:OpenService FAILED 5: Access is denied. This test I ran on the primary domain controller, where the trust was made. Anyone had any issue like this? Any tips for this desperate sysadmin? Thanks!
  2. Hi Folks, I’m working on this problem for the last 2 months, and so far I couldn’t found a good solution for it. Our infrastructure is composed of two sites: Our Office and a Datacenter service we hired. These two sites talk to each other through an IPSEC VPN. On our site we use subnet and IP addresses we defined, but in the Datacenter the IPs and subnets are provided by the vendor. Here is where the problem lies: Our server can see everything just fine on the DC side, but the server on the DC cannot see the server on office side. The way they work is that you need to make one NAT translation for each server, and use this IP provided on the NAT to access. Using the IP to access is working fine, but the problem is when we try to access using the hostname. For most services, where you need to manually configure the server you are accessing, things are working fine, but the problem lies when the Domain Controllers try to replicate data: They always try to access using the hostname, and even if I change the IP manually on the DNS, it will not work, since the Active Directory itself will correct the addresses on its health check. So far we tried change the DNS and add the addresses on the hosts file. Anyone have any other idea we can try out. Below is the schematic of the problem: Office Domain Controllers: 10.212.4.1 VNY1PDCT01 10.212.4.2 VNY1PDCT02 Datacenter Domain Controllers: 10.32.226.2 VDT2PDCT01 10.32.226.3 VDT2PDCT02 The NAT translations: 10.212.4.1 -> 10.1.250.140 10.212.4.2 -> 10.1.250.141 10.212.4.1 can ping 10.32.226.2 10.212.4.1 can resolve the name VDT2PDCT01 10.32.226.2 cannot ping 10.212.4.1 10.32.226.2 can ping 10.1.250.140 10.32.226.2 cannot resolve the name VNY1PDCT01 On the Active Directory, all modification made on Datacenter can be read at the Office, but if the modification is made in the Office, the Datacenter will not read the information. Anyone ever had a problem as this? Running a dcdiag give me the following error: Directory Server Diagnosis Performing initial setup: Trying to find home server... Home Server = VDT2PDCT01 * Identified AD Forest. Done gathering initial info. Doing initial required tests Testing server: DT2\VDT2PDCT01 Starting test: Connectivity......................... VDT2PDCT01 passed test Connectivity Doing primary tests Testing server: DT2\VDT2PDCT01 Starting test: Advertising......................... VDT2PDCT01 passed test Advertising Starting test: FrsEvent......................... VDT2PDCT01 passed test FrsEvent Starting test: DFSREvent......................... VDT2PDCT01 passed test DFSREvent Starting test: SysVolCheck......................... VDT2PDCT01 passed test SysVolCheck Starting test: KccEvent......................... VDT2PDCT01 passed test KccEvent Starting test: KnowsOfRoleHolders......................... VDT2PDCT01 passed test KnowsOfRoleHolders Starting test: MachineAccount......................... VDT2PDCT01 passed test MachineAccount Starting test: NCSecDesc......................... VDT2PDCT01 passed test NCSecDesc Starting test: NetLogons......................... VDT2PDCT01 passed test NetLogons Starting test: ObjectsReplicated......................... VDT2PDCT01 passed test ObjectsReplicated Starting test: Replications [Replications Check,VDT2PDCT01] A recent replication attempt failed: From VNY1PDCT01 to VDT2PDCT01 Naming Context: DC=ForestDnsZones,DC=VINCI-US,DC=NET The replication generated an error (1256): The remote system is not available. For information about network troubleshooting, see Windows Help. The failure occurred at 2011-11-10 08:58:07. The last success occurred at 2011-10-18 19:54:27. 542 failures have occurred since the last success. [Replications Check,VDT2PDCT01] A recent replication attempt failed: From VNY1PDCT01 to VDT2PDCT01 Naming Context: DC=DomainDnsZones,DC=VINCI-US,DC=NET The replication generated an error (1256): The remote system is not available. For information about network troubleshooting, see Windows Help. The failure occurred at 2011-11-10 08:58:07. The last success occurred at 2011-10-18 19:54:27. 542 failures have occurred since the last success. [Replications Check,VDT2PDCT01] A recent replication attempt failed: From VNY1PDCT01 to VDT2PDCT01 Naming Context: CN=Schema,CN=Configuration,DC=VINCI-US,DC=NET The replication generated an error (1722): The RPC server is unavailable. The failure occurred at 2011-11-10 08:58:50. The last success occurred at 2011-10-18 19:54:26. 542 failures have occurred since the last success.
  3. Hello All! First of all I want to thank everyone on this forum: you guys helped me a lot on implementing and understanding the SCCM. Kudos for you. I've deployed a production environment consisting of one primary site on our datacenter and 3 secondary sites, one in each company office. Everything is running fine but I did some mistakes on the installation (pointing installation e packages to wrong folders, local MSSQL DB) and I want to organize this mess. The question is: It's better to remove the primary site and remake the machine with the same name or I should use a different name? Or it's better to create another primary site, point everyone to it and after that shut down the old one? What you guys suggests? Cheers, Augusto Finamore
  4. Hi Eswar, Sorry, but I don't get your answer. Should I install the R2 or R3 before importing the new computer? Cheers,
  5. Hello Guys, I have a little problem here. Everytime I import a new computer into SCCM to deploy the OS, I need to delete and re-create the Deploy OS task. Is that normal? I'm using SCCM 2007 SP2
  6. Hi Guys, thanks for the answers but i figured that out: I was looking on the wrong place, I deleted the client on the "Membership Rules" tab on the Collection Properties. Just explaining how I'm using this: I created this (Blank for Staging) collection to advertise the OS installation, so it won't take any changes on accidentally deploying the OS on any other machine. This collection if filled manually when importing the computer using Computer Association. Thanks for the help!
  7. Hi Everyone, I managed to make everything work fine in the SCCM 2007, but I have a question about the OSD: When I import the machine information to deploy a new OS, I'll place this machine on a collection called "Blank for Staging". So far so good. The point is after I deploy the new OS, the machine is running and everything, the computer is on the right Collections (All Windws 7 Systems, RJ - Workstations) but it is still on the "Blank for Staging" Collection. How do I remove from there? I tried the delete option but it deleted the computer from the SCCM. Augusto Finamore
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.