Windows Server

Noah · Guest

Hello,

I am having an issue where I get a message of the RPC server unavailable. I
am trying to add a new w2k3 server to the domain to make it a backup DC. THis
DC is on a seperate segment from the other DC and connects through a vpn
tunnel. I have talked to my Firewall/vpn guys and there is nothing blocking
tcp traffic, basically its and all-all rule..

so I two dc's in the 192.168.0.0 network and the new server in the
192.168.2.0 network.. I can ping the dc, run Nslookup against it, connect to
files on it and so on. can also do the same (except nslookup) from the
192.168.0.0 to the other server..

I run netdiag on the DC's and everything passes. Run Netdiag against the
other server and since its not on the domain most of the tests are skipped
but all others pass.. only error I get is:

DC list test . . . . . . . . . . . : Failed
[WARNING] Cannot call DsBind to <servername> (192.168.0.202). [RPC_S_SE
RVER_UNAVAILABLE]

I should point out that this warning is for the 2nd DC in the first network
segement.

I have run through several KB articles and everything so far checks out...
Not sure where to go from here.. any help would be much appreciated..

Thank you,
Noah

Paul Williams [MVP] · Guest

Where is the remote box pointing for DNS? And does it currently have a DNS
Suffix setup?

Can you get a positive result with either of the two following commands:

nltest /dsgetdc:domain-name.com
nslookup -type=srv _ldap._tcp.dc._msdcs.domain-name.com

If you have both the internal DNS server and a public one defined, get rid
of the public one. Do you have any errors in your event log regarding
NETLOGON, Userenv, Scecli, etc.?

--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net

Noah · Guest

--------------------------------------------------------------------------------------------
-"Paul Williams [MVP]" wrote:

SPollack · Guest

Check the max. packet size you that you can ping from each side before
it is fragmented (might want to look at KB314825). Also, if your 2K3
server has SP1 on it, try installing hotfix 898060.

http://support.microsoft.com/kb/314825
http://support.microsoft.com/kb/898060

--
SPollack
------------------------------------------------------------------------
SPollack's Profile: http://forums.techarena.in/member.php?userid=5880
View this thread: http://forums.techarena.in/showthread.php?t=400577
India Forum - http://forums.techarena.in

Noah · Guest

Thanks for the Info it has really helped troubleshooting this...

I appliead the hotfix, but hasn't helped. I have looked through the article
about the MTU black hole.. That may be my problem, but have not changed
anything in the registry yet..

I did find some more info using the support tools. If I run a portqry from
my 192.168.2.0 network to anything on the 192.168.0.0 network I get this...

TCP port 135 (epmap service): FILTERED

If I do it from 192.168.0.0 to 192.168.2.0 I get:

TCP port 135 (epmap service): LISTENING
Querying Endpoint Mapper Database...
Server's response: <data>

Which leads me to believe that my firewall guys didn't look very hard at the
problem? So I am bugging them to take another look before I go down the road
of editing my registry...

What do you all think?

Thanks,
Noah

"SPollack" wrote:

Gilbert · Guest

try running this:

nltest /sc_reset:example.com (where example.com is your domain name)

I had the same problem and that fixed it for me.

You can also try REPADMIN /BIND
then REPADMIN /SYNCALL

"Noah" wrote:

Noah · Guest

THanks!!

I tried the nltest portion and got this error:

I_NetLogonControl failed: Status = 1717 0x6b5 RPC_S_UNKNOWN_IF

Notice the RPC part.. UHG..

Tried the Bind alos and recieved errors about credentials.. I am assuming
that is because I am not logged onto the domain..

Thanks,
Noah

"Gilbert" wrote:

	Windows Server Forum Index -> Active Directory	All times are GMT
Page 1 of 1