| Author |
Message |
Vic
Guest
|
 Posted:
Thu Oct 27, 2005 12:51 am Post subject:
Backup Network problem/question |
|
|
We run a Windows 2000 domain. I have recently setup a backup network at
another site for disaster recovery purposes using ISDN lines to connect. The
backup server, also Windows 2000 was installed by a local hardware vendor
using a backup tape from our production server.(Veritas Backup Exec v9).
Active Directory, DNS etc has all been copies over to the backup server.
When I tested the backup network on a production machine the only way I
could get the production machine (Windows 2000 Pro) to connect to the backup
server was to unjoin the production domain, then rejoin to the backup domain
which then worked. The backup server has the same ip address, domain name -
everything is the same as the production server. The hardware vendor said
all they could think of that was causing this problem was that the production
machines were looking for the mac address from the production server.
I'm okay with this but it is very clunky to have the users unjoin/rejoin the
backup domain to test.
Can anyone think of a an easier way around this, or perhaps the hardware
vendor is missing something?
Thanks for any suggestions. |
|
| Back to top |
|
 |
Wendel Hamilton
Guest
|
| Posted:
Thu Oct 27, 2005 8:50 am Post subject:
RE: Backup Network problem/question |
|
|
Vic,
The computer accounts have been lost in the backup domain for some reason.
Once they have been established again the next time you move to the backup
domain it should be ok.
Do not disjoin the computers from either domain when moving them.
You can't have the 2 networks connected with the procedure you have used as
the servers will conflict with each other. I’m not sure what the ISDN
connections are for in this case. You will need to explain it further.
"Vic" wrote:
| Quote: | We run a Windows 2000 domain. I have recently setup a backup network at
another site for disaster recovery purposes using ISDN lines to connect. The
backup server, also Windows 2000 was installed by a local hardware vendor
using a backup tape from our production server.(Veritas Backup Exec v9).
Active Directory, DNS etc has all been copies over to the backup server.
When I tested the backup network on a production machine the only way I
could get the production machine (Windows 2000 Pro) to connect to the backup
server was to unjoin the production domain, then rejoin to the backup domain
which then worked. The backup server has the same ip address, domain name -
everything is the same as the production server. The hardware vendor said
all they could think of that was causing this problem was that the production
machines were looking for the mac address from the production server.
I'm okay with this but it is very clunky to have the users unjoin/rejoin the
backup domain to test.
Can anyone think of a an easier way around this, or perhaps the hardware
vendor is missing something?
Thanks for any suggestions. |
|
|
| Back to top |
|
|
Vic
Guest
|
| Posted:
Thu Oct 27, 2005 12:50 pm Post subject:
RE: Backup Network problem/question |
|
|
Wendel,
When I test the backup network, I shutdown the production servers and also
take down the routers, so the real network is downed. The production network
is connected via T1, we went with ISDN lines for backup because the price was
right.
Could you explain what you mean by the computer accounts being lost? When I
look in AD, the computer accounts, users, etc are all there.
"Wendel Hamilton" wrote:
| Quote: | Vic,
The computer accounts have been lost in the backup domain for some reason.
Once they have been established again the next time you move to the backup
domain it should be ok.
Do not disjoin the computers from either domain when moving them.
You can't have the 2 networks connected with the procedure you have used as
the servers will conflict with each other. I’m not sure what the ISDN
connections are for in this case. You will need to explain it further.
"Vic" wrote:
We run a Windows 2000 domain. I have recently setup a backup network at
another site for disaster recovery purposes using ISDN lines to connect. The
backup server, also Windows 2000 was installed by a local hardware vendor
using a backup tape from our production server.(Veritas Backup Exec v9).
Active Directory, DNS etc has all been copies over to the backup server.
When I tested the backup network on a production machine the only way I
could get the production machine (Windows 2000 Pro) to connect to the backup
server was to unjoin the production domain, then rejoin to the backup domain
which then worked. The backup server has the same ip address, domain name -
everything is the same as the production server. The hardware vendor said
all they could think of that was causing this problem was that the production
machines were looking for the mac address from the production server.
I'm okay with this but it is very clunky to have the users unjoin/rejoin the
backup domain to test.
Can anyone think of a an easier way around this, or perhaps the hardware
vendor is missing something?
Thanks for any suggestions. |
|
|
| Back to top |
|
|
Wendel Hamilton
Guest
|
| Posted:
Thu Oct 27, 2005 12:50 pm Post subject:
RE: Backup Network problem/question |
|
|
Vic,
Getsid returns the computer SID
http://www.sysinternals.com/Utilities/PsGetSid.html
Not sure how to get the SID from the computer account in AD.
"Vic" wrote:
| Quote: | Wendel,
Could you tell me how I can check the SID's to compare them to the
production vs backup dc? I'd like to follow up on your idea....
"Wendel Hamilton" wrote:
Vic,
Each computer has a security identifier or SID this is stored in the
computer account in active directory. It’s probably this SID that is missing
or incorrect for the computer account. Re-joining the domain creates/over
writes the computer name and SID in active directory. It does seam unusual to
loose them.
I don’t think it is a network issue. Of course when you switch to backup you
should restart all the workstations.
"Vic" wrote:
Wendel,
When I test the backup network, I shutdown the production servers and also
take down the routers, so the real network is downed. The production network
is connected via T1, we went with ISDN lines for backup because the price was
right.
Could you explain what you mean by the computer accounts being lost? When I
look in AD, the computer accounts, users, etc are all there.
"Wendel Hamilton" wrote:
Vic,
The computer accounts have been lost in the backup domain for some reason.
Once they have been established again the next time you move to the backup
domain it should be ok.
Do not disjoin the computers from either domain when moving them.
You can't have the 2 networks connected with the procedure you have used as
the servers will conflict with each other. I’m not sure what the ISDN
connections are for in this case. You will need to explain it further.
"Vic" wrote:
We run a Windows 2000 domain. I have recently setup a backup network at
another site for disaster recovery purposes using ISDN lines to connect. The
backup server, also Windows 2000 was installed by a local hardware vendor
using a backup tape from our production server.(Veritas Backup Exec v9).
Active Directory, DNS etc has all been copies over to the backup server.
When I tested the backup network on a production machine the only way I
could get the production machine (Windows 2000 Pro) to connect to the backup
server was to unjoin the production domain, then rejoin to the backup domain
which then worked. The backup server has the same ip address, domain name -
everything is the same as the production server. The hardware vendor said
all they could think of that was causing this problem was that the production
machines were looking for the mac address from the production server.
I'm okay with this but it is very clunky to have the users unjoin/rejoin the
backup domain to test.
Can anyone think of a an easier way around this, or perhaps the hardware
vendor is missing something?
Thanks for any suggestions. |
|
|
| Back to top |
|
|
Vic
Guest
|
| Posted:
Thu Oct 27, 2005 12:50 pm Post subject:
RE: Backup Network problem/question |
|
|
Wendel,
Could you tell me how I can check the SID's to compare them to the
production vs backup dc? I'd like to follow up on your idea....
"Wendel Hamilton" wrote:
| Quote: | Vic,
Each computer has a security identifier or SID this is stored in the
computer account in active directory. It’s probably this SID that is missing
or incorrect for the computer account. Re-joining the domain creates/over
writes the computer name and SID in active directory. It does seam unusual to
loose them.
I don’t think it is a network issue. Of course when you switch to backup you
should restart all the workstations.
"Vic" wrote:
Wendel,
When I test the backup network, I shutdown the production servers and also
take down the routers, so the real network is downed. The production network
is connected via T1, we went with ISDN lines for backup because the price was
right.
Could you explain what you mean by the computer accounts being lost? When I
look in AD, the computer accounts, users, etc are all there.
"Wendel Hamilton" wrote:
Vic,
The computer accounts have been lost in the backup domain for some reason.
Once they have been established again the next time you move to the backup
domain it should be ok.
Do not disjoin the computers from either domain when moving them.
You can't have the 2 networks connected with the procedure you have used as
the servers will conflict with each other. I’m not sure what the ISDN
connections are for in this case. You will need to explain it further.
"Vic" wrote:
We run a Windows 2000 domain. I have recently setup a backup network at
another site for disaster recovery purposes using ISDN lines to connect. The
backup server, also Windows 2000 was installed by a local hardware vendor
using a backup tape from our production server.(Veritas Backup Exec v9).
Active Directory, DNS etc has all been copies over to the backup server.
When I tested the backup network on a production machine the only way I
could get the production machine (Windows 2000 Pro) to connect to the backup
server was to unjoin the production domain, then rejoin to the backup domain
which then worked. The backup server has the same ip address, domain name -
everything is the same as the production server. The hardware vendor said
all they could think of that was causing this problem was that the production
machines were looking for the mac address from the production server.
I'm okay with this but it is very clunky to have the users unjoin/rejoin the
backup domain to test.
Can anyone think of a an easier way around this, or perhaps the hardware
vendor is missing something?
Thanks for any suggestions. |
|
|
| Back to top |
|
|
Wendel Hamilton
Guest
|
| Posted:
Thu Oct 27, 2005 12:50 pm Post subject:
RE: Backup Network problem/question |
|
|
Vic,
Each computer has a security identifier or SID this is stored in the
computer account in active directory. It’s probably this SID that is missing
or incorrect for the computer account. Re-joining the domain creates/over
writes the computer name and SID in active directory. It does seam unusual to
loose them.
I don’t think it is a network issue. Of course when you switch to backup you
should restart all the workstations.
"Vic" wrote:
| Quote: | Wendel,
When I test the backup network, I shutdown the production servers and also
take down the routers, so the real network is downed. The production network
is connected via T1, we went with ISDN lines for backup because the price was
right.
Could you explain what you mean by the computer accounts being lost? When I
look in AD, the computer accounts, users, etc are all there.
"Wendel Hamilton" wrote:
Vic,
The computer accounts have been lost in the backup domain for some reason.
Once they have been established again the next time you move to the backup
domain it should be ok.
Do not disjoin the computers from either domain when moving them.
You can't have the 2 networks connected with the procedure you have used as
the servers will conflict with each other. I’m not sure what the ISDN
connections are for in this case. You will need to explain it further.
"Vic" wrote:
We run a Windows 2000 domain. I have recently setup a backup network at
another site for disaster recovery purposes using ISDN lines to connect. The
backup server, also Windows 2000 was installed by a local hardware vendor
using a backup tape from our production server.(Veritas Backup Exec v9).
Active Directory, DNS etc has all been copies over to the backup server.
When I tested the backup network on a production machine the only way I
could get the production machine (Windows 2000 Pro) to connect to the backup
server was to unjoin the production domain, then rejoin to the backup domain
which then worked. The backup server has the same ip address, domain name -
everything is the same as the production server. The hardware vendor said
all they could think of that was causing this problem was that the production
machines were looking for the mac address from the production server.
I'm okay with this but it is very clunky to have the users unjoin/rejoin the
backup domain to test.
Can anyone think of a an easier way around this, or perhaps the hardware
vendor is missing something?
Thanks for any suggestions. |
|
|
| Back to top |
|
|
Phillip Windell
Guest
|
| Posted:
Thu Oct 27, 2005 8:50 pm Post subject:
Re: Backup Network problem/question |
|
|
I wouldn't consider this (a backup network) a proper approach anyway, but if
you want a "backup Network" you have to consider how Active Directory works.
It is a dymanic, constantly changing thing.
The way would be to install the server OS on the machine while still at the
local location. DCPromo it to a domain controller "in and existing domain"
which would be the Domain you already have. Configure two Active Directory
"Sites" within active directory with the second "Sites" representing the
"Backup Network" and the first Site being your Main location. Make the new
DC be part of that 2nd Site and the original DC be part of the 1st
Site,...let it sit for a couple hours to be sure everything is fully
replicated then physically move the new DC to the remote location. Make
sure your LAN's topology and routing scheme function properly so the traffic
between the locations flows properly and the DCs at each end will replicate
to each other of the WAN link via how the Sites in AD are configured. It
would be a "live" and constantly changing "backup", by the nature of AD you
can't really have a "static" backup network. The only "static" type of
backup would be Tape Backups where "system state" was included in the
backup, and you don't need a WAN to do that.
What this ends up being though is not really any different than just having
redundant DC's in a normal LAN which you should already be running anyway,
except that they aren't in the same physical location where the building
burning down won't effect both of them..
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
-----------------------------------------------------
"Vic" <Vic@discussions.microsoft.com> wrote in message
news:3DFA2AFB-916E-435C-AE04-0E6CE878E7A8@microsoft.com...
| Quote: | Wendel,
Could you tell me how I can check the SID's to compare them to the
production vs backup dc? I'd like to follow up on your idea.... |
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in