Background:
We have a single-forest single-domain AD for our little company. We have two geographically separated sites with different subnets. Both sites have been added as sites with appropriate subnets in the Active Directory Sites and Services. The additional domain controllers in the Site1 are working just fine and get replicated automatically with the auto-generated replication topology. All domain controllers are Windows Server 2012. DNS is active directory integrated.
Illustration:
Constraints:
There is no MPLS. There is no option for hardware-based VPN like CISCO ASA etc.
What I have tried so far:
- Mapped a public static IP to DC1 using my ISP's CPE router (I don't know how that works, but there is a console where I can map a public IP to an internal private IP)
- There is no public static IP at Site2. However, as they connect using dial-up, they get a dynamic public IP (which keeps changing every time they connect to Internet)
- On both DC1 and DC2 I enabled RRAS. Created Demand-Dial adapters.
- On DC2 Demand-Dial adapter I provided the public IP of DC1, and set the static route to 192.168.2.0
- On DC1 Demand-Dial adapter I omitted the IP of DC2 (as I do not have a static IP), and set the static route to 192.168.1.0
After this, the connection was made successfully and I could ping both the servers from both ends. I made the Demand-Dial adapters as "persistent" and ping is still working fine.
Problem(s):
- I cannot ping other machines in Site2 from Site1 and vice-versa. I was thinking that it was a site-to-site VPN and hence all machines could reach others in the other site. Am I wrong? Anyway, that isn't my requirement as of now. As long as both the servers DC1 and DC2 are able to see each other, its fine for me.
- Multiple entries start appearing in both DNS servers for each server. One, the actual internal IP i.e. 192.168.1.x and 192.168.2.x. Second, the VPN allocated IP. Third, the public dynamic IP allocated to DC2 (which keeps on changing everytime and hence entries add up)! This means whenever I ping servers using names, it resolves to a different IP on each connection. I don't really know if this is a problem?
- The AD topology however somehow picks up the servers but keeps changing the links. One moment DC2's NTDS settings show DC1, after sometime it changes to ADC3 (another DC in Site1) and whenever I right-click and "replicate now", it says something like "…cannot replicate because it is being moved..".
- Most of the times, replication works just fine, But only one-way. From Site1-DC1 to Site2-DC2. Never from Site2-DC2 to Site1-DC1. It says, "RPC server not available".
I have been tearing my hair apart but just cannot understand what's happening. Firstly, is this the right-approach that I am taking for my scenario? If yes, what am I doing wrong?
Best Answer
To solve #2 remote the internal DNS IP addresses from the networks for the modem, VPN, and DHCP pool. If those network connections don't get IPs then they won't register themselves in DNS.