Are those domains in separate forests, or within the same forest? It wouldn't hurt to take a look at the output from nltest (Win Support Tools), to see the status of the trusts and secure channels. Run that when things are working, then rerun it when it's broken and compare results.
Is Exchange then only thing that shows problems when the VPN drops and recovers, or can you access other resources (e.g. file shares) that are also trust-dependent? -----Original Message----- From: Michael McCann [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 24, 2004 9:08 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Removing AD from Exchange Server + Hunter I guess I should have included a little more information in my orig. post. The infrastructure consists of 2 domains (VFC [W2k] and VFCBC[W2k3]). VFC is local to my office with a trust setup with VFCBC. Users on the VFCBC domain get their mail from MAIL01. The original problem that we've been having (since I started here) is that when the VPN tunnel is broken, and then re-established, users on the VFCBC domain cannot be authenticated for email. They repeatedly get the Username/Password/domain dialogue when firing up outlook... I figure there is a synchronization issue between the domains, but don't know how to test / diagnose it.. I saw it happen yesterday after the exchange server was rebooted... Kind of strayed off the original post but this is what I wanted to try and fix.. Thanks Mike -----Original Message----- From: Coleman, Hunter [mailto:[EMAIL PROTECTED] Sent: February 24, 2004 10:45 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Removing AD from Exchange Server + Mike- You certainly can demote all but DC01, but whether there will be any problems or whether you should are less clear. First, if you demote all but DC01 and then something happens to DC01, your domain is dead until you can restore from a backup. That's probably a bad thing. Is DC01 a global catalog, and if it ends up as the sole GC will that be sufficient to handle client and Exchange loads? How many users do you have, and what's the network layout? Is this a single domain forest? If not, then running your Infrastructure Master role on DC01 *may* create problems if all of the DCs in the forest are not GCs. Hunter ________________________________ From: Michael McCann [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 24, 2004 8:22 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Removing AD from Exchange Server + Hey guys, been reading the list for a while now and have to first say thanks.. There's a tonne of info provided here.. I have a few DC's at my primary site that I want to demote.. here's an output of an nltest on my site: C:\> nltest /server:dc01 /dclist:xxx Get list of DCs in domain 'xxx' from '\\BACKUP01'. vfc1.xxx.yyy [DS] Site: Default-First-Site-Name dc01.xxx.yyy [PDC] [DS] Site: Default-First-Site-Name backup01.xxx.yyy [DS] Site: Default-First-Site-Name MAIL01.xxx.yyy [DS] Site: Default-First-Site-Name The command completed successfully vfc1 is about to be decommissioned, backup01 used to be the PDC at one point in time (before I started), MAIL01 is our exchange server.. Will there be any problems in demoting all but dc01? (Please bear with me, I am a programmer that has to wear the network support hat every once and a while) Thanks in advance, Mike List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
