E
Eugene_1991
Hi all. I have a problem, which i cant sovle.
I have one domain, with 3 domain controllers with different fsmo roles on each. I also have one additional mobile rack, with RODC. Periodically this mobile rack with RODC, some applications, 2016 servers and some other PCs goes to other countries and cities. When rack is in another country, i connect via VPN to Head office, and authentication between dc, rodc, application servers and other PCs passes good. But when i disconnect VPN, i can not open shared programs on other servers locating on this mobile rack. I also prepopulate passwords on RODC. I can logon on RODC server, application servers without vpn(using passwort prepolulation), but can not access shared application. I have additional dns zone: zone.local, and attached application server to it : app.zone.local , using A record. Then I check "nslookup app.zone.local" using VPN i got response, but without VPN not. I think that without VPN connection to DC in head office kerberos do not pass authenticate. RODC do not authenticate access, request do not pass via RODC, it goes to head dc controller...
I cant represent how it is works?! What i must do, to use this mobile rack system when vpn get down in bad time.... Maybe i must change something?
Thanks all!
Continue reading...
I have one domain, with 3 domain controllers with different fsmo roles on each. I also have one additional mobile rack, with RODC. Periodically this mobile rack with RODC, some applications, 2016 servers and some other PCs goes to other countries and cities. When rack is in another country, i connect via VPN to Head office, and authentication between dc, rodc, application servers and other PCs passes good. But when i disconnect VPN, i can not open shared programs on other servers locating on this mobile rack. I also prepopulate passwords on RODC. I can logon on RODC server, application servers without vpn(using passwort prepolulation), but can not access shared application. I have additional dns zone: zone.local, and attached application server to it : app.zone.local , using A record. Then I check "nslookup app.zone.local" using VPN i got response, but without VPN not. I think that without VPN connection to DC in head office kerberos do not pass authenticate. RODC do not authenticate access, request do not pass via RODC, it goes to head dc controller...
I cant represent how it is works?! What i must do, to use this mobile rack system when vpn get down in bad time.... Maybe i must change something?
Thanks all!
Continue reading...