I guess what I meant was, do the client computers in the other subnet use the local machine as a DNS server, or do they do DNS over the link, or are they set up with ISP DNS entries. The second DC should point to itself for DNS... every DC that is also a DNS server (which, assuming AD integrated DNS zones, should be every DC, IMNSHO) should point to itself. But I guess I would also make the second DC a GC as well. No sense having a DC in the remote site if the clients are going to have to traverse the link to get to the GC to log in (which, as you found out, is necessary to login). Does the VPN traffic get filtered at all? Probably a tough question to answer, since you aren't the firewall admin... Does the VPN go through the firewall or around it? Glenn Sullivan, MCSE+I MCDBA David Clark Company Inc. -----Original Message----- From: Rick Fogarty [mailto:rick@xxxxxxxxxxxxx] Sent: Friday, November 07, 2003 9:11 AM To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] Re: Network Help No problem Glenn... It seems a bit odd that things don't work as expected, but I'm really not sure if the Network Admin has things setup correctly at the firewall level. Connectivity does work both ways. I can ping devices from either side of the network. DNS was a bit tricky... I wasn't sure how to work this one... I setup the sat account (first) pointing back to the original DC - however, considering the network issues, it didn't work. So, I then changed it and set it up to point to itself. Make sense? Although, I didn't know one could setup a DNS server to serve only one subnet (he says while searching MS' site) Thanks, Rick -----Original Message----- From: windows2000-bounce@xxxxxxxxxxxxx [mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Sullivan, Glenn Sent: Friday, November 07, 2003 8:59 AM To: 'windows2000@xxxxxxxxxxxxx' Subject: [windows2000] Re: Network Help You mention that you have connectivity to them. Does it work the other way? How is the DNS set up when you add that other DC? Is it the DNS for that subnet? If so, is it synched with your main DNS, so it can find the GC? Shooting from the hip, of course... Glenn Sullivan, MCSE+I MCDBA David Clark Company Inc. -----Original Message----- From: Rick Fogarty [mailto:rick@xxxxxxxxxxxxx] Sent: Friday, November 07, 2003 8:41 AM To: W2K Subject: [windows2000] Network Help This is more a theory question, but I'm hoping someone will jump on board to help me out.... Here is the way our network is setup, perhaps you can tell me why things aren't working as expected. On our main campus in my county, we have a T1 that is provided by the state. That's pushed to three separate subnets - two private (172.16.12 & 172.16.20) and one public address (198.85.71.x). Each of these subnets has many computers that we need to manage. I've created a new W2k3 AD domain and at present only have one DC - all the roles reside on it. DNS, DHCP and Wins are setup and running flawlessly - at least for now.... The DC (Zeus) has a network card per subnet that allows each subnet to login and get network resources. This appears to be working fine. I've setup a site for each subnet and logins and name service request work well. Now, the strange part - We have a satellite site that has a commercial cable modem setup providing access to 150 computers. Each site ours and theirs is setup with a Watchgaurd Firebox 2500. The two sites are linked with an encrypted VPN. So, I can sit at my desk and tracert to a machine over there and it traverses exactly as expected. However, when I place a DC over there so they can login to our domain, it can't find the global catalog. To me, it seems that not all traffic is passing through the firewall. Does that sound right? Is there a better setup for something like this? Thanks, Rick ========================================================================== Rick Fogarty Coordinator, Technical Support and Computer Servicing Sandhills Community College 3395 Airport Rd Pinehurst, NC 28374 1(910) 695-3943 Fax 1(910)695-1823 rick@xxxxxxxxxxxxx <mailto:rick@xxxxxxxxxxxxx> http://www.sandhills.edu <http://www.sandhills.edu/> ==========================================================================