Previously, we had created local accounts (paris and brussels) on our VPN gateways.
However, as long as your VPN gateways are part of an Active Directory domain, the credentials must be specified otherwise so that they can continue to function.
If you go to one of your VPN gateways, you will see that the demand-dial interface you created is in "Unreachable" state.
Right click "Reason for inaccessibility".
This warning is displayed :
The last connection attempt failed due to: The remote connection was denied because the user name and password combination you provided is not recognized, or the selected authentication protocol is not permitted on the remote access server.
To solve this problem on the Brussels VPN gateway, right click on the "paris" connection and click on : Set Credentials.
Specify again the credentials of the "brussels" account present on the "PARIS-VPN" server, but also specifying the name of the remote VPN server (PARIS-VPN) as domain.
Do the same on the remote VPN server.
We use the "paris" account to connect to the "BRUX-VPN" server.
Now, reconnect these demand-dial interface connections (if they don't reconnect automatically) by right-clicking "Connect".
As you can see, these connections are working again.
Configuring Active Directory sites is critical, because at this time all of our domain controllers are in the same Active Directory site. Which means Active Directory currently believes that all of our domain controllers are physically in one place.
So that Active Directory can automatically adapt its replication topology and so that client PCs can connect to the domain controller closest to them (to speed up session openings, ...), you must configure the Active sites Directory and associate the different subnets used on each site.
Once the Active Directory sites and the subnets are configured and associated correctly, you can choose when you want to replicate the data between each site, define which network link is faster than another, ...
To start, open the "Active Directory Sites and Services" console and right-click "New Site" on the "Sites" folder.
Create the "Brussels" Active Directory site which corresponds to the physical site of the same name.
When creating the 1st Active Directory site, the "Active Directory Sites and Services" console displays a message telling you that you must :
Create a "Paris" Active Directory site for that of Paris.
For the moment, we therefore have 3 Active Directory sites :
In order for client PCs to know which domain controller is closest to them, Active Directory will be based on the subnets defined here.
Defining these subnets also automatically associates new domain controllers with the correct Active Directory site.
Right click "New Subnet" on the "Subnets" folder.
In our case, the subnet used at Brussels is : 10.0.1.0/24.
So, we specify this subnet in the "Prefix" box and we select the "Brussels" site to specify to Active Directory that this subnet is located at the Brussels site.
For the Paris site, the subnet is : 10.0.2.0/24.
Active Directory now knows that :
Note that you can very well have multiple subnets in a single Active Directory site.
You can also find the list of subnets associated with an Active Directory site by viewing the properties of an Active Directory site.
In the properties of our "Brussels" Active Directory site, we find our "10.0.1.0/24" subnet.
And in the properties of our "Paris" Active Directory site, we find our "10.0.2.0/24" subnet.
When you created your Active Directory sites, you must have selected the "DEFAULTIPSITELINK" site link since it's the default site link.
Since we only have 2 Active Directory sites, creating a new site link is not necessary since there is only one physical link connecting our 2 remote physical sites.
However, for the tutorial, we'll show you how to create a new site link.
To do this, right-click on the "Inter-Site Transports -> IP" folder and click on : New Site Link.
In our case, we are going to define the link which connects the site of Brussels with that of Paris.
So, we select the "Brussels" and "Paris" sites on the left and we click on the "Add" button, then click on OK.
The new site link appears.
If you right click "Properties" on the site link you just created, you will see that you can :
To change the inter-site replication schedule for this site link, click the "Change Schedule" button.
By default, replication is allowed every day of the week from 0:00 to 24:00.
But, for example, you can change this schedule so that inter-site replications only take place outside working hours and thus avoid slowing down your company's Internet access when your employees are working there.
Since the default site link is no longer useful, it must be removed so that KCC can calculate the correct replication topology and not be influenced by this unnecessary link.
Right click "Remove" on the "DEFAULTIPSITELINK" site link.
And confirm the removal of this site link.
Windows Server 4/16/2021
Windows Server 4/30/2021
Windows Server 4/3/2021
Windows Server 5/21/2021
® InformatiWeb-Pro.net - InformatiWeb.net 2008-2022 - © Lionel Eppe - All rights reserved.
Total or partial reproduction of this site is prohibited and constitutes an infringement punishable by articles L.335-2 and following of the intellectual property Code.