I'm lost on where to even start troubleshooting this one (maybe 'cause it's Monday and I'm sick, anyway...). OK, we have three locations to our network, US, UK, and China When users travel from the US or UK over to China they seem to get weird IP address resolution for 'some' servers here in the US; hence, the login script fails for those locations. They go to log on to their computer, the login script maps most drives, then fails for every drive on a given server (seems different server to each user). Go to ping that given server and get an IP that is different than the assignment. Our network is a Win2K3 Active Directory with integrated DNS. The US location has an IP address range that is actually a public one of x.24.x.x The UK location has a public range of x.25.x.x DHCP is being handled by a Win2K3 server at each location (US & UK) The China location is on a private network IP address 192.168.x.x DHCP is being handled on the router itself. Now, all servers (domain controllers, DNS, etc...) are in the US. I don't like that scenario; however, my boss is a different breed. Any ideas? Thanks

You have told only half of the truth. How do domain users authenticate against Active Directory in USA? Have you VPNs from UK and PRC? I guess, you should. Otherwise users in PRC will use local ISP DNS and ISP can block some web servers.

Domain users are authenticating via the local LAN here in the US. There's a point to point 10mb mpls circuit between here and china (the UK has a 100mb point to point). Something else I noticed, is that within our DNS server, I'm not seeing any PTR records being created.

Hi, I would like to confirm the following questions: 1. How did you configure the network authentication, via VPN or others? 2. Do the clients’ DNS settings in China point to the correct DNS Server’s IP address? 3. What error messages are received? Based on the current situation, please make sure that the Windows firewall and physical firewall do not block the ports mentioned by the following Microsoft TechNet article: Active Directory and Active Directory Domain Services Port Requirements http://technet.microsoft.com/en-us/library/dd772723(WS.10).aspx Generally, the error message "The RPC server is unavailable" will be encountered. If so, please also refer to the following Microsoft KB article for more troubleshooting information. Troubleshooting RPC Endpoint Mapper errors using the Windows Server 2003 Support Tools from the product CD http://support.microsoft.com/kb/839880 If the issue persists, please also upload the following information to me at v-artli@microsoft.com for our further research. ipconfig /all >c:\ipconfig.txt dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt repadmin /showrepl dc* /verbose /all /intersite >c:\repl.txt ["dc* is a place holder for the starting name of the DCs if they all begin the same (if more than one DC exists)] dnslint /ad /s "DCipaddress" (http://support.microsoft.com/kb/321045) Regards, Forum Support Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, I would like to confirm the following questions: 1. How did you configure the network authentication, via VPN or others? 2. Do the clients’ DNS settings in China point to the correct DNS Server’s IP address? 3. What error messages are received? Based on the current situation, please make sure that the Windows firewall and physical firewall do not block the ports mentioned by the following Microsoft TechNet article: Active Directory and Active Directory Domain Services Port Requirements http://technet.microsoft.com/en-us/library/dd772723(WS.10).aspx Generally, the error message "The RPC server is unavailable" will be encountered. If so, please also refer to the following Microsoft KB article for more troubleshooting information. Troubleshooting RPC Endpoint Mapper errors using the Windows Server 2003 Support Tools from the product CD http://support.microsoft.com/kb/839880 If the issue persists, please also upload the following information to me at v-artli@microsoft.com for our further research. ipconfig /all >c:\ipconfig.txt dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt repadmin /showrepl dc* /verbose /all /intersite >c:\repl.txt ["dc* is a place holder for the starting name of the DCs if they all begin the same (if more than one DC exists)] dnslint /ad /s "DCipaddress" (http://support.microsoft.com/kb/321045) Regards, Forum Support Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

There are no VPNs involved. China and the UK are connecting to the US via point to point MPLS connections. Yes China is pointing to the correct DNS servers This is not affecting people that normally work in China, AFFECTS ONLY those that travel there from either the US or UK The only error they're seeing is from the login script itself, they get the 80070035 message. If you go to map the drive using IP address, all maps fine. I haven't had a chance to do any real diags/troubleshooting on one of the affected systems with the time difference between us, and they state they're too busy when I have the time and they are within the China building (I'm in the US)

Hi, I would like to confirm that have you tried the suggestions I provided above and what is the current situation? If there is anything that I can do for you, please do not hesitate to let me know, and I will be happy to help. Regards, Arthur Li Forum Support Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.