Recovering remote access to DC - Network

This is a discussion on Recovering remote access to DC - Network ; Hi everybody! Assume this scenario would be real: A win 2003 server is the only DC of a A.D. domain placed in a branch office with no physical access. All admin can access through RDP only. One of them assigns ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Recovering remote access to DC

  1. Recovering remote access to DC

    Hi everybody!

    Assume this scenario would be real:

    A win 2003 server is the only DC of a A.D. domain placed in a branch office
    with no physical access.
    All admin can access through RDP only.
    One of them assigns the "Secure Server (Require Security)" IPSec policy.

    Just the time of the gpupdate refresh and no one can establish RDP
    connections to that DC.

    I can imagine 3 possible solutions for this kind of problem:

    1) A new DC
    2) Stop the PolicyAgent service in that DC
    3) Enable the "Client Respond only" IPSec policy

    Discarding the first, which could lead to other unexpected complications,
    how would I be able to establish a connection to that DC to perform the
    tasks at point 2 or 3?
    I wasn't able to simply apply task n3 as local policy on the remote client
    and establish the connection to the DC, should I manage to do it this way?
    Is there any other possible solution?

    Thanks for any advice!

    Bye

    MD



    Any hints on how to fix this problem




  2. Re: Recovering remote access to DC

    You are pretty much out of luck in the situation you described unless the DC
    can be physically accessed. Anyhow there are all kinds of complications when
    a domain controller is configured with ipsec require/request for
    communications with domain computer. See the link below for more info.

    Steve

    http://support.microsoft.com/kb/254949/


    "M D" wrote in message
    news:ONiTeMY1GHA.4312@TK2MSFTNGP02.phx.gbl...
    > Hi everybody!
    >
    > Assume this scenario would be real:
    >
    > A win 2003 server is the only DC of a A.D. domain placed in a branch
    > office
    > with no physical access.
    > All admin can access through RDP only.
    > One of them assigns the "Secure Server (Require Security)" IPSec policy.
    >
    > Just the time of the gpupdate refresh and no one can establish RDP
    > connections to that DC.
    >
    > I can imagine 3 possible solutions for this kind of problem:
    >
    > 1) A new DC
    > 2) Stop the PolicyAgent service in that DC
    > 3) Enable the "Client Respond only" IPSec policy
    >
    > Discarding the first, which could lead to other unexpected complications,
    > how would I be able to establish a connection to that DC to perform the
    > tasks at point 2 or 3?
    > I wasn't able to simply apply task n3 as local policy on the remote
    > client and establish the connection to the DC, should I manage to do it
    > this way?
    > Is there any other possible solution?
    >
    > Thanks for any advice!
    >
    > Bye
    >
    > MD
    >
    >
    >
    > Any hints on how to fix this problem
    >
    >
    >




  3. Re: Recovering remote access to DC


    "Steven L Umbach" ha scritto nel
    messaggio news:OyN4MDh1GHA.4388@TK2MSFTNGP03.phx.gbl...
    > You are pretty much out of luck in the situation you described unless the
    > DC can be physically accessed. Anyhow there are all kinds of complications
    > when a domain controller is configured with ipsec require/request for
    > communications with domain computer. See the link below for more info.
    >
    > Steve
    >
    > http://support.microsoft.com/kb/254949/
    >
    >


    Hi Steven and thanks for reply!

    In my scenario the DC should not be physically reachable so probably the
    admin had that brilliant idea would have won a one way ticket to the
    furthest place the boss knows
    Thanks God, my example is just fictitional!
    And, as I thought, that's a pretty good suicide solution to improve server
    traffic security.
    Thanks again
    MD



+ Reply to Thread