| Author |
 Topic  |
|
|
MadCow
Honorable But Hopeless Addict
Canada
1834 Posts
Status: offline |
 Posted - 05/18/2012 : 3:30:25 PM
|
Windows 2008R2 DCs.
I have a 2 way trust between 2 forests and all seems ok except the replication between the two takes around 3/4 hours.
For example:
We have this SQL in ForestB running BI CUBES.
A group is created in ForestA and users are added to this group in this forest and then that group has access to BI cubes in ForestB. The users in this group when try to access the Sharepoint Site it says access denied and after 3/4 hours it works fine.
Any time we add a new user to the group in ForestA it takes approx 4 hours for the users access to work.
Looking around but not much luck.
Advise Please
Thank you
|
Sunny
__________________________________________________________________________
"Everyone is susceptible to the notion that when you begin to do well, you begin to see no boundary lines and forget the rules apply" - Eliot Spitzer
|
Edited by - MadCow on 05/22/2012 10:30:09 AM |
|
|
Pesos
Honorable But Hopeless Addict
USA
3504 Posts
Status: online |
Posted - 05/19/2012 : 1:43:22 PM
|
| I think the default replication interval on site links is 180 minutes? Have you adjusted this value? |
-Wes |
 |
|
|
MadCow
Honorable But Hopeless Addict
Canada
1834 Posts
Status: offline |
Posted - 05/22/2012 : 09:26:29 AM
|
Wes thanks for your response.
Actually let me put it right ...
We have a forest/domain in the extranet. One DC, one SQL Server and one SP2010 is member of this domain. DC and SQL are in the Extranet Zone and SP2010 is in the Inet Zone.
When we create a user in this AD and add the user to a group on this DC and that group has access to SP site. It takes about 45 minutes to replicate that user to SP and about 4 hours for that user to access the reports/cubes on this SQL Server. Could this be due to the firewall between extranet and Inet???
|
Sunny
__________________________________________________________________________
"Everyone is susceptible to the notion that when you begin to do well, you begin to see no boundary lines and forget the rules apply" - Eliot Spitzer
|
|
|
|
Pesos
Honorable But Hopeless Addict
USA
3504 Posts
Status: online |
Posted - 05/22/2012 : 10:02:58 AM
|
| I'm not understanding the "extranet zone" and "inet zone" references in this context. Also, are you now removing the two forests/domains from the picture - you just have a single domain and DC and the SQL and SP servers are a member of the same domain where you are creating the user? |
-Wes |
|
|
|
MadCow
Honorable But Hopeless Addict
Canada
1834 Posts
Status: offline |
Posted - 05/22/2012 : 10:20:02 AM
|
Thanks Wes.
There is a firewall between extranet and DMZ inet zone. Extranet hosts SQL Server and the DC and SP in the DMZ inet zone.
Lets remove the other forest/domain for now ..which has a 2 way full trust with this forest/domain.
We are creatings users on the DC in Extranet Zone and then add them to the Groups and those groups have access to SP and Cubes on the SQL Server and it takes about 1 hour for the user to access the SP page and about 4 hours before the user can acecss the cube/reports from the SQL Server.
Hope this assists! |
Sunny
__________________________________________________________________________
"Everyone is susceptible to the notion that when you begin to do well, you begin to see no boundary lines and forget the rules apply" - Eliot Spitzer
|
|
|
|
Pesos
Honorable But Hopeless Addict
USA
3504 Posts
Status: online |
Posted - 05/22/2012 : 10:28:02 AM
|
| You seem to be saying something completely contradictory to your original post. The original post is saying that the users are in one domain/forest and the server resources in another. Your most recent post is saying that there is only one domain in play. The "zones" really have no relevance here (unless your firewall is incorrectly configured, in which case it would likely never work as opposed to simply delaying replication). |
-Wes |
|
|
|
MadCow
Honorable But Hopeless Addict
Canada
1834 Posts
Status: offline |
Posted - 05/22/2012 : 10:31:44 AM
|
Thanks Wes. Yes, you are correct I have changed the subject now.
Just did another test and found out that if we manually assign the user to the SP Site and add the user to the Role on SQL Cubes it works right away. And if the same user is added to the groups it takes about 4 hours. Weird! |
Sunny
__________________________________________________________________________
"Everyone is susceptible to the notion that when you begin to do well, you begin to see no boundary lines and forget the rules apply" - Eliot Spitzer
|
|
|
|
Pesos
Honorable But Hopeless Addict
USA
3504 Posts
Status: online |
Posted - 05/22/2012 : 10:34:14 AM
|
Again, not necessarily weird if you are talking about two different domains...
1) which domain are the users in, A or B
2) which domain are the groups in, A or B
3) which domain are the SQL and SP servers in, A or B |
-Wes |
|
|
|
MadCow
Honorable But Hopeless Addict
Canada
1834 Posts
Status: offline |
Posted - 05/22/2012 : 10:41:06 AM
|
Thanks Wes.
Users in the Domain B
Groups in Domain B
SP and SQL in Domain B
The issue is only affecting Domain B. |
Sunny
__________________________________________________________________________
"Everyone is susceptible to the notion that when you begin to do well, you begin to see no boundary lines and forget the rules apply" - Eliot Spitzer
|
|
|
|
Pesos
Honorable But Hopeless Addict
USA
3504 Posts
Status: online |
Posted - 05/22/2012 : 10:50:25 AM
|
In that case I have no friggin idea :-)
Sorry! |
-Wes |
|
|
| |
Topic |
|
Slow replication between AD group and SQL
