I have managed to find a curious behaviour between RL, AD and DNS. This
is a continuation of my previous posting on "Exchange 2003 provisioning"
and the last problem encountered was AD could not sync up to IDM, even
tho I have set up 2-way SSL. I found out that it's linked to the problem
of "[PWD] AddDCKey() domain controller <DC's Fully Qualified Domain
Name> is not in list" errors that keep popping up in the RL trace.This
is due to the RL server not having a preferred DNS server in the network
settings. It's not set because it has to run 2 RL instances, each
connecting to a different domain. I have included the both DC's FQDN in
the "host" file of the RL server, so resolving the DC of each domain
shouldn't be a problem.

The curious thing is when I set the preferred DNS in the network
settings, 2-way password sync works only for the domain where that
domain's DC's IP is used as the preferred DNS (as opposed to alternate
DNS). Setting the other domain's DC's IP as alternate does not resolve
the password sync problem. In summary, I can only sync 1 domain's
password using 1 server and if I have n domains to connect, I'll need n
servers running RL, each connecting remotely to a DC.

Does anyone know how does the RL works with DNS? Could this be
something to do with the SSL certificates that somehow needs DNS' help
in resolving something other than the domain DC? I'm trying to use 1
server to host all the RL instances, connecting to a number of AD


comebashme's Profile: http://forums.novell.com/member.php?userid=13248
View this thread: http://forums.novell.com/showthread.php?t=380614