Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

AD Replication over VPN Connection

Status
Not open for further replies.

Triage

Technical User
Jun 23, 2003
23
US
We have found that we have a 'partial' AD replication between the domain controller outside of our domain with the controllers inside the domain via a VPN connection.

'Partial' meaning that any changes made in the AD on the outside controller will be picked up by the controllers within the domain when replication is initiated from the inside controllers - initiation from the outside controller won't occur due to the message below*. If there are changes made in the AD on the inside controllers and replication initiated by them, the change will not be picked up by the outside controller.

So, the access is one way: The inside domain controllers can see and access the outside controller, but not vice versa.

We're close - what are we missing?

*-The File Replication Service is having trouble enabling replication from UCPATHAD1 to UCPATHAD-TEST for c:\windows\sysvol\domain using the DNS name ucpathad1.ucpath2.uc.edu. FRS will keep retrying.

Following are some of the reasons you would see this warning.

[1] FRS can not correctly resolve the DNS name ucpathad1.ucpath2.uc.edu from this computer.

[2] FRS is not running on ucpathad1.ucpath2.uc.edu.

[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.


"I enjoyed my youth so much that I decided to bring it along with me."
-GC
 
Can you force a replication through dssite.msc?
Have you changed the DNS names or IP addresses. [nslookup]
You may have to flush the resolver. [ipconfig /flushdns]
[netsh interface ip delete arpcache]
Does the DNS name ucpathad1.ucpath2.uc.edu correspond to the correct IP in DNS? [cmd /k pathping serverName and or IP]
Check your default gateways are correct. [ipconfig /all]
Do you use a hosts file? [notepad %windir%\system32\drivers\etc\hosts]
Are there firewalls?


MCITP:EA/SA, MCSE, MCSA, MCDBA, MCTS, MCP+I, MCP
 
One way traffic over a VPN can be due to an MTU problem, try setting your MTU on both servers to 1300 and see if it gets better!
 
I hoped the MTU would do it...but no dice (and we had already covered the suggestions GrimR offered).

Once connected, the remote server can see the domain i.e we can ping machines in the domain, remote desktop to other domain machines and domain controllers, map drives to the file and print servers, attach to network printers...but just can't replicate the Active Directory both ways.

We keep receiving the error that 'the RPC server is unavailable' and the condition 'may be caused by a DNS issue.'



"I enjoyed my youth so much that I decided to bring it along with me."
-GC
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top