Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Active Directory Replication Troubles.

Status
Not open for further replies.
irvmic

irvmic

IS-IT--Management
Joined
Jan 12, 2003
Messages
3
Location
NO
We have 3 DC's in a domain.

2 of the DC's are at site 1.

1 of the DC's is at another site 2 (other physical location as well).

Our wan connection is not direct. It goes through a firewall at our ISP. The problem I am having is getting the replication to run. It just refuses saying there isn't enough info for the KCC to run it's course. However I am suspecting that it has something to do with the firewall in the middle.

I say this because if I move the server to location 1 and just change the ip address it work immediatly.

So what do I need to make sure is open in the firewall?
What ports and protocols do I need?
Is there any tools that can sort of check that enough connectivity is going through the firewall for a replication to theoreticly work?

Also I have heard that it is possible to use IPSEC / PPtP /VPN to replicate but can't find a nice how-to.

Would be very grateful for some help.

Michael
 
Sort by date Sort by votes
The easiest way to resolve this issue is to have 2 Cisco Pix firewalls. One at Site 1 and one at Site 2. Then create a site link between the two sites(pix to pix connection). This is otherwise considered a constant-VPN. This is a trusted tunnel between the two sites and will not be interrupted by the ISP firewall. Besides, your ISP will not open up their Firewall for anything. They will tell you to set up a VPN. The setup for the Cisco PIX are straight forward. Through the Web-Based PDM, they have a wizard to walk you through it. Hope this helps!

Cliff, CCNA/MCSE/MCSA 2000
Network Administrator
 
Upvote 0 Downvote
Hi Michael,

What type of firewall are you running?

If you can easily set up your rules base try simply Source(DC1) to destination (DC2) with all the information needed IP's etc and allow ANY type of TCP/IP traffic.

Usually you can see what traffic is being dropped with a tracker type log, this will probably indicate UDP xxx port numbers. Compare the before and after logs to see what has passed okay and vice versa.
Remember, don't leave the rule/filtering wide open and try and verify the port No's and protocol with the aim of tuning DC communication only.

Hope this long way helps you see more clearly what's doing what.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

julis2103
  • Locked
  • Question Question
Active Directory
Replies
0
Views
314
julis2103
julis2103
goombawaho
  • Locked
  • Question Question
Microsoft Azure Active Directory - Backup Admin Account
Replies
2
Views
1K
goombawaho
goombawaho
geneg28
  • Locked
  • Question Question
Active Directory and Linux Servers
Replies
0
Views
309
geneg28
geneg28
axilleas
  • Locked
  • Question Question
Windows 2012 R2 Active directory problem after applying GPO
Replies
7
Views
655
technome
technome
mkrausnick
  • Locked
  • Question Question
Can't write to folder even though Active Directory effective permissions shows full control
Replies
1
Views
318
mkrausnick
mkrausnick

Part and Inventory Search

Sponsor

Back
Top