Add 2012 DC trough site to site VPN

• Wednesday, February 27, 2013 1:44 PM

   

   
  

  0

  Dear reader,

  I'v got two site connected through ipsec VPN. On the main site I have a 2008r2 core DC. On the remote site I have a new windows 2012 server installed. They can succesfully ping eachother through ipsec VPN. I have made the windows 2012 server domain member through the vpn succesfully.

  Now i want the 2012 server to be an addtional domain controller. When the 2012 server starts with the prerequisities check, it fails with "adprep could not retrieve data from the server "dc1.domain.com" through WMI. exception: The rpc service is unavailable.

  There are a few solution to this. but none of them helped:

  1. disable all firewall's. I've done that. I can telnet to port 135 from both server and it connects to a daemon.

  2. no a/v software

  3. network service has no "log on as a service" right. I've check the local security police on the core dc. And network service has got the "logon as a service" right.

  4. wmimgmt.msc started on a management machine on de dc's site. I can succesfulle connect. BUT when starting wmimgmt.msc from the 2012 machine and connect to the dc on the remote site, I also get the rpc service is unavailable.

  Any ideas on this? It seems that the the VPN does something but like I mentioned I can connect to the ports using telnet. Dcdiag runned from the 2012 against the dc on the remote site shows all succesfull, except the last part:

  Starting test: DNS

  Test results for domain controllers:

  DC:DC.domain.com

  Domain: domain.com

  TEST: Authentication (AUth)

  Authentication test: Succesfully completed

  TEST: Basic (Basc)

  Error: No WMI connectivity

  [Error details: 0x8007706ba (Tyoe: HRESULT - Facility: Win32, Description: The RPC server is unavailable.)

  No host records (A or AAAA) were found for this DC

  Running the same dcdiag commandlet local on the DC gives no errors.

  ---

  MSCE

  • Reply
  • Quote