locked
RODC replication error over VPN RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello there,

    I'm attempting to replicate my local AD over VPN to a remote machine.

    My local AD is on a windows server 2008 R1 sp2

    Remote machine is a windows server 2008 R2 sp1 and has a public IP

    I'm using a windows PPTP vpn connection.

     

    The two machines seem to be communicating well, I start the dcpromo and fill every bit of information, replication starts, and always fails at the same step "The Operation failed because : While promoting Read-Only Domain Controller, failed to replicate the secrets from the helper AD DC. The RPC server is unavailable".

     

    I used to have the rpc error thing from the very start because i did not tell the remote machine to use the local AD as prefered DNS.

    I have tested the replication with a local machine and everything went ok,

    edit : at first this looks very much like a dns error, but, then i edited the hosts file on remote and local machines and added the vpn addresses  (10.0.0.0) so that there would be no mistakes, and i still get that error at the same step.

    Thanks for your help.


    Monday, July 25, 2011 9:42 AM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote

    Using a DC behind a NAT device is not supported for replication. Please use a site to site VPN tunnel.

    Also, check that all mentioned ports are opened.

     

    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified IT Professional: Enterprise Administrator

    Monday, July 25, 2011 3:42 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    You can use ISA and routing from both side this will resolve the problem

    dont forget to add access rules with original ip address

    Dhafer HAMMAMI
    Monday, July 25, 2011 5:33 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello,

    for VPN, make sure that is it site to site VPN and your other server is not behind a NAT device.

    Also, check that needed ports for AD replication are opened: http://technet.microsoft.com/en-us/library/bb727063.aspx

    Use PortQry v2 for check.

     

     

    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified IT Professional: Enterprise Administrator

    Monday, July 25, 2011 1:22 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello and thanks for our answers

     

    I'm using the basic pptp vpn found in windows.

    Since remote machine is directly connected to the internet with a public ip, it serves as the vpn server.

    My local machine is behind a nat, but using a vpn bypasses it as every packet is routed through the tunnel right?

    PortQry says port 135 (rpc) is in listening mode

     

    Monday, July 25, 2011 3:20 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Using a DC behind a NAT device is not supported for replication. Please use a site to site VPN tunnel.

    Also, check that all mentioned ports are opened.

     

    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified IT Professional: Enterprise Administrator

    Monday, July 25, 2011 3:42 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    You can use ISA and routing from both side this will resolve the problem

    dont forget to add access rules with original ip address

    Dhafer HAMMAMI
    Monday, July 25, 2011 5:33 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Hi all, and thanks for your answers, in the end i opted for OpenVPN and all is working swell :)
    Friday, August 5, 2011 3:55 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Hi, I'm trying to do the same as you but both are DC and are behind NAT. How did you configure OpenVPN to allow the replication to work? Oh, and one is a 2003 server and the other is 2008 server.
    • Edited by 2Pr0 Friday, September 13, 2013 8:37 PM
    Friday, September 13, 2013 8:36 PM