locked
Perimeter Network to RODC - no logon servers available using IPSEC tunnel RRS feed

  • Question

  • Hi to all

    I have problem with RODC and Perimeter Network.

    Here is my situation

    I've got Network 192.168.1.0/24 that has two (2) Writable Domain Controllers based on Windows 2008 R2

    I'd created second routable network 172.16.0.0/24 that has one Read-Only Domain Controller .

    Between the networks there is a firewall configured only for DNS TCP/UDP traffic and UDP 500 (IKE) . I'd created IPSEC Tunnel Between WRDC and RODC using Windows Firewall with Advanced Settings .

    All of the domains and server in both networks are working fine (replication,SMB, network time, DNS etc)

    After that I wanted to create another perimeter network with only one server that will be connected to my corporate domain . So again with Windows Firewall and UDP IPSEC Tunneling I created connection from my third network to my RODC . The third network is routable and it address space is 10.10.10.0/24

    Again : I can ping RODC from the third network , and using Office domain Join I added Windows 2008 R2 Server to the Corporate domain.(pre-created account is replicated to RODC)

    When I reboot the server I can't login with my domain credentials . IPSEC tunnel to RODC is working fine from 10.10.10.0 to RODC and RODC to WRDC .

    I've created AD Site Links and Subnets to point RODC but again nothing is working. If I join Servers to RODC Network they are working fine and authenticate correctly . The only problem is that i can't authenticate to RODC from the 3rd network .

    Any ideas ?

    BTW : IPSEC tunnel is configured for now with Pre-Shared Keys . No one should connect directly to WRDC . Every server(s) should be in separate network with limited open Firewall port

    I can provide some diagram for better understanding my situation


    Thursday, August 23, 2012 2:20 PM

All replies

  • Wow that was easy :)

    I had to add registry key to point AD Site and now everything is perfect

    That was the guide for RODC and Perimeter Networks

    http://technet.microsoft.com/en-us/library/dd728035(WS.10).aspx

    The registry key

    Navigate to: HKLM\System\CurrentControlSet\Services\Netlogon\Parameters

  • In the right pane, create a new String Value titled SiteName and for the Value Name type the name of the site in which the client computer resides.

Thursday, August 23, 2012 2:58 PM