Anyone with a suggestion for

pascalo21 · ‎08-26-2011

I have a site to site VPN (Cisco routers at both sites), one Domain Controller (Win 2008 R2) is installed at the branch and it is supposed to communicate with the Primary Domain Controller at the HQ. When i apply the VPN, all traffic from the DC at the branch to the DC at the HQ goes normally (Such as telnet, file sharing, http...) but the Domain controller traffic (replication, login...) doesn't pass and i can see retransmissions all the time on the DC. On the router, the encaps, decaps increase but I can see receive errors also at the branch router.

I did many changes, such as mtu, adjust mss, but still everytime i apply the VPN, the domain controller traffic (Such as replication...) stops.

Any ideas, suggestions? could it be from the Domain controller itself?

raga.fusionet · ‎08-26-2011

Hi There,

Well, it looks like you did all the basic troubleshooting on the routers. Now on the controller, could you try to reduce the MTU? You can use an app like TCP Doctor and reduce the max MTU to something like 1200. Then try again.

Give it a try an let us know how it goes.

Regards,

Raga

onyangoliech · ‎07-16-2014

Anyone with a suggestion for this? The two DC can ping each other but seems like the cannot sync over the VPN. I even have one DC using DNS from the remote DC.

Win 2008 Domain controller not working with IPSEC