Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2176
Views
0
Helpful
3
Replies

AD & DFS not replicating via Site-to-Site Cisco VPN

niterid3r
Level 1
Level 1

‎05-23-2011 05:44 PM

Hi Everyone,

We have a cisco site to site vpn for two locations with cisco 871W devices. The VPN works fine for everything such as remote desktop, intranet and other applications.

We have a Microsoft windows server 2008 at one site running Domain and a member server at another side, but the problem is with the DFS which also runs between two sites which is not replicating the folders properly.

I am being told that before deploying cisco routers the vpn was on Tplink routers and the DFS worked fine and folders replicated with a full mesh topology.  On the other hand since i am a cisco technician and a bit new to Microsoft therefore i have also been told by Microsoft technician that it is happening because Domain is not replicating with a member server properly which i doubt as few users login to the domain via member server and even if i create a new domain user on a member server it shows in the domain controller with in no time.

Following the details of the VPN and Microsoft

1.DNS- Resolves fine.

2. MTU size set on gre tunnels 1400 and tcp adjust mss 1380 whereas i have tried few other combinations as well.

3. Site-Site VPN tunnel allows everything from source Public IP to Destination Public IP therefore the doubts of ports being blocked fades out as well.

4. Ms Server 2008 domain and MS Server 2008 as member server.

I am not even 100% sure if its a vpn issue, it could be configuration at server end as well. But before claiming anything i just need to be 100% sure from cisco side.

Thanks in advance for help.

Labels:
0 Helpful
3 Replies 3

Jennifer Halim
Cisco Employee
Cisco Employee

‎05-23-2011 06:55 PM

If you can ping between the Ms Server 2008 domain and MS Server 2008 as member server between the 2 sites, then I wouldn't think that it is VPN configuration issue.

Other things are, try to find out what ports they are using for the replication, and see if you can telnet on those ports between the 2 Microsoft servers. That would again prove that the connectivity is there, and points more towards application issue.

0 Helpful

niterid3r
Level 1
Level 1
In response to Jennifer Halim

‎05-23-2011 07:34 PM

Hi,

I can ping the member server and i even get a reply with a load fragments. On the other hand i have exactly tried what you have i,e telnet process.

The AD replication uses heaps of udp and tcp ports such as 165,35 etc.

As i said earlier the VPN tunnel is allowed between souce and destination public addresses, allowing all types of traffic.

Hence i can telnet all the ports from local to remote server and vice versa.

There has to be something else i believe, the unfortunate thing is that cisco does not give you enough proofing troubleshooting tools. Or may be cisco does and i might not know about it.

Regards,

Sunjay

CCNA-CCNP.--->CCIE

0 Helpful

Jennifer Halim
Cisco Employee
Cisco Employee
In response to niterid3r

‎05-23-2011 07:40 PM

Since you can ping and telnet on all ports, then I wouldn't think the issue is on the VPN/Cisco.

I would troubleshoot more from the application itself, and see if you can gather any logs to see where exactly it's failing. Since it is using a number of different protocols and ports, it would be good to see at which point it's failing.

0 Helpful
Customers Also Viewed These Support Documents