OK, so we have a topology as follows:
HQ (is the main site)
OKC, NEO, HOU (are branch offices connected by watchguard VPN)
Now, all branch sites can ping and access HQ, and HQ can ping/access branch sites. What is not allowed is branch site - branch site communication ( OKC to NEO or HOU to OKC as example). There is no route set for it in the firewall.
Recently we replaced the server at HOU, and added site NEO. HOU server displays these error messages about NTDS/KCC saying that it cant contact the server at OKC or NEO (duh).
In my Active Directory replications, I have only connections from branch offices to HQ and no connections from branch site to branch site.
This may be something really simple, but how do I get branch servers to stop checking these other servers and only check the two domain controllers at HQ?