Active Directory Replication Issues Over Site-to-Site SonicWall VPN
Posted on 2011-10-20
I have two SonicWall firewalls set up at two different sites with a site-to-site VPN set up. I am able to ping resources on either network and there appears to be no bad connection between them or error logs/dropped packets etc. I have two DC's, both are normal (not Read Only) DCs, one at each site, one domain. They are both 2008 R2, both are DNS servers and global catalogs. On the second site, when DCPROMOing the server, everything was successful and it pulled all the usernames and group policies just fine. Sites and services has been set up correctly.
My problem is, is that they don't seem to be replicating any changes now. The VPN is still connected and solid. DNS is resolving correctly and I have used portqry to test all AD ports and they are all open.
There are no content filtering or IPS services enabled for the VPN zone (however they are enabled for the WAN link) I would assume that the Sonicwall would not filter anything for its own VPN.
MTU is set to 1500 on both firewalls. The logs's NAT discovery reports there are no NAT devices in between the devices on the VPN.
Repadmin /showrepl on both servers reports that they are replicating correctly.
I created a user account on server1 that did not replicate to server 2, but I am able to authenticate that user account on computers in server2's LAN. (The clients in server2's LAN have server1 listed as a secondary DNS server after Server2)
So I am not an expert by any means, and I am not sure what to check next. These servers need to be replicating on a consistant basis and need to be exact mirrors.
Thanks in advance!