Solved

SBS 2011 Standard server based VPN for inter site AD replication

Posted on 2012-03-20
6
567 Views
Last Modified: 2012-09-24
Hello,

I have a client that currently has 2 sites and is using SBS 2011 on the main site and Windows 2008 std on the second.

I am looking to configure Windows based VPN link(s) between the sites to allow AD replication.

I have currently configured the second site to connect to the Windows SBS 2011 using the VPN wizard on the main office server, and used a VPN client connection on the second site server; but am having communication issues.

I have run repadmin and it shows that the main site is not able to communicate with the second office.

Do I have to create a separate VPN connection from the main site to the second site server to enable 2 way VPN traffic?

Due to project funding restrictions at this time, we are restricted to utilizing a Windows VPN solution; with future plans to migrate the VPN to a hardware based solution.

Many thanks for any assistance and advice
0
Comment
Question by:dwknight
  • 4
  • 2
6 Comments
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 37747797
Is the server at the remote location already a DC?
0
 

Author Comment

by:dwknight
ID: 37761978
Hello,

Yes it is. It was initially set up using the following procedure.

1. Enable VPN access on the main site SBS 2011 server
2. Connect to the main site from the remote site by establishing a VPN connection.
3. Run DC Promo - took a while to update (overnight)
4. Any updates generally take a fair amount of time.

Runing repadmin shows that there has never been any connection. But there are updates occurring.
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 37762022
what kind of bandwidth do you have between the two sites?
How close are the two facilities?   Close enough that you can take the remote server to the main office and redo the DCPROMO, verify replication, then take back to remote location and run DCDIAG
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:dwknight
ID: 37799422
Apologies about the late follow up.

Both have an ADSL link 5meg down/ 384 up.

After additional research, the AD is definitely replicating. The error report seems to be the RPC service not being found between the sites. I am thinking that rpc is not configured on the server to use the VPN connection. Pretty much everything else is working after using a few other switches when running repadmin.

At this point,  it is not possible to remove the site DC and bring it back to the main office.

Thanks for the follow up.
0
 

Accepted Solution

by:
dwknight earned 0 total points
ID: 37804355
I have found the source of the rpc replication issue!

Because the site DC is connecting back to the main office via a vpn, DNS has both the site ip address for the server (on the site subnet) and the main office DNS entry for the site DC (on the main office subnet).

After a bit of troubleshooting, it appears that RPC communication from the main office is defaulting to the site ip address for the site DC, not the main office vpn ip address assigned to the site server.

Is there any way to set a preferred ip address for rpc communication?

Thanks for any advice.
0
 

Author Closing Comment

by:dwknight
ID: 38428034
Thanks, the question has been open for a while, but I have not had any further luck - so at this point - I am closing it as finished.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now