2 Offices with DNS replication worked until moved from MPLS to site to site VPN cisco

Posted on 2014-03-13
Medium Priority
Last Modified: 2014-03-26
Hello EE,
I used to have replication of DNS working between all DCs in my branch office.
Repadmin /Replsum came back clean.
Now when I moved one of my branches behind a Site to Site VPN tunnel with Cisco ASA5525 on one side and Cisco 5505 on the other I am getting errors that that server "RPC server is unavailable"

I even went into sites and services and tried replicate now and got controller: DC1 (behind the site to site) "The RPC Server is Unavailable"  I ran dcdiag and got

[Replications Check,DC2] A recent replication attempt fail
   From DC1 to DC2
   Naming Context: DC=bergquistcompany,DC=com
   The replication generated an error (1722):
   The RPC server is unavailable.
   The failure occurred at 2014-03-13 09:10:00.
   The last success occurred at 2014-03-10 17:34:07.
   273 failures have occurred since the last success.
   The source remains down. Please check the machine.

The last success is the date before we moved them to the site to site VPN tunnel.  Is there something I need to add to allow RPC to pass?
Question by:bergquistcompany
  • 4
LVL 22

Expert Comment

by:Matt V
ID: 39927177
Make sure the required traffic is allowed across the tunnel.

UDP port 53 for sure.

Author Comment

ID: 39927979
All ports between the two networks /16 is allowed

Author Comment

ID: 39929458
Found out that tunnel is not allowing fragmentation.
tried ping -f -l 1472 dc2 and getting
packet needs to be fragmented but DF set
IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

LVL 42

Expert Comment

ID: 39935156
I don't think that it's the tunnel that is not allowing fragmentation.  You specified in your ping command not to allow fragmentation.  What the message indicates is that the packet size was too big to pass through unfragmented.

You could try adjusting the packet size that is sent through the tunnel.
I would test with prtqry.exe to make sure traffic is not being blocked by a firewall.

Accepted Solution

bergquistcompany earned 0 total points
ID: 39935754
found the firewall needed a crypto to enable fragmentation

Author Closing Comment

ID: 39955454
heard from Cisco

Featured Post

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Considering cloud tradeoffs and determining the right mix for your organization.
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question