Solved

2 Offices with DNS replication worked until moved from MPLS to site to site VPN cisco

Posted on 2014-03-13
6
310 Views
Last Modified: 2014-03-26
Hello EE,
I used to have replication of DNS working between all DCs in my branch office.
Repadmin /Replsum came back clean.
Now when I moved one of my branches behind a Site to Site VPN tunnel with Cisco ASA5525 on one side and Cisco 5505 on the other I am getting errors that that server "RPC server is unavailable"

I even went into sites and services and tried replicate now and got controller: DC1 (behind the site to site) "The RPC Server is Unavailable"  I ran dcdiag and got

[Replications Check,DC2] A recent replication attempt fail
   From DC1 to DC2
   Naming Context: DC=bergquistcompany,DC=com
   The replication generated an error (1722):
   The RPC server is unavailable.
   The failure occurred at 2014-03-13 09:10:00.
   The last success occurred at 2014-03-10 17:34:07.
   273 failures have occurred since the last success.
   The source remains down. Please check the machine.

The last success is the date before we moved them to the site to site VPN tunnel.  Is there something I need to add to allow RPC to pass?
0
Comment
Question by:bergquistcompany
  • 4
6 Comments
 
LVL 22

Expert Comment

by:Matt V
ID: 39927177
Make sure the required traffic is allowed across the tunnel.

UDP port 53 for sure.
0
 

Author Comment

by:bergquistcompany
ID: 39927979
All ports between the two networks /16 is allowed
0
 

Author Comment

by:bergquistcompany
ID: 39929458
Found out that tunnel is not allowing fragmentation.
tried ping -f -l 1472 dc2 and getting
packet needs to be fragmented but DF set
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 39

Expert Comment

by:footech
ID: 39935156
I don't think that it's the tunnel that is not allowing fragmentation.  You specified in your ping command not to allow fragmentation.  What the message indicates is that the packet size was too big to pass through unfragmented.

You could try adjusting the packet size that is sent through the tunnel.
I would test with prtqry.exe to make sure traffic is not being blocked by a firewall.
0
 

Accepted Solution

by:
bergquistcompany earned 0 total points
ID: 39935754
found the firewall needed a crypto to enable fragmentation
0
 

Author Closing Comment

by:bergquistcompany
ID: 39955454
heard from Cisco
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

778 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question