No announcement yet.

AD Replication to a site behind a firewall

  • Filter
  • Time
  • Show
Clear All
new posts

  • AD Replication to a site behind a firewall

    I have a domain that has a number of sites, one of which is behind a firewall. The site behind the firewall has it's own DC that has been in place for 18 months. The required firewall ports are open to allow replication, and the IP addresses of the other DCs in the domain are listed on the firewall to allow access.

    I have been off work for a lengthy period, and came back to issues with replication. I have resolved the problems identified with the exception of the DC behind the firewall. It is replicating OK with the site to which the VPN connects to, but under NTDS Settings, alongside the connected site server, it has created connection objects for two other sites that it is trying to synchronise with. In the event viewer I am seeing repeated events with IDs 1566, 1311, 1865 and 1925, which relate to the two sites it has generated connection objects for. All connection objects within AD are automatically created and site link bridges are also automatically created

    This is the only site I have behind a firewall, and a DC was deemed necessary, as the link to the site can occasionally be temperamental and the site is some physical distance away.

    With regard to the Domain structure we have a forest root, which basically has two DCs and hosts PKI, and one child domain to which all the other DCs and member servers belong.

    I am not too sure why this DC wants to connect to these other two DCs, as all partitions are held by all DCs in the domain so it should be able to get all it needs from its other replication partner with which it has no problems.

    I have read a number of documents relating to these errors in the event log, one specifically related to event id 1311. This talks about turning off site link bridging and doing it manually, which I really don't want to do. Any advice or suggestions would be much appreciated.