Active Directory and Domain Controller backup

By jremnet ·
I am trying to get a domain controller to communicate with another DC located off-site. Both servers are running Windows Server 2k3 Standard edition. The off-site server is the Parent in the domain and my location is the child. They have not communicated (replicated) since they were both located in the same building.
Both are using a Cisco PIX 506E firewall, of which I believe is the culprit for the lack of communication.
So I have 2 main issues to fix that I need help with:
1) Getting the servers to connect to each other but in such a way as to not make my firewall open to the world.
2) Then the best method of re-establishing the replication of the domain controllers once the firewall issue is corrected.

I am using this web site as reference:
But I am not sure what method is the best and least cumbersome. But I am leaning towards the "Domain Controller Promotion with PPTP Tunnels" method but I am not so sure now because of the risk to the VPN connections.
I need to take into account that I have 2 users that currently connect remotely using Cisco VPN without any problems so I don't want to mess their connections up.
Also, I am planning on adding a new Microsoft Exchange 2007 mail server next month.
Thanks for the help and advice. I am the sole IT person so it's hard having to know it all (or at least appear to).

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

L2TP with IPSec

by CG IT In reply to Active Directory and Doma ...

Send Dave Davis a PM or George Ou. Both can help you getting your PIX configured correctly to allow replication over the WAN link.

Is this site to HQ in AD sites and services? ?

Collapse -

L2TP with IPSec

by jremnet In reply to L2TP with IPSec

Is this site to HQ in AD sites and services? ?


Collapse -

I am having the same problem

by DetroitPistons In reply to L2TP with IPSec

so did you find what the best solution is?
with BDC not communicating with DC
thank you

Collapse -

have to setup the site

by CG IT In reply to L2TP with IPSec

in Active Directory Sites and Services.

Then you need to allow traffic through your PIX for replication.

By default, Active Directory replication remote procedure calls (RPC) occur dynamically over an available port through the RPC Endpoint Mapper (RPCSS) by using port 135. This process is the same process as in Microsoft Exchange.

so after your create your site in AD Sites and Services, you then configure your PIX to allow RPC traffic over port 135.

Collapse -

more instruction please

by DetroitPistons In reply to have to setup the site

I am rather new at this, would you be able to provide step-by-step instruction on how I would achieve this. I see that I have my BDC is already in the Active Directory Sites and Services under Default-first-site-name but I didn't create this (must be there by default when I created the BDC), how do I go about allowing traffic through PIX.

thanks a million

Related Discussions

Related Forums