cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

AD replication of stie to site VPN

Highlighted
New here

AD replication of stie to site VPN

So we are having some issues with AD replication over site to site VPN. We have 15 locations all setup for site to site. Each location has it's own DC all running on one domain. Recently we started having an issue where we can not resolve host names of the other locations. This has stopped DFSR replication from working. I can reach everything by IP but not by host name or FQDN. Anyone have this issue before?

8 REPLIES 8
Highlighted
Kind of a big deal
Kind of a big deal

Re: AD replication of stie to site VPN

Have you created a SD-WAN firewall rule by mistake that is blocking it?

 

We have multi-site AD replication including DFSR over AutoVPN/SD-WAN and have not seen the issue you are getting.  If you cannot resolve hostnames that sounds like your DNS is broken.  Is each site DC running DNS and what are they using as forwarders?  I'd start there.

Highlighted
New here

Re: AD replication of stie to site VPN

Each site has a DNS server. Local DNS at each site is working fine. It just name resolution between sites. No SD-WAN rules blocking anything. Local firewalls were disable for testing to eliminate that possibility. 

Highlighted
Kind of a big deal
Kind of a big deal

Re: AD replication of stie to site VPN

If there is an AD DC at each site and DNS at each site, are the DNS servers not AD integrated? 

 

In which case they should all be a copy of each other.  Or are you using something else for DNS?

 

Can you resolve the other site's AD DC names from each site? 

 

Is DFSR the only thing that is broken, i.e. the namespaces domain\dfsshare?

Highlighted
Kind of a big deal
Kind of a big deal

Re: AD replication of stie to site VPN

Oh and what firmware are you running, we are using 15.32 at the moment but have used 15.x assorted versions for the last year.

Highlighted
New here

Re: AD replication of stie to site VPN

DNS servers are AD integrated.

 

I can not resolve let’s say site A’s DC name from site B and vice versa. 

 

DFSR is the main problem since it used for replication but we also can not access files server and some app server that use host name for communication. 

I will have to log in and double check firmware to be sure but I know we are on a 15.x version. I will log in later and check as I’m currently on my way home. 

Highlighted
Kind of a big deal
Kind of a big deal

Re: AD replication of stie to site VPN

Okay, so DNS seems very broken, how many AD sites do you have, one per actual site or clusters?  If at site A you do a nslookup for a DC at site B and it fails, then change the server to site B's AD DNS, does that then work?  If so, for a temporary fix you could set the DNS to use other site's servers.

Highlighted
New here

Re: AD replication of stie to site VPN

One per actual site. Servers are already set to look at another site for primary DNS then it’s self for secondary. The odd thing is, nslookup resolves just fine but you can’t ping by host name, only IP. That’s where I’m lost. 

Highlighted
Kind of a big deal
Kind of a big deal

Re: AD replication of stie to site VPN

So you can ping the IP address, but if you ping the fan, it resolves to the IP, but doesn't reply?  That makes no sense at all! 🤔

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.