Meraki

Community

Domain controllers syncing over VPN

OCS-Tech
New here
‎May 11 2025 9:59 AM
‎May 11 2025 9:59 AM

Domain controllers syncing over VPN

I have a pair of MX67s.
I have added a second domain controller on the second subnet...
It is having trouble replicating data.  All pings and DNS issues are talking fine, just sync or replication.

Someone noted that I need to add ports to allow in the VPN section.  But it already has Any...
Domain controller versions Main DC is 2016, new DC is 2025.

both servers report RPC-related errors (1726, 1753, 1722), confirming an RPC communication failure as the root cause.

Labels:
0 Kudos
5 Replies 5
Mloraditch
Kind of a big deal
‎May 11 2025 10:29 AM
‎May 11 2025 10:29 AM

If you are allowing all ports and basic comms work it could be an AD issue. There are a LOT of possible reasons for failed AD replication. 

Windows Firewall will automatically take into account all things necessary for DC replication, but you can try turning that off briefly on both endpoints to see if it's the issue.

You can also packet capture on each end when forcing a replication and see if packets are making it back and forth.

Generally if you aren't putting any firewall rules in place on the site to site vpn, I would suspect software issues on the windows side for something like this. A stretch but you could try turning off AMP and IPS temporarily if in use.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
In response to Mloraditch
OCS-Tech
New here
‎May 11 2025 10:33 AM
‎May 11 2025 10:33 AM

Yeah its weird:

PS C:\Windows\system32> Test-NetConnection -ComputerName 172.21.1.10 -Port 135ComputerName : 172.21.1.10
RemoteAddress : 172.21.1.10
RemotePort : 135
InterfaceAlias : Ethernet
SourceAddress : 192.168.2.10
TcpTestSucceeded : True

 

but then this fails...

PS C:\Windows\system32> Test-NetConnection -ComputerName 172.21.1.10 -Port 49152
WARNING: TCP connect to (172.21.1.10 : 49152) failed


ComputerName : 172.21.1.10
RemoteAddress : 172.21.1.10
RemotePort : 49152
InterfaceAlias : Ethernet
SourceAddress : 192.168.2.10
PingSucceeded : True
PingReplyDetails (RTT) : 15 ms
TcpTestSucceeded : False

 

0 Kudos
In response to OCS-Tech
Mloraditch
Kind of a big deal
‎May 11 2025 10:46 AM
‎May 11 2025 10:46 AM

The dynamic ports I think would only be open when in use, so I'm not sure that's unexpected.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 11 2025 12:21 PM
‎May 11 2025 12:21 PM

This will most likely be an AD replication issue, not a VPN issue.  Make sure the two machines have about the same date and time.

 

I guess you could check for an MTU issue.  Do big packets pass ok?

ping -l 2000 192.168.x.y

alemabrahao
Kind of a big deal
‎May 12 2025 2:49 AM
‎May 12 2025 2:49 AM

Have you checked that the RPC service is running and set to Automatic on both domain controllers?

 

"error: 1726. The remote procedure call failed" errror message on - Microsoft Community

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.