Forum Discussion
Server 2012R2 AD access and replication problems
The dcdiag you ran from LGNAD1 is totally unaware of the new DC (LGNAD4) you added in other network plus it cannot connect to LGNAD2. I don't know how long ago this might have happened. Seems there is some blocking going on. One method would be to use PortQryUI tool to check domains and trusts ports.
https://www.microsoft.com/en-us/download/details.aspx?id=24009
tool does not install anything, just extract and run it. I'd try between two on the 192.168.100.xxx network so you know what to expect, then run from LGNAD1 --> LGNAD2 and LGNAD2-->LGNAD1
Dave, your diagnosis has been similar to mine and I have also suspected a routing problem between the sites but extended pings look good, SMB file transfers are normal for the cross site shares which are available, and we are keeping routing as a potential cause.
However I do not understand how a site connection issue would affect AD operation within the one LGNAD1 site, GPMC will not load since it cannot connect and I cannot add a second DC.
The dcdiag you ran from LGNAD1 is totally unaware of the new DC (LGNAD4) you added in other network plus it cannot connect to LGNAD2. I don't know how long ago this might have happened. Seems there is some blocking going on. One method would be to use PortQryUI tool to check domains and trusts ports.
https://www.microsoft.com/en-us/download/details.aspx?id=24009
tool does not install anything, just extract and run it. I'd try between two on the 192.168.100.xxx network so you know what to expect, then run from LGNAD1 --> LGNAD2 and LGNAD2-->LGNAD1
Glad to hear.
Dave, an MTU adjustment was required on the VPN appliances and replication is looking much better.
Thanks for your help!
Bob
The inter site tests looked to be completely failing.
I'd agree. I'd get in touch with your inter-site network support group.
Thanks, The portqryui tool is new to me and the results are in the OneDrive already shared.
Running the tool at the AD1 site locally gave what looked like good results to LDAP queries, TCP port 389, UDP port 389, TCP port 636, and TCP port 3268; NETBIOS UDP port 137 but no others. The inter site tests looked to be completely failing.
