Site to Site Replication only works for a few hours in the morning (each morning)

-

we have been fighting odd active directory replication issue on month , hoping can provide insight. have 5 ad servers in following orientation...

site hq
- prime running windows 2008 r2
- ad2 running windows 2008 r2

site colo
- ad3 running windows 2008 (not r2)
- ad3new running windows 2008 r2

site branch
- ad4 running windows 2008 r2

the domain @ windows 2008 functional level.

there on site site vpns between 3 sites , ip intersite transports site links defined 3 possible connections cost of 100 , interval of 15. each ip site link configured schedule of available day long.

every day following sequence of events happens...

* somewhere between 6:30 , 7:30am servers start sync each other perfectly. can make ad changes , replicate across servers without issues. during time repadmin commands work across servers.

* typically somewhere in 10:30 11:30am time frame start errors replicating data - between hq , colo sites. manifests event 1232 call timeout dc rpc client , and event 1925 kcc. additionally repadmin commands fail when attempting connect branch servers.

* rest of day intra-site replication between prime , ad2 work fine - , periodically branch ad server updated well. colo sites remain unreplicated , continue errors remainder of day. while down - ability ping , remote desktop between servers fine - if there network hiccup happens - network stable hours without sites recovering.

* magically next morning around 6:30 , 7:30am servers able replicate without issue , 3-5 hours of immediate replication , happens again.

as stated above - there on site-to-site vpn connections between 3 sites actively monitored prtg. these connections remain open day long. site topology has colo servers attempting replicate hq servers - , both sites have 100mb data connections remain active during entire time. additionally prtg bandwidth monitoring shows these links have no spikes in traffic anywhere near max capacity of links during time outages begin nor during rest of day.

does have insight why these servers stop communicating each other same time every day , report errors? why magically start work again each day without changes being made network or ad configuration?

this has been going on over month now. when first started happen had 1 windows 2008 server , 2 windows 2003 servers in hq. phased out windows 2003 servers , upgraded functional level windows 2008 - did not solve problem. tried put new windows 2008 r2 server out @ colo site hoping if limited other server 1 server impacted. both appear having connectivity issues @ same time.

it if there 1 hung connection blocking other syncs site , each morning bottleneck released.

thank in advance direction can provide.


finally - root cause has been found. juniper firewall @ colo running latest , greatest firmware (screenos 6.3.0r18.0) culprit.

the firewall uses alg (application layer gateway) objects interrogate calls things ftp uses dynamic ports. 1 of them ms-rpc , has serious bug in cause freeze traffic periods of time , recover on own. once knew ms-rpc alg found several postings discuss similar things. references articles indicated higher port numbers, others indicating broken windows 2008 , fixed recently.

even though site site vpn set allow "any" traffic - tcp proxy mechanism of firewall still using these objects.

one solution have been done disable ms-rpc alg (and possibly dns alg) - ended going solution updated tunnel's firewall policy use custom "all ports" service object , ignore application setting in policy. ui not allow select "ignore" service "any" allow use custom service. created custom service permitted on site site links. caused bypass alg objects entirely , traffic started flow again , has been quite time.



Windows Server  >  Directory Services



Comments

Post a Comment

Popular posts from this blog

Error: 0x80073701 when trying to add Print Services Role in Windows 2012 Standard

-
hello, i'm getting error when trying add print services role in windows 2012 standard. i'm getting same error whether use gui or powershell. this new server install. the powershell error follows: add-windowsfeature : request add or remove features on specified server failed. installation of 1 or more roles, role services, or features failed. the referenced assembly not found. error: 0x80073701 at line:1 char:1 + add-windowsfeature print-services + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     + categoryinfo          : invalidoperation: (@{vhd=; credent...name=localhost}:psobject) [install-windowsfeature],     exception     + fullyqualifiederrorid : dismapi_error__failed_to_enable_updates,microsoft.windows.servermanager.commands.addwind    owsfeaturecommand success restart needed exit code      feature result ------- -------------- ---------      -------------- false   no             failed         {} issue appreciated. hi, i think should st
Read more

Disconnecting from a Windows Server 2012 R2 file sharing session on a Windows 7,8,10 machine

-
i've been trying disconnect server while , haven't been able to. there quick way this? i've used net session , net user , work sometime never consistent. can task? hi yrusad, thanks post. does work when check “computer management > system tools > shared folders > open files/sessions”. directly manage from gui. and based on knowledge, quick way mentioned net session /delete /y. mean never consistent? best regards, mary please remember mark replies answers if , unmark them if provide no help. if have feedback technet subscriber support, contact tnmff@microsoft.com . Windows Server  >  Windows Server 2012 General
Read more

Windows 2016 RDS event 1306 Connection Broker Client failed to redirect the user... Error: NULL

-
Image
i'm attempting setup windows 2016 rds standard deployment session hosting.  layout follows: rds01 - rds connection broker , web access ts02 - rds session host ts03 - rds session host domain these servers part of has (1) windows 2008 server , (2) windows 2016 servers acting dcs.  domain running @ windows 2003 functional level. servers on single routed network no firewall between them.  dns , ptr records servers exist , resolve on hosts.  servers can pinged each other. in other words, there no network connectivity issues. i've setup rds deployment several times w/ same results. the issue can login via rdweb interface on rds01 win10 desktop , connect published rdp desktop without issue (i.e. no error messages user) , no errors in logs.  when try directly rdp rds01, authenticate user (per event log) error stating user doesn't have access system.  in event log event id 1306 message of "remote desktop connection broker client failed redirect user &
Read more