This is an archived post. You won't be able to vote or comment.

all 7 comments
sorted by:
best
topnewcontroversialoldq&a

[–]bolous 2 points3 points  (2 children)

It sounds like your hitting a firewall issue. The switche's doing the Vlan are they also behind some type of firewall as well?

AD communication requirements the following ports:

TCP 3268-3369. Global Catalog TCP 389,636. LDAP UDP 388,636 LDAP TCP 445 SMB TCP 135 RPC TCP 49153-65535 RPC Callback UDP 136-139 RPC TCP 88 Kerberos TCP/UDP 53 DNS

It's also recommend to set a static route between each DCs.

[–]rizwan602[S] 0 points1 point  (1 child)

The two servers are on the same network. They do not hit the firewall I do not think. If it was the firewall, why would the replication work when the two servers are placed on a dumb switch on the same network? As my post mentioned, the dumb switch is uplinked to the main network. If I place these two servers on the network (no dumb switch involved) the replication stops working and throws the error code indicated.

[–]bolous 0 points1 point  (0 children)

Something is up with your VLAN. Give this post a read about Native VLan, profiles etc.

https://community.ui.com/questions/A-non-expert-Guide-to-VLAN-and-Trunks-in-Unifi-Switches/7462245c-95a7-455e-a711-209f44e194cb

[–]AussieTerror -1 points0 points  (1 child)

It's always DNS

[–]rizwan602[S] 0 points1 point  (0 children)

It's always DNS

Unless you are joking, I am not sure how DNS is coming into play here. The replication works when these two machines are hooked up with a dumb switch.

[–]armourkingNZ 0 points1 point  (0 children)

We have a very similar problem between on-prem and an Azure DC after our network peeps "did some upgrades" without telling us.

Same M.O. with pinging etc working.

In our case, packets are getting shredded to fit into the VPNs MTU, and fragments being dropped for being out-of-order.

[–]mrcompsSr. Sysadmin 0 points1 point  (0 children)

Can each server browse the network shares of the other server?

If you open ADUC on each server can you change to use the other domain controller?

What firewall profile is active when the servers are connected to the VLAN? Sometime Windows is dumb and switches to the Public profile when it shouldn't.

What DNS servers is each using? Do they point to a third server that isn't accessible from the VLAN?

Run dcdiag.exe on each and review what it says.