Re: FRS Only replicates on inbound connection, no changes go out.

Ace Fekay [MVP] wrote:
In news:SnfOe.76846$576.48391@xxxxxxxxxxxxxxxxxxxxxx,
Mike Drechsler - SPAM PROTECTED EMAIL <mike-newsgroup@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> made this post, which I then commented about below:


Another good idea.

I did some MTU tests, messed with the MTU sizes on the routers on
either end and I'm 99.99% sure that there is no MTU or WAN issues
blocking replication. I changed the MTU values of the tunnels to be
manualy set to make sure. I can do RPC communication (view event
logs remotely) withough problems on either machine. I can transfer
large or small files without problems. I can do ping tests with the
-f (do not fragment) switch and it correctly reports the packet
requires fragmenting when it reaches a certain size with no "gap"
where it simply goes into a request timed out mode. (IE. packets
size 1416 works, size 1417 gives "packet requires fragmenting but DF
bit set" as it should). The routers on both ends have no packet
filters installed between the sites, it's wide open between the two
for traffic on any port, any protocol, and any address. Packetloss
as measured by ping tests with 1416byte data sizes show 0 lost
packets and over 1000 received while transferring an 80GB file from
the remote server to the main server.
I let it run for about 90 minutes and did a restart of both servers
just after changing the MTU values on the routers. It is only doing
the replication in a single direction. As a further test I created a
new DFS link with some test folders. I threw a few text files into
the remoteserver and set it as the master when enabling replication. After everything settled down the files appeared on the main server
as you would expect but after this, new files added on the remote
server or changes to existing files are not being replicated to the
main server. Changes on the main server are replicating to the
offsite server just the same as all the other DFS and sysvol folders
so even a brand new folder setup exibits the problem which means D4
and D2 restore is not likely going to help me either.


What did you change the MTU to? Are you saying the MTU is set to 1500 on both sides now? They should be left alone at 1500. If not, LDAP loses it's ability to communicate, even though RPC will work fine.

What sort of line do you have, T1, ADSL or cable?

Can we see an edited ipconfig /all from both DCs please?

Ace

MTU of the ethernet interfaces on the routers is 1500
MTU of the IPSEC tunnels is 1444
It is an ADSL connection but does not use PPPoE.
The best way to test MTU to my knowledge is using ping with the do not fragment flag set (-f on command line). It should report success for packet sizes smaller than the MTU (minus size of packet headers) until you hit the MTU where it should start to warn you that it could not send the packet because the DF bit was set. I get this behaviour from both sides of the link. Before changing the MTU setting of the tunnel like you suggested, there was a point where I was getting "request timed out" for packet sizes above 1444 when the DF bit was set on the ping packet. The tunnel MTU was previously set to 1723 before I changed it. Windows automatic path MTU detection may have been working, because pings without the DF flag would work at the larger packet sizes before I made that change. Replication behaviour did not change as a result of fixing the MTU setting for the tunnel.


ipconfig /all for main server:

Windows 2000 IP Configuration

	Host Name . . . . . . . . . . . . : mainsrv
	Primary DNS Suffix  . . . . . . . : domain.local
	Node Type . . . . . . . . . . . . : Hybrid
	IP Routing Enabled. . . . . . . . : No
	WINS Proxy Enabled. . . . . . . . : No
	DNS Suffix Search List. . . . . . : domain.local

Ethernet adapter Local Area Connection:

	Connection-specific DNS Suffix  . :
	Description . . . . . . . . . . . : Compaq NC3163 Fast Ethernet NIC
	Physical Address. . . . . . . . . : 00-50-8B-CB-5F-11
	DHCP Enabled. . . . . . . . . . . : No
	IP Address. . . . . . . . . . . . : 192.168.0.88
	Subnet Mask . . . . . . . . . . . : 255.255.255.0
	Default Gateway . . . . . . . . . : 192.168.0.2
	DNS Servers . . . . . . . . . . . : 127.0.0.1
	                                    192.168.42.155
	Primary WINS Server . . . . . . . : 192.168.0.88

ipconfig /all for remote server:

Windows 2000 IP Configuration

	Host Name . . . . . . . . . . . . : remotesrv
	Primary DNS Suffix  . . . . . . . : domain.local
	Node Type . . . . . . . . . . . . : Hybrid
	IP Routing Enabled. . . . . . . . : No
	WINS Proxy Enabled. . . . . . . . : No
	DNS Suffix Search List. . . . . . : domain.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 3Com EtherLink XL 10/100 PCI TX NIC (3C905B-TX)
Physical Address. . . . . . . . . : 00-50-04-F4-13-BB
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.42.155
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.42.1
DNS Servers . . . . . . . . . . . : 127.0.0.1
192.168.0.88
Primary WINS Server . . . . . . . : 192.168.42.155
Secondary WINS Server . . . . . . : 192.168.0.88

--
WARNING!  Email address has been altered for spam resistance.
Please remove the -deletethispart-. section before replying directly.
Mike Drechsler (mike-newsgroup@xxxxxxxxxxxxxxxxxxxxxxxxxxxx)
.

Relevant Pages

  • Re: FRS Only replicates on inbound connection, no changes go out.
    ... All DFS entires show that both in and outbound replication is joined and the status shows OLP_ELIGIBLE but all 3 DFS replicas also only replicate changes into the remote server but not out from it just like sysvol. ... It turned out he recently upgraded one of his VPN router's firmware and specifically the MTU. ... I can do ping tests with the -f switch and it correctly reports the packet requires fragmenting when it reaches a certain size with no "gap" where it simply goes into a request timed out mode. ...
    (microsoft.public.windows.server.active_directory)
  • Re: POP3 Connector Issue
    ... the DF number will always be 28 bytes less than the MTU ... using this ping test. ... your server is not connected to the Internet." ... the router should return the message "packet needs to ...
    (microsoft.public.windows.server.sbs)
  • Re: MSS on router, why?
    ... The proper way to describe the ICMP packet which is supposed to be ... returned by a router which cannot forward the IP packet which is too ... Because ICMP was defined before Path MTU Discovery (1981 and 1990 ... fragmentation and try to use path MTU discovery, ...
    (comp.dcom.sys.cisco)
  • Re: Strange MTU Problem
    ... When I was just playing with the MTU and leaving the MRU and stuff alone, ... this is the largest sized packet you will transmit. ... As most serial connections are substantially faster than that, ...
    (comp.os.linux.networking)
  • Re: FRS Only replicates on inbound connection, no changes go out.
    ... > I did some MTU tests, messed with the MTU sizes on the routers on ... The routers on both ends have no packet ... > the remote server to the main server. ... > the replication in a single direction. ...
    (microsoft.public.windows.server.active_directory)
Loading