Re: sysvol replication breaks when IPSec running between DCs & fir

Hello,

Thanks for the update.

Yes, to allow the IPSec traffic ports and protocols for IPSec should be
allowed on the network device. The "Firewall" mentioned in the TechNet
article means the firewall that lays between the 2 (or more) DCs that use
IPSec to encrypt the traffic instead of the Windows Firewall.

In the Windows TCP/IP Architecture, IPnat.sys (Windows firewall) is always
processed after IPsec.sys. You may check the following article to get an
idea of the Windows TCP/IP Packet Processing Paths.

The Cable Guy - June 2005--->TCP/IP Packet Processing Paths
http://technet.microsoft.com/en-us/library/bb878072.aspx

In this issue, I think the FRS traffic is blocked by the Windows Firewall.
You may have a test to temporarily disable the Windows Firewall on all DCs
to check how it works. In the scenarios that you need the Windows Firewall
enabled on the DC, you can enable the Windows Firewall:Allow authenticated
IPSec bypass" policy to bypass the IPsec traffic for Domain Controller
group in the Windows Firewall.

Hope it helps. If you have any questions or concerns, please do not
hesitate to let me know.


Best regards,
Miles Li

Microsoft Online Partner Support
Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.


.

Relevant Pages

  • Re: sysvol replication breaks when IPSec running between DCs & fir
    ... IPSec" as per as per Steve Riley ... I do not know how to write a firewall rule to ensure that IP ... Riley says you can "Encapsulate domain controller traffic inside ... the IPsec exists underneath the Windows Firewall ...
    (microsoft.public.windows.server.active_directory)
  • RE: Internet Explorer cannot display the web page
    ... "daviedoug" wrote: ... My wife's is connected via the Network. ... Firewall off and done the installation?. ... I don't know what you mean with windows Firewall, ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Setup Error when connecting Xbox 360 to MCE2005 PC
    ... Attempt to add your Xbox 360 again via the Media Center Extender Manager ... but receive the Setup Error (stating problems with the firewall ... Microsoft KB911728 for opening ports and allowing traffic to/from XBox ... Unable to open ports in the Windows firewall. ...
    (microsoft.public.windows.mediacenter)
  • Re: Outpost firewall wont run
    ... the Windows Firewall in XP does a fantastic job ... Deconstructing Common Security Myths. ... Don't fall for software applications touted in publications relying on ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Firewall =?ISO-8859-15?Q?f=FCr_Netbook=3F?=
    ... "Windows Firewall" bezeichnet wird und nicht in einen Topf mit PFWs ... Artikel über Personal Firewall. ... Aktionsmöglichkeiten abdecken will und das ONU auch noch klarmachen ...
    (microsoft.public.de.german.windowsxp.networking)
Loading