Hi,
I have implemented an ipsec policy that makes all traffic between my domain
controllers run over ipsec. This is done through a Group Policy in the domain
controllers OU. The reason for this is that the domain controllers are in
different sites and we will implement firewalls between them. DNS is standard
with all zones as AD integrated.
After activating the policy, everything seems OK. I can run all sorts
oftraffic between domain controllers, and all traffic seems to be flowing
freely. In Ipsec monitor I can see the packet numbers increasing and no
errors at all. But after som minutes, the following error starts poping up in
the Directory Service log on all Domain Controllers:
1311: There is insufficient site connectivity information in Active Directory
Sites and Services for the KCC to create a spanning tree replication
topology.
There is still no errors in ipsec monitor.
The 1311 error disappears again after a while when I disable the ipsec
policies. So it seems as ipsec is the reason for this, and not any other AD
configuration.
Any clues as to what can be the cause of this?
|
Similar Threads
Linear Mode
