Force AD to use TCP not UDP.

I have several sites, which are connected with routers. UDP packets are
getting fragmented, and a lot of thing does produce error, that is usually
network related.

I use this link:
http://support.microsoft.com/default.aspx?scid=kb;en-us;244474
To force clients to use TCP not UDP, and i would like to fix these on DC. I
would like to force that all domain controllers use TCP not UDP for
communications.
Can DNS be force to use TCP? I know that part of the zone is replicated with
AD replication, but I would like to do it even without that.
Kan I force WINS replication between partners in different sites to use TCP
for replication...

 

DNS actually uses both -- TCP and UDP.

TCP is used for zone transfer (if you don't use Active Directory Integrated
Zones) and UDP is used for DNS queries.

Changing UDP (if possible!) would also mean reconfiguring all the clients
(you would have to tell them to use TCP and not UDP any more)...

 

Ok, for DNS.
I would like to transfer as much traffic from udp to TCP. If DNS and WINS
are not possible it is not important. The most important part is AD and AD
replication and all related services and ports that are use for
communication...

 

Hi,

How about using IPSec for all the traffic between Active Directories?

Active Directory Replication over Firewalls
http://www.microsoft.com/technet/pr.../activedirectory/deploy/confeat/adrepfir.mspx

How to Enable IPSec Traffic Through a Firewall
http://support.microsoft.com/default.aspx?scid=kb;en-us;233256

 

I use netscreen in both locations. The lines are gating saturated. I don’t
wont to put another channel through. The major problem is in root domain,
especially with DNS. For a month now i have problem with mail delivery from
FE server to out, because FQDN does not getting resolved. The symptoms are
something like that . You try nslookup i try to find domainx.com, and i tried
first, try the fourth time and i get the error, i chouse ISP DNS, i don’t get
name resolved, next i get name resolved, and the thirty time i don’t get name
resolved… There is enormous amount UDP traffic related to DNS. I change
timeouts for forwarder to 10s.
But i post DNS problem in separate topic…

 

I don't have whole picture of your network -- but can't you use local ISP to
resolve internet related DNS (this would cut down on traffic over saturated
line) and replicate your internal (Active Directory) DNS to other sites for
local resolution?

 

Yes I set up that to, but no help. In half an our i will post the second
question how to optimize DNS traffic through domain. The post will be named
DNS traffic optimization in root/hub configuration. I wont to force other
traffic not to use UDP. I can ping RPC if I use TCP, but I can not ping RPC
if I use UDP protocol…

 

Well, here is another tool that might help you out.

http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/rpcping-o.asp

 

I use these tool and pass all test,becouse it use TPC not UDP. UDP is
problematic. What ports does public folder replication use.

 

I believe it uses SMTP protocol (TCP port 25).