Hi,
We have two Win2K12 R2 DCs in Azure, we created azure site to site vpn with new on-premise datacenter, we can ping from on-premise standalone server to DC in azure. When we try to promote a server in the new datacenter to a domain controller, we received the below error at prerequisites check:
Verification of outbound replication failed, error reading the NTDS settings on replication source domain controller server.domain.com, the RPC server is unavailable
I think RPC traffic is getting blocked or filtered at network level (reference to this link: http://blogs.technet.com/b/askds/archive/2009/01/22/using-portqry-for-troubleshooting.aspx) as if I run PortQuery tool on the server to be promoted and query "Domains and Trusts" with DC IP in azure as the destination, output is below:
TCP port 135 (epmap service): NOT LISTENING
Network engineer says everything is open on the firewall, no ports nor security restriction is there however I am not sure how to convince him of my finding; in my search for this problem I found an article says that you may need to disable "Enable Restrict RPC Compliance" on the firewall as may affect RPC traffic between DCs in different sites but network guy says there is no such setting on the firewall (it is fort iGATE)
Can you help more in troubleshooting this issue?
Notes: 1. For every server in the on-premise datacenter, when I try to join to domain (DNS is DC in azure), I receive the same error (RPC is unavailable).