Good day,
There are 3 domain controllers - PDC, SGLO-AD02, SZA-AD04. SGLO-AD02 - Performs the functions of the FSMO.
All three domains are in different locations, locations with PDC and SZA-AD04 are connected by VPN tunnels with location SGLO-AD02.
Replication between PDC and SGLO-AD02 works, replication between PDC and SZA-AD04 works.
Replication between SGLO-AD02 and SZA-AD04 works for a while after rebooting SZA-AD04. Sometimes it stops working after 5 minutes, sometimes it fails after a couple of days.
I used PortQuery to find the problem. Judging by the PortQuery reports, all ports and connections between servers work well, except for the LDAP request from SGLO-AD02 to SZA-AD04.
When replication does not work, the command
PortQry.exe -n SGLO-AD02 -e 389 -p tcp
executed on SZA-AD04 produces the necessary data.
But
PortQry.exe -n SZA-AD04 -e 389 -p tcp
executed on SGLO-AD02 simply hangs and does not return anything.
If I restart SZA-AD04, the same command produces the necessary data and everything works for a couple of hours.
When replication between SZA-AD04 and SGLO-AD02 does not work, then all changes are still replicated to the PDC and then to the third domain controller.
Please help me deal with this strange situation.