IPSec DC to DC communication - Network

This is a discussion on IPSec DC to DC communication - Network ; We were directed to establish DC to DC communication using IPSec. Using the Domain Security Policy wizard we created a new DC to DC IPSec policy only between two domain controllers by IP Address. Once the policy was activated, the ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: IPSec DC to DC communication

  1. IPSec DC to DC communication

    We were directed to establish DC to DC communication using IPSec. Using the
    Domain Security Policy wizard we created a new DC to DC IPSec policy only
    between two domain controllers by IP Address. Once the policy was activated,
    the second domain controller cannot replicate with the first. How can I
    remove the policy from both DCs and start over?

    Thanks much
    --
    SeattleRK

  2. Re: IPSec DC to DC communication

    You should not use Domain Security Policy to do such as it can enforce the
    ipsec policy on all computers in the domain including domain controllers
    which will cause problems. The link below explains this more and gives
    instructions on how to configure ipsec between domain controllers and you
    may also want to consult the Microsoft domain isolation guide using ipsec
    for further guidance on implementing ipsec. I believe it will also help you
    in removing the ipsec policy on the problem domain controller with either
    the netsh command [for Windows 2003] or by registry modification but I would
    disable the policy that you already assigned first. That info may be in the
    troubleshooting chapter. Also consider testing you ipsec policy for domain
    controller in Local Security Policy of the domain controllers. That way it
    is easy to modify or remove the policy when problems occur.

    http://support.microsoft.com/kb/254949/
    http://www.microsoft.com/technet/sec...c/default.mspx

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\win dows\IPSec\Policy\Cache --
    the registry key where ipsec domain level policies are kept.

    "SeattleRK" wrote in message
    news:65101C27-B6DC-4A69-9399-D12CFC115F1E@microsoft.com...
    > We were directed to establish DC to DC communication using IPSec. Using
    > the
    > Domain Security Policy wizard we created a new DC to DC IPSec policy only
    > between two domain controllers by IP Address. Once the policy was
    > activated,
    > the second domain controller cannot replicate with the first. How can I
    > remove the policy from both DCs and start over?
    >
    > Thanks much
    > --
    > SeattleRK




  3. Re: IPSec DC to DC communication

    Problem solved. Thank you very much.

    RonK
    --
    SeattleRK


    "Steven L Umbach" wrote:

    > You should not use Domain Security Policy to do such as it can enforce the
    > ipsec policy on all computers in the domain including domain controllers
    > which will cause problems. The link below explains this more and gives
    > instructions on how to configure ipsec between domain controllers and you
    > may also want to consult the Microsoft domain isolation guide using ipsec
    > for further guidance on implementing ipsec. I believe it will also help you
    > in removing the ipsec policy on the problem domain controller with either
    > the netsh command [for Windows 2003] or by registry modification but I would
    > disable the policy that you already assigned first. That info may be in the
    > troubleshooting chapter. Also consider testing you ipsec policy for domain
    > controller in Local Security Policy of the domain controllers. That way it
    > is easy to modify or remove the policy when problems occur.
    >
    > http://support.microsoft.com/kb/254949/
    > http://www.microsoft.com/technet/sec...c/default.mspx
    >
    > HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\win dows\IPSec\Policy\Cache --
    > the registry key where ipsec domain level policies are kept.
    >
    > "SeattleRK" wrote in message
    > news:65101C27-B6DC-4A69-9399-D12CFC115F1E@microsoft.com...
    > > We were directed to establish DC to DC communication using IPSec. Using
    > > the
    > > Domain Security Policy wizard we created a new DC to DC IPSec policy only
    > > between two domain controllers by IP Address. Once the policy was
    > > activated,
    > > the second domain controller cannot replicate with the first. How can I
    > > remove the policy from both DCs and start over?
    > >
    > > Thanks much
    > > --
    > > SeattleRK

    >
    >
    >


+ Reply to Thread