Site to Site TCP Port 135 just will not pass
-
I have a site to site OpenVPN between two 2.3.2 pfSense units that has been in place for years. I noticed this week that a domain controller which had previously been connected for YEARS on the other side had not replicated since last November! I dug through MS kb's and troubleshot it down to one thing and one thing only. RPC TCP 135 is showing 'filtered' when using MS prtqry tool one way. As a matter of fact it can't connect to the other server I have at that site either (a non-dc). However BOTH of those servers DC and Non-DC show listening on Port 135 when using the tool pointed to one another on their network so that eliminates a software firewall as I know that DC is listening on 135! If you use prtqry on port 53 no issues across the VPN but port 135 is blocked somehow. OpenVPN rules on both sides are wide open:
IPv4 * * * * * * none
IPv4 * * * * * * none
A packet capture set for 135 TCP on LAN on the source side shows the 135 packets going out. NOTHING on the packet capture on the receiving side. There was no need to run the packet capture the other way as it establishes a 135 connection that way.
There is another router involved but it shouldn't be in the way. 1:1 NAT with a dedicated IP for the tunnel as seen here:
(DC1) –--> pfSense Router 1[OpenVPN Tunnel] –-> Internet <-------pfSense Router 2[VIP IP Alias<>1:1 NAT] <–-- pfSense Router 3[OpenVPN Tunnel] <–--- (DC2)So going this way it's blocked ----------------------->>>>>>>>>>>>> Again only 135 blocked NOTHING else that I can find. IE DNS port 53 passes with no issue.
(DC1) ----> pfSense Router 1[OpenVPN Tunnel] –-> Internet <-------pfSense Router 2[VIP IP Alias<>1:1 NAT] <–-- pfSense Router 3[OpenVPN Tunnel] <–--- (DC2)This way not blocked <<<<<<<<<<<<<--------------------------
(DC1) ----> pfSense Router 1[OpenVPN Tunnel] –-> Internet <-------pfSense Router 2[VIP IP Alias<>1:1 NAT] <–-- pfSense Router 3[OpenVPN Tunnel] <–--- (DC2)Again, behind router 3 a member server and DC2 establish connections 135 with no issue with each other.
Nothing in the firewall logs either. Help.
-
A packet capture set for 135 TCP on WAN on the source side shows the 135 packets going out. NOTHING on the packet capture on the receiving side.
A packet capture on WAN should not see any traffic that is supposed to be going across OpenVPN so there is something wrong there. A packet capture on OpenVPN should show that traffic. If it is on WAN then it is not being routed over OpenVPN.
-
A packet capture on WAN should not see any traffic that is supposed to be going across OpenVPN so there is something wrong there. A packet capture on OpenVPN should show that traffic. If it is on WAN then it is not being routed over OpenVPN.
Oops. I went back and looked and that capture was done on the LAN not the WAN.
-
Capture on LAN tells you nothing. Capture on OpenVPN out and OpenVPN in.
OpenVPN does. not. care. if the traffic is on port 135 unless you told it to care via your OpenVPN firewall rules..
-
Capture on LAN tells you nothing. Capture on OpenVPN out and OpenVPN in.
OpenVPN does. not. care. if the traffic is on port 135 unless you told it to care via your OpenVPN firewall rules..
Ok I did that just now.
PCap in blocked direction show NOTHING on both routers when running test.
PCap in other direction showed 135 traffic on both routers when re-running test.
Router 1:
20:45:22.634883 IP 10.1.2.26.50351 > 10.1.1.15.135: tcp 0
20:45:22.635303 IP 10.1.1.15.135 > 10.1.2.26.50351: tcp 0
20:45:22.650105 IP 10.1.2.26.50351 > 10.1.1.15.135: tcp 0
20:45:22.651637 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 0
20:45:22.652042 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 0
20:45:22.666995 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 0
20:45:22.668234 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 116
20:45:22.668530 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 84
20:45:22.684613 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:22.685898 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 180
20:45:22.703096 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:22.703638 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 188
20:45:22.720344 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:22.720880 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 216
20:45:22.738945 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:22.739369 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 180
20:45:22.759817 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:22.760232 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 192
20:45:22.780809 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:22.781357 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 192
20:45:22.803922 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:22.804460 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 192
20:45:22.827403 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:22.827832 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 192
20:45:22.853156 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:22.853559 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 192
20:45:22.880173 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:22.880672 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 204
20:45:22.908214 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:22.908656 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 216
20:45:22.925346 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:22.925905 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 180
20:45:22.941073 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:22.941640 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 200
20:45:22.956187 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:22.956631 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 180
20:45:22.973337 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:22.973747 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 200
20:45:22.989318 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:22.989872 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 180
20:45:23.008577 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.009102 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 212
20:45:23.027734 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.028218 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 192
20:45:23.049541 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.050082 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 204
20:45:23.071147 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.071707 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 208
20:45:23.094661 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.095183 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 188
20:45:23.119257 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.119798 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 200
20:45:23.145869 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.146406 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 212
20:45:23.171981 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.172645 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 192
20:45:23.198327 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.198761 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 204
20:45:23.216320 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.216871 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 200
20:45:23.229199 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.229614 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 208
20:45:23.243692 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.244105 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 200
20:45:23.260435 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.260972 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 220
20:45:23.276594 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.277089 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 220
20:45:23.295669 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.296077 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 204
20:45:23.315153 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.315703 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 212
20:45:23.336398 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.336934 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 212
20:45:23.358382 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.358815 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 212
20:45:23.382499 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.383032 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 208
20:45:23.406612 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.407145 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 216
20:45:23.431957 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.432517 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 232
20:45:23.456693 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.457127 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 204
20:45:23.473438 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.473859 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 208
20:45:23.487063 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.487628 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 208
20:45:23.500918 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.501360 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 228
20:45:23.517171 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.517597 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 208
20:45:23.533669 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.534089 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 208
20:45:23.553906 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.554359 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 220
20:45:23.574512 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.574941 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 220
20:45:23.595751 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.596170 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 204Router 3:
20:45:22.648116 IP 10.1.2.26.50351 > 10.1.1.15.135: tcp 0
20:45:22.662873 IP 10.1.1.15.135 > 10.1.2.26.50351: tcp 0
20:45:22.663219 IP 10.1.2.26.50351 > 10.1.1.15.135: tcp 0
20:45:22.664820 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 0
20:45:22.679816 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 0
20:45:22.680079 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 0
20:45:22.681184 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 116
20:45:22.697396 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 84
20:45:22.697711 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:22.715807 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 180
20:45:22.716175 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:22.733090 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 188
20:45:22.733463 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:22.751632 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 216
20:45:22.752006 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:22.772536 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 180
20:45:22.772885 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:22.793394 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 192
20:45:22.793827 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:22.816707 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 192
20:45:22.816986 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:22.840022 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 192
20:45:22.840334 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:22.865701 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 192
20:45:22.866197 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:22.892838 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 192
20:45:22.893189 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:22.920833 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 204
20:45:22.921212 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:22.938097 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 216
20:45:22.938411 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:22.953918 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 180
20:45:22.954239 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:22.969016 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 200
20:45:22.969329 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:22.986070 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 180
20:45:22.986415 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.002056 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 200
20:45:23.002361 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.021421 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 180
20:45:23.021712 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.040270 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 212
20:45:23.040594 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.062274 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 192
20:45:23.062628 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.083863 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 204
20:45:23.084274 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.107445 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 208
20:45:23.107763 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.131858 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 188
20:45:23.132283 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.158534 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 200
20:45:23.158887 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.184671 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 212
20:45:23.185014 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.211079 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 192
20:45:23.211412 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.229134 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 204
20:45:23.229461 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.242054 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 200
20:45:23.242315 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.256463 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 208
20:45:23.256782 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.273161 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 200
20:45:23.273467 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.289151 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 220
20:45:23.289559 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.308470 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 220
20:45:23.308748 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.327880 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 204
20:45:23.328150 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.348956 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 212
20:45:23.349295 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.371039 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 212
20:45:23.371407 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.395193 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 212
20:45:23.395518 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.419304 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 208
20:45:23.419630 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.444791 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 216
20:45:23.445097 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.469429 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 232
20:45:23.469741 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.486092 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 204
20:45:23.486457 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.499915 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 208
20:45:23.500181 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.513659 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 208
20:45:23.514014 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.529971 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 228
20:45:23.530247 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.546344 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 208
20:45:23.546702 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.565608 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 208
20:45:23.566855 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.587190 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 220
20:45:23.587522 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.608492 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 220
20:45:23.608850 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
20:45:23.630265 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 204 -
Looks like two-way traffic to me. I think you need to talk to someone more familiar with that traffic than I am.
It doesn;t look like your problem is the VPN.
-
RPC traffic.. You do understand that with rpc you talk to the server originally via 135, just to figure out what other port to connect too. 135 is just the endpoint mapper
These will help you find your issue
https://technet.microsoft.com/en-us/library/cc738291(v=ws.10).aspx
How RPC Workshttps://support.microsoft.com/en-us/kb/159298
-
RPC traffic.. You do understand that with rpc you talk to the server originally via 135, just to figure out what other port to connect too. 135 is just the endpoint mapper
These will help you find your issue
https://technet.microsoft.com/en-us/library/cc738291(v=ws.10).aspx
How RPC Workshttps://support.microsoft.com/en-us/kb/159298
I don't care how it works. If it does not make it across my servers will not REPLICATE. End of story. Done. Over.
For example:
Starting portqry.exe -n DC2 -e 135 -p TCP …Querying target system called:
DC2
Attempting to resolve name to IP address...
Name resolved to 10.1.2.20
querying...
TCP port 135 (epmap service): FILTERED
portqry.exe -n appassure2 -e 135 -p TCP exits with return code 0x00000002.OR:
Force replicate from DC1 to DC2 in sites and services:
-
"I don't care how it works"
Well how and the F do you expect to troubleshoot it then?? Clearly your seeing two traffic when talking to 135 in your sniffs. Your seeing a connection and then an answer.
20:45:22.634883 IP 10.1.2.26.50351 > 10.1.1.15.135: tcp 0
20:45:22.635303 IP 10.1.1.15.135 > 10.1.2.26.50351: tcp 0So your replication issue looks to me like you can not resolve fs01 which is what domain techlink.local
I would suggest you run dcdiag on your DC and validate your dns is all good. your portquery isn't even going to fs01, etc.
-
"I don't care how it works"
Well how and the F do you expect to troubleshoot it then?? Clearly your seeing two traffic when talking to 135 in your sniffs. Your seeing a connection and then an answer.
20:45:22.634883 IP 10.1.2.26.50351 > 10.1.1.15.135: tcp 0
20:45:22.635303 IP 10.1.1.15.135 > 10.1.2.26.50351: tcp 0So your replication issue looks to me like you can not resolve fs01 which is what domain techlink.local
I would suggest you run dcdiag on your DC and validate your dns is all good. your portquery isn't even going to fs01, etc.
Ok Johnpoz please move on to other threads. I have troubleshot it down to the issue. You are poking down other avenues that are unneeded. BTW, DUH. That prtqry was for the other server on the other side of the vpn.
Anyone else please help. Thanks.