If your network is not fully routable, as is often the case when VPN links are used, then you need to disable Bridge All Site Links (under Sites and Services, IP transport properties). You also need to manually create Site Links that match your physical topology. So you'll end up with each of the remote sites with a Site Link to the main site. The KCC will handle things from there.
If your network is not fully routable and you don't do the above, the KCC may try creating connection objects between Sites that lack physical connectivity and will result in errors. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Raymond Jette > Sent: Sunday, August 29, 2004 19:01 > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] AD sites (bridge all conntections) > > Thanks for the link. To anwser you questions I have two DC's > at most sites. Some sites only have one. The VPN is created > by using a pix firewall at both ends. The second end of the > VPN comes back to my site called Westfield. Each of the > sites can only see the westfield site. > > The way I am thinking about doing this is to disable the > bridge all connections and manually create the site link > connections to go to the bridgehead server at the westfield site. > > Does this sound like the best way to do this? > > Thanks > > ________________________________ > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Noah Eiger > Sent: Sunday, August 29, 2004 7:38 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] AD sites (bridge all conntections) > > > > I think we need to know a bit more about your configuration. > How many DCs at each site? Can you describe the VPN set up a > bit better? > > > > Have you looked at this: > > http://www.microsoft.com/resources/documentation/WindowsServ/2 > 003/all/deployguide/en-us/Default.asp?url=/resources/documenta tion/windowsserv/2003/all/deployguide/en-us/dssbd_topo_zsnq.asp > > > > nme > > > > ________________________________ > > From: Raymond Jette [mailto:[EMAIL PROTECTED] > Sent: Sunday, August 29, 2004 4:24 PM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] AD sites (bridge all conntections) > > > > I am trying to decide if I need bridge all connections > enabled or disabled. I have 8 sights on my netwrok. Each > site is connected using VPNs. Each site connects back to a > single site. I am using PIX firewalls. The filewalls wont > let traffic go out the same port it come in and that seems to > be causing problems. > > > > Does any one have any ideas as to how I should set up sites. > I have the bridge all connections enabled and that seems to > be causing problesm so I disabled it. I dont know if this is > the best way to handle it or now. > > > > Thank for the help > > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
