You might want to look at Microsoft's Branch Office Deployment Guide. There's a lot of good info in there for hub-and-spoke deployment scenarios. It describes why you might want to disable the Bridge All Site Links in that situation. We have more than 40 sites in such a deployment, and disabled the automatic site link bridging from day one. As long as you create a site link between each site and the hub site, the KCC will take care of the connection objects and you should not get errors like that. Dave
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Raymond Jette Sent: Sunday, August 29, 2004 7:25 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD sites (bridge all conntections) I am seeing these error that you speek of. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Adner Sent: Sunday, August 29, 2004 8:20 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD sites (bridge all conntections) If your network is not fully routable, as is often the case when VPN links are used, then you need to disable Bridge All Site Links (under Sites and Services, IP transport properties). You also need to manually create Site Links that match your physical topology. So you'll end up with each of the remote sites with a Site Link to the main site. The KCC will handle things from there. If your network is not fully routable and you don't do the above, the KCC may try creating connection objects between Sites that lack physical connectivity and will result in errors. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Raymond Jette > Sent: Sunday, August 29, 2004 19:01 > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] AD sites (bridge all conntections) > > Thanks for the link. To anwser you questions I have two DC's at most > sites. Some sites only have one. The VPN is created by using a pix > firewall at both ends. The second end of the VPN comes back to my > site called Westfield. Each of the sites can only see the westfield > site. > > The way I am thinking about doing this is to disable the bridge all > connections and manually create the site link connections to go to the > bridgehead server at the westfield site. > > Does this sound like the best way to do this? > > Thanks > > ________________________________ > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Noah Eiger > Sent: Sunday, August 29, 2004 7:38 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] AD sites (bridge all conntections) > > > > I think we need to know a bit more about your configuration. > How many DCs at each site? Can you describe the VPN set up a bit > better? > > > > Have you looked at this: > > http://www.microsoft.com/resources/documentation/WindowsServ/2 > 003/all/deployguide/en-us/Default.asp?url=/resources/documenta tion/windowsserv/2003/all/deployguide/en-us/dssbd_topo_zsnq.asp > > > > nme > > > > ________________________________ > > From: Raymond Jette [mailto:[EMAIL PROTECTED] > Sent: Sunday, August 29, 2004 4:24 PM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] AD sites (bridge all conntections) > > > > I am trying to decide if I need bridge all connections enabled or > disabled. I have 8 sights on my netwrok. Each site is connected > using VPNs. Each site connects back to a single site. I am using PIX > firewalls. The filewalls wont let traffic go out the same port it > come in and that seems to be causing problems. > > > > Does any one have any ideas as to how I should set up sites. > I have the bridge all connections enabled and that seems to be causing > problesm so I disabled it. I dont know if this is the best way to > handle it or now. > > > > Thank for the help > > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
