RE: [ActiveDir] Multiple IPSEC tunnels established

[Rick Kingslan]

How are the IPSec filters configured?  You can only have one IPSec policy active at any given time, so knowing how your active policy is configured would aid greatly in helping you figure out the problem.   And, as a quick guess - how can you set one of the DCs to be a primary?  I assume you're not doing this through IPSec, because IPSec is either an allow or deny (granted - negotiate is in there, but it's a fancy allow or deny).  IOW, you're either allowing communication with the three DCs out of the gate, or you're not.   That's why we'd need to see more info on the IPSec, or the config of how you have this set up to be able to help.   Rick Kingslan  MCSE, MCSA, MCT, CISSP Microsoft MVP: Windows Server / Directory Services Windows Server / Rights Management Windows Security (Affiliate) Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone WebLog - www.msmvps.com/willhack4food   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, September 03, 2004 2:16 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Multiple IPSEC tunnels established I am seeing multiple simultaneous IPSEC connections from an application server running Windows 2000 to several Windows 2003 domain controllers that are setup in the Local Security Policy/IPSEC.   The application server is configured to communicate to 3 domain controllers in the IPSEC policy for failover/redundancy purposes.  Why is it using more than one of the configured servers at a time?  We are troubleshooting the application and wondered if the multiple IPSEC tunnels could be causing the issue.   TIA,   Erik Leach