I have recently noticed that my Additional Domain Controller is not replicating the user accounts in AD. But, as soon as I disable the firewall on the ADC, it starts working. I Have monitored all the ports and exceptions and everything looks fine and all of the required ports are open. When I want to Check Replication Topology on the main DC (While the firewall is On in ADC-NTDS), I get the error message "There are no more endpoint available from the endpoint mapper".

Does anyone know how to solve this problem? Your help is truly appreciated.

Regards;

Ali

Looks like a problem I had. For AD replication to work it needs a packet size of 1400 bytes. try pinging between the 2 AD servers using ping -f -l 1400 {servers address}. You may need to change the firewall to not fragmant packets of this size, our you can change the registry to allow AD to replicate with packets are of a smaller size. Check the Microsoft website on how to do this.

Hope this helps