Created a Site to Site VPN link between the 2 server. If you want to try an RPC publishing rule, it's really no different than publishing any other type of server: * Publish non-web server protocol * Type name * Type server IP * Select the RPC (all interfaces) protocol from the bottom of the list.
But I must say though, start out by making an "allow all" rule to determine if it's even the TMG that's causing the problems in the first place, or at least look in the traffic logs for traffic between domain controllers that gets dropped because of an "unknown protocol" with a high port.The Microsoft Remote Connectivity Analyzer Tool queries the Server Certificate object in the Exchange Server system to retrieve various properties on X509 certificates.In order for the Remote Connectivity Analyzer to validate a given X509 certificate, the toll must trust the root Certificate Authority (CA) that issued the certificate.Common symptoms of this issue include the following: The Remote Connectivity Analyzer has the ability to ignore the trust requirement during SSL certificate validation for most tests.However, the Outlook Anywhere (RPC over HTTP) connectivity tests currently require a publicly-trusted certificate that is also trusted by the server.TMG - DC-B DC-A : 10.0.0.10 DC-B : 192.168.0.10 Site 2 Site VPN is up and running. You told me to setup an allow all rule between the two DC's right? Strange is that from DC-A I am able to setup the trust! Allthough when I setup the trust from DC-A it is still not working.I wonder what additional rules I have to create besides the ones created by the VPN tunnel?Hello, Running TMG2010 in a Server 2008 R2 environment on two sites. However when I try to setup the Forest link from Domain-B to Domain-A I am getting the following error message; "The trust relationship cannot be created because the following error occurred: The Local Security Authority is unable to obtain an RPC connection on the Active Directory Domain Controller FS1.domain-a.local. Thanks in advance, Herman Franssen I assume you need either an "allow all traffic from: DC A & DC B to: DC A & DC B" type rule, or if you're only doing the specific protocols, you need an actual RPC publishing rule, ie. Otherwise only the initial connection will succeed, and all subsequent connection attempts on the high port will fail.Try to setup a forest trust between Domain-A and Domain-B. Can ping all hosts on Network-a and Network-B (vice versa). Please check that the name can be resolved and that the server is available." The strange part is that I can setup the trust from Network-A to Network-B. I checked all the settings twice on both TMG2010 servers and DC's but somehow it won't work! The allow all rule between domain controllers is by far the easiest way of doing it, but may not be in line with company policy.Microsoft is conducting an online survey to understand your opinion of the Technet Web site.If you choose to participate, the online survey will be presented to you when you leave the Technet Web site.