How would you troubleshoot the following scenario?
What are some useful steps to take, and what should you look out for?
There are four domain controllers, two in one site and two in another site. Since the upgrade from Windows Server 2008 to Windows Server 2008 R2, Active Directory replication has stopped between the sites, however replication continues between the DCs on the same LAN.
There's an ISA Server 2006 in the middle, however whether replication traffic is being blocked or even seen by the ISA Server is not known yet. Administrators report some form of RPC errors (in Directory Services logs?). The ISA firewall policy was allowing RPC traffic before the upgrade.
Useful resources
How to troubleshoot intra-site replication failures
http://support.microsoft.com/kb/249256
Using Repadmin.exe to troubleshoot Active Directory replication
http://support.microsoft.com/kb/229896
Troubleshooting replication with repadmin
Repadmin.doc
I'll add more detail as soon as I get it.
Restarting the ISA Server without modifying the firewall policy fixed the problem, which seemed to be that the (custom) protocol definition for Microsoft RPC traffic between the sites wasn't correctly identifying allowed traffic.
It is possible that simply deleting the open sessions in the ISA Server between domain controllers would be enough, which would then be re-established, but rebooting had the same effect.