I am not sure if this is a Fortinet or Windows issues, but just wanting to know if anyone else has experienced the issue I am having.
I have a working VXLAN over IPSec working. I can stand up Windows 2019 servers at both ends of the tunnel and at a basic level (ping, DNS etc all appear to be fine). However, what I am finding is that Kerberos traffic doesn't seem to cross the VXLAN.
I can't login to a Windows server until I either
1) Disable the networking on the Windows server - Can then login with cached credentials and then re-enable networking (however this then presents issues access other network resources as server didn't complete any domain registration processes) OR
2) Stand-up an Active Directory Server on the same site as the server I want to have running at the second site - In this case all works well.
When I choose option 1 - I can, ping the remote Active Directory server, complete DNS queries against remote site server, but can't map Windows shares or any other task requiring authentication.
Packet captures and Wireshark traces don't show any issues.
If I chose option 2 - there are no problems everything works as expected, however I don't really want to have to stand-up a second Active Directory server.
Has anyone else experienced anything similar?
Thanks in advance.