windows server 2019 unable to authenticate to secondary domain controller using Cisco ASA firewall

Question

First of all, is it possible to authenticate on a domain with two domain controllers running Windows server 2019 to authenticate to the primary and the secondary domain controller, while both domain controllers are up and functional?

No errors have been found when running dcdiag on both domain controllers.

When authenticating from a Cisco ASA firewall the authentication and authorisation to the primary domain controller is succesful, but when authenticating or authorizing to the second domain controller it fails with a unknown error.

The configuration for both DC's is the same on the ASA, except for the IP adress.

So what could be the problem?

Answer 1

What happens when you try? Please run;

Dcdiag /v /c /d /e /s:%computername% >C:\dcdiag.log
repadmin /showrepl >C:\repl.txt
ipconfig /all > C:\dc1.txt
ipconfig /all > C:\dc2.txt
ipconfig /all > C:\problemworkstation.txt

then put unzipped text files up on OneDrive and share a link.

Answer 2

Hi, sorry for the late response, here you can find the log files as requested.
The only thing missing is the "problemworkstation" , because there isn't any, the problem is in the Cisco ASA.

https://1drv.ms/u/s!AiJnqSX-_IInoHTypnY7gNkiEx-M?e=Sdud76

Answer 3

A couple of issues that may or not be related.

User credentials does not have permission to perform this operation. The account used for this test must have network logon privileges.

https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/replication-error-8453
https://support.microsoft.com/en-us/topic/3489ffaf-0f43-2a29-0ee6-531524179491

--please don't forget to upvote and Accept as answer if the reply is helpful--

Answer 4

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--