Hi,
I did some more testing...

My testing environment: Both servers are in the same tree.

Server A: srva.srv.mo.cz in partition srv.mo.cz RW
Server B: srvb.srv.pha.cz in partition srv.pha.cz MASTER

Server A TRC : TRC - SRVA.srv.mo.cz
Server B TRC : TRC - SRVB.srv.pha.cz

S2S: VPNS2SSRVA.srv.mo.cz

Server A Certificate: MasterTRO.TRC - SRVA.srv.mo.cz
Subject: O=AAA.CN=srva.aaa.cz

Server B Certificate: MasterTRO.TRC - SRVB.srv.pha.cz
Subject: O=AAA.CN=srva.aaa.cz

Server A is the master server. I have bound two address on Server B,
one
is the internal network and one is internet address. When I want to
start VPN I have to enable internal address and connect Server B to
the
internal network. Than I can run STARTVPN.NCF and every modules are
loading fine, next I have to disable internal address ,enable internet

address and swith ethernet cable to internet network. After that VPN goes up and everithing is working fine till STOPVPN.NCF or restart.

If I don't do that crazy switching and run STARTVPN.NCF when Server is

connected to the internet, ServiceConfigurationManager gives me nice eception and VPSLAVE and IKE is not loaded:

************************************************** *********************

Exception encountered

javax.naming.NameNotFoundException. Root exception is
com.novell.service.jncp.N
DSException: ccode = -626 (0xfffffd8e)

at
com.novell.service.jncp.NSIExceptionBuilder.build( NSIExceptionBuilder..java:82)

at
com.novell.service.jncpv2.net.BasicNetService.read ObjectInfo(BasicNetService.java:908)

at
com.novell.service.nds.naming.net.NetContextFactor y.getNetObjectInfo(NetContextFactory.java:336)

at
com.novell.service.nds.naming.net.NetContextFactor y.getContextInstance(NetContextFactory.java:160)

at
com.novell.service.nds.naming.local.NdsContextFact ory.getContextInstance(NdsContextFactory.java:225)

at
com.novell.service.nds.naming.NdsInitialContextFac tory.getInitialContext(NdsInitialContextFactory.ja va:116)

at
javax.naming.spi.NamingManager.getInitialContext(N amingManager.java:662)

at
javax.naming.InitialContext.getDefaultInitCtx(Init ialContext.java:243)

at javax.naming.InitialContext.init(InitialContext.ja va:219)


at
javax.naming.InitialContext.<init>(InitialContext. java:195)

at
javax.naming.directory.InitialDirContext.<init>(In itialDirContext.java:80)

at
com.novell.scm.repository.NDSRepository.NDSLogin(N DSRepository.java:963)

at
com.novell.scm.repository.NDSRepository.<init>(NDS Repository.java:48)

at
com.novell.scm.events.SCMEventManager.initializeRe positories(SCMEventManager.java:589)

at
com.novell.scm.events.SCMEventManager.initialize(S CMEventManager.java:576)

at
com.novell.scm.events.SCMEventManager.<init>(SCMEv entManager.java:90)

at
com.novell.scm.ServiceConfigurationManager.main(Se rviceConfigurationManager.java:117)

************************************************** *******************
If I try to load VPSLAVE and IKE manualy IKE complains on IKE screen:
************************************************** ******************
1-8-2004 11:16:15 am
I-COOKIE=8698200C,R-COOKIE=00000000,MsgID=0,1stPL=SA-PAYLOAD,state=0
1-8-2004 11:16:15 am Start IKE-SA C864D040 -
Responder,src=62.77.6.9,dst=62.77.6.200,TotSA=1
1-8-2004 11:16:15 am IKE SA NEGOTIATION: Peer lifetime = 28800 My
lifetime=300
1-8-2004 11:16:15 am sending notify message type: 28 to 62.77.6.2001-8-2004 11:16:15 am ***Send Unacknowledge Informational message to
62.77.96.200
1-8-2004 11:16:15 am
I-COOKIE=8698200C,R-COOKIE=BFE39B0C,MsgID=1BD27C5F,1stPL=NOTIFY-PAYLOAD,state=0

1-8-2004 11:16:15 am Error :Server certificate not available ,
probably
error reading certificate
1-8-2004 11:16:15 am Processed SA-PAYLOAD unsuccessful - No usage
certificate available for signature authentication, dst=62.77.6.200.
1-8-2004 11:16:15 am Error processing the first MM packet - No usage certificate available for signature authentication
1-8-2004 11:16:17 am IKE-SA C864D040 is
Deleted,I-COOKIE=8698200C,R-COOKIE=BFE39B0C,dst=62.77.6.200
1-8-2004 11:16:17 am State:0 Cond:4 TimerEvent:1
1-8-2004 11:16:17 am lifetime :0 sec Rekey Time :0 sec
1-8-2004 11:16:17 am Created at :0 sec Remaining life time :-14983

sec Current time 14983
1-8-2004 11:16:17 am The client 62.77.6.200 removed from vpninf
************************************************** *******************
It loks for me as some replica issue, but I have no idea which
replicas
need to be on the slave server.

So I have few questions :

Does anybody get working S2S VPN connection when both servers are in same tree?
Which replica are needed on slave and Master server?
Where should be objects like TRC and S2S Configuration located?
Can I configure BM S2S VPN to work in non BM mode with both server
using
preshared secret?

Thanks for any help or answers...

Ales