I've setup NBM S2S's a countless # of times. Never had i had problems
like this.

Anyways, heres the spam.

Bran new NW65 SP1 server built. All certitificates work. Ldap and
ldaps verfied. bottom line.. its works fine

Patch Sequence: as per Craigs suggestions which needs to be updated.
TCPIP from Companion (TCP654D does not exist anymore for download)
NW65SP1A (installed a newer NICI version of TCPIP)
NICI (which never installed because NW65SP1A installed a newer ver.)
RAN inetcfg
Installed NBM38 (allowed it to install the Imanager stuff)
B1NBMSP1 patch

Configured as master

Did the same sequuence on the slave.

Configured Legacy VPN
no NAT on either boxes being used.
filters all disabled

IT worked ! but it took forever for it to come up tho.
Which i can understand, dual xeons on fiber lines lack these days. =/

cept one thing

I had to reconfigure the Protected network addresses to include my
NBM36 VPN and the slave was stuck for 2 hours without filters or
anything else in the way that i can think of. It would not get the
info no matter what. I rebooted both server and that was it for the
vpn. would not come back up at all. Did i mention they are are in the
same tree ?

Attemped to redo VPN and slave which would not receieve any updates...
slave was stuck as being configured... i waited another 2 hours on it.

THE NEXT STEPs (attempted to get vpn to work after each one of these)
confirmed DNS worked correctly
confirmed with ping to each other servers
blew away vpn info
deleted all inetcfg.cfg info and recreated it
deleted CSL.CFG and CSL.dat
kicked them a few times..
pulled hair out..
wipe boot marks off the boxes..

CSAUDIT just says failed to configure blah blah blah
unable to send member info from master
attemping again in 1 min etc..

Keys will get exchanged, eventually the master will ping the slave
through tunnel but not vice versa. I've left the servers to do their
bidding overnight. Mind you.. the system will prolly reinitialize
itself at midnight letting filters get in the way.... oh well.

Now im waiting for 8am to roll along to call Novell...

Any suggestions before i place a call to novell ?