I have a couple of questions:

Does this problem happen in IKE mode, Legacy mode, or both ?

If there's a replica of root on another server on the slave's segment, I
assume this is enough of a 'fix' to allow the services to start properly?

Adrian James

"Update: Aug 24, 2004: I am hearing that there is a design bug with
BorderManager 3.8 Site-to-Site VPN that requires the slave server to contact
a replica of the Root partition in order to launch. This means (for now)
that you need to put a replica of Root on the VPN slave server. This makes
sense in terms of what I have seen with my workaround, which simply allows
the slave server to contact a Root replica through a backup link. It is,
of course, exceedingly poor NDS design in many cases to have to put a root
replica on a VPN slave server, and I assume that Novell will start taking
steps to address this. (Also, I have not yet confirmed this yet in more
than one instance). As noted below, if you are already in the situation
where your slave VPN is down, and you can't bring it up in order to get NDS
synched, I have a work-around, and I can do it for you if you need help."