Re: Active Directory Controllers?

From: Cary Shultz [A.D. MVP] (cwshultz_at_mvps.org)
Date: 04/28/04 

Date: Wed, 28 Apr 2004 06:08:45 -0400

This might be the link to the paper that you need....as per Paul's
suggestion.

HTH,

Cary

"Matt" <matth+newsgroups@matthoppes.org> wrote in message
news:c6m4ik03h8@enews4.newsguy.com...
> Here's what our network looks like:
>
>
>
> FIREWALL 1:
> Outside: 63.174.x.x network (OUTSIDE)
> AD Controllers: 10.200.1.x network (DMZ)
> Clients: 172.16.1.x network (INTERNAL)
>
> FIREWALL 2:
> Outside: 63.174.x.x network (OUTSIDE)
> Clients: 10.200.1.x network (DMZ)
>
> We are trying to get the clients from behind firewall2 to behind the
> INTERNAL of firewall1. The issue is that right now they are able to
> authenticate and all is happy. They go from firewall2 to firewall 1
> across the outside interfaces and then through a map to the DMZ to get
> to the AD controllers.
>
> When I try to move the clients behind the INTERNAL on FIREWALL1 I get
> 'No domain controllers are available to service your login request'.
> I have a hosts file in place for the two domain controllers and have a
> map going across from 172.16.1.x to 10.200.1.x. I can ping the DCs.
> If I'm on a machine NOT on the domain I can connect to the DCs via
> filesharing and their 172.16.1.x map. however, if I try that same thing
> with a machine on the domain behind the INTERNAL I get the 'no domain
> controller' message.
>
> Any ideas?
>

Relevant Pages

  • Re: How To Force LDAP Queries Through One Domain?
    ... In any case, my focus wasn't on whether a firewall was necessary, but more ... Other white papers on the topic of isolating domain controllers behind ... Windows 2003 that documents behavior between two forests in a trust, ... >> When you login to a domain on a computer that is a member server in the ...
    (microsoft.public.windows.server.active_directory)
  • Re: Windows firewall for domain controllers
    ... So, if the Windows Firewall on the Domain Controllers is blocking the authentication requests, you will get the symptoms your users report. ... It is quite possible that the Firewall Policy you configured for the Domain has different settings for the Standard Profile than for the Domain Profile in the Windows Firewall part of the GPO. ...
    (microsoft.public.windows.group_policy)
  • Re: Firewall
    ... Basically you have to open up the ports needed for the clients to be able to ... I would recommend you take a look at an article I have written on firewall ... different subnet. ... Both domain controllers are on the same subnet. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Stand Alone DHCP Servers and Windows 2000
    ... but I stand by the statement that a firewall limits ... client network from domain controllers by an ISA Server 2004 firewall, ... RPC, and that is solved by ISA Server 2004. ... Every virus I have ever been hit with would not have even been slowed down ...
    (microsoft.public.windows.server.networking)
  • Re: 3rd Party Firewalls on Domain Controllers.
    ... I would - were money not an issue - opt for a Hardware solution. ... I would be very hesitant to run any Firewall on a Domain Controller. ... > Domain Controllers right now, but eventually on Windows 2003 server Domain ... > - What 3rd party firewall software has worked on Domain Controllers. ...
    (microsoft.public.win2000.active_directory)