RE: Cannot add workstation to domain when negotiating ISL on Cisco routers.
From: Robert Greene [MSFT] (a-robgre_at_online.microsoft.com)
Date: 08/05/04
- Next message: mark: "Test DR procedure of a child domain"
- Previous message: Jason: "Re: AD User Account Illusions"
- In reply to: Scott: "Cannot add workstation to domain when negotiating ISL on Cisco routers."
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 05 Aug 2004 16:03:07 GMT
First, make sure that any End station ports are configured for Port Fast
and NOT SPANNING TREE on the switches.
If this is correct, on the workstation at a command prompt type the
following:
ping <Remote DC Name> -f -l 1492
it does not ping the more then likely your router is fragmenting packets.
Kerberos Packets by default use UDP. You can keep lowering the -l
parameter until you find where the pings start succeeding then use the
following article to configure Kerberos Over TCP to be used after packets
get so big:
244474 How to force Kerberos to use TCP instead of UDP
http://support.microsoft.com/?id=244474
Also Verify that the following Ports are allowed through the Router:
179442 How to Configure a Firewall for Domains and Trusts
http://support.microsoft.com/?id=179442
Best regards:
a-Robgre@online.microsoft.com
This posting is provided "AS IS"
with no warranties, and confers no rights
- Next message: mark: "Test DR procedure of a child domain"
- Previous message: Jason: "Re: AD User Account Illusions"
- In reply to: Scott: "Cannot add workstation to domain when negotiating ISL on Cisco routers."
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
