NAT and AD

From: Charlie M (CharlieM_at_discussions.microsoft.com)
Date: 09/01/04 

Date: Tue, 31 Aug 2004 17:15:04 -0700

Running 4 W2K SP 4, fully patched Servers. 2 are AD 2 are member servers.
Clients are XP Pro SP1 &2.

We ran out of public ip addresses so I added a NIC card & RRAS w/ NAT &
seperate DHCP to a Member Server, and put all new clients on a separate
switch attached to the NAT NIC. I had no difficulty joining these NAT
clients to the domain, installing AD published printers, and all applications
worked.

This configuration work until last week when my users started to lose
connections to the printers (on a AD server) and the server that has their
redirected folders on it (Member Server). The connection is restored almost
at once. No errors in the Event Log. The printer status changes to 'Opening"
and then "Ready". The Reirected Folders report "Working Off-line" This
happens randomly to all NAT uses at the same time. Internet access is not
affected.

On the servers DCDIAGS & NETDIAGS run without errors. On the XP PROs NATs
Network Diagnostic return "Pass". NSLookup works.

I then removed one of the NAT clients from the Domain and tried to re-join.
The Wizard accepted a User ID, Password, and Domain and then asked for a
computer Name and Domain. At that point it failed. I then created a Computer
account in AD and used "Change" to join the domain.

After restarting there is an "1006 Usnerv" error in the Application log.
When I try to add a printer, I can browse the printers in AD but when I
double click I get a "Unable to Connect"

If I do a Run \\printserver_name I see the printers and can connect an print
to them.

All my dcom and IIS apps work fine on the NAT clients. Clients on the
public ip lan work fine.

I have been working on it for three day without success. I saw that there
is a W2K problem with MS504-011 - 835732 but that seems to be directed to
Child Domains.

Anyone have a direction I might take? 

-- 
C.E.Morgan

Relevant Pages

  • Re: NAT and AD
    ... addresses on 4 server and 50 PCs and having all my applications work without ... SQL and web apps work just fine from my NAT clients. ... I can browse the AD printers from a NAT client using the "Add Printer ...
    (microsoft.public.win2000.active_directory)
  • Re: natting in win2000
    ... The normal operation of NAT is to use the NAT router ... as its own DHCP-type allocator and to use the NAT router as a DNS relay. ... local DNS server. ... will give the clients the wrong DNS address. ...
    (microsoft.public.win2000.ras_routing)
  • Re: XP SP2, NAT-T & L2TP/IPSEC.
    ... "With the IPSec NAT-T support in the Microsoft L2TP/IPSec VPN client, ... sessions can go through a NAT when the VPN server also supports IPSec NAT-T. ... IPSec NAT-T is supported by Windows Server 2003. ... >> clients that are behind a nat. ...
    (microsoft.public.win2000.networking)
  • NAT-T and L2TP
    ... clients connect OK in from internet to private address range on ... W2003 server. ... release 6.3running NAT and which is meant to fully ...
    (microsoft.public.win2000.ras_routing)
  • Re: NAT and AD
    ... > separate switch attached to the NAT NIC. ... > these NAT clients to the domain, installing AD published printers, ... > connections to the printers (on a AD server) and the server that has ...
    (microsoft.public.win2000.active_directory)