Re: External trust and a member server
- From: v-stwang@xxxxxxxxxxxxxxxxxxxx (Steven Wang [MSFT])
- Date: Mon, 27 Feb 2006 17:19:31 GMT
Hi NetGear,
Thanks for your reply and I am sorry for my delayed response due to the
complexity of this issue and the weekend. I hope this has not caused you
too much inconvenience.
I have created a test environment on my side and there is no any problem in
my tests. First, I would like to confirm with you that whether the issue
still occurs if you log on the member server with the administrator account
of domainA?
I was not sure about that whether this issue is caused by firewall. Based
on the current situation, I would suggest we check the firewall settings to
see whether the issue can be resolved. You may refer to the following KB
article to open the necessary ports on the firewall:
How to configure a firewall for domains and trusts
http://support.microsoft.com/?id=179442
If the issue persists, please help me to capture a screen shot of the error
message. The screen shot of the error message will be helpful for me to
perform further research. To capture a screen shot, you can:
1. When the screen appears, press the Print Screen key several times, which
is to the right of the F12 key on the keyboard.
2. Open Paint or Microsoft Word or WordPad.
3. Click Edit (menu) -> Paste or press Ctrl + V.
4. Click File (menu) -> Save. Save it to a file and attach it in email to
send it to me at v-stwang@xxxxxxxxxxxxxx
More Information
--------------------------
White Paper "Active Directory in Networks Segmented by Firewalls"
http://www.microsoft.com/downloads/details.aspx?FamilyID=c2ef3846-43f0-4caf-
9767-a9166368434e&DisplayLang=en
Restricting Active Directory Replication Traffic to a Specific Port
http://support.microsoft.com/?id=224196
How to Restrict FRS Replication Traffic to a Specific Static Port
http://support.microsoft.com/?id=319553
How to configure RPC dynamic port allocation to work with firewalls
http://support.microsoft.com/?id=154596
Port Requirements for the Microsoft Windows Server System"
http://support.microsoft.com/?id=832017
Hope this helps. I look forward to your update.
Best regards,
Steven Wang (MSFT)
Microsoft CSS Online Newsgroup Support
--------------------
X-Tomcat-ID: 228611849microsoft.public.win2000.active_directory:111834
References: <#RJLqJ5NGHA.2604@xxxxxxxxxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
From: v-stwang@xxxxxxxxxxxxxxxxxxxx (Steven Wang [MSFT])
Organization: Microsoft
Date: Thu, 23 Feb 2006 11:54:02 GMT
Subject: Re: External trust and a member server
X-Tomcat-NG: microsoft.public.win2000.active_directory
Message-ID: <Nfnic$GOGHA.608@xxxxxxxxxxxxxxxxxxxxx>
Newsgroups: microsoft.public.win2000.active_directory
Lines: 67
Path: TK2MSFTNGXA01.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl
NNTP-Posting-Host: TOMCATIMPORT1 10.201.218.122you
Hi NetGear,
Thank you for getting back to me and I am sorry to hear that the issue
still exists.
I am currently creating a test environment to test this issue on my side.
If I have any update I will get back to you as soon as possible. Thank
for your patience.I
Best regards,
Steven Wang (MSFT)
Microsoft CSS Online Newsgroup Support
--------------------
From: "NetGear" <NetGear@xxxxxxxxxxxxxx>microsoft.public.win2000.active_directory:111788
Subject: Re: External trust and a member server
Date: Wed, 22 Feb 2006 11:29:06 +0200
Lines: 35
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
X-RFC2646: Format=Flowed; Original
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
Message-ID: <#RJLqJ5NGHA.2604@xxxxxxxxxxxxxxxxxxxx>
Newsgroups: microsoft.public.win2000.active_directory
NNTP-Posting-Host: dsl-tregw3-fe3bdc00-64.dhcp.inet.fi 80.220.59.64
Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl
X-Tomcat-NG: microsoft.public.win2000.active_directoryfrom
Thank you for your reply. I've been quite a busy last few weeks.
I got it to work partially. The other domain's AD is still unavailable
the member server.and
From our domain controller I right clicked My Computer, selected Manage
connected to the member server. From there I could manage the memberservers
local groups and connect to the other forests Active Directory database.
thecould add the necessary groups to our member servers local groups.groups
However, when I check the group membership of our member server local
there are only the SID for the other domains groups. The actual groupnames
are missing. The other domain users are able to map the necessary network
shares but they are prompted for their user name and password before the
share access is allowed.
There is still something wrong with the network connections. I checked
secondarytrust and it is in place and active. Deleting and recreating the
grayeddns zones does not help.
"Steven Wang [MSFT]" <v-stwang@xxxxxxxxxxxxxxxxxxxx> wrote in
message:60am0eFLGHA.2336@xxxxxxxxxxxxxxxxxxxxxxxx
Hi NetGear,
Thanks for your prompt reply.
Based on my experience, it is abnormal that the _msdcs subfolder is
locateout and it is empty. The _msdcs records are SRV records and used to
AD services. I would suggest we refer to the following steps to recreate
the secondary zone on the DNS server of the trusting domain A to see
whether the issue can be resolved:
.
- Follow-Ups:
- Re: External trust and a member server
- From: NetGear
- Re: External trust and a member server
- References:
- Re: External trust and a member server
- From: NetGear
- Re: External trust and a member server
- From: Steven Wang [MSFT]
- Re: External trust and a member server
- Prev by Date: Windows2003Updates folder never shows in ADSIEDIT
- Next by Date: Re: AD Orphaned Server issues
- Previous by thread: Re: External trust and a member server
- Next by thread: Re: External trust and a member server
- Index(es):
Relevant Pages
|
