Re: Best Plan of action for 2 forest.......
- From: Neil Cadman <NeilCadman@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 22 Mar 2006 09:47:29 -0800
Hi Paul,
Out of all the ports that had "Listening or Filtered" (non of them had just
Filtered) only two of them did not return any data after the UDP packet was
tried.
Those ports are the following.
88 - Kerberos (which i dont belive is needed for a win2k3 to win2k3 trust,
only a Relm to Forest ?)
138 - I think this is the underlining problem as its the Netlogin which is
used for the main authentication is'nt it ?
=============================================
Starting portqry.exe -n 192.168.113.5 -e 138 -p UDP ...
Querying target system called:
192.168.113.5
Attempting to resolve IP address to a name...
IP address resolved to OB-CONTROLLER
querying...
UDP port 138 (netbios-dgm service): LISTENING or FILTERED
portqry.exe -n 192.168.113.5 -e 138 -p UDP exits with return code 0x00000002.
=============================================
Now how to degub this problem :S its alittle strange because i can connect
to all the server on the network in the US fine, my login details are the
same on both domains (username and password) so when i access a server in the
US by its FQDN it lets me in with out asking who i am.
I have Enterprise and Domain admin privlages on both sides too.
"Paul Bergson" wrote:
Not sure what happened on the other response????.
When I run this I look for one of the following:
PortQry reports the status of a port in one of the following ways:
..LISTENING This response indicates that a process is listening on the target
port.PortQry received a response from the target port.
..NOT LISTENING This response indicates that no process is listening on the
targetport. PortQry received one of the following Internet Control Message
Protocol (ICMP)messages from the target port:Destination unreachablePort
unreachable
..FILTERED This response indicates that the target port is being filtered.
PortQry didnot receive a response from the target port. A process may or may
not be listening onthe target port. By default, PortQry queries a TCP port
three times before it returns aresponse of FILTERED and queries a UDP port
one time before it returns a responseof FILTERED.
--
Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
http://www.pbbergs.com
This posting is provided "AS IS" with no warranties, and confers no rights.
"Neil Cadman" <NeilCadman@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:17ECB4B3-4215-40E2-A8C7-AEB829AA27E0@xxxxxxxxxxxxxxxx
sorry to be a pain mate but im not very familier with this tool so here
goes :)
All the ports returned data (schema looking type data) appart from the
following which returned exit codes. Now im not sure if the exit codes are
the correct resoponse or not, i'm guessing its not.
Port Number | Response Code
-------------------------------------
389 | 0x0
636 | 0x0
3268 | oxo
3269 | 0x0
53 | 0x0
445 | 0x0
137 | 0x0
139 | 0x0
42 | 0x0
138 | 0x00000002
88 | 0x00000002
"Paul Bergson" wrote:
Read my article. It provides port numbers as well as a utility to check
if
the ports are open.
--
Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
http://www.pbbergs.com
This posting is provided "AS IS" with no warranties, and confers no
rights.
"Neil Cadman" <NeilCadman@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A24E331E-AE25-4760-9910-CB8D2BE80768@xxxxxxxxxxxxxxxx
The two are VPN'ed with a Netscreen Firewall and the VPN is currently
set
to
allow any service/Port to go down it, what ports do you think i should
double
check ?
"Paul Bergson" wrote:
They are vpn'd but do you have a firewall up between the two and if so
which
ports are open?
Check out my article on Firewall Replication on my Articles page at
http://www.pbbergs.com
--
Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
http://www.pbbergs.com
This posting is provided "AS IS" with no warranties, and confers no
rights.
"Neil Cadman" <NeilCadman@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:698C4EC7-73E7-4783-BCA9-FDFEC8EAC807@xxxxxxxxxxxxxxxx
HI, We have got two forests for our company now, one in the UK and
the
other
in the US.
They are VPN'ed together over a 2 meg line and i have added DNS
farwarders
so the computers in the UK can see/ping all the computers in the US,
and
the
US comps can see all the comps in the UK.
I have tried to do a Forest Trust between the two but all i get back
is
(This operation can not be performed on this domain) and i get this
"error"
on both the sides.
I have made sure that both DC's and both Forests are running at 2003
level.
Is there somthing i have forgotten to do ? i have read the prep
stuff
on
tech
net about how to set it up and bar the DNS there did'nt seem to be
anything i
needed to do ?
They are both windows 2003 standard version, do they need to be
enterprise
to form a forest trust?
If anyone can think of a better way of making my networks more like
one
network than creating a forest trust id like to no your options :D
- Follow-Ups:
- Re: Best Plan of action for 2 forest.......
- From: Paul Bergson
- Re: Best Plan of action for 2 forest.......
- References:
- Re: Best Plan of action for 2 forest.......
- From: Paul Bergson
- Re: Best Plan of action for 2 forest.......
- From: Paul Bergson
- Re: Best Plan of action for 2 forest.......
- From: Neil Cadman
- Re: Best Plan of action for 2 forest.......
- From: Paul Bergson
- Re: Best Plan of action for 2 forest.......
- Prev by Date: Re: different subject then the one i have in there
- Next by Date: Re: Domain Admin User shows only in Advance View
- Previous by thread: Re: Best Plan of action for 2 forest.......
- Next by thread: Re: Best Plan of action for 2 forest.......
- Index(es):
Relevant Pages
|
