Re: File or printserver without domaincontroller for non admins not possible

Hi Meinolf!

It really seems to be an issue of the firewall - i just deployed a
testserver with MDT in my domain and had no problem with establishing the
trust!

I will now investigate the ISA-Server :(

Kind regards

Andy


"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> schrieb im Newsbeitrag
news:ff16fb661bf288cb6e19a07f95ef@xxxxxxxxxxxxxxxxxxxxxxx
Hello Andreas,

Missed the firewall part in the starting post.

For connection of the domain trust check this article about needed open
ports on the firewall:
http://support.microsoft.com/kb/179442/

For DNS i prefer to use "stub zones", if 2003 DNS. And secondary zones
when 2000 DNS.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Hi Meinolf!

I solved the problem with the article:

http://support.microsoft.com/kb/927612/en-us

But my initial problem that pushed me to solve this issue is not
solved yet - I tried to establish a trust from another domain to this
"problem-domain".

I always get the error:

"The Local Security Athority is unable to obtain an RPC connection to
the..."

I thought the other problems would also solve this one - but...

DNS Forwarders are all configured correctly - also telnet to the port
135 and 389 are no problem.

Do you have an idea how to debug this issue?

Kind regards and thanks for your help!

andy

"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> schrieb im
Newsbeitrag news:ff16fb661bdc58cb6cc96f54d88b@xxxxxxxxxxxxxxxxxxxxxxx

Hello Andreas,

In the default domain policy this settings is not defined in my test
domain by default, in the default domain controllers policy it
includes also "everyone".

What error message do you get when trying to connect to exchange from
outlook form the Vista machine?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Hein Meinolf!

Just before posting the ipconfig. I found a setting in the "Default
Domain
Policy" that had only "Administrators" and "Domain Admins"
in the "Access this computer in the network" section. Adding
"Everyone"
fixed the first problem.
But now I stilll have the following:
- Beeing logged on a Domaincontroller a connection to Exchange with
Outlook
is possible
- Beeing loggend on on a Vista pc with the same user a connection to
exchange with outlook is not possible..
Any hints for me :)
Kind regards

andy

"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> schrieb im
Newsbeitrag
news:ff16fb661bdb48cb6cc1391b4a4b@xxxxxxxxxxxxxxxxxxxxxxx

Hello Andreas,

All of this services should run without being installed on a DC,
especially ISA and Exchange should always run on member servers for
performance reasons.

Please describe your network setup, routers, switches, etc. and
post an unedited ipconfig /all form the servers and also the DC's.
Public ip's you can hide.

Seems that something in your either physical setup or ip setup is
not correct.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties,
and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Hi group!

I have some big problems in an Active Directory of a school. I
have:

- ISA-Server
- Fileserver (VM)
- Fileserver (Physical)
- Exchange Server
All of these servers have to be Domaincontroller - otherwise it is
not
possible to provide print services, outlook with exchange (a popup
with credentials occurs if the exchange server is not a domain
controller), file services...
It is also not possible to establish a trust between this domain
and
another (RPC call fails - telnet with 135 and 389 is ok).
Anyone an idea?

Kind regards

Andy





.

Relevant Pages

  • Re: File or printserver without domaincontroller for non admins not possible
    ... Kind regards and thanks for your help! ... What error message do you get when trying to connect to exchange from ... outlook form the Vista machine? ... an unedited ipconfig /all form the servers and also the DC's. ...
    (microsoft.public.windows.server.active_directory)
  • Re: [fw-wiz] Putting MS servers behind firewalls
    ... How about putting an app proxy firewall (careful... ... Exchange to communicate on specific ports (this can be done via registry ... If you get a multi-function applicance with proxy firewall, ... servers fairly well, if your configurations are anywhere near sane. ...
    (Firewall-Wizards)
  • Re: Internal Trusted Windows Users firewalled from Microsoft Servers
    ... alternatives if they really have a good reason for setting their network in ... SCW is designed and supported way to use Windows Firewall on servers such as ... to separate all user desktops in our organisation from Exchange and Active ...
    (microsoft.public.security)
  • Re: File or printserver without domaincontroller for non admins not possible
    ... What error message do you get when trying to connect to exchange from outlook form the Vista machine? ... Kind regards ... an unedited ipconfig /all form the servers and also the DC's. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Blocking all not necessary ports for servers on Firewall
    ... as i indicate in firs post "We have Servers in different network segment, ... So what ports is neccesary open on firewall to work normaly MAPI Cliets (Exchange) ... Phillip Windell ...
    (microsoft.public.windows.server.networking)