Re: Win3k Forest Trusts



"DTM" <dan.moynihan@xxxxxxxxxxx> wrote in message...
We are trying to setup a trust between our DMZ and Internal network. The DMZ and Internal network are their own Forest both running Win3k with SP1 (firewall disabled). We have a firewall sitting between the two domains and we opened the necessary ports between them according to this MS link (http://support.microsoft.com/kb/q179442/). We have successfully created a one-way trust between the two forests. We are able to validate the trust without any errors. The problem comes when we are on our DMZ SQL server and try to add a new login with an AD user in the other forest (Internal). Our Internal domain shows up in the drop down menu but when we try to add a user it says the domain is unavailable.
Maybe we have our trust setup incorrectly. Any ideas on what we could look at in our situation.

See also these two articles.

Network Address Translators (NATs) can block Netlogon traffic
http://support.microsoft.com/kb/172227/

How to configure RPC dynamic port allocation to work with firewalls
http://support.microsoft.com/kb/154596/

--
Todd J Heron, MVP Windows Server - Networking
MCSE - Windows Server 2003/2000/NT; CCA


.



Relevant Pages

  • Ang: RE: Firewall and DMZ topology
    ... Network Engineer ... Subject: Firewall and DMZ topology ... > The Gartner Group just put Neoteris in the top of its Magic Quadrant, ...
    (Security-Basics)
  • Re: Lets talk about firewalls - what do we as a group think a firewall should be/have?
    ... part of the same network as the LAN. ... Each interface of a firewall should be distinct from ... interfaces, so a "DMZ interface" is not a requirement. ...
    (comp.security.firewalls)
  • Re: Firewall and DMZ topology
    ... > network, Windows and Linux. ... > laptop used as a simple firewall setup. ... > machine and placing it in a DMZ. ... > internal network, one for the DMZ and one for the Internet. ...
    (Security-Basics)
  • RE: Basic Network Configuration
    ... > IMHO the second rule is void, since no traffic should bypass the DMZ. ... that originates from your internal network. ... There is no point in implementing the same firewall ... >> really achieve this benefit if the boxes run different OS ...
    (Security-Basics)
  • RE: Security from VPN connections
    ... You could also put you internal VPN interface out side of the firewall on ... through that DMZ into your internal network. ...
    (Security-Basics)