Re: Domain troubles
- From: "Phillip Windell" <philwindell@xxxxxxxxxxx>
- Date: Thu, 4 Sep 2008 13:29:54 -0500
"Huston" <shawn_huston@xxxxxxxxxxx> wrote in message
news:OOo5sArDJHA.2476@xxxxxxxxxxxxxxxxxxxxxxx
Alright.... Here is some more information... Any machine that is not on
the domain can contact the site. Any machine that has been on the domain
cannot. If the machine is switched to a different domain, it can connect,
but if it is just removed from the original domain, it can not connect.
If the machine is taken out of the building, and is or has been on the
domain and used, it cannot connect. That is just some more information.
You are suggesting that the next step would be to check router settings
and see if it differentiates between the two types of users with rule
sets?
I think the problem is (for the moment) in defining "on the domain" and "off
the domain". Being "on the domain" means the Machine's Windows OS was
joined to the Domain and has an account in active directory,..being "off the
domain" means the Windows OS was moved out of Active Directory into a
Workgroup administrative environment and the machine account in Active
Directory was deleted. But being on the same physical network or the same
physical or virtual subnet doesn't have anything to do with domains.
Now there are situations where it can "indirectly" matter,..and that is what
I am trying to sort out. Here are two ways the domain can matter,...but
anything beyond these two things and the Domain is really irrelevant and it
becomes a "networking issue".
1. If you have a Firewall that only allow access to certain user accounts
and a non-domain machine tries to gain access it will be denied because the
Domain Account is not being used. This of course is the opposite of your
situation and is likely not to be the problem. It is also rare to have a
firewall that works at this level of detail. The only ones I know of are
all MS products (MS Proxy2, All ISA versions, and the new Forefront TMG).
2. Another possiblity is that the Active Directory DNS cannot resolve the
name to that one site. If Domain Members uses that DNS (and they will) then
they will fail,...but other non-domain machines which [might] possibly use a
differnet DNS may succeed. This is an unlikely situation but is
possible,..it also is not really a domain issue but is loosely related to
the domain due to AD being dependent on using the correct DNS,...so it is a
situaiton as I said where a domain is "indirectly" related.
A possible cause that would be a networking problem (not a domain thing)
would be if putting a machine "on the domain" means moving it to a different
subnet,...and if that subnet is arbitrarily using a Public IP Range [that
they don't own] instead of an RFC Private IP Range then there is almost
certainly going to be an IP Address Conflict.
For example if you built a network segment and abitrarily choose
72.14.207.0/24 your LAN would function fine within itself but would fail to
contact a large portion of locations own by Google.com including the main
Google site of www.google.com.
So this should be enough to indicate that a lot of *detailed* information is
required to solve something as "strange" as this.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
.
- Follow-Ups:
- Re: Domain troubles
- From: Huston
- Re: Domain troubles
- References:
- Re: Domain troubles
- From: Huston
- Re: Domain troubles
- Prev by Date: Re: Cannot Copy File: It is being used by another person or program
- Next by Date: Re: WINS
- Previous by thread: Re: Domain troubles
- Next by thread: Re: Domain troubles
- Index(es):
Relevant Pages
|
