Re: Joint 2003 Server to Domain over Checkpoint VPN
- From: Richard@dt <Richarddt@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 4 Apr 2008 06:58:00 -0700
Name rsolution works fine.
I spoke with our firewall people, and they see fragmentation happening on
the vpn, that being the case the DC is proably dropping the fragmented
packets?
"Bill Grant" wrote:
As Anthony said, the first thing to check is that the routing and name.
resolution is working across the link. Do all machines use the DC as their
DNS server? Can you do an nslookup from the branch office for the original
DC at the main office?
Active Directory uses DNS to find a logon server. Are the workstations
in the branch joined to the domain?
"Rich@DT" <RichDT@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4E8B4BD5-123D-450E-990B-0B8FE502C80A@xxxxxxxxxxxxxxxx
Hi Anthony
When we use any resource on the home network, the XP machines get prompted
for a domain login.
Does 2003 use a directed broadcast to find a DC? or does it use DNS to
locate a DC record. I'm wondering if this is a fragmentation problem on
the
VPN. Will do a network capture and let you know.
Richard
"Anthony [MVP]" wrote:
OK, all we know at the moment is that the server can not connect to the
DC.
We need to a) see whether the VPN is working correctly and b) see whether
the server is configured correctly.
-----VPN-----
Is all traffic allowed, or is it filtered?
Do the XP workstations have any similar errors?
Can you do domain operations between the workstations and the DC, like
Manage the computer, remote registry etc.
Can you copy a large file successfully over the VPN?
-------Server Config-------
Is the DNS set up correctly?
Can you ping "dt" and "dt.com"?
Did it join the domain successfully (is it a Ghosted image or is that
just a
coincidence?)?
What error do you get if, from the server, you try to "Manage" the DC or
bring up an Active Directory mmc to connect to the DC? and vice versa?
What OS and Service Pack? If W2K3 SP2, is it this:
http://support.microsoft.com/kb/936594/en-us
Hope that helps,
Anthony
http://www.airdesk.co.uk
"Rich@DT" <RichDT@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:7CBAC8B2-9074-4AFC-A024-176315527BB6@xxxxxxxxxxxxxxxx
Hi Anthony,
Its a site to site vpn, with existing xp clients, apparently joined to
the
domain prior to site deliver. Here are a few example logs from the 2003
Server:
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1053
Date: 02/04/2008
Time: 14:46:58
User: NT AUTHORITY\SYSTEM
Computer: GHOSTPARIS
Description:
Windows cannot determine the user or computer name. (The specified
domain
either does not exist or could not be contacted. ). Group Policy
processing
aborted.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: W32Time
Event Category: None
Event ID: 18
Date: 02/04/2008
Time: 15:06:08
User: N/A
Computer: GHOSTPARIS
Description:
The time provider NtpClient failed to establish a trust relationship
between
this computer and the dt.net domain in order to securely synchronize
time.
NtpClient will try again in 30 minutes. The error was: The trust
relationship
between this workstation and the primary domain failed. (0x800706FD)
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5719
Date: 02/04/2008
Time: 14:28:50
User: N/A
Computer: GHOSTPARIS
Description:
This computer was not able to set up a secure session with a domain
controller in domain DT due to the following:
Not enough storage is available to process this command.
This may lead to authentication problems. Make sure that this computer
is
connected to the network. If the problem persists, please contact your
domain
administrator.
ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it
sets
up
the secure session to the primary domain controller emulator in the
specified
domain. Otherwise, this computer sets up the secure session to any
domain
controller in the specified domain.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 17 00 00 c0 ...À
Best regards
Richard
"Anthony [MVP]" wrote:
Hi Richard,
You have two Checkpoint firewalls making a site to site VPN? Is all
traffic
allowed over the VPN? Do you already have clients at the branch that
are
connected, or is this the first connection? What exactly is the error
you
get? Are you able fully to manage the unjoined server remotely, or
does
anything fail?
Anthony,
http://www.airdesk.co.uk
"Rich@DT" <RichDT@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:FB668867-66D2-48E3-AF7A-429B91BFCE90@xxxxxxxxxxxxxxxx
Hi
I have installed a 2003 Server in a branch office, unfortunately I
am
not
able to join it to domain. I have reviewed many articles, but can
not
find
any work-arounds?
Any help very much appreciated
Richard
- Follow-Ups:
- Re: Joint 2003 Server to Domain over Checkpoint VPN
- From: Anthony [MVP]
- Re: Joint 2003 Server to Domain over Checkpoint VPN
- References:
- Joint 2003 Server to Domain over Checkpoint VPN
- From: Rich@DT
- Re: Joint 2003 Server to Domain over Checkpoint VPN
- From: Anthony [MVP]
- Re: Joint 2003 Server to Domain over Checkpoint VPN
- From: Rich@DT
- Re: Joint 2003 Server to Domain over Checkpoint VPN
- From: Anthony [MVP]
- Re: Joint 2003 Server to Domain over Checkpoint VPN
- From: Rich@DT
- Re: Joint 2003 Server to Domain over Checkpoint VPN
- From: Bill Grant
- Joint 2003 Server to Domain over Checkpoint VPN
- Prev by Date: Blank DNS Suffix Search Order from WMI
- Next by Date: SNMP Binding
- Previous by thread: Re: Joint 2003 Server to Domain over Checkpoint VPN
- Next by thread: Re: Joint 2003 Server to Domain over Checkpoint VPN
- Index(es):
Relevant Pages
|
