Domain Communication through VPN

[lewis]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

Here is the setup:

Parent Domain Server (win 2000) in corporate office (10.0.1.X network)
Setting up new Child Domain server (win 2003) in remote office (172.16.2.X
network)
Remote office connected to corporate office through VPN (IPSec 3DES)
(Linksys VPN router to Cisco VPN concentrator)


From the remote network server, I can ping the corporate side machines and
DNS resolution is working for all servers throughout the network.

However, domain communications between the child and parent are not
functioning. The application log errors are "cannot bind to ourcompany.org
domain" and "Windows cannot query for the list of group objects".

I tested shares, and it seems that the child server can browse and see the
shares, but when I try to open a share I get "the share is not accessible"
and "the specified network name is no longer available".

Just to test, we put the child server on the same network as the parent,
and all worked perfectly, so at least we know the setup is ok. It just
doesn't communicate properly across the VPN.

I know there is an issue of Netbios across VPN's, but I made sure to setup
Netbios over TCP/IP which should take care of that.

Sniffer traces show traffic coming from and to each server on both sides of
the network, so communication itself is not an issue.

I am missing something else, and I do not know where else to look. Why
would everything else work except inter-domain trust communications?

Any ideas would be greatly appreciated.

Phil

 

[jamie]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

Did you check to see on both domains if you had a trustrelationship setup
between them. Go to active directory domains and trust, and setup a
trustrelationship between the two domains.

"Lewis" wrote:

> Here is the setup:
>
> Parent Domain Server (win 2000) in corporate office (10.0.1.X network)
> Setting up new Child Domain server (win 2003) in remote office (172.16.2.X
> network)
> Remote office connected to corporate office through VPN (IPSec 3DES)
> (Linksys VPN router to Cisco VPN concentrator)
>
>
> From the remote network server, I can ping the corporate side machines and
> DNS resolution is working for all servers throughout the network.
>
> However, domain communications between the child and parent are not
> functioning. The application log errors are "cannot bind to ourcompany.org
> domain" and "Windows cannot query for the list of group objects".
>
> I tested shares, and it seems that the child server can browse and see the
> shares, but when I try to open a share I get "the share is not accessible"
> and "the specified network name is no longer available".
>
> Just to test, we put the child server on the same network as the parent,
> and all worked perfectly, so at least we know the setup is ok. It just
> doesn't communicate properly across the VPN.
>
> I know there is an issue of Netbios across VPN's, but I made sure to setup
> Netbios over TCP/IP which should take care of that.
>
> Sniffer traces show traffic coming from and to each server on both sides of
> the network, so communication itself is not an issue.
>
> I am missing something else, and I do not know where else to look. Why
> would everything else work except inter-domain trust communications?
>
> Any ideas would be greatly appreciated.
>
> Phil
>
>

 

[lewis]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

They have a good trust relationship. The servers communicate fine on
the same side of the network. It's only when I bring it across the VPN
that the problem shows. Only for domain communication. All other
communications are fine.


> Did you check to see on both domains if you had a trustrelationship
> setup between them. Go to active directory domains and trust, and
> setup a trustrelationship between the two domains.
>
> "Lewis" wrote:
>
>> Here is the setup:
>>
>> Parent Domain Server (win 2000) in corporate office (10.0.1.X
>> network) Setting up new Child Domain server (win 2003) in remote
>> office (172.16.2.X network)
>> Remote office connected to corporate office through VPN (IPSec 3DES)
>> (Linksys VPN router to Cisco VPN concentrator)
>>
>>
>> From the remote network server, I can ping the corporate side
>> machines and DNS resolution is working for all servers throughout the
>> network.
>>
>> However, domain communications between the child and parent are not
>> functioning. The application log errors are "cannot bind to
>> ourcompany.org domain" and "Windows cannot query for the list of
>> group objects".
>>
>> I tested shares, and it seems that the child server can browse and
>> see the shares, but when I try to open a share I get "the share is
>> not accessible" and "the specified network name is no longer
>> available".
>>
>> Just to test, we put the child server on the same network as the
>> parent, and all worked perfectly, so at least we know the setup is
>> ok. It just doesn't communicate properly across the VPN.
>>
>> I know there is an issue of Netbios across VPN's, but I made sure to
>> setup Netbios over TCP/IP which should take care of that.
>>
>> Sniffer traces show traffic coming from and to each server on both
>> sides of the network, so communication itself is not an issue.
>>
>> I am missing something else, and I do not know where else to look.
>> Why would everything else work except inter-domain trust
>> communications?
>>
>> Any ideas would be greatly appreciated.
>>
>> Phil
>>
>>
>